-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Konradstaniec/add remote signer module #33
Merged
Merged
Changes from all commits
Commits
Show all changes
8 commits
Select commit
Hold shift + click to select a range
8066bf3
Add remote signer module
KonradStaniec 5ceac16
run tests through root make file
KonradStaniec ed6bb0b
Adapt signer to phase-2
KonradStaniec a86f8d8
add cosmos keyring
KonradStaniec 3d4c63c
add change log
KonradStaniec ba5b366
pr comments
KonradStaniec 6cafc58
Make gosec work
KonradStaniec e8624d5
minor fixes
KonradStaniec File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,7 +16,7 @@ jobs: | |
run-lint: true | ||
run-build: true | ||
run-gosec: true | ||
gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil ./..." | ||
gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil -exclude-dir=covenant-signer ./..." | ||
|
||
docker_pipeline: | ||
uses: babylonlabs-io/.github/.github/workflows/[email protected] | ||
|
@@ -25,3 +25,23 @@ jobs: | |
publish: false | ||
dockerfile: ./Dockerfile | ||
repoName: covenant-emulator | ||
|
||
go_sec_covenant_signer: | ||
runs-on: ubuntu-24.04 | ||
env: | ||
GO111MODULE: on | ||
steps: | ||
- name: Fetch Repository | ||
uses: actions/checkout@v4 | ||
- name: Install Go | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: '^1.23.x' | ||
check-latest: true | ||
cache: false | ||
- name: Install Gosec | ||
run: go install github.com/securego/gosec/v2/cmd/gosec@latest | ||
- name: Run Gosec (covenant-signer) | ||
working-directory: ./covenant-signer | ||
run: gosec ./... | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
FROM golang:1.23.1-alpine as builder | ||
|
||
# Use muslc for static libs | ||
ARG BUILD_TAGS="muslc" | ||
|
||
RUN apk add --no-cache --update openssh git make build-base linux-headers libc-dev \ | ||
pkgconfig zeromq-dev musl-dev alpine-sdk libsodium-dev \ | ||
libzmq-static libsodium-static gcc | ||
|
||
# Build | ||
WORKDIR /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer | ||
# Cache dependencies | ||
COPY go.mod go.sum /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/ | ||
# Copy the rest of the files | ||
COPY ./ /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/ | ||
|
||
RUN CGO_LDFLAGS="$CGO_LDFLAGS -lstdc++ -lm -lsodium" \ | ||
CGO_ENABLED=1 \ | ||
BUILD_TAGS=$BUILD_TAGS \ | ||
LINK_STATICALLY=true \ | ||
make build | ||
|
||
# FINAL IMAGE | ||
FROM alpine:3.16 AS run | ||
|
||
RUN addgroup --gid 1138 -S covenant-signer && adduser --uid 1138 -S covenant-signer -G covenant-signer | ||
|
||
RUN apk add bash curl jq | ||
|
||
COPY --from=builder /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/build/covenant-signer /bin/covenant-signer | ||
|
||
WORKDIR /home/covenant-signer | ||
RUN chown -R covenant-signer /home/covenant-signer | ||
USER covenant-signer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
DOCKER = $(shell which docker) | ||
BUILDDIR ?= $(CURDIR)/build | ||
|
||
PACKAGES_E2E=$(shell go list ./... | grep '/itest') | ||
|
||
ldflags := $(LDFLAGS) | ||
build_tags := $(BUILD_TAGS) | ||
build_args := $(BUILD_ARGS) | ||
|
||
ifeq ($(VERBOSE),true) | ||
build_args += -v | ||
endif | ||
|
||
ifeq ($(LINK_STATICALLY),true) | ||
ldflags += -linkmode=external -extldflags "-Wl,-z,muldefs -static" -v | ||
endif | ||
|
||
BUILD_TARGETS := build install | ||
BUILD_FLAGS := --tags "$(build_tags)" --ldflags '$(ldflags)' | ||
|
||
all: build install | ||
|
||
build: BUILD_ARGS := $(build_args) -o $(BUILDDIR) | ||
|
||
$(BUILD_TARGETS): go.sum $(BUILDDIR)/ | ||
go $@ -mod=readonly $(BUILD_FLAGS) $(BUILD_ARGS) ./... | ||
|
||
$(BUILDDIR)/: | ||
mkdir -p $(BUILDDIR)/ | ||
|
||
build-docker: | ||
$(DOCKER) build --tag babylonlabs-io/covenant-signer -f Dockerfile \ | ||
$(shell git rev-parse --show-toplevel) | ||
|
||
.PHONY: build build-docker install tests | ||
|
||
test: | ||
go test ./... | ||
|
||
test-e2e: | ||
go test -mod=readonly -timeout=25m -v $(PACKAGES_E2E) -count=1 --tags=e2e |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/config" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
func init() { | ||
rootCmd.AddCommand(dumpCfgCmd) | ||
} | ||
|
||
var dumpCfgCmd = &cobra.Command{ | ||
Use: "dump-cfg", | ||
Short: "dumps default configuration file", | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
path, err := cmd.Flags().GetString(configPathKey) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
err = config.WriteConfigToFile(path, config.DefaultConfig()) | ||
|
||
if err != nil { | ||
return err | ||
} | ||
|
||
fmt.Printf("Default configuration file dumped to: %s \n", path) | ||
return nil | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package cmd | ||
|
||
import ( | ||
"path/filepath" | ||
|
||
"github.com/btcsuite/btcd/btcutil" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
var ( | ||
// Used for flags. | ||
configPath string | ||
configPathKey = "config" | ||
|
||
rootCmd = &cobra.Command{ | ||
Use: "covenant-signer", | ||
Short: "remote signing serivce to perform covenant duties", | ||
} | ||
|
||
// C:\Users\<username>\AppData\Local\signer on Windows | ||
// ~/.signer on Linux | ||
// ~/Library/Application Support/signer on MacOS | ||
dafaultConfigDir = btcutil.AppDataDir("signer", false) | ||
dafaultConfigPath = filepath.Join(dafaultConfigDir, "config.toml") | ||
) | ||
|
||
// Execute executes the root command. | ||
func Execute() error { | ||
return rootCmd.Execute() | ||
} | ||
|
||
func init() { | ||
rootCmd.PersistentFlags().StringVar( | ||
&configPath, | ||
configPathKey, | ||
dafaultConfigPath, | ||
"path to the configuration file", | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/spf13/cobra" | ||
|
||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/config" | ||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/keystore/cosmos" | ||
m "github.com/babylonlabs-io/covenant-emulator/covenant-signer/observability/metrics" | ||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/signerapp" | ||
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/signerservice" | ||
) | ||
|
||
func init() { | ||
rootCmd.AddCommand(runSignerCmd) | ||
} | ||
|
||
var runSignerCmd = &cobra.Command{ | ||
Use: "start", | ||
Short: "starts the signer service", | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
configPath, err := cmd.Flags().GetString(configPathKey) | ||
if err != nil { | ||
return err | ||
} | ||
cfg, err := config.GetConfig(configPath) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
parsedConfig, err := cfg.Parse() | ||
|
||
if err != nil { | ||
return err | ||
} | ||
|
||
var prk signerapp.PrivKeyRetriever | ||
if parsedConfig.KeyStoreConfig.KeyStoreType == config.CosmosKeyStore { | ||
kr, err := cosmos.NewCosmosKeyringRetriever(parsedConfig.KeyStoreConfig.CosmosKeyStore) | ||
if err != nil { | ||
return err | ||
} | ||
prk = kr | ||
} else { | ||
return fmt.Errorf("unknown key store type") | ||
} | ||
|
||
app := signerapp.NewSignerApp( | ||
prk, | ||
) | ||
|
||
metrics := m.NewCovenantSignerMetrics() | ||
|
||
srv, err := signerservice.New( | ||
cmd.Context(), | ||
parsedConfig, | ||
app, | ||
metrics, | ||
) | ||
|
||
if err != nil { | ||
return err | ||
} | ||
|
||
metricsAddress := fmt.Sprintf("%s:%d", cfg.Metrics.Host, cfg.Metrics.Port) | ||
|
||
m.Start(metricsAddress, metrics.Registry) | ||
|
||
// TODO: Add signal handling and gracefull shutdown | ||
return srv.Start() | ||
}, | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's start using context instead of
chan
and signal interrupts (see vigilante or benchmark repo). Can be done in separate PRThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree on that though I would to in separate pr 👍