Fix indentation

.github/actions/build_package/action.yml

@@ -1,3 +1,4 @@
+# Creates miden-node.deb and miden-faucet.deb DEBIAN packages.
 name: build-package
 description: Builds miden-node and miden-faucet debian packages for the given git reference
 inputs:
@@ -12,61 +13,73 @@ runs:
       id: git-sha
       shell: bash
       run: |
-        if git show-ref -q --verify "refs/remotes/origin/$gitref" 2>/dev/null; then
-          echo "sha=$(git show-ref --hash --verify "refs/remotes/origin/$gitref")" >> $GITHUB_OUTPUT
-        elif git show-ref -q --verify "refs/tags/$gitref" 2>/dev/null; then
-          echo "sha=$(git show-ref --hash --verify "refs/tags/$gitref")" >> $GITHUB_OUTPUT
-        elif git rev-parse --verify "$gitref^{commit}" >/dev/null 2>&1; then
-          echo "sha=$(git rev-parse --verify "$gitref^{commit})" >> $GITHUB_OUTPUT
+        if git show-ref -q --verify "refs/remotes/origin/${{ inputs.gitref }}" 2>/dev/null; then
+          echo "sha=$(git show-ref --hash --verify 'refs/remotes/origin/${{ inputs.gitref }}')" >> $GITHUB_OUTPUT
+        elif git show-ref -q --verify "refs/tags/${{ inputs.gitref }}" 2>/dev/null; then
+          echo "sha=$(git show-ref --hash --verify 'refs/tags/${{ inputs.gitref }}')" >> $GITHUB_OUTPUT
+        elif git rev-parse --verify "${{ inputs.gitreff }}^{commit}" >/dev/null 2>&1; then
+          echo "sha=$(git rev-parse --verify '${{ inputs.gitref }}^{commit}')" >> $GITHUB_OUTPUT
         else
           echo "::error Unknown git reference type"
-          # exit 1
+          exit 1
         fi
 
-    - name: Build binaries
-      run: |
-        cargo install miden-node   --locked --features testing --git ${{ github.repositoryUrl }} --rev ${{ steps.git-sha.outputs.sha }}
-        cargo install miden-faucet --locked --features testing --git ${{ github.repositoryUrl }} --rev ${{ steps.git-sha.outputs.sha }}
-    
     - name: Create package directories
+      shell: bash
       run: |
         mkdir -p \
           packaging/deb/miden-node/DEBIAN \
           packaging/deb/miden-node/usr/bin\
           packaging/deb/miden-node/lib/systemd/system\
-          packaging/deb/miden-node/etc/miden\
-          packaging/deb/miden-node/opt/miden/miden-faucet
+          packaging/deb/miden-node/etc/opt/miden-node\
+          packaging/deb/miden-node/opt/miden-node
 
         mkdir -p \
           packaging/deb/miden-faucet/DEBIAN \
           packaging/deb/miden-faucet/usr/bin\
           packaging/deb/miden-faucet/lib/systemd/system\
-          packaging/deb/miden-faucet/etc/miden\
-          packaging/deb/miden-faucet/opt/miden/miden-faucet
-
-    - name: Copy binary files
-      run: |
-        cp -p $CARGO_HOME/bin/miden-node   packaging/deb/miden-node/urs/bin/
-        cp -p $CARGO_HOME/bin/miden-faucet packaging/deb/miden-faucet/urs/bin/
+          packaging/deb/miden-faucet/etc/opt/miden-faucet\
+          packaging/deb/miden-faucet/opt/miden-faucet
 
     # These have to be downloaded as the current repo source isn't necessarily the target git reference.
     - name: Copy package install scripts
+      shell: bash
       run: |
-        git show ${{ steps.git-sha.outputs.sha }}:packaging/miden-node.service   > packaging/deb/miden-node/lib/systemd/system/miden-node.service
-        git show ${{ steps.git-sha.outputs.sha }}:packaging/postinst             > packaging/deb/miden-node/DEBIAN/postinst
-        git show ${{ steps.git-sha.outputs.sha }}:packaging/postrm               > packaging/deb/miden-node/DEBIAN/postrm
-        git show ${{ steps.git-sha.outputs.sha }}:packaging/miden-faucet.service > packaging/deb/miden-faucet/lib/systemd/system/miden-faucet.service
-        git show ${{ steps.git-sha.outputs.sha }}:packaging/postinst             > packaging/deb/miden-faucet/DEBIAN/postinst
-        git show ${{ steps.git-sha.outputs.sha }}:packaging/postrm               > packaging/deb/miden-faucet/DEBIAN/postrm
+        # git show ${{ steps.git-sha.outputs.sha }}:packaging/node/miden-node.service     > packaging/deb/miden-node/lib/systemd/system/miden-node.service
+        # git show ${{ steps.git-sha.outputs.sha }}:packaging/node/postinst               > packaging/deb/miden-node/DEBIAN/postinst
+        # git show ${{ steps.git-sha.outputs.sha }}:packaging/node/postrm                 > packaging/deb/miden-node/DEBIAN/postrm
+        # git show ${{ steps.git-sha.outputs.sha }}:packaging/faucet/miden-faucet.service > packaging/deb/miden-faucet/lib/systemd/system/miden-faucet.service
+        # git show ${{ steps.git-sha.outputs.sha }}:packaging/faucet/postinst             > packaging/deb/miden-faucet/DEBIAN/postinst
+        # git show ${{ steps.git-sha.outputs.sha }}:packaging/faucet/postrm               > packaging/deb/miden-faucet/DEBIAN/postrm
+
+        # This is temporary until these files land on main.
+        cp packaging/node/miden-node.service     packaging/deb/miden-node/lib/systemd/system/miden-node.service
+        cp packaging/node/postinst               packaging/deb/miden-node/DEBIAN/postinst
+        cp packaging/node/postrm                 packaging/deb/miden-node/DEBIAN/postrm
+        cp packaging/faucet/miden-faucet.service packaging/deb/miden-faucet/lib/systemd/system/miden-faucet.service
+        cp packaging/faucet/postinst             packaging/deb/miden-faucet/DEBIAN/postinst
+        cp packaging/faucet/postrm               packaging/deb/miden-faucet/DEBIAN/postrm
+
+        chmod 0775 packaging/deb/miden-node/DEBIAN/postinst
+        chmod 0775 packaging/deb/miden-node/DEBIAN/postrm
+        chmod 0775 packaging/deb/miden-faucet/DEBIAN/postinst
+        chmod 0775 packaging/deb/miden-faucet/DEBIAN/postrm
 
     - name: Create control files
+      shell: bash
       run: |
+        # Map the architecture to the format required by Debian.
+        # i.e. arm64 and amd64 instead of aarch64 and x86_64.
+        arch=$(uname -m | sed "s/x86_64/amd64/" | sed "s/aarch64/arm64/")
+        # Control file's version field must be x.y.z format so strip the rest.
+        version=$(git describe --tags --abbrev=0 | sed 's/[^0-9.]//g' )
+
         cat > packaging/deb/miden-node/DEBIAN/control << EOF
         Package: miden-node
-        Version: ${{ inputs.gitref }} 
+        Version: $version
         Section: base
         Priority: optional
-        Architecture: $(uname -m)
+        Architecture: $arch
         Maintainer: Polygon Devops <[email protected]>
         Description: miden-node binary package
         Homepage: https://polygon.technology/polygon-miden
@@ -76,18 +89,37 @@ runs:
 
         cat > packaging/deb/miden-faucet/DEBIAN/control << EOF
         Package: miden-faucet
-        Version: ${{ inputs.gitref }} 
+        Version: $version
         Section: base
         Priority: optional
-        Architecture: $(uname -m)
+        Architecture: $arch
         Maintainer: Polygon Devops <[email protected]>
         Description: miden-faucet binary package
         Homepage: https://polygon.technology/polygon-miden
         Vcs-Git: [email protected]:0xPolygonMiden/miden-node.git
         Vcs-Browser: https://github.com/0xPolygonMiden/miden-node
         EOF
 
+    - name: Build binaries
+      shell: bash
+      env:
+        repo-url: ${{ github.server_url }}/${{ github.repository }}
+      run: |
+        cargo install miden-node   --root . --locked --features testing --git ${{ env.repo-url }} --rev ${{ steps.git-sha.outputs.sha }}
+        cargo install miden-faucet --root . --locked --features testing --git ${{ env.repo-url }} --rev ${{ steps.git-sha.outputs.sha }}
+
+    - name: Copy binary files
+      shell: bash
+      run: |
+        cp -p ./bin/miden-node   packaging/deb/miden-node/usr/bin/
+        cp -p ./bin/miden-faucet packaging/deb/miden-faucet/usr/bin/
+
     - name: Build packages
+      shell: bash
       run: |
         dpkg-deb --build --root-owner-group packaging/deb/miden-node
         dpkg-deb --build --root-owner-group packaging/deb/miden-faucet
+
+        # Save the .deb files, delete the rest.
+        mv packaging/deb/*.deb .
+        rm -rf packaging

.github/actions/ssm_execute/action.yml

@@ -64,7 +64,7 @@ runs:
             break
           elif [ "$STATUS" == "Failed" ] || [ "$STATUS" == "Cancelled" ]; then
             echo "Command failed with status: $STATUS"
-            break
+            exit 1
           else
             elapsed_time=$(( $(date +%s) - start_time ))
             if [ "$elapsed_time" -gt "$timeout" ]; then

.github/workflows/deploy.yml

@@ -8,69 +8,68 @@ on:
         required: true
         type: choice
         options:
-          - testnet
           - devnet
+          - testnet
 
       gitref:
-        description: 'Version, commit or other gitref to deploy'
+        description: 'Version, branch or commit to deploy'
         required: true
         type: string
-
-      architecture:
-        description: 'Instance architecture'
-        type: choice
-        options:
-          - arm64
-        default: 'arm64'
 
 permissions:
   id-token: write
   contents: write
 
 jobs:
   deploy:
-    # Select the runner based on the input architecture using github workflows ternary operator.
+    name: ${{ inputs.network }} - ${{ inputs.gitref }}
+    # This is our arm64 runner which matches the AWS instance.
     runs-on:
-      labels: ${{ inputs.architecture == 'arm64' && 'ubuntu22-arm-4core' || ubuntu-latest }}
+      labels: ubuntu22-arm-4core
 
     env:
       # Define the instance information.
       account-id: MIDEN_DEV_ACCOUNT_ID
-      oicdrole: midendev 
+      oidcrole: midendev
       instance-id: ${{ inputs.network == 'testnet' && 'TESTNET_INSTANCE_TF' || 'DEVNET_INSTANCE_TF' }}
 
       # Define the expected package names.
-      node-package:   miden-node-${{ inputs.gitref }}-${{ inputs.architecture }}.deb
-      faucet-package: miden-faucet-${{ inputs.gitref }}-${{ inputs.architecture }}.deb
+      node-package:   miden-node-${{ inputs.gitref }}-arm64.deb
+      faucet-package: miden-faucet-${{ inputs.gitref }}-arm64.deb
 
-      # S3 path where packages are stored; used to send packages to instance as this isn't trivially possible directly.
-      s3-path: s3://release-artifacts-${{ secrets[env.account-id] }}
 
     steps:
+      # S3 path where packages are stored; used to send packages to instance as this isn't trivially possible directly.
+      # This cannot be done in the global env setup as it requires another env variable.
+      - name: Setup S3 path
+        run: echo "s3-path=s3://release-artifacts-${{ secrets[env.account-id] }}" >> $GITHUB_ENV
+
       # Checkout repo so we have access to the required workflow actions.
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@main
         with:
           fetch-depth: 0
 
