[DO-1664] Snyk integration in Github workflows #205

Workflow file for this run

	name: CI

	on:
	release:
	types: [published]
	push:
	branches:
	- main
	tags:
	- test-artifacts*
	pull_request:
	branches:
	- main
	jobs:
	snyk-scan-deps-licences:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-nodecli'
	step_name: 'snyk-scan-deps-licenses'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	# - name: Run Snyk to check for deps vulnerabilities - Devops
	# uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	# with:
	# args: --all-projects --org=${{ env.SNYK_DEVOPS_ORG_ID }} --severity-threshold=critical -d
	- name: setup python
	uses: actions/[email protected]
	with:
	python-version: 3.10.6
	- name: Install pipenv
	run: \|
	python -m pip install --upgrade pipenv wheel
	- name: Run Snyk to check for deps vulnerabilities - Network
	run: \|
	whereis pipenv
	pipenv -v
	npm install snyk -g
	snyk -v
	snyk auth ${{ env.SNYK_TOKEN }}
	snyk test --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --severity-threshold=critical -d
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	snyk-scan-code:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-nodecli'
	step_name: 'snyk-scan-code'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Run Snyk to check for code vulnerabilities - Devops
	uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	with:
	args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --severity-threshold=high
	command: code test

	snyk-sbom:
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	needs:
	- snyk-scan-deps-licences
	- snyk-scan-code
	steps:
	- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-nodecli'
	step_name: 'snyk-sbom'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Generate SBOM # check SBOM can be generated but nothing is done with it
	uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	with:
	args: --all-projects --format=cyclonedx1.4+json --json-file-output sbom.json
	command: sbom


	package_ubuntu_cli:
	name: "Package cli for Ubuntu"
	runs-on: ubuntu-22.04
	steps:
	- name: cancel running workflows
	uses: styfle/[email protected]
	with:
	access_token: ${{ github.token }}
	- name: Checkout
	uses: actions/[email protected]
	with:
	fetch-depth: 0
	- name: Dump context
	uses: crazy-max/ghaction-dump-context@v1
	- name: Install build essentials
	run: sudo apt-get -y install build-essential
	- name: setup python
	uses: actions/[email protected]
	with:
	python-version: 3.10.6
	- name: Build application local
	run: \|
	cd node-runner-cli
	make install
	make local
	- name: Execute Unit Tests
	run: \|
	cd node-runner-cli
	pip install pytest
	pip install pytest-cov
	make test
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Publish Test Results
	uses: EnricoMi/[email protected]
	if: always()
	with:
	files: \|
	/home/runner/work/babylon-nodecli/babylon-nodecli/node-runner-cli/junit/test-results.xml
	test-results/*/.xml
	test-results/*/.trx
	test-results/*/.json
	junit/*/.xml
	junit/*.xml
	node-runner-cli/junit/*/.xml
	junit/*.xml
	**/junit/test-results.xml
	- if: ${{ github.event_name == 'pull_request' }}
	name: Get Cover
	uses: orgoro/coverage@v3
	with:
	coverageFile: node-runner-cli/coverage.xml
	token: ${{ secrets.GITHUB_TOKEN }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Build the binary for ubuntu jammy
	run: \|
	cd node-runner-cli
	make output-ubuntu-jammy
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: "Upload generated cli file"
	uses: actions/[email protected]
	with:
	name: ubuntu 22.04
	path: "${{ github.workspace }}/node-runner-cli/out/ubuntu/jammy/radixnode"
	- name: Build the binary for ubuntu focal
	run: \|
	cd node-runner-cli
	make output-ubuntu-focal
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: "Upload generated cli file"
	uses: actions/[email protected]
	with:
	name: ubuntu 20.04
	path: "${{ github.workspace }}/node-runner-cli/out/ubuntu/focal/radixnode"

	upload-asset-store:
	environment: AWS_ARTIFACT
	runs-on: ubuntu-22.04
	if: ${{ github.event_name == 'push' }}
	needs:
	- package_ubuntu_cli
	permissions:
	id-token: write
	contents: read
	pull-requests: read
	steps:
	- name: Checkout
	uses: actions/[email protected]
	- name: set branchname with commit
	run: \|
	ls -l
	BRANCH_NAME_WITH_HYPENS=$(echo ${GITHUB_REF##*/} \| sed 's/\//-/g')
	COMMIT=$(git log -1 --format=%h )
	BRANCH_WITH_COMMIT=$BRANCH_NAME_WITH_HYPENS-$COMMIT
	echo "BRANCH_WITH_COMMIT=$BRANCH_WITH_COMMIT" >> $GITHUB_ENV
	- name: Configure AWS Region
	run: echo "AWS_DEFAULT_REGION=eu-west-1" >> $GITHUB_ENV
	- id: install-aws-cli
	uses: unfor19/install-aws-cli-action@v1
	with:
	version: 2
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef
	with:
	role-to-assume: arn:aws:iam::${{secrets.ARTIFACT_AWS_ACCOUNT_ID }}:role/gh-asset-store-deployer
	aws-region: eu-west-1
	- name: Download packaged cli
	uses: actions/download-artifact@v3
	with:
	name: ubuntu 22.04
	- name: Upload cli to asset store
	run: \|
	ls /*
	aws s3 cp radixnode s3://${{secrets.ARTIFACT_AWS_BUCKET }}/radixnode/${{env.BRANCH_WITH_COMMIT}}/radixnode-ubuntu-22.04

	upload-release-jammy:
	runs-on: ubuntu-22.04
	if: ${{ github.event_name == 'release' }}
	needs:
	- package_ubuntu_cli
	steps:
	- name: Download packaged cli
	uses: actions/download-artifact@v3
	with:
	name: ubuntu 22.04
	- name: Upload radixcli ubuntu binary
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	upload_url: ${{ github.event.release.upload_url }}
	asset_path: ./radixnode
	asset_name: radixnode-ubuntu-22.04
	asset_content_type: application/octet-stream
	if: ${{ github.event_name == 'release' }}

	upload-release-focal:
	runs-on: ubuntu-20.04
	if: ${{ github.event_name == 'release' }}
	needs:
	- package_ubuntu_cli
	steps:
	- name: Download packaged cli
	uses: actions/download-artifact@v3
	with:
	name: ubuntu 20.04
	- name: Upload radixcli ubuntu binary
	uses: actions/upload-release-asset@v1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	upload_url: ${{ github.event.release.upload_url }}
	asset_path: ./radixnode
	asset_name: radixnode-ubuntu-20.04
	asset_content_type: application/octet-stream
	if: ${{ github.event_name == 'release' }}

