From 698346f9ab04f3f09ff92df1ee0c30b923250b96 Mon Sep 17 00:00:00 2001 From: Arnaud Delabarre Date: Fri, 11 Feb 2022 15:49:25 -0800 Subject: [PATCH 1/8] Moved Nomad Agent helm chart to its own repo --- helm/nomad-agent/.helmignore | 23 -- helm/nomad-agent/Chart.yaml | 6 - helm/nomad-agent/README.md | 44 ---- helm/nomad-agent/templates/NOTES.txt | 0 helm/nomad-agent/templates/_helpers.tpl | 63 ------ helm/nomad-agent/templates/configmap.yaml | 35 --- .../templates/kathy-statefulset.yaml | 110 ---------- .../templates/processor-statefulset.yaml | 122 ----------- .../templates/relayer-statefulset.yaml | 110 ---------- .../nomad-agent/templates/serviceaccount.yaml | 12 - .../templates/updater-statefulset.yaml | 121 ---------- helm/nomad-agent/values.yaml | 207 ------------------ 12 files changed, 853 deletions(-) delete mode 100644 helm/nomad-agent/.helmignore delete mode 100644 helm/nomad-agent/Chart.yaml delete mode 100644 helm/nomad-agent/README.md delete mode 100644 helm/nomad-agent/templates/NOTES.txt delete mode 100644 helm/nomad-agent/templates/_helpers.tpl delete mode 100644 helm/nomad-agent/templates/configmap.yaml delete mode 100644 helm/nomad-agent/templates/kathy-statefulset.yaml delete mode 100644 helm/nomad-agent/templates/processor-statefulset.yaml delete mode 100644 helm/nomad-agent/templates/relayer-statefulset.yaml delete mode 100644 helm/nomad-agent/templates/serviceaccount.yaml delete mode 100644 helm/nomad-agent/templates/updater-statefulset.yaml delete mode 100644 helm/nomad-agent/values.yaml diff --git a/helm/nomad-agent/.helmignore b/helm/nomad-agent/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/helm/nomad-agent/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/helm/nomad-agent/Chart.yaml b/helm/nomad-agent/Chart.yaml deleted file mode 100644 index 0873bc7d..00000000 --- a/helm/nomad-agent/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: nomad-agent -description: A Helm Chart that encapsulates the deployment of the Nomad Rust Agent(s) -type: application -version: 0.1.0 -appVersion: "0.1.0" diff --git a/helm/nomad-agent/README.md b/helm/nomad-agent/README.md deleted file mode 100644 index 8f3c741e..00000000 --- a/helm/nomad-agent/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# nomad-agent - -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square) - -A Helm Chart that encapsulates the deployment of the Nomad Rust Agent(s) - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"Always"` | | -| image.repository | string | `"gcr.io/nomad-xyz/nomad-agent"` | | -| image.tag | string | `"latest"` | | -| imagePullSecrets | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| nomad | object | `{"aws":null,"baseConfig":"base.json","dbPath":"/usr/share/nomad","homeChain":{"address":null,"connectionType":null,"connectionUrl":null,"domain":null,"name":"kovan","rpcStyle":null},"kathy":{"chatGenConfig":{"destination":null,"message":null,"recipient":null,"type":null},"enabled":false,"messageInterval":null,"podAnnotations":{},"podLabels":{},"resources":{},"storage":{"size":"10Gi","snapshot":{"enabled":false,"name":""}},"transactionSigners":[{"aws":{"keyId":"","region":""},"hexKey":"","name":"kovan"},{"aws":{"keyId":"","region":""},"hexKey":"","name":"alfajores"}]},"metrics":{"port":9090},"processor":{"enabled":false,"podAnnotations":{},"podLabels":{},"pollingInterval":null,"resources":{},"storage":{"size":"10Gi","snapshot":{"enabled":false,"name":""}},"transactionSigners":[{"aws":{"keyId":"","region":""},"hexKey":"","name":"kovan"},{"aws":{"keyId":"","region":""},"hexKey":"","name":"alfajores"}]},"relayer":{"enabled":false,"podAnnotations":{},"podLabels":{},"pollingInterval":null,"resources":{},"storage":{"size":"10Gi","snapshot":{"enabled":false,"name":""}},"transactionSigners":[{"aws":{"keyId":"","region":""},"hexKey":"","name":"kovan"},{"aws":{"keyId":"","region":""},"hexKey":"","name":"alfajores"}]},"replicaChains":[{"address":null,"connectionType":null,"connectionUrl":null,"domain":null,"name":"alfajores","rpcStyle":null}],"runEnv":"default","rustBacktrace":"full","tracing":{"format":"json","level":"info","uri":""},"updater":{"attestationSigner":{"aws":{"keyId":"","region":""},"hexKey":""},"enabled":false,"podAnnotations":{},"podLabels":{},"pollingInterval":null,"resources":{},"storage":{"size":"10Gi","snapshot":{"enabled":false,"name":""}},"transactionSigners":[{"aws":{"keyId":"","region":""},"hexKey":"","name":"kovan"},{"aws":{"keyId":"","region":""},"hexKey":"","name":"alfajores"}],"updatePause":null}}` | Nomad Overrides By Default, Nomad Agents load the config baked into the Docker Image Pass values here in order to override the values in the config Note: For successful operation, one _must_ pass signer keys as they are not baked into the image for security reasons. | -| nomad.homeChain.address | string | `nil` | The contract address for the home contract | -| nomad.homeChain.connectionUrl | string | `nil` | Connection string pointing to an RPC endpoint for the home chain | -| nomad.homeChain.domain | string | `nil` | The hard-coded domain corresponding to this blockchain | -| nomad.homeChain.rpcStyle | string | `nil` | RPC Style | -| nomad.kathy.chatGenConfig | object | `{"destination":null,"message":null,"recipient":null,"type":null}` | Configuration for Kathy's message generation code | -| nomad.replicaChains | list | `[{"address":null,"connectionType":null,"connectionUrl":null,"domain":null,"name":"alfajores","rpcStyle":null}]` | Replica chain overrides, a sequence | -| nomad.replicaChains[0].address | string | `nil` | The contract address for the replica contract | -| nomad.replicaChains[0].connectionUrl | string | `nil` | Connection string pointing to an RPC endpoint for the replica chain | -| nomad.updater.attestationSigner | object | `{"aws":{"keyId":"","region":""},"hexKey":""}` | Specialized key used by updater and watcher used to sign attestations, separate from updater.transactionSigners | -| nomad.updater.pollingInterval | string | `nil` | How long to wait between checking for updates | -| nomad.updater.transactionSigners | list | `[{"aws":{"keyId":"","region":""},"hexKey":"","name":"kovan"},{"aws":{"keyId":"","region":""},"hexKey":"","name":"alfajores"}]` | Transaction Signing keys for home and replica(s) | -| podAnnotations | object | `{}` | | -| podCommonLabels | object | `{}` | | -| podSecurityContext.fsGroup | int | `2000` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| storage.accessModes | string | `"ReadWriteOnce"` | | -| storage.storageClass | string | `"standard"` | | -| tolerations | list | `[]` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/helm/nomad-agent/templates/NOTES.txt b/helm/nomad-agent/templates/NOTES.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/helm/nomad-agent/templates/_helpers.tpl b/helm/nomad-agent/templates/_helpers.tpl deleted file mode 100644 index 508c1c48..00000000 --- a/helm/nomad-agent/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "nomad-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nomad-agent.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nomad-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "nomad-agent.labels" -}} -helm.sh/chart: {{ include "nomad-agent.chart" . }} -nomad/deployment: {{ .Values.nomad.runEnv | quote }} -{{ include "nomad-agent.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "nomad-agent.selectorLabels" -}} -app.kubernetes.io/name: {{ include "nomad-agent.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "nomad-agent.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "nomad-agent.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/helm/nomad-agent/templates/configmap.yaml b/helm/nomad-agent/templates/configmap.yaml deleted file mode 100644 index f201e67f..00000000 --- a/helm/nomad-agent/templates/configmap.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "nomad-agent.fullname" . }} - labels: - {{- include "nomad-agent.labels" . | nindent 4 }} -data: - RUN_ENV: {{ .Values.nomad.runEnv | quote }} - BASE_CONFIG: {{ .Values.nomad.baseConfig }} - {{- if .Values.nomad.aws }} - AWS_ACCESS_KEY_ID: {{ .Values.nomad.aws.accessKeyId }} - AWS_SECRET_ACCESS_KEY: {{ .Values.nomad.aws.secretAccessKey }} - {{- end }} - RUST_BACKTRACE: {{ .Values.nomad.rustBacktrace }} - OPT_BASE_DB: {{ .Values.nomad.dbPath }} - OPT_BASE_TRACING_FMT: {{ .Values.nomad.tracing.format }} - OPT_BASE_TRACING_LEVEL: {{ .Values.nomad.tracing.level }} - {{- if .Values.nomad.homeChain.connectionUrl }} - OPT_BASE_HOME_CONNECTION_URL: {{ .Values.nomad.homeChain.connectionUrl }} - {{- end }} - {{- if .Values.nomad.homeChain.connectionType }} - OPT_BASE_HOME_CONNECTION_TYPE: {{ .Values.nomad.homeChain.connectionType }} - {{- end }} - {{- range .Values.nomad.replicaChains }} - {{- if .connectionUrl }} - OPT_BASE_REPLICAS_{{ .name | upper }}_CONNECTION_URL: {{ .connectionUrl }} - {{- end }} - {{- if .address }} - OPT_BASE_REPLICAS_{{ .name | upper }}_ADDRESS: {{ .address }} - {{- end }} - {{- end }} - {{- if .Values.nomad.tracing.uri }} - OPT_BASE_TRACING_JAEGER_COLLECTOR_URI: {{ .Values.nomad.tracing.uri }} - {{- end }} - OPT_BASE_METRICS: {{ .Values.nomad.metrics.port | quote }} diff --git a/helm/nomad-agent/templates/kathy-statefulset.yaml b/helm/nomad-agent/templates/kathy-statefulset.yaml deleted file mode 100644 index b384f7cd..00000000 --- a/helm/nomad-agent/templates/kathy-statefulset.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- if .Values.nomad.kathy.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "nomad-agent.fullname" . }}-kathy - labels: - {{- include "nomad-agent.labels" . | nindent 4 }} - app.kubernetes.io/component: kathy -spec: - selector: - matchLabels: - {{- include "nomad-agent.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: kathy - replicas: 1 - serviceName: {{ include "nomad-agent.fullname" . }}-kathy - template: - metadata: - annotations: - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.kathy.podAnnotations }} - {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "nomad-agent.labels" . | nindent 8 }} - app.kubernetes.io/component: kathy - {{- with .Values.podCommonLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.kathy.podLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 10 - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["./kathy"] - envFrom: - - configMapRef: - name: {{ include "nomad-agent.fullname" . }} - env: - {{- if .Values.nomad.kathy.messageInterval }} - - name: OPT_KATHY_INTERVAL - value: {{ .Values.nomad.kathy.messageInterval | quote }} - {{- end }} - {{- range .Values.nomad.kathy.transactionSigners }} - {{- if .hexKey }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_KEY - value: {{ .hexKey }} - {{- else }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_TYPE - value: "aws" - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_ID - value: {{ .aws.keyId }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_REGION - value: {{ .aws.region }} - {{- end }} - {{- end }} - {{- if .Values.nomad.tracing.uri }} - - name: OPT_BASE_TRACING_JAEGER_NAME - value: {{ include "nomad-agent.fullname" . }}-kathy - {{- end }} - resources: - {{- toYaml .Values.nomad.kathy.resources | nindent 10 }} - volumeMounts: - - name: state - mountPath: {{ .Values.nomad.dbPath }} - ports: - - name: metrics - containerPort: {{ .Values.nomad.metrics.port }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: state - spec: - storageClassName: {{ .Values.storage.storageClass }} - accessModes: [ {{ .Values.storage.accessModes }} ] - {{- if .Values.nomad.kathy.storage.snapshot.enabled }} - dataSource: - name: {{ .Values.nomad.kathy.storage.snapshot.name }} - kind: VolumeSnapshot - apiGroup: snapshot.storage.k8s.io - {{- end }} - resources: - requests: - storage: {{ .Values.nomad.kathy.storage.size }} -{{- end }} diff --git a/helm/nomad-agent/templates/processor-statefulset.yaml b/helm/nomad-agent/templates/processor-statefulset.yaml deleted file mode 100644 index 520acfb1..00000000 --- a/helm/nomad-agent/templates/processor-statefulset.yaml +++ /dev/null @@ -1,122 +0,0 @@ -{{- if .Values.nomad.processor.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "nomad-agent.fullname" . }}-processor - labels: - {{- include "nomad-agent.labels" . | nindent 4 }} - app.kubernetes.io/component: processor -spec: - selector: - matchLabels: - {{- include "nomad-agent.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: processor - replicas: 1 - serviceName: {{ include "nomad-agent.fullname" . }}-processor - template: - metadata: - annotations: - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.processor.podAnnotations }} - {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "nomad-agent.labels" . | nindent 8 }} - app.kubernetes.io/component: processor - {{- with .Values.podCommonLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.processor.podLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 10 - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: agent - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["./processor"] - envFrom: - - configMapRef: - name: {{ include "nomad-agent.fullname" . }} - env: - {{- if .Values.nomad.processor.pollingInterval }} - - name: OPT_PROCESSOR_INTERVAL - value: {{ .Values.nomad.processor.pollingInterval | quote }} - {{- end }} - {{- range .Values.nomad.processor.transactionSigners }} - {{- if .hexKey }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_KEY - value: {{ .hexKey }} - {{- else }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_TYPE - value: "aws" - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_ID - value: {{ .aws.keyId }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_REGION - value: {{ .aws.region }} - {{- end }} - {{- end }} - {{- if .Values.nomad.tracing.uri }} - - name: OPT_BASE_TRACING_JAEGER_NAME - value: {{ include "nomad-agent.fullname" . }}-processor - {{- end }} - {{- if .Values.nomad.processor.s3Proofs.bucket }} - - name: OPT_PROCESSOR_S3_BUCKET - value: {{ .Values.nomad.processor.s3Proofs.bucket | quote }} - {{- end }} - {{- if .Values.nomad.processor.s3Proofs.region }} - - name: OPT_PROCESSOR_S3_REGION - value: {{ .Values.nomad.processor.s3Proofs.region | quote }} - {{- end }} - {{- if .Values.nomad.processor.indexOnly }} - - name: OPT_PROCESSOR_INDEXON - value: "true" - {{- end }} - resources: - {{- toYaml .Values.nomad.processor.resources | nindent 10 }} - volumeMounts: - - name: state - mountPath: {{ .Values.nomad.dbPath }} - ports: - - name: metrics - containerPort: {{ .Values.nomad.metrics.port }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: state - spec: - storageClassName: {{ .Values.storage.storageClass }} - accessModes: [ {{ .Values.storage.accessModes }} ] - {{- if .Values.nomad.processor.storage.snapshot.enabled }} - dataSource: - name: {{ .Values.nomad.processor.storage.snapshot.name }} - kind: VolumeSnapshot - apiGroup: snapshot.storage.k8s.io - {{- end }} - resources: - requests: - storage: {{ .Values.nomad.processor.storage.size }} -{{- end }} diff --git a/helm/nomad-agent/templates/relayer-statefulset.yaml b/helm/nomad-agent/templates/relayer-statefulset.yaml deleted file mode 100644 index 503bf8c0..00000000 --- a/helm/nomad-agent/templates/relayer-statefulset.