Merge branch 'develop' into release/v0.3.0

.gitattributes

@@ -0,0 +1 @@
+*.sh text eol=lf

.github/workflows/ci-run.yml

@@ -90,6 +90,7 @@ jobs:
         export OCTANT_BASE_URL=${{ needs.deploy-e2e-env.outputs.octant-web-url }}
         export RPC_URL=${{ needs.deploy-e2e-env.outputs.anvil-rpc-url }}
         export VITE_JSON_RPC_ENDPOINT=${{ needs.deploy-e2e-env.outputs.anvil-rpc-url }}
+        export VITE_SERVER_ENDPOINT=${{ needs.deploy-e2e-env.outputs.octant-backend-url }}/
 
         # Setup NVM to use Node version 16
         set +x
@@ -184,7 +185,7 @@ jobs:
       chain-id: 1337
       network-name: local
       chain-name: localhost
-      snapshotter-enabled: true
+      snapshotter-enabled: false
       scheduler-enabled: true
       glm-claim-enabled: true
       vault-confirm-withdrawals-enabled: true
@@ -218,6 +219,8 @@ jobs:
 
   start-e2e-env:
     name: Start E2E Env
+    needs:
+    - permissions-check
     uses: ./.github/workflows/tpl-start-env.yml
     secrets: inherit
     with:
@@ -228,6 +231,8 @@ jobs:
 
   start-apitest-env:
     name: Start APITest Env
+    needs:
+    - permissions-check
     uses: ./.github/workflows/tpl-start-env.yml
     secrets: inherit
     with:
@@ -238,10 +243,14 @@ jobs:
 
   docker:
     name: Docker
+    needs:
+    - permissions-check
     uses: ./.github/workflows/tpl-images.yml
     secrets: inherit
     with:
       image-tag: ${{ github.sha }}
+      git-ref: ${{ github.ref }}
+
   # +-------------------------
   # | Tests: NodeJS
   # +-------------------------
@@ -389,6 +398,7 @@ jobs:
         yarn eslint
         yarn type-check
       shell: bash
+
   # +-------------------------
   # | Build
   # |   client
@@ -427,13 +437,16 @@ jobs:
           ${{ matrix.SERVICE }}/.yarn
           ${{ matrix.SERVICE }}/node-modules
         key: "${{ github.sha }}-yarn-${{ matrix.SERVICE }}"
+
   # +-------------------------
   # | Build backend
   # +-------------------------
   build-backend:
     name: Build Services
     runs-on:
       - metal
+    needs:
+    - permissions-check
     container:
       image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/python-poetry-ext:ad1d9179
       credentials:
@@ -446,13 +459,16 @@ jobs:
       with:
         path: backend/.venv
         key: "${{ github.sha }}-poetry-backend"
+
   # +-------------------------
   # | Build contracts
   # +-------------------------
   build-contracts:
     name: Build Contracts
     runs-on:
       - metal
+    needs:
+    - permissions-check
     container:
       image: registry.gitlab.com/golemfoundation/devops/container-builder/octant/node-extended:bdda411c
       credentials:
@@ -479,3 +495,47 @@ jobs:
           contracts-v1/artifacts
           contracts-v1/typechain
         key: "${{ github.sha }}-yarn-contracts-v1-extras"
+
+
+  permissions-check:
+    name: Permissions check
+    runs-on:
+      - metal
+    steps:
+    - name: Check if user is an org member
+      uses: actions/github-script@v7
+      id: is-organization-member-pr
+      with:
+        result-encoding: string
+        github-token: ${{ secrets.GH_BOT_TOKEN }}
+        script: |
+          return (
+            await github.rest.orgs.listMembers({
+              org: 'golemfoundation'
+            })
+          ).data.map(({login}) => login).includes('${{ github.event.pull_request.user.login }}').toString()
+
+    # - name: Check if user is an org member
+    #   uses: actions/github-script@v7
+    #   id: is-organization-member-review
+    #   with:
+    #     result-encoding: string
+    #     script: |
+    #       return (
+    #         await github.rest.orgs.listMembers({
+    #           org: 'golemfoundation'
+    #         })
+    #       ).data.map(({login}) => login).includes('${{ github.event.pull_request_review.sender.login }}').toString()
+
+    - name: Validate CI run checks
+      run: |
+        if [[ "${{ github.event_name }}" == "pull_request" && "${{ steps.is-organization-member-pr.outputs.result }}" == "false" ]]; then
+          echo 'Not an org member'
+          exit 1
+        fi
+
+        # if [[ "${{ github.event_name }}" == "pull_request_review" && "${{ steps.is-organization-member-review.outputs.result }}" == "false" && "${{ github.event.review.state }}" == "approved" ]]; then
+        #   echo 'Not an org member'
+        #   exit 2
+        # fi
+      shell: bash

.github/workflows/deploy-master.yml

@@ -15,6 +15,7 @@ jobs:
     secrets: inherit
     with:
       image-tag: ${{ github.sha }}
+      git-ref: ${{ github.ref }}
   run:
     name: Run
     uses: ./.github/workflows/tpl-start-env.yml

