Merge pull request #212 from gnosisguild/main

Release Initial Launch
gnosisguild · Dec 23, 2024 · 672de56 · 672de56
2 parents 44aac5b + 8ec745d
commit 672de56
Show file tree

Hide file tree

Showing 50 changed files with 1,379 additions and 327 deletions.
diff --git a/.github/workflows/ec2-deployment.yml b/.github/workflows/ec2-deployment.yml
@@ -81,6 +81,5 @@ jobs:
             
             cd /home/ec2-user/enclave
             git pull
-            
-            docker stack deploy -c docker-compose.yml ciphernode-stack
 
+            ./deploy/deploy.sh enclave $IMAGE_NAME:$IMAGE_TAG
diff --git a/deploy/.env.example b/deploy/.env.example
@@ -0,0 +1,4 @@
+RPC_URL=wss://eth-sepolia.g.alchemy.com/v2/API_KEY
+SEPOLIA_ENCLAVE_ADDRESS=0xCe087F31e20E2F76b6544A2E4A74D4557C8fDf77
+SEPOLIA_CIPHERNODE_REGISTRY_ADDRESS=0x0952388f6028a9Eda93a5041a3B216Ea331d97Ab
+SEPOLIA_FILTER_REGISTRY=0xcBaCE7C360b606bb554345b20884A28e41436934
diff --git a/deploy/.gitignore b/deploy/.gitignore
@@ -0,0 +1,3 @@
+*.secrets.json
+.env
+!example.secrets.json
diff --git a/deploy/agg.yaml b/deploy/agg.yaml
@@ -0,0 +1,15 @@
+address: "${ADDRESS}"
+quic_port: ${QUIC_PORT}
+enable_mdns: false
+peers:
+  - "/dns4/cn1/udp/9091/quic-v1"
+  - "/dns4/cn2/udp/9092/quic-v1"
+  - "/dns4/cn3/udp/9093/quic-v1"
+  - "/dns4/aggregator/udp/9094/quic-v1"
+chains:
+  - name: "sepolia"
+    rpc_url: "${RPC_URL}"
+    contracts:
+      enclave: "${SEPOLIA_ENCLAVE_ADDRESS}"
+      ciphernode_registry: "${SEPOLIA_CIPHERNODE_REGISTRY_ADDRESS}"
+      filter_registry: "${SEPOLIA_FILTER_REGISTRY}"
diff --git a/deploy/build.sh b/deploy/build.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+# Enable BuildKit
+export DOCKER_BUILDKIT=1
+
+mkdir -p /tmp/docker-cache
+
+time docker buildx build \
+  --cache-from=type=local,src=/tmp/docker-cache \
+  --cache-to=type=local,dest=/tmp/docker-cache \
+  --load \
+  -t ${1:-ghcr.io/gnosisguild/ciphernode} -f ./packages/ciphernode/Dockerfile .
diff --git a/deploy/cn1.yaml b/deploy/cn1.yaml
@@ -0,0 +1,15 @@
+address: "${ADDRESS}"
+quic_port: ${QUIC_PORT}
+enable_mdns: false
+peers:
+  - "/dns4/cn1/udp/9091/quic-v1"
+  - "/dns4/cn1/udp/9092/quic-v1"
+  - "/dns4/cn1/udp/9093/quic-v1"
+  - "/dns4/cn1/udp/9094/quic-v1"
+chains:
+  - name: "sepolia"
+    rpc_url: "${RPC_URL}"
+    contracts:
+      enclave: "${SEPOLIA_ENCLAVE_ADDRESS}"
+      ciphernode_registry: "${SEPOLIA_CIPHERNODE_REGISTRY_ADDRESS}"
+      filter_registry: "${SEPOLIA_FILTER_REGISTRY}"
diff --git a/deploy/cn2.yaml b/deploy/cn2.yaml
@@ -0,0 +1,15 @@
+address: "${ADDRESS}"
+quic_port: ${QUIC_PORT}
+enable_mdns: false
+peers:
+  - "/dns4/cn1/udp/9091/quic-v1"
+  - "/dns4/cn2/udp/9092/quic-v1"
+  - "/dns4/cn3/udp/9093/quic-v1"
+  - "/dns4/aggregator/udp/9094/quic-v1"
+chains:
+  - name: "sepolia"
+    rpc_url: "${RPC_URL}"
+    contracts:
+      enclave: "${SEPOLIA_ENCLAVE_ADDRESS}"
+      ciphernode_registry: "${SEPOLIA_CIPHERNODE_REGISTRY_ADDRESS}"
+      filter_registry: "${SEPOLIA_FILTER_REGISTRY}"
diff --git a/deploy/cn3.yaml b/deploy/cn3.yaml
@@ -0,0 +1,15 @@
+address: "${ADDRESS}"
+quic_port: ${QUIC_PORT}
+enable_mdns: false
+peers:
+  - "/dns4/cn1/udp/9091/quic-v1"
+  - "/dns4/cn2/udp/9092/quic-v1"
+  - "/dns4/cn3/udp/9093/quic-v1"
+  - "/dns4/aggregator/udp/9094/quic-v1"
+chains:
+  - name: "sepolia"
+    rpc_url: "${RPC_URL}"
+    contracts:
+      enclave: "${SEPOLIA_ENCLAVE_ADDRESS}"
+      ciphernode_registry: "${SEPOLIA_CIPHERNODE_REGISTRY_ADDRESS}"
+      filter_registry: "${SEPOLIA_FILTER_REGISTRY}"
diff --git a/deploy/copy-secrets.sh b/deploy/copy-secrets.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+set_network_private_key() {
+    echo "Setting network private key for $1"
+    jq --arg key "$2" '.network_private_key = $key' "$1.secrets.json" > "$1.secrets.json.tmp" && mv "$1.secrets.json.tmp" "$1.secrets.json"
+}
+
+# Set working directory to script location
+cd "$(dirname "$0")" || exit 1
+
+# Source file path (in current directory)
+SOURCE="example.secrets.json"
+
+# Color codes
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# List of target files
+TARGETS=("cn1" "cn2" "cn3" "agg")
+
+# Sample network private keys
+NETWORK_KEY_CN1="0x11a1e500a548b70d88184a1e042900c0ed6c57f8710bcc35dc8c85fa33d3f580"
+NETWORK_KEY_CN2="0x21a1e500a548b70d88184a1e042900c0ed6c57f8710bcc35dc8c85fa33d3f580"
+NETWORK_KEY_CN3="0x31a1e500a548b70d88184a1e042900c0ed6c57f8710bcc35dc8c85fa33d3f580"
+NETWORK_KEY_AGG="0x41a1e500a548b70d88184a1e042900c0ed6c57f8710bcc35dc8c85fa33d3f580"
+NET_KEYS=($NETWORK_KEY_CN1 $NETWORK_KEY_CN2 $NETWORK_KEY_CN3 $NETWORK_KEY_AGG)
+
+# Check if source file exists
+if [ ! -f "$SOURCE" ]; then
+    echo "Error: Source file $SOURCE not found!"
+    exit 1
+fi
+
+i=0
+# Copy file to each target, skipping if exists
+for target in "${TARGETS[@]}"; do
+    if [ -f "${target}.secrets.json" ]; then
+        echo "Skipping ${target}.secrets.json - file already exists"
+    else
+        cp "$SOURCE" "${target}.secrets.json"
+        set_network_private_key "${target}" "${NET_KEYS[${i:-0}]}"
+        ((i++))
+        echo "Created ${target}.secrets.json"
+    fi
+done
+
+echo "Copy operation completed!"
+
+# Check for unchanged files
+echo -e "\nChecking for unchanged secret files..."
+UNCHANGED_FILES=()
+
+for target in "${TARGETS[@]}"; do
+    if [ -f "${target}.secrets.json" ]; then
+        if cmp -s "$SOURCE" "${target}.secrets.json"; then
+            UNCHANGED_FILES+=("${target}.secrets.json")
+        fi
+    fi
+done
+
+# Display warning if unchanged files found
+if [ ${#UNCHANGED_FILES[@]} -gt 0 ]; then
+    echo -e "${RED}WARNING: The following files are identical to example.secrets.json:${NC}"
+    for file in "${UNCHANGED_FILES[@]}"; do
+        echo -e "${YELLOW}==> ${NC}${file}${YELLOW} <==${NC}"
+    done
+    echo -e "${RED}These files should be modified before use in production!${NC}"
+fi
diff --git a/deploy/deploy.sh b/deploy/deploy.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+TIMESTAMP=$(date +%s)
+RUN_FILE="./deploy/tmp.docker-compose.${TIMESTAMP}.yml"
+TEMPLATE_FILE="./deploy/docker-compose.yml"
+
+wait_ready() {
+    local STACK_NAME="$1"
+    until [ "$(docker stack services $STACK_NAME --format '{{.Replicas}}' | awk -F'/' '$1 != $2')" = "" ]; do
+        printf "."
+        sleep 1
+    done
+    echo -ne "\r\033[K"
+    echo "Stack $STACK_NAME is ready!"
+}
+
+wait_removed() {
+  local STACK_NAME="$1"
+  while docker stack ps $STACK_NAME >/dev/null 2>&1; do
+      printf "."
+      sleep 1
+  done
+  echo -ne "\r\033[K"
+  echo "Stack $STACK_NAME is removed"
+}
+
+
+if [ -z "$1" ]; then
+    echo "Error: Please provide a stack name as an argument"
+    echo "Usage: $0 <stack-name> <image-name>"
+    exit 1
+fi
+
+if [ -z "$2" ]; then
+    echo "Error: Please provide an image name as an argument"
+    echo "Usage: $0 <stack-name> <image-name>"
+    exit 1
+fi
+
+# Check if docker-compose.yml exists
+if [ ! -f "$TEMPLATE_FILE" ]; then
+    echo "Error: $TEMPLATE_FILE not found"
+    exit 1
+fi
+
+sed "s|{{IMAGE}}|$2|g" $TEMPLATE_FILE > "${RUN_FILE}"
+
+STACK_NAME=$1
+docker stack rm $STACK_NAME
+wait_removed $STACK_NAME
+docker stack deploy -c $RUN_FILE $STACK_NAME
+wait_ready $STACK_NAME
+rm ./deploy/tmp.*.*
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
@@ -0,0 +1,102 @@
+services:
+  cn1:
+    image: {{IMAGE}}
+    volumes:
+      - ./cn1.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
+      - cn1-data:/home/ciphernode/.local/share/enclave
+    secrets:
+      - source: secrets_cn1
+        target: secrets.json
+    env_file: .env
+    environment:
+      RUST_LOG: "info"
+      AGGREGATOR: "false"
+      ADDRESS: "0xbDA5747bFD65F08deb54cb465eB87D40e51B197E"
+      QUIC_PORT: 9091
+    deploy:
+      replicas: 1
+      endpoint_mode: dnsrr
+    networks:
+      - global-network
+
+  cn2:
+    image: {{IMAGE}}
+    volumes:
+      - ./cn2.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
+      - cn2-data:/home/ciphernode/.local/share/enclave
+    secrets:
+      - source: secrets_cn2
+        target: secrets.json
+    env_file: .env
+    environment:
+      RUST_LOG: "info"
+      AGGREGATOR: "false"
+      ADDRESS: "0xdD2FD4581271e230360230F9337D5c0430Bf44C0" 
+      QUIC_PORT: 9092
+    deploy:
+      replicas: 1
+      endpoint_mode: dnsrr
+    networks:
+      - global-network
+
+  cn3:
+    image: {{IMAGE}}
+    volumes:
+      - ./cn3.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
+      - cn3-data:/home/ciphernode/.local/share/enclave
+    secrets:
+      - source: secrets_cn3
+        target: secrets.json
+    env_file: .env
+    environment:
+      RUST_LOG: "info"
+      AGGREGATOR: "false"
+      ADDRESS: "0x2546BcD3c84621e976D8185a91A922aE77ECEc30"
+      QUIC_PORT: 9093
+    deploy:
+      replicas: 1
+      endpoint_mode: dnsrr
+    networks:
+      - global-network
+
+  aggregator:
+    image: {{IMAGE}}
+    depends_on:
+      - cn1
+    volumes:
+      - ./agg.yaml:/home/ciphernode/.config/enclave/config.yaml:ro
+      - agg-data:/home/ciphernode/.local/share/enclave
+    secrets:
+      - source: secrets_agg
+        target: secrets.json
+    env_file: .env
+    environment:
+      RUST_LOG: "info"
+      AGGREGATOR: "true"
+      ADDRESS: "0x8626a6940E2eb28930eFb4CeF49B2d1F2C9C1199"
+      QUIC_PORT: 9094
+    deploy:
+      replicas: 1
+      endpoint_mode: dnsrr
+    networks:
+      - global-network
+
+secrets:
+  secrets_cn1:
+    file: cn1.secrets.json
+  secrets_cn2:
+    file: cn2.secrets.json
+  secrets_cn3:
+    file: cn3.secrets.json
+  secrets_agg:
+    file: agg.secrets.json   
+
+volumes:
+  cn1-data:
+  cn2-data:
+  cn3-data:
+  agg-data:
+
+networks:
+  global-network:
+    driver: overlay
diff --git a/deploy/example.secrets.json b/deploy/example.secrets.json
@@ -0,0 +1,5 @@
+{
+  "password": "changeme",
+  "private_key": "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80",
+  "network_private_key": "0x11a1e500a548b70d88184a1e042900c0ed6c57f8710bcc35dc8c85fa33d3f580"
+}
diff --git a/deploy/inspect.sh b/deploy/inspect.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+get_logs_by_version() {
+    local SERVICE_NAME=$1
+
+    # Get current version number
+    CURRENT_VERSION=$(docker service inspect --format '{{.Version.Index}}' $SERVICE_NAME)
+
+    # Get all tasks with this version
+    TASK_IDS=$(docker service ps --filter "desired-state=running" \
+        --format '{{.ID}}' $SERVICE_NAME)
+
+    # Get logs from these specific tasks
+    for TASK_ID in $TASK_IDS; do
+        docker service logs --raw "$TASK_ID"
+    done
+}
+
+echo ""
+echo "================================="
+echo "           CN1 "
+echo "================================="
+
+get_logs_by_version enclave_cn1
+
+
+echo ""
+echo "================================="
+echo "           CN2 "
+echo "================================="
+
+get_logs_by_version enclave_cn2
+
+
+echo ""
+echo "================================="
+echo "           CN3 "
+echo "================================="
+
+get_logs_by_version enclave_cn3
+
+
+echo ""
+echo "================================="
+echo "           AGG "
+echo "================================="
+
+get_logs_by_version enclave_aggregator