From 82ee65bfd6a1162440d51cdb93a48f8aa6bd7dde Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 13:14:16 +0100 Subject: [PATCH 01/18] chore: Update installation instructions and environment setup --- README.md | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index fbd11071..8d14cf36 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,12 @@ -# Pearl -Electron + NextJS + Python Backend application to one-click run Agents. +

+Pearl +

+ +Pearl is an application used to run autonomous agents. ## Technologies Used - Electron -- NodeJS (20.11 LTS) +- NodeJS (20.11) - AntD - TypeScript - Python (3.10) @@ -12,12 +15,12 @@ Electron + NextJS + Python Backend application to one-click run Agents. ## Getting Started -### Installing system dependencies +

Installing system dependencies

 The following installation scripts assume you have the following on each OS: - Linux: a debian based operating system such as Ubuntu with `apt` to install packages. - MacOS: [Homebrew](https://brew.sh/) -- Windows: [Chocolatey](https://chocolatey.org/install) +- ~~Windows: [Chocolatey](https://chocolatey.org/install)~~ (Coming soon...) #### NodeJS via NVM @@ -108,7 +111,9 @@ You must install Docker V24 manually, as brew does not allow for versioning with - Docker Desktop version that supports Docker V24: [https://docs.docker.com/desktop/release-notes/#4261](https://docs.docker.com/desktop/release-notes/#4261) - Guide to install: [https://docs.docker.com/desktop/install/mac-install/](https://docs.docker.com/desktop/install/mac-install/) -### Setup ENV file +
+ +

Setup ENV file

 Create a `.env` file in the root directory, or rename `.env.example` to `.env`. @@ -125,17 +130,18 @@ You can get a Gnosis RPC from [Nodies](https://www.nodies.app/). Then, set `FORK_URL=https://....` in your .env file. Be sure to set an external RPC here. +
- -### Install project dependencies +

Install project dependencies

 This will install the required dependencies for the backend, frontend, and electron. ```bash yarn install-deps ``` +
-### Run the development app +

Run the development app

 In the root directory, run: @@ -144,8 +150,9 @@ yarn start ``` This will run Electron, which launches NextJS and the Backend as child processes. +
-### Starting Hardhat (for development) +

Starting Hardhat (for development)

 In the interest of not losing funds, we can run a Hardhat node that forks Gnosis -- provided the FORK_URL has been set to an external RPC in your .env file. @@ -156,8 +163,9 @@ npx hardhat node ``` **Once Hardhat is running, you can use `http://localhost:8545` during the agent spawning process as your RPC.** +
-### Funding addresses while running a Hardhat fork +

Funding addresses while running a Hardhat fork

 There are a number of scripts to fund addresses for testing: - XDAI funding: @@ -166,6 +174,8 @@ poetry run python scripts/fund.py 0xYOURADDRESS ``` - OLAS funding: `TBA` +
+ ## Further notes / issues - Only one agent can be run at a time. From 72474ee63db4e3338d330343a7a45769a294af1b Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 13:45:08 +0100 Subject: [PATCH 02/18] chore: Update Docker installation instructions and environment setup --- README.md | 77 +++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 60 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 8d14cf36..a02a62fe 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,7 @@ pipx install poetry If promoted to run `pipx ensurepath`, run this command. #### Docker + ##### Linux You can change the `ubuntu.22.04~jammy` version to your OS in the following command: ```bash @@ -106,14 +107,18 @@ lsb_release -a ``` ##### MacOS -You must install Docker V24 manually, as brew does not allow for versioning with Docker. +You can [install Docker Desktop via the Docker website](https://www.docker.com/products/docker-desktop/). Be sure to select the correct version for your system's CPU architecture. -- Docker Desktop version that supports Docker V24: [https://docs.docker.com/desktop/release-notes/#4261](https://docs.docker.com/desktop/release-notes/#4261) -- Guide to install: [https://docs.docker.com/desktop/install/mac-install/](https://docs.docker.com/desktop/install/mac-install/) +If you are unsure about your system's CPU architecture, run the following command: +```bash +uname -p +# x86 64 Intel chip +# arm64 Apple chip +``` -

Setup ENV file

 +

Setting up your .env file

 Create a `.env` file in the root directory, or rename `.env.example` to `.env`. @@ -123,25 +128,39 @@ For production usage, set `NODE_ENV=production`. #### FORK_URL -**Required for forking Gnosis using a Hardhat node during development.** +**Required for both development and production.** +**Must be a Gnosis Mainnet RPC URL.** + +- In `development` this RPC url is forked by Hardhat, so you can interact with the chain without losing your assets. +- In `production` this RPC URL is used as the main RPC for Pearl. You can get a Gnosis RPC from [Nodies](https://www.nodies.app/). -Then, set `FORK_URL=https://....` in your .env file. +Then, set `FORK_URL=https://YOUR_RPC_URL_HERE` in your .env file. + +Note: this must be an external RPC, not your hardhat node RPC, if using Hardhat. + +### DEV_RPC + +This RPC is only used while `NODE_ENV=development` is set. +It is used throughout Pearl as the main RPC. +This URL should be set as the RPC URL that you wish to connect to. + +If you're using Hardhat, you can set `DEV_RPC=http://localhost:8545`. +Or, you can use another, external RPC URL here, ensuring that the chain ID is 100 (Gnosis Mainnet's chain ID). -Be sure to set an external RPC here.
-

Install project dependencies

 +

Installing project dependencies

 -This will install the required dependencies for the backend, frontend, and electron. +This command installs the required dependencies for the backend, frontend, and electron application. ```bash yarn install-deps ```
-

Run the development app

 +

Running the development app

 In the root directory, run: @@ -149,23 +168,39 @@ In the root directory, run: yarn start ``` -This will run Electron, which launches NextJS and the Backend as child processes. +This will run Electron, which launches the NextJS frontend and the Python backend as child processes.
-

Starting Hardhat (for development)

 +

Chain forking (for development)

 + +In the interest of not losing funds, you can run a forked version of Gnosis Mainnet. -In the interest of not losing funds, we can run a Hardhat node that forks Gnosis -- provided the FORK_URL has been set to an external RPC in your .env file. +There are two recommended options: +- Tenderly +- Hardhat + +

Tenderly (preferred)

 +[Tenderly](https://tenderly.co/) is a service with a plethora of useful blockchain development tools. Of which, the core tool required here is the ability to **fork networks**. + +1. Signup to [Tenderly](https://tenderly.co/), and select the plan you desire. **The Free plan should suffice for most users**. +2. Go to *Forks* under the *Development* tab -- in the left sidebar of your dashboard. +3. Click *Create Fork*, select "Gnosis Chain" as the network, and use Chain ID `100`. +4. Copy the RPC url into the appropriate .env variables in your repository. (Recommended to set both `FORK_URL` & `DEV_RPC` to this RPC url during development). +5. Click the *Fund Accounts* button to fund your accounts with XDAI (native token) and [OLAS](https://gnosisscan.io/token/0xce11e14225575945b8e6dc0d4f2dd4c570f79d9f). +
-Run the following to start your Hardhat node: +

Hardhat

 +Note: using Hardhat will result in the loss of chain state once your Hardhat node is turned off. + +Run the following command in the root of your project folder to start your Hardhat node: ```bash npx hardhat node ``` -**Once Hardhat is running, you can use `http://localhost:8545` during the agent spawning process as your RPC.** -
+**Once Hardhat is running, you will be able to use `http://localhost:8545` as your development RPC.** -

Funding addresses while running a Hardhat fork

 +##### Funding your addresses There are a number of scripts to fund addresses for testing: - XDAI funding: @@ -174,6 +209,14 @@ poetry run python scripts/fund.py 0xYOURADDRESS ``` - OLAS funding: `TBA` +
+ + +
+ +

Funding addresses while running a Hardhat fork

 + +
## Further notes / issues From 066b765f6c74b6674039647126b8709b1869d1f5 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 13:49:33 +0100 Subject: [PATCH 03/18] chore: Update Docker installation instructions and environment setup --- README.md | 54 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 44 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a02a62fe..4eba8c88 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ -

+

Pearl

Pearl is an application used to run autonomous agents. ## Technologies Used + - Electron - NodeJS (20.11) - AntD @@ -18,6 +19,7 @@ Pearl is an application used to run autonomous agents.

Installing system dependencies

 The following installation scripts assume you have the following on each OS: + - Linux: a debian based operating system such as Ubuntu with `apt` to install packages. - MacOS: [Homebrew](https://brew.sh/) - ~~Windows: [Chocolatey](https://chocolatey.org/install)~~ (Coming soon...) @@ -67,49 +69,74 @@ npm install --global yarn ``` #### Python -##### Linux + +
Linux
 + ```bash sudo apt install python3 ``` -##### MacOS -``` +
+ +
MacOS
 + +```bash brew install python ``` +
+ #### PIPX -##### Linux + +
Linux
 + ```bash sudo apt install pipx ``` -##### MacOS + +
+ +
MacOS
 + ```bash brew install pipx ``` +
+ #### Poetry + ```bash pipx install poetry ``` + If promoted to run `pipx ensurepath`, run this command. #### Docker -##### Linux +
Linux
 + You can change the `ubuntu.22.04~jammy` version to your OS in the following command: + ```bash VERSION_STRING=5:24.0.7-1~ubuntu.22.04~jammy sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin sudo usermod -aG docker $USER ``` + If you are unsure of your current release version and codename to update the VERSION_STRING above, you can run: + ```bash lsb_release -a ``` -##### MacOS + +
+ +
MacOS
 You can [install Docker Desktop via the Docker website](https://www.docker.com/products/docker-desktop/). Be sure to select the correct version for your system's CPU architecture. If you are unsure about your system's CPU architecture, run the following command: + ```bash uname -p # x86 64 Intel chip @@ -118,11 +145,14 @@ uname -p
+
+

Setting up your .env file

 Create a `.env` file in the root directory, or rename `.env.example` to `.env`. #### NODE_ENV + For development usage, set `NODE_ENV=development`. For production usage, set `NODE_ENV=production`. @@ -158,6 +188,7 @@ This command installs the required dependencies for the backend, frontend, and e ```bash yarn install-deps ``` +

Running the development app

 @@ -176,6 +207,7 @@ This will run Electron, which launches the NextJS frontend and the Python backen In the interest of not losing funds, you can run a forked version of Gnosis Mainnet. There are two recommended options: + - Tenderly - Hardhat @@ -187,6 +219,7 @@ There are two recommended options: 3. Click *Create Fork*, select "Gnosis Chain" as the network, and use Chain ID `100`. 4. Copy the RPC url into the appropriate .env variables in your repository. (Recommended to set both `FORK_URL` & `DEV_RPC` to this RPC url during development). 5. Click the *Fund Accounts* button to fund your accounts with XDAI (native token) and [OLAS](https://gnosisscan.io/token/0xce11e14225575945b8e6dc0d4f2dd4c570f79d9f). +

Hardhat

 @@ -201,22 +234,23 @@ npx hardhat node **Once Hardhat is running, you will be able to use `http://localhost:8545` as your development RPC.** ##### Funding your addresses + There are a number of scripts to fund addresses for testing: - XDAI funding: + ``` poetry run python scripts/fund.py 0xYOURADDRESS ``` + - OLAS funding: `TBA`
-

Funding addresses while running a Hardhat fork

 -
## Further notes / issues From f42f35104270bef4fa85930e77e0d75be80f7e3f Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 17:45:34 +0100 Subject: [PATCH 04/18] chore: Add verification step to release workflow ``` --- .github/workflows/release.yml | 13 ++++ README.md | 133 +++++++++++++++++----------------- 2 files changed, 79 insertions(+), 67 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e68ec817..92c81123 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,12 +3,23 @@ name: Build, Notarize, Release # This workflow is triggered on pushing a tag BE CAREFUL this application AUTO UPDATES !!! # git tag vX.Y.Z # git push origin tag vX.Y.Z + on: push: tags: - 'v*.*.*' + jobs: + verify-main-branch: # ensures we only release from main + runs-on: ubuntu-latest + steps: + - name: Exit if not on main branch + if: github.ref != 'refs/heads/main' + run: echo "Not on main branch, exiting" && exit -1 + release-middleware: + needs: + - "verify-main-branch" runs-on: "ubuntu-latest" steps: - uses: actions/checkout@v2 @@ -36,10 +47,12 @@ jobs: password: ${{ secrets.PYPI_TOKEN }} skip-existing: true packages-dir: dist/ + release-operate: runs-on: macos-latest needs: - "release-middleware" + - "verify-main-branch" steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v4 diff --git a/README.md b/README.md index 4eba8c88..049517ae 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@

-Pearl +Pearl

-Pearl is an application used to run autonomous agents. +Pearl is an application used to run autonomous agents powered by the OLAS Network. ## Technologies Used @@ -16,19 +16,18 @@ Pearl is an application used to run autonomous agents. ## Getting Started -

Installing system dependencies

 +### Installing system dependencies -The following installation scripts assume you have the following on each OS: +The following installation steps assume you have the following on each OS: - Linux: a debian based operating system such as Ubuntu with `apt` to install packages. - MacOS: [Homebrew](https://brew.sh/) -- ~~Windows: [Chocolatey](https://chocolatey.org/install)~~ (Coming soon...) -#### NodeJS via NVM +

NodeJS

 -NodeJS is best installed and managed through NVM, which allows you to install and select the version of NodeJS you wish to use. For this project is the current LTS version 20.11. +NodeJS is best installed and managed through NVM. It allows you to install and select specific versions of NodeJS. Pearl has been built using version 20.11, LTS. -##### Linux +
Linux
```bash sudo apt install curl @@ -38,7 +37,7 @@ nvm install --lts nvm use --lts ``` -##### MacOS +
MacOS
```bash brew install nvm @@ -62,22 +61,24 @@ nvm install --lts nvm use --lts ``` -#### Yarn +
+ +

Yarn

 ```bash npm install --global yarn ``` +
-#### Python +

Python

 -
Linux
 +
Linux
```bash sudo apt install python3 ``` -
-
MacOS
 +
MacOS
```bash brew install python @@ -85,17 +86,15 @@ brew install python
-#### PIPX +

PIPX

 -
Linux
 +
Linux
```bash sudo apt install pipx ``` -
- -
MacOS
 +
MacOS
```bash brew install pipx @@ -103,19 +102,21 @@ brew install pipx
-#### Poetry +

Poetry

 ```bash pipx install poetry ``` -If promoted to run `pipx ensurepath`, run this command. +If promoted to run `pipx ensurepath`, run it. + +
-#### Docker +

Docker

 -
Linux
 +
Linux
-You can change the `ubuntu.22.04~jammy` version to your OS in the following command: +*Update the `ubuntu.22.04~jammy` version string to your current OS version before running the following command:* ```bash VERSION_STRING=5:24.0.7-1~ubuntu.22.04~jammy @@ -123,15 +124,13 @@ sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING con sudo usermod -aG docker $USER ``` -If you are unsure of your current release version and codename to update the VERSION_STRING above, you can run: +If you are unsure about your current OS version/codename, you can find it by running: ```bash lsb_release -a ``` -
- -
MacOS
 +
MacOS
You can [install Docker Desktop via the Docker website](https://www.docker.com/products/docker-desktop/). Be sure to select the correct version for your system's CPU architecture. @@ -145,74 +144,75 @@ uname -p
-
- -

Setting up your .env file

 +

Setting up your .env file

-Create a `.env` file in the root directory, or rename `.env.example` to `.env`. +Create an `.env` file in the root directory, or rename `.env.example` to `.env`. +Then set the following environment variables. -#### NODE_ENV +

NODE_ENV

 For development usage, set `NODE_ENV=development`. For production usage, set `NODE_ENV=production`. -#### FORK_URL +
+ +

FORK_URL

 -**Required for both development and production.** +**This variable is required for both development and production.** **Must be a Gnosis Mainnet RPC URL.** -- In `development` this RPC url is forked by Hardhat, so you can interact with the chain without losing your assets. +- In `development` this RPC url is only used if/when forking mainnet with Hardhat (covered later). This process allows you to test without losing funds. - In `production` this RPC URL is used as the main RPC for Pearl. You can get a Gnosis RPC from [Nodies](https://www.nodies.app/). -Then, set `FORK_URL=https://YOUR_RPC_URL_HERE` in your .env file. +Once you have a Gnosis Mainnet RPC URL, set `FORK_URL=YOUR_RPC_URL_HERE` in your .env file. -Note: this must be an external RPC, not your hardhat node RPC, if using Hardhat. +Note: this must be an external RPC. If you decide to use Hardhat for testing on a mainnet fork, do _not_ set your Hardhat Node URL here. +
-### DEV_RPC +

DEV_RPC

 -This RPC is only used while `NODE_ENV=development` is set. -It is used throughout Pearl as the main RPC. -This URL should be set as the RPC URL that you wish to connect to. +This environment variable is only used when `NODE_ENV=development` is set. + +In `development` mode, it is used throughout Pearl as the main RPC. If you're using Hardhat, you can set `DEV_RPC=http://localhost:8545`. -Or, you can use another, external RPC URL here, ensuring that the chain ID is 100 (Gnosis Mainnet's chain ID). +Or, you can use another, external RPC URL that wish to test on, ensuring that the chain ID is 100 (Gnosis Mainnet's chain ID).
-

Installing project dependencies

 +

Installing project dependencies

-This command installs the required dependencies for the backend, frontend, and electron application. +Run the following command to install all project dependencies. ```bash yarn install-deps ``` -
+

Running the application

-

Running the development app

 +Provided your system dependencies are installed, environment variables are set, and your RPC is running. -In the root directory, run: +You can start Pearl by running the following command in the root directory: ```bash yarn start ``` This will run Electron, which launches the NextJS frontend and the Python backend as child processes. -
- -

Chain forking (for development)

 -In the interest of not losing funds, you can run a forked version of Gnosis Mainnet. +

Chain forking (for development)

-There are two recommended options: +In the interest of protecting your funds during development, you can run a forked version of Gnosis Mainnet. -- Tenderly -- Hardhat +There are two recommended options, choose one:

Tenderly (preferred)

 -[Tenderly](https://tenderly.co/) is a service with a plethora of useful blockchain development tools. Of which, the core tool required here is the ability to **fork networks**. + +[Tenderly](https://tenderly.co/) is a service with a plethora of useful blockchain development tools. The tool required here gives you the ability to **fork networks**. + +Can you can also monitor all transactions, and fund your accounts with any token that you please. 1. Signup to [Tenderly](https://tenderly.co/), and select the plan you desire. **The Free plan should suffice for most users**. 2. Go to *Forks* under the *Development* tab -- in the left sidebar of your dashboard. @@ -233,26 +233,25 @@ npx hardhat node **Once Hardhat is running, you will be able to use `http://localhost:8545` as your development RPC.** -##### Funding your addresses +
Funding your addresses with Hardhat
-There are a number of scripts to fund addresses for testing: +There are scripts to fund addresses during testing/development: - XDAI funding: -``` +```bash poetry run python scripts/fund.py 0xYOURADDRESS ``` -- OLAS funding: `TBA` - -
+- OLAS funding: -
- -

Funding addresses while running a Hardhat fork

 +```bash +poetry run python scripts/transfer_olas.py PATH_TO_KEY_CONTAINING_OLAS ADDRESS_TO_TRANSFER AMOUNT +```
-## Further notes / issues +

Notes and Common Issues

-- Only one agent can be run at a time. +- If Pearl is running, it will kill any attempt to run another Pearl instance. This is to ensure there are no port conflicts. +- Enivironment variables are cached in the terminal, if you change them while your terminal is open, you will need to restart the terminal. \ No newline at end of file From 50d947c300aa611543392e9573b27fdcc6bbafea Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:03:26 +0100 Subject: [PATCH 05/18] chore: Update Docker installation instructions and environment setup --- .github/workflows/gitleaks.yml | 18 ++++++++++++++++++ .github/workflows/release.yml | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 .github/workflows/gitleaks.yml diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 00000000..0813d8ba --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,18 @@ +name: Gitleaks +on: + pull_request: + push: + branches: + - main +jobs: + scan: + name: gitleaks + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 92c81123..32733550 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -90,3 +90,36 @@ jobs: FORK_URL: https://rpc-gate.autonolas.tech/gnosis-rpc/ #PUBLISH_FOR_PULL_REQUEST: true #required during testing run: node build.js + + changelog: + runs-on: ubuntu-latest + needs: + - "release-middleware" + - "release-operate" + - "verify-main-branch" + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v4 + with: + python-version: "3.10" + - uses: actions/checkout@master + - uses: actions/setup-python@v3 + with: + python-version: "3.10" + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get autoremove + sudo apt-get autoclean + python -m pip install --upgrade pip + pip install poetry twine + - name: Build wheels and source tarball + run: | + poetry build + - name: Publish Olas Operate Middleware + uses: pypa/gh-action-pypi-publish@release/v1 + with: + user: __token__ + password: ${{ secrets.PYPI_TOKEN }} + skip-existing: true + packages-dir: dist/ From 28c8562e2924e9874a9907d2edd7b985666e2812 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:05:56 +0100 Subject: [PATCH 06/18] chore: Update gitleaks workflow to use specific version of gitleaks --- .github/workflows/gitleaks.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 0813d8ba..2b699f1a 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -12,7 +12,15 @@ jobs: - uses: actions/checkout@v3 with: fetch-depth: 0 - - uses: gitleaks/gitleaks-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} \ No newline at end of file + - uses: actions/setup-go@v3 + with: + go-version: "1.17.7" + - run: | + wget https://github.com/zricethezav/gitleaks/releases/download/v8.10.1/gitleaks_8.10.1_linux_x64.tar.gz && \ + tar -xzf gitleaks_8.10.1_linux_x64.tar.gz && \ + sudo install gitleaks /usr/bin && \ + gitleaks detect --report-format json --report-path leak_report -v + + + + \ No newline at end of file From 5ec63a958e5d9d7e530812caa67fb2d3871a9be6 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:45:11 +0100 Subject: [PATCH 07/18] chore: Add .gitleaksignore file to ignore specific lines --- .gitleaksignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .gitleaksignore