Merge pull request #237 from radixdlt/develop

RDT v2
radixdlt · Jul 2, 2024 · b8d39f4 · b8d39f4
2 parents 87d1f97 + 245367a
commit b8d39f4
Show file tree

Hide file tree

Showing 262 changed files with 70,635 additions and 12,335 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,8 +4,27 @@ on:
   push:
     branches:
       - '**'
+  pull_request:
 
 jobs:
+  phylum-analyze:
+    if: ${{ github.event.pull_request }}
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/phylum-analyze.yml@main
+    permissions:
+      id-token: write
+      pull-requests: write
+      contents: read
+      deployments: write
+    secrets:
+      phylum_api_key: ${{ secrets.PHYLUM_API_KEY }}
+    with:
+      phylum_pr_number: ${{ github.event.number }}
+      phylum_pr_name: ${{ github.head_ref }}
+      phylum_group_name: dApp-engineering
+      phylum_project_id: ad50ad22-146e-4339-80ea-d895b4bce133
+      github_repository: ${{ github.repository }}
+      add_report_comment_to_pull_request: true
+
   snyk-scan-deps-licences:
     runs-on: ubuntu-latest
     permissions:
@@ -74,7 +93,7 @@ jobs:
       - name: Generate SBOM # check SBOM can be generated but nothing is done with it
         uses: RDXWorks-actions/snyk-actions/node@master
         with:
-          args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json
+          args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json > sbom.json
           command: sbom
 
   build:
@@ -88,19 +107,19 @@ jobs:
       - name: Use Node.js
         uses: RDXWorks-actions/setup-node@main
         with:
-          node-version: '18.x'
+          node-version: '20.x'
 
       - name: Authenticate with private NPM package
         run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_TOKEN }}" > ~/.npmrc
 
       - name: Install dependencies
         run: npm ci
 
-      - name: Run tests
-        run: npm run test
-
       - name: Build
         run: npm run build
 
