Skip to content

Commit

Permalink
Merge pull request #1872 from IntersectMBO/staging
Browse files Browse the repository at this point in the history
fix: limit validation request with a timeout and content lenght
  • Loading branch information
MSzalowski authored Aug 30, 2024
2 parents 6494c59 + 6033176 commit 79a7b92
Show file tree
Hide file tree
Showing 46 changed files with 1,574 additions and 5,871 deletions.
76 changes: 50 additions & 26 deletions .github/workflows/build-and-deploy-test-stack.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,39 +15,63 @@ jobs:
deploy:
name: Deploy app
runs-on: ubuntu-latest
env:
GRAFANA_ADMIN_PASSWORD: ${{ secrets.GRAFANA_ADMIN_PASSWORD }}
GRAFANA_SLACK_RECIPIENT: ${{ secrets.GRAFANA_SLACK_RECIPIENT }}
GRAFANA_SLACK_OAUTH_TOKEN: ${{ secrets.GRAFANA_SLACK_OAUTH_TOKEN }}
SENTRY_DSN_BACKEND: ${{ secrets.SENTRY_DSN_BACKEND }}
GTM_ID: ${{ secrets.GTM_ID }}
NPMRC_TOKEN: ${{ secrets.NPMRC_TOKEN }}
SENTRY_DSN_FRONTEND: ${{ secrets.SENTRY_DSN_FRONTEND }}
PIPELINE_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
USERSNAP_SPACE_API_KEY: ${{ secrets.USERSNAP_SPACE_API_KEY }}
APP_ENV: test
PDF_API_URL: ${{ secrets.PDF_API_URL}}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup SSH agent
uses: webfactory/ssh-[email protected]
- name: Set up SSH and deploy
uses: appleboy/ssh-[email protected]
with:
ssh-private-key: ${{ secrets.TEST_STACK_SSH_KEY }}

- name: Run Ansible playbook
uses: dawidd6/action-ansible-playbook@v2
with:
playbook: playbook.yml
directory: ./tests/test-infrastructure
host: ${{ secrets.TEST_STACK_SERVER_IP }}
username: ec2-user
key: ${{ secrets.TEST_STACK_SSH_KEY }}
inventory: |
[test_server]
${{ secrets.TEST_STACK_SERVER_IP }} ansible_user=ec2-user
options: |
--verbose
command_timeout: 100m ## Haskell container build takes a lot of time.
script: |
REPO_URL="https://github.com/${{ github.repository }}"
DEST_DIR="$HOME/Documents/govtool"
# Create parent directory if it does not exist
mkdir -p "$(dirname "$DEST_DIR")"
# Check if $DEST_DIR exists
if [ -d "$DEST_DIR" ]; then
if [ -d "$DEST_DIR/.git" ]; then
cd $DEST_DIR || exit
echo "Updating repository..."
git fetch --all
git checkout --force "$GOVTOOL_TAG"
else
echo "Not a git repository. Re-cloning..."
rm -rf "$DEST_DIR"
git clone "$REPO_URL" "$DEST_DIR"
cd "$DEST_DIR" || exit
git checkout --force "$GOVTOOL_TAG"
fi
else
echo "Directory does not exist. Cloning repository..."
git clone "$REPO_URL" "$DEST_DIR"
cd "$DEST_DIR" || exit
git checkout --force "$GOVTOOL_TAG"
fi
# Execute the build-and-deploy.sh script
cd $DEST_DIR/tests/test-infrastructure
./build-and-deploy.sh update-images
docker system prune
(docker image ls -q | xargs docker image rm --force ) || echo "Images cleaned-up"
envs: GOVTOOL_TAG, GRAFANA_ADMIN_PASSWORD, GRAFANA_SLACK_RECIPIENT, GRAFANA_SLACK_OAUTH_TOKEN, SENTRY_DSN_BACKEND, GTM_ID, NPMRC_TOKEN, SENTRY_DSN_FRONTEND, PIPELINE_URL, USERSNAP_SPACE_API_KEY, APP_ENV, PDF_API_URL
env:
GOVTOOL_TAG: ${{ github.sha }}
GRAFANA_ADMIN_PASSWORD: ${{ secrets.GRAFANA_ADMIN_PASSWORD }}
GRAFANA_SLACK_RECIPIENT: ${{ secrets.GRAFANA_SLACK_RECIPIENT }}
GRAFANA_SLACK_OAUTH_TOKEN: ${{ secrets.GRAFANA_SLACK_OAUTH_TOKEN }}
SENTRY_DSN_BACKEND: ${{ secrets.SENTRY_DSN_BACKEND }}
GTM_ID: ${{ secrets.GTM_ID }}
NPMRC_TOKEN: ${{ secrets.NPMRC_TOKEN }}
SENTRY_DSN_FRONTEND: ${{ secrets.SENTRY_DSN_FRONTEND }}
PIPELINE_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
USERSNAP_SPACE_API_KEY: ${{ secrets.USERSNAP_SPACE_API_KEY }}
APP_ENV: test
PDF_API_URL: ${{ secrets.PDF_API_URL }}
6 changes: 3 additions & 3 deletions .github/workflows/code_check_frontend.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jobs:
registry-url: "https://registry.npmjs.org/"
node-version-file: "./govtool/frontend/.nvmrc"
scope: "@intersect.mbo"
- run: npm ci --force
- run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}

Expand Down Expand Up @@ -57,7 +57,7 @@ jobs:
registry-url: "https://registry.npmjs.org/"
node-version-file: "./govtool/frontend/.nvmrc"
scope: "@intersect.mbo"
- run: npm ci --force
- run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}

Expand All @@ -83,7 +83,7 @@ jobs:
registry-url: "https://registry.npmjs.org/"
node-version-file: "./govtool/frontend/.nvmrc"
scope: "@intersect.mbo"
- run: npm ci --force
- run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/frontend_sonar_scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
NODE_OPTIONS: "--max_old_space_size=6144"
NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}
run: |
npm ci --force
npm ci
npm run test:coverage
- uses: sonarsource/sonarqube-scan-action@master
Expand Down
38 changes: 8 additions & 30 deletions .github/workflows/merge.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ jobs:
check-build-deploy:
environment: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }}
strategy:
fail-fast: false
matrix:
include:
- workdir: ./govtool/backend
Expand Down Expand Up @@ -120,9 +121,10 @@ jobs:
context: ${{ matrix.workdir }}
file: ${{ matrix.dockerfile }}
tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
load: true
load: false
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar
build-args: |
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
Expand All @@ -145,42 +147,18 @@ jobs:
- name: Scan Docker image with Dockle
id: dockle
run: |
wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxf dockle_0.4.14_Linux-64bit.tar.gz
sudo mv dockle /usr/local/bin
dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
echo " dockle exited w/ $?"
cat ${{ matrix.workdir }}/dockle_scan_output.json
echo "outcome=success" >> $GITHUB_OUTPUT
- name: Push Docker image to GHCR
run: |
docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
- name: Deploy with Qovery
if: github.ref == 'refs/heads/develop'
env:
QOVERY_CLI_ACCESS_TOKEN: ${{secrets.QOVERY_CLI_ACCESS_TOKEN }}
run: |
echo "Deploying on $ENVIRONMENT"
echo "Organization - ${{ vars.ORGANIZATION }}"
echo "Project - ${{ vars.PROJECT }}"
# Download and install Qovery CLI
curl -s https://get.qovery.com | bash
qovery container list \
--organization ${{ vars.ORGANIZATION }} \
--project ${{ vars.PROJECT }} \
--environment $ENVIRONMENT
qovery container deploy \
--organization ${{ vars.ORGANIZATION }} \
--project ${{ vars.PROJECT }} \
--environment $ENVIRONMENT \
--container ${{ matrix.qovery_container_name }} \
--tag ${{ env.TAG }} \
--watch
23 changes: 10 additions & 13 deletions .github/workflows/pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ permissions:
jobs:
static-checks:
strategy:
fail-fast: false
matrix:
include:
- workdir: ./govtool/backend
Expand Down Expand Up @@ -107,9 +108,10 @@ jobs:
context: ${{ matrix.workdir }}
file: ${{ matrix.dockerfile }}
tags: ${{ steps.image_lowercase.outputs.lowercase }}
load: true
# cache-from: type=local,src=/tmp/.buildx-cache
# cache-to: type=local,dest=/tmp/.buildx-cache
load: false
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar
build-args: |
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
Expand All @@ -125,17 +127,12 @@ jobs:
- name: Scan Docker image with Dockle
id: dockle
run: |
set -ex
wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxf dockle_0.4.14_Linux-64bit.tar.gz
sudo mv dockle /usr/local/bin
docker images
docker image prune -af --filter "until=1h"
docker save ${{ steps.image_lowercase.outputs.lowercase }} -o image.tar || :
touch ${{ matrix.workdir }}/dockle_scan_output.json
dockle --input image.tar --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json || :
rm -rf image.tar
echo " dockle exited w/ $?"
dockle --exit-code 1 --exit-level fatal -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --format json --input '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
rm -rf '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar'
cat ${{ matrix.workdir }}/dockle_scan_output.json
echo "outcome=success" >> $GITHUB_OUTPUT
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test_integration_playwright.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
cache-dependency-path: "./tests/govtool-frontend/playwright/package-lock.json"

- name: Install dependencies
run: npm ci --force
run: npm ci

- name: Cache Playwright browsers
id: cache-playwright-browsers
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test_storybook.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
run: |
npm config set @intersect.mbo:registry "https://registry.npmjs.org/" --location=global
npm config set //registry.npmjs.org/:_authToken ${NPMRC_TOKEN} --location=global
npm ci --force
npm ci
- name: Install Playwright
run: npx playwright install --with-deps
- name: Build Storybook
Expand Down
10 changes: 8 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,17 @@ changes.

### Fixed

-
- Delete duplicate text on DRep registration form [Issue 1847](https://github.com/IntersectMBO/govtool/issues/1847)
- Fix modal content invisible on ios [Issue 1842](https://github.com/IntersectMBO/govtool/issues/1842)
- Fix counting votes by CC committee members and SPOs [Issue 1838](https://github.com/IntersectMBO/govtool/issues/1838)
- Fix displaying non relevant data in protocol parameter change Governance Action [Issue 1601](https://github.com/IntersectMBO/govtool/issues/1601)

### Changed

-
- Replace diff library to avoid usage of `--force` in package installation
- Bump @intersect.mbo/pdf-ui to v0.3.8
- Change logo to Cardano GovTool [Issue 1851](https://github.com/IntersectMBO/govtool/issues/1851)
- Change copy to Cardano GovTool [Issue 1852](https://github.com/IntersectMBO/govtool/issues/1852)

## [sancho-v1.0.14](https://github.com/IntersectMBO/govtool/releases/tag/sancho-v1.0.14) 2024-08-26

Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
</p>

<p align="center">
<big><strong>Monorepo containing Voltaire GovTool and supporting utilities</strong></big>
<big><strong>Monorepo containing Cardano GovTool and supporting utilities</strong></big>
</p>

<div align="center">
Expand All @@ -18,7 +18,7 @@

## 🌄 Purpose

The Voltaire GovTool enables ada holders to experience the governance features described in [CIP-1694](https://github.com/cardano-foundation/CIPs/blob/master/CIP-1694/README.md).
The Cardano GovTool enables ada holders to experience the governance features described in [CIP-1694](https://github.com/cardano-foundation/CIPs/blob/master/CIP-1694/README.md).

### Instances

Expand Down
51 changes: 43 additions & 8 deletions govtool/backend/sql/list-proposals.sql
Original file line number Diff line number Diff line change
Expand Up @@ -78,12 +78,12 @@ SELECT
always_no_confidence_voting_power.amount
END) "no_votes",
coalesce(Sum(ldd_drep.amount) FILTER (WHERE voting_procedure.vote::text = 'Abstain'), 0) + always_abstain_voting_power.amount "abstain_votes",
coalesce(Sum(ldd_pool.amount) FILTER (WHERE voting_procedure.vote::text = 'Yes'), 0),
coalesce(Sum(ldd_pool.amount) FILTER (WHERE voting_procedure.vote::text = 'No'), 0),
coalesce(Sum(ldd_pool.amount) FILTER (WHERE voting_procedure.vote::text = 'Abstain'), 0),
coalesce(Sum(ldd_cc.amount) FILTER (WHERE voting_procedure.vote::text = 'Yes'), 0),
coalesce(Sum(ldd_cc.amount) FILTER (WHERE voting_procedure.vote::text = 'No'), 0),
coalesce(Sum(ldd_cc.amount) FILTER (WHERE voting_procedure.vote::text = 'Abstain'), 0),
coalesce(vp_by_pool.poolYesVotes, 0),
coalesce(vp_by_pool.poolNoVotes, 0),
coalesce(vp_by_pool.poolAbstainVotes, 0),
coalesce(vp_by_cc.ccYesVotes, 0),
coalesce(vp_by_cc.ccNoVotes, 0),
coalesce(vp_by_cc.ccAbstainVotes, 0),
prev_gov_action.index as prev_gov_action_index,
encode(prev_gov_action_tx.hash, 'hex') as prev_gov_action_tx_hash
FROM
Expand All @@ -104,8 +104,37 @@ FROM
LEFT JOIN voting_procedure ON voting_procedure.gov_action_proposal_id = gov_action_proposal.id
LEFT JOIN LatestDrepDistr ldd_drep ON ldd_drep.hash_id = voting_procedure.drep_voter
AND ldd_drep.rn = 1
LEFT JOIN LatestDrepDistr ldd_pool ON ldd_pool.hash_id = voting_procedure.pool_voter
AND ldd_pool.rn = 1
LEFT JOIN
(
SELECT
gov_action_proposal_id,
SUM(CASE WHEN vote = 'Yes' THEN 1 ELSE 0 END) AS poolYesVotes,
SUM(CASE WHEN vote = 'No' THEN 1 ELSE 0 END) AS poolNoVotes,
SUM(CASE WHEN vote = 'Abstain' THEN 1 ELSE 0 END) AS poolAbstainVotes
FROM
voting_procedure
WHERE
pool_voter IS NOT NULL
GROUP BY
gov_action_proposal_id
) vp_by_pool
ON gov_action_proposal.id = vp_by_pool.gov_action_proposal_id
LEFT JOIN
(
SELECT
gov_action_proposal_id,
SUM(CASE WHEN vote = 'Yes' THEN 1 ELSE 0 END) AS ccYesVotes,
SUM(CASE WHEN vote = 'No' THEN 1 ELSE 0 END) AS ccNoVotes,
SUM(CASE WHEN vote = 'Abstain' THEN 1 ELSE 0 END) AS ccAbstainVotes
FROM
voting_procedure
WHERE
committee_voter IS NOT NULL
GROUP BY
gov_action_proposal_id
) vp_by_cc
ON gov_action_proposal.id = vp_by_cc.gov_action_proposal_id

LEFT JOIN LatestDrepDistr ldd_cc ON ldd_cc.hash_id = voting_procedure.committee_voter
AND ldd_cc.rn = 1
LEFT JOIN gov_action_proposal AS prev_gov_action ON gov_action_proposal.prev_gov_action_proposal = prev_gov_action.id
Expand All @@ -130,6 +159,12 @@ GROUP BY
off_chain_vote_gov_action_data.abstract,
off_chain_vote_gov_action_data.motivation,
off_chain_vote_gov_action_data.rationale,
vp_by_pool.poolYesVotes,
vp_by_pool.poolNoVotes,
vp_by_pool.poolAbstainVotes,
vp_by_cc.ccYesVotes,
vp_by_cc.ccNoVotes,
vp_by_cc.ccAbstainVotes,
gov_action_proposal.index,
creator_tx.hash,
creator_block.time,
Expand Down
2 changes: 1 addition & 1 deletion govtool/frontend/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ RUN npm config set @intersect.mbo:registry "https://registry.npmjs.org/" --locat
RUN npm config set //registry.npmjs.org/:_authToken ${NPMRC_TOKEN} --location=global

COPY package.json package-lock.json ./
RUN npm install --force
RUN npm install
COPY . .
RUN npm run build

Expand Down
2 changes: 1 addition & 1 deletion govtool/frontend/Dockerfile.qovery
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ RUN npm config set @intersect.mbo:registry "https://registry.npmjs.org/" --locat
RUN npm config set //registry.npmjs.org/:_authToken ${NPMRC_TOKEN} --location=global

COPY package.json package-lock.json ./
RUN npm install --force
RUN npm install
COPY . .
RUN npm run build

Expand Down
Loading

0 comments on commit 79a7b92

Please sign in to comment.