diff --git a/.gitleaksignore b/.gitleaksignore new file mode 100644 index 00000000..3bf0c284 --- /dev/null +++ b/.gitleaksignore @@ -0,0 +1,17 @@ +ada5590acaa13a35afb62c368b13c3601e658c0c:operate/services/manage.py:generic-api-key:400 +ada5590acaa13a35afb62c368b13c3601e658c0c:operate/services/manage.py:generic-api-key:401 +ada5590acaa13a35afb62c368b13c3601e658c0c:operate/services/manage.py:generic-api-key:448 +ada5590acaa13a35afb62c368b13c3601e658c0c:operate/services/manage.py:generic-api-key:449 +ef9ec7a111816282b6185e8268a460d02329fbe4:api.md:generic-api-key:13 +ef9ec7a111816282b6185e8268a460d02329fbe4:api.md:generic-api-key:37 +44388a82d29ce4d96e554c828c3c2c12d6ee3b8a:operate/data/contracts/service_staking_token/contract.yaml:generic-api-key:10 +43bb67ace89a4a6e0eee84d3ee6495088288c528:backend/operate/data/contracts/service_staking_token/contract.yaml:generic-api-key:10 +19ecb1e59813c632971658183a9f2d9d88e0614b:backend/operate/data/contracts/service_staking_token/contract.yaml:generic-api-key:10 +37847b0c322a0dbc8987df526a49df70301e44d4:backend/operate/ledger/profiles.py:generic-api-key:29 +6834023917760bf7875cc7c107e0c59ad7925ef4:backend/operate/ledger/profiles.py:generic-api-key:32 +4e8c1c21dffd9283195052117ad4c371f770e0b2:backend/operate/ledger/profiles.py:generic-api-key:28 +88115a38d3843d0f233f234816229de495bc6ece:templates/trader.yaml:generic-api-key:13 +0a426251fedb8b55111455e35bffd661f4489541:backend/test.py:generic-api-key:13 +daf41a143aa8c483db584ba1e7222e8eafec1d3b:backend/operate.yaml:generic-api-key:13 +daf41a143aa8c483db584ba1e7222e8eafec1d3b:backend/controller.py:generic-api-key:201 +af77e930289cbc87987567bff0efc25936484df2:backend/controller.py:generic-api-key:354 \ No newline at end of file From 1c6b01aa021ef4234cfe74ecaae63e373740af7a Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:48:33 +0100 Subject: [PATCH 08/18] chore: Update publishOptions.js to set private to false --- electron/constants/publishOptions.js | 8 ++------ electron/update.js | 9 ++------- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/electron/constants/publishOptions.js b/electron/constants/publishOptions.js index d131bca8..1ecbc1d4 100644 --- a/electron/constants/publishOptions.js +++ b/electron/constants/publishOptions.js @@ -1,15 +1,11 @@ -// update key: READ-ONLY access to Pearl App, delete once public -const updateKey = - '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'; - const publishOptions = { provider: 'github', owner: 'valory-xyz', repo: 'olas-operate-app', releaseType: 'release', token: process.env.GH_TOKEN, - private: true, + private: false, publishAutoUpdate: true, }; -module.exports = { publishOptions, updateKey }; +module.exports = { publishOptions }; diff --git a/electron/update.js b/electron/update.js index efdecc02..d31153f2 100644 --- a/electron/update.js +++ b/electron/update.js @@ -1,21 +1,16 @@ -const { publishOptions, updateKey } = require('./constants/publishOptions'); +const { publishOptions } = require('./constants/publishOptions'); const electronUpdater = require('electron-updater'); const electronLogger = require('electron-log'); const macUpdater = new electronUpdater.MacUpdater({ ...publishOptions, - private: true, - token: updateKey, + private: false, }); macUpdater.logger = electronLogger; macUpdater.setFeedURL({ ...publishOptions, - token: updateKey, - requestHeaders: { - authorization: `Bearer ${updateKey}`, - }, }); macUpdater.autoDownload = true; From ff28069f045ebc01a210fc2bcf9bf53bd66741b4 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:51:00 +0100 Subject: [PATCH 09/18] Update build.js to fix release workflow --- .github/workflows/release.yml | 43 ++++------------------------------- 1 file changed, 5 insertions(+), 38 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 32733550..a31738d6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,15 +4,15 @@ name: Build, Notarize, Release # git tag vX.Y.Z # git push origin tag vX.Y.Z -on: +on: push: tags: - 'v*.*.*' jobs: verify-main-branch: # ensures we only release from main - runs-on: ubuntu-latest - steps: + runs-on: ubuntu-latest + steps: - name: Exit if not on main branch if: github.ref != 'refs/heads/main' run: echo "Not on main branch, exiting" && exit -1 @@ -21,7 +21,7 @@ jobs: needs: - "verify-main-branch" runs-on: "ubuntu-latest" - steps: + steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v4 with: @@ -89,37 +89,4 @@ jobs: DEV_RPC: https://rpc-gate.autonolas.tech/gnosis-rpc/ FORK_URL: https://rpc-gate.autonolas.tech/gnosis-rpc/ #PUBLISH_FOR_PULL_REQUEST: true #required during testing - run: node build.js - - changelog: - runs-on: ubuntu-latest - needs: - - "release-middleware" - - "release-operate" - - "verify-main-branch" - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v4 - with: - python-version: "3.10" - - uses: actions/checkout@master - - uses: actions/setup-python@v3 - with: - python-version: "3.10" - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get autoremove - sudo apt-get autoclean - python -m pip install --upgrade pip - pip install poetry twine - - name: Build wheels and source tarball - run: | - poetry build - - name: Publish Olas Operate Middleware - uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - password: ${{ secrets.PYPI_TOKEN }} - skip-existing: true - packages-dir: dist/ + run: node build.js \ No newline at end of file From 1ce1b63caaf1c7b512f05cf2ee0b27e42f4313a8 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:51:23 +0100 Subject: [PATCH 10/18] chore: Update gitleaks workflow to use latest version --- .github/workflows/gitleaks.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 2b699f1a..979cfa4b 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -19,8 +19,4 @@ jobs: wget https://github.com/zricethezav/gitleaks/releases/download/v8.10.1/gitleaks_8.10.1_linux_x64.tar.gz && \ tar -xzf gitleaks_8.10.1_linux_x64.tar.gz && \ sudo install gitleaks /usr/bin && \ - gitleaks detect --report-format json --report-path leak_report -v - - - - \ No newline at end of file + gitleaks detect --report-format json --report-path leak_report -v \ No newline at end of file From 1d7af4128283592435e55dcb68b3b8fd594a38eb Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:52:30 +0100 Subject: [PATCH 11/18] chore: Update hardhat.config.js to use environment variable for forking URL --- hardhat.config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hardhat.config.js b/hardhat.config.js index a822326c..610348d8 100644 --- a/hardhat.config.js +++ b/hardhat.config.js @@ -8,7 +8,7 @@ const config = { networks: { hardhat: { forking: { - url: "https://gnosis-pokt.nodies.app" + url: process.env.FORK_URL, }, chainId: 100, }, From a89d2aeae5668ee1877690cf90d51131e791e5a2 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:56:28 +0100 Subject: [PATCH 12/18] chore: Update release workflow to remove unnecessary environment variables --- .github/workflows/release.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a31738d6..79191e76 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -81,12 +81,10 @@ jobs: APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLEIDPASS }} APPLE_ID: ${{ secrets.APPLEID }} APPLETEAMID: ${{ secrets.APPLETEAMID }} - #CSC_FOR_PULL_REQUEST: true #required during testing CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} CSC_LINK: ${{ secrets.CSC_LINK }} GH_TOKEN: ${{ secrets.github_token}} NODE_ENV: production DEV_RPC: https://rpc-gate.autonolas.tech/gnosis-rpc/ FORK_URL: https://rpc-gate.autonolas.tech/gnosis-rpc/ - #PUBLISH_FOR_PULL_REQUEST: true #required during testing run: node build.js \ No newline at end of file From f05cef56552245efe1aaf3ae3d1621f1a31555d1 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Fri, 24 May 2024 18:56:51 +0100 Subject: [PATCH 13/18] chore: Simplify release workflow by removing unnecessary environment variables --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 79191e76..88431c92 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Build, Notarize, Release +name: Release # This workflow is triggered on pushing a tag BE CAREFUL this application AUTO UPDATES !!! # git tag vX.Y.Z From c3d1e40b0d015e27f4c0a33f35965759bc357cc2 Mon Sep 17 00:00:00 2001 From: David Vilela Date: Mon, 27 May 2024 12:05:46 +0200 Subject: [PATCH 14/18] chore: add SECURITY.md --- SECURITY.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..38e750eb --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,34 @@ +# Security Policy + +This document outlines security procedures and general policies for the `olas-operate-app` project. + +## Supported Versions + +The following table shows which versions of `olas-operate-app` are currently being supported with security updates. + +| Version | Supported | +|-----------------|--------------------| +| `1.0.0` | :white_check_mark: | +| `< 1.0.0` | :x: | + +## Reporting a Vulnerability + +The `olas-operate-app` team and community take all security bugs in `olas-operate-app` seriously. Thank you for improving the security of `olas-operate-app`. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. + +Report security bugs by emailing `info@valory.xyz`. + +The lead maintainer will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavour to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. + +Report security bugs in third-party modules to the person or team maintaining the module. + +## Disclosure Policy + +When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps: + +- Confirm the problem and determine the affected versions. +- Audit code to find any potential similar problems. +- Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible to PyPI. + +## Comments on this Policy + +If you have suggestions on how this process could be improved please submit a pull request. From 42473a7747caa1542069a1f4ca0ae74703c94897 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Mon, 27 May 2024 11:31:37 +0100 Subject: [PATCH 15/18] chore: Update NodeJS version to 20.11 LTS and AntD to version 5 --- README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 049517ae..4043579a 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,13 @@ Pearl is an application used to run autonomous agents powered by the OLAS Networ ## Technologies Used - Electron -- NodeJS (20.11) -- AntD -- TypeScript +- NodeJS (20.11 LTS) +- AntD (^5) +- NextJS (^14) +- Javascript / TypeScript - Python (3.10) -- Poetry (1.7.1) -- Docker (24) +- Poetry (^1.7.1) +- Docker Engine ## Getting Started From 0a5789480019b1404520e4c850bfe0724e777445 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Mon, 27 May 2024 11:36:27 +0100 Subject: [PATCH 16/18] docs: Fix typo in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4043579a..00141b22 100644 --- a/README.md +++ b/README.md @@ -213,7 +213,7 @@ There are two recommended options, choose one: [Tenderly](https://tenderly.co/) is a service with a plethora of useful blockchain development tools. The tool required here gives you the ability to **fork networks**. -Can you can also monitor all transactions, and fund your accounts with any token that you please. +You can also monitor all transactions, and fund your accounts with any token that you please. 1. Signup to [Tenderly](https://tenderly.co/), and select the plan you desire. **The Free plan should suffice for most users**. 2. Go to *Forks* under the *Development* tab -- in the left sidebar of your dashboard. From c3747cbdf983cd4c4b9f3a4957b5a814c4a62e74 Mon Sep 17 00:00:00 2001 From: truemiller <31908788+truemiller@users.noreply.github.com> Date: Mon, 27 May 2024 11:38:21 +0100 Subject: [PATCH 17/18] chore: Update README.md with package manager information --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 00141b22..8eb3551a 100644 --- a/README.md +++ b/README.md @@ -66,6 +66,8 @@ nvm use --lts

Yarn

 +Yarn is the package manager used for dependency management of the Electron app and NextJS frontend. + ```bash npm install --global yarn ``` @@ -105,6 +107,8 @@ brew install pipx

Poetry

 +Poetry is used on the backend to install and manage dependencies, and create a virtual environment for the backend API. + ```bash pipx install poetry ``` From 0df23ef3642dab29bb97295fecbd841ccae469d0 Mon Sep 17 00:00:00 2001 From: David Vilela Date: Mon, 27 May 2024 13:29:53 +0200 Subject: [PATCH 18/18] fix: ignore false positive leaks --- .gitignore | 3 ++- .gitleaksignore | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 0aa98c9c..c7eba539 100644 --- a/.gitignore +++ b/.gitignore @@ -35,4 +35,5 @@ temp/ dist/ electron/.next -cache \ No newline at end of file +cache +leak_report diff --git a/.gitleaksignore b/.gitleaksignore index 3bf0c284..3458d63f 100644 --- a/.gitleaksignore +++ b/.gitleaksignore @@ -14,4 +14,6 @@ ef9ec7a111816282b6185e8268a460d02329fbe4:api.md:generic-api-key:37 0a426251fedb8b55111455e35bffd661f4489541:backend/test.py:generic-api-key:13 daf41a143aa8c483db584ba1e7222e8eafec1d3b:backend/operate.yaml:generic-api-key:13 daf41a143aa8c483db584ba1e7222e8eafec1d3b:backend/controller.py:generic-api-key:201 -af77e930289cbc87987567bff0efc25936484df2:backend/controller.py:generic-api-key:354 \ No newline at end of file +af77e930289cbc87987567bff0efc25936484df2:backend/controller.py:generic-api-key:354b04972639d66053109596d3b73a1d91688964ebb:electron/constants/publishOptions.js:github-fine-grained-pat:3 +b04972639d66053109596d3b73a1d91688964ebb:electron/constants/publishOptions.js:github-fine-grained-pat:3 +af77e930289cbc87987567bff0efc25936484df2:backend/controller.py:generic-api-key:354