From 44e7f44595fead73ad112e97f43847f224a69633 Mon Sep 17 00:00:00 2001 From: Grant Zukel Date: Thu, 15 Feb 2024 17:30:46 -0700 Subject: [PATCH] removed nosec, fix typo, removed unessecary comment --- .github/workflows/publish-release.yml | 89 +------------------ .../local-mainnet/zetacored/configs/start.sh | 1 - readme.md | 2 +- 3 files changed, 2 insertions(+), 90 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 2aa51c5050..04988adeb0 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -11,7 +11,7 @@ on: type: boolean required: false default: false - description: 'Use this to skip: gosec, gosec-cosmos, nosec_alert,check-changelog, check-upgrade-uandler-updated, build-test, smoke-test and go straight to approval step.' + description: 'Use this to skip: gosec, gosec-cosmos, check-changelog, check-upgrade-uandler-updated, build-test, smoke-test and go straight to approval step.' concurrency: group: publish-release @@ -104,92 +104,6 @@ jobs: run: | echo "Check Skipped, Mark Green for Pipeline Execution" - nosec_alert: - runs-on: ubuntu-latest - timeout-minutes: 10 - env: - GO111MODULE: on - steps: - - name: Checkout Source - if: ${{ github.event.inputs.skip_checks != 'true' }} - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Getting files updated in the PR - if: ${{ github.event.inputs.skip_checks != 'true' }} - id: changed-files - uses: tj-actions/changed-files@v41 - with: - base_sha: ${{ github.event.pull_request.base.sha }} - - - name: List all changed files - if: ${{ github.event.inputs.skip_checks != 'true' }} - run: | - for file in ${{ steps.changed-files.outputs.all_changed_files }}; do - echo "$file was changed" - done - - - name: Report nosec usage - if: ${{ github.event.inputs.skip_checks != 'true' }} - run: | - nosec_list=() - nosec_detected=0 - echo "Changed files: ${{ steps.changed-files.outputs.all_changed_files }}" - - for file in ${{ steps.changed-files.outputs.all_changed_files }}; do - if git diff ${{ github.event.pull_request.base.sha }} $file | grep -q nosec; then - echo "nosec detected in $file" - nosec_list+=("$file,") - nosec_detected=1 - else - echo "nosec not detected in $file" - fi - done - - nosec_list_string="${nosec_list[@]}" - nosec_list_string="${nosec_list_string%,}" - echo "nosec_files=$nosec_list_string" >> $GITHUB_ENV - echo "nosec_detected=$nosec_detected" >> $GITHUB_ENV - - - name: Report nosec uses - uses: mshick/add-pr-comment@v2 - if: ${{ env.nosec_detected == 1 && github.event.inputs.skip_checks != 'true' }} - with: - message: | - *!!!WARNING!!!* - `nosec` detected in the following files: ${{ env.nosec_files }} - - Be very careful about using `#nosec` in code. It can be a quick way to suppress security warnings and move forward with development, it should be employed with caution. Suppressing warnings with #nosec can hide potentially serious vulnerabilities. Only use #nosec when you're absolutely certain that the security issue is either a false positive or has been mitigated in another way. - - Only suppress a single rule (or a specific set of rules) within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within the #nosec annotation, e.g: /* #nosec G401 */ or //#nosec G201 G202 G203 - Broad `#nosec` annotations should be avoided, as they can hide other vulnerabilities. **The CI will block you from merging this PR until you remove `#nosec` annotations that do not target specific rules**. - - Pay extra attention to the way `#nosec` is being used in the files listed above. - - - name: Add Label - uses: actions/github-script@v6 - if: ${{ env.nosec_detected == 1 && github.event.inputs.skip_checks != 'true' }} - with: - script: | - github.rest.issues.addLabels({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - labels: ["nosec"] - }) - - - name: Check for '#nosec' without a specific rule - if: ${{ github.event.inputs.skip_checks != 'true' }} - run: | - DIFF=$(git diff ${{ github.event.pull_request.base.sha }}) - echo "$DIFF" | grep -P '#nosec(?!(\sG\d{3}))(?![^\s\t])([\s\t]*|$)' && echo "nosec without specified rule found!" && exit 1 || exit 0 - - - name: Skip Checks Succeed for Needs. - if: ${{ github.event.inputs.skip_checks == 'true' }} - run: | - echo "Check Skipped, Mark Green for Pipeline Execution" - check-changelog: runs-on: ubuntu-latest steps: @@ -408,7 +322,6 @@ jobs: - gosec - gosec-cosmos - lint - - nosec_alert - check-changelog - check-upgrade-handler-updated - smoke-test diff --git a/contrib/local-mainnet/zetacored/configs/start.sh b/contrib/local-mainnet/zetacored/configs/start.sh index f6cc51c9b1..f17883ef77 100644 --- a/contrib/local-mainnet/zetacored/configs/start.sh +++ b/contrib/local-mainnet/zetacored/configs/start.sh @@ -95,7 +95,6 @@ logt "Setup script variables." export STATE_SYNC_SERVER="${STATE_SYNC_SERVER}" export TRUST_HEIGHT=$(curl -s http://${STATE_SYNC_SERVER}/block | jq -r '.result.block.header.height') export HEIGHT=$((TRUST_HEIGHT-40000)) -#export HEIGHT=$((TRUST_HEIGHT-100)) export TRUST_HASH=$(curl -s "http://${STATE_SYNC_SERVER}/block?height=${HEIGHT}" | jq -r '.result.block_id.hash') export RPC_STATE_SYNC_SERVERS="${RPC_STATE_SYNC_SERVERS}" export SEED="${SEED_NODE}" diff --git a/readme.md b/readme.md index d509fa741c..08b8c1d882 100644 --- a/readme.md +++ b/readme.md @@ -94,7 +94,7 @@ Currently, raising the proposal to deploy to testnet is a manual process via Gov ## Creating a Release / Hotfix Release -To create a release yous simply execute the publish-release workflow and follow the steps below. +To create a release simply execute the publish-release workflow and follow the steps below. ### Steps - Step 1. Go to this pipeline: https://github.com/zeta-chain/node/actions/workflows/publish-release.yml