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- if .Values.nomad.relayer.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "nomad-agent.fullname" . }}-relayer - labels: - {{- include "nomad-agent.labels" . | nindent 4 }} - app.kubernetes.io/component: relayer -spec: - selector: - matchLabels: - {{- include "nomad-agent.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: relayer - replicas: 1 - serviceName: {{ include "nomad-agent.fullname" . }}-relayer - template: - metadata: - annotations: - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.relayer.podAnnotations }} - {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "nomad-agent.labels" . | nindent 8 }} - app.kubernetes.io/component: relayer - {{- with .Values.podCommonLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.relayer.podLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 10 - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: agent - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["./relayer"] - envFrom: - - configMapRef: - name: {{ include "nomad-agent.fullname" . }} - env: - {{- if .Values.nomad.relayer.pollingInterval }} - - name: OPT_RELAYER_INTERVAL - value: {{ .Values.nomad.relayer.pollingInterval | quote }} - {{- end }} - {{- range .Values.nomad.relayer.transactionSigners }} - {{- if .hexKey }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_KEY - value: {{ .hexKey }} - {{- else }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_TYPE - value: "aws" - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_ID - value: {{ .aws.keyId }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_REGION - value: {{ .aws.region }} - {{- end }} - {{- end }} - {{- if .Values.nomad.tracing.uri }} - - name: OPT_BASE_TRACING_JAEGER_NAME - value: {{ include "nomad-agent.fullname" . }}-relayer - {{- end }} - resources: - {{- toYaml .Values.nomad.relayer.resources | nindent 10 }} - volumeMounts: - - name: state - mountPath: {{ .Values.nomad.dbPath }} - ports: - - name: metrics - containerPort: {{ .Values.nomad.metrics.port }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: state - spec: - storageClassName: {{ .Values.storage.storageClass }} - accessModes: [ {{ .Values.storage.accessModes }} ] - {{- if .Values.nomad.relayer.storage.snapshot.enabled }} - dataSource: - name: {{ .Values.nomad.relayer.storage.snapshot.name }} - kind: VolumeSnapshot - apiGroup: snapshot.storage.k8s.io - {{- end }} - resources: - requests: - storage: {{ .Values.nomad.relayer.storage.size }} -{{- end }} diff --git a/helm/nomad-agent/templates/serviceaccount.yaml b/helm/nomad-agent/templates/serviceaccount.yaml deleted file mode 100644 index 71b1b85c..00000000 --- a/helm/nomad-agent/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "nomad-agent.serviceAccountName" . }} - labels: - {{- include "nomad-agent.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/helm/nomad-agent/templates/updater-statefulset.yaml b/helm/nomad-agent/templates/updater-statefulset.yaml deleted file mode 100644 index c29dec71..00000000 --- a/helm/nomad-agent/templates/updater-statefulset.yaml +++ /dev/null @@ -1,121 +0,0 @@ -{{- if .Values.nomad.updater.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "nomad-agent.fullname" . }}-updater - labels: - {{- include "nomad-agent.labels" . | nindent 4 }} - app.kubernetes.io/component: updater -spec: - selector: - matchLabels: - {{- include "nomad-agent.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: updater - replicas: 1 - serviceName: {{ include "nomad-agent.fullname" . }}-updater - template: - metadata: - annotations: - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.updater.podAnnotations }} - {{ toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "nomad-agent.labels" . | nindent 8 }} - app.kubernetes.io/component: updater - {{- with .Values.podCommonLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nomad.updater.podLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: 10 - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: agent - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["./updater"] - envFrom: - - configMapRef: - name: {{ include "nomad-agent.fullname" . }} - env: - {{- if .Values.nomad.updater.pollingInterval }} - - name: OPT_UPDATER_INTERVAL - value: {{ .Values.nomad.updater.pollingInterval | quote }} - {{- end }} - {{- range .Values.nomad.updater.transactionSigners }} - {{- if .hexKey }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_KEY - value: {{ .hexKey }} - {{- else }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_TYPE - value: "aws" - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_ID - value: {{ .aws.keyId }} - - name: OPT_BASE_SIGNERS_{{ .name | upper }}_REGION - value: {{ .aws.region }} - {{- end }} - {{- end }} - {{- if .Values.nomad.updater.attestationSigner.hexKey }} - - name: OPT_BASE_UPDATER_KEY - value: {{ .Values.nomad.updater.attestationSigner.hexKey }} - {{- else }} - - name: OPT_BASE_UPDATER_TYPE - value: "aws" - - name: OPT_BASE_UPDATER_ID - value: {{ .Values.nomad.updater.attestationSigner.aws.keyId }} - - name: OPT_BASE_UPDATER_REGION - value: {{ .Values.nomad.updater.attestationSigner.aws.region }} - {{- end }} - {{- if .Values.nomad.tracing.uri }} - - name: OPT_BASE_TRACING_JAEGER_NAME - value: {{ include "nomad-agent.fullname" . }}-updater - {{- end }} - resources: - {{- toYaml .Values.nomad.updater.resources | nindent 10 }} - volumeMounts: - - name: state - mountPath: {{ .Values.nomad.dbPath }} - ports: - - name: metrics - containerPort: {{ .Values.nomad.metrics.port }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: state - spec: - storageClassName: {{ .Values.storage.storageClass }} - accessModes: [ {{ .Values.storage.accessModes }} ] - {{- if .Values.nomad.updater.storage.snapshot.enabled }} - dataSource: - name: {{ .Values.nomad.updater.storage.snapshot.name }} - kind: VolumeSnapshot - apiGroup: snapshot.storage.k8s.io - {{- end }} - resources: - requests: - storage: {{ .Values.nomad.updater.storage.size }} -{{- end }} diff --git a/helm/nomad-agent/values.yaml b/helm/nomad-agent/values.yaml deleted file mode 100644 index dd5cb48e..00000000 --- a/helm/nomad-agent/values.yaml +++ /dev/null @@ -1,207 +0,0 @@ -image: - repository: gcr.io/nomad-xyz/nomad-agent - pullPolicy: Always - tag: "latest" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - create: true - annotations: {} - name: "" - -podAnnotations: {} -podCommonLabels: {} - -storage: - storageClass: "standard" - accessModes: ReadWriteOnce - -# -- Nomad Overrides -# By Default, Nomad Agents load the config baked into the Docker Image -# Pass values here in order to override the values in the config -# Note: For successful operation, one _must_ pass signer keys as -# they are not baked into the image for security reasons. -nomad: - # Sets the config folder to use - runEnv: "default" - # Sets the base config to be used (switch between Homes) - baseConfig: "base.json" - # Set the DB location to be the volume - dbPath: /usr/share/nomad - rustBacktrace: full - tracing: - # Set the log formatting - format: json - # Set the log level - level: info - uri: "" - metrics: - port: 9090 - homeChain: - name: "kovan" - # -- The contract address for the home contract - address: # "0x0C473afC0cabd469751CBE3Ac08aBac3e40bF586" - # -- The hard-coded domain corresponding to this blockchain - domain: # 1000 - # -- RPC Style - rpcStyle: # "ethereum" - connectionType: # "http" - # -- Connection string pointing to an RPC endpoint for the home chain - connectionUrl: # "https://kovan.infura.io/v3/" - aws: - # accessKeyId: "" - # secretAccessKey: "" - - # -- Replica chain overrides, a sequence - replicaChains: - - name: "alfajores" - # -- The contract address for the replica contract - address: # "0x0C473afC0cabd469751CBE3Ac08aBac3e40bF586" - domain: # 1000 - rpcStyle: # "ethereum" - connectionType: # "http" - # -- Connection string pointing to an RPC endpoint for the replica chain - connectionUrl: # "https://alfajores-forno.celo-testnet.org" - - # Nomad Agent Roles - # Individually Switchable via .enabled - updater: - enabled: false - podAnnotations: {} - podLabels: {} - storage: - size: 10Gi - snapshot: - enabled: false - name: "" - resources: {} - # -- Transaction Signing keys for home and replica(s) - transactionSigners: - - name: "kovan" - hexKey: "" - aws: - keyId: "" - region: "" - - name: "alfajores" - hexKey: "" - aws: - keyId: "" - region: "" - # -- Specialized key used by updater and watcher used to sign attestations, separate from updater.transactionSigners - attestationSigner: - hexKey: "" - aws: - keyId: "" - region: "" - # -- How long to wait between checking for updates - pollingInterval: # 5 - - relayer: - enabled: false - podAnnotations: {} - podLabels: {} - storage: - size: 10Gi - snapshot: - enabled: false - name: "" - resources: {} - transactionSigners: - - name: "kovan" - hexKey: "" - aws: - keyId: "" - region: "" - - name: "alfajores" - hexKey: "" - aws: - keyId: "" - region: "" - pollingInterval: # 10 - - processor: - enabled: false - podAnnotations: {} - podLabels: {} - storage: - size: 10Gi - snapshot: - enabled: false - name: "" - resources: {} - transactionSigners: - - name: "kovan" - hexKey: "" - aws: - keyId: "" - region: "" - - name: "alfajores" - hexKey: "" - aws: - keyId: "" - region: "" - pollingInterval: # 10 - s3Proofs: - bucket: "" - region: "" - indexOnly: "" - - kathy: - enabled: false - podAnnotations: {} - podLabels: {} - storage: - size: 10Gi - snapshot: - enabled: false - name: "" - resources: {} - transactionSigners: - - name: "kovan" - hexKey: "" - aws: - keyId: "" - region: "" - - name: "alfajores" - hexKey: "" - aws: - keyId: "" - region: "" - # Polling Interval Override - messageInterval: # 100 - # -- Configuration for Kathy's message generation code - chatGenConfig: - destination: # 2000 - message: # "hello are you listening?" - recipient: # "recipient" - type: # "static" - -podSecurityContext: - fsGroup: 2000 - -securityContext: - {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -resources: - {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} From 6309c23a2884d7ab909c582ad441b2c534653cf9 Mon Sep 17 00:00:00 2001 From: Arnaud Delabarre Date: Sat, 12 Feb 2022 19:52:15 -0800 Subject: [PATCH 2/8] Added Docker build workflow --- .github/workflows/docker.yml | 57 +++++++++++++++++++++++++++++++ Dockerfile | 66 ++++++++---------------------------- DockerfileV2 | 21 ------------ rust-toolchain | 3 ++ 4 files changed, 75 insertions(+), 72 deletions(-) create mode 100644 .github/workflows/docker.yml delete mode 100644 DockerfileV2 create mode 100644 rust-toolchain diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 00000000..e89210cc --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,57 @@ +# Documentation +# https://github.com/docker/metadata-action +# https://github.com/docker/login-action#google-container-registry-gcr +# https://github.com/docker/build-push-action +name: Push to GCR GitHub Action +on: + push: + branches: + - '**' #Arnaud: We should probably build the docker container only after a PR is merged to main or a tagged is pushed + tags: + - '**' + +jobs: + check-env: + runs-on: ubuntu-latest + # assign output from step to job output + outputs: + gcloud-service-key: ${{ steps.gcloud-service-key.outputs.defined }} + steps: + - id: -segcloudrvice-key + # assign GCLOUD_SERVICE_KEY to env for access in conditional + env: + GCLOUD_SERVICE_KEY: ${{ secrets.GCLOUD_SERVICE_KEY }} + if: "${{ env.GCLOUD_SERVICE_KEY != '' }}" + # runs if GCLOUD_SERVICE_KEY is defined, so we set the output to true + run: echo "::set-output name=defined::true" + + build-and-push-to-gcr: + runs-on: ubuntu-latest + + # uses check-env to determine if secrets.GCLOUD_SERVICE_KEY is defined + needs: [check-env] + if: needs.check-env.outputs.gcloud-service-key == 'true' + + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + - uses: Swatinem/rust-cache@v1 + with: + key: 'release' # Added extra key to prevent rust cache collision with rust.yml workflows + + - name: Build agents (release) + run: cargo build --release + + - name: Login to Docker repository + uses: docker/login-action@v1 + with: + registry: gcr.io + username: _json_key + password: ${{ secrets.GCLOUD_SERVICE_KEY }} + + - name: Build and push container + uses: docker/build-push-action@v2 + with: + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 20058060..a3f39d06 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,57 +1,21 @@ -# syntax=docker/dockerfile:experimental - -FROM rust:1.56 as builder -WORKDIR /usr/src - -# 1a: Prepare for static linking -RUN apt-get update && \ - apt-get dist-upgrade -y && \ - apt-get install -y musl-tools clang && \ - rustup target add x86_64-unknown-linux-musl - -# Add workspace to workdir -COPY agents ./agents -COPY chains ./chains -COPY tools ./tools -COPY nomad-base ./nomad-base -COPY nomad-core ./nomad-core -COPY nomad-test ./nomad-test - -COPY Cargo.toml . -COPY Cargo.lock . - -# Build binaries -RUN --mount=id=cargo,type=cache,target=/usr/src/target \ - --mount=id=cargo-home-registry,type=cache,target=/usr/local/cargo/registry \ - --mount=id=cargo-home-git,type=cache,target=/usr/local/cargo/git \ - cargo build --release - -# Copy artifacts out of volume -WORKDIR /release -RUN --mount=id=cargo,type=cache,target=/usr/src/target cp /usr/src/target/release/updater . -RUN --mount=id=cargo,type=cache,target=/usr/src/target cp /usr/src/target/release/relayer . -RUN --mount=id=cargo,type=cache,target=/usr/src/target cp /usr/src/target/release/watcher . -RUN --mount=id=cargo,type=cache,target=/usr/src/target cp /usr/src/target/release/processor . -RUN --mount=id=cargo,type=cache,target=/usr/src/target cp /usr/src/target/release/kathy . -RUN --mount=id=cargo,type=cache,target=/usr/src/target cp /usr/src/target/release/kms-cli . -RUN --mount=id=cargo,type=cache,target=/usr/src/target cp /usr/src/target/release/nomad-cli . - -# 2: Copy the binaries to release image FROM ubuntu:20.04 -RUN apt-get update && \ - apt-get install -y libssl-dev \ - ca-certificates WORKDIR /app -COPY --from=builder /release/updater . -COPY --from=builder /release/relayer . -COPY --from=builder /release/watcher . -COPY --from=builder /release/processor . -COPY --from=builder /release/kathy . -COPY --from=builder /release/kms-cli . -COPY --from=builder /release/nomad-cli . + +RUN apt-get update \ + && apt-get install -y libssl-dev ca-certificates \ + && chmod 777 /app \ + && mkdir /usr/share/nomad \ + && chmod 1000 /usr/share/nomad + +COPY target/release/updater \ + target/release/relayer \ + target/release/watcher \ + target/release/processor \ + target/release/kathy \ + target/release/kms-cli \ + target/release/nomad-cli ./ COPY config ./config -RUN chmod 777 /app -RUN mkdir /usr/share/nomad/ && chmod 1000 /usr/share/nomad + USER 1000 CMD ["./watcher"] \ No newline at end of file diff --git a/DockerfileV2 b/DockerfileV2 deleted file mode 100644 index a3f39d06..00000000 --- a/DockerfileV2 +++ /dev/null @@ -1,21 +0,0 @@ -FROM ubuntu:20.04 - -WORKDIR /app - -RUN apt-get update \ - && apt-get install -y libssl-dev ca-certificates \ - && chmod 777 /app \ - && mkdir /usr/share/nomad \ - && chmod 1000 /usr/share/nomad - -COPY target/release/updater \ - target/release/relayer \ - target/release/watcher \ - target/release/processor \ - target/release/kathy \ - target/release/kms-cli \ - target/release/nomad-cli ./ -COPY config ./config - -USER 1000 -CMD ["./watcher"] \ No newline at end of file diff --git a/rust-toolchain b/rust-toolchain new file mode 100644 index 00000000..eb306023 --- /dev/null +++ b/rust-toolchain @@ -0,0 +1,3 @@ +[toolchain] +channel = "1.56" +profile = "default" From f0d00d701833180e0b93d9509b8c63c4614dbd43 Mon Sep 17 00:00:00 2001 From: Arnaud Delabarre Date: Sat, 12 Feb 2022 20:16:30 -0800 Subject: [PATCH 3/8] Fixed typo from docker build workflow --- .github/workflows/docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e89210cc..e6842311 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -17,7 +17,7 @@ jobs: outputs: gcloud-service-key: ${{ steps.gcloud-service-key.outputs.defined }} steps: - - id: -segcloudrvice-key + - id: gcloud-service-key # assign GCLOUD_SERVICE_KEY to env for access in conditional env: GCLOUD_SERVICE_KEY: ${{ secrets.GCLOUD_SERVICE_KEY }} @@ -46,7 +46,7 @@ jobs: uses: docker/login-action@v1 with: registry: gcr.io - username: _json_key + username: '_json_key' password: ${{ secrets.GCLOUD_SERVICE_KEY }} - name: Build and push container From 07bbc95fd6f37a93c84280b9cd8090c76c89a663 Mon Sep 17 00:00:00 2001 From: Arnaud Delabarre Date: Sat, 12 Feb 2022 20:44:16 -0800 Subject: [PATCH 4/8] Set default toolchain to stable --- .github/workflows/docker.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e6842311..ec6d3089 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -35,6 +35,8 @@ jobs: steps: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 + with: + toolchain: stable - uses: Swatinem/rust-cache@v1 with: key: 'release' # Added extra key to prevent rust cache collision with rust.yml workflows From da9e807d646c693eb7a3c67e1f9aba31f0c24542 Mon Sep 17 00:00:00 2001 From: Arnaud Delabarre Date: Sat, 12 Feb 2022 21:06:48 -0800 Subject: [PATCH 5/8] Added rust workflow to github actions --- .github/workflows/rust.yml | 55 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/rust.yml diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml new file mode 100644 index 00000000..1e6ff7a3 --- /dev/null +++ b/.github/workflows/rust.yml @@ -0,0 +1,55 @@ +name: Rust + +on: + push: + branches: + - main + pull_request: + branches: + - main + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +env: + CARGO_TERM_COLOR: always + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + - uses: Swatinem/rust-cache@v1 + + - name: Build agents + run: cargo build --verbose + + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + - uses: Swatinem/rust-cache@v1 + + - name: Run tests + run: cargo test --verbose + + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + - uses: Swatinem/rust-cache@v1 + + - name: Rustfmt + run: cargo fmt -- --check + + - name: Clippy + run: cargo clippy -- -D warnings From 84dfa34b3a6086c9a263b13ac9123ebfd027af80 Mon Sep 17 00:00:00 2001 From: Arnaud Delabarre Date: Sat, 12 Feb 2022 22:38:32 -0800 Subject: [PATCH 6/8] Added Docker tags when pushing to GCR --- .github/workflows/docker.yml | 50 +++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index ec6d3089..2a24b8b7 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -2,36 +2,21 @@ # https://github.com/docker/metadata-action # https://github.com/docker/login-action#google-container-registry-gcr # https://github.com/docker/build-push-action -name: Push to GCR GitHub Action +name: Build Docker container on: push: branches: - - '**' #Arnaud: We should probably build the docker container only after a PR is merged to main or a tagged is pushed + - 'main' tags: - - '**' + - 'v*' + pull_request: # Not sure if we need to build a container on PRs, post PR merge to main might be enough. TBD based on our CD strategy + branches: + - 'main' jobs: - check-env: - runs-on: ubuntu-latest - # assign output from step to job output - outputs: - gcloud-service-key: ${{ steps.gcloud-service-key.outputs.defined }} - steps: - - id: gcloud-service-key - # assign GCLOUD_SERVICE_KEY to env for access in conditional - env: - GCLOUD_SERVICE_KEY: ${{ secrets.GCLOUD_SERVICE_KEY }} - if: "${{ env.GCLOUD_SERVICE_KEY != '' }}" - # runs if GCLOUD_SERVICE_KEY is defined, so we set the output to true - run: echo "::set-output name=defined::true" - - build-and-push-to-gcr: + build-docker-container: runs-on: ubuntu-latest - # uses check-env to determine if secrets.GCLOUD_SERVICE_KEY is defined - needs: [check-env] - if: needs.check-env.outputs.gcloud-service-key == 'true' - steps: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 @@ -39,13 +24,30 @@ jobs: toolchain: stable - uses: Swatinem/rust-cache@v1 with: - key: 'release' # Added extra key to prevent rust cache collision with rust.yml workflows + # Add a key to prevent rust cache collision with rust.yml workflows + key: 'release' - name: Build agents (release) run: cargo build --release + - name: Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + # list of Docker images to use as base name for tags + images: gcr.io/nomad-xyz/nomad-agent + # generate Docker tags based on the following events/attributes + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=ref,event=branch + type=ref,event=pr + type=sha + - name: Login to Docker repository uses: docker/login-action@v1 + if: github.event_name != 'pull_request' with: registry: gcr.io username: '_json_key' @@ -54,6 +56,6 @@ jobs: - name: Build and push container uses: docker/build-push-action@v2 with: - push: true + push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From 4a1e3fb1447104e46476366a90c5b7af7f57eeba Mon Sep 17 00:00:00 2001 From: Arnaud Delabarre Date: Sun, 13 Feb 2022 10:07:09 -0800 Subject: [PATCH 7/8] Fixed docker ci --- .github/workflows/docker.yml | 7 ++++--- Dockerfile | 18 +++++++++++------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2a24b8b7..2a3d1cab 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -14,7 +14,7 @@ on: - 'main' jobs: - build-docker-container: + build-docker: runs-on: ubuntu-latest steps: @@ -29,7 +29,7 @@ jobs: - name: Build agents (release) run: cargo build --release - + - name: Docker metadata id: meta uses: docker/metadata-action@v3 @@ -50,12 +50,13 @@ jobs: if: github.event_name != 'pull_request' with: registry: gcr.io - username: '_json_key' + username: _json_key password: ${{ secrets.GCLOUD_SERVICE_KEY }} - name: Build and push container uses: docker/build-push-action@v2 with: + context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index a3f39d06..ebac820b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,6 @@ FROM ubuntu:20.04 +ENV TARGET_DIR='target' WORKDIR /app RUN apt-get update \ @@ -8,14 +9,17 @@ RUN apt-get update \ && mkdir /usr/share/nomad \ && chmod 1000 /usr/share/nomad -COPY target/release/updater \ - target/release/relayer \ - target/release/watcher \ - target/release/processor \ - target/release/kathy \ - target/release/kms-cli \ - target/release/nomad-cli ./ +COPY ${TARGET_DIR}/release/updater \ + ${TARGET_DIR}/release/relayer \ + ${TARGET_DIR}/release/watcher \ + ${TARGET_DIR}/release/processor \ + ${TARGET_DIR}/release/kathy \ + ${TARGET_DIR}/release/kms-cli \ + ${TARGET_DIR}/release/nomad-cli ./ + COPY config ./config + + USER 1000 CMD ["./watcher"] \ No newline at end of file From 20b45d0aa10aa983343330cb3316606e7d69e674 Mon Sep 17 00:00:00 2001 From: Arnaud Delabarre Date: Mon, 14 Feb 2022 10:08:14 -0800 Subject: [PATCH 8/8] Disable Docker build for PRs --- .github/workflows/docker.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2a3d1cab..ba65dc7e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -9,9 +9,6 @@ on: - 'main' tags: - 'v*' - pull_request: # Not sure if we need to build a container on PRs, post PR merge to main might be enough. TBD based on our CD strategy - branches: - - 'main' jobs: build-docker: @@ -47,7 +44,6 @@ jobs: - name: Login to Docker repository uses: docker/login-action@v1 - if: github.event_name != 'pull_request' with: registry: gcr.io username: _json_key @@ -57,6 +53,6 @@ jobs: uses: docker/build-push-action@v2 with: context: . - push: ${{ github.event_name != 'pull_request' }} + push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }}