Make CRIB demo work (#11927)

* temp CRIB workshop

* tested script + build/deploy separation

* check images in ECR, fail if no image built

* another try with ecr

* force login to registry

---------

Co-authored-by: skudasov <[email protected]>

charts/chainlink-cluster/README.md

@@ -5,6 +5,7 @@ Install `kubefwd` (no nixpkg for it yet, planned)
 ```
 brew install txn2/tap/kubefwd
 ```
+If you want to build images you need [docker](https://docs.docker.com/engine/install/) service running
 
 Enter the shell (from the root project dir)
 ```
@@ -18,17 +19,33 @@ We are using [devspace](https://www.devspace.sh/docs/getting-started/installatio
 
 Configure the cluster, see `deployments.app.helm.values` and [values.yaml](./values.yaml) comments for more details
 
-Enter the shell and deploy
+Configure your `cluster` setup (one time setup, internal usage only)
+```
+export DEVSPACE_IMAGE="..."
+cd charts/chainlink-cluster
+./setup.sh ${my-personal-namespace-name-crib}
+```
+
+Build and deploy current commit
 ```
-# set your unique namespace if it's a new cluster
-devspace use namespace cl-cluster
 devspace deploy
 ```
+
 If you don't need a build use
 ```
 devspace deploy --skip-build
 ```
 
+To deploy particular commit (must be in registry) use
+```
+devspace deploy --skip-build ${short_sha_of_image}
+```
+
+Forward ports to check UI or run tests
+```
+devspace run connect ${my-personal-namespace-name-crib}
+```
+
 Connect to your environment, by replacing container with label `node-1` with your local repository files
 ```
 devspace dev -p node

charts/chainlink-cluster/devspace.yaml

@@ -4,34 +4,72 @@ name: chainlink
 vars:
   NS_TTL: 72h
   DEVSPACE_IMAGE:
+    noCache: true
     source: env
 
 # This is a list of `pipelines` that DevSpace can execute (you can define your own)
 pipelines:
-  #       create_deployments --all  can be used to apply manifests again
-  # This is the pipeline for the main command: `devspace dev` (or `devspace run-pipeline dev`)
   dev:
     run: |-
       run_dependencies --all       # 1. Deploy any projects this project needs (see "dependencies")
       ensure_pull_secrets --all    # 2. Ensure pull secrets
       start_dev app                # 3. Start dev mode "app" (see "dev" section)
-  # You can run this pipeline via `devspace deploy` (or `devspace run-pipeline deploy`)
   deploy:
     run: |-
+      set -o pipefail
+      echo "Removing .devspace cache!"
+      rm -rf .devspace/ || true
+      registry_id=$(echo "$DEVSPACE_IMAGE" | cut -d'.' -f1)
+      
+      # Login into registry
+      echo "Authorizing into ECR registry"
+      aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin ${registry_id}.dkr.ecr.us-west-2.amazonaws.com
+      
       run_dependencies --all                           
       ensure_pull_secrets --all                         
       build_images ---var DOCKER_DEFAULT_PLATFORM=linux/amd64  --all -t $(git rev-parse --short HEAD)
       kubectl annotate namespace ${DEVSPACE_NAMESPACE} janitor/ttl=${NS_TTL} || true
       kubectl label namespace/${DEVSPACE_NAMESPACE} network=crib || true
-      create_deployments --all                          
+      if [ -n "$1" ]; then
+        echo "Deploying tag $1"
+        tag=$1
+        image=${DEVSPACE_IMAGE}:$tag
+      else
+        echo "Deploying current commit tag: $(git rev-parse --short HEAD)"
+        tag=$(git rev-parse --short HEAD)
+        image=${DEVSPACE_IMAGE}:$tag
+      fi
+      
+      echo "Checking tag: $tag"
+      repository_name="chainlink-devspace"
+      desired_tag=$tag
+      
+      # Check if the desired tag is present in the repository
+      image_list=$(aws ecr list-images --repository-name "$repository_name")
+      tag_exists=$(echo "$image_list" | jq -e '.imageIds[] | select(.imageTag == "'"${desired_tag}"'")' >/dev/null && echo true || echo false)
+      
+      # Check the value of the tag_exists variable
+      if [ "$tag_exists" = "true" ]; then
+        echo "Image tag '$tag' found."
+      else
+        echo "Image tag '$tag' not found. Please build the image using 'devspace deploy'"
+        exit 1
+      fi 
+      create_deployments app \
+      --set=helm.values.chainlink.nodes[0].image=$image \
+      --set=helm.values.chainlink.nodes[1].image=$image \
+      --set=helm.values.chainlink.nodes[2].image=$image \
+      --set=helm.values.chainlink.nodes[3].image=$image \
+      --set=helm.values.chainlink.nodes[4].image=$image \
+      --set=helm.values.chainlink.nodes[5].image=$image
       echo "Namespace ${DEVSPACE_NAMESPACE} will be deleted in ${NS_TTL}"
   purge:
     run: |-
       kubectl delete ns ${DEVSPACE_NAMESPACE}
 
 commands:
   connect: |-
-    sudo kubefwd svc -n ${DEVSPACE_NAMESPACE}
+    sudo kubefwd svc -n $1
 
 images:
   app:
@@ -50,7 +88,7 @@ hooks:
       labelSelector:
         # vars don't work here, = releaseName
         release: "app"
-    events: ["after:deploy:app"]
+    events: [ "after:deploy:app" ]
     name: "wait-for-pod-hook"
 
 # This is a list of `deployments` that DevSpace can create for this project
@@ -83,7 +121,6 @@ deployments:
           nodes:
             - name: node-1
               image: ${DEVSPACE_IMAGE}
-              version: latest
               # default resources are 300m/1Gi
               # first node need more resources to build faster inside container
               # at least 2Gi of memory is required otherwise build will fail (OOM)
@@ -128,19 +165,14 @@ deployments:
               #      overridesToml: |
             - name: node-2
               image: ${DEVSPACE_IMAGE}
-              version: latest
             - name: node-3
               image: ${DEVSPACE_IMAGE}
-              version: latest
             - name: node-4
               image: ${DEVSPACE_IMAGE}
-              version: latest
             - name: node-5
               image: ${DEVSPACE_IMAGE}
-              version: latest
             - name: node-6
               image: ${DEVSPACE_IMAGE}
-              version: latest
 
         # each CL node have a dedicated PostgreSQL 11.15
         # use StatefulSet by setting:
@@ -314,10 +346,10 @@ dev:
     ssh:
       enabled: true
     proxyCommands:
-#       TODO: access issues
-#      - command: devspace
-#      - command: kubectl
-#      - command: helm
+      #       TODO: access issues
+      #      - command: devspace
+      #      - command: kubectl
+      #      - command: helm
       - gitCredentials: true
     ports:
       - port: "2345"

charts/chainlink-cluster/setup.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+set -e
+user_home="$HOME"
+file_path="$user_home/.aws/config"
+image=""
+registry_id=$(echo "$DEVSPACE_IMAGE" | cut -d'.' -f1)
+
+if grep -q "staging-crib" "$file_path"; then
+  echo "Staging AWS config is already applied, role is 'staging-crib'"
+else
+  cat <<EOF >> "$file_path"
+[profile staging-crib]
+region=us-west-2
+sso_start_url=https://smartcontract.awsapps.com/start
+sso_region=us-west-2
+sso_account_id=${registry_id}
+sso_role_name=CRIB-ECR-Power
+EOF
+  echo "~/.aws/config modified, added 'staging-crib"
+fi
+
+# Login through SSO
+aws sso login --profile staging-crib
+# Update kubeconfig and switch context
+export AWS_PROFILE=staging-crib
+aws eks update-kubeconfig --name main-stage-cluster --alias main-stage-cluster-crib --profile staging-crib
+
+# Check if the Docker daemon is running
+if docker info > /dev/null 2>&1; then
+  echo "Docker daemon is running, authorizing registry"
+else
+  echo "Docker daemon is not running, exiting"
+  exit 1
+fi
+aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin ${registry_id}.dkr.ecr.us-west-2.amazonaws.com
+devspace use namespace $1

shell.nix

@@ -30,6 +30,7 @@ mkShell {
     delve
     golangci-lint
     github-cli
+    jq
 
     # deployment
     devspace