From 887ae94efb4db62a6917f6d755bb9e9b7a3113b3 Mon Sep 17 00:00:00 2001 From: Nikolay Vlasov Date: Fri, 24 Jan 2025 17:15:16 +1100 Subject: [PATCH 1/8] Git. Add semgrep workflow Git. Add semgrep workflow --- .github/workflows/semgrep.yaml | 56 ++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/semgrep.yaml diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml new file mode 100644 index 00000000..715a5bbd --- /dev/null +++ b/.github/workflows/semgrep.yaml @@ -0,0 +1,56 @@ +# Name of this GitHub Actions workflow. +name: Semgrep + +on: + # Scan changed files in PRs (diff-aware scanning): + pull_request: + branches: ["main"] + # Scan on-demand through GitHub Actions interface: + workflow_dispatch: {} + # Scan mainline branches and report all findings: + push: + branches: ["main"] + +jobs: + semgrep_scan: + # User definable name of this GitHub Actions job. + name: semgrep/ci + # If you are self-hosting, change the following `runs-on` value: + runs-on: ubuntu-latest + container: + # A Docker image with Semgrep installed. Do not change this. + image: returntocorp/semgrep + # Skip any PR created by dependabot to avoid permission issues: + if: (github.actor != 'dependabot[bot]') + permissions: + # required for all workflows + security-events: write + # only required for workflows in private repositories + actions: read + contents: read + + steps: + # Fetch project source with GitHub Actions Checkout. + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Perform Semgrep Analysis + # @NOTE: This is the actual semgrep command to scan your code. + # Modify the --config option to 'r/all' to scan using all rules, + # or use multiple flags to specify particular rules, such as + # --config r/all --config custom/rules + run: semgrep scan -q --sarif --config auto ./vulnerable-source-code > semgrep-results.sarif + + # upload the results for the CodeQL GitHub app to annotate the code + - name: Save SARIF results as artifact + uses: actions/upload-artifact@v3 + with: + name: semgrep-scan-results + path: semgrep-results.sarif + + # Upload SARIF file generated in previous step + - name: Upload SARIF result to the GitHub Security Dashboard + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: semgrep-results.sarif + if: always() \ No newline at end of file From ddad9d0bc76f796482d7fdf7270629ded29c14c9 Mon Sep 17 00:00:00 2001 From: Nikolay Vlasov Date: Fri, 24 Jan 2025 17:21:53 +1100 Subject: [PATCH 2/8] Git. Fixed bug in segrep workflow --- .github/workflows/semgrep.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml index 715a5bbd..51922ce7 100644 --- a/.github/workflows/semgrep.yaml +++ b/.github/workflows/semgrep.yaml @@ -39,7 +39,7 @@ jobs: # Modify the --config option to 'r/all' to scan using all rules, # or use multiple flags to specify particular rules, such as # --config r/all --config custom/rules - run: semgrep scan -q --sarif --config auto ./vulnerable-source-code > semgrep-results.sarif + run: semgrep scan -q --sarif --config auto > semgrep-results.sarif # upload the results for the CodeQL GitHub app to annotate the code - name: Save SARIF results as artifact From 1a8c7661e755c34e38e2ffbc10bbc2e4c1e0841b Mon Sep 17 00:00:00 2001 From: Nikolay Vlasov Date: Fri, 24 Jan 2025 17:35:49 +1100 Subject: [PATCH 3/8] Git. Updared SARIF action verion for semgrep --- .github/workflows/semgrep.yaml | 2 +- .gitignore | 2 + lib/sui/package-lock.json | 424 --------------------------------- 3 files changed, 3 insertions(+), 425 deletions(-) delete mode 100644 lib/sui/package-lock.json diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml index 51922ce7..ff49de96 100644 --- a/.github/workflows/semgrep.yaml +++ b/.github/workflows/semgrep.yaml @@ -43,7 +43,7 @@ jobs: # upload the results for the CodeQL GitHub app to annotate the code - name: Save SARIF results as artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: semgrep-scan-results path: semgrep-results.sarif diff --git a/.gitignore b/.gitignore index 82075dea..08262d90 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,8 @@ !jest.config.js *.d.ts node_modules +!lib/**/package-lock.json +lib/**/foo.bar # CDK asset staging directory .cdk.staging diff --git a/lib/sui/package-lock.json b/lib/sui/package-lock.json deleted file mode 100644 index 796a6ee0..00000000 --- a/lib/sui/package-lock.json +++ /dev/null @@ -1,424 +0,0 @@ -{ - "name": "aws-blockchain-node-runners-sui", - "version": "0.1.0", - "lockfileVersion": 3, - "requires": true, - "packages": { - "": { - "name": "aws-blockchain-node-runners-sui", - "version": "0.1.0", - "dependencies": { - "aws-cdk-lib": "^2.148.0", - "cdk-nag": "^2.28.157", - "dotenv": "^16.4.5" - }, - "bin": { - "sui": "app.ts" - }, - "devDependencies": { - "@types/node": "^20.14.10" - } - }, - "node_modules/@aws-cdk/asset-awscli-v1": { - "version": "2.2.202", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.202.tgz", - "integrity": "sha512-JqlF0D4+EVugnG5dAsNZMqhu3HW7ehOXm5SDMxMbXNDMdsF0pxtQKNHRl52z1U9igsHmaFpUgSGjbhAJ+0JONg==" - }, - "node_modules/@aws-cdk/asset-kubectl-v20": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-kubectl-v20/-/asset-kubectl-v20-2.1.2.tgz", - "integrity": "sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg==" - }, - "node_modules/@aws-cdk/asset-node-proxy-agent-v6": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz", - "integrity": "sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg==" - }, - "node_modules/@types/node": { - "version": "20.14.10", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.10.tgz", - "integrity": "sha512-MdiXf+nDuMvY0gJKxyfZ7/6UFsETO7mGKF54MVD/ekJS6HdFtpZFBgrh6Pseu64XTb2MLyFPlbW6hj8HYRQNOQ==", - "dev": true, - "dependencies": { - "undici-types": "~5.26.4" - } - }, - "node_modules/aws-cdk-lib": { - "version": "2.148.0", - "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.148.0.tgz", - "integrity": "sha512-Pa0pyIHlhnsqtMkPJS3tnptYhoOSNDOgoFurNB4Qfa0vnAkjYQ+JKQkR1tNNr8+UtO9jUfXRklQgjEqlFlrgBA==", - "bundleDependencies": [ - "@balena/dockerignore", - "case", - "fs-extra", - "ignore", - "jsonschema", - "minimatch", - "punycode", - "semver", - "table", - "yaml", - "mime-types" - ], - "dependencies": { - "@aws-cdk/asset-awscli-v1": "^2.2.202", - "@aws-cdk/asset-kubectl-v20": "^2.1.2", - "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.3", - "@balena/dockerignore": "^1.0.2", - "case": "1.6.3", - "fs-extra": "^11.2.0", - "ignore": "^5.3.1", - "jsonschema": "^1.4.1", - "mime-types": "^2.1.35", - "minimatch": "^3.1.2", - "punycode": "^2.3.1", - "semver": "^7.6.2", - "table": "^6.8.2", - "yaml": "1.10.2" - }, - "engines": { - "node": ">= 14.15.0" - }, - "peerDependencies": { - "constructs": "^10.0.0" - } - }, - "node_modules/aws-cdk-lib/node_modules/@balena/dockerignore": { - "version": "1.0.2", - "inBundle": true, - "license": "Apache-2.0" - }, - "node_modules/aws-cdk-lib/node_modules/ajv": { - "version": "8.16.0", - "inBundle": true, - "license": "MIT", - "dependencies": { - "fast-deep-equal": "^3.1.3", - "json-schema-traverse": "^1.0.0", - "require-from-string": "^2.0.2", - "uri-js": "^4.4.1" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/epoberezkin" - } - }, - "node_modules/aws-cdk-lib/node_modules/ansi-regex": { - "version": "5.0.1", - "inBundle": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/aws-cdk-lib/node_modules/ansi-styles": { - "version": "4.3.0", - "inBundle": true, - "license": "MIT", - "dependencies": { - "color-convert": "^2.0.1" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/aws-cdk-lib/node_modules/astral-regex": { - "version": "2.0.0", - "inBundle": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/aws-cdk-lib/node_modules/balanced-match": { - "version": "1.0.2", - "inBundle": true, - "license": "MIT" - }, - "node_modules/aws-cdk-lib/node_modules/brace-expansion": { - "version": "1.1.11", - "inBundle": true, - "license": "MIT", - "dependencies": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, - "node_modules/aws-cdk-lib/node_modules/case": { - "version": "1.6.3", - "inBundle": true, - "license": "(MIT OR GPL-3.0-or-later)", - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/aws-cdk-lib/node_modules/color-convert": { - "version": "2.0.1", - "inBundle": true, - "license": "MIT", - "dependencies": { - "color-name": "~1.1.4" - }, - "engines": { - "node": ">=7.0.0" - } - }, - "node_modules/aws-cdk-lib/node_modules/color-name": { - "version": "1.1.4", - "inBundle": true, - "license": "MIT" - }, - "node_modules/aws-cdk-lib/node_modules/concat-map": { - "version": "0.0.1", - "inBundle": true, - "license": "MIT" - }, - "node_modules/aws-cdk-lib/node_modules/emoji-regex": { - "version": "8.0.0", - "inBundle": true, - "license": "MIT" - }, - "node_modules/aws-cdk-lib/node_modules/fast-deep-equal": { - "version": "3.1.3", - "inBundle": true, - "license": "MIT" - }, - "node_modules/aws-cdk-lib/node_modules/fs-extra": { - "version": "11.2.0", - "inBundle": true, - "license": "MIT", - "dependencies": { - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - }, - "engines": { - "node": ">=14.14" - } - }, - "node_modules/aws-cdk-lib/node_modules/graceful-fs": { - "version": "4.2.11", - "inBundle": true, - "license": "ISC" - }, - "node_modules/aws-cdk-lib/node_modules/ignore": { - "version": "5.3.1", - "inBundle": true, - "license": "MIT", - "engines": { - "node": ">= 4" - } - }, - "node_modules/aws-cdk-lib/node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "inBundle": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, - "node_modules/aws-cdk-lib/node_modules/json-schema-traverse": { - "version": "1.0.0", - "inBundle": true, - "license": "MIT" - }, - "node_modules/aws-cdk-lib/node_modules/jsonfile": { - "version": "6.1.0", - "inBundle": true, - "license": "MIT", - "dependencies": { - "universalify": "^2.0.0" - }, - "optionalDependencies": { - "graceful-fs": "^4.1.6" - } - }, - "node_modules/aws-cdk-lib/node_modules/jsonschema": { - "version": "1.4.1", - "inBundle": true, - "license": "MIT", - "engines": { - "node": "*" - } - }, - "node_modules/aws-cdk-lib/node_modules/lodash.truncate": { - "version": "4.4.2", - "inBundle": true, - "license": "MIT" - }, - "node_modules/aws-cdk-lib/node_modules/mime-db": { - "version": "1.52.0", - "inBundle": true, - "license": "MIT", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/aws-cdk-lib/node_modules/mime-types": { - "version": "2.1.35", - "inBundle": true, - "license": "MIT", - "dependencies": { - "mime-db": "1.52.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/aws-cdk-lib/node_modules/minimatch": { - "version": "3.1.2", - "inBundle": true, - "license": "ISC", - "dependencies": { - "brace-expansion": "^1.1.7" - }, - "engines": { - "node": "*" - } - }, - "node_modules/aws-cdk-lib/node_modules/punycode": { - "version": "2.3.1", - "inBundle": true, - "license": "MIT", - "engines": { - "node": ">=6" - } - }, - "node_modules/aws-cdk-lib/node_modules/require-from-string": { - "version": "2.0.2", - "inBundle": true, - "license": "MIT", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/aws-cdk-lib/node_modules/semver": { - "version": "7.6.2", - "inBundle": true, - "license": "ISC", - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/aws-cdk-lib/node_modules/slice-ansi": { - "version": "4.0.0", - "inBundle": true, - "license": "MIT", - "dependencies": { - "ansi-styles": "^4.0.0", - "astral-regex": "^2.0.0", - "is-fullwidth-code-point": "^3.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/slice-ansi?sponsor=1" - } - }, - "node_modules/aws-cdk-lib/node_modules/string-width": { - "version": "4.2.3", - "inBundle": true, - "license": "MIT", - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/aws-cdk-lib/node_modules/strip-ansi": { - "version": "6.0.1", - "inBundle": true, - "license": "MIT", - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/aws-cdk-lib/node_modules/table": { - "version": "6.8.2", - "inBundle": true, - "license": "BSD-3-Clause", - "dependencies": { - "ajv": "^8.0.1", - "lodash.truncate": "^4.4.2", - "slice-ansi": "^4.0.0", - "string-width": "^4.2.3", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=10.0.0" - } - }, - "node_modules/aws-cdk-lib/node_modules/universalify": { - "version": "2.0.1", - "inBundle": true, - "license": "MIT", - "engines": { - "node": ">= 10.0.0" - } - }, - "node_modules/aws-cdk-lib/node_modules/uri-js": { - "version": "4.4.1", - "inBundle": true, - "license": "BSD-2-Clause", - "dependencies": { - "punycode": "^2.1.0" - } - }, - "node_modules/aws-cdk-lib/node_modules/yaml": { - "version": "1.10.2", - "inBundle": true, - "license": "ISC", - "engines": { - "node": ">= 6" - } - }, - "node_modules/cdk-nag": { - "version": "2.28.157", - "resolved": "https://registry.npmjs.org/cdk-nag/-/cdk-nag-2.28.157.tgz", - "integrity": "sha512-5nwOEq5bXMl1Hfe4ig1JNtECVM2jt6ISO8kZq5eq6YflLp2YLrhkAoDWSdyEDDo0l30uDLGSl9sxxkdR39l5gQ==", - "peerDependencies": { - "aws-cdk-lib": "^2.116.0", - "constructs": "^10.0.5" - } - }, - "node_modules/constructs": { - "version": "10.3.0", - "resolved": "https://registry.npmjs.org/constructs/-/constructs-10.3.0.tgz", - "integrity": "sha512-vbK8i3rIb/xwZxSpTjz3SagHn1qq9BChLEfy5Hf6fB3/2eFbrwt2n9kHwQcS0CPTRBesreeAcsJfMq2229FnbQ==", - "peer": true, - "engines": { - "node": ">= 16.14.0" - } - }, - "node_modules/dotenv": { - "version": "16.4.5", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", - "integrity": "sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://dotenvx.com" - } - }, - "node_modules/undici-types": { - "version": "5.26.5", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", - "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==", - "dev": true - } - } -} From d55f508b6c8df5b0f906f0dda5d58cb5d382c06d Mon Sep 17 00:00:00 2001 From: Nikolay Vlasov Date: Fri, 24 Jan 2025 17:49:47 +1100 Subject: [PATCH 4/8] Git. Added permissions to github actions where missing --- .github/workflows/blueprints-unit-tests.yml | 3 +++ .github/workflows/website-deploy.yaml | 5 +++++ .github/workflows/website-test-deploy.yml | 3 +++ 3 files changed, 11 insertions(+) diff --git a/.github/workflows/blueprints-unit-tests.yml b/.github/workflows/blueprints-unit-tests.yml index 64249b35..598e1f67 100644 --- a/.github/workflows/blueprints-unit-tests.yml +++ b/.github/workflows/blueprints-unit-tests.yml @@ -9,6 +9,9 @@ jobs: blueprints-cdk-tests: name: Run CDK tests for all blueprints runs-on: ubuntu-latest + permissions: + actions: read + contents: read defaults: run: shell: bash diff --git a/.github/workflows/website-deploy.yaml b/.github/workflows/website-deploy.yaml index 58c7a17e..a6dcde9f 100644 --- a/.github/workflows/website-deploy.yaml +++ b/.github/workflows/website-deploy.yaml @@ -11,6 +11,11 @@ jobs: deploy: name: Deploy to GitHub Pages runs-on: ubuntu-latest + permissions: + pages: write + # only required for workflows in private repositories + actions: read + contents: read defaults: run: shell: bash diff --git a/.github/workflows/website-test-deploy.yml b/.github/workflows/website-test-deploy.yml index 786c6519..91ab9092 100644 --- a/.github/workflows/website-test-deploy.yml +++ b/.github/workflows/website-test-deploy.yml @@ -9,6 +9,9 @@ jobs: test-deploy: name: Test deployment runs-on: ubuntu-latest + permissions: + actions: read + contents: read defaults: run: shell: bash From 4a7b4eb47bbfe55b55ec1cb7f370700e7b45a1be Mon Sep 17 00:00:00 2001 From: Nikolay Vlasov Date: Fri, 24 Jan 2025 18:01:55 +1100 Subject: [PATCH 5/8] Git. Add pre-comit as github action --- .github/workflows/pre-commit.yml | 16 ++++++++++++++++ .github/workflows/semgrep.yaml | 2 +- .gitignore | 2 +- .vscode/settings.json | 2 +- lib/base/README.md | 4 ++-- lib/base/app.ts | 2 +- lib/besu-private/README.md | 2 +- lib/ethereum/README.md | 2 +- lib/solana/lib/assets/instance/cfn-hup/setup.sh | 4 ++-- lib/solana/lib/assets/instance/storage/setup.sh | 6 +++--- .../storage/update-cloudwatch-dashboard.sh | 2 +- lib/solana/lib/assets/node/build-binaries.sh | 2 +- lib/solana/lib/assets/node/node.service | 2 +- lib/solana/lib/assets/node/setup.sh | 2 +- lib/solana/lib/assets/sync-checker/setup.sh | 2 +- .../lib/assets/sync-checker/sync-checker.service | 2 +- .../lib/assets/sync-checker/sync-checker.timer | 2 +- lib/solana/lib/constructs/node-cw-dashboard.ts | 2 +- scripts/run-all-cdk-tests.sh | 2 +- 19 files changed, 38 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/pre-commit.yml diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml new file mode 100644 index 00000000..b392a286 --- /dev/null +++ b/.github/workflows/pre-commit.yml @@ -0,0 +1,16 @@ +name: pre-commit + +on: + pull_request: + branches: ["main"] + +jobs: + pre-commit: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v3 + - uses: pre-commit/action@v3.0.1 \ No newline at end of file diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml index ff49de96..f730562a 100644 --- a/.github/workflows/semgrep.yaml +++ b/.github/workflows/semgrep.yaml @@ -53,4 +53,4 @@ jobs: uses: github/codeql-action/upload-sarif@v2 with: sarif_file: semgrep-results.sarif - if: always() \ No newline at end of file + if: always() diff --git a/.gitignore b/.gitignore index 08262d90..46ce6cd2 100644 --- a/.gitignore +++ b/.gitignore @@ -37,4 +37,4 @@ ha-nodes-deploy*.json *.OLD .env .idea -.vscode \ No newline at end of file +.vscode diff --git a/.vscode/settings.json b/.vscode/settings.json index a71108d9..f8ab17bd 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,4 +3,4 @@ "bcuser", "usermod" ] -} \ No newline at end of file +} diff --git a/lib/base/README.md b/lib/base/README.md index aa2869c0..440ab484 100644 --- a/lib/base/README.md +++ b/lib/base/README.md @@ -208,7 +208,7 @@ We currently don't recommend running **archive** nodes in HA setup, because it t ::: ### Monitoring -Every 5 minutes a script on the deployed node publishes to CloudWatch service the metrics for current block for L1/L2 clients as well as blocks behind metric for L1 and minutes behind for L2. When the node is fully synced the blocks behind metric should get to 4 and minutes behind should get down to 0. +Every 5 minutes a script on the deployed node publishes to CloudWatch service the metrics for current block for L1/L2 clients as well as blocks behind metric for L1 and minutes behind for L2. When the node is fully synced the blocks behind metric should get to 4 and minutes behind should get down to 0. - To see the metrics for **single node only**: - Navigate to CloudWatch service (make sure you are in the region you have specified for AWS_REGION) @@ -291,4 +291,4 @@ sudo su bcuser ``` 4. Where to find the key Base client directories? - - The data directory is `/data` \ No newline at end of file + - The data directory is `/data` diff --git a/lib/base/app.ts b/lib/base/app.ts index adfc05c9..f0e95baf 100644 --- a/lib/base/app.ts +++ b/lib/base/app.ts @@ -57,4 +57,4 @@ cdk.Aspects.of(app).add( reports: true, logIgnores: false, }) -); \ No newline at end of file +); diff --git a/lib/besu-private/README.md b/lib/besu-private/README.md index cb73809f..e3d31bcf 100644 --- a/lib/besu-private/README.md +++ b/lib/besu-private/README.md @@ -6,7 +6,7 @@ This blueprint deploys a ready-to-test private blockchain network powered by [Hyperledger Besu](https://github.com/hyperledger/besu/) with [IBFT consensus](https://arxiv.org/abs/2002.03613). It is accessible by applications via [AWS PrivateLink](https://aws.amazon.com/privatelink/) and [Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html) (NLB). -High-level features include: +High-level features include: - Automated blockchain node recovery based on deep health check. - Automated key management after initial setup. - Deployment of software changes without downtime. diff --git a/lib/ethereum/README.md b/lib/ethereum/README.md index f7f8e782..1657b618 100644 --- a/lib/ethereum/README.md +++ b/lib/ethereum/README.md @@ -303,7 +303,7 @@ The result should be like this (the actual balance might change): ### Clearing up and undeploying everything 1. Destroy RPC Nodes, Sync Nodes and Common components - + ```bash # Setting the AWS account id and region in case local .env file is lost export AWS_ACCOUNT_ID= diff --git a/lib/solana/lib/assets/instance/cfn-hup/setup.sh b/lib/solana/lib/assets/instance/cfn-hup/setup.sh index a5f7a715..418811e4 100755 --- a/lib/solana/lib/assets/instance/cfn-hup/setup.sh +++ b/lib/solana/lib/assets/instance/cfn-hup/setup.sh @@ -27,7 +27,7 @@ fi sed -i "s;__AWS_STACK_ID__;\"$STACK_ID\";g" /etc/cfn/cfn-hup.conf sed -i "s;__AWS_REGION__;\"$AWS_REGION\";g" /etc/cfn/cfn-hup.conf - mkdir -p /etc/cfn/hooks.d/system + mkdir -p /etc/cfn/hooks.d/system mv /opt/instance/cfn-hup/cfn-auto-reloader.conf /etc/cfn/hooks.d/cfn-auto-reloader.conf sed -i "s;__AWS_STACK_NAME__;\"$STACK_NAME\";g" /etc/cfn/hooks.d/cfn-auto-reloader.conf sed -i "s;__AWS_REGION__;\"$AWS_REGION\";g" /etc/cfn/hooks.d/cfn-auto-reloader.conf @@ -37,4 +37,4 @@ fi systemctl daemon-reload systemctl enable --now cfn-hup - systemctl start cfn-hup.service \ No newline at end of file + systemctl start cfn-hup.service diff --git a/lib/solana/lib/assets/instance/storage/setup.sh b/lib/solana/lib/assets/instance/storage/setup.sh index e0adaaa9..ca5e6b81 100755 --- a/lib/solana/lib/assets/instance/storage/setup.sh +++ b/lib/solana/lib/assets/instance/storage/setup.sh @@ -95,11 +95,11 @@ fi if [ -n "$VOLUME_SIZE" ]; then VOLUME_ID=/dev/$(lsblk -lnb | awk -v VOLUME_SIZE_BYTES="$VOLUME_SIZE" '{if ($4== VOLUME_SIZE_BYTES) {print $1}}') echo "Data volume size defined, use respective volume id: $VOLUME_ID" - else + else VOLUME_ID=$(get_next_empty_nvme_disk) echo "Data volume size undefined, trying volume id: $VOLUME_ID" fi - + make_fs $FILE_SYSTEM "$VOLUME_ID" sleep 10 @@ -127,4 +127,4 @@ fi chown -R bcuser:bcuser "$DIR_NAME" else echo "$DIR_NAME volume is mounted, nothing changed" - fi \ No newline at end of file + fi diff --git a/lib/solana/lib/assets/instance/storage/update-cloudwatch-dashboard.sh b/lib/solana/lib/assets/instance/storage/update-cloudwatch-dashboard.sh index 2dff26d0..7d93ee9d 100755 --- a/lib/solana/lib/assets/instance/storage/update-cloudwatch-dashboard.sh +++ b/lib/solana/lib/assets/instance/storage/update-cloudwatch-dashboard.sh @@ -81,4 +81,4 @@ for MOUNT_PATH in ${MOUNT_PATHS[*]}; do done # Upload cloudwatch dashboard using aws cli -aws cloudwatch put-dashboard --dashboard-name "$DASHBOARD_NAME" --dashboard-body file:///tmp/dashboard.json \ No newline at end of file +aws cloudwatch put-dashboard --dashboard-name "$DASHBOARD_NAME" --dashboard-body file:///tmp/dashboard.json diff --git a/lib/solana/lib/assets/node/build-binaries.sh b/lib/solana/lib/assets/node/build-binaries.sh index 87227b0f..211eecf5 100755 --- a/lib/solana/lib/assets/node/build-binaries.sh +++ b/lib/solana/lib/assets/node/build-binaries.sh @@ -43,4 +43,4 @@ if [ ! -d "/home/bcuser/bin" ]; then mkdir -p /home/bcuser/bin fi mv $PWD/bin/* /home/bcuser/bin -echo export PATH=/home/bcuser/bin:$PATH >> /home/bcuser/.profile \ No newline at end of file +echo export PATH=/home/bcuser/bin:$PATH >> /home/bcuser/.profile diff --git a/lib/solana/lib/assets/node/node.service b/lib/solana/lib/assets/node/node.service index e2ad4914..4139f923 100644 --- a/lib/solana/lib/assets/node/node.service +++ b/lib/solana/lib/assets/node/node.service @@ -12,4 +12,4 @@ LogRateLimitIntervalSec=0 Environment="PATH=/bin:/usr/bin:/home/bcuser/bin" ExecStart=/home/bcuser/bin/node-service.sh [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/lib/solana/lib/assets/node/setup.sh b/lib/solana/lib/assets/node/setup.sh index fbd2ffb0..def85c90 100755 --- a/lib/solana/lib/assets/node/setup.sh +++ b/lib/solana/lib/assets/node/setup.sh @@ -212,4 +212,4 @@ echo "Starting node as a service" mv /opt/node/node.service /etc/systemd/system/node.service systemctl daemon-reload -systemctl enable --now node \ No newline at end of file +systemctl enable --now node diff --git a/lib/solana/lib/assets/sync-checker/setup.sh b/lib/solana/lib/assets/sync-checker/setup.sh index 7e0f65db..96bc10e5 100755 --- a/lib/solana/lib/assets/sync-checker/setup.sh +++ b/lib/solana/lib/assets/sync-checker/setup.sh @@ -22,4 +22,4 @@ mv /opt/sync-checker/sync-checker.timer /etc/systemd/system/sync-checker.timer echo "Starting sync checker timer" systemctl start sync-checker.timer -systemctl enable sync-checker.timer \ No newline at end of file +systemctl enable sync-checker.timer diff --git a/lib/solana/lib/assets/sync-checker/sync-checker.service b/lib/solana/lib/assets/sync-checker/sync-checker.service index 64413146..9f187ce2 100644 --- a/lib/solana/lib/assets/sync-checker/sync-checker.service +++ b/lib/solana/lib/assets/sync-checker/sync-checker.service @@ -2,4 +2,4 @@ Description="Sync checker for blockchain node" [Service] -ExecStart=/opt/syncchecker.sh \ No newline at end of file +ExecStart=/opt/syncchecker.sh diff --git a/lib/solana/lib/assets/sync-checker/sync-checker.timer b/lib/solana/lib/assets/sync-checker/sync-checker.timer index b531147b..b45ff94e 100644 --- a/lib/solana/lib/assets/sync-checker/sync-checker.timer +++ b/lib/solana/lib/assets/sync-checker/sync-checker.timer @@ -6,4 +6,4 @@ OnCalendar=*:*:0/5 Unit=sync-checker.service [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/lib/solana/lib/constructs/node-cw-dashboard.ts b/lib/solana/lib/constructs/node-cw-dashboard.ts index cccaa80f..20ffca58 100644 --- a/lib/solana/lib/constructs/node-cw-dashboard.ts +++ b/lib/solana/lib/constructs/node-cw-dashboard.ts @@ -321,4 +321,4 @@ export const SingleNodeCWDashboardJSON = { } } ] -} \ No newline at end of file +} diff --git a/scripts/run-all-cdk-tests.sh b/scripts/run-all-cdk-tests.sh index 2de07889..57fb1374 100755 --- a/scripts/run-all-cdk-tests.sh +++ b/scripts/run-all-cdk-tests.sh @@ -28,4 +28,4 @@ for dir in */; do else run_test "$dir" fi -done \ No newline at end of file +done From 23c104089288ad3f075ededcb0b9b42a4d1d1db4 Mon Sep 17 00:00:00 2001 From: Nikolay Vlasov Date: Fri, 24 Jan 2025 18:08:32 +1100 Subject: [PATCH 6/8] Git. Fixing access rights in pre-comit github action --- .github/workflows/pre-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index b392a286..93f5f082 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest permissions: actions: read - contents: read + contents: write steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v3 From c3e354e6720dc776b86a0ab3e201460cdf6dd6d0 Mon Sep 17 00:00:00 2001 From: Nikolay Vlasov Date: Fri, 24 Jan 2025 18:11:19 +1100 Subject: [PATCH 7/8] Git. Fixing pre-comit github action --- .github/workflows/pre-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 93f5f082..5191f9f5 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -13,4 +13,4 @@ jobs: steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v3 - - uses: pre-commit/action@v3.0.1 \ No newline at end of file + - uses: pre-commit/action@v3.0.1 From 9991419f40d9f2a06e14a336ec5a62b7bf732361 Mon Sep 17 00:00:00 2001 From: Nikolay Vlasov Date: Fri, 24 Jan 2025 18:11:36 +1100 Subject: [PATCH 8/8] Git. Fixing pre-comit github action --- .github/workflows/pre-commit.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 5191f9f5..0a63b050 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,9 +7,6 @@ on: jobs: pre-commit: runs-on: ubuntu-latest - permissions: - actions: read - contents: write steps: - uses: actions/checkout@v3 - uses: actions/setup-python@v3