       # Download from github if its a version tag referece.
-      - name: Download packages from releases
+      - name: Download from releases
         if: ${{ startsWith(inputs.gitref, 'v') }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          gh release ${{ inputs.gitref }} download ${{ env.node-package }}
-          gh release ${{ inputs.gitref }} download ${{ env.node-package }}.checksum
-          gh release ${{ inputs.gitref }} download ${{ env.faucet-package }}
-          gh release ${{ inputs.gitref }} download ${{ env.faucet-package }}.checksum
+          gh release download ${{ inputs.gitref }} -p ${{ env.node-package }}
+          gh release download ${{ inputs.gitref }} -p ${{ env.node-package }}.checksum
+          gh release download ${{ inputs.gitref }} -p ${{ env.faucet-package }}
+          gh release download ${{ inputs.gitref }} -p ${{ env.faucet-package }}.checksum
 
-          sha256 --check ${{ env.node-package }}.checksum
-          sha256 --check ${{ env.faucet-package }}.checksum
+          sha256sum --check ${{ env.node-package }}.checksum
+          sha256sum --check ${{ env.faucet-package }}.checksum
 
       # Otherwise build the packages from source.
       #
       # Note that we cannot build from the currently checked out repo source since that source
       # defines our workflow actions, and not the compilation source target. For this reason we
       # prefer building the binary using `cargo install ...`.
-      - name: Build package
+      - name: Build from source
         if: ${{ !startsWith(inputs.gitref, 'v') }}
         run: |
           echo "::error Non-release deployment currently not supported"
@@ -92,19 +91,18 @@ jobs:
             sudo apt udpate; \
             sudo apt install awscli -y
 
-      # Move packages to instance using S3.
-      # TODO: does this fail if the files already exist?
+      # Move packages to instance using S3. Note that this will clobber the files.
       - name: Upload packages to S3
         run: |
-          aws s3 cp ${{ env.node-package }} ${{ env.s3-path }}/${{ env.node-package }}
-          aws s3 cp ${{ env.node-faucet }} ${{ env.s3-path }}/${{ env.node-faucet }}
+          aws s3 cp ${{ env.node-package }}   ${{ env.s3-path }}/${{ env.node-package }}
+          aws s3 cp ${{ env.faucet-package }} ${{ env.s3-path }}/${{ env.faucet-package }}
 
-      # TODO: does this fail if the files already exist?
       - name: Download packages to instance
         uses: ./.github/actions/ssm_execute
         with:
           instance_id: ${{ secrets[env.instance-id] }}
           command: |
+            touch iamhere.log; \
             aws s3 cp ${{ env.s3-path }}/${{ env.node-package }}   ${{ env.node-package}}; \
             aws s3 cp ${{ env.s3-path }}/${{ env.faucet-package }} ${{ env.faucet-package}}
       
@@ -117,7 +115,6 @@ jobs:
             sudo systemctl stop miden-node; \
             sudo systemctl stop miden-faucet; \
             sudo apt remove miden-node miden-faucet -y; \
-            sudo rm -f miden-*
       
       - name: Install packages
         uses: ./.github/actions/ssm_execute
@@ -132,10 +129,9 @@ jobs:
         with:
           instance_id: ${{ secrets[env.instance-id] }}
           command: |
-            sudo chown -R miden /opt/miden; \
-            sudo /usr/bin/miden-node init -c /etc/miden/miden-node.toml -g /opt/miden/miden-node/genesis.toml; \
-            sudo /usr/bin/miden-node make-genesis -i /opt/miden/miden-node/genesis.toml -o /opt/miden/miden-node/genesis.dat --force; \
-            sudo /usr/bin/miden-faucet init -c /opt/miden/miden-faucet/miden-faucet.toml -f /opt/miden/miden-node/accounts/faucet.mac
+            sudo /usr/bin/miden-node init -c /etc/opt/miden-node/miden-node.toml -g /etc/opt/miden-node/genesis.toml; \
+            sudo /usr/bin/miden-node make-genesis -i /etc/opt/miden-node/genesis.toml -o /opt/miden-node/genesis.dat --force; \
+            sudo /usr/bin/miden-faucet init -c /etc/opt/miden-faucet/miden-faucet.toml -f /opt/miden-faucet/accounts/faucet.mac
 
       - name: Start miden node service
         uses: ./.github/actions/ssm_execute

.github/workflows/package.yml

@@ -1,5 +1,6 @@
+# Release debian packages for miden node and faucet.
 name: Release packages
-run-name: Release packaging for ${{ env.version }}
+run-name: Release packaging for ${{ inputs.version || github.ref }}
 
 env:
   version: ${{ inputs.version || github.ref }}
@@ -21,30 +22,30 @@ permissions:
 
 jobs:
   package:
-  matrix:
-    os: [ubuntu-latest, ubuntu22-arm-4core]
+    name: ${{ inputs.version }} for ${{ matrix.arch }}
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
     runs-on:
-      labels: ${{ matrix.os }}
+      labels: ${{ matrix.arch == 'arm64' && 'ubuntu22-arm-4core' || 'ubuntu-latest' }}
     steps:
       # Note that this checkout is _not_ used as the source for the package.
       # Instead this is required to access the workflow actions. Package source
       # selection is handled by the packaging action.
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@main
         with:
           fetch-depth: 0
 
       - name: Build packages
-        uses: ./.github/actions/build_packages
+        uses: ./.github/actions/build_package
         with:
           gitref: ${{ env.version }}
 
       - name: Package names
-        env: 
-          arch: $(uname -m)
         run: |
-          echo "node-package=$(echo miden-node-${{ env.version }}-${{ env.arch }}.deb") >> $GITHUB_ENV
-          echo "faucet-package=$(echo miden-faucet-${{ env.version }}-${{ env.arch }}.deb") >> $GITHUB_ENV
+          echo "node-package=miden-node-${{ env.version }}-${{ matrix.arch }}.deb"     >> $GITHUB_ENV
+          echo "faucet-package=miden-faucet-${{ env.version }}-${{ matrix.arch }}.deb" >> $GITHUB_ENV
 
       - name: Rename package files
         run: |
@@ -57,6 +58,8 @@ jobs:
           sha256sum ${{ env.faucet-package }} > ${{ env.faucet-package }}.checksum
 
       - name: Publish packages
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           gh release upload ${{ env.version }} \
             ${{ env.node-package }} \

packaging/miden-faucet.service → packaging/faucet/miden-faucet.service

@@ -8,8 +8,8 @@ WantedBy=multi-user.target
 [Service]
 Type=exec
 Environment="RUST_LOG=info"
-ExecStart=/usr/bin/miden-faucet start --config /opt/miden/miden-faucet/miden-faucet.toml
-WorkingDirectory=/opt/miden/miden-faucet
-User=miden
+ExecStart=/usr/bin/miden-faucet start --config /etc/opt/miden-faucet/miden-faucet.toml
+WorkingDirectory=/opt/miden-faucet
+User=miden-faucet
 RestartSec=5
 Restart=always

packaging/faucet/postinst

@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This is a postinstallation script so the service can be configured and started when requested.
+
+# user is expected by the systemd service file and `/opt/<user>` is its working directory, 
+sudo adduser --disabled-password --disabled-login --shell /usr/sbin/nologin --quiet --system --no-create-home --home /nonexistent miden-faucet
+
+# Working folder.
+if [ -d "/opt/miden-faucet" ]
+then
+    echo "Directory /opt/miden-faucet exists."
+else
+    mkdir -p /opt/miden-faucet
+    sudo chown -R miden-faucet /opt/miden-faucet
+fi
+
+# Configuration folder
+if [ -d "/etc/opt/miden-faucet" ]
+then
+    echo "Directory /etc/opt/miden-faucet exists."
+else
+    mkdir -p /etc/opt/miden-faucet
+    sudo chown -R miden-faucet /etc/opt/miden-faucet
+fi
+
+sudo systemctl daemon-reload