Merge branch 'main' into solana

Author: frbrkoala

.github/workflows/blueprints-unit-tests.yml

@@ -0,0 +1,30 @@
+name: blueprints-cdk-tests
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  blueprints-cdk-tests:
+    name: Run CDK tests for all blueprints
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+    defaults:
+      run:
+        shell: bash
+        working-directory: scripts
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 19
+          cache: npm
+          cache-dependency-path: package-lock.json
+
+      - name: Install dependencies
+        run: npm ci
+      - name: Run unit tests
+        run: ./run-all-cdk-tests.sh

.github/workflows/pre-commit.yml

@@ -0,0 +1,13 @@
+name: pre-commit
+
+on:
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v3
+    - uses: pre-commit/[email protected]

.github/workflows/semgrep.yaml

@@ -0,0 +1,56 @@
+# Name of this GitHub Actions workflow.
+name: Semgrep
+
+on:
+  # Scan changed files in PRs (diff-aware scanning):
+  pull_request:
+    branches: ["main"]
+  # Scan on-demand through GitHub Actions interface:
+  workflow_dispatch: {}
+  # Scan mainline branches and report all findings:
+  push:
+    branches: ["main"]
+
+jobs:
+  semgrep_scan:
+    # User definable name of this GitHub Actions job.
+    name: semgrep/ci
+    # If you are self-hosting, change the following `runs-on` value:
+    runs-on: ubuntu-latest
+    container:
+      # A Docker image with Semgrep installed. Do not change this.
+      image: returntocorp/semgrep
+    # Skip any PR created by dependabot to avoid permission issues:
+    if: (github.actor != 'dependabot[bot]')
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    steps:
+      # Fetch project source with GitHub Actions Checkout.
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Perform Semgrep Analysis
+      # @NOTE: This is the actual semgrep command to scan your code.
+      # Modify the --config option to 'r/all' to scan using all rules,
+      # or use multiple flags to specify particular rules, such as
+      # --config r/all --config custom/rules
+        run: semgrep scan -q --sarif --config auto > semgrep-results.sarif
+
+      # upload the results for the CodeQL GitHub app to annotate the code
+      - name: Save SARIF results as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: semgrep-scan-results
+          path: semgrep-results.sarif
+
+      # Upload SARIF file generated in previous step
+      - name: Upload SARIF result to the GitHub Security Dashboard
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: semgrep-results.sarif
+        if: always()

.github/workflows/website-test-deploy.yml

@@ -9,6 +9,9 @@ jobs:
   test-deploy:
     name: Test deployment
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
     defaults:
       run:
         shell: bash

.gitignore

@@ -7,6 +7,8 @@
 !jest.config.js
 *.d.ts
 node_modules
+!lib/**/package-lock.json
+lib/**/foo.bar
 
 # CDK asset staging directory
 .cdk.staging
@@ -35,4 +37,4 @@ ha-nodes-deploy*.json
 *.OLD
 .env
 .idea
-.vscode
+.vscode

.vscode/settings.json

@@ -0,0 +1,6 @@
+{
+    "cSpell.words": [
+        "bcuser",
+        "usermod"
+    ]
+}

lib/base/README.md

@@ -208,7 +208,7 @@ We currently don't recommend running **archive** nodes in HA setup, because it t
 :::
 
 ### Monitoring
-Every 5 minutes a script on the deployed node publishes to CloudWatch service the metrics for current block for L1/L2 clients as well as blocks behind metric for L1 and minutes behind for L2. When the node is fully synced the blocks behind metric should get to 4 and minutes behind should get down to 0. 
+Every 5 minutes a script on the deployed node publishes to CloudWatch service the metrics for current block for L1/L2 clients as well as blocks behind metric for L1 and minutes behind for L2. When the node is fully synced the blocks behind metric should get to 4 and minutes behind should get down to 0.
 
 - To see the metrics for **single node only**:
    - Navigate to CloudWatch service (make sure you are in the region you have specified for AWS_REGION)
@@ -291,4 +291,4 @@ sudo su bcuser
 ```
 4. Where to find the key Base client directories?
 
-   - The data directory is `/data`
+   - The data directory is `/data`

lib/base/app.ts

@@ -57,4 +57,4 @@ cdk.Aspects.of(app).add(
       reports: true,
       logIgnores: false,
   })
-);
+);

lib/besu-private/README.md

@@ -6,7 +6,7 @@
 
 This blueprint deploys a ready-to-test private blockchain network powered by [Hyperledger Besu](https://github.com/hyperledger/besu/) with [IBFT consensus](https://arxiv.org/abs/2002.03613). It is accessible by applications via [AWS PrivateLink](https://aws.amazon.com/privatelink/) and [Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html) (NLB).
 
-High-level features include: 
+High-level features include:
 - Automated blockchain node recovery based on deep health check.
 - Automated key management after initial setup.
 - Deployment of software changes without downtime.