mardizzone/POS-1242: ci implementation and minor fixes (#156)

* dev: chg: POS-1240: replace role-to-assume in GH ci

* dev: chg: POS-1242: Use GH runner IP

* dev: chg: POS-1242: Change key permissions to 700

* dev: chg: POS-1242: query KeyMaterial only for aws key

* dev: chg: POS-1242: edit smoke tests to run without docker / fail on ci error

* dev: chg: POS-1242: use --monitor command to run smoke tests

* dev: chg: POS-1242: fix lastStateID / validate cert and relative path

* dev: del: POS-1242: remove old bash smoke_test file

* dev: fix: certName and certPath mismatch fix

* dev: chg: update dependencies and remove obsolete snyk security issues

* dev: chg: change one ci step name

* dev: add: POS-1241: tag resources to user / renaming of terraform configs

.github/workflows/ci.yml

@@ -55,7 +55,6 @@ jobs:
           path: matic-cli
 
       - name: Create .env file
-        continue-on-error: true
         run: |
           cd matic-cli
           cp .env.example .env
@@ -64,65 +63,66 @@ jobs:
           sed -i 's,/absolute/path/to/your/,/home/runner/work/matic-cli/matic-cli/matic-cli/aws/,' .env
           sed -i 's,MATIC_CLI_BRANCH=master,MATIC_CLI_BRANCH=${{ github.head_ref || github.ref_name }},' .env
 
+      - name: Get GitHub action runner IP
+        id: ip
+        uses: haythem/[email protected]
+
+      - name: Create secret.tfvars
+        run: |
+          cd matic-cli
+          touch secret.tfvars
+          echo "SG_CIDR_BLOCKS=[\"${{ steps.ip.outputs.ipv4 }}/32\"]" >> secret.tfvars
+
       - name: Configure AWS credentials
-        continue-on-error: true
         uses: aws-actions/configure-aws-credentials@master
         with:
           aws-region: us-west-2
-          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/GithubActionsRole
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/MaticCLIGitHubActionsRole
           role-session-name: GithubActionsSession
 
       - name: Create aws key pair
-        continue-on-error: true
         run: |
           cd matic-cli
           mkdir aws
           cd aws
-          aws ec2 create-key-pair --key-name matic-cli-ci-key --key-type rsa --key-format pem --output text > matic-cli-ci-key.pem
-          chmod 600 matic-cli-ci-key.pem
+          aws ec2 create-key-pair --key-name matic-cli-ci-key --key-type rsa --key-format pem --query "KeyMaterial" --output text > matic-cli-ci-key.pem
+          chmod 700 matic-cli-ci-key.pem
 
       - name: Setup node
-        continue-on-error: true
         uses: actions/setup-node@v3
         with:
           node-version: '16.17.1'
 
       - name: Install npm dependencies
-        continue-on-error: true
         run: |
           cd matic-cli
           npm install --prefer-offline --no-audit --progress=false
 
       - name: Init devnet
-        continue-on-error: true
         run: |
           cd matic-cli
           ./bin/express-cli --init
 
       - name: Start devnet
-        continue-on-error: true
         run: |
           cd matic-cli/deployments/devnet-1
+          ls -la
           ../../bin/express-cli --start
 
       - name: Run smoke tests
-        continue-on-error: true
         run: |
           cd matic-cli/deployments/devnet-1
           ../../bin/express-cli --send-state-sync
-          cd -
-          timeout 20m bash matic-cli/.github/smoke_test.sh
+          timeout 20m ../../bin/express-cli --monitor exit
 
       - name: Destroy devnet
-        continue-on-error: true
         if: always()
         run: |
           cd matic-cli/deployments/devnet-1
           echo "Running --destroy"
           ../../bin/express-cli --destroy
 
       - name: Delete aws key pair
-        continue-on-error: true
         if: always()
         run: |
           cd matic-cli/aws

.snyk

@@ -118,12 +118,6 @@ ignore:
     - '*':
         reason: 'As open source org, we have no issues with licenses'
         created: 2022-11-11T11:02:46.054Z
-  SNYK-JS-ANSIREGEX-1583908:
-    - '*':
-        reason: >-
-          Waiting for issue to be fixed. See
-          https://github.com/SamVerschueren/listr/issues/163
-        created: 2022-11-11T11:54:18.213Z
   SNYK-JS-NODEFETCH-2342118:
     - '*':
         reason: >-

README.md

@@ -179,11 +179,11 @@ The `express-cli` also comes with additional utility commands, listed below. Som
 
   - Create a `state-sync` transaction on the remote network
 
-- ` ../../bin/express-cli --monitor`
+- ` ../../bin/express-cli --monitor [exit]`
 
   - Monitors the reception of state-syncs and checkpoints to make sure the whole network is in a healthy state.
-    If `--send-state-sync` hasn't been used before, only checkpoints will be detected. The execution stops when
-    a `state-sync` is found
+    If `--send-state-sync` hasn't been used before, only checkpoints will be detected. Monitor the setup.  
+    If `exit` string is passed the process terminates when at least one `stateSync` and one `checkpoint` are detected.
 
 - ` ../../bin/express-cli --instances-stop`
 

main.tf

@@ -1,3 +1,4 @@
+# terraform provider
 terraform {
   required_providers {
     aws = {
@@ -9,18 +10,21 @@ terraform {
   required_version = ">= 1.2.0"
 }
 
+# aws provider
 provider "aws" {
   region     = var.REGION
 }
 
-resource "aws_instance" "app_server" {
+# ec2 instances
+resource "aws_instance" "node_server" {
   count = (var.DOCKERIZED == "yes") ? 1 : (var.VALIDATOR_COUNT + var.SENTRY_COUNT + var.ARCHIVE_COUNT)
   ami                    = var.INSTANCE_AMI
   instance_type          = (count.index >= var.VALIDATOR_COUNT + var.SENTRY_COUNT) ? var.ARCHIVE_INSTANCE_TYPE: var.INSTANCE_TYPE
   key_name               = var.PEM_FILE
-  vpc_security_group_ids = [aws_security_group.internet_facing_alb.id]
-  subnet_id              = aws_subnet.public-subnet-1.id
+  vpc_security_group_ids = [aws_security_group.internet_facing_load_balancer_sg.id]
+  subnet_id              = aws_subnet.devnet_public_subnet.id
 
+  # instances' disks
   ebs_block_device {
     device_name = "/dev/sda1"
     volume_size = (count.index >= var.VALIDATOR_COUNT + var.SENTRY_COUNT) ? var.ARCHIVE_DISK_SIZE_GB : var.DISK_SIZE_GB
@@ -29,43 +33,50 @@ resource "aws_instance" "app_server" {
   }
 
   tags = {
-    Name = "${var.VM_NAME}-terraform-${count.index + 1}"
+    Name = "${var.VM_NAME}_${count.index + 1}"
   }
 }
 
+# elastic ips
 resource "aws_eip" "eip" {
   vpc = true
   count = (var.DOCKERIZED == "yes") ? 1 : (var.VALIDATOR_COUNT + var.SENTRY_COUNT + var.ARCHIVE_COUNT)
-  instance                  = aws_instance.app_server[count.index].id
-  depends_on                = [aws_internet_gateway.gw]
+  instance                  = aws_instance.node_server[count.index].id
+  depends_on                = [aws_internet_gateway.devnet_internet_gateway]
+
+  tags = {
+    Name = "${var.VM_NAME}_${count.index + 1}_eip"
+  }
 }
 
-resource "aws_eip_association" "eip_assoc" {
+# elastic ips association
+resource "aws_eip_association" "eip_association" {
   count = (var.DOCKERIZED == "yes") ? 1 : (var.VALIDATOR_COUNT + var.SENTRY_COUNT + var.ARCHIVE_COUNT)
-  instance_id   = aws_instance.app_server[count.index].id
+  instance_id   = aws_instance.node_server[count.index].id
   allocation_id = aws_eip.eip[count.index].id
 }
 
-resource "aws_security_group" "internet_facing_alb" {
-  name        = "internetfacing-loadbalancer-sg"
-  description = "Security group attached to internet facing loadbalancer"
-  vpc_id      = aws_vpc.My_VPC.id
+# security group
+resource "aws_security_group" "internet_facing_load_balancer_sg" {
+  name        = "internet_facing_loadbalancer_sg"
+  description = "security group attached to internet facing loadbalancer"
+  vpc_id      = aws_vpc.devnet_vpc.id
 
   dynamic "ingress" {
     for_each = toset(var.PORTS_IN)
     content {
-      description = "Web Traffic from internet"
+      description = "web traffic from internet"
       from_port   = ingress.value
       to_port     = ingress.value
       protocol    = "tcp"
-      cidr_blocks = concat(var.SG_CIDR_BLOCKS, [aws_vpc.My_VPC.cidr_block])
+      cidr_blocks = concat(var.SG_CIDR_BLOCKS, [aws_vpc.devnet_vpc.cidr_block])
       self = true
     }
   }
   dynamic "egress" {
     for_each = toset(var.PORTS_OUT)
     content {
-      description = "Web Traffic to internet"
+      description = "web traffic to internet"
       from_port   = egress.value
       to_port     = egress.value
       protocol    = "-1"
@@ -74,60 +85,69 @@ resource "aws_security_group" "internet_facing_alb" {
     }
   }
   tags = {
-    Name = "internetfacing-loadbalancer-sg"
+    Name = "${var.VM_NAME}_internet_facing_loadbalancer_sg"
   }
 }
 
 
-# Create Public Subnet
-# terraform aws create subnet
-resource "aws_subnet" "public-subnet-1" {
-  vpc_id                  = aws_vpc.My_VPC.id
-  cidr_block              = var.Public_Subnet_1
+# public subnet
+variable "devnet_public_subnet" {
+  default     = "10.0.0.0/24"
+  description = "devnet_public_subnet"
+  type        = string
+}
+
+resource "aws_subnet" "devnet_public_subnet" {
+  vpc_id                  = aws_vpc.devnet_vpc.id
+  cidr_block              = var.devnet_public_subnet
   availability_zone       = "us-west-2a"
   map_public_ip_on_launch = true
-  tags                    = {
-    Name = "public-subnet-1"
+
+  tags = {
+    Name = "${var.VM_NAME}_public_subnet"
   }
 }
 
 
-# create the VPC
-resource "aws_vpc" "My_VPC" {
+# vpc
+resource "aws_vpc" "devnet_vpc" {
   cidr_block           = "10.0.0.0/16"
   instance_tenancy     = "default"
   enable_dns_support   = true
   enable_dns_hostnames = true
 
   tags = {
-    Name = "${var.VM_NAME}-express-cli-vpc"
+    Name = "${var.VM_NAME}_vpc"
   }
 }
 
-resource "aws_internet_gateway" "gw" {
-  vpc_id = aws_vpc.My_VPC.id
-
+# internet gateway
+resource "aws_internet_gateway" "devnet_internet_gateway" {
+  vpc_id = aws_vpc.devnet_vpc.id
+  tags = {
+    Name = "${var.VM_NAME}_intenet_gateway"
+  }
 }
 
-resource "aws_route_table" "table" {
-  vpc_id = aws_vpc.My_VPC.id
+# route table
+resource "aws_route_table" "devnet_route_table" {
+  vpc_id = aws_vpc.devnet_vpc.id
   route {
     cidr_block = "0.0.0.0/0"
-    gateway_id = aws_internet_gateway.gw.id
+    gateway_id = aws_internet_gateway.devnet_internet_gateway.id
+  }
+  tags = {
+    Name = "${var.VM_NAME}_route_table"
   }
 }
 
-resource "aws_main_route_table_association" "route_table_assoc" {
-  vpc_id         = aws_vpc.My_VPC.id
-  route_table_id = aws_route_table.table.id
-}
-
-variable "Public_Subnet_1" {
-  default     = "10.0.0.0/24"
-  description = "Public_Subnet_1"
-  type        = string
+# route table association
+resource "aws_main_route_table_association" "route_table_association" {
+  vpc_id         = aws_vpc.devnet_vpc.id
+  route_table_id = aws_route_table.devnet_route_table.id
 }
 
+# output variables used by express-cli
 output "instance_ips" {
   value = aws_eip.eip.*.public_ip
 }
@@ -137,5 +157,5 @@ output "instance_dns_ips" {
 }
 
 output "instance_ids" {
-  value = aws_instance.app_server.*.id
+  value = aws_instance.node_server.*.id
 }