Skip to content

Commit

Permalink
Merge pull request #1237 from Chia-Network/develop
Browse files Browse the repository at this point in the history
Release 1.7.19
  • Loading branch information
TheLastCicada authored Dec 4, 2024
2 parents ac9127c + c234b0e commit 17d1fe4
Show file tree
Hide file tree
Showing 32 changed files with 15,137 additions and 13,504 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/auto-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
uses: Chia-Network/actions/clean-workspace@main

- name: Checkout current branch
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
# Need PACKAGE_ADMIN_PAT token so when the tag is created, the tag automation runs
token: ${{ secrets.PACKAGE_ADMIN_PAT }}
Expand Down Expand Up @@ -51,7 +51,7 @@ jobs:
fi
- name: Checkout develop branch
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
# Need PACKAGE_ADMIN_PAT token so when the tag is created, the tag automation runs
token: ${{ secrets.PACKAGE_ADMIN_PAT }}
Expand Down
74 changes: 50 additions & 24 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,10 @@ jobs:
uses: Chia-Network/actions/clean-workspace@main

- name: Checkout Code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Setup Node 20.x
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: '20.16'

Expand Down Expand Up @@ -82,9 +82,20 @@ jobs:
- name: Copy sqlite3
run: cp ${{ matrix.sqlite-path }}node_sqlite3.node ./dist/

- name: Test for secrets access
id: check_secrets
shell: bash
run: |
unset HAS_SIGNING_SECRET
if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
env:
SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"

# Windows Code Signing
- name: Sign windows artifacts
if: matrix.runs-on == 'windows-2019'
if: matrix.runs-on == 'windows-2019' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
uses: chia-network/actions/digicert/windows-sign@main
with:
sm_api_key: ${{ secrets.SM_API_KEY }}
Expand All @@ -95,36 +106,48 @@ jobs:

# Mac .pkg build + sign
- name: Import Apple installer signing certificate
if: matrix.runs-on == 'macos-latest'
uses: Apple-Actions/import-codesign-certs@v1
if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
uses: Apple-Actions/import-codesign-certs@v3
with:
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
p12-file-base64: ${{ secrets.APPLE_DEV_ID_INSTALLER }}
p12-password: ${{ secrets.APPLE_DEV_ID_INSTALLER_PASS }}

- name: Import Apple Application signing certificate
if: matrix.runs-on == 'macos-latest'
uses: Apple-Actions/import-codesign-certs@v1
if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
uses: Apple-Actions/import-codesign-certs@v3
with:
create-keychain: false # Created when importing the first cert
keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }}
p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }}

- name: Build Mac .pkg
- name: Prep building Mac .pkg
if: matrix.runs-on == 'macos-latest'
run: |
rm -rf ${{ github.workspace }}/build-scripts/macos/darwin/application || true
cp -r ${{ github.workspace }}/dist ${{ github.workspace }}/build-scripts/macos/application
- name: Sign Mac binaries
if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
run: |
echo "Signing the binaries"
codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp --options=runtime --entitlements ${{ github.workspace }}/build-scripts/macos/entitlements.mac.plist ${{ github.workspace }}/build-scripts/macos/application/cadt
codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp ${{ github.workspace }}/build-scripts/macos/application/node_sqlite3.node
- name: Build Mac .pkg
if: matrix.runs-on == 'macos-latest'
run: |
# Makes the .pkg in ./build-scripts/macos/target/pkg
echo "Building the .pkg"
bash ${{ github.workspace }}/build-scripts/macos/build-macos.sh CADT
mkdir -p ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload
cp ${{ github.workspace }}/build-scripts/macos/target/pkg/CADT-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/CADT-macos-installer-x64.pkg
- name: Notarize Mac .pkg
if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
run: |
mkdir -p ${{ github.workspace }}/build-scripts/macos/target/pkg-signed
echo "Signing the .pkg"
Expand All @@ -138,15 +161,18 @@ jobs:
--team-id "${{ secrets.APPLE_TEAM_ID }}" \
"${{ github.workspace }}/build-scripts/macos/target/pkg-signed/CADT-macos-installer-x64.pkg"
rm -f ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/*
mv ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/CADT-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/
- name: Upload Mac Installer
if: matrix.runs-on == 'macos-latest'
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: cadt-mac-installer
path: ${{ github.workspace }}/build-scripts/macos/target/pkg-signed
path: ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload

- name: Upload artifacts
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.artifact-name }}
path: ${{ github.workspace }}/dist
Expand All @@ -156,14 +182,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
uses: docker/setup-qemu-action@v3
with:
platforms: arm64

- uses: Chia-Network/actions/clean-workspace@main

- name: Checkout Code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Determine npm cache key
id: npm-cache
Expand All @@ -172,7 +198,7 @@ jobs:
echo "CACHE_KEY=$CACHE_KEY" >> $GITHUB_OUTPUT
- name: Setup NPM Cache
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: node_modules
key: ${{ steps.npm-cache.outputs.CACHE_KEY }}
Expand All @@ -187,7 +213,7 @@ jobs:
sudo cp ./node_modules/sqlite3/build/Release/node_sqlite3.node ./dist/
- name: Upload artifacts
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: cadt-linux-arm64
path: ${{ github.workspace }}/dist
Expand All @@ -207,10 +233,10 @@ jobs:
platform: arm64
steps:
- name: Checkout Code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Download Linux artifacts
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: ${{ matrix.name }}
path: ${{ matrix.name }}
Expand Down Expand Up @@ -239,7 +265,7 @@ jobs:
dpkg-deb --build --root-owner-group "deb/$CLI_DEB_BASE"
- name: Upload deb
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.name }}-deb
path: ${{ github.workspace }}/deb/*.deb
Expand All @@ -251,31 +277,31 @@ jobs:
- debs
steps:
- name: Download Windows artifacts
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: cadt-windows-x64
path: cadt-windows-x64

- name: Download MacOS artifacts
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: cadt-mac-installer
path: cadt-mac-installer

- name: Download Linux artifacts
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: cadt-linux-x64
path: cadt-linux-x64

- name: Download Linux x64 deb
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: cadt-linux-x64-deb
path: cadt-linux-x64-deb

- name: Download Linux arm64 deb
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: cadt-linux-arm64-deb
path: cadt-linux-arm64-deb
Expand All @@ -292,7 +318,7 @@ jobs:
zip -r cadt-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip cadt-linux-x64
- name: Release
uses: softprops/action-gh-release@v0.1.15
uses: softprops/action-gh-release@v2.1.0
with:
files: |
cadt-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ensure-version-increment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@ jobs:
- uses: Chia-Network/actions/clean-workspace@main

- name: Checkout current branch
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
path: branch-repo

- name: Checkout main
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
ref: main
path: main-repo
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
- uses: Chia-Network/actions/clean-workspace@main

- name: Checkout Code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Ignore Husky
run: npm pkg delete scripts.prepare
Expand Down
20 changes: 10 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ sudo apt-get update
sudo apt-get install chia-blockchain-cli cadt
```

6. Start Chia Wallet and Datalayer with [systemd](https://docs.chia.net/installation/#systemd)
6. Start Chia Wallet, Full Node, and Datalayer with [systemd](https://docs.chia.net/installation/#systemd)

```
sudo systemctl start chia-wallet@<USERNAME> chia-data-layer@<USERNAME> chia-full-node@<USERNAME>
Expand Down Expand Up @@ -110,7 +110,7 @@ If using the built-in HTTP server for datalayer, start it at boot with
sudo systemctl enable chia-data-layer-http@<USERNAME>
```

10. View CADT logs to validate
9. View CADT logs to validate

```
journalctl -u cadt@<USERNAME> -f
Expand All @@ -132,16 +132,16 @@ To install from source:
```
git clone [email protected]:Chia-Network/cadt.git
cd cadt
nvm install 20.16
nvm use 20.16
nvm install
nvm use
npm run start
```

### Datalayer HTTP File Serving

CADT relies on all participants publicly sharing their data over Chia Datalayer, which includes sharing the Chia-generated `.dat` files over HTTP. The files are located in `~/.chia/mainnet/data_layer/db/server_files_location_<NETWORK>/` (where `<NETWORK>` is the Chia network, usually either "mainnet" or "testneta") and can be shared over any web-accessible HTTP endpoint, including

* Using the built-in datalayer-http service (see [Installation](#installation) instructions below). Datalayer-http runs on port 8575 by default which may need to be opened in your firewall configuration or forwarded by your router. Additionally, a static IP address will be required, which is not offered by default on some hosting providers. On AWS, assign an Elastic IP to the EC2 instance or use an Application Load Balancer to solve this.
* Using the built-in datalayer-http service (see [Installation](#installation) instructions below). Datalayer-http runs on port 8575 by default which may need to be opened in your firewall configuration or forwarded by your router. Additionally, a static IP address, or stable DNS record, will be required, which is not offered by default on some hosting providers. On AWS, assign an Elastic IP to the EC2 instance or use an Application Load Balancer to solve this.

* Using Nginx, Apache, Caddy, or any other web server. This also requires a static IP address, or dynamically assigned DNS record. Another challenge is that the default location for the .dat files is in the user's home directory, which the web server software will not have read-access to. One simple solution is
* `mv ~/.chia/mainnet/data_layer/db/server_files_location_<NETWORK> /var/www/` - move the datalayer file directory outside of the home directory
Expand All @@ -168,7 +168,7 @@ CADT relies on all participants publicly sharing their data over Chia Datalayer,

* Use [S3](https://aws.amazon.com/s3/) or other object store. Datalayer .dat files can be synced to any cloud file storage solution that can serve them publicly over HTTP. One recommended solution using S3 is to [use this script and follow the installation and usage instructions in the README](https://github.com/TheLastCicada/Chia-Datalayer-S3-Sync).


Once the .dat files are publicly available, update `DATALAYER_FILE_SERVER_URL` in the [CADT configuration file](#configuration) with the URL or IP address (always include http:// or https://) and the port, then restart CADT. CADT will begin to create mirrors at this URL for your data and all stores you are subscribed to.

### Run CADT on a Testnet

Expand All @@ -192,20 +192,20 @@ CADT runs on a testnet called "testnetA" which is different than the main Chia t

`sudo systemctl stop cadt@<USERNAME>`

4. Update the `GOVERNANCE_BODY_ID` in `~/.chia/mainnet/cadt/v1/config.yaml` to be `1019153f631bb82e7fc4984dc1f0f2af9e95a7c29df743f7b4dcc2b975857409`
5. Update the `GOVERNANCE_BODY_ID` in `~/.chia/mainnet/cadt/v1/config.yaml` to be `1019153f631bb82e7fc4984dc1f0f2af9e95a7c29df743f7b4dcc2b975857409`

5. If you already were running CADT on mainnet, delete the CADT database
6. If you already were running CADT on mainnet, delete the CADT database

`rm ~/.chia/mainnet/cadt/v1/data.sqlite3*`

6. Start CADT
7. Start CADT

`sudo systemctl start cadt@<USERNAME>`


### Ports, Networking, and Security

By default, the CADT API will listen on localhost only on port 31310. If running a node with `READ_ONLY` set to `false`, it is highly recommended that CADT is run on a private network or with access limited by IP address. To allow remote connections to CADT, set the `BIND_ADDRESS` (see the [Configuration](#configuration) section below) to the IP to listen on, or `0.0.0.0` to listen on all interfaces. The port for the CADT API can be set with the parameter `CW_PORT`. The default port is 31310. In many cases, users will need to access the API from their workstations for either the [CADT UI](https://github.com/Chia-Network/climate-warehouse-ui) or to integrate with existing tools and scripts. To add authentication to the API, use the `CADT_API_KEY` parameter. Alternatively, the API can be served behind an authentication proxy to restrict access and the `CADT_API_KEY` can be left blank. If running an observer node with `READ_ONLY` set to `true`, the CADT API will only share data from the public blockchain, and running without authentication is usually safe. If `READ_ONLY` is set to `false`, authentication must be used to prevent unauthorized writes to the blockchain.
By default, the CADT API will listen on localhost only on port 31310. If running a node with `READ_ONLY` set to `false`, it is highly recommended that CADT is run on a private network or with access limited by IP address. To allow remote connections to CADT, set the `BIND_ADDRESS` (see the [Configuration](#configuration) section below) to the IP to listen on, or `0.0.0.0` to listen on all interfaces. The port for the CADT API can be set with the parameter `CW_PORT`. The default port is 31310. In many cases, users will need to access the API from their workstations for either the [CADT UI](https://github.com/Chia-Network/cadt-ui) or to integrate with existing tools and scripts. To add authentication to the API, use the `CADT_API_KEY` parameter. Alternatively, the API can be served behind an authentication proxy to restrict access and the `CADT_API_KEY` can be left blank. If running an observer node with `READ_ONLY` set to `true`, the CADT API will only share data from the public blockchain, and running without authentication is usually safe. If `READ_ONLY` is set to `false`, authentication must be used to prevent unauthorized writes to the blockchain.

### Adding Encryption to the CADT API

Expand Down
Loading

0 comments on commit 17d1fe4

Please sign in to comment.