Rate oracle (#40)

* Added CI files for Rate Oracle --------- Co-authored-by: alioss <alioss@users.noreply.github.com>
make-software · Dec 3, 2023 · e2cdf6b · e2cdf6b
1 parent 0f84123
commit e2cdf6b
Show file tree

Hide file tree

Showing 7 changed files with 232 additions and 0 deletions.
diff --git a/.github/workflows/dev-deploy.yaml b/.github/workflows/dev-deploy.yaml
@@ -0,0 +1,95 @@
+name: (DEV) Build and deploy all images
+
+on:
+  push:
+    branches:
+      - 'master'
+    paths-ignore:
+      - 'infra/**'
+
+jobs:
+  build:
+    name: Build Images
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - name: rate
+            repository: RATE_ORACLE
+            dockerfile: rate-oracle.dockerfile
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ secrets.AWS_REGION }}
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: |
+          ${{ steps.login-ecr.outputs.registry }}/${{ secrets[format('ECR_REPOSITORY_{0}', matrix.repository)] }}
+        tags: |
+          type=sha
+          type=schedule
+          type=raw,value=latest
+          type=semver,pattern=v{{version}}
+
+    - name: Build and push up
+      uses: docker/build-push-action@v4
+      with:
+        file: infra/docker/${{ matrix.dockerfile }}
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+
+  gitops_tasks:
+    name: GitOps Tasks
+    needs: [build]
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Get short sha
+      id: short_sha
+      run: echo "short_sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+    - uses: actions/checkout@v3
+      with:
+        ref: master
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ secrets.AWS_REGION }}
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+
+    - name: Update Image Repo
+      id: imgupd
+      uses: mikefarah/yq@master
+      with:
+        cmd: |
+          yq eval '.rateOracle.image.repository = "${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_REPOSITORY_RATE_ORACLE }}"' -i infra/helm/values-dev.yaml
+          yq eval '.rateOracle.image.tag = "sha-${{  steps.short_sha.outputs.short_sha }}"' -i infra/helm/values-dev.yaml
+
+    - uses: stefanzweifel/git-auto-commit-action@v4
+      with:
+        commit_message: auto-apply image changes
diff --git a/infra/helm/.sops.yaml b/infra/helm/.sops.yaml
@@ -0,0 +1,3 @@
+creation_rules:
+  - path_regex: secrets-dev.yaml
+    kms: arn:aws:kms:us-east-1:494750395663:key/f4b90c09-7359-4049-83b5-8581b169642a
diff --git a/infra/helm/Chart.yaml b/infra/helm/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: rate-oracle
+description: A Helm chart of CSPR.rate
+type: application
+version: 0.1.0
+appVersion: "1.0"
diff --git a/infra/helm/secrets-dev.yaml b/infra/helm/secrets-dev.yaml
@@ -0,0 +1,19 @@
+rateOracle:
+    env:
+        secret:
+            TEST_SECRET: ENC[AES256_GCM,data:99isCQ==,iv:aoZOvQUZgori19IDYB1+FxEI5zbi/8hJw1JIPVgYQV8=,tag:V5rOwexUclQfJRTu80Y2dw==,type:str]
+sops:
+    kms:
+        - arn: arn:aws:kms:us-east-1:494750395663:key/f4b90c09-7359-4049-83b5-8581b169642a
+          created_at: "2023-12-03T22:44:36Z"
+          enc: AQICAHhv0TxxQyXM+XdBxU+kbxak7CcF3/swUDTfXfG1B2tp2AGFwOlDar66SKThvV1wjD8SAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMW8qGR3R6UIiJobu/AgEQgDt2xqEprnI1Uu9XYxtF/6QFy3+DMnLIqLN2acGjwXgLwBsLIgrcbwgcWhcaRy7jTmFKlTI+D82P2xsEKw==
+          aws_profile: ""
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-12-03T22:44:36Z"
+    mac: ENC[AES256_GCM,data:rPfCq4Hhhv5dnVuMNSN8L1zz+ZMjhn/4my3lJsbRP4eJABWenOnMrlSy87a5a1jxxbceIG7Yjbd1EBEWHMCvcV5r+VZX89/eG5/wl1KKA0XCexsAPQZmc6BA0VjOuZ0sIQ23ZcOWPJzAa3NwX2GmOUYeQv+Iz6+8V9qXMeBENnk=,iv:mJigyR/OIc6xL6NkEoSTQK1UT5YEnmqh0gcvVowg+5g=,tag:1783Et5nmmhdsmmvfsGXjA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1
diff --git a/infra/helm/templates/cronjob.yaml b/infra/helm/templates/cronjob.yaml
@@ -0,0 +1,64 @@
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .Chart.Name }}
+spec:
+  startingDeadlineSeconds: {{ .Values.rateOracle.startingDeadlineSeconds }}
