Minor changes to permissionless refactoring (#11)

* docs: adding initial diagram * ops: sonarcloud setup * ops: removing unecessary debug service * refactor: dropping trusted * refactor: naming for pless * refactor: deployment_idx find . -type f | grep -v ".git" | xargs -I xxx sed -i 's/deployment_idx/deployment_suffix/gi' xxx * docs: adding note for running pless * ops: security * ops: updating for fid8 * docs: minor changes for fid8 testing * ops: kurtosis lint * fix: shellcheck * docs: path fix * docs: adding some comments * nit: comments --------- Co-authored-by: leovct <[email protected]>
0xPolygon · Mar 19, 2024 · 49185e2 · 49185e2
1 parent 1a09734
commit 49185e2
Show file tree

Hide file tree

Showing 23 changed files with 8,201 additions and 169 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+# These owners will be the default owners for everything in the repo.
+*       @0xPolygon/dev-tools
+*       @praetoriansentry
diff --git a/.github/workflows/security-build.yml b/.github/workflows/security-build.yml
@@ -0,0 +1,22 @@
+name: Security Build
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch: {}
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/cdk/README.org → README.org b/cdk/README.org → README.org
@@ -1,11 +1,13 @@
 * Polygon CDK Kurtosis Package
 
+[[file:cdk/docs/architecture.png]]
+
 To get started you'll want to get everything [[https://docs.kurtosis.com/install/][installed]]. Once that's
 good and installed on your system, you can ~cd~ into this directory
 and run:
 
 #+begin_src bash
-kurtosis run --enclave cdk-v1 --args-file cdk-params.yml .
+kurtosis run --enclave cdk-v1 --args-file cdk/params.yml cdk
 #+end_src
 
 This command will take a few minutes but will basically run an entire
@@ -27,14 +29,14 @@ overwhelming. If we want to simply see the port mapping within the
 ~trusted-rpc~ port, we can run this command.
 
 #+begin_src bash
-kurtosis port print cdk-v1 zkevm-node-trusted-rpc-001 http-rpc
+kurtosis port print cdk-v1 zkevm-node-rpc-001 http-rpc
 #+end_src
 
 For the sake of this document, I'm going to map that value to an
 environment variable.
 
 #+begin_src bash
-export ETH_RPC_URL="$(kurtosis port print cdk-v1 zkevm-node-trusted-rpc-001 http-rpc)"
+export ETH_RPC_URL="$(kurtosis port print cdk-v1 zkevm-node-rpc-001 http-rpc)"
 #+end_src
 
 That is the same environment variable that ~cast~ uses, so now I
@@ -82,13 +84,43 @@ container to be able to poke around.
 kurtosis service shell cdk-v1 zkevm-node-sequencer-001
 #+end_src
 
+One of the most common ways to check the status of the system is to
+make sure that batches are going through the normal progression of
+trusted, virtual, and verified:
+
+#+begin_src bash
+cast rpc zkevm_batchNumber
+cast rpc zkevm_virtualBatchNumber
+cast rpc zkevm_verifiedBatchNumber
+#+end_src
+
 When everything is done, you might want to clean up with this command
 which stopps everything and deletes it.
 
 #+begin_src bash
 kurtosis clean -a
 #+end_src
 
+** Permissionless Node
+
+In addition to the core stack, you can also attach and synchronize a
+permissionless node. Of course, you'll need the CDK stack running from
+the previous commands. Assuming that has run and correctly created a
+network, you'll need to pull the genesis file artifact out and add it
+to your ~permissionless-node~ kurtosis package.
+
+#+begin_src bash
+kurtosis files download cdk-v1 zkevm /tmp
+cp /tmp/zkevm/genesis.json permissionless-node/genesis.json
+#+end_src
+
+Now that we have the right genesis file, we can add a permissionless
+node to the ~cdk-v1~ enclave:
+
+#+begin_src bash
+kurtosis run --enclave cdk-v1 --args-file permissionless-node/params.yml permissionless-node
+#+end_src
+
 ** License
 
 Copyright (c) 2024 PT Services DMCC

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,17 @@
+# Polygon Technology Security Information
+
+## Link to vulnerability disclosure details (Bug Bounty).
+- Websites and Applications: https://hackerone.com/polygon-technology
+- Smart Contracts: https://immunefi.com/bounty/polygon
+
+## Languages that our team speaks and understands.
+Preferred-Languages: en
+
+## Security-related job openings at Polygon.
+https://polygon.technology/careers
+
+## Polygon security contact details.
+[email protected]
+
+## The URL for accessing the security.txt file.
+Canonical: https://polygon.technology/security.txt