Merge branch 'master' of https://github.com/hyperledger/indy-plenum i…

…nto master-stable

.github/settings.yml

@@ -0,0 +1,18 @@
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+repository:
+  name: indy-plenum
+  description: Plenum Byzantine Fault Tolerant Protocol
+  homepage: https://wiki.hyperledger.org/display/indy
+  default_branch: master
+  has_downloads: true
+  has_issues: true
+  has_projects: false
+  has_wiki: true
+  archived: false
+  private: false
+  allow_squash_merge: true
+  allow_merge_commit: true
+  allow_rebase_merge: true

.github/workflows/README.md

@@ -0,0 +1,25 @@
+# GitHub Actions Workflow
+
+The workflow in the [build.yaml](build.yaml) file replaces the existing [Jenkins.ci](../../Jenkinsfile.ci) build process.
+
+The `lint` job replaces the `Static code validation` stage of the Jenkins pipeline, while the remainder of the jobs replace the `Build / Test` stage.
+
+The `Build result notification` stage was not moved to GHA, as build failures will be reports via GHA.
+
+Support for Windows continues as a `ToDo` item.
+
+
+## Configuring actions
+
+If you are cloning or forking this repo you will need to configure two secrets for Actions to run correctly.
+
+Secrets can be set via Settings -> Secrets -> New repository secret:
+
+`CR_USER`: is your GH username.  It must be lowercase.
+`CR_PAT`:  can be created by following the [Creating a personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) documentation.
+
+When you create your token, the only permission you need to select is `write:packages` **Upload packages to GitHub package registry**, all other necessary permissions will be selected by default.
+
+You may also need to enable [Improved container support](https://docs.github.com/en/packages/guides/enabling-improved-container-support) in order to allow the images to be written to your repository.  You'll see an error to this affect if this is the case.
+
+Once you have run the build once with those secrets, you have to make the images public.  Access the packages at https://ghcr.io/USER/indy-plenum/plenum-build and https://ghcr.io/USER/indy-plenum/plenum-lint and change the visibility in 'Package Settings' to 'Public' then re-run the build.  Alternatively, if you would prefer to keep the images private, you can manage access to the package and select only the user account associated with the token you setup above.

.github/workflows/build.yaml

@@ -0,0 +1,245 @@
+name: indy-plenum-build
+on: [ push, pull_request, workflow_dispatch ]
+
+jobs:
+
+  workflow-setup:
+    runs-on: ubuntu-latest
+    outputs:
+      CACHE_KEY_BUILD: ${{ steps.cache.outputs.CACHE_KEY_BUILD }}
+      CACHE_KEY_LINT: ${{ steps.cache.outputs.CACHE_KEY_LINT }}
+      # Expose the lowercase version of the GitHub repository name
+      # to all subsequent jobs that reference image repositories
+      # as the push and pull operations require the URL of the repository
+      # to be in lowercase.
+      GITHUB_REPOSITORY_NAME: ${{ steps.cache.outputs.GITHUB_REPOSITORY_NAME }}
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v2
+
+      - name: Set outputs
+        id: cache
+        run: |
+          echo "::set-output name=CACHE_KEY_BUILD::${{ hashFiles('.github/workflows/build/Dockerfile') }}"
+          echo "::set-output name=CACHE_KEY_LINT::${{ hashFiles('.github/workflows/lint/Dockerfile') }}"
+          # Convert the GitHub repository name to lowercase
+          echo "::set-output name=GITHUB_REPOSITORY_NAME::$(echo ${GITHUB_REPOSITORY,,})"
+
+  build-image:
+    # Reference to workflow-setup job is required to access its various outputs.
+    needs: workflow-setup
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: 1
+      CACHE_KEY_BUILD: ${{ needs.workflow-setup.outputs.CACHE_KEY_BUILD }}
+      GITHUB_REPOSITORY_NAME: ${{ needs.workflow-setup.outputs.GITHUB_REPOSITORY_NAME }}
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v2
+
+      - name: Try load from cache.
+        id: cache-image
+        uses: actions/cache@v2
+        with:
+          path: ${GITHUB_WORKSPACE}/cache
+          key: ${{ env.CACHE_KEY_BUILD}}
+
+      - name: If NOT found in cache, build and push image.
+        if: steps.cache-image.outputs.cache-hit != 'true'
+        run: |
+          echo ${{ secrets.CR_PAT }} | docker login ghcr.io --username ${{ secrets.CR_USER }} --password-stdin
+          docker build -f .github/workflows/build/Dockerfile --no-cache -t ${{ env.GITHUB_REPOSITORY_NAME }}/plenum-build:${{ env.CACHE_KEY_BUILD }} .
+          docker tag ${{ env.GITHUB_REPOSITORY_NAME }}/plenum-build:${{ env.CACHE_KEY_BUILD }} ghcr.io/${{ env.GITHUB_REPOSITORY_NAME }}/plenum-build:latest
+          docker push ghcr.io/${{ env.GITHUB_REPOSITORY_NAME }}/plenum-build:latest
+          mkdir -p ${GITHUB_WORKSPACE}/cache
+          touch ${GITHUB_WORKSPACE}/cache/${{ env.CACHE_KEY_BUILD }}
+
+  lint-image:
+    # Reference to workflow-setup job is required to access its various outputs.
+    needs: workflow-setup
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: 1
+      CACHE_KEY_LINT: ${{ needs.workflow-setup.outputs.CACHE_KEY_LINT }}
+      GITHUB_REPOSITORY_NAME: ${{ needs.workflow-setup.outputs.GITHUB_REPOSITORY_NAME }}
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v2
+
+      - name: Try load from cache.
+        id: cache-image
+        uses: actions/cache@v2
+        with:
+          path: ${GITHUB_WORKSPACE}/cache
+          key: ${{ env.CACHE_KEY_LINT}}
+
+      - name: If NOT found in cache, build and push image.
+        if: steps.cache-image.outputs.cache-hit != 'true'
+        run: |
+          echo ${{ secrets.CR_PAT }} | docker login ghcr.io --username ${{ secrets.CR_USER }} --password-stdin
+          docker build -f .github/workflows/lint/Dockerfile --no-cache -t ${{ env.GITHUB_REPOSITORY_NAME }}/plenum-lint:${{ env.CACHE_KEY_LINT }} .
+          docker tag ${{ env.GITHUB_REPOSITORY_NAME }}/plenum-lint:${{ env.CACHE_KEY_LINT }} ghcr.io/${{ env.GITHUB_REPOSITORY_NAME }}/plenum-lint:latest
+          docker push ghcr.io/${{ env.GITHUB_REPOSITORY_NAME }}/plenum-lint:latest
+          mkdir -p ${GITHUB_WORKSPACE}/cache
+          touch ${GITHUB_WORKSPACE}/cache/${{ env.CACHE_KEY_LINT }}
+
+  indy_plenum_tests:
+    name: Indy Plenum Test Slices
+    # Reference to workflow-setup job is required to access the GITHUB_REPOSITORY_NAME output.
+    needs: [workflow-setup, build-image]
+    runs-on: ubuntu-20.04
+    # Fix for scacap/action-surefire-report out of memory error:
+    # - https://github.com/ScaCap/action-surefire-report/issues/17
+    env:
+      NODE_OPTIONS: '--max_old_space_size=4096'
+    container:
+      image: ghcr.io/${{ needs.workflow-setup.outputs.GITHUB_REPOSITORY_NAME }}/plenum-build
+    strategy:
+      matrix:
+        module: [plenum]
+        # To slice up the tests into smaller chunks add additional sequential
+        # numbers here.  The subsequent steps will adjust automatically.
+        # ${{ strategy.job-total }} is used to get the total number of slices.
+        slice: [1, 2, 3, 4, 5, 6, 7, 8]
+      fail-fast: false
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: pip install .[tests]
+
+      - name: Run Indy Plenum ${{ matrix.module }} test slice ${{ matrix.slice }}/${{ strategy.job-total }}
+        id: plenum-test
+        run: RUSTPYTHONASYNCIODEBUG=0 python3 runner.py --pytest "python3 -m pytest -l -vv" --dir "${{ matrix.module }}" --output "test-result-plenum-${{ matrix.slice }}.txt" --test-only-slice "${{ matrix.slice }}/${{ strategy.job-total }}"
+
+      - name: Publish Test Report
+        if: success() || failure()
+        uses: scacap/[email protected]
+        continue-on-error: true
+        with:
+          check_name: Indy Plenum ${{ matrix.module }} Test Report for slice ${{ matrix.slice }}/${{ strategy.job-total }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          report_paths: "*-test-results.xml"
+
+      - name: 'Upload Detailed Test Failure Results'
+        # The test runner only emits the detailed test results if the tests fail.
+        if: (steps.plenum-test.outcome == 'failure') && failure()
+        uses: actions/upload-artifact@v2
+        with:
+          name: detailed-test-result-slice-${{ matrix.slice }}
+          path: test-result-plenum-${{ matrix.slice }}.txt
+          retention-days: 5
+
+  indy_plenum:
+    name: Indy Plenum Tests
+    # Reference to workflow-setup job is required to access the GITHUB_REPOSITORY_NAME output.
+    needs: [workflow-setup, build-image]
+    runs-on: ubuntu-20.04
+    container:
+      image: ghcr.io/${{ needs.workflow-setup.outputs.GITHUB_REPOSITORY_NAME }}/plenum-build
+    strategy:
+      matrix:
+        module: [common, crypto, ledger, state, storage, stp_core, stp_zmq]
+      fail-fast: false
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: pip install .[tests]
+
+      - name: Run Indy Plenum ${{ matrix.module }} tests
+        run: python3 -m pytest -l -vv --junitxml=test-result-plenum-${{ matrix.module }}.xml ${{ matrix.module }}
+
+      - name: Publish Test Report
+        uses: scacap/[email protected]
+        continue-on-error: true
+        with:
+          check_name: Indy Plenum ${{ matrix.module }} Test Report
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          report_paths: test-result-plenum-${{ matrix.module }}.xml
+
+  lint:
+    name: Lint
+    # Reference to workflow-setup job is required to access the GITHUB_REPOSITORY_NAME output.
+    needs: [workflow-setup, lint-image]
+    runs-on: ubuntu-20.04
+    container:
+      image: ghcr.io/${{ needs.workflow-setup.outputs.GITHUB_REPOSITORY_NAME }}/plenum-lint
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: flake8
+        run: python3 -m flake8
+
+  build_plenum_release:
+    name: Indy Plenum Release
+    needs: [workflow-setup, indy_plenum, indy_plenum_tests, lint]
+    runs-on: ubuntu-20.04
+    container:
+      image: ghcr.io/${{ needs.workflow-setup.outputs.GITHUB_REPOSITORY_NAME }}/plenum-build
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v1
+
+      - name: Build Indy Plenum deployment package
+        run: |
+          mkdir -p /tmp/build-output
+          ./build-scripts/ubuntu-1604/build-indy-plenum.sh /__w/indy-plenum/indy-plenum 1.14.0 /tmp/build-output
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: plenum-deb
+          path: /tmp/build-output
+
+  build_plenum_3rd_party_dependencies:
+    name: Indy Plenum 3rd Party Dependencies
+    needs: [workflow-setup, indy_plenum, indy_plenum_tests, lint]
+    runs-on: ubuntu-20.04
+    container:
+      image: ghcr.io/${{ needs.workflow-setup.outputs.GITHUB_REPOSITORY_NAME }}/plenum-build
+    strategy:
+      fail-fast: false
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v1
+
+      - name: Try load from cache.
+        id: third-party-dependencies
+        uses: actions/cache@v2
+        with:
+          path: /tmp/cache
+          key: ${{ hashFiles('./build-scripts/ubuntu-1604/build-3rd-parties.sh') }}
+
+      - name: Build 3rd party deployment packages
+        if: steps.third-party-dependencies.outputs.cache-hit != 'true'
+        run: |
+          mkdir -p ./build-scripts/ubuntu-1604/cache/3rd-party-dependencies/  
+          ./build-scripts/ubuntu-1604/build-3rd-parties.sh ./cache/3rd-party-dependencies
+          cd ./build-scripts/ubuntu-1604
+          mv ./cache/* /tmp/cache
+      
+
+  publish_plenum_rc:
+    name: Publish release candidate
+    runs-on: ubuntu-20.04
+    needs: ['build_plenum_release', 'build_plenum_3rd_party_dependencies']
+    if: github.event_name == 'push' && (github.repository == 'hyperledger/indy-plenum' && github.ref == 'refs/heads/release*')
+    steps:
+      - name: pub
+        run: |
+          echo "publish rc"
+
+  publish_plenum_release:
+    name: Publish release
+    runs-on: ubuntu-20.04
+    needs: ['build_plenum_release', 'build_plenum_3rd_party_dependencies']
+    if: github.event_name == 'push' && (github.repository == 'hyperledger/indy-plenum' && github.ref == 'refs/heads/master')
+    steps:
+      - name: pub
+        run: |
+          echo "publish release"

.github/workflows/build/Dockerfile

@@ -0,0 +1,25 @@
+FROM hyperledger/indy-core-baseci:0.0.3-master
+LABEL maintainer="Hyperledger <[email protected]>"
+
+RUN apt-get update -y && apt-get install -y \
+    python3-nacl \
+    libindy-crypto=0.4.5 \
+    libindy=1.13.0~1420 \
+# rocksdb python wrapper
+    libbz2-dev \
+    zlib1g-dev \
+    liblz4-dev \
+    libsnappy-dev \
+    rocksdb=5.8.8 \
+    ursa=0.3.2-2 \
+# Build dependencies
+    ruby \
+    ruby-dev \
+    rubygems \
+    gcc \
+    make 
+
+# install fpm
+RUN gem install --no-ri --no-rdoc rake fpm
+
+RUN indy_image_clean

.github/workflows/lint/Dockerfile

@@ -0,0 +1,21 @@
+# Development
+FROM ubuntu:18.04
+LABEL maintainer="Hyperledger <[email protected]>"
+
+RUN apt-get update && apt-get dist-upgrade -y
+
+# Install environment
+RUN apt-get install -y \
+	git \
+	wget \
+	python3.5 \
+	python3-pip \
+	python-setuptools \
+	python3-nacl
+
+RUN pip3 install -U \
+	'pip<10.0.0' \
+	setuptools \
+	pep8==1.7.1 \
+	pep8-naming==0.6.1 \
+	flake8==3.5.0

.gitignore

@@ -27,6 +27,9 @@ var/
 *.egg
 *.eggs
 
+# Needed for GitHub Actions
+!.github/workflows/build
+
 # PyInstaller
 #  Usually these files are written by a python script from a template
 #  before PyInstaller builds the exe, so as to inject date/other infos into it.
@@ -86,8 +89,9 @@ venv/
 # generated doc files
 docs/source/api_docs/
 
-# hidden files
-.*
+# IntelliJ specific config
+*.idea
+*.iml
 
 # log files
 *.log
@@ -101,7 +105,5 @@ target/
 # Ipython Notebook
 .ipynb_checkpoints
 
-# Hidden files
-.*
 
 

CODEOWNERS

@@ -1,2 +1,10 @@
-# Indy Common:
-*	@anikitinDSR @ashcherbakov @skhoroshavin @Toktar @donqui
+# SPDX-License-Identifier: Apache-2.0
+
+# Indy Admin
+*       @hyperledger/indy-admin
+
+# Indy Common
+*       @hyperledger/indy-common
+
+# Indy Plenum Maintainers
+*       @hyperledger/indy-plenum-maintainers