feat: Local signing for stellar (#178)

* feat: Local signing for stellar

Signed-off-by: dylankilkenny <[email protected]>

* chore: Upgrade soroban-rs

Signed-off-by: dylankilkenny <[email protected]>

* chore: Update lock

Signed-off-by: dylankilkenny <[email protected]>

* refactor: Review changes

Signed-off-by: dylankilkenny <[email protected]>

* chore: Update lock

Signed-off-by: dylankilkenny <[email protected]>

* fix: Test clean up of unneeded files

* fix: Lock file

* chore: Fix docker rmi

* chore: Add docker image description

* chore: Adjust quotes in description

* chore: Tests

Signed-off-by: dylankilkenny <[email protected]>

* chore: Lock file

Signed-off-by: dylankilkenny <[email protected]>

---------

Signed-off-by: dylankilkenny <[email protected]>
Co-authored-by: tirumerla <[email protected]>

Author: dylankilkenny

.github/workflows/ci.yaml

@@ -1,38 +1,35 @@
 ---
 name: CI
-
 on:
   pull_request:
     branches:
       - main
-    types: [opened, synchronize, reopened, ready_for_review]
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
   push:
     branches:
       - main
-
 # run concurrency group for the workflow
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
-
 jobs:
   changed_files:
     if: ${{ github.event.pull_request.draft == false }}
     runs-on: ubuntu-latest
     name: Test changed-files
     outputs:
       changed-rust-files: ${{ steps.changed-files-yaml.outputs.code_any_changed }}
-      changed-lockfile-files: ${{ steps.changed-files-yaml.outputs.lockfile_any_changed
-        }}
-      changed-docker-files: ${{ steps.changed-files-yaml.outputs.docker_any_changed
-        }}
-      changed-tests-files: ${{ steps.changed-files-yaml.outputs.tests_any_changed
-        }}
+      changed-lockfile-files: ${{ steps.changed-files-yaml.outputs.lockfile_any_changed }}
+      changed-docker-files: ${{ steps.changed-files-yaml.outputs.docker_any_changed }}
+      changed-tests-files: ${{ steps.changed-files-yaml.outputs.tests_any_changed }}
     steps:
       # Checkout the repository
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-
       - name: Get changed files
         id: changed-files-yaml
         uses: tj-actions/changed-files@b74df86ccb65173a8e33ba5492ac1a2ca6b216fd  # v46.0.4
@@ -52,55 +49,50 @@ jobs:
             tests:
               - '**/*.rs'
               - tests/**/*.json
-
   ci:
     if: ${{ github.event.pull_request.draft == false && always() }}
     permissions:
       contents: none
     name: CI
-    needs: [msrv, lockfile, rustfmt, clippy]
+    needs:
+      - msrv
+      - lockfile
+      - rustfmt
+      - clippy
     runs-on: ubuntu-latest
     steps:
       - name: Failed
         run: exit 1
         if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
-
   msrv:
-    if: ${{ github.event.pull_request.draft == false && github.event_name != 'push'
-      && (needs.changed_files.outputs.changed-rust-files == 'true' || needs.changed_files.outputs.changed-lockfile-files
-      == 'true') }}
+    if: ${{ github.event.pull_request.draft == false && github.event_name != 'push' && (needs.changed_files.outputs.changed-rust-files == 'true' || needs.changed_files.outputs.changed-lockfile-files == 'true') }}
     runs-on: ubuntu-latest
     needs: changed_files
     steps:
       # Checkout the repository
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-
       - name: Prepare
         id: init
         uses: ./.github/actions/prepare
 
       # Get the output of the prepare composite action
       - name: Get cache-hit output
         run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"'
-
       - name: Install cargo hack
         uses: taiki-e/install-action@cargo-hack
 
       # Check the minimum supported Rust version
       - name: Default features
         run: cargo hack check --feature-powerset --locked --rust-version --all-targets
-
   lockfile:
-    if: ${{ github.event.pull_request.draft == false && github.event_name != 'push'
-      && needs.changed_files.outputs.changed-lockfile-files == 'true' }}
+    if: ${{ github.event.pull_request.draft == false && github.event_name != 'push' && needs.changed_files.outputs.changed-lockfile-files == 'true' }}
     needs: changed_files
     runs-on: ubuntu-latest
     steps:
       # Checkout the repository
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-
       - name: Prepare
         id: init
         uses: ./.github/actions/prepare
@@ -112,17 +104,14 @@ jobs:
       # Check the lockfile
       - name: Validate lockfile updates
         run: cargo update --locked
-
   rustfmt:
-    if: ${{ github.event.pull_request.draft == false && github.event_name != 'push'
-      && needs.changed_files.outputs.changed-rust-files == 'true' }}
+    if: ${{ github.event.pull_request.draft == false && github.event_name != 'push' && needs.changed_files.outputs.changed-rust-files == 'true' }}
     needs: changed_files
     runs-on: ubuntu-latest
     steps:
       # Checkout the repository
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-
       - name: Prepare
         id: init
         uses: ./.github/actions/prepare
@@ -134,87 +123,89 @@ jobs:
       # Check the formatting of the code
       - name: Check formatting
         run: cargo fmt --all -- --check
-
   clippy:
-    if: ${{ github.event.pull_request.draft == false && github.event_name != 'push'
-      && needs.changed_files.outputs.changed-rust-files == 'true' }}
+    if: ${{ github.event.pull_request.draft == false && github.event_name != 'push' && needs.changed_files.outputs.changed-rust-files == 'true' }}
     needs: changed_files
     runs-on: ubuntu-latest
     steps:
       # Checkout the repository
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-
       - name: Prepare
         id: init
         uses: ./.github/actions/prepare
 
       # Get the output of the prepare composite action
       - name: Get cache-hit output
         run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"'
-
       - name: Install SARIF tools
         run: cargo install clippy-sarif --locked
-
       - name: Install SARIF tools
         run: cargo install sarif-fmt --locked
-
       - name: Check
         run: >
           cargo clippy --all-features --all-targets --message-format=json
           | clippy-sarif
           | tee clippy-results.sarif
           | sarif-fmt
         continue-on-error: true
-
       - name: upload sarif artifact
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
         with:
           name: clippy-results.sarif
           path: clippy-results.sarif
           retention-days: 1
-
       - name: Upload
         uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7  # v3.28.3
         with:
           sarif_file: clippy-results.sarif
           wait-for-processing: true
-
       - name: Report status
         run: cargo clippy --all-features --all-targets -- -D warnings --allow deprecated
   test:
-    if: ${{ github.event.pull_request.draft == false && needs.changed_files.outputs.changed-tests-files
-      == 'true' }}
+    if: ${{ github.event.pull_request.draft == false && needs.changed_files.outputs.changed-tests-files == 'true' }}
     permissions:
       contents: read
-    needs: changed_files
+    needs:
+      - changed_files
+      - ci
     runs-on: ubuntu-latest
     steps:
       # Checkout the repository
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-
+      - name: Get disk space
+        run: df -h
+        continue-on-error: true
+      - name: free disk space
+        run: |
+          sudo swapoff -a
+          sudo rm -f /swapfile
+          sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc
+          sudo apt clean
+          if [[ $(docker image ls -aq) ]]; then
+            docker rmi $(docker image ls -aq)
+          else
+            echo "No Docker images found to remove"
+          fi
+          df -h
       - name: Prepare
         id: init
         uses: ./.github/actions/prepare
 
       # Get the output of the prepare composite action
       - name: Get cache-hit output
         run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"'
-
       - name: Setup Rust
         uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4  # v1.11.0
         with:
           toolchain: stable
           components: llvm-tools-preview
           rustflags: ''
-
       - name: Install cargo hack
         uses: taiki-e/install-action@cargo-hack
-
       - name: Install cargo-llvm-cov
         uses: taiki-e/install-action@cargo-llvm-cov
-
       - name: Build
         run: cargo test --no-run --locked
 
@@ -224,26 +215,23 @@ jobs:
           LLVM_PROFILE_FILE: unit-%p-%m.profraw
           RUSTFLAGS: -Cinstrument-coverage
           RUST_TEST_THREADS: 1
-        run: cargo hack llvm-cov --locked --lib  --ignore-filename-regex ".*/relayer_docs\.rs$"
-          --lcov --output-path unit-lcov.info
+        run: cargo hack llvm-cov --locked --lib  --ignore-filename-regex ".*/relayer_docs\.rs$" --lcov --output-path unit-lcov.info
 
       # Integration tests coverage
       - name: Run Integration Tests and Generate Coverage Report
         env:
           LLVM_PROFILE_FILE: integration-%p-%m.profraw
           RUSTFLAGS: -Cinstrument-coverage
           RUST_TEST_THREADS: 1
-        run: cargo hack llvm-cov --locked --ignore-filename-regex ".*/relayer_docs\.rs$"
-          --lcov --output-path integration-lcov.info --test integration
+        run: cargo hack llvm-cov --locked --ignore-filename-regex ".*/relayer_docs\.rs$" --lcov --output-path integration-lcov.info --test integration
 
       # Properties tests coverage
       - name: Run Properties Tests
         env:
           LLVM_PROFILE_FILE: properties-%p-%m.profraw
           RUSTFLAGS: -Cinstrument-coverage
           RUST_TEST_THREADS: 1
-        run: cargo hack llvm-cov --locked --ignore-filename-regex ".*/relayer_docs\.rs$"
-          --lcov --output-path properties-lcov.info --test properties
+        run: cargo hack llvm-cov --locked --ignore-filename-regex ".*/relayer_docs\.rs$" --lcov --output-path properties-lcov.info --test properties
 
       # Upload unit coverage
       - name: Upload Unit Coverage to Codecov
@@ -274,19 +262,19 @@ jobs:
           files: properties-lcov.info
           flags: properties
           fail_ci_if_error: true
-
   docker-scan:
     runs-on: ubuntu-latest
-    needs: [changed_files, ci]
+    needs:
+      - changed_files
+      - ci
+      - test
     if: ${{ needs.changed_files.outputs.changed-docker-files == 'true' }}
     steps:
       # Checkout the repository
       - name: Checkout Code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2  # v3.10.0
-
       - name: Build local container
         uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4  # v6.15.0
         with:
@@ -295,7 +283,6 @@ jobs:
           load: true
           file: Dockerfile.development
           platforms: linux/amd64
-
       - name: Scan image
         uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32  # v6.1.0
         with:

.github/workflows/release-docker.yml

@@ -1,14 +1,12 @@
 ---
 name: Build and push Docker image
-
 on:
   workflow_call:
     inputs:
       tag:
         type: string
         description: The tag to use for the Docker image.
         required: true
-
 jobs:
   build-push-image:
     name: Build and Push Docker Image
@@ -24,22 +22,18 @@ jobs:
           status: starting
           steps: ${{ toJson(steps) }}
           channel: ${{ env.SLACK_CHANNEL }}
-          message: Starting docker build and push to dockerhub for ${{ github.repository
-            }} with tag ${{ inputs.tag }}......
+          message: Starting docker build and push to dockerhub for ${{ github.repository }} with tag ${{ inputs.tag }}......
         if: always()
-
       - name: Get github app token
         uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5  # v2.0.2
         id: gh-app-token
         with:
           app-id: ${{ vars.GH_APP_ID }}
           private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-
       - name: Checkout release branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
           ref: ${{ inputs.tag }}
-
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804  # v5.7.0
@@ -56,18 +50,16 @@ jobs:
             org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
             org.opencontainers.image.title=openzeppelin-relayer
             org.opencontainers.image.vendor=openzeppelin
+            org.opencontainers.image.description="OpenZeppelin Relayer service provides infrastructure to relay transactions to the EVM & Non-EVM networks."
         env:
           DOCKER_METADATA_SHORT_SHA_LENGTH: 10
-
       - name: Login to Dockerhub
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PAT }}
-
       - name: Set Up Docker Buildx
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2  # v3.10.0
-
       - name: Build Docker image
         uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4  # v6.15.0
         id: build
@@ -82,7 +74,6 @@ jobs:
           sbom: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-
       - name: Attest
         uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2  # v2.2.3
         id: attest
@@ -91,7 +82,6 @@ jobs:
           subject-digest: ${{ steps.build.outputs.digest }}
           push-to-registry: false
           github-token: ${{ steps.gh-app-token.outputs.token }}
-
       - name: Slack notification success or failure
         uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d  # v2.1.0
         with:
@@ -100,7 +90,6 @@ jobs:
           channel: ${{ env.SLACK_CHANNEL }}
           message: Push to Dockerhub ${{ job.status }}!
         if: always()
-
       - name: Print image digest to summary
         run: |-
           echo "Image tags: ${{ steps.meta.outputs.tags }}" >> "${GITHUB_STEP_SUMMARY}"