Update workflows and goreleaser

.github/workflows/build_HORNET.yml

@@ -1,6 +1,9 @@
 name: Build HORNET
 
 on:
+  push:
+    branches:
+      - production
   pull_request:
     paths-ignore:
       - 'documentation/**'

.github/workflows/build_docker.yml

@@ -1,6 +1,9 @@
 name: Build Docker
 
 on:
+  push:
+    branches:
+      - production
   pull_request:
     paths:
       - "docker/Dockerfile"

.github/workflows/codeql_analysis.yml

@@ -24,7 +24,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
         with:
-          ref: develop
+          ref: production
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/golangci-lint.yml

@@ -1,6 +1,9 @@
 name: GolangCIlint
 
 on:
+  push:
+    branches:
+      - production
   pull_request:
     paths-ignore:
       - 'documentation/**'
@@ -21,7 +24,8 @@ jobs:
       - name: golangci-lint
         uses: reviewdog/action-golangci-lint@v2
         with:
-          version: v1.50.1
+          go_version_file: go.mod
+          version: v1.53.3
           github_token: ${{ secrets.GITHUB_TOKEN }}
           golangci_lint_flags: "--timeout=10m"
           reporter: github-pr-check

.github/workflows/integration_tests.yml

@@ -1,6 +1,9 @@
 name: Integration Tests
 
 on:
+  push:
+    branches:
+      - production
   pull_request:
     paths-ignore:
       - 'documentation/**'

.github/workflows/release.yml

@@ -5,21 +5,6 @@ on:
     types: [published]
 
 jobs:
-  binaries:
-    name: Release Binaries
-    runs-on: ubuntu-latest
-    container:
-      image: iotaledger/goreleaser-cgo-cross-compiler:1.20.2
-      volumes: [/repo]
-    steps:
-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
-
-      - name: Release HORNET
-        run: goreleaser --rm-dist
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
   release-docker:
     name: Release Docker
     runs-on: ubuntu-latest
@@ -59,3 +44,19 @@ jobs:
           platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
+
+  binaries:
+    name: Release Binaries
+    runs-on: ubuntu-latest
+    container:
+      image: iotaledger/goreleaser-cgo-cross-compiler:1.20.2
+      volumes: [/repo]
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+
+      - name: Release HORNET
+        run: goreleaser --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.github/workflows/snyk-test.yml

@@ -0,0 +1,54 @@
+name: Test dependencies with Snyk
+
+on:
+  # Run this check every day at 03:00 to find potential new vulnerabilities in the develop branch
+  schedule:
+    - cron: "0 3 * * *"
+
+jobs:
+  snyk-test:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+        with:
+          ref: production
+
+      - name: Build HORNET Docker image
+        run: docker build . --file docker/Dockerfile --tag hornet:latest
+
+      - name: Run Snyk to check for Golang vulnerabilities
+        uses: snyk/actions/[email protected]
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --org=gohornet --sarif-file-output=snyk-golang.sarif
+
+      - name: Run Snyk to check for Docker image vulnerabilities
+        uses: snyk/actions/[email protected]
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: hornet:latest
+          # Exclude Go app vulns because those are picked up by the previous scan
+          # For Docker scans, the SARIF is created by default
+          args: --org=gohornet --file=Dockerfile --exclude-app-vulns
+
+      - name: Upload Golang results to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk-golang.sarif
+          category: snyk-golang
+
+      - name: Upload Docker results to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif
+          category: snyk-docker

.github/workflows/test_HORNET.yml

@@ -1,6 +1,9 @@
 name: Test HORNET
 
 on:
+  push:
+    branches:
+      - production
   pull_request:
     paths-ignore:
       - 'documentation/**'

.github/workflows/test_release.yml

@@ -1,6 +1,9 @@
 name: Test release
 
 on:
+  push:
+    branches:
+      - production
   pull_request:
     paths-ignore:
       - 'documentation/**'
@@ -20,4 +23,4 @@ jobs:
       - name: Check out code into the Go module directory
         uses: actions/checkout@v3
       - name: Test HORNET Release
-        run: goreleaser --snapshot --skip-publish --rm-dist
+        run: goreleaser --snapshot --skip-publish --clean

.goreleaser.yml

@@ -37,37 +37,21 @@ builds:
       - linux
     goarch:
       - arm64
-  ## Windows AMD64
-  #- id: hornet-windows-amd64
-  #  binary: hornet
-  #  flags:
-  #    - -tags=builtin_static,rocksdb
-  #  env:
-  #    - CGO_ENABLED=1
-  #    - CC=/usr/bin/x86_64-w64-mingw32-gcc-posix
-  #    - CXX=/usr/bin/x86_64-w64-mingw32-g++-posix
-  #  ldflags:
-  #    - -s -w -X github.com/iotaledger/hornet/core/cli.AppVersion={{.Version}}
-  #  main: main.go
-  #  goos:
-  #    - windows
-  #  goarch:
-  #    - amd64
 
 # Archives
 archives:
   - format: tar.gz
     wrap_in_directory: true
-    format_overrides:
-      - goos: windows
-        format: zip
-    name_template: "{{.ProjectName}}-{{.Version}}_{{.Os}}_{{.Arch}}"
-    replacements:
-      amd64: x86_64
-      arm64: ARM64
-      darwin: macOS
-      linux: Linux
-      windows: Windows
+    name_template: >- 
+      {{ .ProjectName }}-{{ .Version }}_
+      {{- if eq .Os "darwin" }}macOS_
+      {{- else if eq .Os "linux" }}Linux_
+      {{- else if eq .Os "windows" }}Windows_
+      {{- else }}{{ .Os }}_{{ end }}
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "arm64" }}ARM64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
     files:
       - README.md
       - LICENSE
@@ -85,19 +69,23 @@ archives:
       - private_tangle/run_coo_bootstrap.sh
       - private_tangle/run_coo.sh
 
-# DEB and RPM packages
+# DEB packages
 nfpms:
   - id: nfpm
     package_name: hornet
-    file_name_template: '{{ tolower .ProjectName }}_{{ replace .Version "v" "" }}_{{ .Arch }}'
+    file_name_template: >- 
+      {{ tolower .ProjectName }}_{{ replace .Version "v" "" }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "arm64" }}ARM64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
     vendor: GoReleaser
     license: Apache 2.0
     maintainer: GoHORNET
     homepage: https://github.com/iotaledger/hornet
     description: HORNET is a powerful IOTA fullnode software.
     formats:
       - deb
-      - rpm
     bindir: /usr/bin
     contents:
       - src: "nfpm/shared_files/hornet.service"
@@ -160,16 +148,6 @@ nfpms:
       postremove: "nfpm/deb_files/postrm"
       preinstall: "nfpm/deb_files/preinst"
       postinstall: "nfpm/deb_files/postinst"
-    overrides:
-      rpm:
-        replacements:
-          amd64: x86_64
-        file_name_template: "{{ tolower .ProjectName }}-{{ .Version }}-{{ .Arch }}"
-        scripts:
-          preinstall: "nfpm/rpm_files/preinst"
-          postinstall: "nfpm/rpm_files/postinst"
-          preremove: "nfpm/rpm_files/prerm"
-          postremove: "nfpm/rpm_files/postrm"
 
 # Checksum
 checksum:

docker-compose.yml

@@ -20,6 +20,7 @@ services:
     #  - "8081:8081/tcp"
     #  - "8091:8091/tcp"
     #  - "1883:1883/tcp"
+    #  - "9311:9311/tcp"
     cap_drop:
       - ALL
     volumes:

docker/Dockerfile

@@ -7,31 +7,35 @@ LABEL org.label-schema.description="HORNET - The IOTA node"
 LABEL org.label-schema.name="iotaledger/hornet"
 LABEL org.label-schema.schema-version="1.0"
 LABEL org.label-schema.vcs-url="https://github.com/iotaledger/hornet"
-LABEL org.label-schema.usage="https://github.com/iotaledger/hornet/blob/main/documentation/docs/getting_started/using_docker.md"
 
 # Ensure ca-certificates are up to date
 RUN update-ca-certificates
 
 # Set the current Working Directory inside the container
+RUN mkdir /scratch
+WORKDIR /scratch
+
+# Prepare the folder where we are putting all the files
 RUN mkdir /app
-WORKDIR /app
 
-# Use Go Modules
-COPY go.mod .
-COPY go.sum .
+# Make sure that modules only get pulled when the module file has changed
+COPY go.mod go.sum ./
 
-ENV GO111MODULE=on
+# Download go modules
 RUN go mod download
 RUN go mod verify
 
 # Copy everything from the current directory to the PWD(Present Working Directory) inside the container
 COPY . .
 
 # Build the binary
-RUN go build \
-      -tags="$BUILD_TAGS" \
-      -ldflags='-w -s' -a \
-      -o /go/bin/hornet
+RUN go build -o /app/hornet -a -tags="$BUILD_TAGS" -ldflags='-w -s'
+
+# Copy the assets
+COPY ./config.json /app/config.json
+COPY ./config_devnet.json /app/config_devnet.json
+COPY ./peering.json /app/peering.json
+COPY ./profiles.json /app/profiles.json
 
 ############################
 # Image
@@ -46,15 +50,10 @@ EXPOSE 14265/tcp
 EXPOSE 8081/tcp
 EXPOSE 8091/tcp
 EXPOSE 1883/tcp
+EXPOSE 9311/tcp
 
-# Copy the binary into distroless image
-COPY --chown=nonroot:nonroot --from=build /go/bin/hornet /app/hornet
-
-# Copy the assets
-COPY ./config.json /app/config.json
-COPY ./config_devnet.json /app/config_devnet.json
-COPY ./peering.json /app/peering.json
-COPY ./profiles.json /app/profiles.json
+# Copy the app dir into distroless image
+COPY --chown=nonroot:nonroot --from=build /app /app
 
 WORKDIR /app
 USER nonroot