diff --git a/website/blog/2024-07-15-welcome/index.md b/website/blog/2024-07-15-welcome/index.md new file mode 100644 index 00000000..6d793e94 --- /dev/null +++ b/website/blog/2024-07-15-welcome/index.md @@ -0,0 +1,54 @@ +--- +slug: road_to_testnet +title: Road to testnet +authors: pamphile +tags: [soroban, scf] +--- + +This is the beginning for Tansu! We are happy to have received a Stellar Community Fund Activation award. This grant is helping us build the foundation of Tansu. + +Bellow is the proposal we made for the SCF28. The full proposal can be found [here](https://dashboard.communityfund.stellar.org/scfawards/scf-28_43/activationawardreview/suggestion/1150). + +## Introduction + +To develop software, developers rely on Version Control Systems (VCS) to keep track of their changes and share their work. Git is one of the most widely used VCS and while being by design decentralized, developers rely on very centralized synchronization systems such as GitHub. + +This centralization raises serious concerns as any actor gaining access to these repositories can: change the history, update code, make releases, and even delete files. All this while being hardly noticeable. As open source software is relied upon by all industries, it poses a real threat in terms of software supply chain security. + +The core idea of this proposal is to bring Git hashes onto Stellar's blockchain to benefit from the traceability and accountability blockchain technology guarantees. The code itself is still versioned using Git and it is still hosted on the synchronization platform of choice, which does not interfere with maintainers traditional workflows. This gives maintainers access to new ways of managing their project on-chain and at its core it provides a distributed way to prove the integrity of their project. + +Our project will greatly benefit Stellar's ecosystem as open-source maintainers using our system will get to use Stellar and Soroban. This will in turn bring some of these maintainers to the Stellar ecosystem. + +## From Git to Soroban + +Version Control System (VCS), specifically using Git, is ubiquitous among software engineers. Git is by design decentralized, more so, the code history makes use of a Merkle tree: a given version, referred to as a commit, is given a hash and hashes are linked together to provide a history. Git is in essence a blockchain. + +When working on a project using Git, everyone gets the complete history and people can push and pull code from one person to another. The resolution of differences between one’s code to another can be challenging if many people work on the same code area. + +In practice, teams of developers-maintainers-, need a more convenient way to synchronize their work. To address this problematic, maintainers can use a central platform where they can synchronize their work. GitHub is the most used platform to share and collaborate on open-source projects. For many teams, the whole software development lifecycle happens there, from the inception of ideas to making a release of a new version. + +This centralization brings a lot of challenges when it comes to securing the software supply chain. In past years, we have seen attacks on almost every, if not all, parts of this centralized structure. Maintainers are being compromised, they become rogue, through exploit on GitHub or in the continuous integration system the code is compromised, there are occurrences of release artifacts being compromised and GitHub is also deleting projects which they deemed (albeit enforced by local regulations) not suitable for their platforms. + +To answer these concerns around software supply chain security, we propose to leverage the Stellar blockchain to store Git hashes. The following components are proposed: (i) a Soroban smart contract register Git hashes on-chain; (ii) a dApp for maintainers to manage their projects and users to participate and monitor their dependencies; and (iii) tools to help maintainers deploy and use this system transparently. + +## Soroban Versioning Smart Contract + +The core of the proposal is a Soroban Smart Contract called: Soroban Versioning contract. This contract will set the foundation of what will be built to support maintainers with their projects. + +The contract will hold project-specific metadata and a key pointing to the last code change hash. + +Updating the hash leaves a permanent record on-chain. These update events can be monitored to build an off-chain history and be further compared to the state on other platforms such as GitHub. We will build the necessary services to ingest these events. These services will play a pivotal role as sitting in between Soroban and our proposed dApp. + +Strict access control is key to guarantee that only maintainers can update on-chain data. Soroban provides an elegant and robust solution with address signing. By storing a list of authorized maintainers on-chain, we are enabling projects to be more transparency as to who has specific rights. + +As we have seen in past similar projects (see the landscape analysis in our architectural document), the developer experience is paramount to get any traction and adoption. To that end, we will provide various Git hooks to seamlessly fit most maintainers workflow. + +## dApp + +In order to facilitate the use of the Soroban Versioning smart contract, we will build a dApp called: Tansu. + +Maintainers will be able to register and administer many aspects of their projects. From adjusting the list of maintainers to update the last hash. Anyone will be able to view the projects, their configurations and the Git history. + +This will be achieved through a backend infrastructure by linking on-chain data with what is available on GitHub. + + diff --git a/website/blog/2024-08-03-welcome/index.md b/website/blog/2024-08-03-welcome/index.md deleted file mode 100644 index d2a31f42..00000000 --- a/website/blog/2024-08-03-welcome/index.