Move cargo-audit to separate action

.cargo/audit.toml

@@ -0,0 +1,10 @@
+[advisories]
+ignore = [
+    # remove_dir_all (used by deprecated tempdir crate)
+    "RUSTSEC-2023-0018",
+    # DoS in WebPKI that comes with tide_disco
+    "RUSTSEC-2023-0052",
+    # Tungstenite allows remote attackers to cause a denial of service
+    # Dependency of async-tungstenite -> tide-websockets / surf-disco
+    "RUSTSEC-2023-0065",
+]

.env

@@ -84,4 +84,4 @@ ESPRESSO_SEQUENCER_DEPLOY_LIGHTCLIENT_CONTRACT=yes
 
 # Load generator
 ESPRESSO_SUBMIT_TRANSACTIONS_DELAY=1s
-ESPRESSO_SUBMIT_TRANSACTIONS_PORT=50010
+ESPRESSO_SUBMIT_TRANSACTIONS_PORT=44010

.github/workflows/audit.yml

@@ -0,0 +1,19 @@
+name: Security audit
+on:
+  push:
+    # For PR we only want to fail if dependencies were changed.
+    paths:
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+  # Run the audit job once a day on main.
+  schedule:
+    - cron: "0 0 * * *"
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      # See https://github.com/marketplace/actions/rust-audit-check for docs
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yml

@@ -35,6 +35,3 @@ jobs:
 
       - name: Check
         run: cargo clippy --workspace --all-features --all-targets -- -D warnings
-
-      - name: Audit
-        run: cargo audit --ignore RUSTSEC-2023-0018 --ignore RUSTSEC-2023-0052 --ignore RUSTSEC-2023-0065

.github/workflows/test-demo-native.yml

@@ -50,4 +50,4 @@ jobs:
         run: |
           export PATH="$PWD/target/release:$PATH"
           scripts/demo-native --tui=false &
-          scripts/smoke-test-demo
+          timeout -v 600 scripts/smoke-test-demo

README.md

@@ -3,6 +3,7 @@
 [![Build](https://github.com/EspressoSystems/espresso-sequencer/actions/workflows/build.yml/badge.svg)](https://github.com/EspressoSystems/espresso-sequencer/actions/workflows/build.yml)
 [![Contracts](https://github.com/EspressoSystems/espresso-sequencer/actions/workflows/contracts.yml/badge.svg)](https://github.com/EspressoSystems/espresso-sequencer/actions/workflows/contracts.yml)
 [![Lint](https://github.com/EspressoSystems/espresso-sequencer/actions/workflows/lint.yml/badge.svg)](https://github.com/EspressoSystems/espresso-sequencer/actions/workflows/lint.yml)
+[![Audit](https://github.com/EspressoSystems/espresso-sequencer/actions/workflows/audit.yml/badge.svg)](https://github.com/EspressoSystems/espresso-sequencer/actions/workflows/audit.yml)
 
 The Espresso Sequencer offers rollups credible neutrality and enhanced interoperability, without compromising on scale.
 Consisting of a data availability solution and a decentralized network of nodes that sequences transactions, layer-2

scripts/smoke-test-demo

@@ -3,7 +3,7 @@
 set -e
 
 SERVER=http://localhost:50000
-LOAD_GENERATOR=http://localhost:50010
+LOAD_GENERATOR=http://localhost:44010
 
 
 # Wait for the load generator to start.