diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 33f834e0c2..534c33beaa 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1796,7 +1796,7 @@ jobs: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-connector-besu run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-besu/ -f ./packages/cactus-plugin-ledger-connector-besu/Dockerfile -t cactus-connector-besu - - name: Run Trivy vulnerability scan for cactus-connector-besu + - name: Run Trivy vulnerability scan for cactus-plugin-ledger-connector-besu uses: aquasecurity/trivy-action@0.11.2 with: image-ref: 'cactus-connector-besu' @@ -1811,7 +1811,7 @@ jobs: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-connector-corda-server run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-corda/src/main-server/ -f ./packages/cactus-plugin-ledger-connector-corda/src/main-server/Dockerfile -t cactus-connector-corda-server - - name: Run Trivy vulnerability scan for cactus-connector-corda-server + - name: Run Trivy vulnerability scan for plugin-ledger-connector-corda uses: aquasecurity/trivy-action@0.11.2 with: image-ref: 'cactus-connector-corda-server' @@ -1826,7 +1826,7 @@ jobs: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-connector-fabric run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-fabric/ -f ./packages/cactus-plugin-ledger-connector-fabric/Dockerfile -t cactus-connector-fabric - - name: Run Trivy vulnerability scan for cactus-connector-fabric + - name: Run Trivy vulnerability scan for cactus-plugin-ledger-connector-fabric uses: aquasecurity/trivy-action@0.11.2 with: image-ref: 'cactus-connector-fabric' @@ -1835,21 +1835,42 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' - ghcr-corda-all-in-one: + scan-cactus-connector-quorum: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - - name: ghcr.io/hyperledger/cactus-corda-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/Dockerfile -t cactus-corda-all-in-one - - name: Run Trivy vulnerability scan for cactus-corda-all-in-one + - name: Build an image from Dockerfile + run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-quorum/ -f ./packages/cactus-plugin-ledger-connector-quorum/Dockerfile -t cactus-connector-quorum + - name: Run Trivy vulnerability scan for cactus-plugin-ledger-connector-quorum + uses: aquasecurity/trivy-action@0.11.2 + with: + image-ref: 'cactus-connector-quorum' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + scan-cactus-connector-iroha: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3.5.2 + - name: Build an image from Dockerfile + run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-iroha/ -f ./packages/cactus-plugin-ledger-connector-iroha/Dockerfile -t cactus-connector-iroha + - name: Run Trivy vulnerability scan for cactus-plugin-ledger-connector-iroha uses: aquasecurity/trivy-action@0.11.2 with: - image-ref: 'cactus-corda-all-in-one' + image-ref: 'cactus-connector-iroha' format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' + ghcr-corda-all-in-one: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3.5.2 + - name: ghcr.io/hyperledger/cactus-corda-all-in-one + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/Dockerfile -t cactus-corda-all-in-one ghcr-corda-all-in-one-flowdb: runs-on: ubuntu-20.04 steps: @@ -1862,15 +1883,6 @@ jobs: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-corda-all-in-one-obligation run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-all-in-one-obligation - - name: Run Trivy vulnerability scan for cactus-corda-all-in-one-obligation - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-corda-all-in-one-obligation' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' ghcr-dev-container-vscode: runs-on: ubuntu-20.04 env: @@ -1891,82 +1903,37 @@ jobs: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-example-carbon-accounting run: DOCKER_BUILDKIT=1 docker build . -f ./examples/carbon-accounting/Dockerfile -t cactus-example-carbon-accounting - - name: Run Trivy vulnerability scan for cactus-example-carbon-accounting - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-example-carbon-accounting' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' ghcr-example-supply-chain-app: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-example-supply-chain-app run: DOCKER_BUILDKIT=1 docker build . -f ./examples/supply-chain-app/Dockerfile -t cactus-example-supply-chain-app - - name: Run Trivy vulnerability scan for cactus-example-supply-chain-app - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-example-supply-chain-app' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' ghcr-fabric-all-in-one: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-fabric-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x -t cactus-fabric-all-in-one - - name: Run Trivy vulnerability scan for cactus-fabric-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-fabric-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x ghcr-fabric2-all-in-one: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-fabric2-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x -t cactus-fabric2-all-in-one - - name: Run Trivy vulnerability scan for cactus-fabric2-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-fabric2-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x ghcr-iroha-all-in-one: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-iroha-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/iroha-all-in-one/ -f ./tools/docker/iroha-all-in-one/Dockerfile -t cactus-iroha-all-in-one - - name: Run Trivy vulnerability scan for cactus-iroha-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-iroha-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/iroha-all-in-one/ -f ./tools/docker/iroha-all-in-one/Dockerfile ghcr-keychain-vault-server: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-keychain-vault-server run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/ -f ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile -t cactus-keychain-vault-server - - name: Run Trivy vulnerability scan for cactus-keychain-vault-server + - name: Run Trivy vulnerability scan for cactus-plugin-keychain-vault-server uses: aquasecurity/trivy-action@0.11.2 with: image-ref: 'cactus-keychain-vault-server' @@ -1980,76 +1947,32 @@ jobs: steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-quorum-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile -t cactus-quorum-all-in-one - - name: Run Trivy vulnerability scan for cactus-quorum-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-quorum-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile ghcr-quorum-multi-party-all-in-one: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-quorum-multi-party-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-multi-party-all-in-one/ -f ./tools/docker/quorum-multi-party-all-in-one/Dockerfile -t cactus-quorum-multi-party-all-in-one - - name: Run Trivy vulnerability scan for cactus-quorum-multi-party-all-in-one - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-quorum-multi-party-all-in-one' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-multi-party-all-in-one/ -f ./tools/docker/quorum-multi-party-all-in-one/Dockerfile ghcr-rust-compiler: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-rust-compiler - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/rust-compiler/ -f ./tools/docker/rust-compiler/Dockerfile -t cactus-rust-compiler - - name: Run Trivy vulnerability scan for cactus-rust-compiler - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-rust-compiler' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/rust-compiler/ -f ./tools/docker/rust-compiler/Dockerfile ghcr-test-npm-registry: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-test-npm-registry - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/test-npm-registry/ -f ./tools/docker/test-npm-registry/Dockerfile -t cactus-test-npm-registry - - name: Run Trivy vulnerability scan for cactus-test-npm-registry - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-test-npm-registry' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/test-npm-registry/ -f ./tools/docker/test-npm-registry/Dockerfile ghcr-whitepaper: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v3.5.2 - name: ghcr.io/hyperledger/cactus-whitepaper - run: DOCKER_BUILDKIT=1 docker build ./whitepaper/ -f ./whitepaper/Dockerfile -t cactus-whitepaper - - name: Run Trivy vulnerability scan for cactus-whitepaper - uses: aquasecurity/trivy-action@0.11.2 - with: - image-ref: 'cactus-whitepaper' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + run: DOCKER_BUILDKIT=1 docker build ./whitepaper/ -f ./whitepaper/Dockerfile + name: Cactus_CI 'on': pull_request: diff --git a/packages/cactus-cmd-api-server/package.json b/packages/cactus-cmd-api-server/package.json index 7d4460f473..62031358ec 100644 --- a/packages/cactus-cmd-api-server/package.json +++ b/packages/cactus-cmd-api-server/package.json @@ -103,6 +103,7 @@ "@types/express": "4.17.19", "@types/express-http-proxy": "1.6.2", "@types/google-protobuf": "3.15.5", + "@types/http-cache-semantics": "^4", "@types/json-stable-stringify": "1.0.34", "@types/jsonwebtoken": "8.5.4", "@types/multer": "1.4.7", @@ -117,6 +118,7 @@ "google-protobuf": "3.18.0-rc.2", "grpc-tools": "1.12.4", "grpc_tools_node_protoc_ts": "5.3.3", + "http-cache-semantics": "4.1.1", "http-status-codes": "2.1.4", "protobufjs": "7.2.5" }, diff --git a/yarn.lock b/yarn.lock index 3e81a4e1d8..489e157516 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6664,6 +6664,7 @@ __metadata: "@types/express": 4.17.19 "@types/express-http-proxy": 1.6.2 "@types/google-protobuf": 3.15.5 + "@types/http-cache-semantics": ^4 "@types/json-stable-stringify": 1.0.34 "@types/jsonwebtoken": 8.5.4 "@types/multer": 1.4.7 @@ -6692,6 +6693,7 @@ __metadata: google-protobuf: 3.18.0-rc.2 grpc-tools: 1.12.4 grpc_tools_node_protoc_ts: 5.3.3 + http-cache-semantics: 4.1.1 http-status-codes: 2.1.4 jose: 4.9.2 json-stable-stringify: 1.0.2 @@ -7812,7 +7814,7 @@ __metadata: "@hyperledger/cactus-test-tooling": 2.0.0-alpha.2 "@types/express": 4.17.20 "@types/uuid": 9.0.6 - axios: 1.5.1 + axios: 1.6.0 body-parser: 1.20.2 cbor: 9.0.1 express: 4.18.2 @@ -12905,6 +12907,13 @@ __metadata: languageName: node linkType: hard +"@types/http-cache-semantics@npm:^4": + version: 4.0.4 + resolution: "@types/http-cache-semantics@npm:4.0.4" + checksum: 7f4dd832e618bc1e271be49717d7b4066d77c2d4eed5b81198eb987e532bb3e1c7e02f45d77918185bad936f884b700c10cebe06305f50400f382ab75055f9e8 + languageName: node + linkType: hard + "@types/http-cache-semantics@npm:^4.0.1": version: 4.0.1 resolution: "@types/http-cache-semantics@npm:4.0.1"