-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into devops/add-docker-sec
- Loading branch information
Showing
52 changed files
with
6,818 additions
and
462 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,17 +9,39 @@ jobs: | |
lint_test: | ||
uses: babylonlabs-io/.github/.github/workflows/[email protected] | ||
with: | ||
go-version: '1.23' | ||
go-lint-version: 'v1.60.2' | ||
run-unit-tests: true | ||
run-integration-tests: true | ||
run-lint: true | ||
run-build: true | ||
run-gosec: true | ||
gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil ./..." | ||
gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil -exclude-dir=covenant-signer ./..." | ||
|
||
docker_pipeline: | ||
uses: babylonlabs-io/.github/.github/workflows/[email protected] | ||
secrets: inherit | ||
with: | ||
publish: false | ||
dockerfile: ./Dockerfile | ||
repoName: covenant-emulator | ||
|
||
go_sec_covenant_signer: | ||
runs-on: ubuntu-24.04 | ||
env: | ||
GO111MODULE: on | ||
steps: | ||
- name: Fetch Repository | ||
uses: actions/checkout@v4 | ||
- name: Install Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: '^1.23.x' | ||
check-latest: true | ||
cache: false | ||
- name: Install Gosec | ||
run: go install github.com/securego/gosec/v2/cmd/gosec@latest | ||
- name: Run Gosec (covenant-signer) | ||
working-directory: ./covenant-signer | ||
run: gosec ./... | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,6 +12,8 @@ jobs: | |
lint_test: | ||
uses: babylonlabs-io/.github/.github/workflows/[email protected] | ||
with: | ||
go-version: '1.23' | ||
go-lint-version: 'v1.60.2' | ||
run-unit-tests: true | ||
run-integration-tests: true | ||
run-lint: true | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
FROM golang:1.23.1-alpine as builder | ||
|
||
# Use muslc for static libs | ||
ARG BUILD_TAGS="muslc" | ||
|
||
RUN apk add --no-cache --update openssh git make build-base linux-headers libc-dev \ | ||
pkgconfig zeromq-dev musl-dev alpine-sdk libsodium-dev \ | ||
libzmq-static libsodium-static gcc | ||
|
||
# Build | ||
WORKDIR /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer | ||
# Cache dependencies | ||
COPY go.mod go.sum /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/ | ||
# Copy the rest of the files | ||
COPY ./ /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/ | ||
|
||
RUN CGO_LDFLAGS="$CGO_LDFLAGS -lstdc++ -lm -lsodium" \ | ||
CGO_ENABLED=1 \ | ||
BUILD_TAGS=$BUILD_TAGS \ | ||
LINK_STATICALLY=true \ | ||
make build | ||
|
||
# FINAL IMAGE | ||
FROM alpine:3.16 AS run | ||
|
||
RUN addgroup --gid 1138 -S covenant-signer && adduser --uid 1138 -S covenant-signer -G covenant-signer | ||
|
||
RUN apk add bash curl jq | ||
|
||
COPY --from=builder /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/build/covenant-signer /bin/covenant-signer | ||
|
||
WORKDIR /home/covenant-signer | ||
RUN chown -R covenant-signer /home/covenant-signer | ||
USER covenant-signer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
DOCKER = $(shell which docker) | ||
BUILDDIR ?= $(CURDIR)/build | ||
|
||
PACKAGES_E2E=$(shell go list ./... | grep '/itest') | ||
|
||
ldflags := $(LDFLAGS) | ||
build_tags := $(BUILD_TAGS) | ||
build_args := $(BUILD_ARGS) | ||
|
||
ifeq ($(VERBOSE),true) | ||
build_args += -v | ||
endif | ||
|
||
ifeq ($(LINK_STATICALLY),true) | ||
ldflags += -linkmode=external -extldflags "-Wl,-z,muldefs -static" -v | ||
endif | ||
|
||
BUILD_TARGETS := build install | ||
BUILD_FLAGS := --tags "$(build_tags)" --ldflags '$(ldflags)' | ||
|
||
all: build install | ||
|
||
build: BUILD_ARGS := $(build_args) -o $(BUILDDIR) | ||
|
||
$(BUILD_TARGETS): go.sum $(BUILDDIR)/ | ||
go $@ -mod=readonly $(BUILD_FLAGS) $(BUILD_ARGS) ./... | ||
|
||
$(BUILDDIR)/: | ||
mkdir -p $(BUILDDIR)/ | ||
|
||
build-docker: | ||
$(DOCKER) build --tag babylonlabs-io/covenant-signer -f Dockerfile \ | ||
$(shell git rev-parse --show-toplevel) | ||
|
||
.PHONY: build build-docker install tests | ||
|
||
test: | ||
go test ./... | ||
|
||
test-e2e: | ||
go test -mod=readonly -timeout=25m -v $(PACKAGES_E2E) -count=1 --tags=e2e |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/config" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
func init() { | ||
rootCmd.AddCommand(dumpCfgCmd) | ||
} | ||
|
||
var dumpCfgCmd = &cobra.Command{ | ||
Use: "dump-cfg", | ||
Short: "dumps default configuration file", | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
path, err := cmd.Flags().GetString(configPathKey) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
err = config.WriteConfigToFile(path, config.DefaultConfig()) | ||
|
||
if err != nil { | ||
return err | ||
} | ||
|
||
fmt.Printf("Default configuration file dumped to: %s \n", path) | ||
return nil | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package cmd | ||
|
||
import ( | ||
"path/filepath" | ||
|
||
"github.com/btcsuite/btcd/btcutil" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
var ( | ||
// Used for flags. | ||
configPath string | ||
configPathKey = "config" | ||
|
||
rootCmd = &cobra.Command{ | ||
Use: "covenant-signer", | ||
Short: "remote signing serivce to perform covenant duties", | ||
} | ||
|
||
// C:\Users\<username>\AppData\Local\signer on Windows | ||
// ~/.signer on Linux | ||
// ~/Library/Application Support/signer on MacOS | ||
dafaultConfigDir = btcutil.AppDataDir("signer", false) | ||
dafaultConfigPath = filepath.Join(dafaultConfigDir, "config.toml") | ||
) | ||
|
||
// Execute executes the root command. | ||
func Execute() error { | ||
return rootCmd.Execute() | ||
} | ||
|
||
func init() { | ||
rootCmd.PersistentFlags().StringVar( | ||
&configPath, | ||
configPathKey, | ||
dafaultConfigPath, | ||
"path to the configuration file", | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/spf13/cobra" | ||
|
||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/config" | ||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/keystore/cosmos" | ||
m "github.com/babylonlabs-io/covenant-emulator/covenant-signer/observability/metrics" | ||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/signerapp" | ||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/signerservice" | ||
) | ||
|
||
func init() { | ||
rootCmd.AddCommand(runSignerCmd) | ||
} | ||
|
||
var runSignerCmd = &cobra.Command{ | ||
Use: "start", | ||
Short: "starts the signer service", | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
configPath, err := cmd.Flags().GetString(configPathKey) | ||
if err != nil { | ||
return err | ||
} | ||
cfg, err := config.GetConfig(configPath) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
parsedConfig, err := cfg.Parse() | ||
|
||
if err != nil { | ||
return err | ||
} | ||
|
||
var prk signerapp.PrivKeyRetriever | ||
if parsedConfig.KeyStoreConfig.KeyStoreType == config.CosmosKeyStore { | ||
kr, err := cosmos.NewCosmosKeyringRetriever(parsedConfig.KeyStoreConfig.CosmosKeyStore) | ||
if err != nil { | ||
return err | ||
} | ||
prk = kr | ||
} else { | ||
return fmt.Errorf("unknown key store type") | ||
} | ||
|
||
app := signerapp.NewSignerApp( | ||
prk, | ||
) | ||
|
||
metrics := m.NewCovenantSignerMetrics() | ||
|
||
srv, err := signerservice.New( | ||
cmd.Context(), | ||
parsedConfig, | ||
app, | ||
metrics, | ||
) | ||
|
||
if err != nil { | ||
return err | ||
} | ||
|
||
metricsAddress := fmt.Sprintf("%s:%d", cfg.Metrics.Host, cfg.Metrics.Port) | ||
|
||
m.Start(metricsAddress, metrics.Registry) | ||
|
||
// TODO: Add signal handling and gracefull shutdown | ||
return srv.Start() | ||
}, | ||
} |
Oops, something went wrong.