onflow
diff --git a/‎.github/workflows/code-analysis.yml‎
Lines changed: 58 additions & 0 deletions b/‎.github/workflows/code-analysis.yml‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎.github/workflows/dependency-review.yml‎
Lines changed: 75 additions & 0 deletions b/‎.github/workflows/dependency-review.yml‎
Lines changed: 75 additions & 0 deletions
diff --git a/‎.mockery.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.mockery.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎access/api.go‎
Lines changed: 3 additions & 0 deletions b/‎access/api.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎access/mock/api.go‎
Lines changed: 60 additions & 0 deletions b/‎access/mock/api.go‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎access/mock/transactions_api.go‎
Lines changed: 60 additions & 0 deletions b/‎access/mock/transactions_api.go‎
Lines changed: 60 additions & 0 deletions
@@ -0,0 +1,58 @@
+name: "CodeQL Analysis"
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  analyze-code:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+      pull-requests: write
+    
+    env:
+      GOPRIVATE: "github.com/onflow, github.com/axiomzen"
+     # ORG_READER_PAT: ${{ secrets.ORG_READER_PAT }}
+     # ORG_READER_USERNAME: ${{ secrets.ORG_READER_USERNAME }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        languages: ['go']
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+            go-version-file: ./go.mod
+
+     # - name: set credentials for private repos
+     #   run: rm -f ~/.gitconfig && git config --global url.https://$ORG_READER_USERNAME:[email protected]/.insteadOf https://github.com/ && cat ~/.gitconfig
+
+      - name: Tidy Go and mod vendor
+        run: go mod tidy && go mod vendor
+
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.languages}}
+          queries: security-extended
+
+      - name: Build
+        run: CGO_ENABLED=0 go build -mod=vendor -tags=no_cgo ./... 
+
+      - name: CodeQL Analyze 
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.languages}}"
+          # need org username and pat to access private libraries
@@ -0,0 +1,75 @@
+# Dependency Review Action
+
+# PRs introducing NEW known-vulnerable packages will be blocked from merging.
+# This will output a GHAS comment in the PR with the details of the vulnerabilities.
+# and will also provide a comment on what to do next.
+
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: "Dependency review"
+on:
+  pull_request:
+    branches: ["master"]
+
+permissions:
+  contents: read
+  pull-requests: write # Required for PR comments
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    outputs:
+      vulnerable-changes: ${{ steps.review.outputs.vulnerable-changes }}
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+      - name: "Dependency Review"
+        id: review
+        uses: actions/dependency-review-action@v4
+        with:
+          comment-summary-in-pr: always
+          fail-on-severity: moderate
+          #allow-ghsas: GHSA-q34m-jh98-gwm2,GHSA-f9vj-2wh5-fj8j  EXAMPLE of how to whitelist!
+
+  dependency-review-failure-info:
+    needs: dependency-review
+    if: failure()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Add PR Comment
+        uses: actions/github-script@v7
+        env:
+          VULN_OUTPUT: ${{ needs.dependency-review.outputs.vulnerable-changes }}
+        with:
+          script: |
+            try {
+              const vulnData = JSON.parse(process.env.VULN_OUTPUT || '[]');
+              let details = '';
+              
+              for (const pkg of vulnData) {
+                details += `\n📦 **${pkg.name}@${pkg.version}**\n`;
+              }
+
+              const comment = `⚠️ **Security Dependency Review Failed** ⚠️
+
+              This pull request introduces dependencies with security vulnerabilities of moderate severity or higher.
+
+              ### Vulnerable Dependencies:${details}
+
+              ### What to do next?
+              1. Review the vulnerability details in the Dependency Review Comment above, specifically the "Vulnerabilities" section
+              2. Click on the links in the "Vulnerability" section to see the details of the vulnerability
+              3. If multiple versions of the same package are vulnerable, please update to the common latest non-vulnerable version
+              4. If you are unsure about the vulnerability, please contact the security engineer
+              5. If the vulnerability cannot be avoided (can't upgrade, or need to keep), contact #security on slack to **get it added to the allowlist**
+              \nSecurity Engineering contact: #security on slack`;
+
+              await github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: comment
+              });
+            } catch (error) {
+              console.error('Error processing vulnerability data:', error);
+              throw error;
+            }
@@ -22,6 +22,7 @@ packages:
     config:
       dir: "consensus/hotstuff/mocks"
       outpkg: "mocks"
+  github.com/onflow/flow-go/engine/access/ingestion/collections:
   github.com/onflow/flow-go/engine/access/ingestion/tx_error_messages:
   github.com/onflow/flow-go/engine/access/rest/common/models:
   github.com/onflow/flow-go/engine/access/rest/websockets:
@@ -31,7 +32,6 @@ packages:
   github.com/onflow/flow-go/engine/access/rpc/backend/node_communicator:
   github.com/onflow/flow-go/engine/access/rpc/backend/transactions/error_messages:
   github.com/onflow/flow-go/engine/access/rpc/backend/transactions/provider:
-  github.com/onflow/flow-go/engine/access/rpc/backend/transactions/retrier:
   github.com/onflow/flow-go/engine/access/rpc/connection:
   github.com/onflow/flow-go/engine/access/state_stream:
   github.com/onflow/flow-go/engine/access/subscription:
 
@@ -59,6 +59,9 @@ type TransactionsAPI interface {
 
 	GetSystemTransaction(ctx context.Context, txID flow.Identifier, blockID flow.Identifier) (*flow.TransactionBody, error)
 	GetSystemTransactionResult(ctx context.Context, txID flow.Identifier, blockID flow.Identifier, encodingVersion entities.EventEncodingVersion) (*accessmodel.TransactionResult, error)
+
+	GetScheduledTransaction(ctx context.Context, scheduledTxID uint64) (*flow.TransactionBody, error)
+	GetScheduledTransactionResult(ctx context.Context, scheduledTxID uint64, encodingVersion entities.EventEncodingVersion) (*accessmodel.TransactionResult, error)
 }
 
 type TransactionStreamAPI interface {
Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,9 @@ type TransactionsAPI interface {`
`59`	`59`
`60`	`60`	`GetSystemTransaction(ctx context.Context, txID flow.Identifier, blockID flow.Identifier) (*flow.TransactionBody, error)`
`61`	`61`	`GetSystemTransactionResult(ctx context.Context, txID flow.Identifier, blockID flow.Identifier, encodingVersion entities.EventEncodingVersion) (*accessmodel.TransactionResult, error)`
	`62`	`+`
	`63`	`+ GetScheduledTransaction(ctx context.Context, scheduledTxID uint64) (*flow.TransactionBody, error)`
	`64`	`+ GetScheduledTransactionResult(ctx context.Context, scheduledTxID uint64, encodingVersion entities.EventEncodingVersion) (*accessmodel.TransactionResult, error)`
`62`	`65`	`}`
`63`	`66`
`64`	`67`	`type TransactionStreamAPI interface {`