chore: Merge remote-tracking branch 'origin/summit-2023'

cardano-foundation · Nov 13, 2023 · f1ad94a · f1ad94a
2 parents 6376e96 + f4fb51d
commit f1ad94a
Show file tree

Hide file tree

Showing 267 changed files with 8,794 additions and 1,874 deletions.
diff --git a/.github/workflows/publish-summit-2023.yaml b/.github/workflows/publish-summit-2023.yaml
@@ -0,0 +1,135 @@
+name: Build and Publish Docker images (Summit 2023 Support Branch)
+
+on:
+  push:
+    branches:
+      - summit-2023
+  workflow_dispatch:
+
+env:
+  PRIVATE_DOCKER_REGISTRY_URL: ${{ secrets.GITLAB_DOCKER_REGISTRY_URL }}
+  PRIVATE_DOCKER_REGISTRY_USER: Deploy-Token
+  PRIVATE_DOCKER_REGISTRY_PASS: ${{ secrets.GITLAB_PKG_REGISTRY_TOKEN }}
+
+jobs:
+
+  build-version:
+    runs-on: self-hosted
+    outputs:
+      ARTIFACT_VERSION: ${{ steps.metadata.outputs.ARTIFACT_VERSION }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup dependencies
+        run: |
+          pip install yq
+
+      - name: Set extra environment and metadata
+        id: metadata
+        run: |
+          CURRENT_VERSION=$(cat version.txt)
+          SHORT_HASH=$(echo "$GITHUB_SHA" | cut -c -5)
+          
+          if [ ${{github.event_name}} == "pull_request" ]
+          then
+            PR_NUMBER=$(echo $GITHUB_REF | awk -F/ '{ print $3 }')
+            echo "ARTIFACT_VERSION=${CURRENT_VERSION}-PR${PR_NUMBER}-$GITHUB_RUN_NUMBER" >> "$GITHUB_OUTPUT"
+          elif [ ${{github.event_name}} == "push" ]
+          then
+            echo "ARTIFACT_VERSION=${CURRENT_VERSION}-$GITHUB_RUN_NUMBER-${SHORT_HASH}" >> "$GITHUB_OUTPUT"
+          else
+            BRANCH=${GITHUB_REF##*/}
+            echo "BRANCH=${GITHUB_REF##*/}" >> "$GITHUB_OUTPUT"
+            echo "ARTIFACT_VERSION=${CURRENT_VERSION}" >> "$GITHUB_OUTPUT"
+          fi
+
+  publish-voting-app:
+    runs-on: self-hosted
+    env:
+      APP_NAME: voting-app
+    needs: build-version
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up JDK
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+          cache: 'gradle'
+      - name: Execute Gradle build
+        working-directory: backend-services/${{ env.APP_NAME }}
+        run: ./gradlew bootJar
+
+      - name: Private Docker Hub Login
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}
+          username: ${{ env.PRIVATE_DOCKER_REGISTRY_USER }}
+          password: ${{ env.PRIVATE_DOCKER_REGISTRY_PASS }}
+
+      - name: Public Docker Hub Login
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_REGISTRY_USER }}
+          password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and Push docker image
+        uses: docker/build-push-action@v4
+        env:
+          ARTIFACT_VERSION: ${{needs.build-version.outputs.ARTIFACT_VERSION}}
+        with:
+          context: backend-services/${{ env.APP_NAME }}
+          push: true
+          tags: |
+            ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${{ env.APP_NAME }}:${{ env.ARTIFACT_VERSION }}
+  
+
+  publish-ui-summit-2023:
+    runs-on: self-hosted
+    env:
+      APP_NAME: summit-2023-ui
+    needs: build-version
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Private Docker Hub Login
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}
+          username: ${{ env.PRIVATE_DOCKER_REGISTRY_USER }}
+          password: ${{ env.PRIVATE_DOCKER_REGISTRY_PASS }}
+
+      - name: Public Docker Hub Login
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_REGISTRY_USER }}
+          password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build and Push docker image
+        uses: docker/build-push-action@v4
+        env:
+          REACT_APP_VOTING_APP_SERVER_URL: https://api.dev.cf-summit-2023-preprod.eu-west-1.metadata.dev.cf-deployments.org
+          REACT_APP_VOTING_LEDGER_FOLLOWER_APP_SERVER_URL: https://follower-api.dev.cf-summit-2023-preprod.eu-west-1.metadata.dev.cf-deployments.org
+          REACT_APP_VOTING_VERIFICATION_APP_SERVER_URL: https://verification-api.dev.cf-summit-2023-preprod.eu-west-1.metadata.dev.cf-deployments.org
+          REACT_APP_USER_VERIFICATION_SERVER_URL: https://user-verification.dev.cf-summit-2023-preprod.eu-west-1.metadata.dev.cf-deployments.org
+          ARTIFACT_VERSION: ${{needs.build-version.outputs.ARTIFACT_VERSION}}
+        with:
+          context: ui/summit-2023
+          push: true
+          build-args: |
+            "REACT_APP_VERSION=${{ env.ARTIFACT_VERSION }}"
+            "REACT_APP_VOTING_APP_SERVER_URL=${{ env.REACT_APP_VOTING_APP_SERVER_URL }}"
+            "REACT_APP_VOTING_LEDGER_FOLLOWER_APP_SERVER_URL=${{ env.REACT_APP_VOTING_LEDGER_FOLLOWER_APP_SERVER_URL }}"
+            "REACT_APP_VOTING_VERIFICATION_APP_SERVER_URL=${{ env.REACT_APP_VOTING_VERIFICATION_APP_SERVER_URL }}"
+            "REACT_APP_USER_VERIFICATION_SERVER_URL=${{ env.REACT_APP_USER_VERIFICATION_SERVER_URL }}"
+          tags: |
+            ${{ env.PRIVATE_DOCKER_REGISTRY_URL }}/${{ env.APP_NAME }}:${{ env.ARTIFACT_VERSION }}
diff --git a/backend-services/hydra-tally-app/.run/HydraTallyApp (devnet--alice).run.xml b/backend-services/hydra-tally-app/.run/HydraTallyApp (devnet--alice).run.xml
@@ -0,0 +1,24 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="HydraTallyApp (devnet--alice)" type="Application" factoryName="Application">
+    <envs>
+      <env name="SPRING_CONFIG_LOCATION" value="classpath:/application-devnet.properties,classpath:/application-devnet--alice.properties" />
+      <env name="SPRING_PROFILES_ACTIVE" value="devnet--alice" />
+    </envs>
+    <option name="MAIN_CLASS_NAME" value="org.cardano.foundation.voting.HydraTallyApp" />
+    <module name="hydra-tally-app.main" />
+    <extension name="coverage">
+      <pattern>
+        <option name="PATTERN" value="org.cardano.foundation.voting.*" />
+        <option name="ENABLED" value="true" />
+      </pattern>
+    </extension>
+    <extension name="software.aws.toolkits.jetbrains.core.execution.JavaAwsConnectionExtension">
+      <option name="credential" />
+      <option name="region" />
+      <option name="useCurrentConnection" value="false" />
+    </extension>
+    <method v="2">
+      <option name="Make" enabled="true" />
+    </method>
+  </configuration>
+</component>
diff --git a/backend-services/hydra-tally-app/Dockerfile b/backend-services/hydra-tally-app/Dockerfile
@@ -0,0 +1,9 @@
+FROM openjdk:21-jdk-slim AS build
+WORKDIR /app
+COPY . /app
+RUN ./gradlew clean build
+
+FROM openjdk:21-jdk-slim AS runtime
+WORKDIR /app
+COPY --from=build /app/build/libs/*SNAPSHOT.jar /app/app.jar
+ENTRYPOINT ["java", "-jar", "app.jar"]
diff --git a/backend-services/hydra-tally-app/README.md b/backend-services/hydra-tally-app/README.md
@@ -0,0 +1,23 @@
+## Hydra Tally App
+
+# Application Description
+
+Hydra-Tally-App is a CLI application which contains logic to connect to Hydra network. Application demonstrates usage
+of smart contracts (Aiken) to perform counting (tally) of the votes and providing result.
+
+The application should be run in a fedration of hydra operators. It should be used to validate and assert results, which
+are provided in a centralised manner.
+
+# Disclaimer
+Application is currently not ready to run in Byzantine environment. It should be hosted in a federated way. There are scenarios known,
+in which a malicous actor could exploit the tally process, currently it serves as a Hydra / Aiken show-case.
+
+# Removing Federation
+In order to enable Hydra-Tally-App to work in a decentralised manner, the following limitations would have to lifted / solved:
+- Deduplication of votes within Smart Contract (e.g. using https://github.com/micahkendall/distributed-set)
+- Preventing any Hydra Operator to close the head while tallying the votes (e.g. by forcing them to lock up in a contract and slashing in case of early fan-out)
+- Prevent accumulator eUTxO fraud, any Hydra operator could commit fraudulent eUTxO to the contract address (e.g. Watch Towers to check if eUTxO is pointing to the root via a fraud proof transaction, 2 contracts idea)
+- Multi-Sig for closing the head (e.g. 2 out of 3 Hydra Operators have to sign the transaction). We need to make sure that one hydra operator won't be able to spend UTxO on L1 and "rug" others
+
+- private votes on hydra without early results publishing to the network (no idea yet) 
+
diff --git a/backend-services/hydra-tally-app/build.gradle.kts b/backend-services/hydra-tally-app/build.gradle.kts
@@ -0,0 +1,73 @@
+plugins {
+	java
+	id("io.spring.dependency-management") version "1.1.3"
+    id("org.graalvm.buildtools.native") version "0.9.27"
+    id("com.github.ben-manes.versions") version "0.48.0"
+	id("org.springframework.boot") version "3.1.4"
+}
+
+group = "org.cardano.foundation"
+version = "1.0.0-SNAPSHOT"
+java.sourceCompatibility = JavaVersion.VERSION_17
+
+configurations {
+	compileOnly {
+		extendsFrom(configurations.annotationProcessor.get())
+	}
+}
+
+repositories {
+	mavenCentral()
+	mavenLocal()
+	maven { url = uri("https://repo.spring.io/milestone") }
+}
+
+extra["springShellVersion"] = "3.1.4"
+
+dependencies {
+	implementation("org.springframework.shell:spring-shell-starter")
+	testImplementation("org.springframework.boot:spring-boot-starter-test")
+	implementation("org.springframework.boot:spring-boot-starter-reactor-netty")
+
+	implementation("org.springframework.shell:spring-shell-starter")
+
+	compileOnly("org.projectlombok:lombok:1.18.30")
+	annotationProcessor("org.projectlombok:lombok:1.18.30")
+
+	testCompileOnly("org.projectlombok:lombok:1.18.30")
+	testAnnotationProcessor("org.projectlombok:lombok:1.18.30")
+
+	implementation("org.apache.commons:commons-csv:1.10.0")
+
+	implementation("org.cardanofoundation:cip30-data-signature-parser:0.0.11")
+
+	implementation("com.bloxbean.cardano:cardano-client-crypto:0.5.0")
+	implementation("com.bloxbean.cardano:cardano-client-address:0.5.0")
+	implementation("com.bloxbean.cardano:cardano-client-metadata:0.5.0")
+	implementation("com.bloxbean.cardano:cardano-client-quicktx:0.5.0")
+	implementation("com.bloxbean.cardano:cardano-client-backend-blockfrost:0.5.0")
+	implementation("com.bloxbean.cardano:cardano-client-cip30:0.5.0")
+	implementation("com.bloxbean.cardano:cardano-client-core:0.5.0")
+	annotationProcessor("com.bloxbean.cardano:cardano-client-annotation-processor:0.5.0")
+
+	implementation("org.cardanofoundation:hydra-java-client:0.0.10")
+	implementation("org.cardanofoundation:hydra-java-cardano-client-lib-adapter:0.0.10")
+	implementation("org.cardanofoundation:hydra-java-reactive-reactor-client:0.0.10")
+
+//	implementation("one.util:streamex:0.8.1")
+
+    implementation("io.vavr:vavr:0.10.4")
+    implementation("org.zalando:problem-spring-web-starter:0.29.1")
+
+	implementation("com.bloxbean.cardano:aiken-java-binding:0.0.8")
+}
+
+dependencyManagement {
+	imports {
+		mavenBom("org.springframework.shell:spring-shell-dependencies:${property("springShellVersion")}")
+	}
+}
+
+tasks.withType<Test> {
+	useJUnitPlatform()
+}
diff --git a/backend-services/hydra-tally-app/gradle/wrapper/gradle-wrapper.jar b/backend-services/hydra-tally-app/gradle/wrapper/gradle-wrapper.jar
diff --git a/backend-services/hydra-tally-app/gradle/wrapper/gradle-wrapper.properties b/backend-services/hydra-tally-app/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists