Merge branch 'vulnerability-scan' of https://github.com/adrianbatuto/…

…cacti into vulnerability-scan

.github/workflows/trivy-container-scan.yaml

@@ -0,0 +1,34 @@
+name: trivy-container-image-scan
+
+on:
+  push:
+  pull_request:
+    # Publish `main` as Docker `latest` image.
+    branches:
+      - main
+
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+
+
+jobs:
+
+  build:
+    name: Scan cactus-corda-4-8-all-in-one-obligation image
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Build an image from Dockerfile
+        run: |
+          DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-4-8-all-in-one-obligation
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.11.2
+        with:
+          image-ref: 'cactus-corda-4-8-all-in-one-obligation'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'

tools/docker/corda-all-in-one/corda-v4_8/Dockerfile

@@ -2,7 +2,7 @@ FROM docker:20.10.2-dind
 
 # cordaVersion=4.8.5
 # cordaCoreVersion=4.8.5
-ARG SAMPLES_KOTLIN_SHA=c70f846b6f3d43fe0a35b6583238944843bf9393
+ARG SAMPLES_KOTLIN_SHA=af2e5f794c66878a097cea7f7cf6ec1667d55e75
 ARG SAMPLES_KOTLIN_CORDAPP_SUB_DIR_PATH="./Advanced/obligation-cordapp/"
 ARG CORDA_TOOLS_SHELL_CLI_VERSION=4.8
 

tools/docker/corda-all-in-one/corda-v4_8/healthcheck.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+if [ "$PARTY_A_WEB_SRV_ENABLED" = "true" ]
+then
+  curl -vv -i -X OPTIONS http://127.0.0.1:10009/web/iou/
+fi
+
+if [ "$PARTY_B_WEB_SRV_ENABLED" = "true" ]
+then
+  curl -vv -i -X OPTIONS http://127.0.0.1:10012/web/iou/
+fi
+
+if [ "$PARTY_C_WEB_SRV_ENABLED" = "true" ]
+then
+  curl -vv -i -X OPTIONS http://127.0.0.1:10015/web/iou/
+fi
+
+
+if [ "$PARTY_A_NODE_ENABLED" = "true" ]
+then
+  curl -v 'http://localhost:7005/jolokia/exec/org.apache.activemq.artemis:address=%22rpc.server%22,broker=%22RPC%22,component=addresses,queue=%22rpc.server%22,routing-type=%22multicast%22,subcomponent=queues/countMessages()/'
+fi
+
+if [ "$PARTY_B_NODE_ENABLED" = "true" ]
+then
+  curl -v 'http://localhost:7006/jolokia/exec/org.apache.activemq.artemis:address=%22rpc.server%22,broker=%22RPC%22,component=addresses,queue=%22rpc.server%22,routing-type=%22multicast%22,subcomponent=queues/countMessages()/'
+fi
+
+if [ "$PARTY_C_NODE_ENABLED" = "true" ]
+then
+  curl -v 'http://localhost:7007/jolokia/exec/org.apache.activemq.artemis:address=%22rpc.server%22,broker=%22RPC%22,component=addresses,queue=%22rpc.server%22,routing-type=%22multicast%22,subcomponent=queues/countMessages()/'
+fi

tools/docker/corda-all-in-one/corda-v4_8/run-notary-node.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+if [ "$NOTARY_NODE_ENABLED" = "true" ]
+then
+  java \
+    -Dcapsule.jvm.args="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5008 -javaagent:drivers/jolokia-jvm-1.6.0-agent.jar=port=7008,logHandlerClass=net.corda.node.JolokiaSlf4jAdapter" \
+    -Dname=Notary \
+    -jar \
+    /samples-kotlin/Advanced/obligation-cordapp/build/nodes/Notary/corda.jar
+else
+  sleep infinity
+fi

tools/docker/corda-all-in-one/corda-v4_8/run-party-a-node.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+if [ "$PARTY_A_NODE_ENABLED" = "true" ]
+then
+  java -Dcapsule.jvm.args="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005 -javaagent:drivers/jolokia-jvm-1.6.0-agent.jar=port=7005,logHandlerClass=net.corda.node.JolokiaSlf4jAdapter" -Dname=ParticipantA -jar /samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantA/corda.jar
+else
+  sleep infinity
+fi

tools/docker/corda-all-in-one/corda-v4_8/run-party-a-server.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+if [ "$PARTY_A_WEB_SRV_ENABLED" = "true" ]
+then
+  ./gradlew runPartyAServer
+else
+  sleep infinity
+fi

tools/docker/corda-all-in-one/corda-v4_8/run-party-b-node.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+if [ "$PARTY_B_NODE_ENABLED" = "true" ]
+then
+  java -Dcapsule.jvm.args="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5006 -javaagent:drivers/jolokia-jvm-1.6.0-agent.jar=port=7006,logHandlerClass=net.corda.node.JolokiaSlf4jAdapter" -Dname=ParticipantB -jar /samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantB/corda.jar
+else
+  sleep infinity
+fi

tools/docker/corda-all-in-one/corda-v4_8/run-party-b-server.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+if [ "$PARTY_B_WEB_SRV_ENABLED" = "true" ]
+then
+  ./gradlew runPartyBServer
+else
+  sleep infinity
+fi

tools/docker/corda-all-in-one/corda-v4_8/run-party-c-node.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+if [ "$PARTY_C_NODE_ENABLED" = "true" ]
+then
+  java \
+  -Dcapsule.jvm.args="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5007 -javaagent:drivers/jolokia-jvm-1.6.0-agent.jar=port=7007,logHandlerClass=net.corda.node.JolokiaSlf4jAdapter" \
+  -Dname=ParticipantC \
+  -jar \
+  /samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantC/corda.jar
+else
+  sleep infinity
+fi

tools/docker/corda-all-in-one/corda-v4_8/run-party-c-server.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+
+if [ "$PARTY_C_WEB_SRV_ENABLED" = "true" ]
+then
+  ./gradlew runPartyCServer
+else
+  sleep infinity
+fi

tools/docker/corda-all-in-one/corda-v4_8/supervisord.conf

@@ -0,0 +1,108 @@
+[supervisord]
+logfile = /var/log/supervisord.log
+logfile_maxbytes = 50MB
+logfile_backups=10
+loglevel = info
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=http://127.0.0.1:9001
+
+[inet_http_server]
+port = 0.0.0.0:9001
+
+[program:sshd]
+command=/usr/sbin/sshd -D -ddd
+autostart=true
+autorestart=true
+stdout_logfile=/var/log/sshd.out.log
+stderr_logfile=/var/log/sshd.err.log
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
+# stderr_logfile=/dev/stderr
+# stderr_logfile_maxbytes=0
+
+[program:dockerd]
+command=dockerd-entrypoint.sh
+autostart=true
+autorestart=true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:corda-a]
+directory=/samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantA/
+command=/run-party-a-node.sh
+autostart=true
+autorestart=false
+exitcodes=0
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:corda-b]
+directory=/samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantB
+command=/run-party-b-node.sh
+autostart=true
+autorestart=false
+exitcodes=0
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:corda-c]
+directory=/samples-kotlin/Advanced/obligation-cordapp/build/nodes/ParticipantC
+command=/run-party-c-node.sh
+autostart=true
+autorestart=false
+exitcodes=0
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:corda-n]
+directory=/samples-kotlin/Advanced/obligation-cordapp/build/nodes/Notary
+command=/run-notary-node.sh
+autostart=true
+autorestart=false
+exitcodes=0
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:corda-run-party-a-server]
+directory=/samples-kotlin/Advanced/obligation-cordapp/
+command=/run-party-a-server.sh
+autostart=true
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:corda-run-party-b-server]
+directory=/samples-kotlin/Advanced/obligation-cordapp/
+command=/run-party-b-server.sh
+autostart=true
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:corda-run-party-c-server]
+directory=/samples-kotlin/Advanced/obligation-cordapp/
+command=/run-party-c-server.sh
+autostart=true
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0