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -slug: welcome -title: Welcome -authors: pamphile -tags: [soroban] ---- - -Tansu is here! diff --git a/website/blog/tags.yml b/website/blog/tags.yml index 3d5cc78a..297cd980 100644 --- a/website/blog/tags.yml +++ b/website/blog/tags.yml @@ -2,3 +2,8 @@ soroban: label: soroban permalink: /soroban description: Soroban Smart Contract + +scf: + label: scf + permalink: /scf + description: Stellar Community Fund diff --git a/website/docs/developers/architecture.mdx b/website/docs/developers/architecture.mdx new file mode 100644 index 00000000..f187fe1e --- /dev/null +++ b/website/docs/developers/architecture.mdx @@ -0,0 +1,20 @@ +--- +sidebar_position: 2 +--- + +# Architecture + +![General diagram flow](./architecture.png) + + + +:::note + +Maintainer: a person which is part of a project’s team. This is not necessarily tight to any specific role nor commit rights. + +::: + +1. Using the dApp, a maintainer registers a project providing a unique name, some metadata and a list of maintainers. +2. The project’s registration triggers an event which can be listen by anyone on the network. As part of our dApp infrastructure, we listen to all events and store then in our database; +3. Either using the dApp, or from tools provided to directly call the contract, maintainers can update projects data. Most notably, the last commit hash; +4. Users can use the dApp to easily get insights on a project. The see the project history, can click on specific commits to have more information and link to the centralized platform used by the project itself. diff --git a/website/docs/developers/architecture.png b/website/docs/developers/architecture.png new file mode 100644 index 00000000..829686c5 Binary files /dev/null and b/website/docs/developers/architecture.png differ diff --git a/website/docs/developers/congratulations.md b/website/docs/developers/congratulations.md deleted file mode 100644 index c7f571e0..00000000 --- a/website/docs/developers/congratulations.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -sidebar_position: 2 ---- - -# Hello \ No newline at end of file diff --git a/website/docs/developers/dapps_and_contracts.mdx b/website/docs/developers/dapps_and_contracts.mdx new file mode 100644 index 00000000..56e4e619 --- /dev/null +++ b/website/docs/developers/dapps_and_contracts.mdx @@ -0,0 +1,19 @@ +--- +sidebar_position: 2 +--- + +import CodeBlock from '@theme/CodeBlock'; +import contrac_id from '!!raw-loader!../../../.soroban/soroban_versioning_id'; + +# dApps and Contracts + +## Production + +Soon! + +## Testnet + +- dApp: [testnet.tansu.dev](testnet.tansu.dev) +- Contract ID: + +{contrac_id} diff --git a/website/docs/intro.md b/website/docs/intro.md index ffc549d4..064efccd 100644 --- a/website/docs/intro.md +++ b/website/docs/intro.md @@ -3,3 +3,5 @@ sidebar_position: 1 --- # Welcome to Tansu! + + diff --git a/website/package-lock.json b/website/package-lock.json index 58a0e12d..34b6bd60 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -13,6 +13,7 @@ "@mdx-js/react": "^3.0.0", "clsx": "^2.0.0", "prism-react-renderer": "^2.3.0", + "raw-loader": "^4.0.2", "react": "^18.0.0", "react-dom": "^18.0.0" }, @@ -12623,6 +12624,75 @@ "node": ">= 0.8" } }, + "node_modules/raw-loader": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/raw-loader/-/raw-loader-4.0.2.tgz", + "integrity": "sha512-ZnScIV3ag9A4wPX/ZayxL/jZH+euYb6FcUinPcgiQW0+UBtEv0O6Q3lGd3cqJ+GHH+rksEv3Pj99oxJ3u3VIKA==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/raw-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/raw-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/raw-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/raw-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, "node_modules/rc": { "version": "1.2.8", "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", diff --git a/website/package.json b/website/package.json index d03f84d9..5786fcb8 100644 --- a/website/package.json +++ b/website/package.json @@ -20,6 +20,7 @@ "@mdx-js/react": "^3.0.0", "clsx": "^2.0.0", "prism-react-renderer": "^2.3.0", + "raw-loader": "^4.0.2", "react": "^18.0.0", "react-dom": "^18.0.0" }, diff --git a/website/src/components/HomepageFeatures/index.tsx b/website/src/components/HomepageFeatures/index.tsx index fd03e09b..6e8e2df0 100644 --- a/website/src/components/HomepageFeatures/index.tsx +++ b/website/src/components/HomepageFeatures/index.tsx @@ -19,11 +19,11 @@ const FeatureList: FeatureItem[] = [ ), }, { - title: 'Git', + title: 'Git on-chain', Svg: require('@site/static/img/git-logo.svg').default, description: ( <> - Bring decentralization back to Git. Push new hashes on-chain and help secure the supply chain by allowing anyone to track code updates. + Tansu bring decentralization back to Git. Push new hashes on-chain and help secure the supply chain by allowing anyone to track code updates. ), }, @@ -32,7 +32,7 @@ const FeatureList: FeatureItem[] = [ Svg: require('@site/static/img/open_source_initiative.svg').default, description: ( <> - We track Open Source projects so you can build with confidence with Open Source. Everything Tansu is Open Source. + Tansu track Open Source projects so you can build with confidence with Open Source. Everything Tansu is Open Source. ), }, diff --git a/website/src/pages/index.tsx b/website/src/pages/index.tsx index cac0d6dd..bf28811a 100644 --- a/website/src/pages/index.tsx +++ b/website/src/pages/index.tsx @@ -32,7 +32,7 @@ export default function Home(): JSX.Element { const {siteConfig} = useDocusaurusContext(); return (
diff --git a/website/static/img/undraw_docusaurus_react.svg b/website/static/img/undraw_docusaurus_react.svg deleted file mode 100644 index 94b5cf08..00000000 --- a/website/static/img/undraw_docusaurus_react.svg +++ /dev/null @@ -1,170 +0,0 @@ - - Powered by React - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -