midnightntwrk · cosmir17 · Dec 1, 2025 · Dec 2, 2025
@@ -52,6 +52,6 @@ export NODE_KEY="$(cat ./midnight-node.privatekey)"
 # Partner chains config:
 #
 export CARDANO_NETWORK=preview
-export CARDANO_IMAGE="ghcr.io/intersectmbo/cardano-node:10.2.1"
+export CARDANO_IMAGE="ghcr.io/intersectmbo/cardano-node:10.5.3"
 export CARDANO_DATA_DIR=./cardano-data
 export CARDANO_CONFIG_DIR=./cardano-config/${CARDANO_NETWORK}
@@ -0,0 +1,7 @@
+# shellcheck shell=bash
+# overrides for node-dev-01
+export MIDNIGHT_NODE_IMAGE="ghcr.io/midnight-ntwrk/midnight-node:0.18.0-rc.7"
+
+# Well known addresses of network that allow discovery of all other nodes.
+# TODO: Update with actual node-dev-01 bootnode addresses
+export BOOTNODES="/dns/boot-node.node-dev-01.dev.midnight.network/tcp/30333/ws/p2p/12D3KooWPLACEHOLDER"
@@ -0,0 +1,7 @@
+# shellcheck shell=bash
+# overrides for preprod
+export MIDNIGHT_NODE_IMAGE="ghcr.io/midnight-ntwrk/midnight-node:0.18.0-rc.6"
+
+# Well known addresses of network that allow discovery of all other nodes.
+# TODO: Update with actual preprod bootnode addresses
+export BOOTNODES="/dns/boot-node-7.preprod.midnight.network/tcp/30333/ws/p2p/12D3KooWPLACEHOLDER"
@@ -0,0 +1,7 @@
+# shellcheck shell=bash
+# overrides for preview
+export MIDNIGHT_NODE_IMAGE="ghcr.io/midnight-ntwrk/midnight-node:0.18.0-rc.7"
+
+# Well known addresses of network that allow discovery of all other nodes.
+# TODO: Update with actual preview bootnode addresses
+export BOOTNODES="/dns/boot-node-7.previewcluster.preview.midnight.network/tcp/30333/ws/p2p/12D3KooWK66i7dtGVNSwDh9tTeqov1q6LSdWsRLJvTyzTCaywYgK"
@@ -1,5 +1,5 @@
 # overrides for qanet
-export MIDNIGHT_NODE_IMAGE="ghcr.io/midnight-ntwrk/midnight-node:0.12.0-rc.3"
+export MIDNIGHT_NODE_IMAGE="ghcr.io/midnight-ntwrk/midnight-node:0.18.0-rc.7"
 
 # Well known addresses of network that allow discovery of all other nodes.
 export BOOTNODES="/dns/boot-node-01.qanet.dev.midnight.network/tcp/30333/ws/p2p/12D3KooWEyoppNCUx8Yx66oV9fJnriXwCcXwDDUA2kj6vnc6iDEp \

@@ -1,5 +1,5 @@
 # overrides for testnet-02
-export MIDNIGHT_NODE_IMAGE="midnightnetwork/midnight-node:0.12.0"
+export MIDNIGHT_NODE_IMAGE="ghcr.io/midnight-ntwrk/midnight-node:0.12.1"
 
 # These are well known addresses of a network that allow you to discover all the other nodes.
 export BOOTNODES="/dns/boot-node-01.testnet-02.midnight.network/tcp/30333/ws/p2p/12D3KooWMjUq13USCvQR9Y6yFzYNYgTQBLNAcmc8psAuPx2UUdnB \

@@ -1,16 +1,22 @@
 #!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
 
 source "./.envrc"
 
 docker compose -f ./compose.yml -f ./compose-partner-chains.yml build
 
 scan_image() {
-  local image SAFE_NAME SARIF_FILE
+  local image SAFE_NAME SARIF_FILE scan_exit_code
   image="$1"
+  echo "=========================================="
   echo "Scanning $image..."
+  echo "=========================================="
   SAFE_NAME=$(echo "$image" | sed 's/[\/:]/-/g')
   SARIF_FILE="${SAFE_NAME}.sarif"
 