+      - name: Run tests
+        run: npm run test
+
       - name: Dump context
-        uses: RDXWorks-actions/ghaction-dump-context@master
+        uses: RDXWorks-actions/ghaction-dump-context@master
diff --git a/.github/workflows/connect-button-ci.yml b/.github/workflows/connect-button-ci.yml
@@ -0,0 +1,179 @@
+name: 'Connect button CI/CD'
+
+on:
+  pull_request:
+    # branches:
+    #   - develop
+  push:
+    branches:
+      - develop
+      - main
+
+env:
+  jenkins_job_name: 'kubernetes-deployments/job/connect-button'
+  helm_dir: 'deploy/helm/connect-button'
+  dev_eks_cluster: 'rdx-works-main-dev'
+  prod_eks_cluster: 'rdx-works-main-dev'
+
+jobs:
+
+  build_push_container:
+    permissions:
+      packages: write
+      id-token: write
+      pull-requests: write
+      contents: read
+    name: Build and push docker image
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
+    with:
+      runs_on: ubuntu-latest
+      image_registry: 'docker.io'
+      image_organization: 'radixdlt'
+      image_name: 'connect-button-storybook'
+      tag: ${{ needs.build.outputs.tag }}
+      tags: |
+        type=sha,priority=601
+        type=ref,event=pr
+        type=ref,event=branch
+        type=semver,pattern={{version}}
+        type=semver,pattern={{major}}.{{minor}}
+        type=semver,pattern={{major}}
+      context: './'
+      dockerfile: './packages/connect-button/Dockerfile'
+      platforms: 'linux/amd64'
+      provenance: 'false'
+      enable_gcr: 'false'
+      scan_image: true
+      snyk_target_ref: ${{ github.ref_name }}
+    secrets:
+      workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDP }}
+      service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+
+  deploy_pull_request:
+    if: ${{ github.event.pull_request }}
+    name: Deploy PR
+    permissions:
+      id-token: write
+      deployments: write
+      packages: write
+      pull-requests: write
+      contents: read
+    needs:
+      - build_push_container
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
+    with:
+      jenkins_job_name: "kubernetes-deployments/job/connect-button"
+      github_branch: "${{ github.head_ref }}"
+      application_name: "connect-button"
+      hierarchical_namespace: "connect-button-ci-pr"
+      create_subnamespace: "true"
+      kubernetes_namespace: "connect-button-pr-${{ github.event.number }}"
+      aws_eks_cluster: "rdx-works-main-dev"
+      aws_iam_role_name: "jenkins-connect-button-pr-deployer"
+      helmfile_environment: "pr"
+      helm_dir: "deploy/helm/connect-button"
+      helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }},ci.prNumber=${{ github.event.number }}"
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
+
+  deploy_dev:
+    if: github.ref == 'refs/heads/develop' && github.event_name == 'push'
+    name: Deploy DEV
+    permissions:
+      id-token: write
+      deployments: write
+      packages: write
+      pull-requests: write
+      contents: read
+    needs:
+      - build_push_container
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
+    with:
+      github_environment: "dev"
+      github_branch: "${{ github.ref }}"
+      jenkins_job_name: "kubernetes-deployments/job/connect-button"
+      application_name: "connect-button"
+      kubernetes_namespace: "connect-button-dev"
+      aws_eks_cluster: "rdx-works-main-dev"
+      aws_iam_role_name: "jenkins-connect-button-dev-deployer"
+      helmfile_environment: "dev"
+      helm_dir: "deploy/helm/connect-button"
+      helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}"
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
+
+  deploy_prod:
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    name: Deploy PROD
+    permissions:
+      id-token: write
+      deployments: write
+      packages: write
+      pull-requests: write
+      contents: read
+    needs:
+      - build_push_container
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
+    with:
+      github_environment: "prod"
+      github_branch: "${{ github.ref }}"
+      jenkins_job_name: "kubernetes-deployments/job/connect-button"
+      application_name: "connect-button"
+      kubernetes_namespace: "connect-button-prod"
+      aws_eks_cluster: "rdx-works-main-dev"
+      aws_iam_role_name: "jenkins-connect-button-prod-deployer"
+      helmfile_environment: "prod"
+      helm_dir: "deploy/helm/connect-button"
+      helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}"
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
+
+  snyk_container_monitor:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
+    needs:
+      - build_push_container
+    permissions:
+      id-token: write
+      pull-requests: read
+      contents: read
+      deployments: write
+    steps:
+      - uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
+        with:
+          role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
+          app_name: 'cnct-button'
+          dockerhub_secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/dockerhub-credentials'
+          snyk_secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
+          snyk_org_id: ${{ secrets.SNYK_ORG_ID }}
+          image: docker.io/radixdlt/connect-button-storybook:${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}
+          target_ref: ${{ github.ref_name }}
+
+  snyk_monitor:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
+    needs:
+      - build_push_container
+    permissions:
+      id-token: write
+      pull-requests: read
+      contents: read
+      deployments: write
+    steps:
+      - uses: RDXWorks-actions/checkout@main
+      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
+        with:
+          role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
+          app_name: 'connect-button'
+          step_name: 'snyk-monitor'
+          secret_prefix: 'SNYK'
+          secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
+          parse_json: true
+      - name: Enable Snyk online monitoring to check for vulnerabilities
+        uses: RDXWorks-actions/snyk-actions/node@master
+        with:
+          args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --target-reference=${{ github.ref_name }}
+          command: monitor
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,18 +20,19 @@ jobs:
       - name: Setup Node.js
         uses: RDXWorks-actions/setup-node@main
         with:
-          node-version: '18.x'
+          node-version: '20.x'
       - name: Authenticate with private NPM package
         run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_TOKEN }}" > ~/.npmrc
       - name: Install dependencies
         run: npm ci
-      - name: Prepare
+      - name: Build
         run: npm run build
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPMJS_TOKEN }}
         run: |
+          cd packages/dapp-toolkit
           npx semantic-release | tee out
           echo "RELEASE_VERSION=$(grep 'Created tag ' out | awk -F 'Created tag ' '{print $2}')" >> $GITHUB_ENV
 
@@ -47,7 +48,7 @@ jobs:
       - name: Generate SBOM
         uses: RDXWorks-actions/snyk-actions/node@master
         with:
-          args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json --json-file-output sbom.json
+          args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --format=cyclonedx1.4+json > sbom.json
           command: sbom
       - name: Upload SBOM
         uses: RDXWorks-actions/upload-release-assets@c94805dc72e4b20745f543da0f62eaee7722df7a

diff --git a/.gitignore b/.gitignore
@@ -7,11 +7,41 @@ yarn-error.log*
 pnpm-debug.log*
 lerna-debug.log*
 
+# Dependencies
 node_modules
+.pnp
+.pnp.js
+
+# Local env files
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# Turbo
+.turbo
+
+# Vercel
+.vercel
+
+# Build Outputs
+.next/
+out/
+build
 dist
-types
-dist-ssr
-*.local
+
+
+# Debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Misc
+.DS_Store
+*.pem
+
+.envrc
 
 # Editor directories and files
 .vscode/*

diff --git a/.phylum_project b/.phylum_project
@@ -0,0 +1,7 @@
+id: ad50ad22-146e-4339-80ea-d895b4bce133
+name: radix-dapp-toolkit
+created_at: 2024-06-03T08:21:31.593544+02:00
+group_name: dApp-engineering
+depfiles:
+- path: ./package-lock.json
+  type: npm
diff --git a/.snyk b/.snyk
@@ -0,0 +1,3 @@
+exclude:
+  global:
+    - packages/dapp-toolkit/src/modules/wallet-request/crypto/signature.spec.ts