chore: initial Tiltfile

.github/workflows/tilt.yml

@@ -0,0 +1,14 @@
+name: "Tilt CI"
+on:
+  pull_request:
+    branches: [ main ]
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: cachix/install-nix-action@v22
+      with:
+        github_access_token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Tilt CI
+      run: nix develop -c bash -c "cd dev && xvfb-run tilt ci -- --test consent"

apps/consent/BUCK

@@ -1,10 +1,27 @@
 load("@toolchains//workspace-pnpm:macros.bzl",
+"dev_pnpm_task_binary",
+"dev_pnpm_task_test",
 "build_node_modules",
 "next_build",
 "next_build_bin",
 "eslint"
 )
 
+dev_pnpm_task_binary(
+  name = "dev",
+  command = "dev",
+)
+
+dev_pnpm_task_binary(
+  name = "open-cypress",
+  command = "cypress:open",
+)
+
+dev_pnpm_task_test(
+  name = "cypress",
+  command = "cypress:run",
+)
+
 export_file(
   name = "package.json",
   visibility = ["PUBLIC"],

apps/consent/cypress.config.ts

@@ -1,16 +1,14 @@
 import { defineConfig } from "cypress"
 import dotenv from "dotenv"
-dotenv.config()
-dotenv.config({ path: ".env.test" })
+dotenv.config({ path: "../../dev/.envs/consent.env" })
 
 export default defineConfig({
   e2e: {
-    baseUrl: "http://127.0.0.1:3000",
-    // setupNodeEvents(on, config) {},
+    baseUrl: "http://localhost:3000",
   },
   defaultCommandTimeout: 60000,
   env: {
-    ...process.env,
+    AUTHORIZATION_URL: process.env.AUTHORIZATION_URL,
   },
   component: {
     devServer: {

apps/consent/cypress/support/commands.ts

@@ -46,7 +46,7 @@ declare namespace Cypress {
 }
 
 Cypress.Commands.add("getOTP", (email) => {
-  const query = `docker exec -i api-kratos-pg-1 psql -U dbuser -d default -t -c "SELECT body FROM courier_messages WHERE recipient='${email}' ORDER BY created_at DESC LIMIT 1;"`
+  const query = `docker exec -i galoy-dev-kratos-pg-1 psql -U dbuser -d default -t -c "SELECT body FROM courier_messages WHERE recipient='${email}' ORDER BY created_at DESC LIMIT 1;"`
   cy.exec(query).then((result) => {
     const rawMessage = result.stdout
     const otpMatch = rawMessage.match(/(\d{6})/)

apps/consent/env.ts

@@ -4,10 +4,10 @@ import { z } from "zod"
 export const env = createEnv({
   server: {
     HYDRA_ADMIN_URL: z.string().default("http://localhost:4445"),
-    CORE_AUTH_URL: z.string().default("http://localhost:4002/auth"),
+    CORE_AUTH_URL: z.string().default("http://localhost:4455/auth"),
   },
   shared: {
-    GRAPHQL_ENDPOINT: z.string().default("http://localhost:4002/graphql"),
+    GRAPHQL_ENDPOINT: z.string().default("http://localhost:4455/graphql"),
   },
   runtimeEnv: {
     CORE_AUTH_URL: process.env.CORE_AUTH_URL,

core/api/src/config/env.ts

@@ -47,7 +47,7 @@ export const env = createEnv({
     KRATOS_CALLBACK_API_KEY: z.string().min(1),
 
     BRIA_HOST: z.string().min(1),
-    BRIA_PORT: z.number().min(1).or(z.string()).pipe(z.coerce.number()),
+    BRIA_PORT: z.number().min(1).or(z.string()).pipe(z.coerce.number()).default(2742),
     BRIA_API_KEY: z.string().min(1),
 
     GEETEST_ID: z.string().min(1).optional(),

dev/.gitignore

@@ -0,0 +1,3 @@
+.*.json
+.*.env
+.envs

dev/Tiltfile

@@ -1,7 +1,148 @@
+is_ci=sys.argv[1] == "ci"
+
+config.define_string_list("test")
+cfg = config.parse()
+
+groups = {
+    "auth": [
+        "oathkeeper",
+        "hydra",
+        "hydra-migrate",
+        "hydra-pg",
+        "kratos",
+        "kratos-pg",
+    ],
+    "core": [
+        "apollo-router",
+        "mongodb",
+        "redis",
+    ],
+    "bitcoin": [
+        "lnd1",
+        "bria",
+        "postgres-bria",
+        "fulcrum",
+        "bitcoind-signer",
+        "bitcoind",
+    ],
+    "tracing": [
+      "otel-agent",
+    ],
+}
+
+consent_test_target = "//apps/consent:cypress"
+local_resource(
+  "consent-test",
+  labels = ["test"],
+  auto_init = is_ci and "consent" in cfg.get("test", []),
+  cmd = "buck2 test {}".format(consent_test_target),
+  resource_deps = [
+    "consent",
+    "init-test-user",
+    "hydra-consent"
+  ],
+)
+
+local_resource(
+  name='init-test-user',
+  labels = ['test'],
+  cmd='bin/init-user.sh',
+  resource_deps = [
+    "oathkeeper",
+    "kratos",
+    "api",
+  ]
+)
+
+consent_target = "//apps/consent:dev"
+if is_ci:
+  consent_target = '//apps/consent:consent'
+local_resource(
+    "consent",
+    labels = ["auth"],
+    cmd = "buck2 build {}".format(consent_target),
+    serve_cmd = "buck2 run {}".format(consent_target),
+    resource_deps = [
+        "apollo-router",
+        "hydra",
+        "api",
+    ],
+    links = [
+        link("http://localhost:3000", "consent"),
+    ],
+)
+
+local_resource(
+  name='hydra-consent',
+  labels = ['auth'],
+  cmd=['bin/setup-hydra-client.sh', 'consent', 'http://localhost:3000'],
+  resource_deps = [
+    "hydra",
+  ]
+)
+
 api_target = "//core/api:api"
 local_resource(
     "api",
-    labels = ["frontend"],
+    labels = ["core"],
     cmd = "buck2 build {}".format(api_target),
     serve_cmd = "buck2 run {}".format(api_target),
+    serve_env = {
+        "HELMREVISION": "dev",
+        "NETWORK": "regtest",
+        "OATHKEEPER_DECISION_ENDPOINT": "http://localhost:4456",
+        "TWILIO_ACCOUNT_SID": "AC_twilio_id",
+        "TWILIO_AUTH_TOKEN": "AC_twilio_auth_token",
+        "TWILIO_VERIFY_SERVICE_ID": "VA_twilio_service",
+        "KRATOS_PG_CON": "postgres://dbuser:secret@localhost:5433/default?sslmode=disable",
+        "KRATOS_PUBLIC_API": "http://localhost:4433",
+        "KRATOS_ADMIN_API": "http://localhost:4434",
+        "KRATOS_MASTER_USER_PASSWORD": "passwordHardtoFindWithNumber123",
+        "KRATOS_CALLBACK_API_KEY": "The-Value-of-My-Key",
+        "BRIA_HOST": "localhost",
+        "BRIA_API_KEY": "bria_dev_000000000000000000000",
+        "MONGODB_CON": "mongodb://localhost:27017/galoy",
+        "REDIS_MASTER_NAME": "mymaster",
+        "REDIS_PASSWORD": "",
+        "REDIS_0_DNS": "localhost",
+        "REDIS_0_PORT": "6379",
+        "REDIS_TYPE": "standalone",
+        "UNSECURE_IP_FROM_REQUEST_OBJECT": "true",
+        "UNSECURE_DEFAULT_LOGIN_CODE": "000000",
+        "GEETEST_ID": "geetest_id",
+        "GEETEST_KEY": "geetest_key"
+    },
+    allow_parallel = True,
+    readiness_probe = probe(
+        period_secs  = 5,
+        http_get = http_get_action(
+            path = "healthz",
+            port = 4012,
+        ),
+    ),
+    resource_deps = [
+        "init-onchain",
+        "lnd1",
+    ]
+)
+
+local_resource(
+  name='init-onchain',
+  labels = ['bitcoin'],
+  cmd='bin/init-onchain.sh',
+  resource_deps = [
+    "bitcoind",
+    "bria",
+  ]
 )
+
+docker_compose("./docker-compose.deps.yml", project_name = "galoy-dev")
+
+for service in groups["bitcoin"]:
+    dc_resource(service, labels = ["bitcoin"])
+for service in groups["tracing"]:
+    dc_resource(service, labels = ["tracing"])
+for service in groups["core"]:
+    dc_resource(service, labels = ["core"])
+for service in groups["auth"]:
+    dc_resource(service, labels = ["auth"])

dev/bin/init-onchain.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+DEV_DIR="$(dirname "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")")"
+source "${DEV_DIR}/helpers/cli.sh"
+
+echo "Seeding some regtest blocks..."
+
+bitcoin_cli createwallet "outside" || true
+bitcoin_cli -generate 200 > /dev/null 2>&1
+
+bitcoin_signer_cli createwallet "dev" || true
+bitcoin_signer_cli -rpcwallet=dev importdescriptors "$(cat ./config/bitcoind/bitcoind_signer_descriptors.json)"
+
+echo "Checking that bria is running..."
+
+for _ in {1..20}; do
+  bria_cli wallet-balance -w dev-wallet && break
+  sleep 1
+done
+bria_cli wallet-balance -w dev-wallet || exit 1
+
+echo "DONE"

dev/bin/init-user.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+set -x
+
+DEV_DIR="$(dirname "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")")"
+source "${DEV_DIR}/helpers/auth.sh"
+source "${DEV_DIR}/helpers/gql.sh"
+
+user_phone="+16505554350"
+email="test@galoy.com"  
+
+auth_token="$(login_user "${user_phone}")"
+
+register_email_to_user "${auth_token}" "${email}"

dev/bin/setup-hydra-client.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+DEV_DIR="$(dirname "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")")"
+source "${DEV_DIR}/helpers/cli.sh"
+
+hydra_client_name="${1}"
+redirect_uri="${2}"
+
+HYDRA_CLIENT_JSON="${DEV_DIR}/../.${hydra_client_name}-hydra-client.json"
+HYDRA_CLIENT_ENV="${DEV_DIR}/../.${hydra_client_name}-hydra-client.env"
+HYDRA_ADMIN_API="http://localhost:4445"
+HYDRA_PUBLIC_API="http://localhost:4444"
+
+hydra_cli create client \
+    --endpoint "${HYDRA_ADMIN_API}" \
+    --grant-type authorization_code,refresh_token \
+    --response-type code,id_token \
+    --format json \
+    --scope offline --scope transactions:read --scope payments:send \
+    --redirect-uri "$redirect_uri" > "${HYDRA_CLIENT_JSON}"
+
+CLIENT_ID=$(jq -r '.client_id' < "${HYDRA_CLIENT_JSON}")
+CLIENT_SECRET=$(jq -r '.client_secret' < "${HYDRA_CLIENT_JSON}")
+
+AUTHORIZATION_URL="${HYDRA_PUBLIC_API}/oauth2/auth?client_id=$CLIENT_ID&scope=offline%20transactions:read&response_type=code&redirect_uri=$redirect_uri&state=kfISr3GhH0rqheByU6A6hqIG_f14pCGkZLSCUTHnvlI"
+
+echo "export CLIENT_ID=$CLIENT_ID" > "${HYDRA_CLIENT_ENV}"
+echo "export CLIENT_SECRET=$CLIENT_SECRET" >> "${HYDRA_CLIENT_ENV}"
+echo "export AUTHORIZATION_URL=$AUTHORIZATION_URL" >> "${HYDRA_CLIENT_ENV}"
+
+mkdir -p "${DEV_DIR}/.envs"
+cp "${HYDRA_CLIENT_ENV}" "${DEV_DIR}/.envs/${hydra_client_name}.env"

dev/config/bitcoind/bitcoin.conf

@@ -0,0 +1,19 @@
+rpcuser=rpcuser
+rpcpassword=rpcpassword
+debug=mempool
+debug=rpc
+server=1
+txindex=1
+printtoconsole=1
+zmqpubrawtx=tcp://0.0.0.0:28333
+zmqpubrawblock=tcp://0.0.0.0:28332
+blockfilterindex=1
+bind=0.0.0.0
+fallbackfee=0.0002
+rpcallowip=0.0.0.0/0
+regtest=1
+[regtest]
+bind=0.0.0.0
+fallbackfee=0.0002
+rpcallowip=0.0.0.0/0
+rpcbind=0.0.0.0

dev/config/bitcoind/bitcoind_signer_descriptors.json

@@ -0,0 +1 @@
+[{"active":true,"desc":"wpkh([6f2fa1b2/84'/0'/0']tprv8gXB88g1VCScmqPp8WcetpJPRxix24fRJJ6FniYCcCUEFMREDrCfwd34zWXPiY5MW2xp8e1Z6EeBrh74zMSgfQQmTorWtE1zyBtv7yxdcoa/0/*)#88k4937c","timestamp":0},{"active":true,"desc":"wpkh([6f2fa1b2/84'/0'/0']tprv8gXB88g1VCScmqPp8WcetpJPRxix24fRJJ6FniYCcCUEFMREDrCfwd34zWXPiY5MW2xp8e1Z6EeBrh74zMSgfQQmTorWtE1zyBtv7yxdcoa/1/*)#knn5cywq","internal":true,"timestamp":0}]

dev/config/bria.yml

@@ -0,0 +1,8 @@
+app:
+  blockchain:
+    network: regtest
+    electrum_url: fulcrum:50001
+tracing:
+  host: "otel-agent"
+  port: 4318
+  service_name: "bria-dev"

dev/config/fulcrum/fulcrum.conf

@@ -0,0 +1,7 @@
+bitcoind = bitcoind:18443
+rpcuser = rpcuser
+rpcpassword = rpcpassword
+peering = false
+announce = false
+tcp = 0.0.0.0:50001
+ssl = 0.0.0.0:50002

dev/config/fulcrum/tls.cert

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAe2gAwIBAgIUKCSR4otDtA4+ow5z5zL9zc1CI10wDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UECgwHRnVsY3J1bTAeFw0yMjExMjkxMDUzNDFaFw0zMjExMjYx
+MDUzNDFaMBIxEDAOBgNVBAoMB0Z1bGNydW0wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDasNdsbz47BDEjzKLeG4RxOqMikrBY6fQd0+8pt8Fh/qSaF2lG
+NpLbADDcszyddb0GD5tYQe7YBIyrexp9Q1gvejj1zuagXwlSYfrSkiDB3nBYreSl
+wq4i87VjCMX5Fr270S3mHfptg5zbPgQvvTvnD0Y7Ur9lriNydWp9Qz6TLWWYVhui
+yxLrtsxv6hRDndlkIxDbZt9kr6yzLroBtXFEFSCeROb1sE2ouVXC89eAlcpvWZF6
+MMnlAkECRS5m3QtKyYtTQ0FTGBrAN2xUnirR9z+wpAOu3S/AjEt4AC1ome75tiJv
+rtCIaf438QhNerb/sQmyHXIpjw6KZxADKS3RAgMBAAGjUzBRMB0GA1UdDgQWBBS0
+xHEskJjxCg8F1YYT0NkzBVFsTDAfBgNVHSMEGDAWgBS0xHEskJjxCg8F1YYT0Nkz
+BVFsTDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCwxhxRCfa1
+DXfFP+BM9OwDldNC9B66d/6hueaY26YJxcLvuKcAm+0MwciNFnWhb9yiY2wnWaZ6
+zA6VKuxCrVU7egg5gG2+lZYjAiQOkFtVNHGEIjVTow4GJAkJGjH/B9J2teHKR1a6
+XDJ5xKLAIM7hnKVjIM7cA/Y3Q/AsR/uzp4GOccqHX3g/AKKLFahLCkVv5CeIrl+y
+kPv/3jXbP71iJPhG2j74EVPLeQ0qKAb03vz2Y2HaSBripGQEwnx7MoQnbRhYx00Y
++LG1WGYeNOEXfT8trewl+gfsoLenlDTLukIfjjvQ5dRDA9pD1ij+1+jz/XCyQ7w5
+LzhYnJBwIGpt
+-----END CERTIFICATE-----