Skip to content

Commit

Permalink
Merge pull request #1 from stellar/master
Browse files Browse the repository at this point in the history
Security code
  • Loading branch information
almamoon hethm authored Oct 5, 2024
2 parents 0166808 + ba11f09 commit 43a3867
Show file tree
Hide file tree
Showing 567 changed files with 34,635 additions and 22,132 deletions.
3 changes: 1 addition & 2 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,7 @@ change is, and why it is being made, with enough context for anyone to understan

### Release planning

* [ ] I've updated the relevant CHANGELOG ([here](services/horizon/CHANGELOG.md) for Horizon) if
needed with deprecations, added features, breaking changes, and DB schema changes.
* [ ] I've reviewed the changes in this PR and if I consider them worthwhile for being mentioned on release notes then I have updated the relevant `CHANGELOG.md` within the component folder structure. For example, if I changed horizon, then I updated ([services/horizon/CHANGELOG.md](services/horizon/CHANGELOG.md). I add a new line item describing the change and reference to this PR. If I don't update a CHANGELOG, I acknowledge this PR's change may not be mentioned in future release notes.
* [ ] I've decided if this PR requires a new major/minor version according to
[semver](https://semver.org/), or if it's mainly a patch change. The PR is targeted at the next
release branch if it's not a patch change.
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,15 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v3
59 changes: 59 additions & 0 deletions .github/workflows/galexie-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
name: Galexie Release

on:
push:
tags: ['galexie-v*']

jobs:

publish-docker:
name: Test and push docker image
runs-on: ubuntu-latest
env:
GALEXIE_INTEGRATION_TESTS_ENABLED: "true"
GALEXIE_INTEGRATION_TESTS_CAPTIVE_CORE_BIN: /usr/bin/stellar-core
# this pins to a version of quickstart:testing that has the same version as STELLAR_CORE_VERSION
# this is the multi-arch index sha, get it by 'docker buildx imagetools inspect stellar/quickstart:testing'
GALEXIE_INTEGRATION_TESTS_QUICKSTART_IMAGE: docker.io/stellar/quickstart:testing@sha256:03c6679f838a92b1eda4cd3a9e2bdee4c3586e278a138a0acf36a9bc99a0041f
GALEXIE_INTEGRATION_TESTS_QUICKSTART_IMAGE_PULL: "false"
STELLAR_CORE_VERSION: 21.3.1-2007.4ede19620.focal
steps:
- name: Set VERSION
run: |
echo "VERSION=${GITHUB_REF_NAME#galexie-v}" >> $GITHUB_ENV
- uses: actions/checkout@v3
with:
ref: ${{ github.sha }}
- name: Pull Quickstart image
shell: bash
run: |
docker pull "$GALEXIE_INTEGRATION_TESTS_QUICKSTART_IMAGE"
- name: Install captive core
run: |
# Workaround for https://github.com/actions/virtual-environments/issues/5245,
# libc++1-8 won't be installed if another version is installed (but apt won't give you a helpul
# message about why the installation fails)
sudo apt list --installed | grep libc++
sudo apt-get remove -y libc++1-* libc++abi1-* || true
sudo wget -qO - https://apt.stellar.org/SDF.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=true sudo apt-key add -
sudo bash -c 'echo "deb https://apt.stellar.org focal unstable" > /etc/apt/sources.list.d/SDF-unstable.list'
sudo apt-get update && sudo apt-get install -y stellar-core="$STELLAR_CORE_VERSION"
echo "Using stellar core version $(stellar-core version)"
- name: Run tests
run: go test -v -race -run TestGalexieTestSuite ./services/galexie/...

- name: Build docker
run: make -C services/galexie docker-build

# Push images
- name: Login to DockerHub
uses: docker/login-action@bb984efc561711aaa26e433c32c3521176eae55b
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Push to DockerHub
run: make -C services/galexie docker-push
45 changes: 45 additions & 0 deletions .github/workflows/galexie.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
name: Galexie

on:
push:
branches: [master]
pull_request:

jobs:
galexie:
name: Test
runs-on: ubuntu-latest
env:
CAPTIVE_CORE_DEBIAN_PKG_VERSION: 21.3.1-2007.4ede19620.focal
GALEXIE_INTEGRATION_TESTS_ENABLED: "true"
GALEXIE_INTEGRATION_TESTS_CAPTIVE_CORE_BIN: /usr/bin/stellar-core
# this pins to a version of quickstart:testing that has the same version as GALEXIE_INTEGRATION_TESTS_CAPTIVE_CORE_BIN
# this is the multi-arch index sha, get it by 'docker buildx imagetools inspect stellar/quickstart:testing'
GALEXIE_INTEGRATION_TESTS_QUICKSTART_IMAGE: docker.io/stellar/quickstart:testing@sha256:5c8186f53cc98571749054dd782dce33b0aca2d1a622a7610362f7c15b79b1bf
GALEXIE_INTEGRATION_TESTS_QUICKSTART_IMAGE_PULL: "false"
steps:
- name: Install captive core
run: |
# Workaround for https://github.com/actions/virtual-environments/issues/5245,
# libc++1-8 won't be installed if another version is installed (but apt won't give you a helpul
# message about why the installation fails)
sudo apt list --installed | grep libc++
sudo apt-get remove -y libc++1-* libc++abi1-* || true
sudo wget -qO - https://apt.stellar.org/SDF.asc | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=true sudo apt-key add -
sudo bash -c 'echo "deb https://apt.stellar.org focal unstable" > /etc/apt/sources.list.d/SDF-unstable.list'
sudo apt-get update && sudo apt-get install -y stellar-core="$CAPTIVE_CORE_DEBIAN_PKG_VERSION"
echo "Using stellar core version $(stellar-core version)"
- name: Pull Quickstart image
shell: bash
run: |
docker pull "$GALEXIE_INTEGRATION_TESTS_QUICKSTART_IMAGE"
- uses: actions/checkout@v3
with:
# For pull requests, build and test the PR head not a merge of the PR with the destination.
ref: ${{ github.event.pull_request.head.sha || github.ref }}

- name: Run test
run: go test -v -race -run TestGalexieTestSuite ./services/galexie/...
8 changes: 4 additions & 4 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-22.04]
go: ["1.21"]
go: ["1.22.1"]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
Expand All @@ -38,7 +38,7 @@ jobs:
strategy:
matrix:
os: [ubuntu-22.04]
go: ["1.20", "1.21"]
go: ["1.21", "1.22"]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
Expand All @@ -56,8 +56,8 @@ jobs:
strategy:
matrix:
os: [ubuntu-22.04]
go: ["1.19", "1.20"]
pg: [12]
go: ["1.21", "1.22"]
pg: [12, 16]
runs-on: ${{ matrix.os }}
services:
postgres:
Expand Down
28 changes: 0 additions & 28 deletions .github/workflows/horizon-master.yml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/horizon-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:

- uses: ./.github/actions/setup-go
with:
go-version: "1.20"
go-version: "1.22"

- name: Check dependencies
run: ./gomod.sh
Expand Down
36 changes: 13 additions & 23 deletions .github/workflows/horizon.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,9 @@ jobs:
strategy:
matrix:
os: [ubuntu-20.04, ubuntu-22.04]
go: ["1.20", "1.21"]
pg: [12]
ingestion-backend: [captive-core, captive-core-remote-storage]
protocol-version: [19, 20]
go: ["1.21", "1.22"]
pg: [12, 16]
protocol-version: [21]
runs-on: ${{ matrix.os }}
services:
postgres:
Expand All @@ -33,11 +32,10 @@ jobs:
env:
HORIZON_INTEGRATION_TESTS_ENABLED: true
HORIZON_INTEGRATION_TESTS_CORE_MAX_SUPPORTED_PROTOCOL: ${{ matrix.protocol-version }}
PROTOCOL_20_CORE_DEBIAN_PKG_VERSION: 19.13.1-1481.3acf6dd26.focal
PROTOCOL_20_CORE_DOCKER_IMG: stellar/stellar-core:19.13.1-1481.3acf6dd26.focal
PROTOCOL_20_SOROBAN_RPC_DOCKER_IMG: stellar/soroban-rpc:20.0.0-rc3-39
PROTOCOL_19_CORE_DEBIAN_PKG_VERSION: 19.14.0-1500.5664eff4e.focal
PROTOCOL_19_CORE_DOCKER_IMG: stellar/stellar-core:19.14.0-1500.5664eff4e.focal
HORIZON_INTEGRATION_TESTS_CAPTIVE_CORE_USE_DB: true
PROTOCOL_21_CORE_DEBIAN_PKG_VERSION: 21.3.1-2007.4ede19620.focal
PROTOCOL_21_CORE_DOCKER_IMG: stellar/stellar-core:21.3.1-2007.4ede19620.focal
PROTOCOL_21_SOROBAN_RPC_DOCKER_IMG: stellar/soroban-rpc:21.5.1
PGHOST: localhost
PGPORT: 5432
PGUSER: postgres
Expand Down Expand Up @@ -72,16 +70,13 @@ jobs:
docker pull "$PROTOCOL_${{ matrix.protocol-version }}_CORE_DOCKER_IMG"
echo HORIZON_INTEGRATION_TESTS_DOCKER_IMG="$PROTOCOL_${{ matrix.protocol-version }}_CORE_DOCKER_IMG" >> $GITHUB_ENV
- if: ${{ matrix.protocol-version == '20' }}
name: Pull and set Soroban RPC image
- name: Pull and set Soroban RPC image
shell: bash
run: |
docker pull "$PROTOCOL_${{ matrix.protocol-version }}_SOROBAN_RPC_DOCKER_IMG"
echo HORIZON_INTEGRATION_TESTS_SOROBAN_RPC_DOCKER_IMG="$PROTOCOL_${{ matrix.protocol-version }}_SOROBAN_RPC_DOCKER_IMG" >> $GITHUB_ENV
echo HORIZON_INTEGRATION_TESTS_ENABLE_SOROBAN_RPC=true >> $GITHUB_ENV
- if: ${{ startsWith(matrix.ingestion-backend, 'captive-core') }}
name: Install and enable Captive Core
- name: Install core
run: |
# Workaround for https://github.com/actions/virtual-environments/issues/5245,
# libc++1-8 won't be installed if another version is installed (but apt won't give you a helpul
Expand All @@ -93,13 +88,8 @@ jobs:
sudo bash -c 'echo "deb https://apt.stellar.org focal unstable" > /etc/apt/sources.list.d/SDF-unstable.list'
sudo apt-get update && sudo apt-get install -y stellar-core="$PROTOCOL_${{ matrix.protocol-version }}_CORE_DEBIAN_PKG_VERSION"
echo "Using stellar core version $(stellar-core version)"
echo 'HORIZON_INTEGRATION_TESTS_ENABLE_CAPTIVE_CORE=true' >> $GITHUB_ENV
echo 'HORIZON_INTEGRATION_TESTS_CAPTIVE_CORE_BIN=/usr/bin/stellar-core' >> $GITHUB_ENV
- if: ${{ matrix.ingestion-backend == 'captive-core-remote-storage' }}
name: Setup Captive Core Remote Storage
run: echo 'HORIZON_INTEGRATION_TESTS_CAPTIVE_CORE_USE_DB=true' >> $GITHUB_ENV

- name: Build Horizon reproducible build
run: |
go build -v -trimpath -buildvcs=false ./services/horizon
Expand All @@ -108,7 +98,7 @@ jobs:
- name: Calculate the source hash
id: calculate_source_hash
run: |
combined_hash=$(echo "horizon-hash-${{ hashFiles('./horizon') }}-${{ hashFiles('./clients/horizonclient/**') }}-${{ hashFiles('./protocols/horizon/**') }}-${{ hashFiles('./txnbuild/**') }}-${{ hashFiles('./ingest/**') }}-${{ hashFiles('./xdr/**') }}-${{ hashFiles('./services/**') }}-${{ env.PROTOCOL_20_CORE_DOCKER_IMG }}-${{ env.PROTOCOL_19_CORE_DOCKER_IMG }}-${{ env.PREFIX }}" | sha256sum | cut -d ' ' -f 1)
combined_hash=$(echo "horizon-hash-${{ hashFiles('./horizon') }}-${{ hashFiles('./clients/horizonclient/**') }}-${{ hashFiles('./protocols/horizon/**') }}-${{ hashFiles('./txnbuild/**') }}-${{ hashFiles('./ingest/**') }}-${{ hashFiles('./xdr/**') }}-${{ hashFiles('./services/**') }}-${{ env.PROTOCOL_21_CORE_DOCKER_IMG }}-${{ env.PROTOCOL_21_RPC_DOCKER_IMG }}-${{ env.PROTOCOL_21_CORE_DEBIAN_PKG_VERSION }}-${{ env.PREFIX }}" | sha256sum | cut -d ' ' -f 1)
echo "COMBINED_SOURCE_HASH=$combined_hash" >> "$GITHUB_ENV"
- name: Restore Horizon binary and integration tests source hash to cache
Expand All @@ -120,7 +110,7 @@ jobs:
key: ${{ env.COMBINED_SOURCE_HASH }}

- if: ${{ steps.horizon_binary_tests_hash.outputs.cache-hit != 'true' }}
run: go test -race -timeout 45m -v ./services/horizon/internal/integration/...
run: go test -race -timeout 65m -v ./services/horizon/internal/integration/...

- name: Save Horizon binary and integration tests source hash to cache
if: ${{ success() && steps.horizon_binary_tests_hash.outputs.cache-hit != 'true' }}
Expand All @@ -133,7 +123,7 @@ jobs:
name: Test (and push) verify-range image
runs-on: ubuntu-22.04
env:
STELLAR_CORE_VERSION: 19.14.0-1500.5664eff4e.focal
STELLAR_CORE_VERSION: 21.3.1-2007.4ede19620.focal
CAPTIVE_CORE_STORAGE_PATH: /tmp
steps:
- uses: actions/checkout@v3
Expand All @@ -143,7 +133,7 @@ jobs:

- name: Build and test the Verify Range Docker image
run: |
docker build -f services/horizon/docker/verify-range/Dockerfile -t stellar/horizon-verify-range services/horizon/docker/verify-range/
docker build --build-arg="GO_VERSION=$(sed -En 's/^toolchain[[:space:]]+go([[:digit:].]+)$/\1/p' go.mod)" -f services/horizon/docker/verify-range/Dockerfile -t stellar/horizon-verify-range services/horizon/docker/verify-range/
# Any range should do for basic testing, this range was chosen pretty early in history so that it only takes a few mins to run
docker run -e BRANCH=$(git rev-parse HEAD) -e FROM=10000063 -e TO=10000127 stellar/horizon-verify-range
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
/services/horizon/captive-core
/services/horizon/horizon
/services/horizon/stellar-horizon
/bucket-cache
.vscode
.idea
debug
Expand Down
18 changes: 12 additions & 6 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Docker build targets use an optional "TAG" environment
# variable can be set to use custom tag name. For example:
# TAG=my-registry.example.com/keystore:dev make keystore
XDRS = xdr/Stellar-SCP.x \
DOWNLOADABLE_XDRS = xdr/Stellar-SCP.x \
xdr/Stellar-ledger-entries.x \
xdr/Stellar-ledger.x \
xdr/Stellar-overlay.x \
Expand All @@ -14,8 +14,11 @@ xdr/Stellar-contract.x \
xdr/Stellar-internal.x \
xdr/Stellar-contract-config-setting.x

XDRGEN_COMMIT=a231a92475ac6154c0c2f46dc503809823985060
XDR_COMMIT=9ac02641139e6717924fdad716f6e958d0168491
XDRS = $(DOWNLOADABLE_XDRS) xdr/Stellar-exporter.x


XDRGEN_COMMIT=e2cac557162d99b12ae73b846cf3d5bfe16636de
XDR_COMMIT=70180d5e8d9caee9e8645ed8a38c36a8cf403cd9

.PHONY: xdr xdr-clean xdr-update

Expand All @@ -31,6 +34,9 @@ friendbot:
horizon:
$(MAKE) -C services/horizon/ binary-build

galexie:
$(MAKE) -C services/galexie/ docker-build

webauth:
$(MAKE) -C exp/services/webauth/ docker-build

Expand All @@ -40,15 +46,15 @@ recoverysigner:
regulated-assets-approval-server:
$(MAKE) -C services/regulated-assets-approval-server/ docker-build

gxdr/xdr_generated.go: $(XDRS)
gxdr/xdr_generated.go: $(DOWNLOADABLE_XDRS)
go run github.com/xdrpp/goxdr/cmd/goxdr -p gxdr -enum-comments -o $@ $(XDRS)
gofmt -s -w $@

xdr/%.x:
printf "%s" ${XDR_COMMIT} > xdr/xdr_commit_generated.txt
curl -Lsf -o $@ https://raw.githubusercontent.com/stellar/stellar-xdr/$(XDR_COMMIT)/$(@F)

xdr/xdr_generated.go: $(XDRS)
xdr/xdr_generated.go: $(DOWNLOADABLE_XDRS)
docker run -it --rm -v $$PWD:/wd -w /wd ruby /bin/bash -c '\
gem install specific_install -v 0.3.8 && \
gem specific_install https://github.com/stellar/xdrgen.git -b $(XDRGEN_COMMIT) && \
Expand All @@ -64,6 +70,6 @@ xdr/xdr_generated.go: $(XDRS)
xdr: gxdr/xdr_generated.go xdr/xdr_generated.go

xdr-clean:
rm xdr/*.x || true
rm $(DOWNLOADABLE_XDRS) || true

xdr-update: xdr-clean xdr
7 changes: 7 additions & 0 deletions clients/horizonclient/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,13 @@ file. This project adheres to [Semantic Versioning](http://semver.org/).
* The library is updated to align with breaking changes to `txnbuild`.


## [v10.0.0](https://github.com/stellar/go/releases/tag/horizonclient-v10.0.0) - 2022-04-18

**This release adds support for Protocol 19:**

* The library is updated to align with breaking changes to `txnbuild`.


## [v9.0.0](https://github.com/stellar/go/releases/tag/horizonclient-v9.0.0) - 2022-01-10

None
Expand Down
Loading

0 comments on commit 43a3867

Please sign in to comment.