Update the baseLedgerEndpoint configuration in the Paladin node confi…

…gurations to include the type and local nodeName. Update the build.gradle file for the Paladin operator to include a new task for preparing artifacts. Add a launch.json file for VS Code to include configurations for running the controller, contract generator, template generator, and artifacts generator. Update the chart versions in the Paladin operator and Paladin operator CRD charts to reflect the changes. Signed-off-by: dwertent <[email protected]>
LF-Decentralized-Trust-labs · Nov 22, 2024 · c354093 · c354093
1 parent d18833d
commit c354093
Show file tree

Hide file tree

Showing 30 changed files with 9,650 additions and 182 deletions.
diff --git a/.github/README.md b/.github/README.md
@@ -0,0 +1,66 @@
+# Workflow Overview
+
+This repository is equipped with automated workflows that streamline key processes for PRs, changes to the `main` branch, and releases. These workflows ensure smooth development, testing, and deployment cycles.
+
+## PR Opened 🚦
+When a developer opens a PR, several automated checks are triggered to validate the changes:
+
+- **[Build the Project](workflows/paladin-PR-build.yml):**  
+  Runs essential tasks to ensure code quality and reliability:
+  - **Build and Test:** Compiles the code and runs tests for all subdirectories.
+  - **[Build Docker Images](workflows/build-image.yaml):** Builds Docker images based on PR changes for local validation.  
+    > **Note:** These images are **not published** to a registry.
+  - **[Template the Helm Chart](workflows/build-chart.yaml):** Rebuilds and validates Helm charts for correctness.  
+    > **Note:** Charts are **not published** but tested locally.
+
+
+## Changes Pushed to Main 🌟
+Once changes are merged into the `main` branch, workflows prepare the project for production:
+
+- **[Build the Project](workflows/paladin-PR-build.yml):**  
+  Similar to PR checks, this ensures the integrity of the main branch:
+  - **Build and Test:** Compiles code and runs tests for all subdirectories.
+
+- **[Publish Docker Images](workflows/cross-build-images.yaml):**  
+  Produces production-grade, cross-platform Docker images and publishes them to the container registry:
+  - **Registry:** `ghcr.io/<repository-owner>`
+  - **Tagging:** Images are tagged with `main`.
+
+- **[Update Documentation](workflows/docs.yaml):**  
+  Detects documentation updates and publishes the latest content to the documentation site.
+
+
+## Release Time 🚀
+Releases deliver artifacts and resources to users and deployment targets through these workflows:
+
+- **[Release Orchestrator](workflows/release.yaml):**  
+  Triggered by a version tag (e.g., `v1.2.3`), this workflow coordinates all release activities:
+  - **[Release Docker Images](workflows/release-images.yaml):**  
+    Builds and **publishes Docker images** tagged with the release version (e.g., `v1.2.3`) and `latest`.
+    - **Registries:** 
+      - `ghcr.io/<repository-owner>`.
+      - `docker.io/<repository-owner>`.
+    > `latest` is configurable 
+  - **[Release Helm Chart](workflows/release-charts.yaml):**
+    Packages and **publishes Helm charts** to the chart repository tagged with the release version (e.g., `v1.2.3`) and `latest`.
+    > `latest` is configurable 
+  - **[Release TypeScript SDK](workflows/release-typescript-sdk.yaml):**  
+    Updates and **publishes the TypeScript SDK** to its registry:
+    - **Version:** Defined in [package.json](../sdk/typescript/package.json).
+
+### Releasing Options: 
+1. **Automatic:** Push a Git tag in the format `vX.Y.Z` (e.g., `v1.2.3`), and the workflows handle the release, marking it as the latest.
+2. **Manual:** Trigger the [release workflow](https://github.com/LF-Decentralized-Trust-labs/paladin/actions/workflows/release.yaml) via the GitHub Actions interface, specifying the version and selecting the "latest" option if needed.
+
+
+## Manual Actions 🛠️
+Workflows can also be triggered manually when needed. Available options include:
+
+- **[Release Orchestrator](workflows/release.yaml)**
+- **[Release Docker Images](workflows/release-images.yaml)**
+- **[Release Helm Chart](workflows/release-charts.yaml)**
+- **[Release TypeScript SDK](workflows/release-typescript-sdk.yaml)**
+- **[Build Helm Chart](workflows/build-chart.yaml)**
+- **[Build Docker Images](workflows/build-image.yaml)**  
+- **[Cross-Platform Docker Image Build](workflows/cross-build-images.yaml)**  
+
diff --git a/.github/workflows/release-charts.yaml b/.github/workflows/release-charts.yaml
@@ -1,5 +1,10 @@
 name: Helm Chart release
 
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+
 on:
   workflow_call:
     inputs:
@@ -135,8 +140,23 @@ jobs:
       - name: Run chart-releaser
         uses: helm/[email protected]
         with:
-          mark_as_latest: ${{ inputs.latest }}
+          mark_as_latest: false # the release is marked as latest in the next step
           charts_dir: "operator/charts"
           skip_existing: true
         env: 
           CR_TOKEN: "${{ env.CR_TOKEN }}"
+
+      - name: Prepare CRs artifacts
+        run: ./gradlew prepareArtifacts -PartifactDir=${{ github.workspace }}/artifacts
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ inputs.chart_tag }}
+          body: "Release ${{ inputs.chart_tag }}"
+          generate_release_notes: true
+          make_latest: ${{ inputs.latest }}
+          files: |
+            ${{ github.workspace }}/artifacts/basenet.yaml
+            ${{ github.workspace }}/artifacts/devnet.yaml
+            ${{ github.workspace }}/artifacts/artifacts.tar.gz
+ 
diff --git a/.github/workflows/release-typescript-sdk.yaml b/.github/workflows/release-typescript-sdk.yaml
@@ -30,6 +30,7 @@ jobs:
         uses: ./.github/actions/setup
 
       - name: Publish to npm
+        continue-on-error: true # this can fail if the version is already published
         working-directory: sdk/typescript
         shell: bash
         run: |

diff --git a/operator/.gitignore b/operator/.gitignore
@@ -21,7 +21,6 @@ go.work
 
 # editor and IDE paraphernalia
 .idea
-.vscode
 *.swp
 *.swo
 *~
@@ -37,4 +36,8 @@ manager
 
 # Generated by gradle
 **/charts/paladin-operator/templates/samples/*.yaml
-**/charts/paladin-operator-crd/templates/*.yaml
+**/charts/paladin-operator-crd/templates/*.yaml
+
+**/artifacts/**
+
+**/__snapshot__/**
diff --git a/operator/.golangci.yml b/operator/.golangci.yml
@@ -15,6 +15,12 @@ issues:
     - path: "internal/*"
       linters:
         - dupl
+    - path: ".*_test.go"
+      linters:
+        - errcheck
+    - path: "contractpkg/*"
+      linters:
+        - errcheck
 linters:
   disable-all: true
   enable:
@@ -32,7 +38,6 @@ linters:
     - misspell
     - nakedret
     - prealloc
-    - staticcheck
     - typecheck
     - unconvert
     - unparam

diff --git a/operator/.vscode/launch.json b/operator/.vscode/launch.json
@@ -0,0 +1,55 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+      {
+        "name": "Run Controller",
+        "type": "go",
+        "preLaunchTask": "check-running-on-kind",
+        "request": "launch",
+        "mode": "debug",
+        "program": "${workspaceFolder}/cmd/main.go",
+        "env": { 
+            "KUBE_LOCAL": "true",
+            "WATCH_NAMESPACE": "default"
+        },
+        "presentation": {
+            "hidden": false
+        }
+      },
+      {
+        "name": "Run Contract Generator",
+        "type": "go",
+        "request": "launch",
+        "mode": "auto",
+        "program": "${workspaceFolder}/contractpkg",
+        "args": [
+          "generate",
+          "contract_map.json"
+        ]
+      },
+      {
+        "name": "Run Temaplte Generator",
+        "type": "go",
+        "request": "launch",
+        "mode": "auto",
+        "program": "${workspaceFolder}/contractpkg",
+        "args": [
+          "template",
+          "../config/samples",
+          "../charts/paladin-operator/templates/samples"
+        ]
+      },
+      {
+        "name": "Run Artifacts Generator",
+        "type": "go",
+        "request": "launch",
+        "mode": "auto",
+        "program": "${workspaceFolder}/contractpkg",
+        "args": [
+          "combine",
+          "../config/samples",
+          "generated-crs"
+        ]
+      }
+    ]
+  }
diff --git a/operator/Makefile b/operator/Makefile
@@ -125,7 +125,7 @@ kind-delete: ## Delete the Kind cluster.
 
 ##@ Build
 .PHONY: build
-build: manifests generate fmt vet ## Build manager binary.
+build: manifests generate fmt vet test ## Build manager binary.
 	go build -o bin/manager cmd/main.go
 
 .PHONY: run 

diff --git a/operator/api/v1alpha1/paladin_types.go b/operator/api/v1alpha1/paladin_types.go
@@ -33,13 +33,20 @@ type PaladinSpec struct {
 	// Adds signing modules that load their key materials from a k8s secret
 	SecretBackedSigners []SecretBackedSigner `json:"secretBackedSigners,omitempty"`
 
-	// Optionally bind to a local besu node deployed with this operator
-	// (vs. configuring a connection to a production blockchain network)
+	// Deprecated: Use 'baseLedgerEndpoint' instead. Example:
+	// { "baseLedgerEndpoint": {"type": "local", "local": {"nodeName": "node-name"}} }
+	//
+	// Optionally bind to a local Besu node deployed with this operator
+	// (vs. configuring a connection to a production blockchain network).
+	// +optional
 	BesuNode string `json:"besuNode,omitempty"`
 
-	// AuthConfig is used to provide authentication details for blockchain connections
-	// If this is set, it will override the auth details in the config
-	AuthConfig *AuthConfig `json:"authConfig,omitempty"`
+	// Deprecated: Use 'baseLedgerEndpoint' instead. Example:
+	// { "baseLedgerEndpoint": {"type": "network", "network": {"auth": {}}} }
+	AuthConfig *Auth `json:"authConfig,omitempty"`
+
+	// BaseLedgerEndpoint specifies the base endpoint for the ledger
+	BaseLedgerEndpoint *BaseLedgerEndpoint `json:"baseLedgerEndpoint,omitempty"`
 
 	// Optionally tune the service definition.
 	// We merge any configuration you add (such as node ports) for the following services:
@@ -56,6 +63,39 @@ type PaladinSpec struct {
 	// Transports are configured individually on each node, as they reference security details specific to that node
 	Transports []TransportConfig `json:"transports"`
 }
+type BaseLedgerEndpointType string
+
+const (
+	EndpointTypeLocal   BaseLedgerEndpointType = "local"
+	EndpointTypeNetwork BaseLedgerEndpointType = "endpoint"
+)
+
+type BaseLedgerEndpoint struct {
+	// Type specifies the type of the endpoint.
+	// +kubebuilder:validation:Enum=local;network
+	Type BaseLedgerEndpointType `json:"type"`
+
+	// Local specifies the configuration when the type is 'local'.
+	// +optional
+	Local *LocalLedgerEndpoint `json:"local,omitempty"`
+
+	// Network specifies the configuration when the type is 'network'.
+	// +optional
+	Endpoint *NetworkLedgerEndpoint `json:"endpoint,omitempty"`
+}
+
+// LocalLedgerEndpoint defines the configuration for local endpoints.
+type LocalLedgerEndpoint struct {
+	// NodeName specifies the name of the local node.
+	NodeName string `json:"nodeName"`
+}
+
+// NetworkLedgerEndpoint defines the configuration for network endpoints.
+type NetworkLedgerEndpoint struct {
+	JSONRPC string `json:"jsonrpc"`
+	WS      string `json:"ws"`
+	Auth    *Auth  `json:"auth,omitempty"`
+}
 
 type LabelReference struct {
 	// Label selectors provide a flexible many-to-many mapping between nodes and domains in a namespace.
@@ -143,17 +183,21 @@ type SecretBackedSigner struct {
 	KeySelector string `json:"keySelector"`
 }
 
-type AuthMethod string
+type AuthType string
 
-const AuthMethodSecret AuthMethod = "secret"
+const (
+	// AuthTypeSecret is used to authenticate with a secret
+	// The secret must contain keys "username" and "password"
+	AuthTypeSecret AuthType = "secret"
+)
 
-type AuthConfig struct {
+type Auth struct {
 	// auth method to use for the connection
 	// +kubebuilder:validation:Enum=secret
-	AuthMethod AuthMethod `json:"authMethod"`
+	Type AuthType `json:"type"`
 
-	// SecretAuth is used to provide the name of the secret to use for authentication
-	AuthSecret *AuthSecret `json:"authSecret,omitempty"`
+	// Secret is used to provide the name of the secret to use for authentication
+	Secret *AuthSecret `json:"secretRef,omitempty"`
 }
 
 type AuthSecret struct {