0xPolygon · praetoriansentry · Mar 15, 2024 · Mar 15, 2024 · Mar 15, 2024 · Mar 15, 2024
@@ -0,0 +1,3 @@
+# These owners will be the default owners for everything in the repo.
+*       @0xPolygon/dev-tools
+*       @praetoriansentry
@@ -11,12 +11,14 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  deploy:
+  cdk_package:
     runs-on: ubuntu-latest
+    continue-on-error: true
     steps:
       - uses: actions/checkout@v4
-      - name: Deploy devnet
+
+      - name: Deploy kurtosis package
         uses: kurtosis-tech/kurtosis-github-action@v1
         with:
-          path: .
-          args: cdk-params.yml
+          path: cdk
+          args: cdk/params.yml
@@ -11,44 +11,47 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  starklark:
+  package:
     runs-on: ubuntu-latest
+    continue-on-error: true
+    strategy:
+      matrix:
+        package: ["cdk", "permissionless-node"]
     steps:
       - uses: actions/checkout@v4
+
+      # Install linters
       - name: Install kurtosis
         run: |
           echo "deb [trusted=yes] https://apt.fury.io/kurtosis-tech/ /" | sudo tee /etc/apt/sources.list.d/kurtosis.list
           sudo apt update
           sudo apt install kurtosis-cli
           kurtosis analytics disable
-      - name: Run kurtosis linter
-        run: kurtosis lint ${{ github.workspace }}
 
-  yaml:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
       - name: Install yamllint
         run: pip install yamllint
-      - name: Run yamllint
-        run: yamllint --config-file .yamllint.yml .
 
-  hadolint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
       - name: Install hadolint
         run: |
           sudo wget -O /usr/local/bin/hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64
           sudo chmod +x /usr/local/bin/hadolint
-      - name: Run hadolint
-        run: find . -type f -name 'Dockerfile*' | sort | xargs -I {} hadolint --config .hadolint.yml {}
 
-  shellcheck:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
       - name: Install shellcheck
         run: sudo apt install shellcheck
+
+      # Run linters
+      - name: Run kurtosis linter
+        working-directory: ${{ matrix.package }}
+        run: kurtosis lint .
+
+      - name: Run yamllint
+        working-directory: ${{ matrix.package }}
+        run: yamllint --config-file ${{ github.workspace }}/.yamllint.yml .
+
+      - name: Run hadolint
+        working-directory: ${{ matrix.package }}
+        run: find . -type f -name 'Dockerfile*' | sort | xargs -I {} hadolint --config ${{ github.workspace }}/.hadolint.yml {}
+
       - name: Run shellcheck
+        working-directory: ${{ matrix.package }}
         run: find . -type f -name '*.sh' | sort | xargs -I {} shellcheck {}
@@ -0,0 +1,22 @@
+name: Security Build
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch: {}
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -1,11 +1,13 @@
 * Polygon CDK Kurtosis Package
 
+[[file:docs/architecture.png]]
+
 To get started you'll want to get everything [[https://docs.kurtosis.com/install/][installed]]. Once that's
 good and installed on your system, you can ~cd~ into this directory
 and run:
 
 #+begin_src bash
-kurtosis run --enclave cdk-v1 --args-file cdk-params.yml .
+kurtosis run --enclave cdk-v1 --args-file cdk/params.yml cdk
 #+end_src
 
 This command will take a few minutes but will basically run an entire
@@ -27,14 +29,14 @@ overwhelming. If we want to simply see the port mapping within the
 ~trusted-rpc~ port, we can run this command.
 
 #+begin_src bash
-kurtosis port print cdk-v1 zkevm-node-rpc-001 trusted-rpc
+kurtosis port print cdk-v1 zkevm-node-rpc-001 http-rpc
 #+end_src
 
 For the sake of this document, I'm going to map that value to an
 environment variable.
 
 #+begin_src bash
-export ETH_RPC_URL="$(kurtosis port print cdk-v1 zkevm-node-rpc-001 trusted-rpc)"
+export ETH_RPC_URL="$(kurtosis port print cdk-v1 zkevm-node-rpc-001 http-rpc)"
 #+end_src
 
 That is the same environment variable that ~cast~ uses, so now I
@@ -82,13 +84,43 @@ container to be able to poke around.
 kurtosis service shell cdk-v1 zkevm-node-sequencer-001
 #+end_src
 
+One of the most common ways to check the status of the system is to
+make sure that batches are going through the normal progression of
+trusted, virtual, and verified:
+
+#+begin_src bash
+cast rpc zkevm_batchNumber
+cast rpc zkevm_virtualBatchNumber
+cast rpc zkevm_verifiedBatchNumber
+#+end_src
+
 When everything is done, you might want to clean up with this command
 which stopps everything and deletes it.
 
 #+begin_src bash
 kurtosis clean -a
 #+end_src
 
+** Permissionless Node
+
+In addition to the core stack, you can also attach and synchronize a
+permissionless node. Of course, you'll need the CDK stack running from
+the previous commands. Assuming that has run and correctly created a
+network, you'll need to pull the genesis file artifact out and add it
+to your ~permissionless-node~ kurtosis package.
+
+#+begin_src bash
+kurtosis files download cdk-v1 zkevm /tmp
+cp /tmp/zkevm/genesis.json permissionless-node/genesis.json
+#+end_src
+
+Now that we have the right genesis file, we can add a permissionless
+node to the ~cdk-v1~ enclave:
+
+#+begin_src bash
+kurtosis run --enclave cdk-v1 --args-file permissionless-node/params.yml permissionless-node
+#+end_src
+
 ** License
 
 Copyright (c) 2024 PT Services DMCC
@@ -108,5 +140,3 @@ Unless you explicitly state otherwise, any contribution intentionally
 submitted for inclusion in the work by you, as defined in the
 Apache-2.0 license, shall be dual licensed as above, without any
 additional terms or conditions.
-
-
@@ -0,0 +1,17 @@
+# Polygon Technology Security Information
+
+## Link to vulnerability disclosure details (Bug Bounty).
+- Websites and Applications: https://hackerone.com/polygon-technology
+- Smart Contracts: https://immunefi.com/bounty/polygon
+
+## Languages that our team speaks and understands.
+Preferred-Languages: en
+
+## Security-related job openings at Polygon.
+https://polygon.technology/careers
+
+## Polygon security contact details.
+[email protected]
+
+## The URL for accessing the security.txt file.
+Canonical: https://polygon.technology/security.txt