Merge remote-tracking branch 'origin/develop' into feat/jwtsecret_to_…

…base_path

.github/workflows/codeql.yml

@@ -20,20 +20,22 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ["go"]
+        language: ["go", "actions"]
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 #v4.2.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@5618c9fc1e675841ca52c1c6b1304f5255a905a0 #v2.19.0
+        uses: github/codeql-action/init@7e3036b9cd87fc26dd06747b7aa4b96c27aaef3a #v2.20.3
         with:
           languages: ${{ matrix.language }}
+          queries: security-and-quality
+          packs: githubsecuritylab/codeql-go-queries
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@5618c9fc1e675841ca52c1c6b1304f5255a905a0 #v2.19.0
+        uses: github/codeql-action/autobuild@7e3036b9cd87fc26dd06747b7aa4b96c27aaef3a #v2.20.3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@5618c9fc1e675841ca52c1c6b1304f5255a905a0 #v2.19.0
+        uses: github/codeql-action/analyze@7e3036b9cd87fc26dd06747b7aa4b96c27aaef3a #v2.20.3

CHANGELOG.md

@@ -10,6 +10,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - New cli flag --distributed for running cluster with Charon distributed validator
 
+### Changed
+- Override `--latest` flag to not use the latest version of the image in the clients if image is specified
+- JWT secret path set as relative path when not provided.
+
 ## [v1.7.2] - 2024-11-12
 
 ### Fixed
@@ -30,8 +34,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Support Mainnet for Lido CSM setup.
 
-### Changed
-- JWT secret path set as relative path when not provided.
+### Fixed
+- Fix missing equals sign when setting builder on Lodestar.
 
 ## [v1.6.0] - 2024-10-18
 

cli/actions/generation_test.go

@@ -260,16 +260,39 @@ func TestGenerateDockerCompose(t *testing.T) {
 							},
 						},
 						genTestData{
-							name: fmt.Sprintf("execution: %s, consensus: %s, validator: %s, network: %s, no validator, with latest", executionCl, consensusCl, consensusCl, network),
+							name: fmt.Sprintf("execution: %s, consensus: %s, validator: %s, network: %s, no validator, with latest, execution has image specified", executionCl, consensusCl, consensusCl, network),
 							genData: generate.GenData{
-								ExecutionClient: &clients.Client{Name: executionCl, Type: "execution"},
+								ExecutionClient: &clients.Client{Name: executionCl, Type: "execution", Image: "execution/execution:1.1.1", Modified: true},
 								ConsensusClient: &clients.Client{Name: consensusCl, Type: "consensus"},
 								Services:        []string{"execution", "consensus"},
 								Network:         network,
 								ContainerTag:    "sampleTag",
 								LatestVersion:   true,
 							},
 						},
+						genTestData{
+							name: fmt.Sprintf("execution: %s, consensus: %s, validator: %s, network: %s, no validator, with latest, consensus has image specified", executionCl, consensusCl, consensusCl, network),
+							genData: generate.GenData{
+								ExecutionClient: &clients.Client{Name: executionCl, Type: "execution"},
+								ConsensusClient: &clients.Client{Name: consensusCl, Type: "consensus", Image: "consensus/consensus:1.1.1", Modified: true},
+								Services:        []string{"execution", "consensus"},
+								Network:         network,
+								ContainerTag:    "sampleTag",
+								LatestVersion:   true,
+							},
+						},
+						genTestData{
+							name: fmt.Sprintf("execution: %s, consensus: %s, validator: %s, network: %s, no validator, with latest, consensus and validator has image specified", executionCl, consensusCl, consensusCl, network),
+							genData: generate.GenData{
+								ExecutionClient: &clients.Client{Name: executionCl, Type: "execution"},
+								ConsensusClient: &clients.Client{Name: consensusCl, Type: "consensus", Image: "consensus/consensus:1.1.1", Modified: true},
+								ValidatorClient: &clients.Client{Name: consensusCl, Type: "validator", Image: "validator/validator:1.1.1", Modified: true},
+								Services:        []string{"execution", "consensus", "validator"},
+								Network:         network,
+								ContainerTag:    "sampleTag",
+								LatestVersion:   true,
+							},
+						},
 					)
 				}
 
@@ -350,9 +373,13 @@ func TestGenerateDockerCompose(t *testing.T) {
 				named, err := reference.ParseNormalizedNamed(ecImageVersion)
 				assert.NoError(t, err, "invalid image", ecImageVersion)
 
-				// Test that the execution image is set to latest if flag --latest is provided
+				// Test that the execution image is set to latest if flag --latest is provided, and the image is not modified
 				if tc.genData.LatestVersion {
-					assert.True(t, strings.HasSuffix(named.String(), ":latest"))
+					if tc.genData.ExecutionClient.Modified {
+						assert.True(t, strings.HasSuffix(named.String(), tc.genData.ExecutionClient.Image))
+					} else {
+						assert.True(t, strings.HasSuffix(named.String(), ":latest"))
+					}
 				}
 
 				// Check that mev-boost service is not set when execution only
@@ -387,9 +414,15 @@ func TestGenerateDockerCompose(t *testing.T) {
 				named, err := reference.ParseNormalizedNamed(ccImageVersion)
 				assert.NoError(t, err, "invalid image", ccImageVersion)
 
-				// Test that the consensus image is set to latest if flag --latest is provided
+				// Test that the consensus image is set to latest if flag --latest is provided, and the image is not modified
 				if tc.genData.LatestVersion {
-					assert.True(t, strings.HasSuffix(named.String(), ":latest"))
+					if tc.genData.ConsensusClient.Modified {
+						assert.True(t, strings.HasSuffix(named.String(), tc.genData.ConsensusClient.Image))
+					} else if tc.genData.ConsensusClient.Name == "nimbus" {
+						assert.True(t, strings.HasSuffix(named.String(), ":multiarch-latest"))
+					} else {
+						assert.True(t, strings.HasSuffix(named.String(), ":latest"))
+					}
 				}
 				// Validate Execution API and AUTH URLs
 				apiEndpoint, authEndpoint := envData["EC_API_URL"], envData["EC_AUTH_URL"]
@@ -448,9 +481,15 @@ func TestGenerateDockerCompose(t *testing.T) {
 				named, err := reference.ParseNormalizedNamed(vlImageVersion)
 				assert.NoError(t, err, "invalid image", vlImageVersion)
 
-				// Test that the consensus image is set to latest if flag --latest is provided
+				// Test that the consensus image is set to latest if flag --latest is provided, and the image is not modified
 				if tc.genData.LatestVersion {
-					assert.True(t, strings.HasSuffix(named.String(), ":latest"))
+					if tc.genData.ValidatorClient.Modified {
+						assert.True(t, strings.HasSuffix(named.String(), tc.genData.ValidatorClient.Image))
+					} else if tc.genData.ValidatorClient.Name == "nimbus" {
+						assert.True(t, strings.HasSuffix(named.String(), ":multiarch-latest"))
+					} else {
+						assert.True(t, strings.HasSuffix(named.String(), ":latest"))
+					}
 				}
 
 				// Check Consensus API URL is set and is valid

cli/generate.go

@@ -398,7 +398,7 @@ func valClients(allClients clients.OrderedClients, flags *GenCmdFlags, services
 			if len(executionParts) > 1 {
 				log.Warn(configs.CustomExecutionImagesWarning)
 				executionClient.Image = strings.Join(executionParts[1:], ":")
-				flags.latestVersion = false
+				executionClient.Modified = true
 			}
 		}
 		executionClient.SetImageOrDefault(strings.Join(executionParts[1:], ":"))
@@ -425,7 +425,7 @@ func valClients(allClients clients.OrderedClients, flags *GenCmdFlags, services
 			if len(consensusParts) > 1 {
 				log.Warn(configs.CustomConsensusImagesWarning)
 				consensusClient.Image = strings.Join(consensusParts[1:], ":")
-				flags.latestVersion = false
+				consensusClient.Modified = true
 			}
 		}
 		consensusClient.SetImageOrDefault(strings.Join(consensusParts[1:], ":"))
@@ -447,8 +447,7 @@ func valClients(allClients clients.OrderedClients, flags *GenCmdFlags, services
 			if len(validatorParts) > 1 {
 				log.Warn(configs.CustomValidatorImagesWarning)
 				validatorClient.Image = strings.Join(validatorParts[1:], ":")
-				flags.latestVersion = false
-
+				validatorClient.Modified = true
 			}
 		}
 		validatorClient.SetImageOrDefault(strings.Join(validatorParts[1:], ":"))
@@ -469,6 +468,7 @@ func valClients(allClients clients.OrderedClients, flags *GenCmdFlags, services
 			opClient.Name = "opnode"
 			if len(optimismParts) > 1 {
 				opClient.Image = strings.Join(optimismParts[1:], ":")
+				opClient.Modified = true
 			}
 		}
 		opClient.SetImageOrDefault(strings.Join(optimismParts[1:], ":"))
@@ -485,6 +485,7 @@ func valClients(allClients clients.OrderedClients, flags *GenCmdFlags, services
 			executionOpClient.Name = strings.ReplaceAll(optimismExecutionParts[0], "-", "")
 			if len(optimismExecutionParts) > 1 {
 				executionOpClient.Image = strings.Join(optimismExecutionParts[1:], ":")
+				executionOpClient.Modified = true
 			}
 		}
 		executionOpClient.SetImageOrDefault(strings.Join(optimismExecutionParts[1:], ":"))
@@ -510,6 +511,7 @@ func valClients(allClients clients.OrderedClients, flags *GenCmdFlags, services
 			distributedValidatorClient.Name = distributedValidatorParts[0]
 			if len(distributedValidatorParts) > 1 {
 				distributedValidatorClient.Image = strings.Join(distributedValidatorParts[1:], ":")
+				distributedValidatorClient.Modified = true
 			}
 			distributedValidatorClient.SetImageOrDefault(strings.Join(distributedValidatorParts[1:], ":"))
 		} else {

cli/lidoStatus.go

@@ -214,7 +214,13 @@ func buildLidoData(node *lidoData) map[string]struct {
 	var nodeOpDetailed, keysDetailed, queueDetailed, bondDetailed, rewardsDetailed string
 	var currentBond, requiredBond, excessBond, missedBond, rewards decimal.Decimal
 	rewardAddressLink := fmt.Sprintf(`https://etherscan.io/address/%s`, node.nodeInfo.RewardAddress)
-	claimRewardsLink := fmt.Sprintf(`https://%s.etherscan.io/address/%s#writeProxyContract#F10`, networkName, contracts.DeployedAddresses(contracts.CSModule)[networkName])
+	var prefix string
+	if networkName == "mainnet" {
+		prefix = ""
+	} else {
+		prefix = networkName + "."
+	}
+	claimRewardsLink := fmt.Sprintf(`https://%setherscan.io/address/%s#writeProxyContract#F10`, prefix, contracts.DeployedAddresses(contracts.CSModule)[networkName])
 
 	detailedDescriptions := map[string]string{
 		nodeOpInfo: `

cli/lidoStatus_test.go

@@ -137,25 +137,25 @@ func TestLidoStatusCmd(t *testing.T) {
 			},
 			isErr: true,
 		},
-		// {
-		// 	name: "Valid node ID, Mainnet",
-		// 	flags: flags{
-		// 		rewardAddress: "0xe6b5A31d8bb53D2C769864aC137fe25F4989f1fd", // rewardAddress should be ignored
-		// 		networkName: "mainnet",
-		// 		nodeIDInt:   1,
-		// 	},
-		// 	isErr: false,
-		// },
-		// {
-		// 	name: "Valid node ID with long description, Mainnet",
-		// 	flags: flags{
-		// 		rewardAddress: "0xe6b5A31d8bb53D2C769864aC137fe25F4989f1fd", // rewardAddress should be ignored
-		// 		networkName: "mainnet",
-		// 		nodeIDInt:   1,
-		// 		longDescriptions: true,
-		// 	},
-		// 	isErr: false,
-		// },
+		{
+			name: "Valid node ID, Mainnet",
+			flags: flags{
+				rewardAddress: "0xe6b5A31d8bb53D2C769864aC137fe25F4989f1fd", // rewardAddress should be ignored
+				networkName:   "mainnet",
+				nodeIDInt:     1,
+			},
+			isErr: false,
+		},
+		{
+			name: "Valid node ID with long description, Mainnet",
+			flags: flags{
+				rewardAddress:    "0xe6b5A31d8bb53D2C769864aC137fe25F4989f1fd", // rewardAddress should be ignored
+				networkName:      "mainnet",
+				nodeIDInt:        1,
+				longDescriptions: true,
+			},
+			isErr: false,
+		},
 		{
 			name: "Invalid: negative node ID, Mainnet",
 			flags: flags{

configs/public_rpcs.go

@@ -42,6 +42,8 @@ var networkRPCs = map[string]RPC{
 			"https://ethereum-holesky-rpc.publicnode.com",
 			"https://endpoints.omniatech.io/v1/eth/holesky/public",
 			"https://ethereum-holesky.blockpi.network/v1/rpc/public",
+			"https://1rpc.io/holesky",
+			"https://holesky.drpc.org",
 		},
 		PublicWSs: []string{
 			"wss://ethereum-holesky-rpc.publicnode.com",

docs/docs/commands/lidoStatus.mdx

@@ -10,6 +10,14 @@ Including information on the node operator's status, queue details, bond and rew
 
 ## Help
 
+:::note
+
+When using only the rewards address as input, the command will return the first node found to be associated with that address. 
+However, rewards addresses can be linked to multiple node operator (NO) entries in CSM (e.g., due to the "change rewards address" functionality). 
+If a rewards address is associated with multiple NOs, we recommend using the node operator ID flag (```-i```) to specify the appropriate node.
+
+:::
+
 ```
 $ sedge lido-status -h
 This command retrieves and displays the status and detailed information of Lido Node Operators. 
@@ -32,4 +40,4 @@ Flags:
 
 Global Flags:
       --log-level string   Set Log Level, e.g panic, fatal, error, warn, warning, info, debug, trace (default "info")
-```
+```

docs/docs/quickstart/lido.mdx

@@ -108,12 +108,16 @@ CSM Widget.
 
 ### Checking Node Operator Status
 
-To view detailed data about your Node Operator, use the `sedge lido-status` [command](../commands/lidoStatus.mdx). This command displays information specific to the Node Operator based on the provided rewards address.
+To view detailed data about your Node Operator, use the `sedge lido-status` [command](../commands/lidoStatus.mdx). This command displays information specific to the Node Operator based on the provided rewards address or node operator ID.
 
+**Using the rewards address**
 ```bash
 sedge lido-status <your_reward_address>
 ```
-
+**Using the node operator ID**
+```bash
+sedge lido-status --nodeID <your_node_operator_id>
+```
 :::info
 
 `rewardAddress` is the ultimate recipient of the rewards. It can perform the following actions regarding the CSM Node Operator: