diff --git a/.github/workflows/docker_main.yml b/.github/workflows/docker_main.yml index 6b360ed85a..658ed3caa0 100644 --- a/.github/workflows/docker_main.yml +++ b/.github/workflows/docker_main.yml @@ -8,6 +8,9 @@ on: jobs: docker: runs-on: ubuntu-latest + permissions: + contents: read + packages: write steps: - uses: actions/checkout@v3 with: diff --git a/.github/workflows/docker_release.yml b/.github/workflows/docker_release.yml index b58c9de961..d8b2313ce2 100644 --- a/.github/workflows/docker_release.yml +++ b/.github/workflows/docker_release.yml @@ -5,8 +5,31 @@ on: types: [released, prereleased] jobs: + fetch-latest-tag: + runs-on: ubuntu-latest + outputs: + latest_tag: ${{ steps.get_latest_tag.outputs.latest_tag }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Fetch all tags + run: git fetch --tags + + - name: Get the latest tag + id: get_latest_tag + run: | + latest_tag=$(git tag -l | sort -V | tail -n 1) + echo "::set-output name=latest_tag::${latest_tag}" + docker: runs-on: ubuntu-latest + needs: fetch-latest-tag + permissions: + contents: read + packages: write steps: - uses: actions/checkout@v3 with: @@ -27,7 +50,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Set latest tag - if: github.event.action == 'released' + if: github.event.action == 'released' && github.ref_name == needs.fetch-latest-tag.outputs.latest_tag run: | echo "DOCKER_TAGS=${{ env.DOCKER_TAGS }},ghcr.io/${{ github.repository }}:latest" >> $GITHUB_ENV diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 83dbdae578..d49c5dc7e7 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -33,7 +33,7 @@ jobs: https://api.github.com/repos/${{ github.repository }}/releases/latest \ | jq -r '.tag_name' ) - IS_LATEST=${{ env.LATEST_TAG == github.event.release.tag_name }} + IS_LATEST=${{ $LATEST_TAG == github.event.release.tag_name }} echo This release is: "${{ github.event.release.tag_name }}" echo The latest release is: "$LATEST_TAG" echo "IS_LATEST_RELEASE=$IS_LATEST" >> "$GITHUB_ENV" diff --git a/doc-site/docs/reference/config.md b/doc-site/docs/reference/config.md index 72353252db..82b7f3ef43 100644 --- a/doc-site/docs/reference/config.md +++ b/doc-site/docs/reference/config.md @@ -291,15 +291,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## events.webhooks.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## events.webhooks.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -343,11 +353,14 @@ title: Configuration Reference |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -420,11 +433,14 @@ title: Configuration Reference |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -490,11 +506,14 @@ title: Configuration Reference |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -620,15 +639,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.blockchain[].ethereum.addressResolver.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.blockchain[].ethereum.addressResolver.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -686,15 +715,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.blockchain[].ethereum.ethconnect.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.blockchain[].ethereum.ethconnect.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -748,15 +787,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.blockchain[].ethereum.fftm.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.blockchain[].ethereum.fftm.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -815,15 +864,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.blockchain[].fabric.fabconnect.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.blockchain[].fabric.fabconnect.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -883,15 +942,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.blockchain[].tezos.addressResolver.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.blockchain[].tezos.addressResolver.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -947,15 +1016,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.blockchain[].tezos.tezosconnect.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.blockchain[].tezos.tezosconnect.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -1076,15 +1155,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.dataexchange[].ffdx.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.dataexchange[].ffdx.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -1152,15 +1241,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.sharedstorage[].ipfs.api.