ebd0ebf1f0
Some checks failed
CI / Frontend Lint (pull_request) Failing after 7s
CI / Frontend Type Check (pull_request) Failing after 8s
CI / Frontend Build (pull_request) Failing after 5s
CI / Frontend E2E Tests (pull_request) Failing after 8s
CI / Orchestrator Build (pull_request) Failing after 5s
CI / Orchestrator Unit Tests (pull_request) Failing after 6s
CI / Orchestrator E2E (Testcontainers) (pull_request) Has been skipped
CI / Contracts Compile (pull_request) Failing after 7s
CI / Contracts Test (pull_request) Failing after 5s
Code Quality / SonarQube Analysis (pull_request) Failing after 19s
Code Quality / Code Quality Checks (pull_request) Failing after 7s
Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 3s
Security Scan / OWASP ZAP Scan (pull_request) Failing after 3s
- contracts/scripts/deploy-notary-registry.ts: self-compiling ethers v6
deploy for NotaryRegistry.sol (solc-js in-process — avoids hardhat's
HH1006 on contracts/node_modules), with NOTARY_DRY_RUN mode and a
machine-readable JSON envelope as last stdout line.
- contracts/hardhat.config.ts: chain138 network (RPC defaults to the
public endpoint that resolves EXT-CHAIN138-CI-RPC).
- orchestrator/Dockerfile: multi-stage node:20-alpine build, non-root
user, dumb-init, /health HEALTHCHECK on :8080.
- Dockerfile (root, portal): multi-stage vite build → nginx:1.27-alpine,
VITE_ORCHESTRATOR_URL baked at build time.
- nginx.conf: SPA fallback + long-cache /assets, sourcemaps denied.
- docker-compose.yml: full sandbox stack (postgres 15 + redis 7 +
orchestrator + portal), all secrets parameterised via env_file.
- .env.sandbox.example: template with EXT-* blocker env vars documented
and CHAIN_138_RPC_URL defaulting to the resolved public endpoint.
- .dockerignore: excludes node_modules, artifacts, cache, terraform, k8s.
- orchestrator/src/config/env.ts: emptyToUndefined() preprocess so zod
optional regex fields validate empty-string identically to unset
(fixes docker-compose NOTARY_REGISTRY_ADDRESS= sandbox booting).
Headless smoke test on this box:
- docker compose --env-file .env.sandbox up -d → all 4 containers
reported Healthy.
- curl /ready → {"ready":true}
- curl portal / → HTTP 200 with correct <title>.
- orchestrator boot log prints all 7 EXT-* IDs (6 active, 1 resolved).
- /health returns 503 on this particular builder because memory is
'critical' — DB + Redis both 'up'; this is environment-specific and
not caused by PR Z.
Unit: 13 suites / 167 tests still pass after env.ts preprocess change.
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
56 lines
2.1 KiB
Plaintext
56 lines
2.1 KiB
Plaintext
# CurrenciCombo sandbox env — copy to `.env.sandbox` and edit.
|
|
#
|
|
# cp .env.sandbox.example .env.sandbox
|
|
# docker compose --env-file .env.sandbox up -d
|
|
#
|
|
# `EVENT_SIGNING_SECRET` and `ORCHESTRATOR_API_KEYS` are REQUIRED —
|
|
# orchestrator will refuse to boot without them (see PR I boot-time
|
|
# env assertions in orchestrator/src/config/env.ts).
|
|
|
|
# ---- Postgres ----
|
|
POSTGRES_DB=currencicombo
|
|
POSTGRES_USER=currencicombo
|
|
POSTGRES_PASSWORD=currencicombo
|
|
POSTGRES_PORT=5432
|
|
|
|
# ---- Redis ----
|
|
REDIS_PORT=6379
|
|
|
|
# ---- Orchestrator ----
|
|
ORCHESTRATOR_PORT=8080
|
|
# 32+ random bytes, hex-encoded. Generate with:
|
|
# openssl rand -hex 32
|
|
EVENT_SIGNING_SECRET=change-me-to-openssl-rand-hex-32
|
|
# Comma-separated `key:role` pairs; role ∈ {initiator, settler, auditor}
|
|
# Generate a key with:
|
|
# openssl rand -hex 16
|
|
ORCHESTRATOR_API_KEYS=local-demo-key:initiator,local-settler-key:settler,local-auditor-key:auditor
|
|
|
|
# ---- Chain 138 (EXT-CHAIN138-CI-RPC resolved by default) ----
|
|
CHAIN_138_RPC_URL=https://rpc.public-0138.defi-oracle.io
|
|
# Published by `contracts/scripts/deploy-notary-registry.ts` once you
|
|
# deploy NotaryRegistry.sol. Leave blank to run in mock-anchor mode.
|
|
NOTARY_REGISTRY_ADDRESS=
|
|
# Funded signer for on-chain anchors. Leave blank to run in mock-anchor
|
|
# mode (orchestrator logs "[NotaryChain] mock anchor — reason: notary
|
|
# envs not set" when unset).
|
|
ORCHESTRATOR_PRIVATE_KEY=
|
|
|
|
# ---- External blockers (leave blank to run in sandbox/mock mode) ----
|
|
# EXT-DBIS-CORE — flip when dbis_core is deployed
|
|
DBIS_CORE_URL=
|
|
# EXT-FIN-GATEWAY — flip when real FIN / Alliance Access gateway is provisioned
|
|
FIN_SANDBOX_URL=
|
|
# cc-identity-core HTTP base URL
|
|
CC_IDENTITY_URL=
|
|
# cc-compliance-controls matrix JSON URL (optional — embedded v0 is used if blank)
|
|
CC_CONTROLS_MATRIX_URL=
|
|
|
|
# ---- Portal (Vite) ----
|
|
PORTAL_PORT=3000
|
|
# Baked into the portal bundle at build time. Must be the URL the
|
|
# browser uses to reach the orchestrator (usually localhost + the
|
|
# published ORCHESTRATOR_PORT). Leave blank to run the portal in its
|
|
# built-in demo-fallback mode.
|
|
VITE_ORCHESTRATOR_URL=http://localhost:8080
|