Merge pull request #1237 from gohornet/develop

Release v1.1.0

.github/dependabot.yml

@@ -0,0 +1,15 @@
+
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "develop"
+  - package-ecosystem: "npm"
+    directory: "/documentation"
+    schedule:
+      interval: "daily"
+    target-branch: "develop"

.github/workflows/codeql_analysis.yml

@@ -1,32 +1,41 @@
+
 name: "CodeQL"
 
 on:
-  # Run this security check every day at 03:00 to find potential new vulnerabilities in the default branch
+  # Run this security check every day at 03:00 to find potential new vulnerabilities in the develop branch
   schedule:
     - cron: "0 3 * * *"
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
         with:
-          # We must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
+          ref: develop
 
+      # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v1
         with:
-          languages: go
+          languages: ${{ matrix.language }}
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v1

.github/workflows/release.yml

@@ -9,7 +9,7 @@ jobs:
     name: Release Binaries
     runs-on: ubuntu-latest
     container:
-      image: gohornet/goreleaser-cgo-cross-compiler:1.16.7
+      image: gohornet/goreleaser-cgo-cross-compiler:1.17.3
       volumes: [/repo]
     steps:
       - name: Check out code into the Go module directory
@@ -19,6 +19,10 @@ jobs:
         run: goreleaser --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }}
+          TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }}
+          TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
+          TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
 
   docker:
     name: Release Docker

.github/workflows/snyk-test-golang.yml

@@ -1,19 +1,19 @@
 name: Test Golang dependencies with Snyk
 
 on:
-  pull_request:
-    paths-ignore:
-      - 'documentation/**'
+  # Run this check every day at 03:00 to find potential new vulnerabilities in the develop branch
+  schedule:
+    - cron: "0 3 * * *"
 
 jobs:
-  security:
-    # Only run on push events or PRs from gohornet/hornet, skip on PRs from forks
-    # Secret variables cannot be exposed to PRs from forks
-    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
+  snyk-test:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
+        with:
+          ref: develop
+
       - name: Run Snyk to check for vulnerabilities
         uses: snyk/actions/[email protected]
         env:

.github/workflows/test_HORNET.yml

@@ -30,4 +30,4 @@ jobs:
         with:
           timeout_minutes: 5
           max_attempts: 3
-          command: go test `go list ./... | grep -v -e integration-tests -e testsuite -e whiteflag`
+          command: go test `go list ./... | grep -v -e integration-tests`

.github/workflows/test_release.yml

@@ -3,14 +3,14 @@ name: Test release
 on:
   pull_request:
     paths-ignore:
-      - 'documentation/**'
+      - "documentation/**"
 
 jobs:
   Release:
     name: Test release
     runs-on: [ubuntu-latest]
     container:
-      image: gohornet/goreleaser-cgo-cross-compiler:1.16.7
+      image: gohornet/goreleaser-cgo-cross-compiler:1.17.3
       volumes: [/repo]
 
     steps:

.goreleaser.yml

@@ -72,9 +72,19 @@ archives:
       - README.md
       - LICENSE
       - config.json
+      - config_devnet.json
       - config_comnet.json
       - peering.json
       - profiles.json
+      - private_tangle/config_private_tangle.json
+      - private_tangle/create_snapshot_private_tangle.sh
+      - private_tangle/migration_bootstrap.sh
+      - private_tangle/private_tangle_keys.md
+      - private_tangle/run_2nd.sh
+      - private_tangle/run_3rd.sh
+      - private_tangle/run_4th.sh
+      - private_tangle/run_coo_bootstrap.sh
+      - private_tangle/run_coo.sh
 
 # DEB and RPM packages
 nfpms:
@@ -98,6 +108,10 @@ nfpms:
         dst: "/var/lib/hornet/config.json"
         type: config
 
+      - src: "config_devnet.json"
+        dst: "/var/lib/hornet/config_devnet.json"
+        type: config
+
       - src: "config_comnet.json"
         dst: "/var/lib/hornet/config_comnet.json"
         type: config
@@ -174,6 +188,11 @@ snapshot:
 changelog:
   skip: true
 
+announce:
+  twitter:
+    enabled: true
+    message_template: "{{.ProjectName}}-{{.Version}} is out! Find all details at {{ .ReleaseURL }}! #IOTA #HORNET"
+
 # Release
 release:
   prerelease: auto

CHANGELOG.md

@@ -2,6 +2,115 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.1.0] - 10.12.2021
+
+### Added
+    - Add participation plugin (#1204, #1207, #1208, #1209, #1210, #1212, #1215, #1218, #1221, #1231, #1232, #1233, 1234)
+    - Add participation-cli tool (#1206, #1219)
+    - Add rocksdb static binaries for macOS (#1192)
+    - Add config_devnet.json (#1183)
+    - Add snap-hash tool to calculate the ledger state hash of a snapshot (#1184)
+    - Add db-hash tool to calculate the ledger state hash of a database (#1184)
+    - Add coo-fix-state tool (#1185)
+    - Add p2pstore to docker docs (#1177)
+
+### Changed
+    - Refactor the JWT auth for the API (#1191)
+    - Separate UTXO database (#1201, #1205)
+    - Only accept bech32 addresses with the correct prefix in the rest API (#1197)
+    - Use target milestone timestamp for snapshots timestamps (#1184)
+    - Expose the enabled HTTP plugins (Faucet, Debug, Participation) as features in the info endpoint (#1208)
+    - Change MQTT topic subscription log to debug level (#1195)
+    - Add JSON output to some of the tools (#1199)
+
+### Fixed
+    - Optimize RocksDB level compaction (#1223)
+    - Improve search missing milestones (#1196) 
+    - Ignore autopeering peers in unknownPeersLimit (#1227)
+    - Include autopeered and unknown peers in connected count of heartbeat messages (#1179)
+    - Fix/faucet conflicting tx (#1222, #1235)
+    - Fix warpsync milestone deadlock (re-verify known milestone payloads) (#1186)
+    - Use integer instead of strings for ulimits in docker-compose file
+    - Fix mqtt port in private tangle scripts (#1186)
+
+### Removed
+    - Remove config_chrysalis_testnet.json (#1183)
+    - Remove powsrv.io integration (#1229) 
+
+### Chore
+    - Updated dependencies and Go 1.17 (#1193)
+    - Updated cross compiler to latest version (#1224)
+    - Updated deps to latest versions (#1192, #1217, #1182, #1225)
+
+### Cleanups
+    - Use contexts to cancel instead of signal channels (#1195, #1198)
+    - Rename Snapshot to SnapshotManager (#1184)
+    - Rename UTXO to to UTXOManager (#1184)
+    - Rename Manager to to PeeringManager (#1184)
+    - Rename Service to GossipService (#1184)
+    - Move autopeering logic to AutopeeringManager (#1178)
+    - Move sync status logic to SyncManager (#1184)
+    - Move DatabaseSize function from storage to database  (#1184)
+    - Move Milestone validation logic to MilestoneManager (#1184)
+    - Refactor snapshot package (#1184)
+    - Add WrappedLogger (#1228)
+
+### Workflows
+    - Run snyk test in a schedule instead on every PR (#1200)
+    - Updated CodeQL workflow according to generator from github (#1194)
+    - Enable Dependabot (#1194)
+    - Added twitter bot notification on release (#1216)
+
+### Config file changes
+
+`config.json`
+```diff
+    "jwtAuth": {
+-      "enabled": false,
+      "salt": "HORNET"
+    },
+-    "excludeHealthCheckFromAuth": false,
+-    "permittedRoutes": [
++    "publicRoutes": [
+      "/health",
+      "/mqtt",
+      "/api/v1/info",
+      "/api/v1/tips",
+-      "/api/v1/messages/:messageID",
+-      "/api/v1/messages/:messageID/metadata",
+-      "/api/v1/messages/:messageID/raw",
+-      "/api/v1/messages/:messageID/children",
+-      "/api/v1/messages",
++      "/api/v1/messages*",
+-      "/api/v1/transactions/:transactionID/included-message",
++      "/api/v1/transactions*",
+-      "/api/v1/milestones/:milestoneIndex",
+-      "/api/v1/milestones/:milestoneIndex/utxo-changes",
++      "/api/v1/milestones*",
+-      "/api/v1/outputs/:outputID",
++      "/api/v1/outputs*",
+-      "/api/v1/addresses/:address",
+-      "/api/v1/addresses/:address/outputs",
+-      "/api/v1/addresses/ed25519/:address",
+-      "/api/v1/addresses/ed25519/:address/outputs",
++      "/api/v1/addresses*",
+      "/api/v1/treasury"
++      "/api/v1/receipts*",
++      "/api/plugins/faucet/*",
++      "/api/plugins/participation/events*",
++      "/api/plugins/participation/outputs*",
++      "/api/plugins/participation/addresses*"
+    ],
++    "protectedRoutes": [
++      "/api/v1/*",
++      "/api/plugins/*"
++    ],
+-    "whitelistedAddresses": [
+-      "127.0.0.1",
+-      "::1"
+-    ],
+```
+
 ## [1.0.5] - 02.09.2021
 
 ### Added

README.md

@@ -5,7 +5,15 @@
 <p><img src="https://raw.githubusercontent.com/gohornet/logo/master/HORNET_logo.svg?sanitize=true"></p>
 
 HORNET is a powerful, community driven IOTA fullnode software written in Go.
-It is easy to install and runs on low-end devices like the Raspberry Pi 4.
+It is easy to install and maintain.
+
+---
+
+In this repository you will find the following branches:
+
+- `develop`: default branch where all development will get merged to. This represents the next iteration of the node.
+- `shimmer`: this branch contains the latest released code targeted for the [shimmer network](https://shimmer.network)
+- `mainnet`: this branch contains the latest released code targeted for the [IOTA mainnet](https://iota.org)
 
 ---