WIP: Audit Trails

.cargo/config.toml

@@ -0,0 +1,3 @@
+[alias]
+docs-notarization = "doc -p notarization"
+docs-audit-trail = "doc -p audit_trail"

.github/actions/publish/wasm/action.yml

@@ -10,6 +10,9 @@ inputs:
   working-directory:
     description: "Directory to publish from"
     required: true
+  artifact-download-path:
+    description: "Directory to download artifacts to (defaults to working-directory)"
+    required: false
   dry-run:
     description: "'true' = only log potential result; 'false' = publish'"
     required: true
@@ -27,7 +30,7 @@ runs:
       uses: actions/download-artifact@v4
       with:
         name: ${{ inputs.input-artifact-name }}
-        path: bindings/wasm/notarization_wasm
+        path: ${{ inputs.artifact-download-path || inputs.working-directory }}
 
     - name: Publish WASM bindings to NPM
       shell: sh

.github/workflows/build-and-test.yml

@@ -17,11 +17,13 @@ on:
       - ".github/workflows/shared-build-wasm.yml"
       - ".github/actions/**"
       - "**.rs"
+      - "**.move"
       - "**.toml"
       - "**.lock"
       - "bindings/**"
       - "!bindings/**.md"
       - "bindings/wasm/notarization_wasm/README.md" # the Readme contain txm tests
+      - "bindings/wasm/audit_trail_wasm/README.md"
 
   schedule:
     # * is a special character in YAML so you have to quote this string
@@ -165,17 +167,27 @@ jobs:
 
       - name: test Notarization Move package
         if: matrix.os != 'windows-latest'
-        # publish the package and set the IOTA_NOTARIZATION_PKG_ID env variable
-        run: |
-          iota move test
+        run: iota move test
         working-directory: notarization-move
 
+      - name: test Audit Trail Move package
+        if: matrix.os != 'windows-latest'
+        run: iota move test
+        working-directory: audit-trail-move
+
       - name: publish Notarization Move package
         if: matrix.os != 'windows-latest'
-        # publish the package and set the IOTA_NOTARIZATION_PKG_ID env variable
         run: echo "IOTA_NOTARIZATION_PKG_ID=$(./publish_package.sh)" >> "$GITHUB_ENV"
         working-directory: notarization-move/scripts/
 
+      - name: publish Audit Trail Move package
+        if: matrix.os != 'windows-latest'
+        run: |
+          eval "$(./publish_package.sh)"
+          echo "IOTA_AUDIT_TRAIL_PKG_ID=$IOTA_AUDIT_TRAIL_PKG_ID" >> "$GITHUB_ENV"
+          echo "IOTA_TF_COMPONENTS_PKG_ID=$IOTA_TF_COMPONENTS_PKG_ID" >> "$GITHUB_ENV"
+        working-directory: audit-trail-move/scripts/
+
       - name: Run tests
         if: matrix.os != 'windows-latest'
         run: cargo test --workspace --release -- --test-threads=1
@@ -210,16 +222,26 @@ jobs:
         uses: "./.github/actions/rust/sccache/stop"
         with:
           os: ${{matrix.os}}
-  build-wasm:
+  build-wasm-notarization:
     needs: check-for-run-condition
     if: ${{ needs.check-for-run-condition.outputs.should-run == 'true' }}
     uses: "./.github/workflows/shared-build-wasm.yml"
     with:
       run-unit-tests: false
       output-artifact-name: notarization-wasm-bindings-build
 
-  test-wasm:
-    needs: build-wasm
+  build-wasm-audit-trail:
+    needs: check-for-run-condition
+    if: ${{ needs.check-for-run-condition.outputs.should-run == 'true' }}
+    uses: "./.github/workflows/shared-build-wasm.yml"
+    with:
+      run-unit-tests: false
+      output-artifact-name: audit-trail-wasm-bindings-build
+      wasm-package-dir: bindings/wasm/audit_trail_wasm
+      wasm-crate-name: audit_trail_wasm
+
+  test-wasm-notarization:
+    needs: [build-wasm-notarization, check-for-run-condition]
     if: ${{ needs.check-for-run-condition.outputs.should-run == 'true' }}
     runs-on: ubuntu-24.04
     strategy:
@@ -253,21 +275,53 @@ jobs:
           iota-version: ${{ env.IOTA_VERSION }}
 
       - name: publish Notarization Move package
-        if: matrix.os != 'windows-latest'
-        # publish the package and set the IOTA_NOTARIZATION_PKG_ID env variable
         run: echo "IOTA_NOTARIZATION_PKG_ID=$(./publish_package.sh)" >> "$GITHUB_ENV"
         working-directory: notarization-move/scripts/
 
+      - name: Run Wasm examples
+        run: npm run test:node
+        working-directory: bindings/wasm/notarization_wasm
+
+  test-wasm-audit-trail:
+    needs: [build-wasm-audit-trail, check-for-run-condition]
+    if: ${{ needs.check-for-run-condition.outputs.should-run == 'true' }}
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 20.x
+
       - name: Install JS dependencies
         run: npm ci
-        working-directory: bindings/wasm/notarization_wasm
+        working-directory: bindings/wasm/audit_trail_wasm
+
+      - name: Download bindings/wasm/audit_trail_wasm artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: audit-trail-wasm-bindings-build
+          path: bindings/wasm/audit_trail_wasm
+
+      - name: Start iota sandbox
+        uses: "./.github/actions/iota/setup"
+        with:
+          iota-version: ${{ env.IOTA_VERSION }}
+
+      - name: publish Audit Trail Move package
+        run: |
+          eval "$(./publish_package.sh)"
+          echo "IOTA_AUDIT_TRAIL_PKG_ID=$IOTA_AUDIT_TRAIL_PKG_ID" >> "$GITHUB_ENV"
+          echo "IOTA_TF_COMPONENTS_PKG_ID=$IOTA_TF_COMPONENTS_PKG_ID" >> "$GITHUB_ENV"
+        working-directory: audit-trail-move/scripts/
 
       - name: Run Wasm examples
-        #run: npm run test:readme && npm run test:node
         run: npm run test:node
-        working-directory: bindings/wasm/notarization_wasm
-  test-wasm-browser:
-    needs: build-wasm
+        working-directory: bindings/wasm/audit_trail_wasm
+  test-wasm-browser-notarization:
+    needs: [build-wasm-notarization, check-for-run-condition]
     if: ${{ needs.check-for-run-condition.outputs.should-run == 'true' }}
     runs-on: ubuntu-24.04
     strategy:
@@ -316,3 +370,57 @@ jobs:
 
       - name: Run cypress
         run: docker run --network host cypress-test test:browser:${{ matrix.browser }}
+
+  test-wasm-browser-audit-trail:
+    needs: [build-wasm-audit-trail, check-for-run-condition]
+    if: ${{ needs.check-for-run-condition.outputs.should-run == 'true' }}
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        browser: [chrome, firefox]
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: 20.x
+
+      - name: Install JS dependencies
+        run: npm ci
+        working-directory: bindings/wasm/audit_trail_wasm
+
+      - name: Download bindings/wasm/audit_trail_wasm artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: audit-trail-wasm-bindings-build
+          path: bindings/wasm/audit_trail_wasm
+
+      - name: Start iota sandbox
+        uses: "./.github/actions/iota/setup"
+        with:
+          iota-version: ${{ env.IOTA_VERSION }}
+
+      - name: publish Audit Trail Move package
+        run: |
+          eval "$(./publish_package.sh)"
+          echo "IOTA_AUDIT_TRAIL_PKG_ID=$IOTA_AUDIT_TRAIL_PKG_ID" >> "$GITHUB_ENV"
+          echo "IOTA_TF_COMPONENTS_PKG_ID=$IOTA_TF_COMPONENTS_PKG_ID" >> "$GITHUB_ENV"
+        working-directory: audit-trail-move/scripts/
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v6.2.0
+        with:
+          context: bindings/wasm/
+          file: bindings/wasm/audit_trail_wasm/cypress/Dockerfile
+          push: false
+          tags: cypress-audit-trail:latest
+          load: true
+          build-args: |
+            IOTA_AUDIT_TRAIL_PKG_ID=${{ env.IOTA_AUDIT_TRAIL_PKG_ID }}
+            IOTA_TF_COMPONENTS_PKG_ID=${{ env.IOTA_TF_COMPONENTS_PKG_ID }}
+
+      - name: Run cypress
+        run: docker run --network host cypress-audit-trail test:browser:${{ matrix.browser }}

.github/workflows/clippy.yml

@@ -49,3 +49,9 @@ jobs:
         if: ${{ false }}
         with:
           args: --manifest-path ./bindings/wasm/notarization_wasm/Cargo.toml --target wasm32-unknown-unknown --all-targets --all-features -- -D warnings
+
+      - name: Wasm clippy check audit_trail_wasm
+        uses: actions-rs-plus/clippy-check@b09a9c37c9df7db8b1a5d52e8fe8e0b6e3d574c4
+        if: ${{ false }}
+        with:
+          args: --manifest-path ./bindings/wasm/audit_trail_wasm/Cargo.toml --target wasm32-unknown-unknown --all-targets --all-features -- -D warnings

.github/workflows/format.yml

@@ -49,6 +49,9 @@ jobs:
       - name: wasm fmt check notarization_wasm
         run: cargo +nightly fmt --manifest-path ./bindings/wasm/notarization_wasm/Cargo.toml --all -- --check
 
+      - name: wasm fmt check audit_trail_wasm
+        run: cargo +nightly fmt --manifest-path ./bindings/wasm/audit_trail_wasm/Cargo.toml --all -- --check
+
       - name: fmt check with dprint
         run: dprint check
 
@@ -61,6 +64,10 @@ jobs:
       - name: Install prettier-plugin-move
         run: npm i @mysten/prettier-plugin-move
 
-      - name: prettier-move check
+      - name: prettier-move check notarization-move
         working-directory: notarization-move
         run: npx prettier-move -c **/*.move
+
+      - name: prettier-move check audit-trail-move
+        working-directory: audit-trail-move
+        run: npx prettier-move -c **/*.move