+  concurrencyPolicy: "Forbid"
+  suspend: {{ .Values.rateOracle.suspend }}
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  schedule: "{{ .Values.rateOracle.schedule }}"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          {{- with .Values.rateOracle.nodeSelector }}
+          nodeSelector:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- if .Values.rateOracle.dbMigration.enabled }}
+          initContainers:
+          - name: db-migration
+            image: {{ .Values.rateOracle.image.repository }}:{{ .Values.rateOracle.image.tag }}
+            command: ["/bin/sh", "-c"]
+            # For cron we need only initial network specific migrations to be running since it will be deployed to sync up historical network state only
+            args:
+              - echo ------- migration start ------- &&
+                echo EXCHANGE RATE &&
+                (sync-db.sh $EXCHANGE_RATE_DATABASE_URI /app/resources/exchange-rate/rates-migrations/general) || true &&
+                echo ------- migration finish ------
+            env:
+            {{- range $key, $value := .Values.rateOracle.env.normal }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+            {{- range $key, $value := .Values.rateOracle.env.secret }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $.Chart.Name }}
+                  key: {{ $key }}
+            {{- end }}
+          {{- end }}
+          containers:
+          - name: {{ .Chart.Name }}
+            image: {{ .Values.rateOracle.image.repository }}:{{ .Values.rateOracle.image.tag }}
+            command:
+            - /bin/sh
+            - -c
+            - /app/rate-oracle
+            env:
+            {{- range $key, $value := .Values.rateOracle.env.normal }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+            {{- end }}
+            {{- range $key, $value := .Values.rateOracle.env.secret }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $.Chart.Name }}
+                  key: {{ $key }}
+            {{- end }}
+          restartPolicy: OnFailure
diff --git a/infra/helm/templates/secret.yaml b/infra/helm/templates/secret.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.rateOracle.env.secret }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+    name: {{ .Chart.Name }}
+stringData:
+  {{- range $key, $value := .Values.rateOracle.env.secret }}
+  {{ $key }}: {{ $value }}
+  {{- end }}
+{{- end }}
diff --git a/infra/helm/values-dev.yaml b/infra/helm/values-dev.yaml
@@ -0,0 +1,34 @@
+#-------------------------------------------------------------------------------
+# Rate Oracle
+#-------------------------------------------------------------------------------
+rateOracle:
+  image:
+    # Docker image repository
+    repository: '494750395663.dkr.ecr.us-east-1.amazonaws.com/make/crdao/rate-oracle'
+    # Docker image tag
+    tag: sha-0ddee4d
+  # Defines a deadline (in whole seconds) for starting the Job, if that Job misses its scheduled time for any reason.
+  startingDeadlineSeconds: 20
+  # Defines if cronjob should be suspended
+  # Does not affect Jobs that the CronJob has already started.
+  suspend: false
+  # Defines when a cronjob should be executed
+  schedule: "*/1 * * * *"
+  nodeSelector: {}
+  dbMigration:
+    # Enable database migration scripts during cronjon execution
+    # This will create a separate init container
+    enabled: false
+  env:
+    # Environment variables specific to the cronjob
+    normal:
+      NODE_ADDRESS: "34.202.114.207"
+      NODE_PORT: "9999"
+      NODE_RPC_PORT: "7777"
+      LOG_LEVEL: "debug"
+      NETWORK_NAME: "casper-test"
+      SET_RATE_DEPLOYER_PRIVATE_KEY_PATH: "resources/secret_key.pem"
+      SET_RATE_CALL_PAYMENT_AMOUNT: "1000000000"
+      RATE_API_URL: "https://event-store-api-clarity-testnet.make.services/rates/1/amount"
+      CSPR_RATE_PROVIDER_CONTRACT_HASH: "975b351f07a4e348dc14306b3093e45f601da616574a5a6d8bf36aaed1a82633"
+      NODE_RPC_PORT: "7777"