Merge pull request #27 from XinFinOrg/add-docker

Add docker and cicd
XinFinOrg · Nov 23, 2023 · f8bd601 · f8bd601
2 parents 9b98353 + 01d4ec0
commit f8bd601
Show file tree

Hide file tree

Showing 17 changed files with 371 additions and 5,373 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,5 @@
+.env
+deployment.config.json
+upgrade.config.json
+yarn.lock
+node_modules
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,17 +1,16 @@
-name: Build and update image
+name: Build and publish image 
 
 on:
   push:
     branches:
-      - main
+      - master
     tags:
       - "*"
-
   workflow_dispatch: #allow manual trigger to workflow
 
 jobs:
-  test_on_pr:
-    name: Test
+  test_build_and_push_to_docker_registry:
+    name: Test, build and push image to registry
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -23,4 +22,25 @@ jobs:
       - name: Check smart contract
         run: |
           yarn 
-          npx hardhat test
+          npx hardhat test
+
+      - name: Docker login
+        env:
+          DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
+          DOCKER_PASSWORD: ${{secrets.DOCKER_ACCESS_TOKEN}}
+        run: |
+          echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+
+      - name: Determine Docker Image Name
+        id: image
+        run: |
+          if [[ "${{github.ref_name}}" == "master" ]]; then
+            echo "name=xinfinorg/csc:latest" >> $GITHUB_OUTPUT
+          else
+            echo "name=xinfinorg/csc:${{github.ref_name}}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build and push image
+        run: |
+          docker build . --file docker/Dockerfile --tag ${{ steps.image.outputs.name }}
+          docker push ${{ steps.image.outputs.name }}
diff --git a/.github/workflows/pr_deploy.yml b/.github/workflows/pr_deploy.yml
@@ -0,0 +1,76 @@
+name: Build and deploy devnet
+on:
+  pull_request_target:
+    branches:
+      - master
+
+jobs:
+  build_and_deploy:
+    if: |
+      ( startsWith(github.head_ref, 'feature') ||  
+        startsWith(github.head_ref, 'fix') ) 
+    name: Deploy on PR 
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: check out trigger branch
+        run: |
+          git fetch origin $BRANCH
+          git checkout $BRANCH
+        env:
+          BRANCH: ${{ github.head_ref }}
+
+      - name: Record branch env
+        id: branch
+        run: |
+          echo "repo=${{ github.repository }}" >> $GITHUB_OUTPUT
+          echo "branch=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_OUTPUT
+          echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          # echo $repo
+          # echo $branch
+          # echo $commit
+
+      - name: Docker login
+        env:
+          DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
+          DOCKER_PASSWORD: ${{secrets.DOCKER_ACCESS_TOKEN}}
+        run: |
+          echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+
+      - name: Determine Docker Image Name
+        id: image
+        run: |
+            echo "name=xinfinorg/csc:${{ steps.branch.outputs.branch }}" >> $GITHUB_OUTPUT
+        
+
+      - name: Build and push image
+        run: |
+          docker build . --file docker/Dockerfile --tag ${{ steps.image.outputs.name }}
+          docker push ${{ steps.image.outputs.name }}
+
+      - name: trigger deploy workflow
+        id: trigger_deploy
+        run: |
+          echo "RESPONSE_CODE=$( \
+          curl -L \
+          -o response.txt \
+          -w %{response_code} \
+          -s \
+          -X POST \
+          -H "Accept: application/vnd.github+json" \
+          -H "Authorization: Bearer ${{ secrets.CICD_PAT }}" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          https://api.github.com/repos/hash-laboratories-au/subnet-deployment/actions/workflows/subnet-deploy.yaml/dispatches \
+          -d '{"ref":"master", "inputs":{"caller_repo": "${{ steps.branch.outputs.repo }}", "caller_ref": "${{ steps.branch.outputs.branch }}", "caller_sha": "${{ steps.branch.outputs.commit }}"}}' \
+          )" >> $GITHUB_ENV
+
+      - name: Check response fail or success
+        run: |
+          cat response.txt
+          echo "RESPONSE_CODE=${{ env.RESPONSE_CODE }}"
+          if [ ${{ env.RESPONSE_CODE }} != 204 ]
+          then
+            exit 1
+          fi
diff --git a/.github/workflows/pr.yml → .github/workflows/pr_test.yml b/.github/workflows/pr.yml → .github/workflows/pr_test.yml
@@ -3,11 +3,11 @@ name: PR tests
 on:
   pull_request:
     branches:
-      - main
+      - master
 
 jobs:
   test_on_pr:
-    name: Test
+    name: Test on PR
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code

diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,5 @@ node_modules/
 dbg.project.json
 contracts-dbg/
 deployment.config.json
-upgrade.config.json
+upgrade.config.json
+yarn.lock
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -0,0 +1,16 @@
+FROM node:18.15
+
+WORKDIR /app
+
+COPY . /app
+
+RUN yarn
+
+RUN chmod +x /app/docker/deploy_csc.sh
+RUN chmod +x /app/docker/deploy_proxy.sh
+RUN chmod +x /app/docker/upgrade_csc.sh
+
+
+# ENTRYPOINT ["sleep", "infinity"]
+# ENTRYPOINT ["bash -c","sleep 100"]
+# ENTRYPOINT ["bash","/app/docker/deploy_csc.sh"]
diff --git a/docker/README_DOCKER b/docker/README_DOCKER
@@ -0,0 +1,18 @@
+
+1. Always specify entrypoint script, no default entrypoint. 
+  - deploy_proxy.sh: deploy new proxy gateway and initialize CSC
+  - upgrade_csc.sh: upgrade proxy gateway to the CSC of the current image version.  
+  - deploy_csc.sh: deploy non-upgradable CSC (old method)
+2. Mount js configs to /app/config directory
+  - deployment.config.json: used in all scripts
+  - upgrade.config.json: used in 'upgrade_csc.sh'
+3. ENV can be injected with '--env-file'
+  - PARENTCHAIN_WALLET_PK or PRIVATE_KEY: either can be used
+  - PARENTCHAIN: 'devnet' or 'testnet' 
+  - RELAYER_MODE: 'full' or 'lite', only used in 'deploy_csc.sh'
+
+* The PARENTCHAIN_WALLET_PK that is used for upgrading CSC should be the same as the initilise CSC private key.
+
+
+Example for mounting your current directory
+docker run --env-file .env -v $PWD:/app/config --entrypoint './docker/deploy_proxy.sh' xinfinorg/csc:latest
diff --git a/docker/deploy_csc.sh b/docker/deploy_csc.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+cd /app
+cp /app/config/deployment.config.json /app/deployment.config.json
+
+#1. check PARENTCHAIN env
+#2. check PRIVATE_KEY env
+#3. check .env file
+
+if [[ -n "$PARENTCHAIN_WALLET_PK" ]]; then
+  PRIVATE_KEY=${PARENTCHAIN_WALLET_PK}
+fi
+
+
+if [[ -z "$PRIVATE_KEY" ]]; then
+  source /app/config/.env
+fi
+
+if [[ -z "$PRIVATE_KEY" ]]; then
+  if [[ -n "$PARENTCHAIN_WALLET_PK" ]]; then
+    PRIVATE_KEY=${PARENTCHAIN_WALLET_PK}
+  else
+    echo "PARENTCHAIN_WALLET_PK or PRIVATE_KEY not set"
+    exit 1
+  fi
+fi
+
+if [[ ${PRIVATE_KEY::2} == "0x"  ]]; then
+  PRIVATE_KEY=${PRIVATE_KEY:2}
+fi
+echo "PRIVATE_KEY=${PRIVATE_KEY}" > .env 
+
+if [[ -z "$PARENTCHAIN_URL" ]]; then
+  echo "PARENTCHAIN_URL not specified"
+  exit 1
+else
+  cat network.config.json | sed -e "s@\"xdcparentnet\".*@\"xdcparentnet\": \"$PARENTCHAIN_URL\",@" > temp.json
+  mv temp.json network.config.json
+fi
+
+if [[ -z "$SUBNET_URL" ]]; then
+  echo "SUBNET_URL not specified" 
+  exit 1
+else
+  cat network.config.json | sed -e "s@\"xdcsubnet\".*@\"xdcsubnet\": \"$SUBNET_URL\",@" > temp.json
+  mv temp.json network.config.json
+fi
+
+if [[ $RELAYER_MODE == 'full' ]]
+then
+  echo "Deploying full CSC"
+  npx hardhat run scripts/FullCheckpointDeploy.js --network xdcparentnet 2>&1 | tee csc.log
+elif [[ $RELAYER_MODE == 'lite' ]]
+then
+  echo "Deploying lite CSC"
+  npx hardhat run scripts/LiteCheckpointDeploy.js --network xdcparentnet 2>&1 | tee csc.log
+else
+  echo "Unknown RELAYER_MODE"
+  exit 1
+fi
+
+
+# found=$(cat csc.log | grep -m 1 "deployed to")
+# echo $found
+
+# if [[ $found == '' ]]
+# then
+#   echo 'CSC deployment failed'
+#   exit 1
+# else
+#   echo 'Replacing CSC address in common.env file'
+#   contract=${found: -42}
+#   echo $contract
+#   cat /app/generated/common.env | sed -e "s/CHECKPOINT_CONTRACT.*/CHECKPOINT_CONTRACT=$contract/" > temp.env
