From ee50313260b59e1c963d7d1f4a53321022aec158 Mon Sep 17 00:00:00 2001 From: Adel El-Beik Date: Tue, 2 May 2023 11:24:39 +0100 Subject: [PATCH 1/9] ENT-9883: Updated CODEOWNERS file. --- .github/CODEOWNERS | 49 ++++++++++++++-------------------------------- 1 file changed, 15 insertions(+), 34 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2e77ac821f..8a8dff99e1 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,10 +2,10 @@ *.md @corda/technical-writers # By default anything under core or node-api is the Kernel team -core @corda/kernel -node-api @corda/kernel -node/src/main/kotlin/net/corda/node/internal @corda/kernel -node/src/main/kotlin/net/corda/node/services @corda/kernel +core @rick-r3 +node-api @rick-r3 +node/src/main/kotlin/net/corda/node/internal @rick-r3 +node/src/main/kotlin/net/corda/node/services @rick-r3 # Determinstic components core-deterministic @chrisr3 @@ -17,46 +17,27 @@ serialization-tests @chrisr3 # Demobench defaults to Chris, but Viktor for the main code tools/demobench @chrisr3 -tools/demobench/src/main/kotlin/net/corda/demobench @vkolomeyko # General Corda code -client/rpc @vkolomeyko +core/src/main/kotlin/net/corda/core/flows @rick-r3 +core/src/main/kotlin/net/corda/core/internal/notary @corda/notaries -core/src/main/kotlin/net/corda/core/flows @dimosr -core/src/main/kotlin/net/corda/core/internal/notary @thschroeter -core/src/main/kotlin/net/corda/core/messaging @vkolomeyko +node/src/integration-test/kotlin/net/corda/node/persistence @chriscochrane +node/src/integration-test/kotlin/net/corda/node/services/persistence @chriscochrane +node/src/main/kotlin/net/corda/node/services/messaging @rick-r3 +node/src/main/kotlin/net/corda/node/services/persistence @rick-r3 +node/src/main/kotlin/net/corda/node/services/statemachine @rick-r3 +node/src/main/kotlin/net/corda/notary @corda/notaries -node/src/integration-test/kotlin/net/corda/node/persistence @blsemo -node/src/integration-test/kotlin/net/corda/node/services/persistence @blsemo -node/src/main/kotlin/net/corda/node/internal/artemis @rekalov -node/src/main/kotlin/net/corda/node/services/identity @rekalov -node/src/main/kotlin/net/corda/node/services/keys @rekalov -node/src/main/kotlin/net/corda/node/services/messaging @dimosr -node/src/main/kotlin/net/corda/node/services/network @rekalov -node/src/main/kotlin/net/corda/node/services/persistence @blsemo -node/src/main/kotlin/net/corda/node/services/rpc @vkolomeyko -node/src/main/kotlin/net/corda/node/services/statemachine @lankydan -node/src/main/kotlin/net/corda/node/utilities/registration @rekalov -node/src/main/kotlin/net/corda/notary @thschroeter +node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence @rick-r3 -node-api/src/main/kotlin/net/corda/nodeapi/internal/bridging @vkolomeyko -node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto @rekalov -node-api/src/main/kotlin/net/corda/nodeapi/internal/cryptoservice @rekalov -node-api/src/main/kotlin/net/corda/nodeapi/internal/lifecycle @vkolomeyko -node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence @blsemo -node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper @vkolomeyko -node-api/src/test/kotlin/net/corda/nodeapi/internal/bridging @rekalov - -common/logging/src/main/kotlin/net/corda/common/logging/errorReporting @JamesHR3 -common/logging/src/test/kotlin/net/corda/commmon/logging/errorReporting @JamesHR3 +common/logging/src/main/kotlin/net/corda/common/logging/errorReporting @chriscochrane +common/logging/src/test/kotlin/net/corda/commmon/logging/errorReporting @chriscochrane # Single file ownerships go at the end, as they are most specific and take precedence over other ownerships core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt @adelel1 core/src/main/kotlin/net/corda/core/internal/AttachmentTrustCalculator.kt @adelel1 core/src/main/kotlin/net/corda/core/internal/AttachmentWithContext.kt @adelel1 -core/src/main/kotlin/net/corda/core/internal/CertRole.kt @rekalov core/src/main/kotlin/net/corda/core/node/services/AttachmentStorage.kt @adelel1 -core/src/main/kotlin/net/corda/core/node/services/IdentityService.kt @rekalov -core/src/main/kotlin/net/corda/core/node/services/NetworkMapCache.kt @rekalov From 708fe930394057a8d60c6796b0a8d54b8f856ddf Mon Sep 17 00:00:00 2001 From: Adel El-Beik Date: Tue, 2 May 2023 11:24:39 +0100 Subject: [PATCH 2/9] ENT-9883: Updated CODEOWNERS file. --- .github/CODEOWNERS | 49 ++++++++++++++-------------------------------- 1 file changed, 15 insertions(+), 34 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2e77ac821f..8a8dff99e1 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -2,10 +2,10 @@ *.md @corda/technical-writers # By default anything under core or node-api is the Kernel team -core @corda/kernel -node-api @corda/kernel -node/src/main/kotlin/net/corda/node/internal @corda/kernel -node/src/main/kotlin/net/corda/node/services @corda/kernel +core @rick-r3 +node-api @rick-r3 +node/src/main/kotlin/net/corda/node/internal @rick-r3 +node/src/main/kotlin/net/corda/node/services @rick-r3 # Determinstic components core-deterministic @chrisr3 @@ -17,46 +17,27 @@ serialization-tests @chrisr3 # Demobench defaults to Chris, but Viktor for the main code tools/demobench @chrisr3 -tools/demobench/src/main/kotlin/net/corda/demobench @vkolomeyko # General Corda code -client/rpc @vkolomeyko +core/src/main/kotlin/net/corda/core/flows @rick-r3 +core/src/main/kotlin/net/corda/core/internal/notary @corda/notaries -core/src/main/kotlin/net/corda/core/flows @dimosr -core/src/main/kotlin/net/corda/core/internal/notary @thschroeter -core/src/main/kotlin/net/corda/core/messaging @vkolomeyko +node/src/integration-test/kotlin/net/corda/node/persistence @chriscochrane +node/src/integration-test/kotlin/net/corda/node/services/persistence @chriscochrane +node/src/main/kotlin/net/corda/node/services/messaging @rick-r3 +node/src/main/kotlin/net/corda/node/services/persistence @rick-r3 +node/src/main/kotlin/net/corda/node/services/statemachine @rick-r3 +node/src/main/kotlin/net/corda/notary @corda/notaries -node/src/integration-test/kotlin/net/corda/node/persistence @blsemo -node/src/integration-test/kotlin/net/corda/node/services/persistence @blsemo -node/src/main/kotlin/net/corda/node/internal/artemis @rekalov -node/src/main/kotlin/net/corda/node/services/identity @rekalov -node/src/main/kotlin/net/corda/node/services/keys @rekalov -node/src/main/kotlin/net/corda/node/services/messaging @dimosr -node/src/main/kotlin/net/corda/node/services/network @rekalov -node/src/main/kotlin/net/corda/node/services/persistence @blsemo -node/src/main/kotlin/net/corda/node/services/rpc @vkolomeyko -node/src/main/kotlin/net/corda/node/services/statemachine @lankydan -node/src/main/kotlin/net/corda/node/utilities/registration @rekalov -node/src/main/kotlin/net/corda/notary @thschroeter +node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence @rick-r3 -node-api/src/main/kotlin/net/corda/nodeapi/internal/bridging @vkolomeyko -node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto @rekalov -node-api/src/main/kotlin/net/corda/nodeapi/internal/cryptoservice @rekalov -node-api/src/main/kotlin/net/corda/nodeapi/internal/lifecycle @vkolomeyko -node-api/src/main/kotlin/net/corda/nodeapi/internal/persistence @blsemo -node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper @vkolomeyko -node-api/src/test/kotlin/net/corda/nodeapi/internal/bridging @rekalov - -common/logging/src/main/kotlin/net/corda/common/logging/errorReporting @JamesHR3 -common/logging/src/test/kotlin/net/corda/commmon/logging/errorReporting @JamesHR3 +common/logging/src/main/kotlin/net/corda/common/logging/errorReporting @chriscochrane +common/logging/src/test/kotlin/net/corda/commmon/logging/errorReporting @chriscochrane # Single file ownerships go at the end, as they are most specific and take precedence over other ownerships core/src/main/kotlin/net/corda/core/internal/AbstractAttachment.kt @adelel1 core/src/main/kotlin/net/corda/core/internal/AttachmentTrustCalculator.kt @adelel1 core/src/main/kotlin/net/corda/core/internal/AttachmentWithContext.kt @adelel1 -core/src/main/kotlin/net/corda/core/internal/CertRole.kt @rekalov core/src/main/kotlin/net/corda/core/node/services/AttachmentStorage.kt @adelel1 -core/src/main/kotlin/net/corda/core/node/services/IdentityService.kt @rekalov -core/src/main/kotlin/net/corda/core/node/services/NetworkMapCache.kt @rekalov From f212e0fd855ab220db35cfd4e22da086b1b28b41 Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Fri, 2 Jun 2023 17:53:24 +0100 Subject: [PATCH 3/9] ES-562: Correct modules to scan for C4 OS Snyk scan nightly --- .ci/dev/nightly-regression/JenkinsfileSnykScan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/nightly-regression/JenkinsfileSnykScan b/.ci/dev/nightly-regression/JenkinsfileSnykScan index 564bb516a9..6c0f81d698 100644 --- a/.ci/dev/nightly-regression/JenkinsfileSnykScan +++ b/.ci/dev/nightly-regression/JenkinsfileSnykScan @@ -3,5 +3,5 @@ cordaSnykScanPipeline ( snykTokenId: 'c4-os-snyk-api-token-secret', // specify the Gradle submodules to scan and monitor on snyk Server - modulesToScan: ['node', 'capsule', 'bridge', 'bridgecapsule'] + modulesToScan: ['node', 'capsule'] ) From df62044b6e2e19c442f2bdf6f1a346c62123d5f8 Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Fri, 2 Jun 2023 17:53:24 +0100 Subject: [PATCH 4/9] Include 'ES' jira code in PR title check --- .github/workflows/check-pr-title.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml index ce097eb02a..f99824a302 100644 --- a/.github/workflows/check-pr-title.yml +++ b/.github/workflows/check-pr-title.yml @@ -9,6 +9,6 @@ jobs: steps: - uses: morrisoncole/pr-lint-action@v1.4.1 with: - title-regex: '^((CORDA|AG|EG|ENT|INFRA)-\d+|NOTICK)(.*)' + title-regex: '^((CORDA|AG|EG|ENT|INFRA|ES)-\d+|NOTICK)(.*)' on-failed-regex-comment: "PR title failed to match regex -> `%regex%`" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 51fc4910ccf0749593ffc6c5614652849dbda9e0 Mon Sep 17 00:00:00 2001 From: Connel McGovern Date: Tue, 6 Jun 2023 16:43:28 +0100 Subject: [PATCH 5/9] Removing bridge/bridgecapsule from main release branch CI pipeline --- .ci/dev/regression/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index 5421c21225..1b5506f334 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -89,7 +89,7 @@ pipeline { steps { script { // Invoke Snyk for each Gradle sub project we wish to scan - def modulesToScan = ['node', 'capsule', 'bridge', 'bridgecapsule'] + def modulesToScan = ['node', 'capsule'] modulesToScan.each { module -> snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'") } From 7b163522185f6c6d16cb05559384b96fe3c68411 Mon Sep 17 00:00:00 2001 From: Connel McGovern <100574906+mcgovc@users.noreply.github.com> Date: Tue, 6 Jun 2023 16:46:58 +0100 Subject: [PATCH 6/9] ES-562: Correct modules to scan for C4 OS Snyk scan nightly (#7386) * ES-562: Correct modules to scan for C4 OS Snyk scan nightly * Include 'ES' jira code in PR title check --- .ci/dev/nightly-regression/JenkinsfileSnykScan | 2 +- .github/workflows/check-pr-title.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.ci/dev/nightly-regression/JenkinsfileSnykScan b/.ci/dev/nightly-regression/JenkinsfileSnykScan index 564bb516a9..6c0f81d698 100644 --- a/.ci/dev/nightly-regression/JenkinsfileSnykScan +++ b/.ci/dev/nightly-regression/JenkinsfileSnykScan @@ -3,5 +3,5 @@ cordaSnykScanPipeline ( snykTokenId: 'c4-os-snyk-api-token-secret', // specify the Gradle submodules to scan and monitor on snyk Server - modulesToScan: ['node', 'capsule', 'bridge', 'bridgecapsule'] + modulesToScan: ['node', 'capsule'] ) diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml index ce097eb02a..f99824a302 100644 --- a/.github/workflows/check-pr-title.yml +++ b/.github/workflows/check-pr-title.yml @@ -9,6 +9,6 @@ jobs: steps: - uses: morrisoncole/pr-lint-action@v1.4.1 with: - title-regex: '^((CORDA|AG|EG|ENT|INFRA)-\d+|NOTICK)(.*)' + title-regex: '^((CORDA|AG|EG|ENT|INFRA|ES)-\d+|NOTICK)(.*)' on-failed-regex-comment: "PR title failed to match regex -> `%regex%`" repo-token: "${{ secrets.GITHUB_TOKEN }}" From 01ead5376b3e6cfe46a7750224ea5d8ae558b577 Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Fri, 23 Jun 2023 20:46:36 +0100 Subject: [PATCH 7/9] ES-758: add corda remotes env vars to Jenkins logic (#7400) * ES-758: add corda remotes * ES-758: add corda remotes --- .ci/dev/compatibility/JenkinsfileJDK11Compile | 7 +++++++ .ci/dev/nightly-regression/Jenkinsfile | 1 + .ci/dev/pr-code-checks/Jenkinsfile | 4 ++++ .ci/dev/regression/Jenkinsfile | 1 + Jenkinsfile | 1 + 5 files changed, 14 insertions(+) diff --git a/.ci/dev/compatibility/JenkinsfileJDK11Compile b/.ci/dev/compatibility/JenkinsfileJDK11Compile index 0a7ae93060..69bda8be33 100644 --- a/.ci/dev/compatibility/JenkinsfileJDK11Compile +++ b/.ci/dev/compatibility/JenkinsfileJDK11Compile @@ -22,6 +22,13 @@ pipeline { buildDiscarder(logRotator(daysToKeepStr: '14', artifactDaysToKeepStr: '14')) } + environment { + ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') + CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" + CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" + } + stages { stage('JDK 11 Compile') { steps { diff --git a/.ci/dev/nightly-regression/Jenkinsfile b/.ci/dev/nightly-regression/Jenkinsfile index 98895fdcb8..92eae917af 100644 --- a/.ci/dev/nightly-regression/Jenkinsfile +++ b/.ci/dev/nightly-regression/Jenkinsfile @@ -44,6 +44,7 @@ pipeline { ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" } stages { diff --git a/.ci/dev/pr-code-checks/Jenkinsfile b/.ci/dev/pr-code-checks/Jenkinsfile index 7300f52bda..3693cdfce8 100644 --- a/.ci/dev/pr-code-checks/Jenkinsfile +++ b/.ci/dev/pr-code-checks/Jenkinsfile @@ -17,6 +17,10 @@ pipeline { environment { SNYK_API_TOKEN = credentials('c4-os-snyk-api-token-secret') C4_OS_SNYK_ORG_ID = credentials('c4-os-snyk-org-id') + ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') + CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" + CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" } stages { diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index a301041e42..62681c5ea1 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -54,6 +54,7 @@ pipeline { ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" DOCKER_URL = "https://index.docker.io/v1/" EMAIL_RECIPIENTS = credentials('corda4-email-recipient') SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token diff --git a/Jenkinsfile b/Jenkinsfile index 6c684968b3..a824a677d0 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -47,6 +47,7 @@ pipeline { ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + CORDA_USE_CACHE = "corda-remotes" } stages { From e100bee4f1cf5c815a10952062febce367057704 Mon Sep 17 00:00:00 2001 From: Chris Cochrane <78791827+chriscochrane@users.noreply.github.com> Date: Wed, 28 Jun 2023 13:20:58 +0100 Subject: [PATCH 8/9] ENT-10076,ENT-10080 - Security Vulnerabilities (#7405) * Updated dependencies * Address compiler checks --- build.gradle | 4 ++-- .../corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build.gradle b/build.gradle index 5f63ab7f88..0dafa6db2a 100644 --- a/build.gradle +++ b/build.gradle @@ -79,8 +79,8 @@ buildscript { ext.djvm_version = constants.getProperty("djvmVersion") ext.deterministic_rt_version = constants.getProperty('deterministicRtVersion') ext.okhttp_version = '3.14.2' - ext.netty_version = '4.1.46.Final' - ext.tcnative_version = '2.0.29.Final' + ext.netty_version = '4.1.77.Final' + ext.tcnative_version = '2.0.48.Final' ext.typesafe_config_version = constants.getProperty("typesafeConfigVersion") ext.fileupload_version = '1.4' ext.kryo_version = '4.0.2' diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt index 233b19a712..98910a673f 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt @@ -6,7 +6,7 @@ import io.netty.handler.ssl.SniHandler import io.netty.handler.ssl.SslContextBuilder import io.netty.handler.ssl.SslHandler import io.netty.handler.ssl.SslProvider -import io.netty.util.DomainNameMappingBuilder +import io.netty.util.DomainWildcardMappingBuilder import net.corda.core.crypto.SecureHash import net.corda.core.crypto.newSecureRandom import net.corda.core.identity.CordaX500Name @@ -307,7 +307,7 @@ internal fun createServerSNIOpenSslHandler(keyManagerFactoriesMap: Map Date: Wed, 5 Jul 2023 16:28:08 +0100 Subject: [PATCH 9/9] ES-839: Disable Internal docker publishing for 4.7 ( only supported post 4.9 pacthes) (#7410) * ES-839: Disable Docker publishing for 4.7 * ES-839: remove broken repo --- .ci/dev/regression/Jenkinsfile | 2 +- docker/src/docker/Dockerfile | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile index c2c9249e70..836ccdb3b5 100644 --- a/.ci/dev/regression/Jenkinsfile +++ b/.ci/dev/regression/Jenkinsfile @@ -279,7 +279,7 @@ pipeline { stage('Publish Release Candidate to Internal Repository') { when { - expression { isReleaseCandidate } + expression { return false} // keeping stage to preserve Jenkins history on release branches, but not supported for patch builds pre 4.9 } steps { withCredentials([ diff --git a/docker/src/docker/Dockerfile b/docker/src/docker/Dockerfile index d3d287a750..80eabe193d 100644 --- a/docker/src/docker/Dockerfile +++ b/docker/src/docker/Dockerfile @@ -1,5 +1,8 @@ FROM azul/zulu-openjdk:8u192 +## Remove Azul Zulu repo, as it is gone by now +RUN rm /etc/apt/sources.list.d/zulu.list + ## Add packages, clean cache, create dirs, create corda user and change ownership RUN apt-get update && \ apt-get -y upgrade && \