Pass private keys in txt format (#37)

.github/workflows/build_push_ecr.yml

@@ -46,7 +46,22 @@ jobs:
             EXTRA_IMAGE_TAGS="${EXTRA_IMAGE_TAGS};latest"
           fi
 
+          # compute-node HEADS
+          ECR_REPOSITORY_HEAD="${ECR_REPOSITORY}-head"
+
+          docker build --pull -f docker/Dockerfile_head \
+              --build-arg "GH_TOKEN=${{ secrets.GHCR_TOKEN }}" \
+              -t $ECR_REGISTRY/$ECR_REPOSITORY_HEAD:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY_HEAD:$IMAGE_TAG
+
+          # Build and PUSH additional tags
+          for tag in $(echo $EXTRA_IMAGE_TAGS| tr ";" "\n"); do
+            docker tag $ECR_REGISTRY/$ECR_REPOSITORY_HEAD:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY_HEAD:$tag
+            docker push $ECR_REGISTRY/$ECR_REPOSITORY_HEAD:$tag
+          done
+
           # Build a docker container and push it to ECR so that it can be deployed to ECS.
+          # compute-node workers
           docker build --pull -f docker/Dockerfile \
               --build-arg "GH_TOKEN=${{ secrets.GHCR_TOKEN }}" \
               -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .

cmd/keys/main.go

@@ -14,9 +14,9 @@ import (
 const (
 	privKeyName        = "priv.bin"
 	pubKeyName         = "pub.bin"
+	privKeyTxtName     = "priv.txt"
 	pubKeyTxtName      = "pubkey.txt"
 	identityName       = "identity"
-	peerIDFileName     = "peerid.txt"
 	privKeyPermissions = 0600
 	pubKeyPermissions  = 0644
 )
@@ -96,23 +96,25 @@ func LoadOrCreateKeys(privKeyFile string, outputDir string) (crypto.PrivKey, cry
 		log.Fatalf("Could not write public key text to file: %s", err)
 	}
 
+	// Write peer ID to file
 	identityFile := filepath.Join(outputDir, identityName)
 	err = os.WriteFile(identityFile, []byte(identity.String()), pubKeyPermissions)
 	if err != nil {
 		log.Fatalf("Could not write identity to file: %s", err)
 	}
 
+	// Private key binary
 	privKeyFile = filepath.Join(outputDir, privKeyName)
 	err = os.WriteFile(privKeyFile, privPayload, privKeyPermissions)
 	if err != nil {
 		log.Fatalf("Could not write private key to file: %s", err)
 	}
-
-	// Write peer ID to file
-	peerIDFile := filepath.Join(outputDir, peerIDFileName)
-	err = os.WriteFile(peerIDFile, []byte(identity.String()), pubKeyPermissions)
+	// Private ke txt
+	privKeyTextFile := filepath.Join(outputDir, privKeyTxtName)
+	privKeyBase64 := base64.StdEncoding.EncodeToString(privPayload)
+	err = os.WriteFile(privKeyTextFile, []byte(privKeyBase64), privKeyPermissions)
 	if err != nil {
-		log.Fatalf("Could not write peer ID to file: %s", err)
+		log.Fatalf("Could not write private key text to file: %s", err)
 	}
 
 	return priv, pub, nil

docker/Dockerfile_head

@@ -0,0 +1,40 @@
+FROM --platform=linux/amd64 golang:1.21-bookworm AS builder
+
+WORKDIR /src
+ADD . /src
+
+ARG GH_TOKEN
+
+RUN git config --global url."https://${GH_TOKEN}@github.com".insteadOf "https://github.com"
+ENV GOPRIVATE="github.com/upshot-tech/"
+
+RUN go mod download && \
+    make all
+
+###########################
+FROM --platform=linux/amd64 debian:bookworm-slim
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    USERNAME=appuser \
+    APP_PATH=/data
+
+## curl, unzip other utilities
+RUN apt update && \
+    apt -y dist-upgrade && \
+    apt install -y --no-install-recommends \
+      tzdata \
+      ca-certificates && \
+    rm -rf /var/cache/apt/*
+
+COPY --from=builder /src/dist/upshot-node /usr/local/bin/upshot-node
+COPY --from=builder /src/dist/upshot-keys /usr/local/bin/upshot-keys
+
+RUN groupadd -g 1001 ${USERNAME} \
+    && useradd -m -d ${APP_PATH} -u 1001 -g 1001 ${USERNAME}
+
+USER ${USERNAME}
+
+VOLUME ${APP_PATH}
+EXPOSE 8080 9527
+
+ENTRYPOINT ["upshot-node"]