merge main

.cargo/audit.toml

@@ -0,0 +1,6 @@
+[advisories]
+ignore = [
+  # this is the `time` segfault
+  # `chrono` depends on `time = "0.1"`, but doesn't use the vulnerable API
+  "RUSTSEC-2020-0071"
+] 

.envrc

@@ -0,0 +1 @@
+use flake

.github/CODEOWNERS

@@ -0,0 +1,8 @@
+# DEVOPS
+
+/.github/action/nix-common-setup*  @input-output-hk/jormungandr-devops
+/.github/workflows/nix.yml         @input-output-hk/jormungandr-devops
+/default.nix                       @input-output-hk/jormungandr-devops
+/flake.lock                        @input-output-hk/jormungandr-devops
+/flake.nix                         @input-output-hk/jormungandr-devops
+/shell.nix                         @input-output-hk/jormungandr-devops

.github/actions/nix-common-setup/action.yml

@@ -0,0 +1,22 @@
+name: Setup Nix Environment
+inputs:
+  CACHIX_AUTH_TOKEN:
+    required: true
+    description: 'Cachix Auth Token'
+runs:
+  using: "composite"
+  steps:
+
+    - name: Installing Nix
+      uses: cachix/install-nix-action@v16
+      with:
+        nix_path: nixpkgs=channel:nixpkgs-unstable
+        extra_nix_config: |
+          accept-flake-config = true
+          trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+          substituters = https://hydra.iohk.io https://cache.nixos.org/
+
+    - uses: cachix/cachix-action@v10
+      with:
+        name: iog
+        authToken: '${{ inputs.CACHIX_AUTH_TOKEN }}'

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+      time: '00:00'
+      timezone: UTC
+    open-pull-requests-limit: 10
+    commit-message:
+        prefix: "chore"
+        include: "scope"

.github/workflows/audit.yml

@@ -7,7 +7,7 @@ jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - id: ls-crates-io-index
         name: Get head commit hash of crates.io registry index
@@ -18,7 +18,7 @@ jobs:
           )
           echo "::set-output name=head::$commit"
       - name: Cache cargo registry index
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.cargo/registry/index
           key: cargo-index-${{ steps.ls-crates-io-index.outputs.head }}

.github/workflows/nix.yml

@@ -0,0 +1,69 @@
+name: Nix CI
+on:
+  push:
+    branches:
+      - main
+      - catalyst-fund*
+  pull_request:
+
+jobs:
+  decision:
+    name: Decide what we need to build
+    runs-on: ubuntu-latest
+
+    outputs:
+      packages: ${{ steps.packages.outputs.packages }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Setup
+      uses: ./.github/actions/nix-common-setup
+      with:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+    - name: Packages
+      id: packages
+      run: |
+        packages=$(nix eval .#packages.x86_64-linux --apply builtins.attrNames --json)
+        echo "PACKAGES -> $packages"
+        echo "::set-output name=packages::$packages"
+
+  build:
+    name: Build ${{ matrix.package }} package
+    needs:
+      - decision
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        package: ${{ fromJSON(needs.decision.outputs.packages) }}
+        exclude:
+          - package: default
+
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Setup
+      uses: ./.github/actions/nix-common-setup
+      with:
+        CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
+
+    - name: Build package
+      run: |
+        path=$(nix eval --raw .#packages.x86_64-linux.${{ matrix.package }})
+        hash=${path:11:32}
+        url="https://iog.cachix.org/$hash.narinfo";
+        if curl --output /dev/null --silent --head --fail "$url"; then
+          echo "Nothing to build!!!"
+          echo ""
+          echo "See build log with:"
+          echo "  nix log $path"
+          echo ""
+        else
+          nix build .#packages.x86_64-linux.${{ matrix.package }} --show-trace -L
+        fi

.github/workflows/python-scripts.yml

@@ -10,7 +10,7 @@ jobs:
       - name: Install linters
         run: pip3 install black
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Check formatting (black)
         run: black ./catalyst-toolbox/scripts/python --check

.github/workflows/release.yml

@@ -21,7 +21,7 @@ jobs:
       upload_url: ${{ steps.create_release.outputs.upload_url }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - id: release_info
         name: Get release information
@@ -51,7 +51,7 @@ jobs:
       cargo-lock-hash: ${{ steps.hash-cargo-lock.outputs.hash }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - id: ls-crates-io-index
         name: Get head commit hash of crates.io registry index
@@ -84,21 +84,21 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Cache cargo registry index
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.cargo/registry/index
           key: cargo-index-${{ needs.cache_info.outputs.crates-io-index-head }}
           restore-keys: cargo-index-
 
       - id: cargo-deps
         name: Cache cargo dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.cargo/registry/cache
           key: cargo-deps-${{ needs.cache_info.outputs.cargo-lock-hash }}
 
       - name: Check out the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: true
 
@@ -135,7 +135,7 @@ jobs:
           default: true
 
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: true
 
@@ -147,13 +147,13 @@ jobs:
           override: true
 
       - name: Restore cargo registry index
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.cargo/registry/index
           key: cargo-index-${{ needs.cache_info.outputs.crates-io-index-head }}
 
       - name: Restore cargo dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.cargo/registry/cache
           key: cargo-deps-${{ needs.cache_info.outputs.cargo-lock-hash }}
@@ -234,7 +234,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Publish release
         env:

.github/workflows/test.yml

@@ -11,11 +11,11 @@ jobs:
     name: Update dependencies
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - id: cargo-deps
         name: Cache cargo dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/.cargo/registry/index
@@ -34,7 +34,7 @@ jobs:
           echo "::set-output name=head::$commit"
       - if: ${{ steps.cargo-deps.outputs.cache-hit != 'true' }}
         name: Cache cargo registry index
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.cargo/registry/index
           key: cargo-index-${{ steps.ls-crates-io-index.outputs.head }}
@@ -57,7 +57,7 @@ jobs:
       NOTIFICATION_APP_CODE: ${{ secrets.NOTIFICATION_APP_CODE }}
       NOTIFICATION_ACCESS_TOKEN: ${{ secrets.NOTIFICATION_ACCESS_TOKEN }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Allow long paths on Windows
         if: ${{ runner.os == 'Windows' }}
@@ -76,7 +76,7 @@ jobs:
           }
 
       - name: Restore cargo dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/.cargo/registry/index
@@ -115,7 +115,7 @@ jobs:
     env:
       CARGO_INCREMENTAL: 0
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions-rs/toolchain@v1
         with:
           profile: minimal
@@ -131,7 +131,7 @@ jobs:
           args: -- --check
 
       - name: Restore cargo dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: |
             ~/.cargo/registry/index
@@ -156,7 +156,7 @@ jobs:
       NOTIFICATION_ACCESS_TOKEN: ${{ secrets.NOTIFICATION_ACCESS_TOKEN }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Install Rust toolchain
         uses: actions-rs/toolchain@v1
@@ -166,13 +166,13 @@ jobs:
           override: true
 
       - name: Restore cargo registry index
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.cargo/registry/index
           key: 'cargo-index-v2-${{ needs.update_deps.outputs.crates-io-index-head }}'
 
       - name: Restore dependency crates
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.cargo/registry/cache
           key: 'cargo-deps-v2-${{ hashFiles(''Cargo.lock'') }}'

.github/workflows/update-flake-lock.yml

@@ -0,0 +1,19 @@
+name: update-flake-lock
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Nix
+        uses: cachix/install-nix-action@v17
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@v14

.gitignore

@@ -1,6 +1,12 @@
 /.vscode
+/.vs
+/.idea
+
 
 qr-code.svg
 
 /target
 /venv
+/.direnv
+/.pre-commit-config.yaml
+/result*