From c91052c9d6faa70f01e3ac695cfd6eacd541b88e Mon Sep 17 00:00:00 2001
From: chainchad <96362174+chainchad@users.noreply.github.com>
Date: Thu, 25 Apr 2024 06:24:11 -0400
Subject: [PATCH] Create new CRIB setup script (#12956)

* Add CRIB scripts to nix $PATH

* Create new CRIB setup script

* Update CRIB README

* Clarify comment

* Fix typo

---------

Co-authored-by: Radek Scheibinger <radek.scheibinger@smartcontract.com>
---
 crib/.env.example       |   6 ++
 crib/README.md          |  15 ++--
 crib/scripts/cribbit.sh | 179 ++++++++++++++++++++++++++++++++++++++++
 crib/setup.sh           |  58 -------------
 shell.nix               |   6 ++
 5 files changed, 199 insertions(+), 65 deletions(-)
 create mode 100755 crib/scripts/cribbit.sh
 delete mode 100755 crib/setup.sh

diff --git a/crib/.env.example b/crib/.env.example
index e35d0d3e580..e24473a9a22 100644
--- a/crib/.env.example
+++ b/crib/.env.example
@@ -19,3 +19,9 @@ CHAINLINK_CLUSTER_HELM_CHART_URI=
 # The duration that the namespace and all of its associated resources will be kept alive.
 NS_TTL=72h
 
+##
+# These are used by the shell script: cribbit.sh
+##
+AWS_REGION=
+AWS_SSO_ROLE_NAME=
+AWS_SSO_START_URL=
diff --git a/crib/README.md b/crib/README.md
index c9106d401cd..a88eedb5c41 100644
--- a/crib/README.md
+++ b/crib/README.md
@@ -26,16 +26,17 @@ Configure the cluster, see `deployments.app.helm.values` and [values.yaml](../ch
 
 Set up your K8s access
 
-```
-export DEVSPACE_IMAGE="..."
-./setup.sh ${my-personal-namespace-name-crib}
-```
+Copy the `.env.example` file to `.env` and fill in the required values
 
-Create a .env file based on the .env.sample file
+```sh
+cp crib/.env.example crib/.env
+```
 
 ```sh
-cp .env.sample .env
-# Fill in the required values in .env
+cd crib/
+nix develop
+# Pro tip: use `crib-` as a prefix for your namespace.
+cribbit.sh <your crib namespace>
 ```
 
 Build and deploy the current state of your repository
diff --git a/crib/scripts/cribbit.sh b/crib/scripts/cribbit.sh
new file mode 100755
index 00000000000..316791b10cb
--- /dev/null
+++ b/crib/scripts/cribbit.sh
@@ -0,0 +1,179 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+#############################
+#                __________
+#               < CRIBbit! >
+#                ----------    
+#      _    _    /
+#     (o)--(o)  /
+#    /.______.\
+#    \________/
+#   ./        \.
+#  ( .        , )
+#   \ \_\\//_/ /
+#    ~~  ~~  ~~
+#
+# Initialize your CRIB
+# environment.
+#############################
+
+DEVSPACE_NAMESPACE="${1:-}"
+if [[ -z "${DEVSPACE_NAMESPACE}" ]]; then
+    echo "Usage: $0 <DEVSPACE_NAMESPACE>"
+    exit 1
+fi
+
+# Bail if $DEVSPACE_NAMESPACE does not begin with a crib- prefix or does not have an override set.
+if [[ ! "${DEVSPACE_NAMESPACE}" =~ ^crib- ]] && [[ -z "${CRIB_IGNORE_NAMESPACE_PREFIX:-}" ]]; then
+    echo "Error: DEVSPACE_NAMESPACE must begin with 'crib-' prefix."
+    exit 1
+fi
+
+# Path to the .env file
+repo_root=$(git rev-parse --show-toplevel 2>/dev/null || echo ".")
+env_file="${repo_root}/crib/.env"
+
+# Source .env file if it exists
+if [[ -f "${env_file}" ]]; then
+  # shellcheck disable=SC1090
+  source "${env_file}"
+else
+  echo "Error: .env file not found at $env_file"
+  exit 1
+fi
+
+# List of required environment variables
+required_vars=(
+  "AWS_REGION"
+  # Should be the short name and not the full IAM role ARN.
+  "AWS_SSO_ROLE_NAME"
+  # The AWS SSO start URL, e.g. https://<org name>.awsapps.com/start
+  "AWS_SSO_START_URL"
+  "DEVSPACE_IMAGE"
+  "HOME"
+)
+
+missing_vars=0  # Counter for missing variables
+
+for var in "${required_vars[@]}"; do
+  if [[ -z "${!var:-}" ]]; then  # If variable is unset or empty
+    echo "Error: Environment variable ${var} is not set."
+    missing_vars=$((missing_vars + 1))
+  fi
+done
+
+# Exit with an error if any variables were missing
+if [[ $missing_vars -ne 0 ]]; then
+  echo "Error: Total missing environment variables: $missing_vars"
+  exit 1
+fi
+
+##
+# Setup AWS Profile
+##
+
+path_aws_config="$HOME/.aws/config"
+aws_account_id_ecr_registry=$(echo "${DEVSPACE_IMAGE}" | cut -d'.' -f1)
+aws_profile_name="staging-crib"
+
+if grep -q "$aws_profile_name" "$path_aws_config"; then
+  echo "Info: Skip updating ${path_aws_config}. Profile already set: ${aws_profile_name}"
+else
+  cat <<EOF >> "$path_aws_config"
+[profile $aws_profile_name]
+region=${AWS_REGION}
+sso_start_url=${AWS_SSO_START_URL}
+sso_region=${AWS_REGION}
+sso_account_id=${aws_account_id_ecr_registry}
+sso_role_name=${AWS_SSO_ROLE_NAME}
+EOF
+  echo "Info: ${path_aws_config} modified. Added profile: ${aws_profile_name}"
+fi
+
+echo "Info: Setting AWS Profile env var: AWS_PROFILE=${aws_profile_name}"
+export AWS_PROFILE=${aws_profile_name}
+
+if aws sts get-caller-identity > /dev/null 2>&1; then
+  echo "Info: AWS credentials working."
+else
+  echo "Info: AWS credentials not detected. Attempting to login through SSO."
+  aws sso login
+fi
+
+# Check again and fail this time if not successful
+if ! aws sts get-caller-identity > /dev/null 2>&1; then
+  echo "Error: AWS credentials still not detected. Exiting."
+  exit 1
+fi
+
+##
+# Setup EKS KUBECONFIG
+##
+
+path_kubeconfig="${KUBECONFIG:-$HOME/.kube/config}"
+eks_cluster_name="${CRIB_EKS_CLUSTER_NAME:-main-stage-cluster}"
+eks_alias_name="${CRIB_EKS_ALIAS_NAME:-main-stage-cluster-crib}"
+
+if [[ ! -f "${path_kubeconfig}" ]] || ! grep -q "name: ${eks_alias_name}" "${path_kubeconfig}"; then
+  echo "Info: KUBECONFIG file (${path_kubeconfig}) not found or alias (${eks_alias_name}) not found. Attempting to update kubeconfig."
+  aws eks update-kubeconfig \
+    --name "${eks_cluster_name}" \
+    --alias "${eks_alias_name}" \
+    --region "${AWS_REGION}"
+else
+    echo "Info: Alias '${eks_alias_name}' already exists in kubeconfig. No update needed."
+    echo "Info: Setting kubernetes context to: ${eks_alias_name}"
