Merge remote-tracking branch 'origin/develop' into delivery-service-cli

dm3-org · Nov 30, 2023 · 2e87dda · 2e87dda
2 parents 61dfb0c + a094d47
commit 2e87dda
Show file tree

Hide file tree

Showing 62 changed files with 3,003 additions and 119 deletions.
diff --git a/.github/workflows/deploy-billboard.yml b/.github/workflows/deploy-billboard.yml
@@ -0,0 +1,92 @@
+name: Staging billboard deploy
+on: push
+
+jobs:
+    messenger-demo-deploy:
+        environment: devconnect2023
+        runs-on: ubuntu-latest
+        # if: ${{ contains( github.ref, vars.STAGING_BRANCH) }}
+        steps:
+            - uses: actions/checkout@v2
+            - uses: actions/setup-node@v3
+              with:
+                  registry-url: 'https://npm.pkg.github.com'
+                  node-version: 18.0.0
+                  cache: 'yarn'
+            - name: Declare some variables
+              shell: bash
+              run: |
+                echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
+                echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_ENV"
+                echo "now=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
+            - name: Prepare SSH
+              run: |
+                  mkdir ~/.ssh
+                  echo "${{ secrets.STAGING_HOST_SSH }}" > ~/.ssh/known_hosts
+                  echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key
+                  chmod 600 ./ssh-key
+            - name: Create .env file
+              env:
+                  TARGET_HOST: ${{ secrets.STAGING_HOST }}
+                  TARGET_IP: ${{ secrets.IP_ADDRESS }}
+              run: |
+                  echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.addr.devconnect.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_BACKEND=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=bb-ds.devconnect.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_DEFAULT_SERVICE=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.REACT_APP_ETHEREUM_PROVIDER }}" >> ./.env.react
+                  echo "REACT_APP_PROFILE_BASE_URL=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_RESOLVER_BACKEND=https://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react
+                  echo "REACT_APP_USER_ENS_SUBDOMAIN=.user.devconnect.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react
+                  echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react
+                  echo "REACT_APP_BRANCH=${{ env.branch }}" >> ./.env.react
+                  echo "REACT_APP_BUILD_TIME=${{ env.now }}" >> ./.env.react
+                  cat ./.env.react >> ./.env
+                  echo "BILLBOARD_SIGNER_PRIVATE_KEY=${{ secrets.BILLBOARD_SIGNER_PRIVATE_KEY }}" >> ./.env
+                  echo "RESOLVER_ADDR=0xae6646c22D8eE6479eE0a39Bf63B9bD9e57bAD9d" >> ./.env
+                  echo "SIGNING_PUBLIC_KEY=${{ secrets.SIGNING_PUBLIC_KEY }}" >> ./.env
+                  echo "SIGNING_PRIVATE_KEY=${{ secrets.SIGNING_PRIVATE_KEY }}" >> ./.env
+                  echo "SIGNER_PRIVATE_KEY=${{ secrets.SIGNER_PRIVATE_KEY }}" >> ./.env
+                  echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env
+                  echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env
+                  echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env
+                  echo "RPC=${{ secrets.STAGING_RPC }}" >> ./.env
+                  echo "BILLBOARD_PRIVATE_KEY=${{ secrets.BILLBOARD_PRIVATE_KEY }}" >> ./.env
+                  echo "interceptor=${{ secrets.INTERCEPTOR }}" >> ./.env
+                  echo "DISABLE_SESSION_CHECK='true'" >> ./.env
+                  echo "BILLBOARD_NAMES=${{ secrets.BILLBOARD_NAMES }}" >> ./.env
+                  echo "CERT_MAIL=${{ secrets.CERT_MAIL }}" >> ./.env
+                  echo "URL=${{ secrets.STAGING_HOST }}" >> ./.env
+                  envsubst '${TARGET_HOST}' < ./docker/billboard/nginx.conf > ./nginx.conf
+                  cat ./.env
+            - name: Build docker image
+              run: |
+                  cp ./.env.react packages/messenger-demo/.env
+                  docker build --progress=plain -t dm3-backend:latest -f ./docker/Dockerfile .
+                  docker save -o ./dm3-backend.tar dm3-backend:latest
+            - name: Sync files
+              run: |
+                  rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.STAGING_HOST }}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.STAGING_HOST }}:/home/app/dm3 
+                  rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.STAGING_HOST }}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./docker/billboard/docker-compose.yml app@${{ secrets.STAGING_HOST }}:/home/app/dm3
+            - name: Prepare docker
+              run: |
+                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  cd dm3 && docker compose down && docker system prune -af"
+                  ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
+                  systemctl restart docker.service"
+            - name: Load docker image
+              run: |
+                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  cd dm3 && docker load -i dm3-backend.tar; \
+                  rm dm3-backend.tar || true"
+            - name: Firewall config
+              run: |
+                  ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
+                  ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.IP_ADDRESS }} port 80"
+            - name: Start
+              run: |
+                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  cd dm3 && docker compose --env-file .env up -d"
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,4 +1,4 @@
-name: Push Workflow
+name: Staging deploy
 on: push
 