+#   mv temp.env /app/generated/common.env
+# fi
diff --git a/docker/deploy_proxy.sh b/docker/deploy_proxy.sh
@@ -0,0 +1,70 @@
+#!/bin/bash
+set -e 
+
+cd /app
+cp /app/config/deployment.config.json /app/deployment.config.json
+
+#1. check PARENTCHAIN env
+#2. check PRIVATE_KEY env
+#3. check .env file
+
+if [[ -n "$PARENTCHAIN_WALLET_PK" ]]; then
+  PRIVATE_KEY=${PARENTCHAIN_WALLET_PK}
+fi
+
+
+if [[ -z "$PRIVATE_KEY" ]]; then
+  source /app/config/.env
+fi
+
+if [[ -z "$PRIVATE_KEY" ]]; then
+  if [[ -n "$PARENTCHAIN_WALLET_PK" ]]; then
+    PRIVATE_KEY=${PARENTCHAIN_WALLET_PK}
+  else
+    echo "PARENTCHAIN_WALLET_PK or PRIVATE_KEY not set"
+    exit 1
+  fi
+fi
+
+if [[ ${PRIVATE_KEY::2} == "0x"  ]]; then
+  PRIVATE_KEY=${PRIVATE_KEY:2}
+fi
+echo "PRIVATE_KEY=${PRIVATE_KEY}" > .env 
+
+if [[ -z "$PARENTCHAIN_URL" ]]; then
+  echo "PARENTCHAIN_URL not specified"
+  exit 1
+else
+  cat network.config.json | sed -e "s@\"xdcparentnet\".*@\"xdcparentnet\": \"$PARENTCHAIN_URL\",@" > temp.json
+  mv temp.json network.config.json
+fi
+
+if [[ -z "$SUBNET_URL" ]]; then
+  echo "SUBNET_URL not specified" 
+  exit 1
+else
+  cat network.config.json | sed -e "s@\"xdcsubnet\".*@\"xdcsubnet\": \"$SUBNET_URL\",@" > temp.json
+  mv temp.json network.config.json
+fi
+
+DEPLOY=$(npx hardhat run scripts/proxy/ProxyGatewayDeploy.js --network xdcparentnet)
+PROXY=$(echo $DEPLOY | awk '{print $NF}')
+echo "Proxy Gateway Deployed: $PROXY"
+JSON="{\"proxyGateway\": \"$PROXY\"}"
+echo $JSON > upgrade.config.json
+echo "PROXY_GATEWAY=$PROXY" >> config/common.env || echo 'config not mounted'
+
+
+UPGRADE=$(npx hardhat run scripts/proxy/UpgradeCSC.js --network xdcparentnet | awk '{print $NF}')
+FULL_CSC=$(echo $UPGRADE | cut -d' ' -f4)
+FULL_CSC="FULL_CSC=$FULL_CSC"
+echo $FULL_CSC >> config/common.env || echo 'config not mounted'
+
+
+LITE_CSC=$(echo $UPGRADE | cut -d' ' -f5)
+LITE_CSC="LITE_CSC=$LITE_CSC"
+echo $LITE_CSC >> config/common.env || echo 'config not mounted'
+echo "Upgraded Proxy Gateway with CSC"
+echo "$FULL_CSC"
+echo "$LITE_CSC"
+
diff --git a/docker/upgrade_csc.sh b/docker/upgrade_csc.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+cd /app
+cp /app/config/deployment.config.json /app/deployment.config.json
+
+if [[ -n "$PARENTCHAIN_WALLET_PK" ]]; then
+  PRIVATE_KEY=${PARENTCHAIN_WALLET_PK}
+fi
+
+
+if [[ -z "$PRIVATE_KEY" ]]; then
+  source /app/config/.env
+fi
+
+if [[ -z "$PRIVATE_KEY" ]]; then
+  if [[ -n "$PARENTCHAIN_WALLET_PK" ]]; then
+    PRIVATE_KEY=${PARENTCHAIN_WALLET_PK}
+  else
+    echo "PARENTCHAIN_WALLET_PK or PRIVATE_KEY not set"
+    exit 1
+  fi
+fi
+
+if [[ ${PRIVATE_KEY::2} == "0x"  ]]; then
+  PRIVATE_KEY=${PRIVATE_KEY:2}
+fi
+echo "PRIVATE_KEY=${PRIVATE_KEY}" > .env 
+
+if [[ -z "$PARENTCHAIN_URL" ]]; then
+  echo "PARENTCHAIN_URL not specified"
+  exit 1
+else
+  cat network.config.json | sed -e "s@\"xdcparentnet\".*@\"xdcparentnet\": \"$PARENTCHAIN_URL\",@" > temp.json
+  mv temp.json network.config.json
+fi
+
+if [[ -z "$SUBNET_URL" ]]; then
+  echo "SUBNET_URL not specified" 
+  exit 1
+else
+  cat network.config.json | sed -e "s@\"xdcsubnet\".*@\"xdcsubnet\": \"$SUBNET_URL\",@" > temp.json
+  mv temp.json network.config.json
+fi
+
+if [[ -z "$PROXY_GATEWAY" ]]; then
+  echo "PROXY_GATEWAY not specified"
+  exit 1
+else
+  JSON="{\"proxyGateway\": \"$PROXY_GATEWAY\"}"
+  echo $JSON > upgrade.config.json
+fi
+
+npx hardhat run scripts/proxy/UpgradeCSC.js --network xdcparentnet