+    kubectl config use-context "${eks_alias_name}"
+fi
+
+##
+# Check Docker Daemon
+##
+
+if docker info > /dev/null 2>&1; then
+  echo "Info: Docker daemon is running, authorizing registry"
+else
+  echo "Error: Docker daemon is not running. Exiting."
+  exit 1
+fi
+
+##
+# AWS ECR Login
+##
+
+# Function to extract the host URI of the ECR registry from OCI URI
+extract_ecr_host_uri() {
+    local ecr_uri="$1"
+    # Regex to capture the ECR host URI
+    if [[ $ecr_uri =~ oci:\/\/([0-9]+\.dkr\.ecr\.[a-zA-Z0-9-]+\.amazonaws\.com) ]]; then
+        echo "${BASH_REMATCH[1]}"
+    else
+        echo "No valid ECR host URI found in the URI."
+        echo "Have you set CHAINLINK_CLUSTER_HELM_CHART_URI env var?"
+        exit 1
+    fi
+}
+
+# Set env var CRIB_SKIP_ECR_LOGIN=true to skip ECR login.
+if [[ -n "${CRIB_SKIP_ECR_LOGIN:-}" ]]; then
+  echo "Info: Skipping ECR login."
+else
+  echo "Info: Logging docker into AWS ECR registry."
+  aws ecr get-login-password \
+    --region "${AWS_REGION}" \
+      | docker login --username AWS \
+        --password-stdin "${aws_account_id_ecr_registry}.dkr.ecr.${AWS_REGION}.amazonaws.com"
+
+  echo "Info: Logging helm into AWS ECR registry."
+  helm_registry_uri=$(extract_ecr_host_uri "${CHAINLINK_CLUSTER_HELM_CHART_URI}")
+  aws ecr get-login-password --region "${AWS_REGION}" \
+   | helm registry login "$helm_registry_uri" --username AWS --password-stdin
+fi
+
+##
+# Setup DevSpace
+##
+
+devspace use namespace "${DEVSPACE_NAMESPACE}"
diff --git a/crib/setup.sh b/crib/setup.sh
deleted file mode 100755
index 8e254909655..00000000000
--- a/crib/setup.sh
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# Function to extract the host URI of the ECR registry from OCI URI
-extract_ecr_host_uri() {
-    local ecr_uri="$1"
-    # Regex to capture the ECR host URI
-    if [[ $ecr_uri =~ oci:\/\/([0-9]+\.dkr\.ecr\.[a-zA-Z0-9-]+\.amazonaws\.com) ]]; then
-        echo "${BASH_REMATCH[1]}"
-    else
-        echo "No valid ECR host URI found in the URI."
-        echo "Have you set CHAINLINK_CLUSTER_HELM_CHART_URI env var?"
-        exit 1
-    fi
-}
-
-user_home="$HOME"
-file_path="$user_home/.aws/config"
-image=""
-registry_id=$(echo "$DEVSPACE_IMAGE" | cut -d'.' -f1)
-
-if grep -q "staging-crib" "$file_path"; then
-  echo "Staging AWS config is already applied, role is 'staging-crib'"
-else
-  cat <<EOF >> "$file_path"
-[profile staging-crib]
-region=us-west-2
-sso_start_url=https://smartcontract.awsapps.com/start
-sso_region=us-west-2
-sso_account_id=${registry_id}
-sso_role_name=CRIB-ECR-Power
-EOF
-  echo "~/.aws/config modified, added 'staging-crib"
-fi
-
-# Login through SSO
-aws sso login --profile staging-crib
-# Update kubeconfig and switch context
-export AWS_PROFILE=staging-crib
-aws eks update-kubeconfig --name main-stage-cluster --alias main-stage-cluster-crib --profile staging-crib
-
-# Check if the Docker daemon is running
-if docker info > /dev/null 2>&1; then
-  echo "Docker daemon is running, authorizing registry"
-else
-  echo "Docker daemon is not running, exiting"
-  exit 1
-fi
-
-# Login to docker ECR registry
-aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin "${registry_id}".dkr.ecr.us-west-2.amazonaws.com
-
-# Login to helm ECR registry
-helm_registry_uri=$(extract_ecr_host_uri "${CHAINLINK_CLUSTER_HELM_CHART_URI}")
-aws ecr get-login-password --region us-west-2  | helm registry login "$helm_registry_uri" --username AWS --password-stdin
-
-devspace use namespace "$1"
diff --git a/shell.nix b/shell.nix
index 69bf202351d..1fde34fcfd8 100644
--- a/shell.nix
+++ b/shell.nix
@@ -57,4 +57,10 @@ mkShell' {
 
   PGDATA = "db";
   CL_DATABASE_URL = "postgresql://chainlink:chainlink@localhost:5432/chainlink_test?sslmode=disable";
+
+  shellHook = ''
+    # Find the root of the git repository
+    repo_root=$(git rev-parse --show-toplevel 2>/dev/null || echo ".")
+    export PATH=$PATH:$repo_root/crib/scripts
+  '';
 }