	test-systemd:
	runs-on: [node-only]
	needs:
	- package_ubuntu_cli
	steps:
	- name: Checkout
	uses: actions/[email protected]
	with:
	fetch-depth: 0
	- name: Download packaged cli
	uses: actions/download-artifact@v3
	with:
	name: ubuntu 22.04
	- name: Get dependencies
	run: \|
	chmod +x ./radixnode
	sudo apt-get update
	sudo apt-get install containerd runc
	- name: Run systemd dependencies
	run: \|
	ls -a
	chmod +x ./radixnode
	# ./radixnode systemd dependencies
	echo "expecting the dependencies to be already installed"
	- name: Run systemd config
	run: \|
	ls -a
	chmod +x ./radixnode
	echo "HOME=$HOME"
	echo "PATH=$PWD"
	./radixnode systemd config -m CORE \
	-n 13 \
	-t radix://node_tdx_d_1qwq2nfe6vxqwe3mqmfm9l2xl97as7lkwndval63cymvc3qszn8nqx6g2s3m@3.109.161.178 \
	-i 35.178.142.54 \
	-v "not_a_real_validator_address" \
	-k $KEYSTORE_PASSWORD -nk -a \
	-dd $HOME/babylon-ledger
	./radixnode systemd stop && sudo rm -rf $HOME/babylon-ledger
	env:
	KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Run systemd install
	run: \|
	ls -a
	chmod +x ./radixnode
	echo "HOME=$HOME"
	echo "PATH=$PWD"
	./radixnode systemd install
	- name: Get Logs and Status
	run: \|
	sleep 15
	sudo tail /var/log/syslog -n 100
	./radixnode auth set-admin-password --setupmode SYSTEMD -p $NGINX_ADMIN_PASSWORD
	./radixnode auth set-superadmin-password --setupmode SYSTEMD -p $NGINX_SUPERADMIN_PASSWORD
	./radixnode auth set-metrics-password --setupmode SYSTEMD -p $NGINX_METRICS_PASSWORD
	NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system health
	NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system version
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}}
	NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}}
	NGINX_SUPERADMIN_PASSWORD: ${{secrets.NGINX_SUPERADMIN_PASSWORD}}
	- name: Stop systemd
	run: \|
	chmod +x ./radixnode
	echo "HOME=$HOME"
	echo "PATH=$PWD"
	./radixnode systemd stop
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# - name: Clean Up
	# run: \|
	# sudo rm -rf /etc/radixdlt/node
	# rm -rf node-config/
	# rm -rf monitoring

	test-config-command:
	runs-on: ubuntu-22.04
	needs:
	- package_ubuntu_cli
	steps:
	- name: Checkout
	uses: actions/[email protected]
	with:
	fetch-depth: 0
	- name: Download packaged cli
	uses: actions/download-artifact@v3
	with:
	name: ubuntu 22.04
	- name: Get dependencies
	run: \|
	chmod +x ./radixnode
	sudo apt-get update
	sudo apt-get install containerd runc
	./radixnode docker dependencies
	- name: core-gateway-all-local
	run: \|
	ls -a
	chmod +x ./radixnode
	mkdir -p $HOME/node-config
	echo "HOME=$HOME"
	echo "PATH=$PWD"
	export PROMPT_FEEDS="node-runner-cli/test-prompts/core-gateway-all-local.yml"
	./radixnode docker config -m DETAILED \
	-d $HOME/node-config \
	-k $KEYSTORE_PASSWORD -nk -a
	env:
	KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: corenode-01
	run: \|
	ls -a
	chmod +x ./radixnode
	export PROMPT_FEEDS="node-runner-cli/test-prompts/corenode-01.yml"
	./radixnode docker config -m DETAILED \
	-d $HOME/node-config \
	-k $KEYSTORE_PASSWORD -nk -a
	env:
	KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: corenode-02
	run: \|
	ls -a
	export PROMPT_FEEDS="node-runner-cli/test-prompts/corenode-02.yml"
	./radixnode docker config -m DETAILED \
	-d $HOME/node-config \
	-k $KEYSTORE_PASSWORD -nk -a
	env:
	KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# Enable below tests when gateway support is implemented
	# - name: gateway-remote-core-local-postgress
	# run: \|
	# ls -a
	# export PROMPT_FEEDS="node-runner-cli/test-prompts/gateway-remote-core-local-postgress.yml"
	# ./radixnode docker config -m DETAILED \
	# -d $HOME/node-config \
	# -k $KEYSTORE_PASSWORD -nk -a
	# env:
	# KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"
	# - name: gateway-remote-core-remote-postgress
	# run: \|
	# ls -a
	# export PROMPT_FEEDS="node-runner-cli/test-prompts/gateway-remote-core-remote-postgress.yml"
	# ./radixnode docker config -m DETAILED \
	# -d $HOME/node-config \
	# -k $KEYSTORE_PASSWORD -nk -a
	# env:
	# KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"

	test-core-only-node:
	runs-on: ubuntu-22.04
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	needs:
	- package_ubuntu_cli
	steps:
	- name: Checkout
	uses: actions/[email protected]
	with:
	fetch-depth: 0
	- name: Download packaged cli
	uses: actions/download-artifact@v3
	with:
	name: ubuntu 22.04
	- name: Run configure command
	run: \|
	chmod +x ./radixnode
	sudo apt-get update
	sudo apt-get install containerd runc
	./radixnode docker dependencies
	- name: Setup config
	run: \|
	chmod +x ./radixnode
	mkdir -p $HOME/node-config
	export DISABLE_VERSION_CHECK=true
	export RADIXDLT_APP_VERSION_OVERRIDE="rcnet-v2-phase2-r4"
	export DOCKER_COMPOSE_LOCATION="/usr/local/bin/docker-compose"
	export PROMPT_FEEDS="node-runner-cli/test-prompts/core-gateway-all-local.yml"
	./radixnode docker config -m DETAILED \
	-d $HOME/node-config \
	-k $KEYSTORE_PASSWORD -nk -a
	env:
	KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# - id: auth
	# uses: google-github-actions/auth@a61909d048e0be579b6c15b27088d19668493851
	# with:
	# workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDP }}
	# service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
	# - name: 'Register gcloud as Docker credential helper'
	# run: \|
	# gcloud auth configure-docker -q
	# - uses: radixdlt/iac-resuable-artifacts/[email protected]
	# with:
	# role_name: "arn:aws:iam::308190735829:role/gh-common-secrets-read-access"
	# app_name: "dashboard"
	# step_name: "push-dash"
	# secret_prefix: "GH_GCR_JSON_KEY"
	# secret_name: "arn:aws:secretsmanager:eu-west-2:308190735829:secret:github-actions/common/gcr-credentials-OeJwWi"
	# parse_json: false
	- name: Login to GCR
	uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
	with:
	registry: eu.gcr.io
	username: _json_key
	password: ${{ secrets.GCR_EU_DEV_JSON_KEY }}
	- name: Run CLI setup
	run: \|
	export DISABLE_VERSION_CHECK=true
	export DOCKER_COMPOSE_LOCATION="/usr/local/bin/docker-compose"
	./radixnode docker install -f $HOME/node-config/config.yaml -a
	# ToDo: Fix Authorization error export DOCKER_COMPOSE_FOLDER_PREFIX=runner ?
	sleep 60
	./radixnode auth set-admin-password -m DOCKER -p $NGINX_ADMIN_PASSWORD
	./radixnode auth set-metrics-password -m DOCKER -p $NGINX_METRICS_PASSWORD
	./radixnode auth set-superadmin-password -m DOCKER -p $NGINX_SUPERADMIN_PASSWORD
	NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system health
	NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system version
	env:
	NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}}
	NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}}
	NGINX_SUPERADMIN_PASSWORD: ${{secrets.NGINX_SUPERADMIN_PASSWORD}}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Run Monitoring setup
	run: \|
	export DOCKER_COMPOSE_LOCATION="/usr/local/bin/docker-compose"
	./radixnode monitoring config \
	-m MONITOR_CORE \
	-cm $NGINX_METRICS_PASSWORD \
	-gm $NGINX_METRICS_PASSWORD \
	-am $NGINX_METRICS_PASSWORD

	./radixnode monitoring install -a

	env:
	NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}}
	NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}}
	NGINX_SUPERADMIN_PASSWORD: ${{secrets.NGINX_SUPERADMIN_PASSWORD}}

	snyk-monitor:
	runs-on: ubuntu-latest
	#needs:
	# - upload-release-jammy
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-nodecli'
	step_name: 'snyk-monitor'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Enable Snyk online monitoring to check for vulnerabilities
	uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	with:
	args: --all-projects --org=${{ env.SNYK_DEVOPS_ORG_ID }} --target-reference=${{ github.ref_name }}
	command: monitor
	- name: Enable Snyk online monitoring to check for vulnerabilities
	uses: snyk/actions/python@b98d498629f1c368650224d6d212bf7dfa89e4bf # v0.4.0
	with:
	args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --target-reference=${{ github.ref_name }}
	command: monitor

	# These do not run on Babylon
	# test-core-api:
	# runs-on: [node-only]
	# needs:
	# - test-core-only-node
	# steps:
	# - uses: actions/setup-python@v3
	# with:
	# python-version: '3.x'
	# architecture: 'x64'
	# - name: Checkout
	# uses: actions/[email protected]
	# - name: setup python modules
	# run: \|
	# cd node-runner-cli
	# make local
	# - name: Run api commands
	# run: \|
	# export DISABLE_VERSION_CHECK=true
	# export NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD
	# export NGINX_METRICS_PASSWORD=$NGINX_METRICS_PASSWORD
	# export NGINX_SUPERADMIN_PASSWORD=$NGINX_SUPERADMIN_PASSWORD
	# python node-runner-cli/tests.py
	# env:
	# NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}}
	# NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}}
	# NGINX_SUPERADMIN_PASSWORD: ${{secrets.NGINX_SUPERADMIN_PASSWORD}}

	# test-full-stack:
	# runs-on: ubuntu-22.04
	# needs:
	# - package_ubuntu_cli
	# steps:
	# - name: Download packaged cli
	# uses: actions/download-artifact@v3
	# with:
	# name: ubuntu 22.04
	# - name: Get dependencies
	# run: \|
	# chmod +x ./radixnode
	# sudo apt-get update
	# sudo apt-get install containerd runc
	# ./radixnode docker dependencies
	# - name: Setup config
	# run: \|
	# chmod +x ./radixnode
	# mkdir -p $HOME/node-config
	# export DISABLE_VERSION_CHECK=true
	# rm -rf $HOME/node-config
	# ./radixnode docker config -d $HOME/node-config \
	# -t radix://tn1qv9f8ys7ade4khjyr2s6zlhuxjqvhzz39kvjskupaj9lvhl3lwxauc67nn8@65.1.217.210 \
	# -m CORE GATEWAY -n 2 -k $KEYSTORE_PASSWORD -nk -p $POSTGRESS_PASSWORD -a
	# #grep -v "password" $HOME/node-config/config.yaml > temp && mv temp $HOME/node-config/config.yaml
	# cat $HOME/node-config/config.yaml
	# env:
	# POSTGRESS_PASSWORD: ${{secrets.POSTGRESS_PASSWORD}}
	# KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	# CORE_DOCKER_REPO_OVERRIDE: "radixdlt/radixdlt-core"
	# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"
	# - name: Run CLI setup
	# run: \|
	# export DISABLE_VERSION_CHECK=true
	# export COMPOSE_HTTP_TIMEOUT=360
	#
	# ./radixnode docker stop -f $HOME/node-config/config.yaml
	#
	# #Below PATH require when ansible is installed as part of pip
	# export PATH="$PATH:/home/ubuntu/.local/bin"
	#
	# DOCKER_COMPOSE_FOLDER_PREFIX=ubuntu ./radixnode auth set-admin-password -m DOCKER -p $NGINX_ADMIN_PASSWORD
	# DOCKER_COMPOSE_FOLDER_PREFIX=ubuntu ./radixnode auth set-metrics-password -m DOCKER -p $NGINX_METRICS_PASSWORD
	# DOCKER_COMPOSE_FOLDER_PREFIX=ubuntu ./radixnode auth set-gateway-password -m DOCKER -p $NGINX_GATEWAY_PASSWORD
	#
	# ./radixnode monitoring stop
	# ./radixnode monitoring config \
	# -m MONITOR_CORE MONITOR_GATEWAY \
	# -cm $NGINX_METRICS_PASSWORD \
	# -gm $NGINX_METRICS_PASSWORD \
	# -am $NGINX_METRICS_PASSWORD
	#
	# ./radixnode monitoring install -a
	#
	# export POSTGRES_PASSWORD=${{secrets.POSTGRESS_PASSWORD}}
	# export RADIXDLT_NODE_KEY_PASSWORD=${{secrets.KEYSTORE_PASSWORD}}
	# # ToDo: Fix Docker Image Pull with Gateway installation
	# # ./radixnode docker install -f $HOME/node-config/config.yaml -a
	# # sleep 60
	#
	# # NGINX_ADMIN_PASSWORD=$NGINX_ADMIN_PASSWORD ./radixnode api system health
	# # curl -f --request POST --insecure --user "gateway:$NGINX_GATEWAY_PASSWORD" https://localhost/gateway
	# # curl --insecure --user "gateway:$NGINX_GATEWAY_PASSWORD" https://localhost/token/native --header 'Content-Type: application/json' -d '{ "network_identifier":{"network":"stokenet"}}'
	# # curl -k -f -u "metrics:$NGINX_METRICS_PASSWORD" https://localhost/gateway/metrics
	#
	# env:
	# NGINX_ADMIN_PASSWORD: ${{secrets.NGINX_ADMIN_PASSWORD}}
	# NGINX_METRICS_PASSWORD: ${{secrets.NGINX_METRICS_PASSWORD}}
	# NGINX_GATEWAY_PASSWORD: ${{secrets.NGINX_GATEWAY_PASSWORD}}
	# CORE_DOCKER_REPO_OVERRIDE: "radixdlt/radixdlt-core"
	# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"

	#
	# test-full-stack-no-nginx:
	# runs-on: ubuntu-22.04
	# needs:
	# - package_ubuntu_cli
	# steps:
	# - name: Download packaged cli
	# uses: actions/download-artifact@v3
	# with:
	# name: ubuntu 22.04
	# - name: Get dependencies
	# run: \|
	# chmod +x ./radixnode
	# sudo apt-get update
	# sudo apt-get install containerd runc
	# ./radixnode docker dependencies
	# - name: Setup config
	# run: \|
	# chmod +x ./radixnode
	# mkdir -p $HOME/node-config
	# export DISABLE_VERSION_CHECK=true
	# export COMPOSE_HTTP_TIMEOUT=360
	# ./radixnode docker config -d $HOME/node-config \
	# -t radix://tn1qv9f8ys7ade4khjyr2s6zlhuxjqvhzz39kvjskupaj9lvhl3lwxauc67nn8@65.1.217.210 \
	# -m CORE GATEWAY -n 2 -k password -nk -p postgres -xg false -xc false -a
	# env:
	# POSTGRESS_PASSWORD: ${{secrets.POSTGRESS_PASSWORD}}
	# KEYSTORE_PASSWORD: ${{secrets.KEYSTORE_PASSWORD}}
	# CORE_DOCKER_REPO_OVERRIDE: "radixdlt/radixdlt-core"
	# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"
	# - name: Run CLI setup
	# run: \|
	# export DISABLE_VERSION_CHECK=true
	# export COMPOSE_HTTP_TIMEOUT=360
	# ./radixnode docker stop -f $HOME/node-config/config.yaml
	#
	# #Below PATH require when ansible is installed as part of pip
	# export PATH="$PATH:/home/ubuntu/.local/bin"
	# # ToDo: Fix Docker Image Pull with Gateway installation
	# # ./radixnode docker install -f $HOME/node-config/config.yaml -a -u
	#
	# # sleep 60
	# # NODE_END_POINT="http://localhost:3333" NGINX=false ./radixnode api system health
	# # curl -k -f -u "admin:$NGINX_ADMIN_PASSWORD" http://localhost:5207
	# env:
	# CORE_DOCKER_REPO_OVERRIDE: "radixdlt/radixdlt-core"
	# RADIXDLT_APP_VERSION_OVERRIDE: "1.3.2"
	# RADIXDLT_GATEWAY_VERSION_OVERRIDE: "0.0.1-rc1"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[DO-1664] Snyk integration in Github workflows #205

Workflow file

[DO-1664] Snyk integration in Github workflows #205

Jobs

Run details

Workflow file for this run