0xPolygonMiden · Mirko-von-Leipzig · Nov 6, 2024 · Nov 6, 2024 · Nov 6, 2024 · Nov 6, 2024
diff --git a/.github/actions/build_package/action.yml b/.github/actions/build_package/action.yml
@@ -0,0 +1,93 @@
+name: build-package
+description: Builds miden-node and miden-faucet debian packages for the given git reference
+inputs:
+  gitref:
+    required: true
+    description: The git ref to build the packages from.
+
+runs:
+  using: "composite"
+  steps:
+    - name: Identify target git SHA
+      id: git-sha
+      shell: bash
+      run: |
+        if git show-ref -q --verify "refs/remotes/origin/$gitref" 2>/dev/null; then
+          echo "sha=$(git show-ref --hash --verify "refs/remotes/origin/$gitref")" >> $GITHUB_OUTPUT
+        elif git show-ref -q --verify "refs/tags/$gitref" 2>/dev/null; then
+          echo "sha=$(git show-ref --hash --verify "refs/tags/$gitref")" >> $GITHUB_OUTPUT
+        elif git rev-parse --verify "$gitref^{commit}" >/dev/null 2>&1; then
+          echo "sha=$(git rev-parse --verify "$gitref^{commit})" >> $GITHUB_OUTPUT
+        else
+          echo "::error Unknown git reference type"
+          # exit 1
+        fi
+
+    - name: Build binaries
+      run: |
+        cargo install miden-node   --locked --features testing --git ${{ github.repositoryUrl }} --rev ${{ steps.git-sha.outputs.sha }}
+        cargo install miden-faucet --locked --features testing --git ${{ github.repositoryUrl }} --rev ${{ steps.git-sha.outputs.sha }}
+
+    - name: Create package directories
+      run: |
+        mkdir -p \
+          packaging/deb/miden-node/DEBIAN \
+          packaging/deb/miden-node/usr/bin\
+          packaging/deb/miden-node/lib/systemd/system\
+          packaging/deb/miden-node/etc/miden\
+          packaging/deb/miden-node/opt/miden/miden-faucet
+
+        mkdir -p \
+          packaging/deb/miden-faucet/DEBIAN \
+          packaging/deb/miden-faucet/usr/bin\
+          packaging/deb/miden-faucet/lib/systemd/system\
+          packaging/deb/miden-faucet/etc/miden\
+          packaging/deb/miden-faucet/opt/miden/miden-faucet
+
+    - name: Copy binary files
+      run: |
+        cp -p $CARGO_HOME/bin/miden-node   packaging/deb/miden-node/urs/bin/
+        cp -p $CARGO_HOME/bin/miden-faucet packaging/deb/miden-faucet/urs/bin/
+
+    # These have to be downloaded as the current repo source isn't necessarily the target git reference.
+    - name: Copy package install scripts
+      run: |
+        git show ${{ steps.git-sha.outputs.sha }}:packaging/miden-node.service   > packaging/deb/miden-node/lib/systemd/system/miden-node.service
+        git show ${{ steps.git-sha.outputs.sha }}:packaging/postinst             > packaging/deb/miden-node/DEBIAN/postinst
+        git show ${{ steps.git-sha.outputs.sha }}:packaging/postrm               > packaging/deb/miden-node/DEBIAN/postrm
+        git show ${{ steps.git-sha.outputs.sha }}:packaging/miden-faucet.service > packaging/deb/miden-faucet/lib/systemd/system/miden-faucet.service
+        git show ${{ steps.git-sha.outputs.sha }}:packaging/postinst             > packaging/deb/miden-faucet/DEBIAN/postinst
+        git show ${{ steps.git-sha.outputs.sha }}:packaging/postrm               > packaging/deb/miden-faucet/DEBIAN/postrm
+
+    - name: Create control files
+      run: |
+        cat > packaging/deb/miden-node/DEBIAN/control << EOF
+        Package: miden-node
+        Version: ${{ inputs.gitref }} 
+        Section: base
+        Priority: optional
+        Architecture: $(uname -m)
+        Maintainer: Polygon Devops <[email protected]>
+        Description: miden-node binary package
+        Homepage: https://polygon.technology/polygon-miden
+        Vcs-Git: [email protected]:0xPolygonMiden/miden-node.git
+        Vcs-Browser: https://github.com/0xPolygonMiden/miden-node
+        EOF
+
+        cat > packaging/deb/miden-faucet/DEBIAN/control << EOF
+        Package: miden-faucet
+        Version: ${{ inputs.gitref }} 
+        Section: base
+        Priority: optional
+        Architecture: $(uname -m)
+        Maintainer: Polygon Devops <[email protected]>
+        Description: miden-faucet binary package
+        Homepage: https://polygon.technology/polygon-miden
+        Vcs-Git: [email protected]:0xPolygonMiden/miden-node.git
+        Vcs-Browser: https://github.com/0xPolygonMiden/miden-node
+        EOF
+
+    - name: Build packages
+      run: |
+        dpkg-deb --build --root-owner-group packaging/deb/miden-node
+        dpkg-deb --build --root-owner-group packaging/deb/miden-faucet
diff --git a/.github/workflows/arm_deb_packager.yml b/.github/workflows/arm_deb_packager.yml
@@ -181,15 +181,4 @@ jobs:
             echo "account_id=MIDEN_DEV_ACCOUNT_ID" >> $GITHUB_OUTPUT
             echo "instance_id=DEVNET_INSTANCE_TF" >> $GITHUB_OUTPUT
           fi
-
-
-  deploy:
-    name: Deploy to ${{ needs.build_package.outputs.target }}
-    needs: build_package
-    uses: ./.github/workflows/deploy_package.yml
-    with:
-      target: ${{ needs.build_package.outputs.target }}
-      tag: ${{ needs.build_package.outputs.tag }}
-      account_id: ${{ needs.build_package.outputs.account_id }}
-      instance_id: ${{ needs.build_package.outputs.instance_id }}
-    secrets: inherit
+
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,154 @@
+name: Deploy
+run-name: Deploy ${{ inputs.network }} - ${{ inputs.gitref }}
+on:
+  workflow_dispatch:
+    inputs:
+      network:
+        description: 'Deployment instance'
+        required: true
+        type: choice
+        options:
+          - testnet
+          - devnet
+
+      gitref:
+        description: 'Version, commit or other gitref to deploy'
+        required: true
+        type: string
+
+      architecture:
+        description: 'Instance architecture'
+        type: choice
+        options:
+          - arm64
+        default: 'arm64'
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  deploy:
+    # Select the runner based on the input architecture using github workflows ternary operator.
+    runs-on:
+      labels: ${{ inputs.architecture == 'arm64' && 'ubuntu22-arm-4core' || ubuntu-latest }}
+
+    env:
+      # Define the instance information.
+      account-id: MIDEN_DEV_ACCOUNT_ID
+      oicdrole: midendev 
+      instance-id: ${{ inputs.network == 'testnet' && 'TESTNET_INSTANCE_TF' || 'DEVNET_INSTANCE_TF' }}
+
+      # Define the expected package names.
+      node-package:   miden-node-${{ inputs.gitref }}-${{ inputs.architecture }}.deb
+      faucet-package: miden-faucet-${{ inputs.gitref }}-${{ inputs.architecture }}.deb
+
+      # S3 path where packages are stored; used to send packages to instance as this isn't trivially possible directly.
+      s3-path: s3://release-artifacts-${{ secrets[env.account-id] }}
+
+    steps:
+      # Checkout repo so we have access to the required workflow actions.
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      # Download from github if its a version tag referece.
+      - name: Download packages from releases
+        if: ${{ startsWith(inputs.gitref, 'v') }}
+        run: |
+          gh release ${{ inputs.gitref }} download ${{ env.node-package }}
+          gh release ${{ inputs.gitref }} download ${{ env.node-package }}.checksum
+          gh release ${{ inputs.gitref }} download ${{ env.faucet-package }}
+          gh release ${{ inputs.gitref }} download ${{ env.faucet-package }}.checksum
+
+          sha256 --check ${{ env.node-package }}.checksum
+          sha256 --check ${{ env.faucet-package }}.checksum
+
+      # Otherwise build the packages from source.
+      #
+      # Note that we cannot build from the currently checked out repo source since that source
+      # defines our workflow actions, and not the compilation source target. For this reason we
+      # prefer building the binary using `cargo install ...`.
+      - name: Build package
+        if: ${{ !startsWith(inputs.gitref, 'v') }}
+        run: |
+          echo "::error Non-release deployment currently not supported"
+          exit 1
+
+      # Configure AWS communication via SSM.
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with: 
+          aws-region: eu-west-1
+          role-to-assume: "arn:aws:iam::${{ secrets[env.account-id] }}:role/${{ env.oidcrole }}-GithubActionsRole"
+          role-session-name: GithubActionsSession
+
+      - name: Install awscli
+        uses: ./.github/actions/ssm_execute
+        with:
+          instance_id: ${{ secrets[env.instance-id] }}
+          command: |
+            sudo apt udpate; \
+            sudo apt install awscli -y
+
+      # Move packages to instance using S3.
+      # TODO: does this fail if the files already exist?
+      - name: Upload packages to S3
+        run: |
+          aws s3 cp ${{ env.node-package }} ${{ env.s3-path }}/${{ env.node-package }}
+          aws s3 cp ${{ env.node-faucet }} ${{ env.s3-path }}/${{ env.node-faucet }}
+
+      # TODO: does this fail if the files already exist?
+      - name: Download packages to instance
+        uses: ./.github/actions/ssm_execute
+        with:
+          instance_id: ${{ secrets[env.instance-id] }}
+          command: |
+            aws s3 cp ${{ env.s3-path }}/${{ env.node-package }}   ${{ env.node-package}}; \
+            aws s3 cp ${{ env.s3-path }}/${{ env.faucet-package }} ${{ env.faucet-package}}
+
+      # Install and launch services on the instance.
+      - name: Stop miden services
+        uses: ./.github/actions/ssm_execute
+        with:
+          instance_id: ${{ secrets[env.instance-id] }}
+          command: |
+            sudo systemctl stop miden-node; \
+            sudo systemctl stop miden-faucet; \
+            sudo apt remove miden-node miden-faucet -y; \
+            sudo rm -f miden-*
+
+      - name: Install packages
+        uses: ./.github/actions/ssm_execute
+        with:
+          instance_id: ${{ secrets[env.instance-id] }}
+          command: |
+            dpkg -i ${{ env.node-package }}; \
+            dpkg -i ${{ env.faucet-package }} 
+
+      - name: Configure environment
+        uses: ./.github/actions/ssm_execute
+        with:
+          instance_id: ${{ secrets[env.instance-id] }}
+          command: |
+            sudo chown -R miden /opt/miden; \
+            sudo /usr/bin/miden-node init -c /etc/miden/miden-node.toml -g /opt/miden/miden-node/genesis.toml; \
+            sudo /usr/bin/miden-node make-genesis -i /opt/miden/miden-node/genesis.toml -o /opt/miden/miden-node/genesis.dat --force; \
+            sudo /usr/bin/miden-faucet init -c /opt/miden/miden-faucet/miden-faucet.toml -f /opt/miden/miden-node/accounts/faucet.mac
+
+      - name: Start miden node service
+        uses: ./.github/actions/ssm_execute
+        with:
+          instance_id: ${{ secrets[env.instance-id] }}
+          command: |
+              sudo systemctl daemon-reload; \
+              sudo systemctl start miden-node
+
+      - name: Start miden faucet service
+        uses: ./.github/actions/ssm_execute
+        with:
+          instance_id: ${{ secrets[env.instance-id] }}
+          command: |
+            sudo systemctl daemon-reload; \
+            sudo systemctl start miden-faucet