feat: engine-runner verifies gpg signature of old dylib when downloaded #5339

kylezs · 2024-10-18T12:10:31Z

Pull Request

Checklist

Please conduct a thorough self-review before opening the PR.

I am confident that the code works. - I added the is_mainnet flag on ci-development to see it works and it did :). Also manually tested broken signatures and missing files to see that it fails correctly as well.
I have written sufficient tests.
I have written and tested required migrations.
I have updated documentation where appropriate.

Summary

When the is_mainnet flag is true on the build job, the engine-runner will now download from the pgks.chainflip.io - which contain only the binaries built for mainnet. It will also verify the signature of these dylibs to ensure that the chainflip releaser has released them.

.github/workflows/_20_build.yml

codecov · 2024-10-22T12:24:59Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71%. Comparing base (dee3275) to head (fd7701e).
Report is 15 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff           @@
##            main   #5339    +/-   ##
======================================
- Coverage     71%     71%    -0%     
======================================
  Files        491     494     +3     
  Lines      85327   85672   +345     
  Branches   85327   85672   +345     
======================================
+ Hits       60776   60976   +200     
- Misses     21839   21934    +95     
- Partials    2712    2762    +50

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

kylezs · 2024-10-24T10:07:59Z

Rerunning, was just manually uploaded artifacts were missing the old dylib (this is automated after 1.7)

…waps-close-accounts * origin/main: (44 commits) fix: expire all previous epochs (#5279) feat: add/update contract swaps parameters (#5343) chore: add address to solana logging (#5353) fix: ignore dust underflows in order fills rpc (#5352) chore: consistent naming prewitnessed (#5351) feat: engine-runner verifies gpg signature of old dylib when downloaded (#5339) feat: tainted transaction reporting (#5310) bug: change_utxo not always present (#5340) feat: structured error return types for rpcs (#5346) chore: unify dependencies to root cargo.toml (#5333) feat: Submit a slot number alongside nonce (#5297) chore: use node version from `.nvmrc` 📌 (#5336) chore: add engine account_info logging (#5347) chore: replace manual scale encoding for ts-scale (#5335) chore: more consistent params in Broker API (#5342) feat: broker can encode btc smart contract call (#5329) chore: localnet recreate script can use defaults (#5338) feat: witnessing btc smart contract swaps (#5331) feat: Solana CCM fallback (#5316) fix: scale types for pending ceremonies (#5286) ... # Conflicts: # Cargo.lock # state-chain/chains/src/sol/api.rs # state-chain/pallets/cf-broadcast/src/migrations.rs # state-chain/pallets/cf-environment/Cargo.toml

…ed (#5339) * feat: runner verifies downloaded dylibs * chore: consistent CI param naming * chore: clippy * fix: LP account already setup in 1.6.8 * chore: eslint

kylezs force-pushed the feat/runner-verify-dylibs branch 2 times, most recently from 39e5f66 to 76b10ef Compare October 22, 2024 11:17

kylezs changed the title ~~WIP: Runner to download and verify signature of dylibs it downloads~~ feat: engine-runner verifies gpg signature of old dylib when downloaded Oct 22, 2024

kylezs marked this pull request as ready for review October 22, 2024 11:19

kylezs requested review from ahasna and martin-chainflip October 22, 2024 11:19

kylezs force-pushed the feat/runner-verify-dylibs branch from 76b10ef to 83c27bd Compare October 22, 2024 11:28

feat: runner verifies downloaded dylibs

24a1c9a

kylezs force-pushed the feat/runner-verify-dylibs branch from 83c27bd to 24a1c9a Compare October 22, 2024 11:32

ahasna approved these changes Oct 22, 2024

View reviewed changes

.github/workflows/_20_build.yml Outdated Show resolved Hide resolved

kylezs added 2 commits October 22, 2024 15:46

chore: consistent CI param naming

842732e

chore: clippy

9d7b8fe

martin-chainflip approved these changes Oct 24, 2024

View reviewed changes

kylezs added this pull request to the merge queue Oct 24, 2024

github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 24, 2024

kylezs added this pull request to the merge queue Oct 24, 2024

github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 24, 2024

fix: LP account already setup in 1.6.8

c617336

kylezs enabled auto-merge October 24, 2024 11:18

chore: eslint

fd7701e

kylezs added this pull request to the merge queue Oct 24, 2024

github-merge-queue bot removed this pull request from the merge queue due to failed status checks Oct 24, 2024

kylezs added this pull request to the merge queue Oct 24, 2024

Merged via the queue into main with commit 7c0787a Oct 24, 2024
48 of 49 checks passed

kylezs deleted the feat/runner-verify-dylibs branch October 24, 2024 15:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: engine-runner verifies gpg signature of old dylib when downloaded #5339

feat: engine-runner verifies gpg signature of old dylib when downloaded #5339

kylezs commented Oct 18, 2024 •

edited

Loading

codecov bot commented Oct 22, 2024 •

edited

Loading

kylezs commented Oct 24, 2024

feat: engine-runner verifies gpg signature of old dylib when downloaded #5339

feat: engine-runner verifies gpg signature of old dylib when downloaded #5339

Conversation

kylezs commented Oct 18, 2024 • edited Loading

Pull Request

Checklist

Summary

codecov bot commented Oct 22, 2024 • edited Loading

Codecov Report

kylezs commented Oct 24, 2024

kylezs commented Oct 18, 2024 •

edited

Loading

codecov bot commented Oct 22, 2024 •

edited

Loading