Merge remote-tracking branch 'origin/master' into feature/era-import

.github/workflows/publish-packages.yml

@@ -26,7 +26,7 @@ jobs:
           echo "Import GPG owner trust"
           echo ${{ secrets.GPG_OWNERTRUST }} | base64 --decode | gpg --import-ownertrust
       - name: Install PPA dependencies
-        run: sudo apt-get update && sudo apt-get install debhelper devscripts -y
+        run: sudo apt-get update && sudo apt-get install build-essential debhelper devscripts -y
       - name: Submit package
         env:
           PPA_GPG_KEYID: ${{ secrets.PPA_GPG_KEYID }}
@@ -65,6 +65,8 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install debhelper devscripts ubuntu-dev-tools -y
+      - name: Set up Python
+        uses: actions/setup-python@v5
       - name: Install launchpadlib
         run: pip install launchpadlib --upgrade
       - name: Copy to other series

.github/workflows/sync-supported-chains.yml

@@ -12,6 +12,10 @@ on:
         description: "Docker image to be used by action"
         default: ""
         required: false
+      network_filter:
+        description: "Usefull for manual execution on only specified networks - provide partial or full name. Will execute action only on networks which contains phrase."
+        default: ""
+        required: false    
 
 env:
   DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: "1"
@@ -29,7 +33,14 @@ jobs:
           path: nethermind
       - name: Set Matrix
         id: set-matrix
-        run: echo "matrix=$(jq -c . nethermind/scripts/workflow_config/sync_testnets_matrix.json)" >> $GITHUB_OUTPUT
+        run: |
+          matrix=$(cat nethermind/scripts/workflow_config/sync_testnets_matrix.json)
+
+          if [ -n "${{ github.event.inputs.network_filter }}" ]; then
+            matrix=$(echo "$matrix" | jq --arg filter "${{ github.event.inputs.network_filter }}" '[.[] | select(.network | contains($filter))]')
+          fi
+
+          echo "matrix=$(echo "$matrix" | jq -c .)" >> $GITHUB_OUTPUT
 
   create_a_runner:
     needs: [setup-matrix]
@@ -188,7 +199,7 @@ jobs:
           required_count["Processed"]=20
 
           network="${{ matrix.config.network }}"
-          if [[ "$network" != "joc-mainnet" && "$network" != "joc-testnet" ]]; then
+          if [[ "$network" != "joc-mainnet" && "$network" != "joc-testnet" && "$network" != "linea-mainnet" && "$network" != "linea-sepolia" ]]; then
             good_logs["Synced Chain Head"]=0
             required_count["Synced Chain Head"]=20
           fi
@@ -250,7 +261,7 @@ jobs:
           done
 
       - name: Get Consensus Logs
-        if: always() && matrix.config.network != 'joc-mainnet' && matrix.config.network != 'joc-testnet'
+        if: always() && matrix.config.network != 'joc-mainnet' && matrix.config.network != 'joc-testnet' && matrix.config.network != 'linea-mainnet' && matrix.config.network != 'linea-sepolia'
         run: |
           network="${{ matrix.config.network }}"
           if [[ "$network" == base-* || "$network" == op-* ]]; then
@@ -265,6 +276,7 @@ jobs:
 
       - name: Destroy VM
         if: always()
+        continue-on-error: true
         id: run-linode-action
         uses: kamilchodola/linode-github-runner/.github/actions/linode-machine-manager@main
         with:

.github/workflows/trivy.yml

@@ -0,0 +1,46 @@
+name: Trivy scanner
+
+on:
+  pull_request:
+    branches: [master]
+  push:
+    branches: [master]
+  schedule:
+    - cron: '29 19 * * 4'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    env:
+      IMAGE_TAG: nethermind:${{ github.sha }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
+
+      - name: Build Docker image
+        run: docker build -t $IMAGE_TAG .
+
+      - name: Scan
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 #v0.28.0
+        with:
+          image-ref: ${{ env.IMAGE_TAG }}
+          format: template
+          template: '@/contrib/sarif.tpl'
+          output: trivy-results.sarif
+          severity: CRITICAL,HIGH
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+
+      - name: Upload scan results
+        uses: github/codeql-action/upload-sarif@cf5b0a9041d3c1d336516f1944c96d96598193cc #v2.19.1
+        with:
+          sarif_file: trivy-results.sarif

.github/workflows/update-fast-sync.yml

@@ -16,10 +16,12 @@ jobs:
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
       - name: Install dependencies
         run: |
-          pip3 install setuptools --break-system-packages
-          pip3 install emoji --break-system-packages
+          pip install setuptools
+          pip install emoji
       - name: Update config files
         run: python3 scripts/syncSettings.py ${{ secrets.ETHERSCAN_API_KEY }}
       - name: Create GitHub app token

scripts/syncSettings.py

@@ -83,6 +83,16 @@
         "url": "https://sepolia.optimism.io",
         "blockReduced": 8192,
         "multiplierRequirement": 10000
+    },
+    "linea-mainnet": {
+        "url": "https://rpc.linea.build",
+        "blockReduced": 8192,
+        "multiplierRequirement": 10000
+    },
+    "linea-sepolia": {
+        "url": "https://rpc.sepolia.linea.build",
+        "blockReduced": 8192,
+        "multiplierRequirement": 10000
     }
 }
 

scripts/workflow_config/sync_testnets_matrix.json

@@ -86,5 +86,21 @@
     "checkpoint-sync-url": "",
     "timeout": 180,
     "agent": "g6-standard-6"
+  },
+  {
+    "network": "linea-mainnet",
+    "cl": "",
+    "cl_image": "",
+    "checkpoint-sync-url": "",
+    "timeout": 180,
+    "agent": "g6-standard-6"
+  },
+  {
+    "network": "linea-sepolia",
+    "cl": "",
+    "cl_image": "",
+    "checkpoint-sync-url": "",
+    "timeout": 180,
+    "agent": "g6-standard-6"
   }
 ]