Merge pull request #940 from cffls/qa

Merge develop into qa
maticnetwork · Jan 23, 2023 · 3ab194e · 3ab194e
2 parents 5ba9429 + 2096a92
commit 3ab194e
Show file tree

Hide file tree

Showing 53 changed files with 1,323 additions and 991 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
diff --git a/.github/matic-cli-config.yml b/.github/matic-cli-config.yml
@@ -1,11 +1,22 @@
 defaultStake: 10000
 defaultFee: 2000
-borChainId: "15001"
+borChainId: 15001
 heimdallChainId: heimdall-15001
-contractsBranch: jc/v0.3.1-backport
+contractsBranch: 2ed59de3641c407c64def1b40bcd090cb9cc048a
+genesisContractsBranch: master
+sprintSize:
+  - '64'
+blockNumber:
+  - '0'
+blockTime:
+  - '2'
 numOfValidators: 3
 numOfNonValidators: 0
 ethURL: http://ganache:9545
+ethHostUser: ubuntu
 devnetType: docker
 borDockerBuildContext: "https://github.com/maticnetwork/bor.git#develop"
-heimdallDockerBuildContext: "../../heimdall"
+heimdallDockerBuildContext: "../../heimdall"
+sprintSizeBlockNumber:
+  - '0'
+numOfArchiveNodes: 0
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,49 @@
+# Description
+
+Please provide a detailed description of what was done in this PR
+
+# Changes
+
+- [ ] Bugfix (non-breaking change that solves an issue)
+- [ ] Hotfix (change that solves an urgent issue, and requires immediate attention)
+- [ ] New feature (non-breaking change that adds functionality)
+- [ ] Breaking change (change that is not backwards-compatible and/or changes current functionality)
+- [ ] Changes only for a subset of nodes
+
+# Breaking changes
+
+Please complete this section if any breaking changes have been made, otherwise delete it
+
+# Nodes audience
+
+In case this PR includes changes that must be applied only to a subset of nodes, please specify how you handled it (e.g. by adding a flag with a default value...)
+
+# Checklist
+
+- [ ] I have added at least 2 reviewer or the whole pos-v1 team
+- [ ] I have added sufficient documentation in code
+- [ ] I will be resolving comments - if any - by pushing each fix in a separate commit and linking the commit hash in the comment reply
+
+# Cross repository changes
+
+- [ ] This PR requires changes to bor 
+  - In case link the PR here:
+- [ ] This PR requires changes to matic-cli
+  - In case link the PR here:
+
+## Testing
+
+- [ ] I have added unit tests
+- [ ] I have added tests to CI
+- [ ] I have tested this code manually on local environment
+- [ ] I have tested this code manually on remote devnet using express-cli
+- [ ] I have tested this code manually on mumbai
+- [ ] I have created new e2e tests into express-cli
+
+### Manual tests
+
+Please complete this section with the steps you performed if you ran manual tests for this functionality, otherwise delete it
+
+# Additional comments
+
+Please post additional comments in this section if you have them, otherwise delete it
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -79,7 +79,7 @@ jobs:
           uses: actions/checkout@v3
           with:
             repository: maticnetwork/matic-cli
-            ref: arpit/pos-655-2
+            ref: master
             path: matic-cli
 
         - name: Install dependencies on Linux
@@ -94,7 +94,7 @@ jobs:
 
         - uses: actions/setup-node@v3
           with:
-            node-version: '10.17.0'
+            node-version: '16.17.1'
             cache: 'npm'
             cache-dependency-path: |
               matic-cli/package-lock.json
@@ -117,19 +117,19 @@ jobs:
             bash docker-heimdall-start-all.sh
             bash docker-bor-setup.sh
             bash docker-bor-start-all.sh
-            sleep 120 && bash ganache-deployment-bor.sh
-            sleep 120 && bash ganache-deployment-sync.sh
-            sleep 120
-            docker exec bor0 bash -c "bor attach /root/.bor/data/bor.ipc -exec 'admin.peers'"
-            docker exec bor0 bash -c "bor attach /root/.bor/data/bor.ipc -exec 'eth.blockNumber'"
+            cd -
+            timeout 2m bash heimdall/integration-tests/bor_health.sh
+            cd -
+            bash ganache-deployment-bor.sh
+            bash ganache-deployment-sync.sh
 
         - name: Run smoke tests
           run: |
             echo "Deposit 100 matic for each account to bor network"
             cd matic-cli/devnet/code/contracts
             npm run truffle exec scripts/deposit.js -- --network development $(jq -r .root.tokens.MaticToken contractAddresses.json) 100000000000000000000
             cd -
-            bash heimdall/integration-tests/smoke_test.sh
+            timeout 20m bash heimdall/integration-tests/smoke_test.sh
 
         - name: Upload logs
           if: always()
@@ -156,4 +156,3 @@ jobs:
           with:
             name: code_${{ github.run_id }}
             path: code.tar.gz
-
diff --git a/.github/workflows/packager.yml b/.github/workflows/packager.yml
@@ -2,14 +2,13 @@ name: packager
 
 on:
   push:
-    branches:
-      - 'main'
-    paths:
-      - '**'
+    tags:
+      - 'v*.*.*'
+      - 'v*.*.*-*'
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-18.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -290,31 +289,31 @@ jobs:
         env:
           ARCH: arm64
           NODE: validator
-          NETWORK: mumbai
+          NETWORK: mainnet
       - name: Prepping postinst file for ${{ env.NODE }} on ${{ env.NETWORK }} on ${{ env.ARCH }}
         run: cp -rp packaging/templates/package_scripts/postinst.profile.mainnet packaging/deb/heimdalld-${{ env.NETWORK }}-${{ env.NODE }}-config_${{ env.GIT_TAG }}-${{ env.ARCH }}/DEBIAN/postinst
         env:
           ARCH: arm64
           NODE: validator
-          NETWORK: mumbai
+          NETWORK: mainnet
       - name: Copying systemd file for ${{ env.NODE }} on ${{ env.NETWORK }} on ${{ env.ARCH }}
         run: cp -rp packaging/templates/systemd/heimdalld-mainnet-validator.service packaging/deb/heimdalld-${{ env.NETWORK }}-${{ env.NODE }}-config_${{ env.GIT_TAG }}-${{ env.ARCH }}/lib/systemd/system/heimdalld.service
         env:
           ARCH: arm64
           NODE: validator
-          NETWORK: mumbai
+          NETWORK: mainnet
       - name: Copying arm64 control file for ${{ env.NODE }} on ${{ env.NETWORK }} on ${{ env.ARCH }}
         run: cp -rp packaging/templates/package_scripts/control.validator.arm64 packaging/deb/heimdalld-${{ env.NETWORK }}-${{ env.NODE }}-config_${{ env.GIT_TAG }}-${{ env.ARCH }}/DEBIAN/control
         env:
           ARCH: arm64
           NODE: validator
-          NETWORK: mumbai
+          NETWORK: mainnet
       - name: Building heimdalld for ${{ env.NODE }} on ${{ env.NETWORK }} on ${{ env.ARCH }} profile
         run: dpkg-deb --build --root-owner-group packaging/deb/heimdalld-${{ env.NETWORK }}-${{ env.NODE }}-config_${{ env.GIT_TAG }}-${{ env.ARCH }}
         env:
           ARCH: arm64
           NODE: validator
-          NETWORK: mumbai
+          NETWORK: mainnet
 
       - name: Setting up heimdalld for ${{ env.NODE }} on ${{ env.NETWORK }} on ${{ env.ARCH }}
         run: cp -rp packaging/deb/heimdalld packaging/deb/heimdalld-${{ env.NETWORK }}-${{ env.NODE }}-config_${{ env.GIT_TAG }}-${{ env.ARCH }}
@@ -364,25 +363,25 @@ jobs:
         env:
           ARCH: arm64
           NODE: sentry
-          NETWORK: mumbai
+          NETWORK: mainnet
       - name: Copying over mainnet systemd file for ${{ env.NODE }} on ${{ env.NETWORK }} on ${{ env.ARCH }}
         run: cp -rp packaging/templates/systemd/heimdalld-mainnet-sentry.service packaging/deb/heimdalld-${{ env.NETWORK }}-${{ env.NODE }}-config_${{ env.GIT_TAG }}-${{ env.ARCH }}/lib/systemd/system/heimdalld.service
         env:
           ARCH: arm64
           NODE: sentry
-          NETWORK: mumbai
+          NETWORK: mainnet
       - name: Copying arm64 control file for ${{ env.NODE }} on ${{ env.NETWORK }} on ${{ env.ARCH }}
         run: cp -rp packaging/templates/package_scripts/control.profile.arm64 packaging/deb/heimdalld-${{ env.NETWORK }}-${{ env.NODE }}-config_${{ env.GIT_TAG }}-${{ env.ARCH }}/DEBIAN/control
         env:
           ARCH: arm64
           NODE: sentry
-          NETWORK: mumbai
+          NETWORK: mainnet
       - name: Building heimdalld for ${{ env.NODE }} on ${{ env.NETWORK }} on ${{ env.ARCH }} profile
         run: dpkg-deb --build --root-owner-group packaging/deb/heimdalld-${{ env.NETWORK }}-${{ env.NODE }}-config_${{ env.GIT_TAG }}-${{ env.ARCH }}
         env:
           ARCH: arm64
           NODE: sentry
-          NETWORK: mumbai
+          NETWORK: mainnet
 
       - name: Confirming package built
         run: ls -ltr packaging/deb/ | grep heimdall

diff --git a/.github/workflows/security-ci.yml b/.github/workflows/security-ci.yml
@@ -0,0 +1,90 @@
+name: Security CI
+on: [push, pull_request]
+
+jobs:
+  snyk:
+    name: Snyk and Publish
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/golang@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --org=${{ secrets.SNYK_ORG }} --severity-threshold=medium --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif
+
+  snyk-code:
+    name: Snyk Code and Publish
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@master
+      - name: Run Snyk SAST to check for code vulnerabilities
+        uses: snyk/actions/golang@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --org=${{ secrets.SNYK_ORG }} --sarif-file-output=snyk.sarif
+          command: code test
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif
+
+  govuln:
+    name: Run govuln check and Publish
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Running govulncheck
+        uses: Templum/[email protected]
+        continue-on-error: true
+        env:
+          DEBUG: "true"
+        with:
+          go-version: 1.18
+          vulncheck-version: latest
+          package: ./...
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fail-on-vuln: true
+
+      - name: Upload govulncheck report
+        uses: actions/upload-artifact@v3
+        with:
+          name: raw-report
+          path: raw-report.json
+
+  sonarqube:
+    name: SonarQube
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting.
+          fetch-depth: 0
+
+      # Triggering SonarQube analysis as results of it are required by Quality Gate check.
+      - name: SonarQube Scan
+        uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      # Check the Quality Gate status.
+      - name: SonarQube Quality Gate check
+        id: sonarqube-quality-gate-check
+        uses: sonarsource/sonarqube-quality-gate-action@master
+        # Force to fail step after specific time.
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
diff --git a/.gitignore b/.gitignore
@@ -17,3 +17,5 @@ logs
 
 data/
 dist/
+
+.dccache
diff --git a/.snyk b/.snyk
@@ -0,0 +1,25 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  'snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T09:31:08.546Z
+  'snyk:lic:golang:github.com:hashicorp:go-bexpr:MPL-2.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T09:31:21.042Z
+  'snyk:lic:golang:github.com:richardknop:machinery:MPL-2.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T09:31:31.555Z
+  'snyk:lic:golang:github.com:maticnetwork:polyproto:GPL-3.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T09:31:55.207Z
+  'snyk:lic:golang:github.com:maticnetwork:heimdall:GPL-3.0':
+    - '*':
+        reason: 'As open source org, we have no issues with licenses'
+        created: 2022-11-11T09:32:07.833Z
+patch: {}
diff --git a/Makefile b/Makefile
@@ -22,7 +22,7 @@ clean:
 tests:
 	# go test  -v ./...
 
-	go test -v ./app/ ./auth/ ./clerk/ ./sidechannel/ ./bank/ ./chainmanager/ ./topup/ ./checkpoint/ ./staking/ -cover -coverprofile=cover.out
+	go test -v ./app/ ./auth/ ./clerk/ ./sidechannel/ ./bank/ ./chainmanager/ ./topup/ ./checkpoint/ ./staking/ -cover -coverprofile=cover.out -parallel 1
 
 # make build
 build: clean

diff --git a/README.md b/README.md
@@ -39,6 +39,7 @@ $ heimdalld rest-server
 ### Run bridge
 ```bash 
 $ heimdalld bridge 
+```
 
 ### Develop using Docker
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Polygon Technology Security Information
+
+## Link to vulnerability disclosure details (Bug Bounty)
+- Websites and Applications: https://hackerone.com/polygon-technology
+- Smart Contracts: https://immunefi.com/bounty/polygon
+
+## Languages that our team speaks and understands.
+Preferred-Languages: en
+
+## Security-related job openings at Polygon.
+https://polygon.technology/careers
+
+## Polygon security contact details
+[email protected]
-Original file line number
+Diff line change
@@ Expand Up / @@ -39,6 +39,7 @@ $ heimdalld rest-server @@
     ### Run bridge
     ```bash
     $ heimdalld bridge
+    ```
     ### Develop using Docker
@@ Expand Down @@