+  # Run Trivy scan and capture exit code
+  scan_exit_code=0
   time docker run --rm \
     -v /var/run/docker.sock:/var/run/docker.sock \
     -v trivy-cache:/root/.cache \
@@ -20,17 +26,78 @@ scan_image() {
     --ignore-unfixed \
     --no-progress \
     --output "/output/$SARIF_FILE" \
-    "$image"
+    "$image" || scan_exit_code=$?
+
+  # Check if scan succeeded and SARIF file was created
+  if [[ $scan_exit_code -ne 0 ]]; then
+    echo "::warning::Trivy scan failed for $image (exit code: $scan_exit_code)"
+    # Create minimal valid SARIF to avoid breaking the upload
+    cat > "$SARIF_FILE" <<EOF
+{
+  "\$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [{
+    "tool": {
+      "driver": {
+        "name": "Trivy",
+        "version": "0.67.2",
+        "informationUri": "https://github.com/aquasecurity/trivy"
+      }
+    },
+    "results": [],
+    "automationDetails": {
+      "id": "trivy/$image",
+      "description": {"text": "Trivy scan failed for $image - image may not be accessible"}
+    }
+  }]
+}
+EOF
+    echo "Created placeholder SARIF for failed scan: $SARIF_FILE"
+    # Record failure but continue
+    echo "$image" >> /tmp/failed_scans.txt
+  fi
+
+  # Validate SARIF file exists and is valid JSON
+  if [[ ! -f "$SARIF_FILE" ]]; then
+    echo "::error::SARIF file not created for $image"
+    return 1
+  fi
+
+  if ! jq empty "$SARIF_FILE" 2>/dev/null; then
+    echo "::error::Invalid SARIF JSON for $image"
+    return 1
+  fi
+
+  # Add automation details and move to scan_reports
   jq --arg image "$image" \
    '.runs[0].automationDetails = {
      id: "trivy/\($image)",
      description: {text: "Trivy scan for \($image)"}
    }' "$SARIF_FILE" > "./scan_reports/${SARIF_FILE}"
+
   echo "Completed $SARIF_FILE"
 }
 export -f scan_image
 
-mkdir scan_reports
+mkdir -p scan_reports
 
+# Clear any previous failed scans record
+rm -f /tmp/failed_scans.txt
+
+# Scan all images from compose config
 docker compose -f ./compose.yml -f ./compose-partner-chains.yml config --images | \
   xargs -I {} bash -c 'scan_image "$@"' _ {}
+
+# Report summary
+echo ""
+echo "=========================================="
+echo "Scan Summary"
+echo "=========================================="
+if [[ -f /tmp/failed_scans.txt ]]; then
+  echo "::warning::The following images failed to scan:"
+  cat /tmp/failed_scans.txt
+  echo ""
+  echo "Placeholder SARIF files were created for failed scans."
+else
+  echo "All images scanned successfully."
+fi
@@ -45,11 +45,13 @@ jobs:
     name: Build and scan code
     runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
-        cfg_preset: ['testnet-02', 'qanet']
+        cfg_preset: ['testnet-02', 'qanet', 'node-dev-01', 'preview', 'preprod']
     permissions:
       actions: read
       contents: read
+      packages: read
       security-events: write
       statuses: write
     steps:
@@ -58,6 +60,9 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Login to GitHub Container Registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
+
       - name: Scan images
         env:
           CFG_PRESET: ${{ matrix.cfg_preset }}

@@ -35,7 +35,7 @@ services:
       - ${CARDANO_DATA_DIR}:/data
 
   postgres:
-    image: postgres:15.3
+    image: postgres:17.2
     platform: linux/amd64
     container_name: db-sync-postgres
     environment:
@@ -53,7 +53,7 @@ services:
       retries: 5
 
   cardano-db-sync:
-    image: ghcr.io/intersectmbo/cardano-db-sync:13.6.0.4
+    image: ghcr.io/intersectmbo/cardano-db-sync:13.6.0.5
     platform: linux/amd64
     container_name: cardano-db-sync
     restart: unless-stopped

