Merge pull request #236 from radixdlt/release/v2

RDT v2
radixdlt · Jul 2, 2024 · ed28982 · ed28982
2 parents 0fed9ef + 3028d13
commit ed28982
Show file tree

Hide file tree

Showing 259 changed files with 71,204 additions and 12,091 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -14,8 +14,16 @@ jobs:
       id-token: write
       pull-requests: write
       contents: read
+      deployments: write
     secrets:
       phylum_api_key: ${{ secrets.PHYLUM_API_KEY }}
+    with:
+      phylum_pr_number: ${{ github.event.number }}
+      phylum_pr_name: ${{ github.head_ref }}
+      phylum_group_name: dApp-engineering
+      phylum_project_id: ad50ad22-146e-4339-80ea-d895b4bce133
+      github_repository: ${{ github.repository }}
+      add_report_comment_to_pull_request: true
 
   snyk-scan-deps-licences:
     runs-on: ubuntu-latest
@@ -99,19 +107,19 @@ jobs:
       - name: Use Node.js
         uses: RDXWorks-actions/setup-node@main
         with:
-          node-version: '18.x'
+          node-version: '20.x'
 
       - name: Authenticate with private NPM package
         run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_TOKEN }}" > ~/.npmrc
 
       - name: Install dependencies
         run: npm ci
 
-      - name: Run tests
-        run: npm run test
-
       - name: Build
         run: npm run build
 
+      - name: Run tests
+        run: npm run test
+
       - name: Dump context
-        uses: RDXWorks-actions/ghaction-dump-context@master
+        uses: RDXWorks-actions/ghaction-dump-context@master
diff --git a/.github/workflows/connect-button-ci.yml b/.github/workflows/connect-button-ci.yml
@@ -0,0 +1,179 @@
+name: 'Connect button CI/CD'
+
+on:
+  pull_request:
+    # branches:
+    #   - develop
+  push:
+    branches:
+      - develop
+      - main
+
+env:
+  jenkins_job_name: 'kubernetes-deployments/job/connect-button'
+  helm_dir: 'deploy/helm/connect-button'
+  dev_eks_cluster: 'rdx-works-main-dev'
+  prod_eks_cluster: 'rdx-works-main-dev'
+
+jobs:
+
+  build_push_container:
+    permissions:
+      packages: write
+      id-token: write
+      pull-requests: write
+      contents: read
+    name: Build and push docker image
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/docker-build.yml@main
+    with:
+      runs_on: ubuntu-latest
+      image_registry: 'docker.io'
+      image_organization: 'radixdlt'
+      image_name: 'connect-button-storybook'
+      tag: ${{ needs.build.outputs.tag }}
+      tags: |
+        type=sha,priority=601
+        type=ref,event=pr
+        type=ref,event=branch
+        type=semver,pattern={{version}}
+        type=semver,pattern={{major}}.{{minor}}
+        type=semver,pattern={{major}}
+      context: './'
+      dockerfile: './packages/connect-button/Dockerfile'
+      platforms: 'linux/amd64'
+      provenance: 'false'
+      enable_gcr: 'false'
+      scan_image: true
+      snyk_target_ref: ${{ github.ref_name }}
+    secrets:
+      workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDP }}
+      service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+
+  deploy_pull_request:
+    if: ${{ github.event.pull_request }}
+    name: Deploy PR
+    permissions:
+      id-token: write
+      deployments: write
+      packages: write
+      pull-requests: write
+      contents: read
+    needs:
+      - build_push_container
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
+    with:
+      jenkins_job_name: "kubernetes-deployments/job/connect-button"
+      github_branch: "${{ github.head_ref }}"
+      application_name: "connect-button"
+      hierarchical_namespace: "connect-button-ci-pr"
+      create_subnamespace: "true"
+      kubernetes_namespace: "connect-button-pr-${{ github.event.number }}"
+      aws_eks_cluster: "rdx-works-main-dev"
+      aws_iam_role_name: "jenkins-connect-button-pr-deployer"
+      helmfile_environment: "pr"
+      helm_dir: "deploy/helm/connect-button"
+      helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }},ci.prNumber=${{ github.event.number }}"
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
+
+  deploy_dev:
+    if: github.ref == 'refs/heads/develop' && github.event_name == 'push'
+    name: Deploy DEV
+    permissions:
+      id-token: write
+      deployments: write
+      packages: write
+      pull-requests: write
+      contents: read
+    needs:
+      - build_push_container
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
+    with:
+      github_environment: "dev"
+      github_branch: "${{ github.ref }}"
+      jenkins_job_name: "kubernetes-deployments/job/connect-button"
+      application_name: "connect-button"
+      kubernetes_namespace: "connect-button-dev"
+      aws_eks_cluster: "rdx-works-main-dev"
+      aws_iam_role_name: "jenkins-connect-button-dev-deployer"
+      helmfile_environment: "dev"
+      helm_dir: "deploy/helm/connect-button"
+      helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}"
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
+
+  deploy_prod:
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    name: Deploy PROD
+    permissions:
+      id-token: write
+      deployments: write
+      packages: write
+      pull-requests: write
+      contents: read
+    needs:
+      - build_push_container
+    uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/jenkins-deployment.yml@main
+    with:
+      github_environment: "prod"
+      github_branch: "${{ github.ref }}"
+      jenkins_job_name: "kubernetes-deployments/job/connect-button"
+      application_name: "connect-button"
+      kubernetes_namespace: "connect-button-prod"
+      aws_eks_cluster: "rdx-works-main-dev"
+      aws_iam_role_name: "jenkins-connect-button-prod-deployer"
+      helmfile_environment: "prod"
+      helm_dir: "deploy/helm/connect-button"
+      helmfile_extra_vars: "ci.tag=${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}"
+    secrets:
+      aws_deployment_account_id: ${{ secrets.AWS_DEV_ACCOUNT_ID }}
+      secrets_account_id: ${{ secrets.SECRETS_ACCOUNT_ID }}
+
+  snyk_container_monitor:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
+    needs:
+      - build_push_container
+    permissions:
+      id-token: write
+      pull-requests: read
+      contents: read
+      deployments: write
+    steps:
+      - uses: radixdlt/public-iac-resuable-artifacts/snyk-container-monitor@main
+        with:
+          role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
+          app_name: 'cnct-button'
+          dockerhub_secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/dockerhub-credentials'
+          snyk_secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
+          snyk_org_id: ${{ secrets.SNYK_ORG_ID }}
+          image: docker.io/radixdlt/connect-button-storybook:${{ fromJSON(needs.build_push_container.outputs.json).labels['org.opencontainers.image.version'] }}
+          target_ref: ${{ github.ref_name }}
+
+  snyk_monitor:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
+    needs:
+      - build_push_container
+    permissions:
+      id-token: write
+      pull-requests: read
+      contents: read
+      deployments: write
+    steps:
+      - uses: RDXWorks-actions/checkout@main
+      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
+        with:
+          role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
+          app_name: 'connect-button'
+          step_name: 'snyk-monitor'
+          secret_prefix: 'SNYK'
+          secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/snyk-credentials-rXRpuX'
+          parse_json: true
+      - name: Enable Snyk online monitoring to check for vulnerabilities
+        uses: RDXWorks-actions/snyk-actions/node@master
+        with:
+          args: --all-projects --org=${{ env.SNYK_PROJECTS_ORG_ID }} --target-reference=${{ github.ref_name }}
+          command: monitor
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,18 +20,19 @@ jobs:
       - name: Setup Node.js
         uses: RDXWorks-actions/setup-node@main
         with:
-          node-version: '18.x'
+          node-version: '20.x'
       - name: Authenticate with private NPM package
         run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPMJS_TOKEN }}" > ~/.npmrc
       - name: Install dependencies
         run: npm ci
-      - name: Prepare
+      - name: Build
         run: npm run build
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPMJS_TOKEN }}
         run: |
+          cd packages/dapp-toolkit
           npx semantic-release | tee out
           echo "RELEASE_VERSION=$(grep 'Created tag ' out | awk -F 'Created tag ' '{print $2}')" >> $GITHUB_ENV
 

diff --git a/.gitignore b/.gitignore
@@ -7,11 +7,41 @@ yarn-error.log*
 pnpm-debug.log*
 lerna-debug.log*
 
+# Dependencies
 node_modules
+.pnp
+.pnp.js
+
+# Local env files
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# Turbo
+.turbo
+
+# Vercel
+.vercel
+
+# Build Outputs
+.next/
+out/
+build
 dist
-types
-dist-ssr
-*.local
+
+
+# Debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Misc
+.DS_Store
+*.pem
+
+.envrc
 
 # Editor directories and files
 .vscode/*

diff --git a/.snyk b/.snyk
@@ -0,0 +1,3 @@
+exclude:
+  global:
+    - packages/dapp-toolkit/src/modules/wallet-request/crypto/signature.spec.ts
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -0,0 +1,76 @@
+# Radix DLT Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+- The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at hello@radixdlt.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq