-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #10609 from vegaprotocol/release/v0.74.0
Release/v0.74.0
- Loading branch information
Showing
1,866 changed files
with
223,547 additions
and
56,790 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| --- | ||
| name: API request | ||
| about: A request for an API to support a feature | ||
| title: '[API]: ' | ||
| labels: "api" | ||
| assignees: '' | ||
| --- | ||
|
|
||
| # API Overview | ||
|
|
||
| **In order to** ... (context - overcome a problem or meet a requirement) | ||
| **We will build an API to**... (what - describe what the API needs to do) | ||
| **So that** ... (why - we create these outcomes) | ||
|
|
||
| - | ||
| - | ||
| - | ||
|
|
||
| ## Specs | ||
| [Spec name](URL) to spec or section within a spec | ||
|
|
||
| ## API request details | ||
|
|
||
| - [ ] Create an API that... (specific details about the API's functionality and what it should provide) | ||
| - [ ] | ||
|
|
||
| ### Filtering requirements (inputs) | ||
| - [ ] | ||
| - [ ] | ||
|
|
||
| ### Sample API output (optional) | ||
|
|
||
| ``` | ||
| ``` | ||
|
|
||
| ## Questions | ||
| Open questions about the feature implementation, what can be done with the APIs, or currently unresolved questions around the feature. | ||
|
|
||
| ## API test scenarios | ||
| Detailed scenarios that can be executed as feature tests to verify that the API has been implemented as expected. | ||
|
|
||
| GIVEN (setup/context) | ||
| WHEN (action) | ||
| THEN (assertion) For example... | ||
| See [here](https://github.com/vegaprotocol/vega/tree/develop/core/integration) for more format information and examples. | ||
|
|
||
| ### Additional Details (optional) | ||
| Any additional information that provides context or gives information that will help us develop the feature. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| --- | ||
| name: 'Sign windows binary' | ||
| description: 'Sign binary using EV certificate' | ||
|
|
||
| inputs: | ||
| current-working-directory: | ||
| description: 'The working directory, where the binary is located in' | ||
| required: true | ||
| default: './' | ||
| binary-file: | ||
| description: 'Binary file to sign' | ||
| required: true | ||
| default: '' | ||
| gcp-credentials: | ||
| description: 'GCP credentials' | ||
| required: true | ||
| default: '' | ||
| ev-cert-pem: | ||
| description: 'EV certificate PEM' | ||
| required: true | ||
| default: '' | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - name: "Import signing certificate" | ||
| shell: bash | ||
| run: | | ||
| cd "${{ inputs.current-working-directory }}" && \ | ||
| echo "${{ inputs.ev-cert-pem }}" > certificate_chain.pem | ||
| - name: "Download Java v17" | ||
| uses: oracle-actions/setup-java@v1 | ||
| with: | ||
| website: oracle.com | ||
| release: 17 | ||
|
|
||
| - name: "Setup python" | ||
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: "3.9" | ||
|
|
||
| - name: "Authenticate to the Google Cloud" | ||
| uses: "google-github-actions/auth@v1" | ||
| with: | ||
| credentials_json: "${{ inputs.gcp-credentials }}" | ||
|
|
||
| - name: "Set up Cloud SDK" | ||
| uses: "google-github-actions/setup-gcloud@v1" | ||
| env: | ||
| CLOUDSDK_PYTHON: "python3" | ||
|
|
||
| - name: "Check the Google Cloud CLI" | ||
| shell: bash | ||
| run: "gcloud info" | ||
|
|
||
| - name: "Download signing tool and verify sha265 checksum" | ||
| shell: bash | ||
| run: | | ||
| cd "${{ inputs.current-working-directory }}" && \ | ||
| curl -L -o jsign.jar "https://github.com/ebourg/jsign/releases/download/4.2/jsign-4.2.jar" && \ | ||
| echo '290377fc4f593256200b3ea4061b7409e8276255f449d4c6de7833faf0850cc1 jsign.jar' | sha256sum -c | ||
| # We sign binaries with the EV Certificate. You MUST NOT have a key in a file to sign binary. | ||
| # The only options to store keys are: | ||
| # - HSM architecture(e.g., AWS or Google) | ||
| # - Physical USB stick with hardware stored key | ||
| # We are using the first option to be able to sign the binaries within the CI servers without | ||
| # physical access to them. However, this signing method requires the signing tool supporting the HSM key. | ||
| # | ||
| # The high-level signing procedure looks like below: | ||
| # 1. Calculate the SHA256 Hash for the app | ||
| # 2. Send a request to sign the hash to the Google Cloud | ||
| # 3. Google signs our signature with a physically stored key on Google's HSM server and returns the signature over the network | ||
| # 4. Add our certificate and the signature received from the Google HSM to the EXE file | ||
| # 5. Our signature hash is again signed with the timestamp authority's private key, and the final hash is added to our binary. | ||
| # 6. Final executable with all necessary signing information included is produced | ||
| - name: "Sign binary" | ||
| shell: bash | ||
| run: | | ||
| cd "${{ inputs.current-working-directory }}" && \ | ||
| java -jar jsign.jar \ | ||
| --storetype GOOGLECLOUD \ | ||
| --storepass "$(gcloud auth print-access-token)" \ | ||
| --keystore "projects/vegaprotocol/locations/europe-west2/keyRings/windows-sign-apps" \ | ||
| --alias "digicert-ev-signing-key-ecc-256" \ | ||
| --certfile "./certificate_chain.pem" \ | ||
| --tsmode RFC3161 \ | ||
| --tsaurl http://timestamp.globalsign.com/tsa/r6advanced1 \ | ||
| "${{ inputs.binary-file }}" | ||
| - name: "Clean up" | ||
| shell: bash | ||
| run: | | ||
| cd "${{ inputs.current-working-directory }}" && \ | ||
| rm -f certificate_chain.pem && \ | ||
| rm -f jsign.jar |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.