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.sharedstorage[].ipfs.api.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -1202,15 +1301,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.sharedstorage[].ipfs.gateway.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.sharedstorage[].ipfs.gateway.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -1277,15 +1386,25 @@ title: Configuration Reference |initWaitTime|The initial retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`250ms` |maxWaitTime|The maximum retry delay|[`time.Duration`](https://pkg.go.dev/time#Duration)|`30s` +## plugins.tokens[].fftokens.throttle + +|Key|Description|Type|Default Value| +|---|-----------|----|-------------| +|burst|The maximum number of requests that can be made in a short period of time before the throttling kicks in.|`int`|`` +|requestsPerSecond|The average rate at which requests are allowed to pass through over time.|`int`|`` + ## plugins.tokens[].fftokens.tls |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` @@ -1346,11 +1465,14 @@ title: Configuration Reference |Key|Description|Type|Default Value| |---|-----------|----|-------------| +|ca|The TLS certificate authority in PEM format (this option is ignored if caFile is also set)|`string`|`` |caFile|The path to the CA file for TLS on this API|`string`|`` +|cert|The TLS certificate in PEM format (this option is ignored if certFile is also set)|`string`|`` |certFile|The path to the certificate file for TLS on this API|`string`|`` |clientAuth|Enables or disables client auth for TLS on this API|`string`|`` |enabled|Enables or disables TLS on this API|`boolean`|`false` |insecureSkipHostVerify|When to true in unit test development environments to disable TLS verification. Use with extreme caution|`boolean`|`` +|key|The TLS certificate key in PEM format (this option is ignored if keyFile is also set)|`string`|`` |keyFile|The path to the private key file for TLS on this API|`string`|`` |requiredDNAttributes|A set of required subject DN attributes. Each entry is a regular expression, and the subject certificate must have a matching attribute of the specified type (CN, C, O, OU, ST, L, STREET, POSTALCODE, SERIALNUMBER are valid attributes)|`map[string]string`|`` diff --git a/doc-site/docs/reference/types/_includes/blockchainevent_description.md b/doc-site/docs/reference/types/_includes/blockchainevent_description.md index 67d37f978e..85546259ea 100644 --- a/doc-site/docs/reference/types/_includes/blockchainevent_description.md +++ b/doc-site/docs/reference/types/_includes/blockchainevent_description.md @@ -25,8 +25,8 @@ the blockchain plugins to try and create some consistency. An example `protocolId` string is: `000000000041/000020/000003` - `000000000041` - this is the block number -- `000020` - this is the transaction index within that block -- `000003` - this is the event (/log) index within that transaction +- `000020` - this is the **transaction** index within that **block** +- `000003` - this is the **event (/log)** index within that **block** The string is alphanumerically sortable as a plain string; diff --git a/doc-site/docs/tutorials/custom_contracts/index.md b/doc-site/docs/tutorials/custom_contracts/index.md index 449099a1e0..70a4467cd0 100644 --- a/doc-site/docs/tutorials/custom_contracts/index.md +++ b/doc-site/docs/tutorials/custom_contracts/index.md @@ -12,23 +12,32 @@ FireFly's unified API creates a consistent application experience regardless of FireFly defines the following constructs to support custom smart contracts: -- **Contract Interface**: FireFly defines a common, blockchain agnostic way to describe smart contracts. This is referred to as a Contract Interface. A contract interface is written in the FireFly Interface (FFI) format. It is a simple JSON document that has a name, a namespace, a version, a list of methods, and a list of events. +### Contract Interface + +FireFly defines a common, blockchain agnostic way to describe smart contracts. This is referred to as a Contract Interface. A contract interface is written in the FireFly Interface (FFI) format. It is a simple JSON document that has a name, a namespace, a version, a list of methods, and a list of events. For more details, you can also have a look at the [Reference page for the FireFly Interface Format](../../reference/firefly_interface_format.md). -For blockchains that offer a DSL describing