-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #400 from sge-network/release/v1.7.x
Release / v1.7.0
- Loading branch information
Showing
266 changed files
with
4,877 additions
and
3,559 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,39 @@ | ||
name: Run Gosec | ||
on: | ||
push: | ||
paths: | ||
- "**/*.go" | ||
- "go.mod" | ||
- "go.sum" | ||
branches: | ||
- master | ||
pull_request: | ||
paths: | ||
- "**/*.go" | ||
- "go.mod" | ||
- "go.sum" | ||
branches: | ||
- master | ||
jobs: | ||
tests: | ||
permissions: | ||
security-events: write | ||
|
||
runs-on: ubuntu-latest | ||
env: | ||
GO111MODULE: on | ||
steps: | ||
- name: Set up Go | ||
uses: actions/setup-go@v3 | ||
with: | ||
path: /usr/local/go/bin | ||
go-version: '1.18.10' | ||
- name: Checkout Source | ||
uses: actions/checkout@v2 | ||
- name: Set env vars | ||
run: | | ||
echo "${HOME}/goroot/bin" >> $GITHUB_PATH | ||
uses: actions/checkout@v3 | ||
|
||
- name: Run Gosec Security Scanner | ||
uses: cosmos/gosec@master | ||
uses: securego/gosec@master | ||
with: | ||
# we let the report trigger content trigger a failure using the GitHub Security features. | ||
args: "-no-fail -fmt sarif -out results.sarif ./..." | ||
|
||
- name: Upload SARIF file | ||
uses: github/codeql-action/upload-sarif@v2 | ||
with: | ||
args: ./... | ||
# Path to SARIF file relative to the root of the repository | ||
sarif_file: results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
# syntax=docker/dockerfile:1 | ||
|
||
ARG GO_VERSION="1.22" | ||
ARG RUNNER_IMAGE="gcr.io/distroless/static-debian11" | ||
ARG BUILD_TAGS="netgo,ledger,muslc" | ||
|
||
# -------------------------------------------------------- | ||
# Builder | ||
# -------------------------------------------------------- | ||
|
||
FROM golang:${GO_VERSION}-alpine3.18 as builder | ||
|
||
ARG GIT_VERSION | ||
ARG GIT_COMMIT | ||
ARG BUILD_TAGS | ||
|
||
RUN apk add --no-cache \ | ||
ca-certificates \ | ||
build-base \ | ||
linux-headers | ||
|
||
# Download go dependencies | ||
WORKDIR /sge | ||
COPY go.mod go.sum ./ | ||
RUN --mount=type=cache,target=/root/.cache/go-build \ | ||
--mount=type=cache,target=/root/go/pkg/mod \ | ||
go mod download | ||
|
||
# Cosmwasm - Download correct libwasmvm version | ||
RUN ARCH=$(uname -m) && WASMVM_VERSION=$(go list -m github.com/CosmWasm/wasmvm | sed 's/.* //') && \ | ||
wget https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/libwasmvm_muslc.$ARCH.a \ | ||
-O /lib/libwasmvm_muslc.a && \ | ||
# verify checksum | ||
wget https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/checksums.txt -O /tmp/checksums.txt && \ | ||
sha256sum /lib/libwasmvm_muslc.a | grep $(cat /tmp/checksums.txt | grep libwasmvm_muslc.$ARCH | cut -d ' ' -f 1) | ||
|
||
# Copy the remaining files | ||
COPY . . | ||
|
||
# Build sged binary | ||
RUN --mount=type=cache,target=/root/.cache/go-build \ | ||
--mount=type=cache,target=/root/go/pkg/mod \ | ||
GOWORK=off go build \ | ||
-mod=readonly \ | ||
-tags "netgo,ledger,muslc" \ | ||
-ldflags \ | ||
"-X github.com/cosmos/cosmos-sdk/version.Name="sge" \ | ||
-X github.com/cosmos/cosmos-sdk/version.AppName="sged" \ | ||
-X github.com/cosmos/cosmos-sdk/version.Version=${GIT_VERSION} \ | ||
-X github.com/cosmos/cosmos-sdk/version.Commit=${GIT_COMMIT} \ | ||
-X github.com/cosmos/cosmos-sdk/version.BuildTags=${BUILD_TAGS} \ | ||
-w -s -linkmode=external -extldflags '-Wl,-z,muldefs -static'" \ | ||
-trimpath \ | ||
-o /sge/build/sged \ | ||
/sge/cmd/sged/main.go | ||
|
||
# -------------------------------------------------------- | ||
# Runner | ||
# -------------------------------------------------------- | ||
|
||
FROM ${RUNNER_IMAGE} | ||
|
||
COPY --from=builder /sge/build/sged /bin/sged | ||
|
||
ENV HOME /sge | ||
WORKDIR $HOME | ||
|
||
EXPOSE 26656 | ||
EXPOSE 26657 | ||
EXPOSE 1317 | ||
# Note: uncomment the line below if you need pprof in localsge | ||
# We disable it by default in out main Dockerfile for security reasons | ||
# EXPOSE 6060 | ||
|
||
ENTRYPOINT ["sged"] |
Oops, something went wrong.