@@ -0,0 +1,96 @@
+{
+    "bootnodes": [
+        "/dns/midnight-node-boot-01/tcp/30333/p2p/12D3KooWEyoppNCUx8Yx66oV9fJnriXwCcXwDDUA2kj6vnc6iDEp"
+    ],
+    "chain_parameters": {
+        "genesis_utxo": "826fb99b43ab5bad1022f78774038d4c0f8f588d4c0a538f357a57fc2cb667ec#0"
+    },
+    "initial_governance": {
+        "authorities": [
+            "0x5eb21f015fbc7e6025a6518f953a221d79907e97712f31a469585216"
+        ],
+        "threshold": 1
+    },
+    "cardano": {
+        "security_parameter": 432,
+        "active_slots_coeff": 0.05,
+        "first_epoch_number": 0,
+        "first_slot_number": 0,
+        "epoch_duration_millis": 86400000,
+        "first_epoch_timestamp_millis": 1666656000000,
+        "slot_duration_millis": 1000
+    },
+    "cardano_addresses": {
+        "committee_candidates_address": "addr_test1wrahchgp7x6l8c3lamt4egk7dcwhjdvz3npdwq8mz4q9tecylsqww",
+        "d_parameter_policy_id": "0x907345b2b1e61424d83af0d0d3b32de8d67882fcb1a6d45f28a8714c",
+        "permissioned_candidates_policy_id": "0xf06e34dcab3daedbe041cd8586c3e8555e7350f9c5cef1980d3365c3",
+        "bridge": {
+            "illiquid_circulation_supply_validator_address": "addr_test1wzue5jtnfjqg6adr25d9vsjnqm3hhnpdgam5tfm0e3qqpdce0appd",
+            "asset": {
+                "policy_id": "0x00000000000000000000000000000000000000000000000000000000",
+                "asset_name": "0x"
+            }
+        },
+        "governed_map": {
+            "validator_address": "addr_test1wr7faeyz8mqekzcppspsrs5y6rdlnfnllt8l0cpfs6m9gng78tg6z",
+            "policy_id": "0x9d3a19404df5a19fc1d58bd6d924c4bac3ad1fba48b85fc0a43ba789"
+        }
+    },
+    "initial_permissioned_candidates": [
+        {
+            "sidechain_pub_key": "0x020a617391de0e0291310bf7792bb41d9573e8a054b686205da5553e08fac6d0b8",
+            "aura_pub_key": "0x1254f7017f0b8347ce7ab14f96d818802e7e9e0c0d1b7c9acb3c726b080e7a03",
+            "grandpa_pub_key": "0x5079bcd20fd97d7d2f752c4607012600b401950260a91821f73e692071c82bf5",
+            "beefy_pub_key": "0x020a617391de0e0291310bf7792bb41d9573e8a054b686205da5553e08fac6d0b8"
+        },
+        {
+            "sidechain_pub_key": "0x0287aa09f21089003413b37602a3f6909f8695901c70a28175cafd99d5976a202a",
+            "aura_pub_key": "0xb0521e374b0586d6829dad320753c62cdc6ef5edbd37ffdd36da0ae97c521819",
+            "grandpa_pub_key": "0x3f7f2fc8829c649501a0fb72a79abf885aa89e6c4ee2d00c6041dfa85e320980",
+            "beefy_pub_key": "0x0287aa09f21089003413b37602a3f6909f8695901c70a28175cafd99d5976a202a"
+        },
+        {
+            "sidechain_pub_key": "0x0291f1217d5a04cb83312ee3d88a6e6b33284e053e6ccfc3a90339a0299d12967c",
+            "aura_pub_key": "0x1cbd2d43530a44705ad088af313e18f80b53ef16b36177cd4b77b846f2a5f07c",
