Merge branch 'develop' into feat/grandine-client

.github/workflows/check-version.yml

@@ -13,17 +13,24 @@ jobs:
 
     steps:
       - name: Checkout Sedge repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Authenticate App
+        id: gh-app
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
 
       - name: Run update check script
         run: chmod +x ./scripts/check-image-updates.sh && ./scripts/check-image-updates.sh
         env:
-          PAT: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }}
+          PAT: ${{ steps.gh-app.outputs.token }}
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
         with:
-          token: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }}
+          token: ${{ steps.gh-app.outputs.token }}
           commit-message: Update image versions to latest version.
           title: "[Update] Update image versions"
           reviewers: AntiD2ta, adriantpaez, stdevMac, cbermudez97 

.github/workflows/code-generation-checks.yml

@@ -0,0 +1,42 @@
+name: Go Code Generation Check
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  generate:
+    name: Check Code Generation
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+
+      - name: Set up Go bin in PATH
+        run: echo "${HOME}/go/bin" >> $GITHUB_PATH
+
+      - name: Install Dependencies and Tools
+        run: |
+          make install-deps install-abigen install-mockgen
+
+      - name: Generate Code
+        run: make generate
+
+      - name: Check for Uncommitted Changes
+        run: |
+          if [[ $(git status --porcelain) ]]; then
+            echo '::error::Uncommitted changes detected. Please run `make generate` and commit the generated code.'
+            echo 'Modified files:'
+            git status --porcelain
+            exit 1
+          else
+            echo 'No uncommitted changes. All generated code is up to date.'
+          fi

.github/workflows/codeql.yml

@@ -0,0 +1,39 @@
+name: CodeQL SAST
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+  schedule:
+    - cron: "23 9 * * 3"
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["go"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 #v4.2.0
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@5618c9fc1e675841ca52c1c6b1304f5255a905a0 #v2.19.0
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@5618c9fc1e675841ca52c1c6b1304f5255a905a0 #v2.19.0
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@5618c9fc1e675841ca52c1c6b1304f5255a905a0 #v2.19.0

.github/workflows/dependency_review.yml

@@ -0,0 +1,16 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 #v4.2.0
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a #v4.4.0
+        with:
+          fail-on-severity: high

.github/workflows/release.yml

@@ -120,13 +120,20 @@ jobs:
           chmod +x /home/runner/work/sedge/sedge/homebrew-sedge/scripts/update-homebrew.sh
           bash /home/runner/work/sedge/sedge/homebrew-sedge/scripts/update-homebrew.sh
 
+      - name: Authenticate App
+        id: gh-app
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
         with:
-          token: ${{ secrets.REPOSITORY_DISPATCH_TOKEN }}
+          token: ${{ steps.gh-app.outputs.token }}
           commit-message: Update Homebrew to latest release
           title: "[Release] Update Homebrew"
-          reviewers: AntiD2ta, cbermudez97, stdevMac, adriantpaez
+          reviewers: AntiD2ta, cbermudez97, adriantpaez
           draft: false
           path: homebrew-sedge
           add-paths: |

.gitignore

@@ -18,10 +18,9 @@ courtney/
 
 mocks/
 
-internal/lido/contracts/csaccounting/CSAccounting.go
+build/lido-exporter
+.charon/
+node*/
 
-internal/lido/contracts/csfeedistributor/CSFeeDistributor.go
-
-internal/lido/contracts/csmodule/CSModule.go
-
-internal/lido/contracts/mevboostrelaylist/MEVBoostRelayAllowedList.go
+keystore*
+!cli/actions/testdata/charon/validator_keys/keystore*

CHANGELOG.md

@@ -7,16 +7,55 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+- New cli flag --distributed for running cluster with Charon distributed validator
+
+## [v1.7.2] - 2024-11-12
+
+### Fixed
+- Fix Erigon image source
+- Fix installation script path 
+
+## [v1.7.1] - 2024-11-1
+
+### Added
+- Updates on support for `op-geth` and `op-reth` clients on Optimism and Base networks.
+
+### Changed
+- Updated Sedge's Docker commands internal functionality.
+- Changed the `--op-execution-image` flag to `--op-execution` on the `generate op-full-node` command.
+
+## [v1.7.0] - 2024-10-24
+
+### Added
+- Support Mainnet for Lido CSM setup.
+
+### Fixed
+- Fix missing equals sign when setting builder on Lodestar.
+
+## [v1.6.0] - 2024-10-18
+
+
 ### Added
 - Add Grandine Consensus client support.
 - New command `lido-status` to display data of Lido Node Operator.
-- Monitoring stack setup with Grafana, Prometheus, and Node Exporter.
+- New command `monitoring` to run monitoring stack setup with Grafana, Prometheus, Node Exporter and Lido Exporter.
+- Security policy.
+- Support for Nimbus as Consensus and Validator client. 
+- Documentation for Lido Exporter and Monitoring Stack.
 
 ### Changed
 - Update Go version from 1.21 to 1.22.
+- Update documentation versions and dependencies.
+- Update Lido Mainnet Vetted Relays List.
+- Remove the need of users cloning the repository to run `make generate` and `make compile`, rolling back to only `make compile`
+- Update client images.
 
 ### Fixed
 -  Teku and Lighthouse import keys container error on Windows.
+-  Security issues on dependencies.
+-  Typos on documentation.
+-  Fix `sync-mode` command on besu.
 
 ## [v1.5.0] - 2024-09-06
 
@@ -57,7 +96,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- Update client images to Dencun-ready versions.
+- Update client images to Dencun-ready versions. 
 
 ## [v1.3.1] - 2024-02-14
 

README.md

@@ -136,17 +136,23 @@ friends, to amateur operators — to operate validators by providing an ETH-base
 Sedge supports the Lido CSM, allowing users to generate validator keys and set up their full nodes with ease. You can 
 read more about it in [our documentation](https://docs.sedge.nethermind.io/docs/quickstart/staking-with-lido)! 
 
+## Charon DV integration
+Charon is used by stakers to distribute the responsibility of running Ethereum Validators across a number of different instances and client implementations. Setting up and running a full ethereum node with charon, needs some learning curve and compatibility knowledge, in order for the setup to be fully compliant with the charon configuration requirements for different BN-VC combinations. We want to provide a better and guided user experience for setting up a DV with Charon.
+
+Integrating Charon with Sedge would make it easy for stakers to setup and run a DV with Charon without having to go through each individual client setup docs and their compatibility with DVT.
+
 ## Supported networks and clients
 
 ### Mainnet
 
 | Execution  | Consensus  | Validator  |
-| ---------- | ---------- | ---------- |
+| ---------- |------------|------------|
 | Geth       | Lighthouse | Lighthouse |
 | Nethermind | Lodestar   | Lodestar   |
 | Erigon     | Prysm      | Prysm      |
 | Besu       | Teku       | Teku       |
 |            | Grandine   |            |
+|            | Nimbus     | Nimbus     |
 
 ### Sepolia
 
@@ -156,6 +162,7 @@ read more about it in [our documentation](https://docs.sedge.nethermind.io/docs/
 | Nethermind | Lodestar   | Lodestar   |
 | Erigon     | Prysm      | Prysm      |
 | Besu       | Teku       | Teku       |
+|            | Nimbus     | Nimbus     |
 
 ### Holesky
 
@@ -165,6 +172,7 @@ read more about it in [our documentation](https://docs.sedge.nethermind.io/docs/
 | Nethermind | Lodestar   | Lodestar   |
 | Erigon     | Teku       | Teku       |
 | Besu       | Prysm      | Prysm      |
+|            | Nimbus     | Nimbus     |
 
 ### Gnosis
 
@@ -173,23 +181,26 @@ read more about it in [our documentation](https://docs.sedge.nethermind.io/docs/
 | Nethermind  | Lighthouse | Lighthouse |
 | Erigon      | Lodestar   | Lodestar   |
 |             | Teku       | Teku       |
+|            | Nimbus     | Nimbus     |
 
 ### Chiado (Gnosis testnet)
 
 | Execution     | Consensus  | Validator  |
-| ------------- | ---------- | ---------- |
+|---------------| ---------- | ---------- |
 | Nethermind    | Lighthouse | Lighthouse |
 | Erigon (soon) | Lodestar   | Lodestar   |
 |               | Teku       | Teku       |
+|               | Nimbus     | Nimbus     |
 
 ### CL clients with Mev-Boost
 
-| Client     | Mev-Boost | Networks                  |
-| ---------- | --------- |---------------------------|
-| Lighthouse | yes       | Mainnet, Sepolia, Holesky |
-| Lodestar   | yes       | Mainnet, Sepolia, Holesky |
-| Prysm      | yes       | Mainnet, Sepolia, Holesky |
-| Teku       | yes       | Mainnet, Sepolia, Holesky |
+| Client     | Mev-Boost  | Networks                  |
+|------------|------------|---------------------------|
+| Lighthouse | yes        | Mainnet, Sepolia, Holesky |
+| Lodestar   | yes        | Mainnet, Sepolia, Holesky |
+| Prysm      | yes        | Mainnet, Sepolia, Holesky |
+| Teku       | yes        | Mainnet, Sepolia, Holesky |
+| Nimbus     | yes        | Mainnet, Sepolia, Holesky |
 
 ## Supported Linux flavours for dependency installation
 
@@ -257,9 +268,10 @@ The following roadmap covers the main features and ideas we want to implement bu
 
 - [x] Support Erigon on Gnosis
 - [x] Support for Lido CSM
-- [ ] Include monitoring tool for alerting, tracking validator balance, and tracking sync progress and status of nodes
+- [x] Support for Nimbus client as Consensus and Validator
+- [x] Include monitoring tool for alerting, tracking validator balance, and tracking sync progress and status of nodes
+- [x] Support for Optimism and Base.
 - [ ] More tests!!!
-- [ ] Support for Nimbus client
 
 
 ## 💪 Want to contribute?
@@ -268,6 +280,10 @@ Please check our [Contributing Guidelines](https://docs.sedge.nethermind.io/docs
 
 If you know of any good tricks for validator setup that other people could also use well, please consider adding it to Sedge. Your efforts will be greatly appreciated by the community.
 
+## 🛡️ Security 
+
+If you believe you have found a security vulnerability in our code, please report it to us as described in our [security policy](SECURITY.md).
+
 ## ⚠️ License
 
-Sedge is a Nethermind free and open-source software licensed under the [Apache 2.0 License](https://github.com/NethermindEth/sedge/blob/main/LICENSE).
+Sedge is a Nethermind free and open-source software licensed under the [Apache 2.0 License](https://github.com/NethermindEth/sedge/blob/main/LICENSE).

SECURITY.md

@@ -0,0 +1,10 @@
+# Security policy
+
+If you believe you have found a security vulnerability in our code, we encourage you to report it to us as soon as possible.
+We ask that you do not publicly disclose any details of the vulnerability until we have had an opportunity to investigate and address it. 
+
+## Reporting a vulnerability
+
+To report a security vulnerability, go to [Report a vulnerability](https://github.com/NethermindEth/sedge/security/advisories/new). This will create a draft advisory. Please provide as much detail as possible including steps to reproduce the issue and any potential impact it may have.
+
+Alternatively, you can also send an email to [email protected]. We will work to acknowledge your report within 24 hours and will keep you informed throughout our investigation and resolution process. 

cli/actions/actions.go

@@ -16,6 +16,7 @@ limitations under the License.
 package actions
 
 import (
+	"github.com/NethermindEth/sedge/internal/compose"
 	"github.com/NethermindEth/sedge/internal/pkg/commands"
 	"github.com/NethermindEth/sedge/internal/pkg/generate"
 	"github.com/docker/docker/client"
@@ -39,19 +40,22 @@ type sedgeActions struct {
 	dockerClient         client.APIClient
 	dockerServiceManager DockerServiceManager
 	commandRunner        commands.CommandRunner
+	composeManager       compose.ComposeManager
 }
 
 type SedgeActionsOptions struct {
 	DockerClient         client.APIClient
 	DockerServiceManager DockerServiceManager
 	CommandRunner        commands.CommandRunner
+	ComposeManager       compose.ComposeManager
 }
 
 func NewSedgeActions(options SedgeActionsOptions) SedgeActions {
 	return &sedgeActions{
 		dockerClient:         options.DockerClient,
 		dockerServiceManager: options.DockerServiceManager,
 		commandRunner:        options.CommandRunner,
+		composeManager:       options.ComposeManager,
 	}
 }