Add CI via github actions #3
Assignees
Comments
|
For the most part you can copy https://github.com/cosmos/cosmos-sdk/tree/master/.github/workflows. If you have any questions let me know, I did the migration to github actions for the cosmos/tendermint repos. |
|
thanks! |
Merged
|
@marbar3778 There are quite a few tests/checks that rely on simapp. Should I cut those, or incorporate those tests to use lazyledger-app instead of simapp? Would that be redundant, since those checks are already done in the cosmos-sdk? |
|
you will want to have them use lazyledger-app. It is some duplication but we dont know if we will only use modules from the lazyledger-sdk |
rootulp
added a commit
that referenced
this issue
Mar 7, 2024
To resolve govulncheck issues like: ``` Vulnerability #2: GO-2024-2610 Errors returned from JSON marshaling may break template escaping in html/template More info: https://pkg.go.dev/vuln/GO-2024-2610 Standard library Found in: html/template@go1.22 Fixed in: html/template@go1.22.1 Example traces found: Error: #1: test/util/testnode/rpc_client.go:126:25: testnode.StartAPIServer calls api.Server.Start, which eventually calls template.Template.Execute Error: #2: test/util/testnode/rpc_client.go:126:25: testnode.StartAPIServer calls api.Server.Start, which eventually calls template.Template.ExecuteTemplate Vulnerability #3: GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http More info: https://pkg.go.dev/vuln/GO-2024-2600 Standard library Found in: net/http@go1.22 Fixed in: net/http@go1.22.1 Example traces found: Error: #1: x/blobstream/client/verify.go:224:39: client.VerifyShares calls http.baseRPCClient.ProveShares, which eventually calls http.Client.Do Error: #2: cmd/celestia-appd/cmd/download_genesis.go:103:[23](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:24): cmd.downloadFile calls http.Get Vulnerability #4: GO-20[24](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:25)-[25](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:26)99 Memory exhaustion in multipart form parsing in net/textproto and net/http More info: https://pkg.go.dev/vuln/GO-2024-2599 Standard library Found in: net/textproto@go1.22 Fixed in: net/textproto@go1.22.1 Example traces found: Error: #1: x/blobstream/client/verify.go:202:18: client.VerifyShares calls service.BaseService.Start, which eventually calls textproto.Reader.ReadLine Error: #2: test/e2e/util.go:25:23: e2e.keyGenerator.Generate calls io.ReadFull, which eventually calls textproto.Reader.ReadMIMEHeader Vulnerability #5: GO-2024-2598 Verify panics on certificates with an unknown public key algorithm in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2024-2598 Standard library Found in: crypto/x509@go1.22 Fixed in: crypto/x509@go1.22.1 Example traces found: Error: #1: test/e2e/util.go:25:23: e2e.keyGenerator.Generate calls io.ReadFull, which eventually calls x[50](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:51)9.Certificate.Verify ```
ninabarbakadze
pushed a commit
to ninabarbakadze/celestia-app
that referenced
this issue
Apr 2, 2024
To resolve govulncheck issues like: ``` Vulnerability celestiaorg#2: GO-2024-2610 Errors returned from JSON marshaling may break template escaping in html/template More info: https://pkg.go.dev/vuln/GO-2024-2610 Standard library Found in: html/template@go1.22 Fixed in: html/template@go1.22.1 Example traces found: Error: celestiaorg#1: test/util/testnode/rpc_client.go:126:25: testnode.StartAPIServer calls api.Server.Start, which eventually calls template.Template.Execute Error: celestiaorg#2: test/util/testnode/rpc_client.go:126:25: testnode.StartAPIServer calls api.Server.Start, which eventually calls template.Template.ExecuteTemplate Vulnerability celestiaorg#3: GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http More info: https://pkg.go.dev/vuln/GO-2024-2600 Standard library Found in: net/http@go1.22 Fixed in: net/http@go1.22.1 Example traces found: Error: celestiaorg#1: x/blobstream/client/verify.go:224:39: client.VerifyShares calls http.baseRPCClient.ProveShares, which eventually calls http.Client.Do Error: celestiaorg#2: cmd/celestia-appd/cmd/download_genesis.go:103:[23](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:24): cmd.downloadFile calls http.Get Vulnerability celestiaorg#4: GO-20[24](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:25)-[25](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:26)99 Memory exhaustion in multipart form parsing in net/textproto and net/http More info: https://pkg.go.dev/vuln/GO-2024-2599 Standard library Found in: net/textproto@go1.22 Fixed in: net/textproto@go1.22.1 Example traces found: Error: celestiaorg#1: x/blobstream/client/verify.go:202:18: client.VerifyShares calls service.BaseService.Start, which eventually calls textproto.Reader.ReadLine Error: celestiaorg#2: test/e2e/util.go:25:23: e2e.keyGenerator.Generate calls io.ReadFull, which eventually calls textproto.Reader.ReadMIMEHeader Vulnerability celestiaorg#5: GO-2024-2598 Verify panics on certificates with an unknown public key algorithm in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2024-2598 Standard library Found in: crypto/x509@go1.22 Fixed in: crypto/x509@go1.22.1 Example traces found: Error: celestiaorg#1: test/e2e/util.go:25:23: e2e.keyGenerator.Generate calls io.ReadFull, which eventually calls x[50](https://github.com/celestiaorg/celestia-app/actions/runs/8169780335/job/22334531542?pr=3157#step:4:51)9.Certificate.Verify ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ideally via github actions:
at least:
ideally:
The text was updated successfully, but these errors were encountered: