-
Notifications
You must be signed in to change notification settings - Fork 878
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
166 changed files
with
6,883 additions
and
2,755 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
name: Release Checklist | ||
about: items to be completed for each release | ||
title: '' | ||
labels: '' | ||
assignees: '' | ||
|
||
--- | ||
|
||
- [ ] Confirm anything outstanding for release with other maintainers on #besu-release in Discord | ||
- [ ] Notify maintainers about updating changelog for in-flight PRs | ||
- [ ] Update changelog if necessary, and merge a PR for it to main | ||
- [ ] Optional: for hotfixes, create a release branch and cherry-pick, e.g. `release-<version>-hotfix` | ||
- [ ] Optional: create a PR into main from the hotfix branch to see the CI checks pass | ||
- [ ] On the appropriate branch/commit, create a calver tag for the release candidate, format example: `24.4.0-RC2` | ||
- [ ] Sign-off with team; confirm tag is correct in #besu-release in Discord | ||
- [ ] Consensys staff start burn-in using the proposed release <version-RCX> tag | ||
- [ ] Sign off burn-in; convey burn-in results in #besu-release in Discord | ||
- [ ] Using the same git sha, create a calver tag for the FULL RELEASE, example format `24.4.0` | ||
- [ ] Using the FULL RELEASE tag, create a release in github to trigger the workflows. Once published: | ||
- makes the release "latest" in github | ||
- this is now public and notifies subscribed users | ||
- publishes artefacts and version-specific docker tags | ||
- publishes the docker `latest` tag variants | ||
- [ ] Draft homebrew PR | ||
- [ ] Draft documentation release | ||
- [ ] Ensure binary SHAs are correct on the release page | ||
- [ ] Docker release startup test: | ||
- `docker run hyperledger/besu:<version>` | ||
- `docker run hyperledger/besu:<version>-arm64` | ||
- `docker run --platform linux/amd64 hyperledger/besu:<version>-amd64` | ||
- `docker run --pull=always hyperledger/besu:latest` (check version is <version>) | ||
- [ ] Merge homebrew PR | ||
- [ ] Publish Docs Release | ||
- [ ] Social announcements |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: container security scan | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
tag: | ||
description: 'Container image tag' | ||
required: false | ||
default: 'develop' | ||
schedule: | ||
# Start of the hour is the busy time. Scheule it to run 8:17am UTC | ||
- cron: '17 8 * * *' | ||
|
||
jobs: | ||
scan-sarif: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: read | ||
security-events: write | ||
|
||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | ||
|
||
# Shell parameter expansion does not support directly on a step | ||
# Adding a separate step to set the image tag. This allows running | ||
# this workflow with a schedule as well as manual | ||
- name: Set image tag | ||
id: tag | ||
run: | | ||
echo "TAG=${INPUT_TAG:-develop}" >> "$GITHUB_OUTPUT" | ||
env: | ||
INPUT_TAG: ${{ inputs.tag }} | ||
|
||
- name: Vulnerability scanner | ||
id: trivy | ||
uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d | ||
with: | ||
image-ref: hyperledger/besu:${{ steps.tag.outputs.TAG }} | ||
format: sarif | ||
output: 'trivy-results.sarif' | ||
|
||
# Check the vulnerabilities via GitHub security tab | ||
- name: Upload results | ||
uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 | ||
with: | ||
sarif_file: 'trivy-results.sarif' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
besu/src/main/java/org/hyperledger/besu/cli/converter/SubnetInfoConverter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
* Copyright contributors to Hyperledger Besu. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with | ||
* the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on | ||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations under the License. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package org.hyperledger.besu.cli.converter; | ||
|
||
import org.apache.commons.net.util.SubnetUtils; | ||
import org.apache.commons.net.util.SubnetUtils.SubnetInfo; | ||
import picocli.CommandLine; | ||
|
||
/** The SubnetInfo converter for CLI options. */ | ||
public class SubnetInfoConverter implements CommandLine.ITypeConverter<SubnetInfo> { | ||
/** Default Constructor. */ | ||
public SubnetInfoConverter() {} | ||
|
||
/** | ||
* Converts an IP addresses with CIDR notation into SubnetInfo | ||
* | ||
* @param value The IP addresses with CIDR notation. | ||
* @return the SubnetInfo | ||
*/ | ||
@Override | ||
public SubnetInfo convert(final String value) { | ||
return new SubnetUtils(value).getInfo(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.