diff --git a/.github/scripts/prepare-matrices.py b/.github/scripts/prepare-matrices.py index ce896fd..dabcc78 100644 --- a/.github/scripts/prepare-matrices.py +++ b/.github/scripts/prepare-matrices.py @@ -90,6 +90,9 @@ def get_app_metadata(subdir, meta, forRelease=False, channels=None): if meta.get("binary_name"): platformToBuild["binary_name"] = meta["binary_name"] + if meta.get("binary_build_output_path"): + platformToBuild["binary_build_output_path"] = meta["binary_build_output_path"] + platformToBuild["update_modules_enabled"] = channel["update_modules"]["enabled"] if channel["update_modules"]["enabled"]: platformToBuild["update_modules_branch"] = channel["update_modules"]["cosmossdk_branch"] @@ -142,4 +145,4 @@ def get_app_metadata(subdir, meta, forRelease=False, channels=None): if appToBuild is not None: appsToBuild["apps"].extend(appToBuild["apps"]) appsToBuild["appsPlatforms"].extend(appToBuild["appsPlatforms"]) - print(json.dumps(appsToBuild)) \ No newline at end of file + print(json.dumps(appsToBuild)) diff --git a/.github/scripts/update-go-modules.sh b/.github/scripts/update-go-modules.sh index cf401d1..a0bfa3a 100755 --- a/.github/scripts/update-go-modules.sh +++ b/.github/scripts/update-go-modules.sh @@ -1,7 +1,6 @@ #!/bin/bash set -oue pipefail - ## FUNCTIONS # Function to get the latest commit SHA for a given repo and branch @@ -46,6 +45,9 @@ replace_module() { go mod edit -replace=$module=$module@$pseudo_version + go mod verify + go mod tidy + return 0 } @@ -73,6 +75,8 @@ check_replaced_local() { if [ $? -ne 0 ]; then return 1 else + go mod verify + go mod tidy return 0 fi } @@ -130,19 +134,16 @@ for module in $modules; do elif [[ "$COSMOSSDK_BRANCH" =~ "v0.52.x" ]]; then case "$module" in # Force checking specific modules to HEAD of refs/heads/release/v0.52.x instead of main - *client/v2*|*x/*) + *api*|*client/v2*|*x/*) # Exception for x/tx - if [[ "$module" =~ "x/tx" ]]; then + if [[ "$module" =~ "x/tx" ]] || [[ "$module" =~ "api" ]]; then if ! replace_module "$cosmossdk_latest_commit_main"; then echo "Failed to update module $module after trying main." exit 1 fi - elif ! replace_module "$cometbft_latest_commit_branch"; then - echo "Failed to update module $module after trying main." - exit 1 - if ! replace_module "$cosmossdk_latest_commit_branch"; then - echo "Failed to update module $module after trying $COSMOSSDK_BRANCH." - fi + elif ! replace_module "$cosmossdk_latest_commit_branch"; then + echo "Failed to update module $module after trying main." + exit 1 fi ;; *errors*) @@ -156,8 +157,7 @@ for module in $modules; do esac fi ;; - *github.com/cosmos/cosmos-sdk*) - + *cosmos-sdk*) # modules that need to follow HEAD on release branch if ! replace_module "$cosmossdk_latest_commit_branch"; then echo "Failed to update module $module after trying $COSMOSSDK_BRANCH." @@ -179,7 +179,5 @@ for module in $modules; do else echo "module $module is already replaced by local path" fi -done -go mod verify -go mod tidy +done diff --git a/.github/workflows/build-applications.yaml b/.github/workflows/build-applications.yaml index 52bf322..4b1dab1 100644 --- a/.github/workflows/build-applications.yaml +++ b/.github/workflows/build-applications.yaml @@ -147,6 +147,7 @@ jobs: MATRIX_APP_PATH: ${{ matrix.app.path }} GOARCH: ${{ matrix.app.target_arch }} BINARY_NAME: ${{ matrix.app.binary_name }} + BINARY_BUILD_OUTPUT_PATH: ${{ matrix.app.repository }}/${{ matrix.app.binary_build_output_path }} run: ./nightly-stack/apps/${{ matrix.app.name }}/ci/test.sh - name: Export Build Result @@ -170,15 +171,20 @@ jobs: if: ${{ matrix.app.publish_artifacts }} env: BINARY_NAME: ${{ matrix.app.binary_name }} + BINARY_BUILD_OUTPUT_PATH: ${{ matrix.app.binary_build_output_path }} run: | set -oue pipefail set -x # Create archive - if [[ -z $BINARY_NAME ]]; then - BINARY_PATH=$(find $(go env GOPATH)/bin | tail -n 1) + if [[ ! -z $BINARY_BUILD_OUTPUT_PATH ]]; then + BINARY_PATH=${{ matrix.app.repository }}/$BINARY_BUILD_OUTPUT_PATH else - BINARY_PATH=$(find $(go env GOPATH)/bin | grep $BINARY_NAME | tail -n 1) + if [[ -z $BINARY_NAME ]]; then + BINARY_PATH=$(find $(go env GOPATH)/bin | tail -n 1) + else + BINARY_PATH=$(find $(go env GOPATH)/bin | grep $BINARY_NAME | tail -n 1) + fi fi chmod +x $BINARY_PATH mv $BINARY_PATH ${{ github.workspace }}/${{ matrix.app.name }}-${{ matrix.app.channel }}-${{ matrix.app.target_os }}-${{ matrix.app.target_arch }} diff --git a/apps/cosmos-sdk-comet/Dockerfile b/apps/cosmos-sdk-comet/Dockerfile index e633fed..0739c18 100644 --- a/apps/cosmos-sdk-comet/Dockerfile +++ b/apps/cosmos-sdk-comet/Dockerfile @@ -8,6 +8,7 @@ USER root COPY ./$BINARY /app/node +# trunk-ignore(hadolint/DL3018) RUN apk update && \ apk add --no-cache \ bash \ @@ -41,4 +42,4 @@ HEALTHCHECK --interval=1m --timeout=3s CMD /app/node query node status | grep va VOLUME ["/config"] ENTRYPOINT ["tini", "--"] -CMD ["/entrypoint.sh"] \ No newline at end of file +CMD ["/entrypoint.sh"] diff --git a/apps/cosmos-sdk-v2/Dockerfile b/apps/cosmos-sdk-v2/Dockerfile index e633fed..0739c18 100644 --- a/apps/cosmos-sdk-v2/Dockerfile +++ b/apps/cosmos-sdk-v2/Dockerfile @@ -8,6 +8,7 @@ USER root COPY ./$BINARY /app/node +# trunk-ignore(hadolint/DL3018) RUN apk update && \ apk add --no-cache \ bash \ @@ -41,4 +42,4 @@ HEALTHCHECK --interval=1m --timeout=3s CMD /app/node query node status | grep va VOLUME ["/config"] ENTRYPOINT ["tini", "--"] -CMD ["/entrypoint.sh"] \ No newline at end of file +CMD ["/entrypoint.sh"] diff --git a/apps/cosmos-sdk-v2/entrypoint.sh b/apps/cosmos-sdk-v2/entrypoint.sh index 1b3a3ab..ed93eee 100755 --- a/apps/cosmos-sdk-v2/entrypoint.sh +++ b/apps/cosmos-sdk-v2/entrypoint.sh @@ -8,6 +8,7 @@ COSMOS_CHAIN_ID="${COSMOS_CHAIN_ID:-testchain}" COSMOS_MONIKER="${COSMOS_MONIKER:-testchain-node}" COSMOS_NODE_CMD=/app/node GENESIS_FILE="${HOME}/config/genesis.json" +PASSWORD=${PASSWORD:-1234567890} if [[ ! -f "${HOME}/config/config.toml" ]]; then echo "Launch init procedure..." @@ -18,7 +19,7 @@ if [[ ! -f "${HOME}/config/config.toml" ]]; then # Add keys for user in validator faucet alice bob; do - "${COSMOS_NODE_CMD}" keys add "${user}" --indiscreet --home "${HOME}" + (echo "${PASSWORD}"; echo "${PASSWORD}") | "${COSMOS_NODE_CMD}" keys add "${user}" --home "${HOME}" done # Initialize node @@ -32,7 +33,7 @@ if [[ ! -f "${HOME}/config/config.toml" ]]; then # Add genesis accounts for account in validator faucet alice bob; do - "${COSMOS_NODE_CMD}" genesis add-genesis-account "${account}" 5000000000stake --keyring-backend test --home "${HOME}" + echo "${PASSWORD}" | "${COSMOS_NODE_CMD}" genesis add-genesis-account "${account}" 5000000000stake --keyring-backend test --home "${HOME}" done "${COSMOS_NODE_CMD}" genesis gentx validator 1000000stake --chain-id "${COSMOS_CHAIN_ID}" --home "${HOME}" "${COSMOS_NODE_CMD}" genesis collect-gentxs --home "${HOME}" diff --git a/apps/cosmos-sdk/Dockerfile b/apps/cosmos-sdk/Dockerfile index e633fed..0739c18 100644 --- a/apps/cosmos-sdk/Dockerfile +++ b/apps/cosmos-sdk/Dockerfile @@ -8,6 +8,7 @@ USER root COPY ./$BINARY /app/node +# trunk-ignore(hadolint/DL3018) RUN apk update && \ apk add --no-cache \ bash \ @@ -41,4 +42,4 @@ HEALTHCHECK --interval=1m --timeout=3s CMD /app/node query node status | grep va VOLUME ["/config"] ENTRYPOINT ["tini", "--"] -CMD ["/entrypoint.sh"] \ No newline at end of file +CMD ["/entrypoint.sh"] diff --git a/apps/ignite-example/Dockerfile b/apps/ignite-example/Dockerfile index e633fed..0739c18 100644 --- a/apps/ignite-example/Dockerfile +++ b/apps/ignite-example/Dockerfile @@ -8,6 +8,7 @@ USER root COPY ./$BINARY /app/node +# trunk-ignore(hadolint/DL3018) RUN apk update && \ apk add --no-cache \ bash \ @@ -41,4 +42,4 @@ HEALTHCHECK --interval=1m --timeout=3s CMD /app/node query node status | grep va VOLUME ["/config"] ENTRYPOINT ["tini", "--"] -CMD ["/entrypoint.sh"] \ No newline at end of file +CMD ["/entrypoint.sh"] diff --git a/apps/wasmd/Dockerfile b/apps/wasmd/Dockerfile new file mode 100644 index 0000000..7c5591a --- /dev/null +++ b/apps/wasmd/Dockerfile @@ -0,0 +1,51 @@ +FROM docker.io/library/golang:1.23-alpine3.19 AS go-builder + +WORKDIR /code + +# this comes from standard alpine nightly file +# https://github.com/rust-lang/docker-rust-nightly/blob/master/alpine3.12/Dockerfile +# with some changes to support our toolchain, etc +RUN set -eux; apk add --no-cache ca-certificates build-base; + +RUN apk add git +# NOTE: add these to run with LEDGER_ENABLED=true +# RUN apk add libusb-dev linux-headers + +RUN git clone -b upgrade_sdk_0.52 https://github.com/CosmWasm/wasmd . + +# See https://github.com/CosmWasm/wasmvm/releases +# trunk-ignore(checkov/CKV_DOCKER_4) +ADD https://github.com/CosmWasm/wasmvm/releases/download/v2.2.0-rc.2/libwasmvm_muslc.aarch64.a /lib/libwasmvm_muslc.aarch64.a +# trunk-ignore(checkov/CKV_DOCKER_4) +ADD https://github.com/CosmWasm/wasmvm/releases/download/v2.2.0-rc.2/libwasmvm_muslc.x86_64.a /lib/libwasmvm_muslc.x86_64.a +RUN sha256sum /lib/libwasmvm_muslc.aarch64.a | grep 7af80eb7e79d82789eca0d5512a87dc20e96182590fe88ae5fd0153e31c097c9 +RUN sha256sum /lib/libwasmvm_muslc.x86_64.a | grep 2c497b5246c7217a70c447c50117c7fb09909ec23e6e4151a4de3e5f29db8134 + +# force it to use static lib (from above) not standard libgo_cosmwasm.so file +RUN LEDGER_ENABLED=false BUILD_TAGS=muslc LINK_STATICALLY=true make build +RUN echo "Ensuring binary is statically linked ..." \ + && (file /code/build/wasmd | grep "statically linked") + +# -------------------------------------------------------- +FROM docker.io/library/alpine:3.18 + +# trunk-ignore(hadolint/DL3018) +RUN apk add --no-cache \ + bash \ + jq \ + tini + +COPY --from=go-builder /code/build/wasmd /app/wasmd +COPY ./entrypoint.sh /entrypoint.sh + +WORKDIR /app + +# rest server +EXPOSE 1317 +# tendermint p2p +EXPOSE 26656 +# tendermint rpc +EXPOSE 26657 + +ENTRYPOINT ["tini", "--"] +CMD ["/entrypoint.sh"] diff --git a/apps/wasmd/ci/build.sh b/apps/wasmd/ci/build.sh new file mode 100755 index 0000000..1a10b5d --- /dev/null +++ b/apps/wasmd/ci/build.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -Eeuo pipefail +set -x + +if [[ ${GOARCH} == "arm64" ]]; then + export CC=aarch64-linux-gnu-gcc + export CGO_ENABLED=1 + export GOOS=linux +fi + +# Install CORSS tools +sudo apt install gcc-aarch64-linux-gnu + +# Import go modules +cd "${MATRIX_APP_REPOSITORY}/${MATRIX_APP_PATH}" +go mod tidy + +# See https://github.com/CosmWasm/wasmvm/releases +sudo wget --output-document /lib/libwasmvm.x86_64.so https://github.com/CosmWasm/wasmvm/releases/download/v2.2.0-rc.2/libwasmvm.x86_64.so +sudo wget --output-document /lib/libwasmvm.aarch64.so https://github.com/CosmWasm/wasmvm/releases/download/v2.2.0-rc.2/libwasmvm.aarch64.so + +# Build application +LEDGER_ENABLED=false make build diff --git a/apps/wasmd/ci/goss.yaml b/apps/wasmd/ci/goss.yaml new file mode 100644 index 0000000..9fa4bdc --- /dev/null +++ b/apps/wasmd/ci/goss.yaml @@ -0,0 +1,11 @@ +--- +# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#process +process: + wasmd: + running: true + +# https://github.com/aelsabbahy/goss/blob/master/docs/manual.md#port +port: + # https://github.com/aelsabbahy/goss/issues/149 + tcp:26657: + listening: true diff --git a/apps/wasmd/ci/test.sh b/apps/wasmd/ci/test.sh new file mode 100755 index 0000000..ca488ec --- /dev/null +++ b/apps/wasmd/ci/test.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash + +set -oue pipefail +set -x + +BINARY_PATH="${BINARY_BUILD_OUTPUT_PATH}" + +# Set the timeout to 60 seconds +TIMEOUT=60 +START_TIME=$(date +%s) + +echo "Launch init procedure..." +CONFIG_HOME=$(${BINARY_PATH} config home) +${BINARY_PATH} config set client chain-id testchain +${BINARY_PATH} config set client keyring-backend test +sed -i 's/minimum-gas-prices = ""/minimum-gas-prices = "0.002token1"/' "${CONFIG_HOME}/config/app.toml" +${BINARY_PATH} config set app api.enable true +${BINARY_PATH} keys add alice +${BINARY_PATH} keys add bob +${BINARY_PATH} init testchain-node --chain-id testchain +jq '.app_state.gov.params.voting_period = "600s"' "${CONFIG_HOME}/config/genesis.json" > temp.json && mv temp.json "${CONFIG_HOME}/config/genesis.json" +jq '.app_state.gov.params.expedited_voting_period = "300s"' "${CONFIG_HOME}/config/genesis.json" > temp.json && mv temp.json "${CONFIG_HOME}/config/genesis.json" +jq '.app_state.mint.minter.inflation = "0.300000000000000000"' "${CONFIG_HOME}/config/genesis.json" > temp.json && mv temp.json "${CONFIG_HOME}/config/genesis.json" # to change the inflation +${BINARY_PATH} genesis add-genesis-account alice 5000000000stake --keyring-backend test +${BINARY_PATH} genesis add-genesis-account bob 5000000000stake --keyring-backend test +${BINARY_PATH} genesis gentx alice 1000000stake --chain-id testchain +${BINARY_PATH} genesis collect-gentxs + +# trunk-ignore(shellcheck/SC2210) +${BINARY_PATH} start > ./output.log 2>1 & +APP_PID=$! + + +while true; do + CURRENT_TIME=$(date +%s) + ELAPSED_TIME=$((CURRENT_TIME - START_TIME)) + + if [[ "${ELAPSED_TIME}" -ge "${TIMEOUT}" ]]; then + echo "Timeout reached. Application did not produce the success pattern within 60 seconds." + kill "${APP_PID}" + cat ./output.log + exit 1 + fi + + # Check that 4th block is produced to validate the application + if ${BINARY_PATH} query block-results 4; then + echo "Block #4 has been committed. Application is working correctly." + kill "${APP_PID}" + exit 0 + else + echo "Block height is not greater than 4." + fi + + sleep 3 +done diff --git a/apps/wasmd/entrypoint.sh b/apps/wasmd/entrypoint.sh new file mode 100755 index 0000000..35d8466 --- /dev/null +++ b/apps/wasmd/entrypoint.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash + +set -Eeuo pipefail +set -x + +export HOME="${NODE_HOME:-/config}" +COSMOS_CHAIN_ID="${COSMOS_CHAIN_ID:-testchain}" +COSMOS_MONIKER="${COSMOS_MONIKER:-testchain-node}" +COSMOS_NODE_CMD=/app/wasmd +GENESIS_FILE="${HOME}/config/genesis.json" +PASSWORD=${PASSWORD:-1234567890} + +if [[ ! -f "${HOME}/config/config.toml" ]]; then + echo "Launch init procedure..." + + # Configure client settings + "${COSMOS_NODE_CMD}" config set client chain-id "${COSMOS_CHAIN_ID}" --home "${HOME}" + "${COSMOS_NODE_CMD}" config set client keyring-backend test --home "${HOME}" + sed -i 's/minimum-gas-prices = ""/minimum-gas-prices = "0.002token1"/' "${HOME}/config/app.toml" + "${COSMOS_NODE_CMD}" config set app api.enable true --home "${HOME}" + + # Add keys + for user in validator faucet alice bob; do + (echo "${PASSWORD}"; echo "${PASSWORD}") | "${COSMOS_NODE_CMD}" keys add "${user}" --home "${HOME}" + done + + # Initialize node + "${COSMOS_NODE_CMD}" init "${COSMOS_MONIKER}" --chain-id "${COSMOS_CHAIN_ID}" --home "${HOME}" + + # Set governance and inflation parameters + jq '.app_state.gov.params.voting_period = "600s" | + .app_state.gov.params.expedited_voting_period = "300s" | + .app_state.mint.minter.inflation = "0.300000000000000000"' \ + "${GENESIS_FILE}" >temp.json && mv temp.json "${GENESIS_FILE}" + + # Add genesis accounts + for account in validator faucet alice bob; do + echo "${PASSWORD}" | "${COSMOS_NODE_CMD}" genesis add-genesis-account "${account}" 5000000000stake --home "${HOME}" + done + echo "${PASSWORD}" | "${COSMOS_NODE_CMD}" genesis gentx validator 1000000stake --chain-id "${COSMOS_CHAIN_ID}" --home "${HOME}" + echo "${PASSWORD}" | "${COSMOS_NODE_CMD}" genesis collect-gentxs --home "${HOME}" +fi + +exec \ + "${COSMOS_NODE_CMD}" start --home "${HOME}" \ + "$@" diff --git a/apps/wasmd/metadata.yaml b/apps/wasmd/metadata.yaml new file mode 100644 index 0000000..deccace --- /dev/null +++ b/apps/wasmd/metadata.yaml @@ -0,0 +1,24 @@ +--- +app: wasmd +repository: CosmWasm/wasmd +path: ./ +fetch_full_history: true +publish_artifacts: true +binary_build_output_path: build/wasmd +channels: + - name: v0.52.x + branch: upgrade_sdk_0.52 + platforms: [linux/amd64,linux/arm64] + container_tag_name: "0.52" + update_modules: + enabled: false + cosmossdk_branch: refs/heads/release/v0.52.x + tests_enabled: true + - name: v0.52.x-mods + branch: upgrade_sdk_0.52 + platforms: [linux/amd64,linux/arm64] + container_tag_name: 0.52-mods + update_modules: + enabled: true + cosmossdk_branch: refs/heads/release/v0.52.x + tests_enabled: true diff --git a/metadata.rules.cue b/metadata.rules.cue index 5813c9b..1f412e1 100644 --- a/metadata.rules.cue +++ b/metadata.rules.cue @@ -6,6 +6,7 @@ fetch_full_history?: bool publish_artifacts: bool binary_name?: string + binary_build_output_path?: string channels: [...#Channels] } @@ -23,4 +24,4 @@ #AppName: string & !="" & =~"^[a-zA-Z0-9_-]+$" #ChannelName: string & !="" & =~"^[a-zA-Z0-9._-]+$" -#Platforms: "linux/amd64" | "linux/arm64" \ No newline at end of file +#Platforms: "linux/amd64" | "linux/arm64"