burnt-labs
diff --git a/‎.github/workflows/docker-scout.yml‎
Lines changed: 60 additions & 0 deletions b/‎.github/workflows/docker-scout.yml‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎.github/workflows/integration-tests.yml‎
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/integration-tests.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎Dockerfile‎
Lines changed: 27 additions & 64 deletions b/‎Dockerfile‎
Lines changed: 27 additions & 64 deletions
diff --git a/‎go.mod‎
Lines changed: 36 additions & 32 deletions b/‎go.mod‎
Lines changed: 36 additions & 32 deletions
@@ -0,0 +1,60 @@
+---
+name: Docker Scout
+
+on:
+  push:
+    branches:
+      - '*'
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+
+  build:
+    name: Docker Scout
+    runs-on: ubuntu-latest
+    environment: CI
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Set up Docker buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata for docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: burnt/xion
+          tags: |
+            type=semver,pattern={{version}},priority=1000
+            type=sha,priority=700
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          load: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          target: xion-release
+
+      - name: Run Docker Scout
+        uses: docker/scout-action@v1
+        with:
+          command: cves
+          only-fixed: true
+          image: ${{ steps.meta.outputs.tags }}
@@ -9,6 +9,8 @@ on:
 
   pull_request:
 
+  workflow_dispatch:
+
 env:
   CARGO_TERM_COLOR: always
   REGISTRY: ghcr.io
 
@@ -1,18 +1,16 @@
-# docker build . -t cosmwasm/xiond:latest
-# docker run --rm -it cosmwasm/xiond:latest /bin/sh
 FROM golang:1.21-alpine3.19 AS go-builder
 ARG arch=x86_64
 
 ENV WASMVM_VERSION=v1.5.2
 ENV WASMVM_CHECKSUM_AARCH64=e78b224c15964817a3b75a40e59882b4d0e06fd055b39514d61646689cef8c6e
 ENV WASMVM_CHECKSUM_x86_64=e660a38efb2930b34ee6f6b0bb12730adccb040b6ab701b8f82f34453a426ae7
 
-# this comes from standard alpine nightly file
-#  https://github.com/rust-lang/docker-rust-nightly/blob/master/alpine3.12/Dockerfile
-# with some changes to support our toolchain, etc
-RUN set -eux; apk add --no-cache ca-certificates build-base;
+RUN set -euxo pipefail \
+  && apk add --no-cache \
+    ca-certificates  \
+    build-base \
+    git
 
-RUN apk add git
 # NOTE: add these to run with LEDGER_ENABLED=true
 # RUN apk add libusb-dev linux-headers
 
@@ -48,88 +46,53 @@ RUN echo "Ensuring binary is statically linked ..." \
   && (file /code/build/xiond | grep "statically linked")
 
 # --------------------------------------------------------
-FROM alpine:3.19 AS xion-dev
+FROM alpine:3.19.1 AS xion-base
 COPY --from=go-builder /code/build/xiond /usr/bin/xiond
 
-# rest server
+# api
 EXPOSE 1317
-# tendermint grpc
+# grpc
 EXPOSE 9090
-# tendermint p2p
+# p2p
 EXPOSE 26656
-# tendermint rpc
+# rpc
 EXPOSE 26657
-# tendermint prometheus
+# prometheus
 EXPOSE 26660
 
 RUN mkdir /xion
 
 RUN set -euxo pipefail \
+  && echo http://dl-cdn.alpinelinux.org/alpine/edge/main >> /etc/apk/repositories \
   && apk add --no-cache \
-  bash \
-  curl \
-  htop \
-  jq \
-  lz4 \
-  tini
+    bash \
+    curl>8.6.0-r0 \
+    htop \
+    jq \
+    lz4 \
+    tini
 
-RUN set -euxo pipefail \
-  && addgroup -S xiond \
-  && adduser \
-  --disabled-password \
-  --gecos xiond \
-  --ingroup xiond \
-  xiond
-
-RUN set -eux \
-  && chown -R xiond:xiond /home/xiond \
-  && chown -R xiond:xiond /xion
-
-USER xiond:xiond
+# --------------------------------------------------------
+FROM xion-base AS xion-dev
 
 COPY ./docker/entrypoint.sh /home/xiond/entrypoint.sh
-
 CMD ["/home/xiond/entrypoint.sh"]
 
 # --------------------------------------------------------
-FROM alpine:3.19 AS xion-release
-
-COPY --from=go-builder /code/build/xiond /usr/bin/xiond
-
-# rest server
-EXPOSE 1317
-# tendermint grpc
-EXPOSE 9090
-# tendermint p2p
-EXPOSE 26656
-# tendermint rpc
-EXPOSE 26657
-# tendermint prometheus
-EXPOSE 26660
-
-RUN set -euxo pipefail \
-  && apk add --no-cache \
-  aria2 \
-  aws-cli \
-  bash \
-  curl \
-  htop \
-  jq \
-  lz4 \
-  tini
+FROM xion-base as xion-release
 
 RUN set -euxo pipefail \
   && addgroup -S xiond \
   && adduser \
-  --disabled-password \
-  --gecos xiond \
-  --ingroup xiond \
-  xiond
+    --disabled-password \
+    --gecos xiond \
+    --ingroup xiond \
+    xiond
 
 RUN set -eux \
-  && chown -R xiond:xiond /home/xiond
+  && chown -R xiond:xiond /home/xiond \
+  && chown -R xiond:xiond /xion
 
 USER xiond:xiond
-WORKDIR /home/xiond/.xiond
 
 CMD ["/usr/bin/xiond", "version"]
@@ -4,15 +4,15 @@ go 1.21
 
 require (
 	github.com/CosmWasm/wasmvm v1.5.2
-	github.com/cosmos/cosmos-proto v1.0.0-beta.3
-	github.com/cosmos/cosmos-sdk v0.47.6
+	github.com/cosmos/cosmos-proto v1.0.0-beta.4
+	github.com/cosmos/cosmos-sdk v0.47.10
 	github.com/cosmos/gogogateway v1.2.0 // indirect
 	github.com/cosmos/gogoproto v1.4.10
 	github.com/cosmos/iavl v0.20.1 // indirect
 	github.com/cosmos/ibc-go/v7 v7.3.1
 	github.com/cosmos/ics23/go v0.10.0 // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/dvsekhvalnov/jose2go v1.5.0
+	github.com/dvsekhvalnov/jose2go v1.6.0
 	github.com/golang/protobuf v1.5.3
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/gorilla/mux v1.8.0
@@ -24,19 +24,19 @@ require (
 	github.com/spf13/cast v1.5.1
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d
-	google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a // indirect
-	google.golang.org/grpc v1.59.0
+	google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/grpc v1.60.1
 	gopkg.in/yaml.v2 v2.4.0
 )
 
 require (
 	cosmossdk.io/api v0.3.1
 	cosmossdk.io/core v0.6.1
 	cosmossdk.io/depinject v1.0.0-alpha.4
-	cosmossdk.io/errors v1.0.0
-	cosmossdk.io/math v1.2.0
+	cosmossdk.io/errors v1.0.1
+	cosmossdk.io/math v1.3.0
 	cosmossdk.io/tools/rosetta v0.2.1
 	github.com/CosmWasm/wasmd v0.45.0
 	github.com/armon/go-metrics v0.4.1
@@ -47,26 +47,31 @@ require (
 	github.com/go-webauthn/webauthn v0.9.1
 	github.com/golang/mock v1.6.0
 	github.com/larry0x/abstract-account v0.0.0-20240202022305-255071ed91ee
-	github.com/lestrrat-go/jwx/v2 v2.0.19
+	github.com/lestrrat-go/jwx/v2 v2.0.21
 	github.com/osmosis-labs/fee-abstraction/v7 v7.0.0-20240302094915-ba36778366d0
 	github.com/spf13/viper v1.16.0
-	google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97
-	gotest.tools/v3 v3.5.0
-	sigs.k8s.io/yaml v1.3.0
+	google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0
+	gotest.tools/v3 v3.5.1
+	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
+	go.opentelemetry.io/otel v1.19.0 // indirect
+	go.opentelemetry.io/otel/metric v1.19.0 // indirect
+	go.opentelemetry.io/otel/trace v1.19.0 // indirect
 )
 
 require (
-	cloud.google.com/go v0.110.8 // indirect
-	cloud.google.com/go/compute v1.23.0 // indirect
+	cloud.google.com/go v0.111.0 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.2 // indirect
+	cloud.google.com/go/iam v1.1.5 // indirect
 	cloud.google.com/go/storage v1.30.1 // indirect
-	cosmossdk.io/log v1.2.1 // indirect
+	cosmossdk.io/log v1.3.1 // indirect
 	filippo.io/edwards25519 v1.0.0 // indirect
 	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
 	github.com/99designs/keyring v1.2.2 // indirect
@@ -118,9 +123,9 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-tpm v0.9.0 // indirect
 	github.com/google/orderedcode v0.0.1 // indirect
-	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/uuid v1.4.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gorilla/handlers v1.5.1 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
@@ -147,7 +152,7 @@ require (
 	github.com/kr/text v0.2.0 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/lestrrat-go/httprc v1.0.4 // indirect
+	github.com/lestrrat-go/httprc v1.0.5 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/jwx v1.2.28
 	github.com/lestrrat-go/option v1.0.1 // indirect
@@ -157,7 +162,7 @@ require (
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/manifoldco/promptui v0.9.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mimoo/StrobeGo v0.0.0-20210601165009-122bf33a46e0 // indirect
 	github.com/minio/highwayhash v1.0.2 // indirect
@@ -175,7 +180,7 @@ require (
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/rs/cors v1.8.3 // indirect
-	github.com/rs/zerolog v1.30.0 // indirect
+	github.com/rs/zerolog v1.32.0 // indirect
 	github.com/sasha-s/go-deadlock v0.3.1 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
@@ -189,19 +194,18 @@ require (
 	github.com/zondax/ledger-go v0.14.3 // indirect
 	go.etcd.io/bbolt v1.3.8 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
 	golang.org/x/exp v0.0.0-20230711153332-06a737ee72cb // indirect
-	golang.org/x/net v0.18.0 // indirect
-	golang.org/x/oauth2 v0.11.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/api v0.128.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/api v0.149.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240108191215-35c7eff3a6b1 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	nhooyr.io/websocket v1.8.6 // indirect