+            "grandpa_pub_key": "0x568cb4a574c6d178feb39c27dfc8b3f789e5f5423e19c71633c748b9acf086b5",
+            "beefy_pub_key": "0x0291f1217d5a04cb83312ee3d88a6e6b33284e053e6ccfc3a90339a0299d12967c"
+        },
+        {
+            "sidechain_pub_key": "0x02b8beaa492309f2332dd5445e20b8f74e26336c226daecf63cc4cd95a1ef3b140",
+            "aura_pub_key": "0x4017e17f10cc5a98731de9f020dbb37986f6e575789152d7fadae2b32eea6c13",
+            "grandpa_pub_key": "0x98bf054a827193b21d7127e4ee53ba9a4992aa09c0acced93cf5ca5da1ff7468",
+            "beefy_pub_key": "0x02b8beaa492309f2332dd5445e20b8f74e26336c226daecf63cc4cd95a1ef3b140"
+        },
+        {
+            "sidechain_pub_key": "0x031d10105e323c4afce225208f71a6441ee327a65b9e646e772500c74d31f669aa",
+            "aura_pub_key": "0xe659a7a1628cdd93febc04a4e0646ea20e9f5f0ce097d9a05290d4a9e054df4e",
+            "grandpa_pub_key": "0x1dfe3e22cc0d45c70779c1095f7489a8ef3cf52d62fbd8c2fa38c9f1723502b5",
+            "beefy_pub_key": "0x031d10105e323c4afce225208f71a6441ee327a65b9e646e772500c74d31f669aa"
+        },
+        {
+            "sidechain_pub_key": "0x035d35454a9671ccf959def176822d38e9e9aa5bbcfe50a7cbe69834dde9147ce5",
+            "aura_pub_key": "0x1880104772db7b947f3f8ccdcab3650d7179c44551d22dd0cca5dc852a140563",
+            "grandpa_pub_key": "0x11e6cb467a7528e861732c473b3a66c6701f38d35b894da8a1337f68708aa0eb",
+            "beefy_pub_key": "0x035d35454a9671ccf959def176822d38e9e9aa5bbcfe50a7cbe69834dde9147ce5"
+        },
+        {
+            "sidechain_pub_key": "0x036c6ae73d36d0c02b54d7877a57b1734b8e096134bd2c1b829431aa38f18bcce1",
+            "aura_pub_key": "0xac859f8a216eeb1b320b4c76d118da3d7407fa523484d0a980126d3b4d0d220a",
+            "grandpa_pub_key": "0x16f97016bbea8f7b45ae6757b49efc1080accc175d8f018f9ba719b60b0815e4",
+            "beefy_pub_key": "0x036c6ae73d36d0c02b54d7877a57b1734b8e096134bd2c1b829431aa38f18bcce1"
+        },
+        {
+            "sidechain_pub_key": "0x0389411795514af1627765eceffcbd002719f031604fadd7d188e2dc585b4e1afb",
+            "aura_pub_key": "0x90b5ab205c6974c9ea841be688864633dc9ca8a357843eeacf2314649965fe22",
+            "grandpa_pub_key": "0x439660b36c6c03afafca027b910b4fecf99801834c62a5e6006f27d978de234f",
+            "beefy_pub_key": "0x0389411795514af1627765eceffcbd002719f031604fadd7d188e2dc585b4e1afb"
+        },
+        {
+            "sidechain_pub_key": "0x0390084fdbf27d2b79d26a4f13f0ccd982cb755a661969143c37cbc49ef5b91f27",
+            "aura_pub_key": "0x8eaf04151687736326c9fea17e25fc5287613693c912909cb226aa4794f26a48",
+            "grandpa_pub_key": "0xd17c2d7823ebf260fd138f2d7e27d114c0145d968b5ff5006125f2414fadae69",
+            "beefy_pub_key": "0x0390084fdbf27d2b79d26a4f13f0ccd982cb755a661969143c37cbc49ef5b91f27"
+        }
+    ]
+}
+
@@ -0,0 +1,101 @@
+{
+  "bootnodes": [
+    "/dns/preprod/tcp/30333/p2p/12D3KooWDU3ydya1JaGttYuorL2e6EnZrEBzmWH1fGef1NnsSmtF"
+  ],
+  "chain_parameters": {
+    "genesis_utxo": "7177988904dc53037187962ecdbcb5dd245ac5c3e220a2122df81fea7c604eea#1"
+  },
+  "initial_governance": {
+    "authorities": [
+      "0xf50d4250ef32d62516433c1db13b3e6f73b1570fe1747dd493c4ba28"
+    ],
+    "threshold": 1
+  },
+  "cardano": {
+    "security_parameter": 2160,
+    "active_slots_coeff": 0.05,
+    "first_epoch_number": 4,
+    "first_slot_number": 86400,
+    "epoch_duration_millis": 432000000,
+    "first_epoch_timestamp_millis": 1655769600000,
+    "slot_duration_millis": 1000
+  },
+  "cardano_addresses": {
+    "committee_candidates_address": "addr_test1wrq0lldlvfdgay9tsdvpe2m5qk29e9g4ktzky7wz3nrmygcty5y4c",
+    "d_parameter_policy_id": "0x3c0d30f4aace7d53243371bd30c0ca1f36b033d9d39734709770c172",
+    "permissioned_candidates_policy_id": "0xf98fd74a9f2a38517be40cd8e81098a82103cabe140fc19a3f18ed41",
+    "bridge": {
+      "illiquid_circulation_supply_validator_address": "addr_test1wq8vp65petn7n65gd8r8tvmxk4nstm9uxk8qxal5kytzgtgtzeaeq",
+      "asset": {
+        "policy_id": "0x00000000000000000000000000000000000000000000000000000000",
+        "asset_name": "0x"
+      }
+    },
+    "governed_map": {
+      "validator_address": "addr_test1wz6ehdggmynhnwyq3c40763w0jwwquzmvx7yrupys3dmz7smprat8",
+      "policy_id": "0xdd818a9264a8cb86989fe04c3791058277e4004a1a7955e2f80a3e25"
+    }
+  },
+  "initial_permissioned_candidates": [
+    {
+      "aura_pub_key": "0xde2306334193be59122367e5a774769e59de84baacfd8e136fba8e18dbcd0833",
+      "grandpa_pub_key": "0x1bce1ca17ca250a2ccb4964573cc9a8650e390c38b0a6963b5307f9e5fc3f9fe",
+      "sidechain_pub_key": "0x027576a87c347dadcf62edd2f1a879daaffd8affebdd129a54ae01e4eaff269a6e",
+      "beefy_pub_key": "0x027576a87c347dadcf62edd2f1a879daaffd8affebdd129a54ae01e4eaff269a6e"
+    },
+    {
+      "aura_pub_key": "0x8c457a4b2383443ff5b30420aea92bfca65971fd0b76d21715529e4e8192be1d",
+      "grandpa_pub_key": "0x0235a9e06d7eefef4c0bd23b57d6516fc99692e51c14f9d019f517aebe7150d0",
+      "sidechain_pub_key": "0x022514d4b4134138f4579409897f67ac22923bf3422784d4b54dc9d03bf22f2a45",
+      "beefy_pub_key": "0x022514d4b4134138f4579409897f67ac22923bf3422784d4b54dc9d03bf22f2a45"
+    },
+    {
+      "aura_pub_key": "0xf6aa16d4c6892575af371fd14e1e40a7c4675876e8f331e2e2466a28e950765f",
+      "grandpa_pub_key": "0x5533a50ebb042a4137c2d1e5be6867cc860e3cf0ce8a83b8d862733c216c7e0d",
+      "sidechain_pub_key": "0x03b9c08e5e563b8480d505297e8113c87e3b5c5b676b03fa795d5a48de3b1ae3e3",
+      "beefy_pub_key": "0x03b9c08e5e563b8480d505297e8113c87e3b5c5b676b03fa795d5a48de3b1ae3e3"
+    },
+    {
+      "aura_pub_key": "0xcccd6dbd01b95948f56bb84ad441f29608b12b3694a2a71ce4ba0fa8c07f7f4b",
+      "grandpa_pub_key": "0x0d1a7725715dada86797150e28caa848eb67ab4ddb938f2de14bad9f7f5de222",
+      "sidechain_pub_key": "0x02138dee2cb4966a3836331b79a80c84cb5dc1899af6f577711e2d514ff7279fd9",
+      "beefy_pub_key": "0x02138dee2cb4966a3836331b79a80c84cb5dc1899af6f577711e2d514ff7279fd9"
+    },
+    {
+      "aura_pub_key": "0x12165fdd275029f4812daa0ba8bf416aea14c62db1e4223ff427b81f50ccac61",
+      "grandpa_pub_key": "0x9a8a4f0d16a1ca620765c65b176d5ac7cb4a53da5028263809ce3b9b782f243c",
+      "sidechain_pub_key": "0x03f07fcb3a460d7dc6aa9525c476effb49d95fce4a8a41cfb2fb6afc2573a32d6b",
+      "beefy_pub_key": "0x03f07fcb3a460d7dc6aa9525c476effb49d95fce4a8a41cfb2fb6afc2573a32d6b"
+    },
+    {
+      "aura_pub_key": "0x0e2ef42425883ac46002962a5201ea7bbbe40dc8d8542ec148d3ff32d5bbd71b",
+      "grandpa_pub_key": "0xb22e3803270bc87d38c63f88c2fa16d546591d011d98db9d1ea58903eb3260ca",
+      "sidechain_pub_key": "0x02aeedbf328a26d872cb7ecbb8352b1ad7451a384379e602d17cf4114847c9b19d",
+      "beefy_pub_key": "0x02aeedbf328a26d872cb7ecbb8352b1ad7451a384379e602d17cf4114847c9b19d"
+    },
+    {
+      "aura_pub_key": "0x168fbc39d9e1e697484918a400a4eef096353085e5f5057e75b1101af585a158",
+      "grandpa_pub_key": "0xb32b2b08a74099b170c5e9744912d98454011b1f8de0ee70f2c422c6861cdace",
+      "sidechain_pub_key": "0x03f983b91685b9ca36e2032041b8f97f7a8de717c0d610fe4f25dd226c640d4417",
+      "beefy_pub_key": "0x03f983b91685b9ca36e2032041b8f97f7a8de717c0d610fe4f25dd226c640d4417"
+    },
+    {
+      "aura_pub_key": "0xfaea12ba4222b542abd9a9024aad8e42e55acf2045a386ba98abc3b86371dc14",
+      "grandpa_pub_key": "0x6ec6705be4d119a27a466e05680c5fead39a65fccbb283a13c32db462e12eb6c",
+      "sidechain_pub_key": "0x02e7e787caca0cf41f5e7a650569c5e5777e3d8257f82ccf826bec0507add2115d",
+      "beefy_pub_key": "0x02e7e787caca0cf41f5e7a650569c5e5777e3d8257f82ccf826bec0507add2115d"
+    },
+    {
+      "aura_pub_key": "0xae6ee23c8eb9d5b38fe073f4b5520c4a036b86a1377723bda88165f2c5483338",
+      "grandpa_pub_key": "0x23715374d64eb47b25e7be527e64c04b21625429ea96c46eb1406c8172e4cb9b",
+      "sidechain_pub_key": "0x039949c752e7f8bd2e995b4cc1ce46b27cd054a09186ce3a7302e7673bbc27be24",
+      "beefy_pub_key": "0x039949c752e7f8bd2e995b4cc1ce46b27cd054a09186ce3a7302e7673bbc27be24"
+    },
+    {
+      "aura_pub_key": "0x3612abc1c52d79b656f98cf16655bd689c012a4d98d656c696d7fd7bdf596458",
+      "grandpa_pub_key": "0xa89f442106845d5f98ab8e46d2c9c7f8478774eac2797f466432cb0c1b9dca12",
+      "sidechain_pub_key": "0x030bbc467c8a86ab626f8172130c5366ed3f1b220ff4fd1d75f085a38685896ed7",
+      "beefy_pub_key": "0x030bbc467c8a86ab626f8172130c5366ed3f1b220ff4fd1d75f085a38685896ed7"
+    }
+  ]
+}