d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions 1 Packages Projects Releases Wiki Activity

Add Oracle Aggregator and CCIP Integration

Browse Source 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
This commit is contained in:
defiQUG
2025-12-12 14:57:48 -08:00
parent a1466e4005
commit 1fb7266469
1720 changed files with 241279 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

178
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,178 @@
name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
env:
SOLIDITY_VERSION: "0.8.19"
FOUNDRY_VERSION: "nightly"
jobs:
# Compile and test Solidity contracts
solidity:
name: Solidity Contracts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: ${{ env.FOUNDRY_VERSION }}
- name: Install dependencies
run: |
# Install OpenZeppelin if needed (for contracts requiring it)
# Note: New WETH contracts (WETH10, CCIPWETH9Bridge, CCIPWETH10Bridge) are independent
# Existing CCIP contracts (CCIPSender, CCIPRouter, etc.) require OpenZeppelin
if [ -d ".git" ]; then
forge install OpenZeppelin/openzeppelin-contracts --no-commit || echo "OpenZeppelin may already be installed or git not initialized"
else
echo "Git not initialized - skipping OpenZeppelin installation"
echo "Note: Contracts requiring OpenZeppelin will not compile"
fi
- name: Compile contracts
run: forge build
- name: Run tests
run: forge test --gas-report
- name: Run Slither
run: |
pip install slither-analyzer
chmod +x scripts/security/slither-scan.sh
./scripts/security/slither-scan.sh || true
continue-on-error: true
- name: Run Mythril
run: |
pip install mythril
chmod +x scripts/security/mythril-scan.sh
./scripts/security/mythril-scan.sh || true
continue-on-error: true
- name: Run SolidityScan
if: ${{ secrets.SOLIDITYSCAN_API_KEY != '' }}
run: |
pip install solidityscan
solidityscan --api-key ${{ secrets.SOLIDITYSCAN_API_KEY }} --project-path . || true
continue-on-error: true
env:
SOLIDITYSCAN_API_KEY: ${{ secrets.SOLIDITYSCAN_API_KEY }}
- name: Upload Slither reports
uses: actions/upload-artifact@v4
if: always()
with:
name: slither-reports
path: reports/slither/
- name: Upload Mythril reports
uses: actions/upload-artifact@v4
if: always()
with:
name: mythril-reports
path: reports/mythril/
# Security scanning
security:
name: Security Scanning
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy container scan
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
continue-on-error: true
- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
continue-on-error: true
- name: Run Snyk security scan
uses: snyk/actions/setup@master
continue-on-error: true
- name: Snyk test
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
continue-on-error: true
with:
args: --severity-threshold=high
# Lint and format check
lint:
name: Lint and Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: ${{ env.FOUNDRY_VERSION }}
- name: Check formatting
run: forge fmt --check
- name: Lint YAML files
uses: ibiqlik/action-yamllint@v3
with:
file_or_dir: .
config_file: .yamllint.yml
continue-on-error: true
# Terraform validation
terraform:
name: Terraform Validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.6.0"
- name: Terraform Init
working-directory: terraform
run: terraform init -backend=false
- name: Terraform Validate
working-directory: terraform
run: terraform validate
- name: Terraform Format Check
working-directory: terraform
run: terraform fmt -check
# Kubernetes manifest validation
kubernetes:
name: Kubernetes Validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install kubectl
uses: azure/setup-kubectl@v3
- name: Validate Kubernetes manifests
run: |
for file in $(find k8s helm -name "*.yaml" -o -name "*.yml"); do
echo "Validating $file"
kubectl apply --dry-run=client -f "$file" || true
done
continue-on-error: true