.github/workflows/deploy-pr.yml

@@ -13,7 +13,7 @@ jobs:
     secrets: inherit
     with:
       image-tag: ${{ needs.run.outputs.sha }}
-
+      git-ref: ${{ needs.run.outputs.ref }}
   deploy:
     name: Deploy
     needs:
@@ -59,6 +59,25 @@ jobs:
       uses: xt0rted/pull-request-comment-branch@v2
       id: comment-branch
 
+    - name: Check if user is an org member
+      uses: actions/github-script@v7
+      id: is-organization-member
+      with:
+        result-encoding: string
+        github-token: ${{ secrets.GH_BOT_TOKEN }}
+        script: |
+          return (
+            await github.rest.orgs.listMembers({
+              org: 'golemfoundation'
+            })
+          ).data.map(({login}) => login).includes('${{ github.event.comment.user.login }}').toString()
+
+    - name: Cancel workflow
+      if: ${{ steps.is-organization-member.outputs.result == 'false' }}
+      run: |
+        echo '${{ github.event.comment.user.login }} is not a member of the golemfoundation org'
+        exit 1
+
     - uses: actions/github-script@v7
       id: get-pr-number
       with:

.github/workflows/deploy-prod.yml

@@ -16,6 +16,7 @@ jobs:
     secrets: inherit
     with:
       image-tag: ${{ github.sha }}
+      git-ref: ${{ github.ref }}
   output:
     name: Output Variables
     needs:

.github/workflows/deploy-rc.yml

@@ -19,6 +19,7 @@ jobs:
     secrets: inherit
     with:
       image-tag: ${{ github.sha }}
+      git-ref: ${{ github.ref }}
   deploy:
     name: Deploy
     needs:

.github/workflows/deploy-uat.yml

@@ -15,6 +15,7 @@ jobs:
     secrets: inherit
     with:
       image-tag: ${{ github.sha }}
+      git-ref: ${{ github.ref }}
   run:
     name: Run
     uses: ./.github/workflows/tpl-start-env.yml

.github/workflows/tpl-deploy-app.yml

@@ -7,6 +7,8 @@ on:
         value: ${{ inputs.env-type }}-contracts-env
       octant-web-url:
         value: ${{ jobs.wait-for-app.outputs.octant_web_url }}
+      octant-backend-url:
+        value: ${{ jobs.wait-for-app.outputs.octant_backend_url }}
       anvil-rpc-url:
         value: ${{ jobs.deploy-contracts.outputs.anvil_rpc_url }}
     inputs:
@@ -303,6 +305,7 @@ jobs:
     if: always() && (needs.start-application-stack.result == 'success')
     outputs:
       octant_web_url: ${{ steps.app.outputs.OCTANT_WEB_URL }}
+      octant_backend_url: ${{ steps.app.outputs.OCTANT_BACKEND_URL }}
     container:
       image: registry.gitlab.com/golemfoundation/devops/container-builder/gitops-builder:2ea6d57c
       credentials:
@@ -324,8 +327,10 @@ jobs:
         bash ${CI_PROJECT_DIR}/ci/argocd/wait_for_app.sh
 
         export OCTANT_WEB_URL; OCTANT_WEB_URL=https://$(bash ${CI_PROJECT_DIR}/ci/argocd/get_web_client_url.sh)
+        export OCTANT_BACKEND_URL; OCTANT_BACKEND_URL=https://$(bash ${CI_PROJECT_DIR}/ci/argocd/get_backend_url.sh)
 
         echo "OCTANT_WEB_URL=$OCTANT_WEB_URL" >> $GITHUB_OUTPUT
+        echo "OCTANT_BACKEND_URL=$OCTANT_BACKEND_URL" >> $GITHUB_OUTPUT
       shell: bash
 
   update-contracts-env:

.github/workflows/tpl-destroy-env.yml

@@ -48,6 +48,25 @@ jobs:
       if: github.event_name == 'issue_comment'
       id: comment-branch
 
+    - name: Check if user is an org member
+      uses: actions/github-script@v7
+      id: is-organization-member
+      with:
+        result-encoding: string
+        github-token: ${{ secrets.GH_BOT_TOKEN }}
+        script: |
+          return (
+            await github.rest.orgs.listMembers({
+              org: 'golemfoundation'
+            })
+          ).data.map(({login}) => login).includes('${{ github.event.comment.user.login }}').toString()
+
+    - name: Cancel workflow
+      if: ${{ github.event_name == 'issue_comment' && steps.is-organization-member.outputs.result == 'false' }}
+      run: |
+        echo '${{ github.event.comment.user.login }} is not a member of the golemfoundation org'
+        exit 1
+
     - uses: actions/github-script@v7
       id: get-pr-number
       if: github.event_name == 'issue_comment'

.github/workflows/tpl-images.yml

@@ -6,6 +6,9 @@ on:
       image-tag:
         required: true
         type: string
+      git-ref:
+        required: true
+        type: string
 concurrency:
   group: "${{ github.ref }}-images"
   cancel-in-progress: true
@@ -31,6 +34,8 @@ jobs:
         # account
         # see: https://github.com/actions/checkout/issues/211
         path: __local
+        ref: ${{ inputs.git-ref }}
+
     - name: Login to Docker registry
       uses: docker/login-action@v3
       with:

README.md

@@ -2,38 +2,51 @@
 
 Octant is a community-driven platform for experiments in decentralized governance.
 
-Developed by the [Golem Foundation](https://golem.foundation/) to test various hypotheses around user control, voter engagement, and community funding, the platform allows for running various governance experiments in a real-life environment and rewards user participation with ETH.
+Developed by the [Golem Foundation](https://golem.foundation/) to test various hypotheses around
+user control, voter engagement, and community funding, the platform allows for running various
+governance experiments in a real-life environment and rewards user participation with ETH.
 
 Documentation is available [here](https://docs.octant.app/).
 
 ---
+
 ## Runing development environment
 
-Below is development setup instructions. More documentation, configuration, deployment information is available in directories of this repository.
+Below is development setup instructions. More documentation, configuration, deployment information
+is available in directories of this repository.
+
+For the first build of contracts it is highly recommended to run the following command first (this
+step will require
+having [configured gcloud docker authentication](#gcloud-docker-images-repository-authentication) or
+[local build of anvil's fork](#local-build-of-patched-anvil)):
 
-For the first build of contracts it is highly recommended to run the following command first (this step will require having configured gcloud docker authentication):
 ```bash
 yarn localenv:build-anvil
 ```
 
 Build images with the following command:
+
 ```bash
 yarn localenv:build-images
 ````
 
 Run local environment
+
 ```sh
 yarn localenv:up
 ```
 
 To stop the environment, simply, run:
+
 ```sh
 yarn localenv:down
 ```
 
-Local environemnt is available at [http://octant.localhost:8080](http://octant.localhost:8080) and at [http://localhost:8080](http://localhost:8080).
+Local environemnt is available at [http://octant.localhost:8080](http://octant.localhost:8080) and
+at [http://localhost:8080](http://localhost:8080).
 
-*NOTICE:* in order to make it work using octant.localhost domain one should add the following lines to `/ect/hosts` file.
+*NOTICE:* in order to make it work using octant.localhost domain one should add the following lines
+to `/ect/hosts` or `C:\Windows\system32\drivers\etc\hosts` file.
 
 ```
 127.0.0.1 octant.localhost
@@ -43,15 +56,47 @@ Local environemnt is available at [http://octant.localhost:8080](http://octant.l
 127.0.0.1 client.octant.localhost
 ```
 
+### Starting web client
+
+Full web client documentation is available [here](client/README.md).
+
+- go to `client` directory
+- copy `.env.localenv-template` to `.env`
+- Run client `yarn dev`
+- Go to [client webpage](http://octant.localhost:5173)
+
+**TL;DR version:**
+
+```shell
+cd client
+cp .env.localenv-template .env
+yarn dev
+```
 
 ## gcloud docker images repository authentication
 
-Please notice, that for the time being,  we are using our own fork of `foundry` (especially `anvil`), and we have a pre-built image stored at Google Cloud.
+Please notice, that for the time being, we are using our own fork of `foundry` (especially `anvil`),
+and we have a pre-built image stored at Google Cloud.
 In order to configure access to this image one should have `gcloud` configured and then run command:
+
 `$ gcloud auth configure-docker europe-docker.pkg.dev`
 
+## Local build of patched anvil
+
+If you don't have access to Golem Foundation image repository you can build image yourself from
+branch `foundry-4129/trace-filter-support` of our `foundry` fork.
+
+```shell
+git clone https://github.com/golemfoundation/foundry.git --branch=foundry-4129/trace-filter-support --single-branch
+cd foundry
+docker build -t europe-docker.pkg.dev/wildland-dev/octant-test/foundry:latest .
+```
+
 ---
 
 ## Contributor Agreement
 
-In order to be able to contribute to any Wildland repository, you will need to agree to the terms of the [Wildland Contributor Agreement](https://docs.wildland.io/contributor-agreement.html). By contributing to any such repository, you agree that your contributions will be licensed under the [GPLv3 License](https://gitlab.com/wildland/governance/octant/-/blob/master/LICENSE).
+In order to be able to contribute to any Wildland repository, you will need to agree to the terms of
+the [Wildland Contributor Agreement](https://docs.wildland.io/contributor-agreement.html). By
+contributing to any such repository, you agree that your contributions will be licensed under
+the [GPLv3 License](https://gitlab.com/wildland/governance/octant/-/blob/master/LICENSE).

backend/app/constants.py

@@ -13,3 +13,5 @@
 BEACONCHAIN_API = "https://beaconcha.in/api"
 ETHERSCAN_API = "https://api.etherscan.io/api"
 BITQUERY_API = "https://graphql.bitquery.io"
+SAFE_API_MAINNET = "https://safe-transaction-mainnet.safe.global/api/v1"
+SAFE_API_SEPOLIA = "https://safe-transaction-sepolia.safe.global/api/v1"