From 893346e70b1220be999d89853a0f9ecae5083b08 Mon Sep 17 00:00:00 2001 From: canton-network-da Date: Fri, 21 Feb 2025 10:04:06 +0100 Subject: [PATCH] Update Splice from CCI (#236) Signed-off-by: DA Automation Co-authored-by: DA Automation --- LATEST_RELEASE | 2 +- VERSION | 2 +- .../splice/config/ConfigTransforms.scala | 9 +++ .../splice/config/SpliceConfig.scala | 4 + .../integration/plugins/UseToxiproxy.scala | 42 +++++++--- .../tests/ManualStartIntegrationTest.scala | 23 ++++++ apps/common/frontend/package.json | 2 +- .../src/contexts/LedgerApiContext.tsx | 31 +++++++- apps/common/frontend/src/contexts/index.ts | 1 + .../src/main/openapi/common-internal.yaml | 3 +- .../V035__scan_txlog_event_id_index.sql | 3 + .../config/CNRemoteParticipantConfig.scala | 21 +++-- .../splice/config/SpliceConfig.scala | 2 +- .../splice/environment/Node.scala | 12 ++- .../splice/environment/NodeBase.scala | 7 +- apps/package-lock.json | 14 ++-- apps/scan/src/main/openapi/scan-external.yaml | 10 +-- apps/scan/src/main/openapi/scan-internal.yaml | 56 +++++++------ .../splice/scan/ScanApp.scala | 9 ++- .../splice/scan/store/ScanStore.scala | 6 ++ apps/splitwell/frontend/src/App.tsx | 25 ++---- .../splice/splitwell/SplitwellApp.scala | 9 ++- .../automation/SvDsoAutomationService.scala | 1 + .../LocalSequencerConnectionsTrigger.scala | 3 +- .../splice/sv/config/SvAppConfig.scala | 25 ++++-- .../joining/JoiningNodeInitializer.scala | 8 +- .../sv/onboarding/sv1/SV1Initializer.scala | 18 +++-- .../resources/cometbft/sv1/config/config.toml | 6 +- .../resources/cometbft/sv2/config/config.toml | 6 +- .../cometbft/sv2Local/config/config.toml | 6 +- .../resources/cometbft/sv3/config/config.toml | 6 +- .../resources/cometbft/sv4/config/config.toml | 6 +- .../splice/validator/ValidatorApp.scala | 29 ++++--- ...ReconcileSequencerConnectionsTrigger.scala | 15 +++- .../ValidatorAutomationService.scala | 3 + .../validator/domain/DomainConnector.scala | 15 ++-- cluster/helm/cn-docs/Chart-template.yaml | 5 ++ cluster/helm/cn-docs/Chart.lock | 6 ++ cluster/helm/cn-docs/templates/docs.yaml | 1 + cluster/helm/cn-docs/templates/gcs-proxy.yaml | 1 + .../Chart-template.yaml | 5 ++ .../splice-cluster-ingress-runbook/Chart.lock | 6 ++ .../Chart-template.yaml | 5 ++ .../Chart.lock | 6 ++ .../helm/splice-cometbft/Chart-template.yaml | 5 ++ cluster/helm/splice-cometbft/Chart.lock | 6 ++ .../splice-cometbft/templates/deployment.yaml | 1 + .../templates/partials/_config-toml.tpl | 6 +- .../helm/splice-cometbft/values-template.yaml | 19 +++-- .../helm/splice-domain/templates/domain.yaml | 1 + .../templates/mediator.yaml | 1 + .../templates/sequencer.yaml | 1 + .../splice-istio-gateway/Chart-template.yaml | 5 ++ cluster/helm/splice-istio-gateway/Chart.lock | 6 ++ .../templates/load-tester.yaml | 1 + .../templates/participant.yaml | 1 + .../helm/splice-postgres/Chart-template.yaml | 5 ++ cluster/helm/splice-postgres/Chart.lock | 6 ++ .../splice-postgres/templates/postgres.yaml | 1 + cluster/helm/splice-scan/templates/scan.yaml | 1 + .../templates/splitwell.yaml | 1 + .../templates/splitwell-web-ui.yaml | 1 + .../splice-sv-node/templates/sv-web-ui.yaml | 1 + cluster/helm/splice-sv-node/templates/sv.yaml | 3 +- .../splice-util-lib/templates/_helpers.tpl | 6 ++ .../templates/ans-web-ui.yaml | 1 + .../splice-validator/templates/validator.yaml | 1 + .../templates/wallet-web-ui.yaml | 1 + cluster/images/ans-web-ui/Dockerfile | 3 + .../canton-cometbft-sequencer/Dockerfile | 4 +- cluster/images/canton-domain/Dockerfile | 4 +- cluster/images/canton-mediator/Dockerfile | 4 +- cluster/images/canton-participant/Dockerfile | 4 +- cluster/images/canton-sequencer/Dockerfile | 4 +- cluster/images/canton/Dockerfile | 1 + cluster/images/cometbft/Dockerfile | 4 + cluster/images/docs/Dockerfile | 2 + cluster/images/gcs-proxy/Dockerfile | 3 + cluster/images/load-tester/Dockerfile | 2 + cluster/images/local.mk | 12 ++- cluster/images/multi-participant/Dockerfile | 3 + cluster/images/multi-validator/Dockerfile | 3 + .../pulumi-kubernetes-operator/Dockerfile | 3 +- cluster/images/scan-app/Dockerfile | 3 + cluster/images/scan-web-ui/Dockerfile | 3 + cluster/images/splice-app/Dockerfile | 2 + cluster/images/splice-debug/Dockerfile | 2 + cluster/images/splice-test-ci/Dockerfile | 3 +- .../images/splice-test-cometbft/Dockerfile | 7 +- cluster/images/splice-test-cometbft/local.mk | 1 + .../splice-test-docker-runner/Dockerfile | 3 +- .../images/splice-test-postgres/Dockerfile | 1 + .../images/splice-test-runner-hook/Dockerfile | 2 + cluster/images/splice-web-ui/Dockerfile | 2 + cluster/images/splitwell-app/Dockerfile | 3 +- cluster/images/splitwell-web-ui/Dockerfile | 3 + cluster/images/sv-app/Dockerfile | 3 + cluster/images/sv-web-ui/Dockerfile | 3 + cluster/images/validator-app/Dockerfile | 4 +- cluster/images/wallet-web-ui/Dockerfile | 3 + .../canton-network/catchup.json | 79 ++++++++----------- docs/src/conf.py | 2 + nix/canton-sources.json | 4 +- nix/extra-pulumi-packages.nix | 16 ++++ nix/generate_pulumi_packages.sh | 1 + nix/shell.nix | 3 +- project/ignore-patterns/canton_log.ignore.txt | 3 + 107 files changed, 555 insertions(+), 213 deletions(-) create mode 100644 apps/common/src/main/resources/db/migration/canton-network/postgres/stable/V035__scan_txlog_event_id_index.sql create mode 100644 cluster/helm/cn-docs/Chart.lock create mode 100644 cluster/helm/splice-cluster-ingress-runbook/Chart.lock create mode 100644 cluster/helm/splice-cluster-loopback-gateway/Chart.lock create mode 100644 cluster/helm/splice-cometbft/Chart.lock create mode 100644 cluster/helm/splice-istio-gateway/Chart.lock create mode 100644 cluster/helm/splice-postgres/Chart.lock diff --git a/LATEST_RELEASE b/LATEST_RELEASE index 20805912..0b9c0199 100644 --- a/LATEST_RELEASE +++ b/LATEST_RELEASE @@ -1 +1 @@ -0.3.11 +0.3.12 diff --git a/VERSION b/VERSION index 0b9c0199..e4737652 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.12 +0.3.13 diff --git a/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/ConfigTransforms.scala b/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/ConfigTransforms.scala index 9fb5fdd0..5c97cf53 100644 --- a/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/ConfigTransforms.scala +++ b/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/ConfigTransforms.scala @@ -635,6 +635,15 @@ object ConfigTransforms { .focus(_.ledgerApi) .modify(portTransform(bump, _)) + private def portTransform( + bump: Int, + c: SvParticipantClientConfig, + ): SvParticipantClientConfig = + c.focus(_.adminApi) + .modify(portTransform(bump, _)) + .focus(_.ledgerApi) + .modify(portTransform(bump, _)) + private def portTransform(bump: Int, c: SvSequencerConfig): SvSequencerConfig = c.focus(_.adminApi) .modify(portTransform(bump, _)) diff --git a/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/SpliceConfig.scala b/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/SpliceConfig.scala index 0a668f47..9402f909 100644 --- a/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/SpliceConfig.scala +++ b/apps/app/src/main/scala/org/lfdecentralizedtrust/splice/config/SpliceConfig.scala @@ -495,6 +495,8 @@ object SpliceConfig { ) implicit val beneficiaryConfigReader: ConfigReader[BeneficiaryConfig] = deriveReader[BeneficiaryConfig] + implicit val svParticipantClientConfigReader: ConfigReader[SvParticipantClientConfig] = + deriveReader[SvParticipantClientConfig] implicit val svConfigReader: ConfigReader[SvAppBackendConfig] = deriveReader[SvAppBackendConfig].emap { conf => def checkFoundDsoConfig(check: (SvAppBackendConfig, FoundDso) => Boolean) = @@ -847,6 +849,8 @@ object SpliceConfig { implicitly[ConfigWriter[String]].contramap(_.toString) implicit val beneficiaryConfigWriter: ConfigWriter[BeneficiaryConfig] = deriveWriter[BeneficiaryConfig] + implicit val svParticipantClientConfigWriter: ConfigWriter[SvParticipantClientConfig] = + deriveWriter[SvParticipantClientConfig] implicit val svConfigWriter: ConfigWriter[SvAppBackendConfig] = deriveWriter[SvAppBackendConfig] diff --git a/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/plugins/UseToxiproxy.scala b/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/plugins/UseToxiproxy.scala index 1617ae13..f6d1613b 100644 --- a/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/plugins/UseToxiproxy.scala +++ b/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/plugins/UseToxiproxy.scala @@ -1,6 +1,7 @@ package org.lfdecentralizedtrust.splice.integration.plugins.toxiproxy import org.lfdecentralizedtrust.splice.config.{SpliceConfig, ParticipantClientConfig} +import org.lfdecentralizedtrust.splice.sv.config.SvParticipantClientConfig import org.lfdecentralizedtrust.splice.environment.EnvironmentImpl import org.lfdecentralizedtrust.splice.integration.tests.SpliceTests.SpliceTestConsoleEnvironment import org.lfdecentralizedtrust.splice.scan.admin.api.client.BftScanConnection.BftScanClientConfig @@ -35,20 +36,35 @@ case class UseToxiproxy( proxies += (name -> proxy) } + def addLedgerApiProxy( + instanceName: String, + participantClient: SvParticipantClientConfig, + extraPortBump: Int, + ): SvParticipantClientConfig = { + val bump = portBump + extraPortBump + val lapiHost = participantClient.ledgerApi.clientConfig.address + val lapiPort = participantClient.ledgerApi.clientConfig.port + val upstream = s"${lapiHost}:${lapiPort}" + val listenPort = lapiPort + bump + addProxy(s"${instanceName}-ledger-api", s"localhost:${listenPort}", upstream) + participantClient.focus(_.ledgerApi.clientConfig).modify(c => c.copy(port = c.port + bump)) + } + + def addLedgerApiProxy( + instanceName: String, + participantClient: ParticipantClientConfig, + extraPortBump: Int, + ): ParticipantClientConfig = { + val bump = portBump + extraPortBump + val lapiHost = participantClient.ledgerApi.clientConfig.address + val lapiPort = participantClient.ledgerApi.clientConfig.port + val upstream = s"${lapiHost}:${lapiPort}" + val listenPort = lapiPort + bump + addProxy(s"${instanceName}-ledger-api", s"localhost:${listenPort}", upstream) + participantClient.focus(_.ledgerApi.clientConfig).modify(c => c.copy(port = c.port + bump)) + } + override def beforeEnvironmentCreated(config: SpliceConfig): SpliceConfig = { - def addLedgerApiProxy( - instanceName: String, - participantClient: ParticipantClientConfig, - extraPortBump: Int, - ): ParticipantClientConfig = { - val bump = portBump + extraPortBump - val lapiHost = participantClient.ledgerApi.clientConfig.address - val lapiPort = participantClient.ledgerApi.clientConfig.port - val upstream = s"${lapiHost}:${lapiPort}" - val listenPort = lapiPort + bump - addProxy(s"${instanceName}-ledger-api", s"localhost:${listenPort}", upstream) - participantClient.focus(_.ledgerApi.clientConfig).modify(c => c.copy(port = c.port + bump)) - } def addScanAppHttpProxy( instanceName: String, diff --git a/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ManualStartIntegrationTest.scala b/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ManualStartIntegrationTest.scala index c58a16b3..e2ff94ae 100644 --- a/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ManualStartIntegrationTest.scala +++ b/apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ManualStartIntegrationTest.scala @@ -1,6 +1,7 @@ package org.lfdecentralizedtrust.splice.integration.tests import com.daml.nonempty.NonEmpty +import com.digitalasset.canton.DomainAlias import com.digitalasset.canton.admin.api.client.data.PruningSchedule import com.digitalasset.canton.config.CantonRequireTypes.InstanceName import com.digitalasset.canton.config.PositiveDurationSeconds @@ -195,6 +196,28 @@ class ManualStartIntegrationTest } } + clue("SV1 and SV2 have configured amplification on the participant sequencer connection") { + Seq( + participantAdminConnection("sv1", sv1Backend.config), + participantAdminConnection("sv2", sv2Backend.config), + ).map { participantConnection => + val sequencerConnections = + participantConnection + .lookupDomainConnectionConfig(DomainAlias.tryCreate("global")) + .futureValue + .value + .sequencerConnections + sequencerConnections.connections.size shouldBe 1 + sequencerConnections.sequencerTrustThreshold shouldBe PositiveInt.tryCreate(1) + sequencerConnections.submissionRequestAmplification shouldBe SubmissionRequestAmplification( + PositiveInt.tryCreate(5), + NonNegativeFiniteDuration.ofSeconds(5), + ) + // otherwise we get log warnings + participantConnection.close() + } + } + // A most basic check to see whether the network is functional onboardWalletUser(aliceWalletClient, aliceValidatorBackend) actAndCheck( diff --git a/apps/common/frontend/package.json b/apps/common/frontend/package.json index 5ebdf9e0..ddd6c7ed 100644 --- a/apps/common/frontend/package.json +++ b/apps/common/frontend/package.json @@ -22,7 +22,7 @@ "common-typeface-termina": "1.0.0", "date-fns": "2.29.3", "decimal.js-light": "2.5.1", - "dompurify": "3.1.6", + "dompurify": "3.2.4", "grpc-web": "1.3.1", "html-react-parser": "5.1.15", "jose": "4.10.3", diff --git a/apps/common/frontend/src/contexts/LedgerApiContext.tsx b/apps/common/frontend/src/contexts/LedgerApiContext.tsx index f46840b1..4fca7904 100644 --- a/apps/common/frontend/src/contexts/LedgerApiContext.tsx +++ b/apps/common/frontend/src/contexts/LedgerApiContext.tsx @@ -10,6 +10,26 @@ import { Choice, ContractId, Template, TemplateOrInterface } from '@daml/types'; const ANS_LEDGER_NAME = 'ans-ledger'; +interface JsonApiErrorResponse { + status: number; + statusText: string; + body: string; +} + +export class JsonApiError extends Error { + status: number; + statusText: string; + body: string; + + constructor({ status, body, statusText }: JsonApiErrorResponse) { + super(body); + this.name = 'JsonApiError'; + this.status = status; + this.statusText = statusText; + this.body = body; + } +} + export abstract class PackageIdResolver { protected getQualifiedName(templateId: string): string { const parts = templateId.split(':'); @@ -81,6 +101,7 @@ export class LedgerApiClient { ); return user.primaryParty!; } + async exercise( actAs: string[], readAs: string[], @@ -142,11 +163,17 @@ export class LedgerApiClient { return r.json(); } else { const body = await r.text(); - throw new Error(`HTTP ${r.status} ${r.statusText}: ${body}`); + throw new JsonApiError({ status: r.status, body: body, statusText: r.statusText }); } }) .catch(e => { - console.debug(`${describeChoice} failed: ${JSON.stringify(e)}`); + if (e instanceof JsonApiError) { + console.debug( + `${describeChoice} failed with status ${e.status}: ${e.statusText} and body: ${e.body}` + ); + } else { + console.debug(`${describeChoice} failed: ${JSON.stringify(e)}`); + } throw e; }); diff --git a/apps/common/frontend/src/contexts/index.ts b/apps/common/frontend/src/contexts/index.ts index 6cce6111..179c3ccb 100644 --- a/apps/common/frontend/src/contexts/index.ts +++ b/apps/common/frontend/src/contexts/index.ts @@ -9,5 +9,6 @@ export { LedgerApiClientProvider, useLedgerApiClient, PackageIdResolver, + JsonApiError, } from './LedgerApiContext'; export { ConfigProvider, useConfig } from './ConfigContext'; diff --git a/apps/common/src/main/openapi/common-internal.yaml b/apps/common/src/main/openapi/common-internal.yaml index 02aad298..040c045c 100644 --- a/apps/common/src/main/openapi/common-internal.yaml +++ b/apps/common/src/main/openapi/common-internal.yaml @@ -273,4 +273,5 @@ components: type: integer format: int64 description: | - When requesting the next page of results, pass this as URL query parameter `after`. \ No newline at end of file + When requesting the next page of results, pass this as URL query parameter `after`. + If absent or `null`, there are no more pages. diff --git a/apps/common/src/main/resources/db/migration/canton-network/postgres/stable/V035__scan_txlog_event_id_index.sql b/apps/common/src/main/resources/db/migration/canton-network/postgres/stable/V035__scan_txlog_event_id_index.sql new file mode 100644 index 00000000..57d89dde --- /dev/null +++ b/apps/common/src/main/resources/db/migration/canton-network/postgres/stable/V035__scan_txlog_event_id_index.sql @@ -0,0 +1,3 @@ +DROP INDEX scan_txlog_store_store_id_entry_type_idx; -- covered by the one below + +CREATE INDEX scan_txlog_store_sid_et_ei ON scan_txlog_store(store_id, entry_type, event_id); diff --git a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/CNRemoteParticipantConfig.scala b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/CNRemoteParticipantConfig.scala index f9a81f67..3dde8ca8 100644 --- a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/CNRemoteParticipantConfig.scala +++ b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/CNRemoteParticipantConfig.scala @@ -7,14 +7,9 @@ import org.apache.pekko.actor.ActorSystem import com.digitalasset.canton.config.ClientConfig import com.digitalasset.canton.participant.config.{BaseParticipantConfig, RemoteParticipantConfig} -/** Configuration to connect the console to a participant running remotely. - * - * @param adminApi the configuration to connect the console to the remote admin api - * @param ledgerApi the configuration to connect the console to the remote ledger api - */ -case class ParticipantClientConfig( - adminApi: ClientConfig, - ledgerApi: LedgerApiClientConfig, +abstract class BaseParticipantClientConfig( + val adminApi: ClientConfig, + val ledgerApi: LedgerApiClientConfig, ) extends BaseParticipantConfig { override def clientAdminApi: ClientConfig = adminApi override def clientLedgerApi: ClientConfig = ledgerApi.clientConfig @@ -27,3 +22,13 @@ case class ParticipantClientConfig( def participantClientConfigWithAdminToken: RemoteParticipantConfig = RemoteParticipantConfig(adminApi, ledgerApi.clientConfig, ledgerApi.authConfig.adminToken) } + +/** Configuration to connect the console to a participant running remotely. + * + * @param adminApi the configuration to connect the console to the remote admin api + * @param ledgerApi the configuration to connect the console to the remote ledger api + */ +case class ParticipantClientConfig( + override val adminApi: ClientConfig, + override val ledgerApi: LedgerApiClientConfig, +) extends BaseParticipantClientConfig(adminApi, ledgerApi) diff --git a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/SpliceConfig.scala b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/SpliceConfig.scala index abe740eb..ba23e3ca 100644 --- a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/SpliceConfig.scala +++ b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/config/SpliceConfig.scala @@ -19,7 +19,7 @@ abstract class SpliceBackendConfig extends LocalNodeConfig { override val topology: TopologyConfig = TopologyConfig() override val monitoring: NodeMonitoringConfig = NodeMonitoringConfig() - def participantClient: ParticipantClientConfig + def participantClient: BaseParticipantClientConfig def automation: AutomationConfig } diff --git a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/Node.scala b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/Node.scala index 2210aa23..4369bb9c 100644 --- a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/Node.scala +++ b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/Node.scala @@ -16,11 +16,10 @@ import com.digitalasset.canton.tracing.{TraceContext, TracerProvider} import io.grpc.Status import io.opentelemetry.api.trace.Tracer -import scala.annotation.nowarn import scala.concurrent.{ExecutionContextExecutor, Future} /** Subclass of NodeBase that provides default initialization for most apps */ -abstract class Node[State <: AutoCloseable & HasHealth]( +abstract class Node[State <: AutoCloseable & HasHealth, PreInitializeState]( serviceUser: String, participantClient: ParticipantClientConfig, parameters: SharedSpliceAppParameters, @@ -51,16 +50,15 @@ abstract class Node[State <: AutoCloseable & HasHealth]( // Code that is run after a ledger connection becomes available but before // waiting for the primary party. This can be used for things like // domain connections and allocation of the primary party. - @nowarn("cat=unused") protected def preInitializeAfterLedgerConnection( connection: BaseLedgerConnection, ledgerClient: SpliceLedgerClient, - )(implicit tc: TraceContext): Future[Unit] = - Future.unit + )(implicit tc: TraceContext): Future[PreInitializeState] def initialize( ledgerClient: SpliceLedgerClient, party: PartyId, + preInitializeState: PreInitializeState, )(implicit tc: TraceContext): Future[State] override protected def initializeNode( @@ -73,7 +71,7 @@ abstract class Node[State <: AutoCloseable & HasHealth]( loggerFactory, ) } - _ <- preInitializeAfterLedgerConnection(initConnection, ledgerClient) + preInitializeState <- preInitializeAfterLedgerConnection(initConnection, ledgerClient) serviceParty <- appInitStep("Get primary party") { retryProvider.getValueWithRetries[PartyId]( RetryFor.WaitingOnInitDependency, @@ -92,6 +90,6 @@ abstract class Node[State <: AutoCloseable & HasHealth]( logger.info(s"Required packages: ${requiredPackageIds}") initConnection.waitForPackages(requiredPackageIds) } - state <- initialize(ledgerClient, serviceParty) + state <- initialize(ledgerClient, serviceParty, preInitializeState) } yield state } diff --git a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/NodeBase.scala b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/NodeBase.scala index 66a6629e..2ea57ff0 100644 --- a/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/NodeBase.scala +++ b/apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/NodeBase.scala @@ -14,7 +14,10 @@ import org.lfdecentralizedtrust.splice.auth.{ AuthTokenSourceNone, } import org.lfdecentralizedtrust.splice.automation.AutomationService -import org.lfdecentralizedtrust.splice.config.{ParticipantClientConfig, SharedSpliceAppParameters} +import org.lfdecentralizedtrust.splice.config.{ + BaseParticipantClientConfig, + SharedSpliceAppParameters, +} import org.lfdecentralizedtrust.splice.http.HttpClient import org.lfdecentralizedtrust.splice.util.{ HasHealth, @@ -66,7 +69,7 @@ import scala.util.control.NonFatal /** A running instance of a canton node. See Node for the subclass that provides the default initialization for most apps. */ abstract class NodeBase[State <: AutoCloseable & HasHealth]( serviceUser: String, - participantClient: ParticipantClientConfig, + participantClient: BaseParticipantClientConfig, parameters: SharedSpliceAppParameters, loggerFactory: NamedLoggerFactory, tracerProvider: TracerProvider, diff --git a/apps/package-lock.json b/apps/package-lock.json index cf4e8910..d456af89 100644 --- a/apps/package-lock.json +++ b/apps/package-lock.json @@ -248,7 +248,7 @@ "common-typeface-termina": "1.0.0", "date-fns": "2.29.3", "decimal.js-light": "2.5.1", - "dompurify": "3.1.6", + "dompurify": "3.2.4", "grpc-web": "1.3.1", "html-react-parser": "5.1.15", "jose": "4.10.3", @@ -6684,7 +6684,7 @@ "version": "2.0.7", "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", - "dev": true + "devOptional": true }, "node_modules/@types/url-parse": { "version": "1.4.4", @@ -8755,9 +8755,13 @@ } }, "node_modules/dompurify": { - "version": "3.1.6", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz", - "integrity": "sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==" + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz", + "integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==", + "license": "(MPL-2.0 OR Apache-2.0)", + "optionalDependencies": { + "@types/trusted-types": "^2.0.7" + } }, "node_modules/domutils": { "version": "3.1.0", diff --git a/apps/scan/src/main/openapi/scan-external.yaml b/apps/scan/src/main/openapi/scan-external.yaml index 95de523a..c23cba10 100644 --- a/apps/scan/src/main/openapi/scan-external.yaml +++ b/apps/scan/src/main/openapi/scan-external.yaml @@ -9,7 +9,7 @@ servers: paths: /v0/domains/{domain_id}/members/{member_id}/traffic-status: get: - tags: [scan, external] + tags: [scan, external, current-state] x-jvm-package: external.scan operationId: "getMemberTrafficStatus" description: | @@ -46,7 +46,7 @@ paths: $ref: "../../../../common/src/main/openapi/common-external.yaml#/components/responses/500" /v0/domains/{domain_id}/parties/{party_id}/participant-id: get: - tags: [scan, external] + tags: [scan, external, gs-connectivity] x-jvm-package: external.scan operationId: "getPartyToParticipant" description: | @@ -81,7 +81,7 @@ paths: $ref: "../../../../common/src/main/openapi/common-external.yaml#/components/responses/500" /v0/validators/validator-faucets: get: - tags: [ scan, external ] + tags: [ scan, external, gs-operations ] x-jvm-package: external.scan operationId: "getValidatorFaucetsByValidator" description: | @@ -93,8 +93,8 @@ paths: in: query required: true description: | - A comma-separated list of validator party IDs. Any party IDs - not matching onboarded validators will be ignored + A list of validator party IDs, one per specification of the parameter. + Any party IDs not matching onboarded validators will be ignored schema: type: array items: diff --git a/apps/scan/src/main/openapi/scan-internal.yaml b/apps/scan/src/main/openapi/scan-internal.yaml index 3f96e94f..efc21ef4 100644 --- a/apps/scan/src/main/openapi/scan-internal.yaml +++ b/apps/scan/src/main/openapi/scan-internal.yaml @@ -17,7 +17,7 @@ paths: $ref: "../../../../common/src/main/openapi/common-external.yaml#/paths/~1version" /v0/dso: get: - tags: [scan, external] + tags: [scan, external, gs-operations] x-jvm-package: scan operationId: "getDsoInfo" responses: @@ -29,7 +29,7 @@ paths: "$ref": "../../../../common/src/main/openapi/common-internal.yaml#/components/schemas/GetDsoInfoResponse" /v0/dso-party-id: get: - tags: [scan, external] + tags: [scan, external, refdata] x-jvm-package: scan operationId: "getDsoPartyId" description: | @@ -43,12 +43,12 @@ paths: "$ref": "#/components/schemas/GetDsoPartyIdResponse" /v0/closed-rounds: get: - tags: [scan, external] + tags: [scan, external, current-state] x-jvm-package: scan operationId: "getClosedRounds" description: | - Every closed mining round on the ledger for the connected Splice network, - in round number order, earliest-first. + Every closed mining round on the ledger still in post-close process for + the connected Splice network, in round number order, earliest-first. responses: "200": description: ok @@ -58,7 +58,7 @@ paths: "$ref": "#/components/schemas/GetClosedRoundsResponse" /v0/open-and-issuing-mining-rounds: post: - tags: [scan, external] + tags: [scan, external, current-state] x-jvm-package: scan operationId: "getOpenAndIssuingMiningRounds" description: | @@ -408,7 +408,7 @@ paths: $ref: "../../../../common/src/main/openapi/common-external.yaml#/components/responses/404" /v0/dso-sequencers: get: - tags: [scan, external] + tags: [scan, external, gs-connectivity] x-jvm-package: scan operationId: "listDsoSequencers" description: | @@ -423,7 +423,7 @@ paths: "$ref": "#/components/schemas/ListDsoSequencersResponse" /v0/scans: get: - tags: [scan, external] + tags: [scan, external, gs-connectivity] x-jvm-package: scan operationId: "listDsoScans" description: | @@ -513,7 +513,7 @@ paths: $ref: "../../../../common/src/main/openapi/common-external.yaml#/components/responses/500" /v1/updates: post: - tags: [scan, external] + tags: [scan, external, bulk-data] x-jvm-package: scan operationId: "getUpdateHistoryV1" description: | @@ -573,7 +573,7 @@ paths: $ref: "../../../../common/src/main/openapi/common-external.yaml#/components/responses/500" /v1/updates/{update_id}: get: - tags: [scan, external] + tags: [scan, external, bulk-data] x-jvm-package: scan operationId: "getUpdateByIdV1" description: | @@ -605,7 +605,7 @@ paths: $ref: "../../../../common/src/main/openapi/common-external.yaml#/components/responses/500" /v0/state/acs/snapshot-timestamp: get: - tags: [scan, external] + tags: [scan, external, bulk-data] x-jvm-package: scan operationId: "getDateOfMostRecentSnapshotBefore" description: | @@ -644,7 +644,7 @@ paths: /v0/state/acs: post: - tags: [scan, external] + tags: [scan, external, bulk-data] x-jvm-package: scan operationId: "getAcsSnapshotAt" description: | @@ -671,7 +671,7 @@ paths: /v0/state/acs/force: post: - tags: [scan, external] + tags: [scan, external, bulk-data] x-jvm-package: scan operationId: "forceAcsSnapshotNow" description: | @@ -694,7 +694,7 @@ paths: /v0/holdings/state: post: - tags: [scan, external] + tags: [scan, external, aggregate] x-jvm-package: scan operationId: "getHoldingsStateAt" description: | @@ -721,7 +721,7 @@ paths: /v0/holdings/summary: post: - tags: [scan, external] + tags: [scan, external, aggregate] x-jvm-package: scan operationId: "getHoldingsSummaryAt" description: | @@ -749,7 +749,7 @@ paths: /v0/ans-entries: get: - tags: [scan, external] + tags: [scan, external, aggregate] x-jvm-package: scan operationId: "listAnsEntries" description: | @@ -782,7 +782,7 @@ paths: "$ref": "#/components/schemas/ListEntriesResponse" /v0/ans-entries/by-party/{party}: get: - tags: [scan, external] + tags: [scan, external, aggregate] x-jvm-package: scan operationId: "lookupAnsEntryByParty" description: | @@ -806,7 +806,7 @@ paths: $ref: "../../../../common/src/main/openapi/common-external.yaml#/components/responses/404" /v0/ans-entries/by-name/{name}: get: - tags: [scan, external] + tags: [scan, external, aggregate] x-jvm-package: scan operationId: "lookupAnsEntryByName" description: If present, the ANS entry named exactly `name`. @@ -1064,7 +1064,7 @@ paths: tags: [ scan, internal ] x-jvm-package: scan operationId: "listVoteRequestsByTrackingCid" - description: Look up several `VoteRequest`s at once by their contract IDs. + description: Look up several `VoteRequest`\ s at once by their contract IDs. requestBody: required: true content: @@ -1108,7 +1108,7 @@ paths: tags: [ scan, internal ] x-jvm-package: scan operationId: "listDsoRulesVoteRequests" - description: List all active `VoteRequest`s. + description: List all active `VoteRequest`\ s. responses: "200": description: ok @@ -1136,7 +1136,7 @@ paths: "$ref": "../../../../common/src/main/openapi/common-internal.yaml#/components/schemas/ListDsoRulesVoteResultsResponse" /v0/admin/validator/licenses: get: - tags: [ scan, external ] + tags: [ scan, external, gs-connectivity ] x-jvm-package: scan operationId: "listValidatorLicenses" description: | @@ -1144,7 +1144,8 @@ paths: sorted newest-first. parameters: - name: "after" - description: How many records at the start to skip, 0 by default. + description: | + A `next_page_token` from a prior response; if absent, return the first page. in: "query" required: false schema: @@ -1254,8 +1255,9 @@ components: properties: rounds: description: | - Contracts of the Daml template `Splice.Round.ClosedMiningRound`, one - for every closed round. + Contracts of the Daml template `Splice.Round:ClosedMiningRound`, one + for every closed round that is still in process, i.e. it either has + unprocessed rewards or a missing `Splice.DsoRules:Confirmation`. type: array items: "$ref": "../../../../common/src/main/openapi/common-external.yaml#/components/schemas/Contract" @@ -2665,7 +2667,9 @@ components: required: ["user", "name", "url", "description"] properties: contract_id: - description: Daml contract ID of template `Splice.Ans:AnsEntry`. + description: | + If present, Daml contract ID of template `Splice.Ans:AnsEntry`. + If absent, this is a DSO-provided entry for either the DSO or an SV. type: string user: description: Owner party ID of this ANS entry. @@ -2683,6 +2687,8 @@ components: description: | Time after which this ANS entry expires; if renewed, it will have a new `contract_id` and `expires_at`. + If `null` or absent, does not expire; this is the case only for + special entries provided by the DSO. type: string format: date-time GetAggregatedRoundsResponse: diff --git a/apps/scan/src/main/scala/org/lfdecentralizedtrust/splice/scan/ScanApp.scala b/apps/scan/src/main/scala/org/lfdecentralizedtrust/splice/scan/ScanApp.scala index eee80e32..27949203 100644 --- a/apps/scan/src/main/scala/org/lfdecentralizedtrust/splice/scan/ScanApp.scala +++ b/apps/scan/src/main/scala/org/lfdecentralizedtrust/splice/scan/ScanApp.scala @@ -11,6 +11,7 @@ import org.lfdecentralizedtrust.splice.admin.http.{AdminRoutes, HttpErrorHandler import org.lfdecentralizedtrust.splice.codegen.java.splice.round as roundCodegen import org.lfdecentralizedtrust.splice.config.SharedSpliceAppParameters import org.lfdecentralizedtrust.splice.environment.{ + BaseLedgerConnection, DarResources, Node, ParticipantAdminConnection, @@ -75,7 +76,7 @@ class ScanApp( ec: ExecutionContextExecutor, esf: ExecutionSequencerFactory, tracer: Tracer, -) extends Node[ScanApp.State]( +) extends Node[ScanApp.State, Unit]( config.svUser, config.participantClient, amuletAppParameters, @@ -88,10 +89,16 @@ class ScanApp( override def packages = super.packages ++ DarResources.amuletNameService.all ++ DarResources.dsoGovernance.all + override def preInitializeAfterLedgerConnection( + connection: BaseLedgerConnection, + ledgerClient: SpliceLedgerClient, + )(implicit traceContext: TraceContext) = Future.unit + override def initialize( ledgerClient: SpliceLedgerClient, // The primary party in scan as that points to the SV party serviceUserPrimaryParty: PartyId, + preInitializeState: Unit, )(implicit tc: TraceContext): Future[ScanApp.State] = { val appInitConnection = ledgerClient .readOnlyConnection( diff --git a/apps/scan/src/main/scala/org/lfdecentralizedtrust/splice/scan/store/ScanStore.scala b/apps/scan/src/main/scala/org/lfdecentralizedtrust/splice/scan/store/ScanStore.scala index 8c2735ea..43a07c48 100644 --- a/apps/scan/src/main/scala/org/lfdecentralizedtrust/splice/scan/store/ScanStore.scala +++ b/apps/scan/src/main/scala/org/lfdecentralizedtrust/splice/scan/store/ScanStore.scala @@ -441,6 +441,12 @@ object ScanStore { svParty = Some(PartyId.tryFromProtoPrimitive(contract.payload.sv)), ) }, + mkFilter(splice.dso.amuletprice.AmuletPriceVote.COMPANION)(co => co.payload.dso == dso) { + contract => + ScanAcsStoreRowData( + contract + ) + }, mkFilter(splice.dsorules.VoteRequest.COMPANION)(co => co.payload.dso == dso) { contract => ScanAcsStoreRowData( contract, diff --git a/apps/splitwell/frontend/src/App.tsx b/apps/splitwell/frontend/src/App.tsx index f9c741c9..ed6d75c4 100644 --- a/apps/splitwell/frontend/src/App.tsx +++ b/apps/splitwell/frontend/src/App.tsx @@ -2,7 +2,13 @@ // SPDX-License-Identifier: Apache-2.0 import { QueryClient, QueryClientProvider } from '@tanstack/react-query'; import { ReactQueryDevtools } from '@tanstack/react-query-devtools'; -import { AuthProvider, UserProvider, theme, PackageIdResolver } from 'common-frontend'; +import { + AuthProvider, + UserProvider, + theme, + PackageIdResolver, + JsonApiError, +} from 'common-frontend'; import { replaceEqualDeep } from 'common-frontend-utils'; import { ScanClientProvider } from 'common-frontend/scan-api'; import React from 'react'; @@ -43,17 +49,6 @@ class SplitwellPackageIdResolver extends PackageIdResolver { const Providers: React.FC = ({ children }) => { const refetchInterval = useConfigPollInterval(); - interface JsonApiError { - code?: string; - error?: string; - errors?: string[]; - status: number; - } - - const checkErrorStrings = (keywords: string[], error: string | undefined) => { - return keywords.some(k => error?.includes(k)); - }; - const queryClient = new QueryClient({ defaultOptions: { queries: { @@ -66,11 +61,7 @@ const Providers: React.FC = ({ children }) => { // because that then also retries on invalid user input. const errResponse = error as JsonApiError; const keywords = ['NOT_CONNECTED_TO_ANY_DOMAIN', 'NOT_CONNECTED_TO_DOMAIN']; - const isDomainConnectionError = - errResponse.errors?.some(e => checkErrorStrings(keywords, e)) || - checkErrorStrings(keywords, errResponse.error) || - checkErrorStrings(keywords, errResponse.code) || - false; + const isDomainConnectionError = keywords.some(k => errResponse.body?.includes(k)); const is404or409 = [404, 409].includes(errResponse.status); return (is404or409 || isDomainConnectionError) && failureCount < 10; diff --git a/apps/splitwell/src/main/scala/org/lfdecentralizedtrust/splice/splitwell/SplitwellApp.scala b/apps/splitwell/src/main/scala/org/lfdecentralizedtrust/splice/splitwell/SplitwellApp.scala index 97408369..f6332129 100644 --- a/apps/splitwell/src/main/scala/org/lfdecentralizedtrust/splice/splitwell/SplitwellApp.scala +++ b/apps/splitwell/src/main/scala/org/lfdecentralizedtrust/splice/splitwell/SplitwellApp.scala @@ -13,6 +13,7 @@ import org.lfdecentralizedtrust.splice.admin.http.{AdminRoutes, HttpErrorHandler import org.lfdecentralizedtrust.splice.codegen.java.splice.splitwell as splitwellCodegen import org.lfdecentralizedtrust.splice.config.SharedSpliceAppParameters import org.lfdecentralizedtrust.splice.environment.{ + BaseLedgerConnection, SpliceLedgerClient, SpliceLedgerConnection, Node, @@ -67,7 +68,7 @@ class SplitwellApp( ec: ExecutionContextExecutor, esf: ExecutionSequencerFactory, tracer: Tracer, -) extends Node[SplitwellApp.State]( +) extends Node[SplitwellApp.State, Unit]( config.providerUser, config.participantClient, amuletAppParameters, @@ -81,9 +82,15 @@ class SplitwellApp( override def packages: Seq[DarResource] = super.packages ++ DarResources.splitwell.all + override def preInitializeAfterLedgerConnection( + connection: BaseLedgerConnection, + ledgerClient: SpliceLedgerClient, + )(implicit traceContext: TraceContext) = Future.unit + override def initialize( ledgerClient: SpliceLedgerClient, partyId: PartyId, + preInitializeState: Unit, )(implicit traceContext: TraceContext): Future[SplitwellApp.State] = for { scanConnection <- appInitStep(s"Get scan connection") { ScanConnection.singleCached( diff --git a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/automation/SvDsoAutomationService.scala b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/automation/SvDsoAutomationService.scala index 02989465..4e5a50fc 100644 --- a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/automation/SvDsoAutomationService.scala +++ b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/automation/SvDsoAutomationService.scala @@ -431,6 +431,7 @@ class SvDsoAutomationService( internalClientConfig.decentralizedSynchronizerAlias, dsoStore, internalClientConfig.sequencerInternalConfig, + config.participantClient.sequencerRequestAmplification, config.domainMigrationId, ) ) diff --git a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/automation/singlesv/LocalSequencerConnectionsTrigger.scala b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/automation/singlesv/LocalSequencerConnectionsTrigger.scala index 2e1946ff..cbf880b3 100644 --- a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/automation/singlesv/LocalSequencerConnectionsTrigger.scala +++ b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/automation/singlesv/LocalSequencerConnectionsTrigger.scala @@ -36,6 +36,7 @@ class LocalSequencerConnectionsTrigger( decentralizedSynchronizerAlias: DomainAlias, store: SvDsoStore, sequencerInternalConfig: ClientConfig, + sequencerRequestAmplification: SubmissionRequestAmplification, migrationId: Long, )(implicit override val ec: ExecutionContext, @@ -103,7 +104,7 @@ class LocalSequencerConnectionsTrigger( val newConnections = SequencerConnections.tryMany( Seq(localSequencerConnection), PositiveInt.tryCreate(1), - submissionRequestAmplification = SubmissionRequestAmplification.NoAmplification, + submissionRequestAmplification = sequencerRequestAmplification, ) if (conf.sequencerConnections == newConnections) { logger.trace( diff --git a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/config/SvAppConfig.scala b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/config/SvAppConfig.scala index 6673bfae..73585911 100644 --- a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/config/SvAppConfig.scala +++ b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/config/SvAppConfig.scala @@ -8,9 +8,10 @@ import org.lfdecentralizedtrust.splice.codegen.java.splice import org.lfdecentralizedtrust.splice.config.{ AutomationConfig, BackupDumpConfig, + BaseParticipantClientConfig, GcpBucketConfig, + LedgerApiClientConfig, ParticipantBootstrapDumpConfig, - ParticipantClientConfig, SpliceBackendConfig, SpliceDbConfig, SpliceInstanceNamesConfig, @@ -198,6 +199,13 @@ final case class BeneficiaryConfig( weight: NonNegativeLong, ) +final case class SvParticipantClientConfig( + override val adminApi: ClientConfig, + override val ledgerApi: LedgerApiClientConfig, + sequencerRequestAmplification: SubmissionRequestAmplification = + SvAppBackendConfig.DEFAULT_SEQUENCER_REQUEST_AMPLIFICATION, +) extends BaseParticipantClientConfig(adminApi, ledgerApi) + case class SvAppBackendConfig( override val adminApi: CommunityAdminServerConfig = CommunityAdminServerConfig(), override val storage: SpliceDbConfig, @@ -207,7 +215,7 @@ case class SvAppBackendConfig( // so it needs to know the expected user name. validatorLedgerApiUser: String, auth: AuthConfig, - participantClient: ParticipantClientConfig, + participantClient: SvParticipantClientConfig, override val automation: AutomationConfig = AutomationConfig(), domains: SvSynchronizerConfig, expectedValidatorOnboardings: List[ExpectedValidatorOnboardingConfig] = Nil, @@ -274,6 +282,13 @@ case class SvAppBackendConfig( } } +object SvAppBackendConfig { + val DEFAULT_SEQUENCER_REQUEST_AMPLIFICATION = SubmissionRequestAmplification( + PositiveInt.tryCreate(5), + NonNegativeFiniteDuration.ofSeconds(5), + ) +} + case class CometBftConfig( enabled: Boolean = false, connectionUri: String = "", @@ -310,10 +325,8 @@ final case class SvSequencerConfig( final case class SvMediatorConfig( adminApi: ClientConfig, - sequencerRequestAmplification: SubmissionRequestAmplification = SubmissionRequestAmplification( - PositiveInt.tryCreate(5), - NonNegativeFiniteDuration.ofSeconds(5), - ), + sequencerRequestAmplification: SubmissionRequestAmplification = + SvAppBackendConfig.DEFAULT_SEQUENCER_REQUEST_AMPLIFICATION, ) { def toCantonConfig: RemoteMediatorConfig = RemoteMediatorConfig( diff --git a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/onboarding/joining/JoiningNodeInitializer.scala b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/onboarding/joining/JoiningNodeInitializer.scala index 4a24feaf..7ff7c719 100644 --- a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/onboarding/joining/JoiningNodeInitializer.scala +++ b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/onboarding/joining/JoiningNodeInitializer.scala @@ -61,7 +61,7 @@ import org.lfdecentralizedtrust.splice.util.{ UploadablePackage, } import com.digitalasset.canton.config.DomainTimeTrackerConfig -import com.digitalasset.canton.config.RequireTypes.NonNegativeLong +import com.digitalasset.canton.config.RequireTypes.{NonNegativeLong, PositiveInt} import com.digitalasset.canton.lifecycle.CloseContext import com.digitalasset.canton.logging.NamedLoggerFactory import com.digitalasset.canton.participant.domain.DomainConnectionConfig @@ -140,8 +140,10 @@ class JoiningNodeInitializer( val domainConfigO = config.domains.global.url.map(url => DomainConnectionConfig( config.domains.global.alias, - SequencerConnections.single( - GrpcSequencerConnection.tryCreate(url) + SequencerConnections.tryMany( + Seq(GrpcSequencerConnection.tryCreate(url)), + PositiveInt.one, + config.participantClient.sequencerRequestAmplification, ), // Set manualConnect = true to avoid any issues with interrupted SV onboardings. // This is changed to false after SV onboarding completes. diff --git a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/onboarding/sv1/SV1Initializer.scala b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/onboarding/sv1/SV1Initializer.scala index 8533f22d..1c9ccd26 100644 --- a/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/onboarding/sv1/SV1Initializer.scala +++ b/apps/sv/src/main/scala/org/lfdecentralizedtrust/splice/sv/onboarding/sv1/SV1Initializer.scala @@ -156,13 +156,17 @@ class SV1Initializer( _ <- participantAdminConnection.ensureDomainRegisteredAndConnected( DomainConnectionConfig( config.domains.global.alias, - sequencerConnections = SequencerConnections.single( - new GrpcSequencerConnection( - NonEmpty.mk(Seq, LocalSynchronizerNode.toEndpoint(internalSequencerApi)), - transportSecurity = internalSequencerApi.tls.isDefined, - customTrustCertificates = None, - SequencerAlias.Default, - ) + sequencerConnections = SequencerConnections.tryMany( + Seq( + new GrpcSequencerConnection( + NonEmpty.mk(Seq, LocalSynchronizerNode.toEndpoint(internalSequencerApi)), + transportSecurity = internalSequencerApi.tls.isDefined, + customTrustCertificates = None, + SequencerAlias.Default, + ) + ), + PositiveInt.one, + config.participantClient.sequencerRequestAmplification, ), manualConnect = false, domainId = None, diff --git a/apps/sv/src/test/resources/cometbft/sv1/config/config.toml b/apps/sv/src/test/resources/cometbft/sv1/config/config.toml index 608ee4f0..a0af03ab 100755 --- a/apps/sv/src/test/resources/cometbft/sv1/config/config.toml +++ b/apps/sv/src/test/resources/cometbft/sv1/config/config.toml @@ -282,7 +282,7 @@ broadcast = true wal_dir = "" # Maximum number of transactions in the mempool -size = 500 +size = 1000 # Limit the total size of all txs in the mempool. # This only accounts for raw transactions (e.g. given 1MB transactions and @@ -290,7 +290,7 @@ size = 500 max_txs_bytes = 1073741824 # Size of the cache (used to filter transactions we saw earlier) in transactions -cache_size = 10000 +cache_size = 100000 # Do not remove invalid transactions from the cache (default: false) # Set to true if it's not possible for any invalid transaction to become valid @@ -312,7 +312,7 @@ max_batch_bytes = 0 # Note, if ttl-num-blocks is also defined, a transaction will be removed if it # has existed in the mempool at least ttl-num-blocks number of blocks or if it's # insertion time into the mempool is beyond ttl-duration. -ttl-duration = "0s" +ttl-duration = "300s" # ttl-num-blocks, if non-zero, defines the maximum number of blocks a transaction # can exist for in the mempool. diff --git a/apps/sv/src/test/resources/cometbft/sv2/config/config.toml b/apps/sv/src/test/resources/cometbft/sv2/config/config.toml index 1fb82210..faa1bdaa 100755 --- a/apps/sv/src/test/resources/cometbft/sv2/config/config.toml +++ b/apps/sv/src/test/resources/cometbft/sv2/config/config.toml @@ -282,7 +282,7 @@ broadcast = true wal_dir = "" # Maximum number of transactions in the mempool -size = 500 +size = 1000 # Limit the total size of all txs in the mempool. # This only accounts for raw transactions (e.g. given 1MB transactions and @@ -290,7 +290,7 @@ size = 500 max_txs_bytes = 1073741824 # Size of the cache (used to filter transactions we saw earlier) in transactions -cache_size = 10000 +cache_size = 100000 # Do not remove invalid transactions from the cache (default: false) # Set to true if it's not possible for any invalid transaction to become valid @@ -312,7 +312,7 @@ max_batch_bytes = 0 # Note, if ttl-num-blocks is also defined, a transaction will be removed if it # has existed in the mempool at least ttl-num-blocks number of blocks or if it's # insertion time into the mempool is beyond ttl-duration. -ttl-duration = "0s" +ttl-duration = "300s" # ttl-num-blocks, if non-zero, defines the maximum number of blocks a transaction # can exist for in the mempool. diff --git a/apps/sv/src/test/resources/cometbft/sv2Local/config/config.toml b/apps/sv/src/test/resources/cometbft/sv2Local/config/config.toml index 1fb82210..faa1bdaa 100755 --- a/apps/sv/src/test/resources/cometbft/sv2Local/config/config.toml +++ b/apps/sv/src/test/resources/cometbft/sv2Local/config/config.toml @@ -282,7 +282,7 @@ broadcast = true wal_dir = "" # Maximum number of transactions in the mempool -size = 500 +size = 1000 # Limit the total size of all txs in the mempool. # This only accounts for raw transactions (e.g. given 1MB transactions and @@ -290,7 +290,7 @@ size = 500 max_txs_bytes = 1073741824 # Size of the cache (used to filter transactions we saw earlier) in transactions -cache_size = 10000 +cache_size = 100000 # Do not remove invalid transactions from the cache (default: false) # Set to true if it's not possible for any invalid transaction to become valid @@ -312,7 +312,7 @@ max_batch_bytes = 0 # Note, if ttl-num-blocks is also defined, a transaction will be removed if it # has existed in the mempool at least ttl-num-blocks number of blocks or if it's # insertion time into the mempool is beyond ttl-duration. -ttl-duration = "0s" +ttl-duration = "300s" # ttl-num-blocks, if non-zero, defines the maximum number of blocks a transaction # can exist for in the mempool. diff --git a/apps/sv/src/test/resources/cometbft/sv3/config/config.toml b/apps/sv/src/test/resources/cometbft/sv3/config/config.toml index c13cefe3..91a53ec1 100755 --- a/apps/sv/src/test/resources/cometbft/sv3/config/config.toml +++ b/apps/sv/src/test/resources/cometbft/sv3/config/config.toml @@ -282,7 +282,7 @@ broadcast = true wal_dir = "" # Maximum number of transactions in the mempool -size = 500 +size = 1000 # Limit the total size of all txs in the mempool. # This only accounts for raw transactions (e.g. given 1MB transactions and @@ -290,7 +290,7 @@ size = 500 max_txs_bytes = 1073741824 # Size of the cache (used to filter transactions we saw earlier) in transactions -cache_size = 10000 +cache_size = 100000 # Do not remove invalid transactions from the cache (default: false) # Set to true if it's not possible for any invalid transaction to become valid @@ -312,7 +312,7 @@ max_batch_bytes = 0 # Note, if ttl-num-blocks is also defined, a transaction will be removed if it # has existed in the mempool at least ttl-num-blocks number of blocks or if it's # insertion time into the mempool is beyond ttl-duration. -ttl-duration = "0s" +ttl-duration = "300s" # ttl-num-blocks, if non-zero, defines the maximum number of blocks a transaction # can exist for in the mempool. diff --git a/apps/sv/src/test/resources/cometbft/sv4/config/config.toml b/apps/sv/src/test/resources/cometbft/sv4/config/config.toml index 4211feff..41b68d4f 100755 --- a/apps/sv/src/test/resources/cometbft/sv4/config/config.toml +++ b/apps/sv/src/test/resources/cometbft/sv4/config/config.toml @@ -282,7 +282,7 @@ broadcast = true wal_dir = "" # Maximum number of transactions in the mempool -size = 500 +size = 1000 # Limit the total size of all txs in the mempool. # This only accounts for raw transactions (e.g. given 1MB transactions and @@ -290,7 +290,7 @@ size = 500 max_txs_bytes = 1073741824 # Size of the cache (used to filter transactions we saw earlier) in transactions -cache_size = 10000 +cache_size = 100000 # Do not remove invalid transactions from the cache (default: false) # Set to true if it's not possible for any invalid transaction to become valid @@ -312,7 +312,7 @@ max_batch_bytes = 0 # Note, if ttl-num-blocks is also defined, a transaction will be removed if it # has existed in the mempool at least ttl-num-blocks number of blocks or if it's # insertion time into the mempool is beyond ttl-duration. -ttl-duration = "0s" +ttl-duration = "300s" # ttl-num-blocks, if non-zero, defines the maximum number of blocks a transaction # can exist for in the mempool. diff --git a/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/ValidatorApp.scala b/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/ValidatorApp.scala index 53811fe6..f9d785e3 100644 --- a/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/ValidatorApp.scala +++ b/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/ValidatorApp.scala @@ -113,7 +113,7 @@ class ValidatorApp( esf: ExecutionSequencerFactory, ec: ExecutionContextExecutor, tracer: Tracer, -) extends Node[ValidatorApp.State]( +) extends Node[ValidatorApp.State, Option[CantonTimestamp]]( config.ledgerApiUser, config.participantClient, amuletAppParameters, @@ -163,9 +163,9 @@ class ValidatorApp( override def preInitializeAfterLedgerConnection( connection: BaseLedgerConnection, ledgerClient: SpliceLedgerClient, - )(implicit traceContext: TraceContext) = + )(implicit traceContext: TraceContext): scala.concurrent.Future[Option[CantonTimestamp]] = for { - _ <- + initialSynchronizerTime <- withParticipantAdminConnection { participantAdminConnection => for { scanConnection <- appInitStep("Getting BFT scan connection") { @@ -182,11 +182,21 @@ class ValidatorApp( config, participantAdminConnection, scanConnection, - clock, config.domainMigrationId, retryProvider, loggerFactory, ) + domainAlreadyRegistered <- participantAdminConnection + .lookupDomainConnectionConfig(config.domains.global.alias) + .map(_.isDefined) + now = clock.now + // This is used by the ReconcileSequencerConnectionsTrigger to avoid travelling back in time if the domain time is behind this. + // We want to avoid using this when we already have a synchronizer connection as then synchronizer time should be used so we + // only use it when the domain has not been registered at all. + // Note that the logic below is also a bit dodgy as it uses CantonTimestamp.now + // even if we have already registered which could be an issue after a restart. + // For now this seems acceptable. + initialSynchronizerTime = Option.when(!domainAlreadyRegistered)(now) _ <- readRestoreDump match { case Some(migrationDump) => val decentralizedSynchronizerInitializer = new DomainDataRestorer( @@ -194,7 +204,7 @@ class ValidatorApp( config.timeTrackerMinObservationDuration, loggerFactory, ) - domainConnector.getDecentralizedSynchronizerSequencerConnections.flatMap { + domainConnector.getDecentralizedSynchronizerSequencerConnections(now).flatMap { allSequencerConnections => val sequencerConnections = allSequencerConnections.values.toSeq match { case Seq() => @@ -226,7 +236,7 @@ class ValidatorApp( else appInitStep("Ensuring decentralized synchronizer registered") { domainConnector - .ensureDecentralizedSynchronizerRegisteredAndConnectedWithCurrentConfig() + .ensureDecentralizedSynchronizerRegisteredAndConnectedWithCurrentConfig(now) } } _ <- appInitStep("Ensuring extra domains registered") { @@ -351,9 +361,9 @@ class ValidatorApp( pruningConfig.retention, ) } - } yield () + } yield initialSynchronizerTime } - } yield () + } yield initialSynchronizerTime private def readRestoreDump = config.restoreFromMigrationDump.map { path => if (config.svValidator) @@ -606,6 +616,7 @@ class ValidatorApp( override def initialize( ledgerClient: SpliceLedgerClient, validatorParty: PartyId, + initialSynchronizerTime: Option[CantonTimestamp], )(implicit traceContext: TraceContext): Future[ValidatorApp.State] = for { _ <- Future.successful(()) @@ -793,7 +804,6 @@ class ValidatorApp( config, participantAdminConnection, scanConnection, - clock, config.domainMigrationId, retryProvider, loggerFactory, @@ -807,6 +817,7 @@ class ValidatorApp( config.sequencerRequestAmplificationPatience, config.contactPoint, config.supportsSoftDomainMigrationPoc, + initialSynchronizerTime, loggerFactory, ) domainId <- scanConnection.getAmuletRulesDomain()(traceContext) diff --git a/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/automation/ReconcileSequencerConnectionsTrigger.scala b/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/automation/ReconcileSequencerConnectionsTrigger.scala index d20e054c..dd9e8ea6 100644 --- a/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/automation/ReconcileSequencerConnectionsTrigger.scala +++ b/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/automation/ReconcileSequencerConnectionsTrigger.scala @@ -13,6 +13,7 @@ import org.lfdecentralizedtrust.splice.environment.{ParticipantAdminConnection, import org.lfdecentralizedtrust.splice.scan.admin.api.client.BftScanConnection import org.lfdecentralizedtrust.splice.validator.domain.DomainConnector import com.daml.nonempty.NonEmpty +import com.digitalasset.canton.data.CantonTimestamp import com.digitalasset.canton.participant.domain.DomainConnectionConfig import com.digitalasset.canton.sequencing.{ GrpcSequencerConnection, @@ -37,6 +38,7 @@ class ReconcileSequencerConnectionsTrigger( domainConnector: DomainConnector, patience: NonNegativeFiniteDuration, supportsSoftDomainMigrationPoc: Boolean, + initialSynchronizerTimeO: Option[CantonTimestamp], )(implicit override val ec: ExecutionContext, override val tracer: Tracer, @@ -68,8 +70,19 @@ class ReconcileSequencerConnectionsTrigger( } _ <- maybeDomainTime match { case Some(domainTime) => + val maxDomainTime = initialSynchronizerTimeO match { + case Some(initialSynchronizerTime) if domainTime < initialSynchronizerTime => + // Without this we can end up in situations where we first use a higher time to connect to + // the synchronizer based on clock.now and then travel back in time as we get a + // synchronizer connection. That doesn't really make any sense so we take the max. + logger.info( + s"Synchronizer time is $domainTime but initial timestamp used to determine synchronizer connections was $initialSynchronizerTime which is higher, using $initialSynchronizerTime instead" + ) + initialSynchronizerTime + case _ => domainTime + } for { - sequencerConnections <- domainConnector.getSequencerConnectionsFromScan(domainTime) + sequencerConnections <- domainConnector.getSequencerConnectionsFromScan(maxDomainTime) _ <- sequencerConnections.toList.traverse_ { case (alias, connections) => val sequencerConnectionConfig = NonEmpty.from(connections) match { case None => diff --git a/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/automation/ValidatorAutomationService.scala b/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/automation/ValidatorAutomationService.scala index 3d32357c..934985cb 100644 --- a/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/automation/ValidatorAutomationService.scala +++ b/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/automation/ValidatorAutomationService.scala @@ -29,6 +29,7 @@ import org.lfdecentralizedtrust.splice.wallet.automation.{ import org.lfdecentralizedtrust.splice.wallet.config.TransferPreapprovalConfig import org.lfdecentralizedtrust.splice.wallet.util.ValidatorTopupConfig import com.digitalasset.canton.config.NonNegativeFiniteDuration +import com.digitalasset.canton.data.CantonTimestamp import com.digitalasset.canton.logging.NamedLoggerFactory import com.digitalasset.canton.time.Clock import com.digitalasset.canton.tracing.TraceContext @@ -67,6 +68,7 @@ class ValidatorAutomationService( sequencerSubmissionAmplificationPatience: NonNegativeFiniteDuration, contactPoint: String, supportsSoftDomainMigrationPoc: Boolean, + initialSynchronizerTime: Option[CantonTimestamp], override protected val loggerFactory: NamedLoggerFactory, )(implicit ec: ExecutionContextExecutor, @@ -196,6 +198,7 @@ class ValidatorAutomationService( domainConnector, sequencerSubmissionAmplificationPatience, supportsSoftDomainMigrationPoc, + initialSynchronizerTime, ) ) diff --git a/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/domain/DomainConnector.scala b/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/domain/DomainConnector.scala index eff319f7..1d0a862e 100644 --- a/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/domain/DomainConnector.scala +++ b/apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/domain/DomainConnector.scala @@ -24,7 +24,6 @@ import com.digitalasset.canton.sequencing.{ SequencerConnections, SubmissionRequestAmplification, } -import com.digitalasset.canton.time.Clock import com.digitalasset.canton.tracing.TraceContext import io.grpc.Status @@ -34,7 +33,6 @@ class DomainConnector( config: ValidatorAppBackendConfig, participantAdminConnection: ParticipantAdminConnection, scanConnection: BftScanConnection, - clock: Clock, migrationId: Long, retryProvider: RetryProvider, val loggerFactory: NamedLoggerFactory, @@ -68,22 +66,22 @@ class DomainConnector( ) } - def ensureDecentralizedSynchronizerRegisteredAndConnectedWithCurrentConfig()(implicit - tc: TraceContext + def ensureDecentralizedSynchronizerRegisteredAndConnectedWithCurrentConfig(time: CantonTimestamp)( + implicit tc: TraceContext ): Future[Unit] = { - getDecentralizedSynchronizerSequencerConnections.flatMap( + getDecentralizedSynchronizerSequencerConnections(time).flatMap( _.toList.traverse_ { case (alias, connections) => ensureDomainRegistered(alias, connections) } ) } - def getDecentralizedSynchronizerSequencerConnections(implicit + def getDecentralizedSynchronizerSequencerConnections(time: CantonTimestamp)(implicit tc: TraceContext ): Future[Map[DomainAlias, SequencerConnections]] = { config.domains.global.url match { case None => - waitForSequencerConnectionsFromScan() + waitForSequencerConnectionsFromScan(time) case Some(url) => if (config.supportsSoftDomainMigrationPoc) { // TODO (#13301) Make this work by making the config more flexible. @@ -126,6 +124,7 @@ class DomainConnector( } private def waitForSequencerConnectionsFromScan( + time: CantonTimestamp )(implicit tc: TraceContext): Future[Map[DomainAlias, SequencerConnections]] = { retryProvider.getValueWithRetries( // Short retries since usually a failure here is just a misconfiguration error. @@ -135,7 +134,7 @@ class DomainConnector( RetryFor.ClientCalls, "scan_sequencer_connections", "non-empty sequencer connections from scan", - getSequencerConnectionsFromScan(clock.now) + getSequencerConnectionsFromScan(time) .map { connections => if (connections.isEmpty) { throw Status.NOT_FOUND diff --git a/cluster/helm/cn-docs/Chart-template.yaml b/cluster/helm/cn-docs/Chart-template.yaml index 497c00c9..8ae74ac1 100644 --- a/cluster/helm/cn-docs/Chart-template.yaml +++ b/cluster/helm/cn-docs/Chart-template.yaml @@ -8,3 +8,8 @@ description: Splice Documentation Server version: VERSION_NUMBER appVersion: VERSION_NUMBER + +dependencies: +- name: splice-util-lib + version: 0.3.0 + repository: file://../splice-util-lib diff --git a/cluster/helm/cn-docs/Chart.lock b/cluster/helm/cn-docs/Chart.lock new file mode 100644 index 00000000..8fb5dfc8 --- /dev/null +++ b/cluster/helm/cn-docs/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: splice-util-lib + repository: file://../splice-util-lib + version: 0.3.0 +digest: sha256:c5a259142f837278690980ec0668f22124aa519df736e3ef8005be613a808ca2 +generated: "2025-02-18T18:05:48.790466218Z" diff --git a/cluster/helm/cn-docs/templates/docs.yaml b/cluster/helm/cn-docs/templates/docs.yaml index 5c34560d..03260894 100644 --- a/cluster/helm/cn-docs/templates/docs.yaml +++ b/cluster/helm/cn-docs/templates/docs.yaml @@ -21,6 +21,7 @@ spec: labels: app: docs spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: docs image: "{{ .Values.imageRepo }}/docs:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).docs) }}" diff --git a/cluster/helm/cn-docs/templates/gcs-proxy.yaml b/cluster/helm/cn-docs/templates/gcs-proxy.yaml index 54edec6b..f928a031 100644 --- a/cluster/helm/cn-docs/templates/gcs-proxy.yaml +++ b/cluster/helm/cn-docs/templates/gcs-proxy.yaml @@ -22,6 +22,7 @@ spec: labels: app: gcs-proxy spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: gcs-proxy image: "{{ .Values.imageRepo }}/gcs-proxy:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).gcs_proxy) }}" diff --git a/cluster/helm/splice-cluster-ingress-runbook/Chart-template.yaml b/cluster/helm/splice-cluster-ingress-runbook/Chart-template.yaml index 10e53cba..9950f297 100644 --- a/cluster/helm/splice-cluster-ingress-runbook/Chart-template.yaml +++ b/cluster/helm/splice-cluster-ingress-runbook/Chart-template.yaml @@ -8,3 +8,8 @@ description: Splice Cluster Ingress version: VERSION_NUMBER appVersion: VERSION_NUMBER + +dependencies: +- name: splice-util-lib + version: 0.3.0 + repository: file://../splice-util-lib diff --git a/cluster/helm/splice-cluster-ingress-runbook/Chart.lock b/cluster/helm/splice-cluster-ingress-runbook/Chart.lock new file mode 100644 index 00000000..fa48b1fb --- /dev/null +++ b/cluster/helm/splice-cluster-ingress-runbook/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: splice-util-lib + repository: file://../splice-util-lib + version: 0.3.0 +digest: sha256:c5a259142f837278690980ec0668f22124aa519df736e3ef8005be613a808ca2 +generated: "2025-02-18T18:08:01.821036331Z" diff --git a/cluster/helm/splice-cluster-loopback-gateway/Chart-template.yaml b/cluster/helm/splice-cluster-loopback-gateway/Chart-template.yaml index 3ec18b2f..0382c11a 100644 --- a/cluster/helm/splice-cluster-loopback-gateway/Chart-template.yaml +++ b/cluster/helm/splice-cluster-loopback-gateway/Chart-template.yaml @@ -8,3 +8,8 @@ description: Splice gateway that loops back traffic to the same cluster without version: VERSION_NUMBER appVersion: VERSION_NUMBER + +dependencies: +- name: splice-util-lib + version: 0.3.0 + repository: file://../splice-util-lib diff --git a/cluster/helm/splice-cluster-loopback-gateway/Chart.lock b/cluster/helm/splice-cluster-loopback-gateway/Chart.lock new file mode 100644 index 00000000..d5b8a4c6 --- /dev/null +++ b/cluster/helm/splice-cluster-loopback-gateway/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: splice-util-lib + repository: file://../splice-util-lib + version: 0.3.0 +digest: sha256:c5a259142f837278690980ec0668f22124aa519df736e3ef8005be613a808ca2 +generated: "2025-02-18T18:08:02.233883833Z" diff --git a/cluster/helm/splice-cometbft/Chart-template.yaml b/cluster/helm/splice-cometbft/Chart-template.yaml index 891d546b..5e030b15 100644 --- a/cluster/helm/splice-cometbft/Chart-template.yaml +++ b/cluster/helm/splice-cometbft/Chart-template.yaml @@ -8,3 +8,8 @@ description: Helm chart for a CometBFT node type: application version: VERSION_NUMBER appVersion: VERSION_NUMBER + +dependencies: +- name: splice-util-lib + version: 0.3.0 + repository: file://../splice-util-lib diff --git a/cluster/helm/splice-cometbft/Chart.lock b/cluster/helm/splice-cometbft/Chart.lock new file mode 100644 index 00000000..faeb8955 --- /dev/null +++ b/cluster/helm/splice-cometbft/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: splice-util-lib + repository: file://../splice-util-lib + version: 0.3.0 +digest: sha256:c5a259142f837278690980ec0668f22124aa519df736e3ef8005be613a808ca2 +generated: "2025-02-18T18:08:02.641215337Z" diff --git a/cluster/helm/splice-cometbft/templates/deployment.yaml b/cluster/helm/splice-cometbft/templates/deployment.yaml index 7cb508ce..d42f6492 100644 --- a/cluster/helm/splice-cometbft/templates/deployment.yaml +++ b/cluster/helm/splice-cometbft/templates/deployment.yaml @@ -29,6 +29,7 @@ spec: migration_id: {{ .id | quote }} {{- end }} spec: + {{- include "splice-util-lib.service-account" $.Values | nindent 6 }} {{- if $.Values.enableAntiAffinity }} affinity: podAntiAffinity: diff --git a/cluster/helm/splice-cometbft/templates/partials/_config-toml.tpl b/cluster/helm/splice-cometbft/templates/partials/_config-toml.tpl index 54d2d90c..789bb5a1 100644 --- a/cluster/helm/splice-cometbft/templates/partials/_config-toml.tpl +++ b/cluster/helm/splice-cometbft/templates/partials/_config-toml.tpl @@ -298,7 +298,7 @@ broadcast = true wal_dir = "" # Maximum number of transactions in the mempool -size = 500 +size = {{ .Values.mempool.size }} # Limit the total size of all txs in the mempool. # This only accounts for raw transactions (e.g. given 1MB transactions and @@ -306,7 +306,7 @@ size = 500 max_txs_bytes = 1073741824 # Size of the cache (used to filter transactions we saw earlier) in transactions -cache_size = 10000 +cache_size = {{ .Values.mempool.deduplicationCacheSize }} # Do not remove invalid transactions from the cache (default: false) # Set to true if it's not possible for any invalid transaction to become valid @@ -328,7 +328,7 @@ max_batch_bytes = 0 # Note, if ttl-num-blocks is also defined, a transaction will be removed if it # has existed in the mempool at least ttl-num-blocks number of blocks or if it's # insertion time into the mempool is beyond ttl-duration. -ttl-duration = "0s" +ttl-duration = "{{ .Values.mempool.ttlSeconds }}s" # ttl-num-blocks, if non-zero, defines the maximum number of blocks a transaction # can exist for in the mempool. diff --git a/cluster/helm/splice-cometbft/values-template.yaml b/cluster/helm/splice-cometbft/values-template.yaml index 6e31258b..a7e34260 100644 --- a/cluster/helm/splice-cometbft/values-template.yaml +++ b/cluster/helm/splice-cometbft/values-template.yaml @@ -5,7 +5,7 @@ imageRepo: "ghcr.io/digital-asset/decentralized-canton-sync/docker" # -- Annotations for the comebft pods pod: - annotations: {} + annotations: { } # Node names use as a moniker to identify the node in the CometBFT network nodeName: "" @@ -19,11 +19,11 @@ stateSync: trustPeriod: "168h0m0s" peers: - # Permanent peers to add alongside the sv1 - # The CometBFT node ID of the peer node - #- nodeId: - # External address, in the format : that can be used to access the p2p port of the peer - # externalAddress: +# Permanent peers to add alongside the sv1 +# The CometBFT node ID of the peer node +#- nodeId: +# External address, in the format : that can be used to access the p2p port of the peer +# externalAddress: node: # The CometBFT node ID id: @@ -94,3 +94,10 @@ metrics: enableAntiAffinity: true logLevel: debug +mempool: + # max number of transactions kept in the mempool + size: 1000 + # number of transactions to keep to deduplicate new transactions + deduplicationCacheSize: 100000 + # max number of seconds that a transaction will be kept in the mempool without being included in a block before being discarded + ttlSeconds: 300 diff --git a/cluster/helm/splice-domain/templates/domain.yaml b/cluster/helm/splice-domain/templates/domain.yaml index 0cdf32e2..49226c72 100644 --- a/cluster/helm/splice-domain/templates/domain.yaml +++ b/cluster/helm/splice-domain/templates/domain.yaml @@ -22,6 +22,7 @@ spec: labels: app: {{ .Release.Name }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: {{ .Release.Name }} image: "{{ .Values.imageRepo }}/canton-domain:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).canton_domain) }}" diff --git a/cluster/helm/splice-global-domain/templates/mediator.yaml b/cluster/helm/splice-global-domain/templates/mediator.yaml index c2eb2b9a..5386f78b 100644 --- a/cluster/helm/splice-global-domain/templates/mediator.yaml +++ b/cluster/helm/splice-global-domain/templates/mediator.yaml @@ -27,6 +27,7 @@ spec: migration_id: {{ .id | quote }} {{- end }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: mediator image: "{{ .Values.imageRepo }}/canton-mediator:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).canton_mediator) }}" diff --git a/cluster/helm/splice-global-domain/templates/sequencer.yaml b/cluster/helm/splice-global-domain/templates/sequencer.yaml index f166f7b4..2e16a706 100644 --- a/cluster/helm/splice-global-domain/templates/sequencer.yaml +++ b/cluster/helm/splice-global-domain/templates/sequencer.yaml @@ -27,6 +27,7 @@ spec: migration_id: {{ .id | quote }} {{- end }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} {{- if $.Values.enableAntiAffinity }} affinity: podAntiAffinity: diff --git a/cluster/helm/splice-istio-gateway/Chart-template.yaml b/cluster/helm/splice-istio-gateway/Chart-template.yaml index 91a4d83b..65397a13 100644 --- a/cluster/helm/splice-istio-gateway/Chart-template.yaml +++ b/cluster/helm/splice-istio-gateway/Chart-template.yaml @@ -8,3 +8,8 @@ description: Splice Istio Gateway version: VERSION_NUMBER appVersion: VERSION_NUMBER + +dependencies: +- name: splice-util-lib + version: 0.3.0 + repository: file://../splice-util-lib diff --git a/cluster/helm/splice-istio-gateway/Chart.lock b/cluster/helm/splice-istio-gateway/Chart.lock new file mode 100644 index 00000000..7a8a8246 --- /dev/null +++ b/cluster/helm/splice-istio-gateway/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: splice-util-lib + repository: file://../splice-util-lib + version: 0.3.0 +digest: sha256:c5a259142f837278690980ec0668f22124aa519df736e3ef8005be613a808ca2 +generated: "2025-02-18T18:08:04.130840587Z" diff --git a/cluster/helm/splice-load-tester/templates/load-tester.yaml b/cluster/helm/splice-load-tester/templates/load-tester.yaml index d3245427..3282eeec 100644 --- a/cluster/helm/splice-load-tester/templates/load-tester.yaml +++ b/cluster/helm/splice-load-tester/templates/load-tester.yaml @@ -20,6 +20,7 @@ spec: labels: app: {{ .Release.Name }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: load-tester image: "{{ .Values.imageRepo }}/load-tester:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).load_tester) }}" diff --git a/cluster/helm/splice-participant/templates/participant.yaml b/cluster/helm/splice-participant/templates/participant.yaml index 1cd064d2..93c45f48 100644 --- a/cluster/helm/splice-participant/templates/participant.yaml +++ b/cluster/helm/splice-participant/templates/participant.yaml @@ -26,6 +26,7 @@ spec: migration_id: {{ .id | quote }} {{- end }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: participant image: "{{ .Values.imageRepo }}/canton-participant:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).canton_participant) }}" diff --git a/cluster/helm/splice-postgres/Chart-template.yaml b/cluster/helm/splice-postgres/Chart-template.yaml index b09aeb76..b242eb78 100644 --- a/cluster/helm/splice-postgres/Chart-template.yaml +++ b/cluster/helm/splice-postgres/Chart-template.yaml @@ -8,3 +8,8 @@ version: VERSION_NUMBER appVersion: VERSION_NUMBER description: Splice Self-Hosted PGSQL + +dependencies: +- name: splice-util-lib + version: 0.3.0 + repository: file://../splice-util-lib diff --git a/cluster/helm/splice-postgres/Chart.lock b/cluster/helm/splice-postgres/Chart.lock new file mode 100644 index 00000000..9252a1dd --- /dev/null +++ b/cluster/helm/splice-postgres/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: splice-util-lib + repository: file://../splice-util-lib + version: 0.3.0 +digest: sha256:c5a259142f837278690980ec0668f22124aa519df736e3ef8005be613a808ca2 +generated: "2025-02-18T18:05:50.877337716Z" diff --git a/cluster/helm/splice-postgres/templates/postgres.yaml b/cluster/helm/splice-postgres/templates/postgres.yaml index 50b57571..9bc79447 100644 --- a/cluster/helm/splice-postgres/templates/postgres.yaml +++ b/cluster/helm/splice-postgres/templates/postgres.yaml @@ -31,6 +31,7 @@ spec: app: {{ .Release.Name }} namespace: {{ .Release.Namespace }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: {{ .Release.Name }} image: postgres:14 diff --git a/cluster/helm/splice-scan/templates/scan.yaml b/cluster/helm/splice-scan/templates/scan.yaml index b171e96b..5e709765 100644 --- a/cluster/helm/splice-scan/templates/scan.yaml +++ b/cluster/helm/splice-scan/templates/scan.yaml @@ -26,6 +26,7 @@ spec: app: {{ $scanAppLabel }} migration: {{ .Values.migration.id | quote }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: scan-app image: "{{ .Values.imageRepo }}/scan-app:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).scan_app) }}" diff --git a/cluster/helm/splice-splitwell-app/templates/splitwell.yaml b/cluster/helm/splice-splitwell-app/templates/splitwell.yaml index 386300b5..4576a3af 100644 --- a/cluster/helm/splice-splitwell-app/templates/splitwell.yaml +++ b/cluster/helm/splice-splitwell-app/templates/splitwell.yaml @@ -21,6 +21,7 @@ spec: labels: app: splitwell-app spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: splitwell-app image: "{{ .Values.imageRepo }}/splitwell-app:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).splitwell_app) }}" diff --git a/cluster/helm/splice-splitwell-web-ui/templates/splitwell-web-ui.yaml b/cluster/helm/splice-splitwell-web-ui/templates/splitwell-web-ui.yaml index 3da630cd..e2bebac4 100644 --- a/cluster/helm/splice-splitwell-web-ui/templates/splitwell-web-ui.yaml +++ b/cluster/helm/splice-splitwell-web-ui/templates/splitwell-web-ui.yaml @@ -20,6 +20,7 @@ spec: labels: app: splitwell-web-ui spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: splitwell-web-ui image: "{{ .Values.imageRepo }}/splitwell-web-ui:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).splitwell_web_ui) }}" diff --git a/cluster/helm/splice-sv-node/templates/sv-web-ui.yaml b/cluster/helm/splice-sv-node/templates/sv-web-ui.yaml index 9ae6eaab..8b6b0b15 100644 --- a/cluster/helm/splice-sv-node/templates/sv-web-ui.yaml +++ b/cluster/helm/splice-sv-node/templates/sv-web-ui.yaml @@ -25,6 +25,7 @@ spec: app: {{ $appIdentifier }} migration: {{ .Values.migration.id | quote }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - env: - name: SPLICE_APP_UI_AUTH_CLIENT_ID diff --git a/cluster/helm/splice-sv-node/templates/sv.yaml b/cluster/helm/splice-sv-node/templates/sv.yaml index 840a33c4..6808d905 100644 --- a/cluster/helm/splice-sv-node/templates/sv.yaml +++ b/cluster/helm/splice-sv-node/templates/sv.yaml @@ -26,6 +26,7 @@ spec: app: {{ $appIdentifier }} migration: {{ .Values.migration.id | quote }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: sv-app image: "{{ .Values.imageRepo }}/sv-app:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).sv_app) }}" @@ -322,10 +323,10 @@ spec: - name: domain-upgrade-dump-volume mountPath: /domain-upgrade-dump {{- end }} + {{- end }} {{- with .Values.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- end }} initContainers: - name: {{ .Release.Name }}-init image: postgres:14 diff --git a/cluster/helm/splice-util-lib/templates/_helpers.tpl b/cluster/helm/splice-util-lib/templates/_helpers.tpl index 64c02f17..ef822f11 100644 --- a/cluster/helm/splice-util-lib/templates/_helpers.tpl +++ b/cluster/helm/splice-util-lib/templates/_helpers.tpl @@ -93,6 +93,7 @@ spec: labels: app: {{ $name }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} volumes: - name: postgres-password secret: @@ -199,3 +200,8 @@ spec: value: {{ .logLevel }} {{- end }} {{- end }} +{{- define "splice-util-lib.service-account" -}} +{{- if .serviceAccountName -}} +serviceAccountName: {{ .serviceAccountName }} +{{- end -}} +{{- end -}} diff --git a/cluster/helm/splice-validator/templates/ans-web-ui.yaml b/cluster/helm/splice-validator/templates/ans-web-ui.yaml index 71a44132..ce386c08 100644 --- a/cluster/helm/splice-validator/templates/ans-web-ui.yaml +++ b/cluster/helm/splice-validator/templates/ans-web-ui.yaml @@ -25,6 +25,7 @@ spec: app: {{ $ansWebUiLabel }} migration: {{ .Values.migration.id | quote }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: ans-web-ui image: "{{ .Values.imageRepo }}/ans-web-ui:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).ans_web_ui) }}" diff --git a/cluster/helm/splice-validator/templates/validator.yaml b/cluster/helm/splice-validator/templates/validator.yaml index 38ca52fd..24acb9b5 100644 --- a/cluster/helm/splice-validator/templates/validator.yaml +++ b/cluster/helm/splice-validator/templates/validator.yaml @@ -26,6 +26,7 @@ spec: app: {{ $validatorAppLabel }} migration: {{ .Values.migration.id | quote }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - name: validator-app image: "{{ .Values.imageRepo }}/validator-app:{{ .Chart.AppVersion }}{{ ((.Values.imageDigests).validator_app) }}" diff --git a/cluster/helm/splice-validator/templates/wallet-web-ui.yaml b/cluster/helm/splice-validator/templates/wallet-web-ui.yaml index 83dba4f3..8c07136f 100644 --- a/cluster/helm/splice-validator/templates/wallet-web-ui.yaml +++ b/cluster/helm/splice-validator/templates/wallet-web-ui.yaml @@ -25,6 +25,7 @@ spec: app: {{ $walletWebUiLabel }} migration: {{ .Values.migration.id | quote }} spec: + {{- include "splice-util-lib.service-account" .Values | nindent 6 }} containers: - env: - name: SPLICE_APP_UI_AUTH_CLIENT_ID diff --git a/cluster/images/ans-web-ui/Dockerfile b/cluster/images/ans-web-ui/Dockerfile index b6d4673a..4d6d0e60 100644 --- a/cluster/images/ans-web-ui/Dockerfile +++ b/cluster/images/ans-web-ui/Dockerfile @@ -7,6 +7,9 @@ FROM splice-app:${base_version} AS splice ARG base_version FROM splice-web-ui:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-web-ui:${base_version}" + COPY --from=splice app/splice-node/web-uis/ans /usr/share/nginx/html/ COPY config.js /tmpl/config.js.tmpl COPY --chmod=500 docker-entrypoint.sh /custom-docker-entrypoint.sh diff --git a/cluster/images/canton-cometbft-sequencer/Dockerfile b/cluster/images/canton-cometbft-sequencer/Dockerfile index 44b5f50f..13495891 100644 --- a/cluster/images/canton-cometbft-sequencer/Dockerfile +++ b/cluster/images/canton-cometbft-sequencer/Dockerfile @@ -2,9 +2,11 @@ # SPDX-License-Identifier: Apache-2.0 ARG base_version - FROM canton:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="canton:${base_version}" + EXPOSE 5008 EXPOSE 5009 EXPOSE 10013 diff --git a/cluster/images/canton-domain/Dockerfile b/cluster/images/canton-domain/Dockerfile index 98c73c5f..6b89b9e9 100644 --- a/cluster/images/canton-domain/Dockerfile +++ b/cluster/images/canton-domain/Dockerfile @@ -2,9 +2,11 @@ # SPDX-License-Identifier: Apache-2.0 ARG base_version - FROM canton:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="canton:${base_version}" + EXPOSE 5007 EXPOSE 5008 EXPOSE 5009 diff --git a/cluster/images/canton-mediator/Dockerfile b/cluster/images/canton-mediator/Dockerfile index 72bcbea1..edda7fe8 100644 --- a/cluster/images/canton-mediator/Dockerfile +++ b/cluster/images/canton-mediator/Dockerfile @@ -2,9 +2,11 @@ # SPDX-License-Identifier: Apache-2.0 ARG base_version - FROM canton:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="canton:${base_version}" + EXPOSE 5007 EXPOSE 10013 diff --git a/cluster/images/canton-participant/Dockerfile b/cluster/images/canton-participant/Dockerfile index 3afe778e..83b36440 100644 --- a/cluster/images/canton-participant/Dockerfile +++ b/cluster/images/canton-participant/Dockerfile @@ -2,9 +2,11 @@ # SPDX-License-Identifier: Apache-2.0 ARG base_version - FROM canton:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name=canton:${base_version} + EXPOSE 5001 EXPOSE 5002 EXPOSE 7575 diff --git a/cluster/images/canton-sequencer/Dockerfile b/cluster/images/canton-sequencer/Dockerfile index f672f9fc..ade7e00e 100644 --- a/cluster/images/canton-sequencer/Dockerfile +++ b/cluster/images/canton-sequencer/Dockerfile @@ -2,9 +2,11 @@ # SPDX-License-Identifier: Apache-2.0 ARG base_version - FROM canton:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="canton:${base_version}" + EXPOSE 5008 EXPOSE 5009 EXPOSE 10013 diff --git a/cluster/images/canton/Dockerfile b/cluster/images/canton/Dockerfile index a742783c..151a0e7d 100644 --- a/cluster/images/canton/Dockerfile +++ b/cluster/images/canton/Dockerfile @@ -42,5 +42,6 @@ COPY --from=build /app/ /app/ WORKDIR /app +LABEL org.opencontainers.image.base.name="debian:bookworm-slim" # point entrypoint to the amulet executable ENTRYPOINT ["/usr/bin/tini", "--", "/app/entrypoint.sh"] diff --git a/cluster/images/cometbft/Dockerfile b/cluster/images/cometbft/Dockerfile index 0843e28f..44d51f21 100644 --- a/cluster/images/cometbft/Dockerfile +++ b/cluster/images/cometbft/Dockerfile @@ -3,6 +3,10 @@ ARG cometbft_version FROM digitalasset-canton-enterprise-docker.jfrog.io/cometbft-canton-network:$cometbft_version + +ARG cometbft_version +LABEL org.opencontainers.image.base.name="digitalasset-canton-enterprise-docker.jfrog.io/cometbft-canton-network:$cometbft_version" + COPY configure-state-sync.sh /cometbft/ RUN chmod +x /cometbft/configure-state-sync.sh diff --git a/cluster/images/docs/Dockerfile b/cluster/images/docs/Dockerfile index 39d8b789..a94ae916 100644 --- a/cluster/images/docs/Dockerfile +++ b/cluster/images/docs/Dockerfile @@ -7,6 +7,8 @@ FROM splice-app:${base_version} FROM nginx:stable ARG version +LABEL org.opencontainers.image.base.name="nginx:stable" + COPY --from=0 app/splice-node/docs/html /usr/share/nginx/html/ COPY --from=0 app/LICENSE . COPY script.js /tmpl/script.js.tmpl diff --git a/cluster/images/gcs-proxy/Dockerfile b/cluster/images/gcs-proxy/Dockerfile index 0bdbfb93..918e1c01 100644 --- a/cluster/images/gcs-proxy/Dockerfile +++ b/cluster/images/gcs-proxy/Dockerfile @@ -3,6 +3,9 @@ FROM --platform=$BUILDPLATFORM debian:bookworm-slim +ARG base_version +LABEL org.opencontainers.image.base.name="debian:bookworm-slim" + WORKDIR /tmp ENV GCSPROXY_VERSION=0.3.1 diff --git a/cluster/images/load-tester/Dockerfile b/cluster/images/load-tester/Dockerfile index 1e1f0c86..87651fe9 100644 --- a/cluster/images/load-tester/Dockerfile +++ b/cluster/images/load-tester/Dockerfile @@ -3,6 +3,8 @@ FROM grafana/k6:0.48.0 +LABEL org.opencontainers.image.base.name="grafana/k6:0.48.0" + COPY entrypoint.sh . COPY target/test/* ./ COPY target/LICENSE . diff --git a/cluster/images/local.mk b/cluster/images/local.mk index de4cea2c..a9377b7b 100644 --- a/cluster/images/local.mk +++ b/cluster/images/local.mk @@ -46,10 +46,14 @@ ifdef CI # never use the cache in CI on the master branch cache_opt := --no-cache platform_opt := --platform=linux/amd64,linux/arm64 + repo = $(CIRCLE_PROJECT_REPONAME) + commit_sha = $(CIRCLE_SHA1) else # Local builds (which may be on an M1) are explicitly constrained # to x86. platform_opt := --platform=linux/amd64 + repo = NoRepoForLocalBuild + commit_sha = NoShaForLocalBuild endif docker-build := target/docker.id @@ -110,7 +114,13 @@ $(foreach image,$(images),$(eval $(call DEFINE_PHONY_RULES,$(image)))) docker-check-multi-arch mkdir -pv $(@D) @echo docker build triggered because these files changed: $? - docker buildx build $(platform_opt) --iidfile $@ $(cache_opt) $(build_arg) -t $$(cat $<) $(@D)/.. + docker buildx build $(platform_opt) \ + --label "org.opencontainers.image.ref.name=$$(basename $$(dirname $(@D)))" \ + --label "org.opencontainers.image.version=$(shell get-snapshot-version)" \ + --label "org.opencontainers.image.source=$(repo)" \ + --label "org.opencontainers.image.created=$$(date +%FT%T.%3NZ)" \ + --label "org.opencontainers.image.revision=$(commit_sha)" \ + --iidfile $@ $(cache_opt) $(build_arg) -t $$(cat $<) $(@D)/.. %/$(docker-push): %/$(docker-image-tag) %/$(docker-build) cd $(@D)/.. && docker-push $$(cat $(abspath $<)) diff --git a/cluster/images/multi-participant/Dockerfile b/cluster/images/multi-participant/Dockerfile index a315895e..3d4f1d1f 100644 --- a/cluster/images/multi-participant/Dockerfile +++ b/cluster/images/multi-participant/Dockerfile @@ -5,4 +5,7 @@ ARG base_version FROM canton:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="canton:${base_version}" + COPY pre-bootstrap.sh app.conf /app/ diff --git a/cluster/images/multi-validator/Dockerfile b/cluster/images/multi-validator/Dockerfile index a615df23..338d78d1 100644 --- a/cluster/images/multi-validator/Dockerfile +++ b/cluster/images/multi-validator/Dockerfile @@ -5,4 +5,7 @@ ARG base_version FROM splice-app:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-app:${base_version}" + COPY app.conf bootstrap.sc pre-bootstrap.sh health-check.sh /app/ diff --git a/cluster/images/pulumi-kubernetes-operator/Dockerfile b/cluster/images/pulumi-kubernetes-operator/Dockerfile index 4556ee97..4832c9fa 100644 --- a/cluster/images/pulumi-kubernetes-operator/Dockerfile +++ b/cluster/images/pulumi-kubernetes-operator/Dockerfile @@ -4,9 +4,10 @@ # FROM https://github.com/pulumi/pulumi-kubernetes-operator/blob/master/Dockerfile # used to control he underlyign pulumi version ARG pulumi_version - FROM pulumi/pulumi:${pulumi_version} +ARG pulumi_version +LABEL org.opencontainers.image.base.name="pulumi/pulumi:${pulumi_version}" # TODO(tech-debt) Clean up workaround for broken k8s apt repo (`EXPKEYSIG 234654DA9A296436` error) RUN rm /etc/apt/sources.list.d/kubernetes.list diff --git a/cluster/images/scan-app/Dockerfile b/cluster/images/scan-app/Dockerfile index 4491bca6..5425a6c7 100644 --- a/cluster/images/scan-app/Dockerfile +++ b/cluster/images/scan-app/Dockerfile @@ -5,6 +5,9 @@ ARG base_version FROM splice-app:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-app:${base_version}" + EXPOSE 5012 EXPOSE 10013 diff --git a/cluster/images/scan-web-ui/Dockerfile b/cluster/images/scan-web-ui/Dockerfile index 7473a8c3..e49bc112 100644 --- a/cluster/images/scan-web-ui/Dockerfile +++ b/cluster/images/scan-web-ui/Dockerfile @@ -7,6 +7,9 @@ FROM splice-app:${base_version} AS splice ARG base_version FROM splice-web-ui:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-web-ui:${base_version}" + COPY --from=splice app/splice-node/web-uis/scan /usr/share/nginx/html/ COPY config.js /tmpl/config.js.tmpl COPY --chmod=500 docker-entrypoint.sh /custom-docker-entrypoint.sh diff --git a/cluster/images/splice-app/Dockerfile b/cluster/images/splice-app/Dockerfile index 1f992bb5..43a7d8f2 100644 --- a/cluster/images/splice-app/Dockerfile +++ b/cluster/images/splice-app/Dockerfile @@ -8,6 +8,8 @@ ARG TARGETPLATFORM FROM --platform=$BUILDPLATFORM debian:bookworm-slim AS build +LABEL org.opencontainers.image.base.name="debian:bookworm-slim" + COPY --from=xx / / ARG BUILDPLATFORM ARG TARGETPLATFORM diff --git a/cluster/images/splice-debug/Dockerfile b/cluster/images/splice-debug/Dockerfile index 2ea58dff..e6405521 100644 --- a/cluster/images/splice-debug/Dockerfile +++ b/cluster/images/splice-debug/Dockerfile @@ -4,6 +4,8 @@ # We don't currently have a need for multi-architecture support in this image, # so we're hard-coding amd64, and accepting that this will break on arm64. FROM --platform=linux/amd64 ubuntu:latest +LABEL org.opencontainers.image.base.name="ubuntu:latest" + RUN apt-get update && apt-get install -y postgresql-client curl RUN curl -sSLO https://github.com/fullstorydev/grpcurl/releases/download/v1.9.2/grpcurl_1.9.2_linux_amd64.deb && dpkg -i grpcurl_1.9.2_linux_amd64.deb && rm grpcurl_1.9.2_linux_amd64.deb diff --git a/cluster/images/splice-test-ci/Dockerfile b/cluster/images/splice-test-ci/Dockerfile index 2010ef54..b230821d 100644 --- a/cluster/images/splice-test-ci/Dockerfile +++ b/cluster/images/splice-test-ci/Dockerfile @@ -1,7 +1,8 @@ # Note that we don't currently support arm64 runners, so we build this only for amd64 FROM --platform=$BUILDPLATFORM ubuntu:24.04 -# TODO(#15988): consider whether we can move some of the things installed here (and with pip below) into nix +LABEL org.opencontainers.image.base.name="ubuntu:24.04" +# TODO(#17437): consider whether we can move some of the things installed here (and with pip below) into nix RUN apt-get update && \ apt-get install -y sudo git curl xz-utils pigz rsync jq unzip python3-pip && \ rm -rf /var/lib/apt/lists/* diff --git a/cluster/images/splice-test-cometbft/Dockerfile b/cluster/images/splice-test-cometbft/Dockerfile index ba7aafef..50a0d9d5 100644 --- a/cluster/images/splice-test-cometbft/Dockerfile +++ b/cluster/images/splice-test-cometbft/Dockerfile @@ -1,6 +1,9 @@ # tag should match the version in nix/cometbft-driver-sources.json -# TODO(#15988): Don't hardcode the version here, get it from Nix instead -FROM digitalasset-canton-enterprise-docker.jfrog.io/cometbft-canton-network:3.2.0-snapshot.20241007.14241.0.v55249174-r1 +ARG cometbft_version +FROM digitalasset-canton-enterprise-docker.jfrog.io/cometbft-canton-network:$cometbft_version + +ARG cometbft_version +LABEL org.opencontainers.image.base.name="digitalasset-canton-enterprise-docker.jfrog.io/cometbft-canton-network:$cometbft_version" # Copy the configuration files COPY configs / diff --git a/cluster/images/splice-test-cometbft/local.mk b/cluster/images/splice-test-cometbft/local.mk index 787f0cb2..6e449707 100644 --- a/cluster/images/splice-test-cometbft/local.mk +++ b/cluster/images/splice-test-cometbft/local.mk @@ -4,6 +4,7 @@ dir := $(call current_dir) $(dir)/$(docker-build): $(dir)/configs $(dir)/target/LICENSE +$(dir)/$(docker-build): build_arg := --build-arg cometbft_version=${COMETBFT_RELEASE_VERSION} $(dir)/clean: $(dir)/clean-configs diff --git a/cluster/images/splice-test-docker-runner/Dockerfile b/cluster/images/splice-test-docker-runner/Dockerfile index 5687d7fc..51fecabc 100644 --- a/cluster/images/splice-test-docker-runner/Dockerfile +++ b/cluster/images/splice-test-docker-runner/Dockerfile @@ -1,7 +1,8 @@ # Note that we don't currently support arm64 runners, so we build this only for amd64 FROM --platform=$BUILDPLATFORM ghcr.io/actions/actions-runner:2.322.0 -# TODO(#15988): can we reduce duplication between this and splice-test-ci ? +LABEL org.opencontainers.image.base.name="ghcr.io/actions/actions-runner:2.322.0" +#Ideally, we'd reduce duplication between this and splice-test-ci, but we're not tackling that right now RUN sudo apt-get update && \ sudo apt-get install -y sudo git curl xz-utils pigz rsync jq unzip python3-pip moreutils && \ diff --git a/cluster/images/splice-test-postgres/Dockerfile b/cluster/images/splice-test-postgres/Dockerfile index 2f31e28d..e23a6c47 100644 --- a/cluster/images/splice-test-postgres/Dockerfile +++ b/cluster/images/splice-test-postgres/Dockerfile @@ -1,4 +1,5 @@ FROM postgres:14 +LABEL org.opencontainers.image.base.name="postgres:14" COPY cmd.sh /usr/local/bin/ COPY target/LICENSE . diff --git a/cluster/images/splice-test-runner-hook/Dockerfile b/cluster/images/splice-test-runner-hook/Dockerfile index 56179843..39956a84 100644 --- a/cluster/images/splice-test-runner-hook/Dockerfile +++ b/cluster/images/splice-test-runner-hook/Dockerfile @@ -1,4 +1,6 @@ FROM ghcr.io/actions/actions-runner:latest +LABEL org.opencontainers.image.base.name="ghcr.io/actions/actions-runner:latest" + COPY target/index.js /home/runner/k8s/index.js COPY target/LICENSE . diff --git a/cluster/images/splice-web-ui/Dockerfile b/cluster/images/splice-web-ui/Dockerfile index 7dede123..4d9a06bd 100644 --- a/cluster/images/splice-web-ui/Dockerfile +++ b/cluster/images/splice-web-ui/Dockerfile @@ -12,6 +12,8 @@ FROM --platform=$BUILDPLATFORM debian:bookworm-slim AS build ARG BUILDPLATFORM ARG TARGETPLATFORM +LABEL org.opencontainers.image.base.name="debian:bookworm-slim" + COPY --from=xx / / RUN xx-apt-get update && \ diff --git a/cluster/images/splitwell-app/Dockerfile b/cluster/images/splitwell-app/Dockerfile index 285feff5..01ab999a 100644 --- a/cluster/images/splitwell-app/Dockerfile +++ b/cluster/images/splitwell-app/Dockerfile @@ -2,9 +2,10 @@ # SPDX-License-Identifier: Apache-2.0 ARG base_version - FROM splice-app:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-app:${base_version}" EXPOSE 5213 EXPOSE 10013 diff --git a/cluster/images/splitwell-web-ui/Dockerfile b/cluster/images/splitwell-web-ui/Dockerfile index 0e7875ae..9efe20f6 100644 --- a/cluster/images/splitwell-web-ui/Dockerfile +++ b/cluster/images/splitwell-web-ui/Dockerfile @@ -7,6 +7,9 @@ FROM splice-app:${base_version} AS splice ARG base_version FROM splice-web-ui:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-web-ui:${base_version}" + COPY --from=splice app/splice-node/web-uis/splitwell /usr/share/nginx/html/ COPY config.js /tmpl/config.js.tmpl COPY --chmod=500 docker-entrypoint.sh /custom-docker-entrypoint.sh diff --git a/cluster/images/sv-app/Dockerfile b/cluster/images/sv-app/Dockerfile index 842f5e4f..e5b92d6a 100644 --- a/cluster/images/sv-app/Dockerfile +++ b/cluster/images/sv-app/Dockerfile @@ -5,7 +5,10 @@ ARG base_version FROM splice-app:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-app:${base_version}" EXPOSE 5014 + EXPOSE 10013 COPY app.conf /app/ diff --git a/cluster/images/sv-web-ui/Dockerfile b/cluster/images/sv-web-ui/Dockerfile index a4908885..1b3ed639 100644 --- a/cluster/images/sv-web-ui/Dockerfile +++ b/cluster/images/sv-web-ui/Dockerfile @@ -7,6 +7,9 @@ FROM splice-app:${base_version} AS splice ARG base_version FROM splice-web-ui:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-web-ui:${base_version}" + COPY --chmod=500 docker-entrypoint.sh /custom-docker-entrypoint.sh COPY config.js /tmpl/config.js.tmpl COPY --from=splice app/splice-node/web-uis/sv /usr/share/nginx/html/ diff --git a/cluster/images/validator-app/Dockerfile b/cluster/images/validator-app/Dockerfile index 178d20fe..bca2fcc6 100644 --- a/cluster/images/validator-app/Dockerfile +++ b/cluster/images/validator-app/Dockerfile @@ -2,9 +2,11 @@ # SPDX-License-Identifier: Apache-2.0 ARG base_version - FROM splice-app:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-app:${base_version}" + EXPOSE 5003 EXPOSE 10013 diff --git a/cluster/images/wallet-web-ui/Dockerfile b/cluster/images/wallet-web-ui/Dockerfile index 6c0400df..bbd13311 100644 --- a/cluster/images/wallet-web-ui/Dockerfile +++ b/cluster/images/wallet-web-ui/Dockerfile @@ -7,6 +7,9 @@ FROM splice-app:${base_version} AS splice ARG base_version FROM splice-web-ui:${base_version} +ARG base_version +LABEL org.opencontainers.image.base.name="splice-web-ui:${base_version}" + COPY --from=splice app/splice-node/web-uis/wallet /usr/share/nginx/html/ COPY config.js /tmpl/config.js.tmpl COPY --chmod=500 docker-entrypoint.sh /custom-docker-entrypoint.sh diff --git a/cluster/pulumi/infra/grafana-dashboards/canton-network/catchup.json b/cluster/pulumi/infra/grafana-dashboards/canton-network/catchup.json index e907dad9..b79702fa 100644 --- a/cluster/pulumi/infra/grafana-dashboards/canton-network/catchup.json +++ b/cluster/pulumi/infra/grafana-dashboards/canton-network/catchup.json @@ -18,9 +18,8 @@ "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 1787, + "id": 1972, "links": [], - "liveNow": false, "panels": [ { "collapsed": false, @@ -53,6 +52,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -119,6 +119,7 @@ "sort": "desc" } }, + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -176,6 +177,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -242,6 +244,7 @@ "sort": "desc" } }, + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -281,6 +284,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -347,6 +351,7 @@ "sort": "desc" } }, + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -399,6 +404,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -465,6 +471,7 @@ "sort": "asc" } }, + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -504,6 +511,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -570,6 +578,7 @@ "sort": "desc" } }, + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -609,6 +618,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -675,6 +685,7 @@ "sort": "desc" } }, + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -683,7 +694,7 @@ }, "disableTextWrap": false, "editorMode": "code", - "expr": "increase(daml_sequencer_block_acknowledgments_micros{namespace=~\"$namespace\", job=~\"global-domain-$migration-sequencer\",member!~\"SEQ::.*\",member=~\"$member\"}[10m]) / (1000000 * 60 * 10)", + "expr": "delta(daml_sequencer_block_acknowledgments_micros{namespace=~\"$namespace\", job=~\"global-domain-$migration-sequencer\",member!~\"SEQ::.*\",member=~\"$member\"}[10m]) / (1000000 * 60 * 10)", "fullMetaSearch": false, "includeNullMetadata": true, "instant": false, @@ -727,6 +738,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -777,7 +789,6 @@ "x": 0, "y": 42 }, - "hideTimeOverride": false, "id": 11, "options": { "legend": { @@ -791,7 +802,7 @@ "sort": "desc" } }, - "pluginVersion": "10.4.0", + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -834,6 +845,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -884,7 +896,6 @@ "x": 0, "y": 49 }, - "hideTimeOverride": false, "id": 7, "options": { "legend": { @@ -898,7 +909,7 @@ "sort": "desc" } }, - "pluginVersion": "10.4.0", + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -941,6 +952,7 @@ "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, + "barWidthFactor": 0.6, "drawStyle": "line", "fillOpacity": 0, "gradientMode": "none", @@ -991,7 +1003,6 @@ "x": 0, "y": 56 }, - "hideTimeOverride": false, "id": 6, "options": { "legend": { @@ -1005,7 +1016,7 @@ "sort": "none" } }, - "pluginVersion": "10.4.0", + "pluginVersion": "11.4.0", "targets": [ { "datasource": { @@ -1077,8 +1088,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1176,8 +1186,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1275,8 +1284,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1342,8 +1350,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1446,8 +1453,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -1501,34 +1507,28 @@ "type": "timeseries" } ], + "preload": false, "refresh": "30s", - "schemaVersion": 39, + "schemaVersion": 40, "tags": [], "templating": { "list": [ { "current": { - "selected": false, "text": "Prometheus", "value": "prometheus" }, - "hide": 0, "includeAll": false, - "multi": false, "name": "DS", "options": [], "query": "prometheus", "refresh": 1, "regex": "", - "skipUrlSync": false, "type": "datasource" }, { "current": { - "selected": false, - "text": [ - "All" - ], + "text": "All", "value": [ "$__all" ] @@ -1538,7 +1538,6 @@ "uid": "prometheus" }, "definition": "label_values(daml_sequencer_client_handler_delay,namespace)", - "hide": 0, "includeAll": true, "label": "Namespace", "multi": true, @@ -1550,16 +1549,11 @@ }, "refresh": 1, "regex": "", - "skipUrlSync": false, - "sort": 0, "type": "query" }, { "current": { - "selected": true, - "text": [ - "All" - ], + "text": "All", "value": [ "$__all" ] @@ -1569,9 +1563,7 @@ "uid": "prometheus" }, "definition": "label_values(daml_sequencer_client_handler_delay{namespace=~\"$namespace\"},job)", - "hide": 0, "includeAll": true, - "label": "", "multi": true, "name": "migration", "options": [], @@ -1582,19 +1574,17 @@ }, "refresh": 2, "regex": "/global-domain-(?\\d)-sequencer/g", - "skipUrlSync": false, "sort": 1, "type": "query" }, { "allValue": ".*", "current": { - "selected": false, "text": [ - "All" + "PAR::Global-Synchronizer-Foundation::1220ba8e4660..." ], "value": [ - "$__all" + "PAR::Global-Synchronizer-Foundation::1220ba8e4660..." ] }, "datasource": { @@ -1602,7 +1592,6 @@ "uid": "prometheus" }, "definition": "label_values(daml_sequencer_block_acknowledgments_micros,member)", - "hide": 0, "includeAll": true, "multi": true, "name": "member", @@ -1614,20 +1603,18 @@ }, "refresh": 1, "regex": "", - "skipUrlSync": false, - "sort": 0, "type": "query" } ] }, "time": { - "from": "now-3h", + "from": "now-1h", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Global Domain Catchup", "uid": "ca9df344-c699-4efe-83c2-5fb2639d96d9", - "version": 4, + "version": 1, "weekStart": "" } diff --git a/docs/src/conf.py b/docs/src/conf.py index 0487f7d8..1bc4afd5 100644 --- a/docs/src/conf.py +++ b/docs/src/conf.py @@ -45,6 +45,7 @@ "sphinx.ext.todo", "sphinx_copybutton", "sphinx_reredirects", + "sphinxcontrib.openapi", # ^^ Adds a copy-to-clipboard button to code-blocks. # It does not (yet) work for `parsed-literal::` directives, which # we use to inject version strings. @@ -137,6 +138,7 @@ .. |generic_sv_url| replace:: :raw-html:`https://sv.sv-1.unknown_cluster.global.canton.network.YOUR_SV_SPONSOR` .. |gsf_scan_url| replace:: :raw-html:`https://scan.sv-1.unknown_cluster.global.canton.network.sync.global` .. |generic_scan_url| replace:: :raw-html:`https://scan.sv-1.unknown_cluster.global.canton.network.YOUR_SV_SPONSOR` +.. |gsf_sequencer_url| replace:: :raw-html:`https://sequencer-MIGRATION_ID.sv-1.unknown_cluster.global.canton.network.sync.global` .. |version_literal| replace:: ``{version}`` .. |chart_version_literal| replace:: ``{chart_version}`` diff --git a/nix/canton-sources.json b/nix/canton-sources.json index 643e7d74..d504e92d 100644 --- a/nix/canton-sources.json +++ b/nix/canton-sources.json @@ -1,5 +1,5 @@ { - "version": "3.2.0-snapshot.20250212.14546.0.vadd98462", + "version": "3.2.0-snapshot.20250219.14549.0.v2516f3fc", "tooling_sdk_version": "3.1.0-snapshot.20240717.13187.0.va47ab77f", - "sha256": "sha256:1sr43wv0678zcdmxcjskbw3swj7qcrbh9y5asqb8nq9q1wg68yaf" + "sha256": "sha256:1rxghy0a0ilfnkl5jqljfcb9bg3lsihg9gx5sq5vv7vx8lagpq1r" } diff --git a/nix/extra-pulumi-packages.nix b/nix/extra-pulumi-packages.nix index 585e2bb1..113f738a 100644 --- a/nix/extra-pulumi-packages.nix +++ b/nix/extra-pulumi-packages.nix @@ -35,6 +35,10 @@ url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.11.0/pulumi-resource-kubernetes-v4.11.0-linux-amd64.tar.gz"; sha256 = "659ba41363c23cea895e6e8425f7f20e2165d24effe7a7aaa37c545b5eccc5e2"; } + { + url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.21.1/pulumi-resource-kubernetes-v4.21.1-linux-amd64.tar.gz"; + sha256 = "8ddd4ef54778577478e79dc4fcbef3d92ffbf92a5b6fcc4de9e36efe23cd5efd"; + } { url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.7.1/pulumi-resource-kubernetes-v4.7.1-linux-amd64.tar.gz"; sha256 = "4f71421b353159067f8864fdad3a28dbd799ec8de213a4bfd23826aaddb49b86"; @@ -85,6 +89,10 @@ url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.11.0/pulumi-resource-kubernetes-v4.11.0-darwin-amd64.tar.gz"; sha256 = "efab48604cb1942572afe83e951fe42cb77cbbe1ff23022c8d71c6fe0968e1de"; } + { + url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.21.1/pulumi-resource-kubernetes-v4.21.1-darwin-amd64.tar.gz"; + sha256 = "37be280d4a76ef005053859199dd84bdcb715e28823f8754d536861e18230785"; + } { url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.7.1/pulumi-resource-kubernetes-v4.7.1-darwin-amd64.tar.gz"; sha256 = "bf347c4996dfee24083fc4256032632e4aad978f0c545282d465b30ca271ba0c"; @@ -135,6 +143,10 @@ url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.11.0/pulumi-resource-kubernetes-v4.11.0-linux-arm64.tar.gz"; sha256 = "6a45ce78cf1e7fbb9ea16ad31ac24083a9f2082ed84dc01f6a17efbef5926399"; } + { + url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.21.1/pulumi-resource-kubernetes-v4.21.1-linux-arm64.tar.gz"; + sha256 = "34cdcf8f8bdebdcbebfb9011529bd0ae5ab7f57c51c56422b26e0f2b817d5a28"; + } { url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.7.1/pulumi-resource-kubernetes-v4.7.1-linux-arm64.tar.gz"; sha256 = "ffe3fe3847fc6bd9445d5f35503877291e00f3ffd2d68d7e90f2bc4da6f55451"; @@ -185,6 +197,10 @@ url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.11.0/pulumi-resource-kubernetes-v4.11.0-darwin-arm64.tar.gz"; sha256 = "d6b4179aae4549bbb1238469fa600d4035b47f641d7941d79d5230f7434d79df"; } + { + url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.21.1/pulumi-resource-kubernetes-v4.21.1-darwin-arm64.tar.gz"; + sha256 = "99a8c1922c28109c594d56087cee282e8d77cc4e5afcfdb8f8cb1f03ceea5d6b"; + } { url = "https://github.com/pulumi/pulumi-kubernetes/releases/download/v4.7.1/pulumi-resource-kubernetes-v4.7.1-darwin-arm64.tar.gz"; sha256 = "d77fc5e7fc98a4d3ac4348343b8056d2570841365444656713e4a69feebbec78"; diff --git a/nix/generate_pulumi_packages.sh b/nix/generate_pulumi_packages.sh index fec049eb..0194ca48 100755 --- a/nix/generate_pulumi_packages.sh +++ b/nix/generate_pulumi_packages.sh @@ -21,6 +21,7 @@ plugins=( "pulumi/kubernetes=4.7.1" # currently used "pulumi/kubernetes=4.11.0" + "pulumi/kubernetes=4.21.1" "pulumi/random=4.14.0" "pulumi/gcp=7.2.1" "pulumi/auth0=3.3.2" diff --git a/nix/shell.nix b/nix/shell.nix index 560baf8b..fa54405f 100644 --- a/nix/shell.nix +++ b/nix/shell.nix @@ -82,6 +82,8 @@ in pkgs.mkShell { python3Packages.requests_toolbelt python3Packages.sphinx_rtd_theme python3Packages.sphinx-copybutton + python3Packages.sphinxcontrib-openapi + python3Packages.sphinx-autobuild python3Packages.waitress python3.pkgs.sphinx-reredirects ripgrep @@ -97,7 +99,6 @@ in pkgs.mkShell { toxiproxy unzip which - x86Pkgs.sphinx-autobuild zip # Package required to install daml studio diff --git a/project/ignore-patterns/canton_log.ignore.txt b/project/ignore-patterns/canton_log.ignore.txt index fde662c2..22fdbf19 100644 --- a/project/ignore-patterns/canton_log.ignore.txt +++ b/project/ignore-patterns/canton_log.ignore.txt @@ -112,4 +112,7 @@ Too many log messages detected # TODO(#17081) Figure out why this happens Thread starvation or clock leap detected +# TODO(#2423) Figure out what causes this +The sequencer clock timestamp .* is already past the max sequencing time + # Make sure to have a trailing newline