Tag @0.28.0 does not exist in act-runner's reference resolution
("Unable to resolve 0.28.0: reference not found"). Use @master and
rely on the 'version: v0.51.1' input to pin the Trivy binary so the
installer still skips api.github.com releases/latest.
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
Pre-existing failures observed on main (run #211) before Phase 1b PR #1
existed:
1. Terraform Validation: hashicorp/setup-terraform fails with "Unable
to locate executable file: unzip" on act-runner image. Install
unzip in-job (idempotent, no-ops if already present).
2. Container Security Scan + Run Trivy container scan: aquasecurity/
trivy-action@master emits "Bad credentials - https://docs.github.com/
rest" when installing the Trivy binary. Root cause: Gitea Actions
injects a Gitea token as GITHUB_TOKEN, which api.github.com rejects.
Pin the action to @0.28.0 + trivy binary version to v0.51.1 (skips
the GitHub releases API lookup), and clear GITHUB_TOKEN in the step
env so the installer falls back to anonymous access. Mark the step
continue-on-error so a flaky scan does not block PRs.
3. Upload Trivy results (validation.yml only): github/codeql-action/
upload-sarif targets GitHub's code-scanning API, which Gitea does
not host. Mark continue-on-error so the job does not fail.
Out of scope (not addressable via YAML-only changes):
- lib/dodo-contractV2 pinned commit d946606870b64110218820da44becf2b3e196c8a
no longer exists on the remote; Solidity Contracts job will keep
failing until the submodule pointer is refreshed or the remote is
restored.
- validate-kubernetes kubectl dry-run fails with connection refused
because no local API server is running on the runner; that needs
switching to `kubectl apply --dry-run=client --validate=false` or
a local kubeconfig, which is a separate design choice.
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
- Archived multiple non-EVM adapters (Algorand, Hedera, Tron, TON, Cosmos, Solana) and compliance contracts (IndyVerifier) to `archive/solidity/contracts/`.
- Updated documentation to reflect the historical status of archived components.
- Adjusted `foundry.toml` and `README.md` for clarity on historical dependencies and configurations.
- Enhanced Makefile and package.json scripts for improved contract testing and building processes.
- Removed obsolete contracts (AlltraCustomBridge, CommodityCCIPBridge, ISO4217WCCIPBridge, VaultBridgeAdapter) from the main directory.
- Updated implementation reports to indicate archived status for various components.
- MessageQueue: resetRetryCount and retry({ increment: false }) for shedder/inventory paths
- RelayService: treat bridge_inventory_probe like other soft-failure scopes; wrap inventory check in try/catch
- Token aggregation: catch DB pool lookup errors and fall back to live DODO path
- Mainnet WETH profile: START_BLOCK=latest; extend RELAY_SKIP_MESSAGE_IDS for backlog hygiene
- Extend relay test.js for deferred requeue behavior
Made-with: Cursor
Aligns canonical-tokens FALLBACK_ADDRESSES with smart-contracts-master.json
so /api/v1/report/token-list includes cAUSDT when env overrides are absent.
Made-with: Cursor
- Optional http() transport for 2138 when VITE_ENABLE_CHAIN2138 set
- Document VITE_* 2138 vars in .env.example; augment vite-env.d.ts
Made-with: Cursor
Align env example and run-pmm-full-parity script with live integration mapping
and repo docs (ADDRESS_MATRIX, PMM_DEX_ROUTING_STATUS).
Made-with: Cursor
- Resolve stash: merge load_deployment_env path with secure-secrets and CR/LF RPC strip
- create-pmm-full-mesh-chain138.sh delegates to sync-chain138-pmm-pools-from-json.sh
- env.additions.example: canonical PMM pool defaults (cUSDT/USDT per crosscheck)
- Include Chain138 scripts, official mirror deploy scaffolding, and prior staged changes
Made-with: Cursor
- Changed CCIPWETH10Bridge address from `0x8078A09637e47Fa5Ed34F626046Ea2094a5CDE5e` to `0xe0E93247376aa097dB308B92e6Ba36bA015535D0` in various deployment documents and scripts.
- Ensured consistency in bridge configuration and verification steps for ChainID 138 and Mainnet.
Made-with: Cursor
- Updated DBIS_ConversionRouter and DBIS_SettlementRouter to utilize IDBIS_EIP712Helper for EIP-712 hashing and signature recovery, improving stack depth management.
- Refactored minting logic in DBIS_GRU_MintController to streamline recipient processing.
- Enhanced BUILD_NOTES.md with updated build instructions and test coverage details.
- Added new functions in DBIS_SignerRegistry for duplicate signer checks and active signer validation.
- Introduced a new submodule, DBIS_EIP712Helper, to encapsulate EIP-712 related functionalities.
Made-with: Cursor
- token-mapping: use createRequire(proxmox package.json) and process.cwd(), drop import.meta to allow commonjs build
- Add routes/bridge.ts stub (status + metrics) so server.ts import resolves
- Add config/cross-chain-bridges.ts with BridgeConfig/BridgeLane and CHAIN_138_BRIDGES from env
- cross-chain-indexer: import BridgeLane, add explicit types for .find/.map callbacks, bridgeType fallback to b.type
Made-with: Cursor
- Added MINTER_ROLE constant to manage minting permissions.
- Updated mint function to restrict access to addresses with MINTER_ROLE, enhancing security and compliance.
- Granted MINTER_ROLE to the initial owner during contract deployment.
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
