diff --git a/.example.env b/.example.env index bac9d2631..22ed35047 100644 --- a/.example.env +++ b/.example.env @@ -28,4 +28,4 @@ CORE_P2P_PORT=6690 # Build config CORE_REPO="https://github.com/smartcontractkit/chainlink.git" -CORE_REF=aptos-init +CORE_REF=develop diff --git a/.github/actions/get-core-ref/get_core_ref.sh b/.github/actions/get-core-ref/get_core_ref.sh index fb763fbf9..2f412381c 100755 --- a/.github/actions/get-core-ref/get_core_ref.sh +++ b/.github/actions/get-core-ref/get_core_ref.sh @@ -1,9 +1,9 @@ #!/bin/bash -core_ref="develop-plugins" +core_ref="${DEFAULT_CORE_REF:-develop-plugins}" -# Extract and trim the value after core_ref:, handle multiple spaces -if [[ $PR_BODY =~ core_ref:[[:space:]]*([^;[:space:]]+)[[:space:]]*$ ]]; then +# Extract the value after core_ref:, allowing the documented semicolon terminator. +if [[ $PR_BODY =~ core_ref:[[:space:]]*([^;[:space:]]+) ]]; then potential_ref="${BASH_REMATCH[1]}" # Only allow alphanumeric, dash, underscore, forward slash diff --git a/.github/actions/get-core-ref/test_get_core_ref.sh b/.github/actions/get-core-ref/test_get_core_ref.sh index a2ef517f3..e419e0e26 100755 --- a/.github/actions/get-core-ref/test_get_core_ref.sh +++ b/.github/actions/get-core-ref/test_get_core_ref.sh @@ -16,12 +16,14 @@ run_test() { local test_name="$1" local pr_body="$2" local expected="$3" + local default_ref="${4:-develop-plugins}" echo "Test: $test_name" echo "Input: $pr_body" setup_test_env export PR_BODY="$pr_body" + export DEFAULT_CORE_REF="$default_ref" ./get_core_ref.sh @@ -42,6 +44,10 @@ run_test "Simple valid ref" \ "core_ref: develop" \ "develop" +run_test "Documented semicolon syntax" \ + "core_ref: feature/aptos-core-branch;" \ + "feature/aptos-core-branch" + run_test "Complex valid ref" \ "core_ref: feature/abc-123_test" \ "feature/abc-123_test" @@ -66,11 +72,11 @@ run_test "Command injection via backticks" \ run_test "Command injection via semicolon" \ "core_ref: valid-ref; touch HACKED2" \ - "develop-plugins" + "valid-ref" run_test "Command injection via pipeline" \ "core_ref: valid-ref | touch HACKED3" \ - "develop-plugins" + "valid-ref" run_test "Command injection via subshell" \ "core_ref: \$(touch HACKED4)" \ @@ -97,6 +103,11 @@ run_test "Extra whitespace" \ " core_ref: spaces-everywhere " \ "spaces-everywhere" +run_test "Workflow-specific default override" \ + "some other text" \ + "develop" \ + "develop" + # Final security check if ls HACKED* 1>/dev/null 2>&1; then echo "❌ CRITICAL: Command injection was successful!" diff --git a/.github/workflows/aptos-run-smoke-tests.yml b/.github/workflows/aptos-run-smoke-tests.yml index bced9e426..8ff8c8ed8 100644 --- a/.github/workflows/aptos-run-smoke-tests.yml +++ b/.github/workflows/aptos-run-smoke-tests.yml @@ -20,7 +20,7 @@ jobs: contents: read env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - DEFAULT_CORE_REF: aptos-init + DEFAULT_CORE_REF: feature/aptos-develop-mock-trigger runs-on: ubuntu-latest steps: - name: Checkout code @@ -41,7 +41,7 @@ jobs: uses: actions/checkout@v4 with: repository: smartcontractkit/chainlink - ref: ${{ env.CUSTOM_CORE_REF || env.DEFAULT_CORE_REF }} + ref: ${{ env.core_ref || env.DEFAULT_CORE_REF }} path: temp/chainlink - name: Build chainlink image diff --git a/README.md b/README.md index 31c27ebda..deab6b29a 100644 --- a/README.md +++ b/README.md @@ -21,5 +21,5 @@ Local development and tests how to 3. `go test` ### Custom images on PRs -If you want to test the CI with a custom core image you need to specify in the PR body either the commit sha or branch name in the following format `core_ref:;` e.g `core_ref:develop;`. -_Note:_ Develop does not work until the core aptos-init branch is merged +If you want to test the CI with a custom core image you need to specify in the PR body either the commit sha or branch name in the following format `core_ref:;`, for example `core_ref:develop;`. +If you do not provide an override, the smoke workflow uses `develop` by default. diff --git a/integration-tests/deploy/config.go b/integration-tests/deploy/config.go index 6165d7a5a..d98cc1352 100644 --- a/integration-tests/deploy/config.go +++ b/integration-tests/deploy/config.go @@ -16,13 +16,14 @@ var ( ) type CoreConfigToml struct { - Log CoreLogTomlConfig `toml:"Log"` - Feature CoreFeatureTomlConfig `toml:"Feature"` - OCR2 CoreOCR2TomlConfig `toml:"OCR2"` - P2P CoreP2PTomlConfig `toml:"P2P"` - WebServer CoreWebServerTomlConfig `toml:"WebServer"` - Aptos []CoreAptosTomlConfig `toml:"Aptos"` - EVM []CoreEVMTomlConfig `toml:"EVM"` + Log CoreLogTomlConfig `toml:"Log"` + Feature CoreFeatureTomlConfig `toml:"Feature"` + Capabilities CoreCapabilitiesTomlConfig `toml:"Capabilities"` + OCR2 CoreOCR2TomlConfig `toml:"OCR2"` + P2P CoreP2PTomlConfig `toml:"P2P"` + WebServer CoreWebServerTomlConfig `toml:"WebServer"` + Aptos []CoreAptosTomlConfig `toml:"Aptos"` + EVM []CoreEVMTomlConfig `toml:"EVM"` } type CoreLogTomlConfig struct { @@ -35,6 +36,21 @@ type CoreFeatureTomlConfig struct { UICSAKeys bool `toml:"UICSAKeys"` } +type CoreCapabilitiesTomlConfig struct { + Local CoreLocalCapabilitiesTomlConfig `toml:"Local"` +} + +type CoreLocalCapabilitiesTomlConfig struct { + // Preserve explicit local capability stanzas when we decode and re-encode + // core.toml; the mock trigger opt-in is represented by an otherwise-empty table. + Capabilities map[string]CoreCapabilityNodeTomlConfig `toml:"Capabilities"` +} + +type CoreCapabilityNodeTomlConfig struct { + BinaryPathOverride string `toml:"BinaryPathOverride,omitempty"` + Config map[string]string `toml:"Config,omitempty"` +} + type CoreOCR2TomlConfig struct { Enabled bool `toml:"Enabled"` } diff --git a/integration-tests/deploy/config_test.go b/integration-tests/deploy/config_test.go new file mode 100644 index 000000000..3945deb60 --- /dev/null +++ b/integration-tests/deploy/config_test.go @@ -0,0 +1,50 @@ +package deploy + +import ( + "os" + "path/filepath" + "testing" + + "github.com/BurntSushi/toml" + "github.com/stretchr/testify/require" + + "github.com/smartcontractkit/chainlink-aptos/integration-tests/scripts" +) + +func TestMarshalCoreTomlPreservesLocalCapabilities(t *testing.T) { + t.Parallel() + + input := ` +[Capabilities.Local] +[Capabilities.Local.Capabilities."mock-streams-trigger@1.0.0"] + +[WebServer] +HTTPPort = 6688 +AllowOrigins = '*' +[WebServer.TLS] +HTTPSPort = 0 +` + + var cfg CoreConfigToml + _, err := toml.Decode(input, &cfg) + require.NoError(t, err) + + out, err := marshalCoreToml(&cfg) + require.NoError(t, err) + require.Contains(t, out, `[Capabilities.Local.Capabilities."mock-streams-trigger@1.0.0"]`) +} + +func TestCoreTemplateRoundTripPreservesMockTrigger(t *testing.T) { + t.Parallel() + + input, err := os.ReadFile(filepath.Join(scripts.Templates, "core.toml")) + require.NoError(t, err) + + var cfg CoreConfigToml + _, err = toml.Decode(string(input), &cfg) + require.NoError(t, err) + + out, err := marshalCoreToml(&cfg) + require.NoError(t, err) + require.Contains(t, out, `[Capabilities.Local.Capabilities."mock-streams-trigger@1.0.0"]`) +} diff --git a/integration-tests/templates/core.toml b/integration-tests/templates/core.toml index ea7890124..60bb11b1c 100644 --- a/integration-tests/templates/core.toml +++ b/integration-tests/templates/core.toml @@ -6,6 +6,11 @@ FeedsManager = true LogPoller = true UICSAKeys = true +[Capabilities.Local] +# This empty stanza opt-ins the smoke nodes to the mock trigger that keeps the +# legacy workflow-based Aptos smoke path working against core `develop`. +[Capabilities.Local.Capabilities."mock-streams-trigger@1.0.0"] + [OCR2] Enabled = true