test packaging and other

.github/workflows/docker-workflow.yml

@@ -0,0 +1,38 @@
+name: Docker Build
+
+on:
+  push:
+    branches: [ dev ]
+    tags: [ 'v*' ]
+
+env:
+  DOCKER_LOGIN: ${{ secrets.DOCKER_LOGIN }}
+  DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKER_LOGIN }}
+          password: ${{ env.DOCKER_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: |
+            kaiachain/kaia:${{ github.ref == 'refs/heads/dev' && 'dev' || github.ref_name }}
+            ${{ startsWith(github.ref, 'refs/tags/v') && 'kaiachain/kaia:latest' || '' }} 

.github/workflows/nightly-workflow.yml

@@ -0,0 +1,58 @@
+name: Nightly Tests
+
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Runs at 00:00 UTC every day
+  workflow_dispatch:  # Manual trigger option
+
+env:
+  DOCKER_LOGIN: ${{ secrets.DOCKER_LOGIN }}
+  DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+
+jobs:
+  integration:
+    runs-on: ubuntu-latest
+    container:
+      image: kaiachain/build_base:1.12-go.1.22.1-solc0.8.13-ubuntu-20.04
+      credentials:
+        username: ${{ env.DOCKER_LOGIN }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    services:
+      redis:
+        image: redis:6.0.8-alpine
+        ports:
+          - 6379:6379
+      kafka:
+        image: bitnami/kafka:3.7
+        env:
+          KAFKA_CFG_NODE_ID: 0
+          KAFKA_CFG_PROCESS_ROLES: controller,broker
+          KAFKA_CFG_CONTROLLER_QUORUM_VOTERS: 0@kafka:9093
+          KAFKA_CFG_LISTENERS: PLAINTEXT://:9092,CONTROLLER://:9093
+          KAFKA_CFG_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092
+          KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP: CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT
+          KAFKA_CFG_CONTROLLER_LISTENER_NAMES: CONTROLLER
+          KAFKA_CFG_INTER_BROKER_LISTENER_NAME: PLAINTEXT
+        ports:
+          - 9092:9092
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run integration tests
+        run: make test-integration
+
+  coverage:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate coverage report
+        run: make coverage
+
+      - name: Upload coverage
+        uses: codecov/codecov-action@v4
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }} 

.github/workflows/packaging-workflow.yml

@@ -0,0 +1,156 @@
+name: Package and Release
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+*'
+
+env:
+  DOCKER_LOGIN: ${{ secrets.DOCKER_LOGIN }}
+  DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+  FRONTEND_BUCKET: ${{ secrets.FRONTEND_BUCKET }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+jobs:
+  rpm-linux-amd64:
+    runs-on: ubuntu-latest
+    container:
+      image: kaiachain/circleci-rpmbuild:1.22.1-gcc7
+      credentials:
+        username: ${{ env.DOCKER_LOGIN }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set version
+        run: |
+          export GOPATH=/go
+          if [[ $GITHUB_REF_NAME =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+.* ]]; then
+            rc_num=$(echo $GITHUB_REF_NAME | cut -d '-' -f 2)
+            sed 's/%d.%d.%d/%d.%d.%d~'$rc_num'/' params/version.go > params/version.go.tmp
+            mv params/version.go.tmp params/version.go
+          fi
+          echo "KAIA_VERSION=$(go run build/rpm/main.go version)" >> $GITHUB_ENV
+
+      - name: Build binaries
+        run: make all
+
+      - name: Build RPM packages
+        run: |
+          for item in kcn kpn ken kgen kscn kbn kspn ksen homi; do
+            ./build/package-rpm.sh $item
+          done
+          
+          for item in kcn kpn ken; do
+            ./build/package-rpm.sh -b $item
+          done
+
+      - name: Upload RPM packages to S3
+        run: |
+          PLATFORM_SUFFIX=$(uname -s | tr '[:upper:]' '[:lower:]')-$(uname -m)
+          
+          for item in kcn kpn ken kcn-kairos kpn-kairos ken-kairos kgen kscn kbn kspn ksen homi; do
+            BINARY=$item
+            KAIROS=""
+            if [[ $BINARY = *-kairos ]]; then
+              BINARY="${BINARY%-kairos}"
+              KAIROS="-kairos"
+            fi
+            TARGET_RPM=$(find $BINARY-$PLATFORM_SUFFIX/rpmbuild/RPMS/$(uname -m)/ | awk -v pat="$BINARY(d)?$KAIROS-v" '$0~pat')
+            aws s3 cp $TARGET_RPM s3://$FRONTEND_BUCKET/packages/rhel/7/kaia/
+            aws s3 cp $TARGET_RPM s3://$FRONTEND_BUCKET/packages/kaia/$KAIA_VERSION/
+          done
+
+  tar-linux-amd64:
+    runs-on: ubuntu-latest
+    container:
+      image: kaiachain/build_base:1.12-go.1.22.1-solc0.8.13-ubuntu-20.04
+      credentials:
+        username: ${{ env.DOCKER_LOGIN }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set version
+        run: |
+          if [[ $GITHUB_REF_NAME =~ ^v[0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+.* ]]; then
+            rc_num=$(echo $GITHUB_REF_NAME | cut -d '-' -f 2)
+            sed 's/%d.%d.%d/%d.%d.%d~'$rc_num'/' params/version.go > params/version.go.tmp
+            mv params/version.go.tmp params/version.go
+          fi
+          echo "KAIA_VERSION=$(go run build/rpm/main.go version)" >> $GITHUB_ENV
+
+      - name: Build binaries
+        run: make all
+
+      - name: Build tar packages
+        run: |
+          for item in kcn kpn ken kgen kscn kbn kspn ksen homi; do
+            ./build/package-tar.sh linux-amd64 $item
+          done
+          
+          for item in kcn kpn ken; do
+            ./build/package-tar.sh -b linux-amd64 $item
+          done
+
+      - name: Upload tar packages to S3
+        run: |
+          for item in kcn kpn ken kcn-kairos kpn-kairos ken-kairos kgen kscn kbn kspn ksen homi; do
+            aws s3 cp packages/${item}-v*.tar.gz s3://$FRONTEND_BUCKET/packages/kaia/$KAIA_VERSION/
+          done
+
+  tar-linux-arm64:
+    runs-on: ['self-hosted', 'ARM64']
+    container:
+      image: kaiachain/build_base:1.12-go.1.22.1-solc0.8.13-ubuntu-20.04-arm
+      credentials:
+        username: ${{ env.DOCKER_LOGIN }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+  tar-darwin-arm64:
+    runs-on: macos-14
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          brew install awscli
+          curl -O https://dl.google.com/go/go1.22.1.darwin-arm64.tar.gz
+          mkdir $HOME/go1.22.1
+          tar -C $HOME/go1.22.1 -xzf go1.22.1.darwin-arm64.tar.gz
+          echo 'export GOPATH=~/go' >> ~/.bashrc
+          echo 'export PATH=$HOME/go1.22.1/go/bin:$PATH' >> ~/.bashrc
+          source ~/.bashrc
+
+  deploy-rpm:
+    needs: [rpm-linux-amd64, rpm-linux-arm64, tar-linux-amd64, tar-linux-arm64, tar-darwin-arm64]
+    runs-on: ubuntu-latest
+    container:
+      image: kaiachain/circleci-rpmbuild:1.22.1-gcc7
+      credentials:
+        username: ${{ env.DOCKER_LOGIN }}
+        password: ${{ env.DOCKER_PASSWORD }}
+
+    steps:
+      - name: Update RPM repository
+        run: |
+          aws s3 sync s3://$FRONTEND_BUCKET/packages/rhel/7/kaia/ rhel/7/kaia/
+          createrepo --update rhel/7/kaia
+          aws s3 sync --delete rhel/7/kaia/repodata/ s3://$FRONTEND_BUCKET/packages/rhel/7/kaia/repodata/
+
+      - name: Notify Slack on success
+        if: success()
+        run: |
+          curl --data '{"text": "✅ Package deployment succeeded for ${{ github.ref_name }}. See ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' "$SLACK_WEBHOOK_URL"
+
+      - name: Notify Slack on failure
+        if: failure()
+        run: |
+          curl --data '{"text": "❌ Package deployment failed for ${{ github.ref_name }}. See ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' "$SLACK_WEBHOOK_URL" 

.github/workflows/release-workflow.yml

@@ -0,0 +1,32 @@
+name: Create Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Generate changelog
+        id: changelog
+        uses: mikepenz/release-changelog-builder-action@v4
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          body: ${{steps.changelog.outputs.changelog}}
+          draft: false
+          prerelease: ${{ contains(github.ref, '-rc.') }}
+          files: |
+            packages/*
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 

.github/workflows/security-workflow.yml

@@ -0,0 +1,26 @@
+name: Security Scan
+
+on:
+  schedule:
+    - cron: '0 12 * * 1'  # Runs at 12:00 UTC every Monday
+  workflow_dispatch:
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run Gosec
+        uses: securego/gosec@master
+        with:
+          args: ./...
+
+      - name: Run dependency review
+        uses: actions/dependency-review-action@v3
+
+      - name: Run Snyk
+        uses: snyk/actions/golang@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}