the smart contract interface, such as Ethereum's ABI (Application Binary Interface), FireFly offers a convenience tool to convert the DSL into the FFI format. +For blockchains that offer a DSL describing the smart contract interface, such as Ethereum's ABI (Application Binary Interface), FireFly offers an API to [convert the DSL into the FFI format](../custom_contracts/ethereum.md#the-firefly-interface-format). + > **NOTE**: Contract interfaces are scoped to a namespace. Within a namespace each contract interface must have a unique name and version combination. The same name and version combination can exist in _different_ namespaces simultaneously. -- **HTTP API**: Based on a Contract Interface, FireFly further defines an HTTP API for the smart contract, which is complete with an OpenAPI Specification and the Swagger UI. An HTTP API defines an `/invoke` root path to submit transactions, and a `/query` root path to send query requests to read the state back out. +### HTTP API + +Based on a Contract Interface, FireFly further defines an HTTP API for the smart contract, which is complete with an OpenAPI Specification and the Swagger UI. An HTTP API defines an `/invoke` root path to submit transactions, and a `/query` root path to send query requests to read the state back out. -How the invoke vs. query requests get interpreted into the native blockchain requests are specific to the blockchain's connector. For instance, the Ethereum connector translates `/invoke` calls to `eth_sendTransaction` JSON-RPC requests, while `/query` calls are translated into `eth_call` JSON-RPC requests. One the other hand, the Fabric connector translates `/invoke` calls to the multiple requests required to submit a transaction to a Fabric channel (which first collects endorsements from peer nodes, and then sends the assembled transaction payload to an orderer, for details please refer to the Fabric documentation). +How the invoke vs. query requests get interpreted into the native blockchain requests are specific to the blockchain's connector. For instance, the Ethereum connector translates `/invoke` calls to `eth_sendTransaction` JSON-RPC requests, while `/query` calls are translated into `eth_call` JSON-RPC requests. On the other hand, the Fabric connector translates `/invoke` calls to the multiple requests required to submit a transaction to a Fabric channel (which first collects endorsements from peer nodes, and then sends the assembled transaction payload to an orderer, for details please refer to the Fabric documentation). -- **Blockchain Event Listener**: Regardless of a blockchain's specific design, transaction processing are always asynchronous. This means a transaction is submitted to the network, at which point the submitting client gets an acknowledgement that it has been accepted for further processing. The client then listens for notifications by the blockchain when the transaction gets committed to the blockchain's ledger. +### Blockchain Event Listener + +Regardless of a blockchain's specific design, transaction processing are always asynchronous. This means a transaction is submitted to the network, at which point the submitting client gets an acknowledgement that it has been accepted for further processing. The client then listens for notifications by the blockchain when the transaction gets committed to the blockchain's ledger. FireFly defines event listeners to allow the client application to specify the relevant blockchain events to keep track of. A client application can then receive the notifications from FireFly via an event subscription. -- **Event Subscription**: While an event listener tells FireFly to keep track of certain events emitted by the blockchain, an event subscription tells FireFly to relay those events to the client application. Each subscriptions represents a stream of events that can be delivered to a listening client with various modes of delivery with at-least-once delivery guarantee. +### Event Subscription + +An event listener in FireFly tracks specific blockchain events, while an event subscription directs FireFly to send those events to the client application. Each subscription creates a stream of events that can be delivered to the client with various delivery options, ensuring an at-least-once delivery guarantee. This is exactly the same as listening for any other events from FireFly. For more details on how Subscriptions work in FireFly you can read the [Getting Started guide to Listen for events](../events.md). diff --git a/go.mod b/go.mod index 2d6c72a2a3..1e33dbb441 100644 --- a/go.mod +++ b/go.mod @@ -15,8 +15,8 @@ require ( github.com/golang-migrate/migrate/v4 v4.17.0 github.com/gorilla/mux v1.8.1 github.com/gorilla/websocket v1.5.1 - github.com/hyperledger/firefly-common v1.4.6 - github.com/hyperledger/firefly-signer v1.1.12 + github.com/hyperledger/firefly-common v1.4.9 + github.com/hyperledger/firefly-signer v1.1.14 github.com/jarcoal/httpmock v1.2.0 github.com/lib/pq v1.10.9 github.com/mattn/go-sqlite3 v1.14.19 @@ -87,6 +87,7 @@ require ( golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e // indirect golang.org/x/sys v0.16.0 // indirect golang.org/x/term v0.16.0 // indirect + golang.org/x/time v0.5.0 // indirect google.golang.org/protobuf v1.32.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect diff --git a/go.sum b/go.sum index cf382953b7..f6b984f723 100644 --- a/go.sum +++ b/go.sum @@ -77,10 +77,10 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hyperledger/firefly-common v1.4.6 h1:qqXoSaRml3WjUnWcWxrrXs5AIOWa+UcMXLCF8yEa4Pk= -github.com/hyperledger/firefly-common v1.4.6/go.mod h1:jkErZdQmC9fsAJZQO427tURdwB9iiW+NMUZSqS3eBIE= -github.com/hyperledger/firefly-signer v1.1.12 h1:wv1cq4HV60G2MQdmIEkYkywoxUSkaH0ss95Nn3ohdEk= -github.com/hyperledger/firefly-signer v1.1.12/go.mod h1:4MW7bcTqPsS7SKwANJZRL030cJRsHcpB/a+06wUROvc= +github.com/hyperledger/firefly-common v1.4.9 h1:PfPZ73FN8WUoPl8iF8ud00B8476+jmqXHHi94w0Krbc= +github.com/hyperledger/firefly-common v1.4.9/go.mod h1:dXewcVMFNON2SvQ1UPvu64OWUt77+M3p8qy61lT1kE4= +github.com/hyperledger/firefly-signer v1.1.14 h1:gSGwdBHTLPchGlmLOKk2Y2nawfMhlH2CDm2owt0lIUE= +github.com/hyperledger/firefly-signer v1.1.14/go.mod h1:Xj2PF6y8Ce26jX38ch0KasNnnZCSyzcwyLSv8NN+7JA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/invopop/yaml v0.2.0 h1:7zky/qH+O0DwAyoobXUqvVBwgBFRxKoQ/3FjcVpjTMY= diff --git a/internal/events/blockchain_event.go b/internal/events/blockchain_event.go index 8708c9cd31..337cadcff2 100644 --- a/internal/events/blockchain_event.go +++ b/internal/events/blockchain_event.go @@ -71,20 +71,21 @@ func (em *eventManager) getChainListenerByProtocolIDCached(ctx context.Context, return l, nil } -func (em *eventManager) maybePersistBlockchainEvent(ctx context.Context, chainEvent *core.BlockchainEvent, listener *core.ContractListener) error { +// handleBlockchainBatchPinEvent handles a blockchain event, returning true if the event was created, false if it was a duplicate along with an error if any failures occur +func (em *eventManager) maybePersistBlockchainEvent(ctx context.Context, chainEvent *core.BlockchainEvent, listener *core.ContractListener) (bool, error) { existing, err := em.txHelper.InsertOrGetBlockchainEvent(ctx, chainEvent) if err != nil { - return err + return false, err } if existing != nil { log.L(ctx).Debugf("Ignoring duplicate blockchain event %s", chainEvent.ProtocolID) // Return the ID of the existing event chainEvent.ID = existing.ID - return nil + return false, nil } topic := em.getTopicForChainListener(listener) ffEvent := core.NewEvent(core.EventTypeBlockchainEventReceived, chainEvent.Namespace, chainEvent.ID, chainEvent.TX.ID, topic) - return em.database.InsertEvent(ctx, ffEvent) + return true, em.database.InsertEvent(ctx, ffEvent) } func (em *eventManager) getChainListenerCached(cacheKey string, getter func() (*core.ContractListener, error)) (*core.ContractListener, error) { diff --git a/internal/events/blockchain_event_test.go b/internal/events/blockchain_event_test.go index 67c293a5cd..4823eff538 100644 --- a/internal/events/blockchain_event_test.go +++ b/internal/events/blockchain_event_test.go @@ -151,6 +151,7 @@ func TestContractEventWrongNS(t *testing.T) { } +// TODO: Add test case for event not existing func TestPersistBlockchainEventDuplicate(t *testing.T) { em := newTestEventManager(t) defer em.cleanup(t) @@ -173,9 +174,10 @@ func TestPersistBlockchainEventDuplicate(t *testing.T) { em.mth.On("InsertOrGetBlockchainEvent", mock.Anything, ev). Return(&core.BlockchainEvent{ID: existingID}, nil) - err := em.maybePersistBlockchainEvent(em.ctx, ev, nil) + created, err := em.maybePersistBlockchainEvent(em.ctx, ev, nil) assert.NoError(t, err) assert.Equal(t, existingID, ev.ID) + assert.False(t, created) } diff --git a/internal/events/event_manager_test.go b/internal/events/event_manager_test.go index f634108c42..ac06c88c08 100644 --- a/internal/events/event_manager_test.go +++ b/internal/events/event_manager_test.go @@ -681,7 +681,7 @@ func TestEventFilterOnSubscriptionMatchesEventType(t *testing.T) { filteredEvents, _ = em.FilterHistoricalEventsOnSubscription(context.Background(), events, subscription) assert.NotNil(t, filteredEvents) assert.Equal(t, 1, len(filteredEvents)) - + listenerUuid := fftypes.NewUUID() events[0].Event.Topic = "" diff --git a/internal/events/token_pool_created.go b/internal/events/token_pool_created.go index dec69f4468..2fb4c1ea2c 100644 --- a/internal/events/token_pool_created.go +++ b/internal/events/token_pool_created.go @@ -62,10 +62,13 @@ func (em *eventManager) confirmPool(ctx context.Context, pool *core.TokenPool, e Type: pool.TX.Type, BlockchainID: blockchainID, }) - if err := em.maybePersistBlockchainEvent(ctx, chainEvent, nil); err != nil { + created, err := em.maybePersistBlockchainEvent(ctx, chainEvent, nil) + if err != nil { return err } - em.emitBlockchainEventMetric(ev) + if created { + em.emitBlockchainEventMetric(ev) + } } if _, err := em.txHelper.PersistTransaction(ctx, pool.TX.ID, pool.TX.Type, blockchainID); err != nil { return err diff --git a/internal/events/tokens_approved.go b/internal/events/tokens_approved.go index f93b719681..272641f546 100644 --- a/internal/events/tokens_approved.go +++ b/internal/events/tokens_approved.go @@ -1,4 +1,4 @@ -// Copyright © 2023 Kaleido, Inc. +// Copyright © 2024 Kaleido, Inc. // // SPDX-License-Identifier: Apache-2.0 // @@ -97,10 +97,13 @@ func (em *eventManager) persistTokenApproval(ctx context.Context, approval *toke Type: approval.TX.Type, BlockchainID: approval.Event.BlockchainTXID, }) - if err := em.maybePersistBlockchainEvent(ctx, chainEvent, nil); err != nil { + created, err := em.maybePersistBlockchainEvent(ctx, chainEvent, nil) + if err != nil { return false, err } - em.emitBlockchainEventMetric(approval.Event) + if created { + em.emitBlockchainEventMetric(approval.Event) + } approval.BlockchainEvent = chainEvent.ID fb := database.TokenApprovalQueryFactory.NewFilter(ctx) diff --git a/internal/events/tokens_transferred.go b/internal/events/tokens_transferred.go index 74cccc89de..c4048611f3 100644 --- a/internal/events/tokens_transferred.go +++ b/internal/events/tokens_transferred.go @@ -1,4 +1,4 @@ -// Copyright © 2023 Kaleido, Inc. +// Copyright © 2024 Kaleido, Inc. // // SPDX-License-Identifier: Apache-2.0 // @@ -89,10 +89,13 @@ func (em *eventManager) persistTokenTransfer(ctx context.Context, transfer *toke Type: transfer.TX.Type, BlockchainID: transfer.Event.BlockchainTXID, }) - if err := em.maybePersistBlockchainEvent(ctx, chainEvent, nil); err != nil { + created, err := em.maybePersistBlockchainEvent(ctx, chainEvent, nil) + if err != nil { return false, err } - em.emitBlockchainEventMetric(transfer.Event) + if created { + em.emitBlockchainEventMetric(transfer.Event) + } transfer.BlockchainEvent = chainEvent.ID // This is a no-op if we've already persisted this token transfer diff --git a/manifest.json b/manifest.json index bd063f42b1..8e5f5fc0e0 100644 --- a/manifest.json +++ b/manifest.json @@ -6,8 +6,8 @@ }, "evmconnect": { "image": "ghcr.io/hyperledger/firefly-evmconnect", - "tag": "v1.3.14", - "sha": "7fbd5b236262b8f13ed43e1c691aad0ee31437f2db20e675d75864b568afe9ed" + "tag": "v1.3.16", + "sha": "ada3a7e3d21e4096088e133d02feb67e5aa4ad01fbd663e5d60efe2b9f0956d8" }, "fabconnect": { "image": "ghcr.io/hyperledger/firefly-fabconnect", @@ -16,8 +16,8 @@ }, "tezosconnect": { "image": "ghcr.io/hyperledger/firefly-tezosconnect", - "tag": "v0.2.4", - "sha": "cbb0bef8ae8b5d4adffd564591ddab0e1ca68442c10183679ba207049e64a59e" + "tag": "v0.2.6", + "sha": "ad5ba1ddc54140674575eed2edab0e46428895df1199b89e47599c5a45f353ba" }, "dataexchange-https": { "image": "ghcr.io/hyperledger/firefly-dataexchange-https", @@ -36,15 +36,15 @@ }, "signer": { "image": "ghcr.io/hyperledger/firefly-signer", - "tag": "v1.1.13", - "sha": "9f4c29ea05eb111d958d8210601cdf876b4f70fbe443c080dbc7c0c16c7921e9" + "tag": "v1.1.14", + "sha": "eba976858677a6d101abb7d293f88ce785bdb5abe1a53e524cbcbce0b317d0de" }, "build": { "firefly-builder": { "image": "golang:1.21-alpine3.19" }, "fabric-builder": { - "image": "golang:1.21", + "image": "golang:1.21", "platform": "linux/x86_64" }, "solidity-builder": { @@ -59,6 +59,6 @@ "release": "v1.3.0" }, "cli": { - "tag": "v1.3.1" + "tag": "v1.3.2-rc1" } }