.github/workflows/shared-build-wasm.yml

@@ -19,6 +19,16 @@ on:
         description: "Name used for the output build artifact"
         required: true
         type: string
+      wasm-package-dir:
+        description: "Relative path to the wasm package directory (e.g. bindings/wasm/notarization_wasm)"
+        required: false
+        type: string
+        default: "bindings/wasm/notarization_wasm"
+      wasm-crate-name:
+        description: "Name of the wasm crate (e.g. notarization_wasm)"
+        required: false
+        type: string
+        default: "notarization_wasm"
 jobs:
   build-wasm:
     defaults:
@@ -52,6 +62,7 @@ jobs:
           sccache-enabled: true
           sccache-path: ${{ matrix.sccache-path }}
           target-cache-path: bindings/wasm/target
+          target-cache-key-suffix: ${{ inputs.wasm-crate-name }}
 
       # Download a pre-compiled wasm-bindgen binary.
       - name: Install wasm-bindgen-cli
@@ -71,16 +82,16 @@ jobs:
 
       - name: Install JS dependencies
         run: npm ci
-        working-directory: bindings/wasm/notarization_wasm
+        working-directory: ${{ inputs.wasm-package-dir }}
 
       - name: Build WASM bindings
         run: npm run build
-        working-directory: bindings/wasm/notarization_wasm
+        working-directory: ${{ inputs.wasm-package-dir }}
 
       - name: Run Node unit tests
         if: ${{ inputs.run-unit-tests }}
         run: npm run test:unit:node
-        working-directory: bindings/wasm/notarization_wasm
+        working-directory: ${{ inputs.wasm-package-dir }}
 
       - name: Stop sccache
         uses: "./.github/actions/rust/sccache/stop"
@@ -92,9 +103,9 @@ jobs:
         with:
           name: ${{ inputs.output-artifact-name }}
           path: |
-            bindings/wasm/notarization_wasm/node
-            bindings/wasm/notarization_wasm/web
-            bindings/wasm/notarization_wasm/examples/dist
-            bindings/wasm/notarization_wasm/docs
+            ${{ inputs.wasm-package-dir }}/node
+            ${{ inputs.wasm-package-dir }}/web
+            ${{ inputs.wasm-package-dir }}/examples/dist
+            ${{ inputs.wasm-package-dir }}/docs
           if-no-files-found: error
           retention-days: 1

.github/workflows/upload-docs.yml

@@ -8,6 +8,9 @@ on:
       version:
         description: "Version to publish docs under (e.g. `v1.2.3-dev.1`)"
         required: true
+      ref:
+        description: "Optional git ref to checkout before building docs"
+        required: false
 
 env:
   GH_TOKEN: ${{ github.token }}
@@ -16,20 +19,34 @@ permissions:
   actions: "write"
 
 jobs:
-  build-wasm:
+  build-wasm-notarization:
     uses: "./.github/workflows/shared-build-wasm.yml"
     with:
       run-unit-tests: false
       ref: ${{ inputs.ref }}
       output-artifact-name: notarization-docs
 
+  build-wasm-audit-trail:
+    uses: "./.github/workflows/shared-build-wasm.yml"
+    with:
+      run-unit-tests: false
+      ref: ${{ inputs.ref }}
+      output-artifact-name: audit-trail-docs
+      wasm-package-dir: bindings/wasm/audit_trail_wasm
+      wasm-crate-name: audit_trail_wasm
+
   upload-docs:
     runs-on: ubuntu-latest
-    needs: build-wasm
+    needs: [build-wasm-notarization, build-wasm-audit-trail]
     steps:
       - uses: actions/download-artifact@v4
         with:
           name: notarization-docs
+          path: notarization-docs
+      - uses: actions/download-artifact@v4
+        with:
+          name: audit-trail-docs
+          path: audit-trail-docs
       - name: Get release version
         id: get_release_version
         run: |
@@ -42,12 +59,21 @@ jobs:
           echo VERSION=$VERSION >> $GITHUB_OUTPUT
       - name: Compress generated docs
         run: |
-          tar czvf wasm.tar.gz notarization/docs/*
+          tar czvf wasm.tar.gz notarization-docs/docs/*
+          tar czvf audit-trail-wasm.tar.gz audit-trail-docs/docs/*
 
-      - name: Upload docs to AWS S3
+      - name: Upload notarization docs to AWS S3
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_IOTA_WIKI }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_IOTA_WIKI }}
           AWS_DEFAULT_REGION: "eu-central-1"
         run: |
           aws s3 cp wasm.tar.gz s3://files.iota.org/iota-wiki/iota-notarization/${{ steps.get_release_version.outputs.VERSION }}/ --acl public-read
+
+      - name: Upload audit trail docs to AWS S3
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_IOTA_WIKI }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_IOTA_WIKI }}
+          AWS_DEFAULT_REGION: "eu-central-1"
+        run: |
+          aws s3 cp audit-trail-wasm.tar.gz s3://files.iota.org/iota-wiki/iota-audit-trail/${{ steps.get_release_version.outputs.VERSION }}/ --acl public-read