 jobs:
@@ -56,23 +56,23 @@ jobs:
                   cp ./.env.react packages/messenger-demo/.env
                   docker build --progress=plain -t dm3-backend:latest -f ./docker/Dockerfile .
                   docker save -o ./dm3-backend.tar dm3-backend:latest
+            - name: Prepare docker
+              run: |
+                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  cd dm3 && docker compose down && docker system prune -af"
+                  ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
+                  systemctl restart docker.service \
+                  rm /home/app/dm3-backend.tar || true"
             - name: Sync files
               run: |
                   rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.STAGING_HOST }}:/home/app/dm3
                   rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.STAGING_HOST }}:/home/app/dm3 
                   rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.STAGING_HOST }}:/home/app/dm3
                   rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ secrets.STAGING_HOST }}:/home/app/dm3
-            - name: Prepare docker
-              run: |
-                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
-                  cd dm3 && docker compose down && docker system prune -af"
-                  ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
-                  systemctl restart docker.service"
             - name: Load docker image
               run: |
                   ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
-                  cd dm3 && docker load -i dm3-backend.tar; \
-                  rm dm3-backend.tar || true"
+                  cd dm3 && docker load -i dm3-backend.tar"
             - name: Firewall config
               run: |
                   ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\

diff --git a/.github/workflows/on-push.yml b/.github/workflows/on-push.yml
@@ -1,4 +1,4 @@
-name: Push Workflow
+name: Build and test
 on: push
 
 jobs:

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,7 +1,7 @@
 FROM --platform=linux/amd64 node:18-alpine
 WORKDIR /app
 COPY . .
-RUN apk add --update python3 make g++\
+RUN apk add --update python3 make g++ curl\
    && rm -rf /var/cache/apk/*
 RUN yarn install
 RUN yarn build
diff --git a/docker/billboard/docker-compose.yml b/docker/billboard/docker-compose.yml
@@ -0,0 +1,134 @@
+version: "3.1"
+services:
+
+  nginx:
+    container_name: nginx
+    image: nginx:latest
+    restart: always
+    depends_on:
+      - billboard-client
+      - backend
+      - ccip-resolver
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - web-root:/var/www/html
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
+    ports:
+      - "80:80"
+      - "443:443"
+
+  backend:
+    image: dm3-backend
+    command: yarn workspace dm3-backend start
+    depends_on:
+      - db
+    environment:
+      REDIS_URL: redis://db:6379
+      SIGNING_PUBLIC_KEY: ${SIGNING_PUBLIC_KEY}
+      SIGNING_PRIVATE_KEY: ${SIGNING_PRIVATE_KEY}
+      ENCRYPTION_PUBLIC_KEY: ${ENCRYPTION_PUBLIC_KEY}
+      ENCRYPTION_PRIVATE_KEY: ${ENCRYPTION_PRIVATE_KEY}
+      DISABLE_SESSION_CHECK: ${DISABLE_SESSION_CHECK}
+      RPC: ${RPC}
+      PORT: 8081
+      LOG_LEVEL: 'debug'
+
+  billboard-client:
+    image: dm3-backend
+    command: yarn workspace dm3-billboard-client start
+    depends_on:
+      db:
+        condition: service_started
+      ccip-resolver:
+        condition: service_started
+      offchain-resolver:
+        condition: service_healthy
+    environment:
+      PORT: 8083
+      time: 0
+      privateKey: ${BILLBOARD_PRIVATE_KEY}
+      ensNames: ${BILLBOARD_NAMES}
+      mediators: '[]'
+      REDIS_URL: redis://db:6379
+      RPC: ${RPC}
+      LOG_LEVEL: 'debug'
+
+  db:
+    image: redis
+    restart: always
+
+  offchain-resolver-db:
+    image: postgres
+    restart: always
+    container_name: offchain_resolver_db
+    environment:
+        POSTGRES_PASSWORD: example
+
+  offchain-resolver:
+    image: dm3-backend
+    command: yarn workspace dm3-offchain-resolver start
+    depends_on:
+      - offchain-resolver-db
+    environment:
+      DATABASE_URL: postgresql://postgres:example@offchain-resolver-db:5432
+      PORT: 8082
+      LOG_LEVEL: 'debug'
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8082/0x26139b2349282de5ee2bd9c7a53171a28d6a6c84/0xf8c30f63000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000001c0a62696c6c626f617264310762622d7573657203646d3303657468000000000000000000000000000000000000000000000000000000000000000000000000243b3b57de8d7fcfd6548aae2cdb5851741139459856caadb3b9ad3d27872ae921b2348a7d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bcd6de065fd7e889e3ec86aa2d2780d7553ab3cc000000000000000000000000"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+
+  # web:
+  #   image: dm3-backend
+  #   command: yarn workspace messenger-demo start
+  #   environment:
+  #     REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN}
+  #     REACT_APP_BACKEND: ${REACT_APP_BACKEND}
+  #     REACT_APP_DEFAULT_DELIVERY_SERVICE: ${REACT_APP_DEFAULT_DELIVERY_SERVICE}
+  #     REACT_APP_DEFAULT_SERVICE: ${REACT_APP_DEFAULT_SERVICE}
+  #     REACT_APP_ETHEREUM_PROVIDER: ${REACT_APP_ETHEREUM_PROVIDER}
+  #     REACT_APP_PROFILE_BASE_URL: ${REACT_APP_PROFILE_BASE_URL}
+  #     REACT_APP_RESOLVER_BACKEND: ${REACT_APP_RESOLVER_BACKEND}
+  #     REACT_APP_USER_ENS_SUBDOMAIN: ${REACT_APP_USER_ENS_SUBDOMAIN}
+  #     REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID}
+  #     RESOLVER_ADDR: ${RESOLVER_ADDR}
+
+  certbot:
+    image: certbot/certbot
+    container_name: certbot
+    volumes:
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
+      - web-root:/var/www/html
+    depends_on:
+      - nginx
+    command: certonly --webroot --webroot-path=/var/www/html --email ${CERT_MAIL} --agree-tos --no-eff-email -d ${URL}
+
+  ccip-resolver:
+    image: dm3org/ccip-resolver:v0.2.7
+    restart: always
+    depends_on:
+      offchain-resolver:
+        condition: service_healthy
+    environment:
+      SIGNER_PRIVATE_KEY: ${BILLBOARD_SIGNER_PRIVATE_KEY}
+      LOG_LEVEL: debug
+      CONFIG: |
+        {
+          "0xc9bf092673b3a066df088a2a911e23e9b69b82f2": {
+            "type": "signing",
+            "handlerUrl": "http://offchain-resolver:8082"
+          }
+        }
+      PORT: 8181
+volumes:
+  certbot-etc:
+  certbot-var:
+  web-root:
+    driver: local
+    driver_opts:
+      type: none
+      device: /home/app/dm3/webroot/
+      o: bind