ORA-190 Refactor upshot-compute-node Dockerfile and push to ECS

.github/workflows/deploy_aws_staging.yml

@@ -0,0 +1,61 @@
+# This workflow will build and push a new container image to Amazon ECR,
+# and then will deploy a new task definition to Amazon ECS which will be run by Fargate when a release is created
+name: Deploy to Staging Amazon ECS
+
+on:
+  push:
+    branches:
+      - staging
+      - vlad/ora-190-ensure-all-repos-are-deployable-on-aws-cloud-with-a-merge
+
+concurrency:
+  group: ${{ github.ref  }}
+  cancel-in-progress: true
+jobs:
+  deploy-staging:
+    name: Deploy to staging
+    runs-on: ubuntu-latest
+    environment: staging
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push image to Amazon ECR
+        id: compute-node-build-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: upshot-compute-node-staging
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          # Build a docker container and push it to ECR so that it can be deployed to ECS.
+          docker build -f docker/Dockerfile --build-arg "ghcr_token=${{ secrets.GHCR_TOKEN }}" -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> "$GITHUB_OUTPUT"
+
+      - name: Fill in the new image ID in the Amazon ECS task definition
+        id: compute-node-task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: infra/staging-task-def.json
+          container-name: upshot-compute-node
+          image: ${{ steps.compute-node-build-image.outputs.image }}
+
+      - name: upshot-compute-node - Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        with:
+          task-definition: ${{ steps.compute-node-task-def.outputs.task-definition }}
+          service: upshot-compute-node
+          cluster: upshot-backend-staging
+          # wait-for-service-stability: true

docker/Dockerfile

@@ -1,39 +1,67 @@
-FROM --platform=linux/amd64 ubuntu:latest 
+FROM --platform=linux/amd64 golang:1.21-bookworm AS builder
+
+WORKDIR /src
+
+ADD . /src
+
+RUN go mod download && \
+    make all
+
+###########################
+FROM --platform=linux/amd64 debian:bookworm-slim
 
 ARG ghcr_token
 
 WORKDIR /app
 
 ## curl, unzip other utilities
-RUN apt-get update && \
-  apt-get install --no-install-recommends --assume-yes curl unzip pv ca-certificates gnupg2 python3 python3-pip
+RUN apt update && \
+    apt -y dist-upgrade && \
+    apt install -y --no-install-recommends \
+      tzdata \
+      curl \
+      unzip \
+      pv \
+      ca-certificates \
+      gnupg2 \
+      python3 \
+      python3-pip && \
+    rm -rf /var/cache/apt/*
 
 # gomplete for updating config with env vars
-RUN curl -o ./gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64
-RUN chmod 755 gomplate
+RUN curl -o ./gomplate -sSL https://github.com/hairyhenderson/gomplate/releases/download/v3.10.0/gomplate_linux-amd64 && \
+    chmod 755 gomplate
 
 # get the runtime
-RUN curl -o ./runtime.tar.gz -sSL https://github.com/blocklessnetwork/runtime/releases/download/v0.3.1/blockless-runtime.ubuntu-20.04.x86_64.tar.gz
-RUN mkdir /app/runtime && tar -xvkf ./runtime.tar.gz -C /app/runtime
-RUN python3 -m pip install --upgrade pip
+RUN curl -o ./runtime.tar.gz -sSL https://github.com/blocklessnetwork/runtime/releases/download/v0.3.1/blockless-runtime.ubuntu-20.04.x86_64.tar.gz && \
+    mkdir /app/runtime && \
+    tar -xvkf ./runtime.tar.gz -C /app/runtime && \
+    rm ./runtime.tar.gz
+
 
 # get the upshot-extension
-RUN curl -L -s -H "Authorization: token ${ghcr_token}" -H 'Accept:application/octet-stream' "https://api.github.com/repos/upshot-tech/upshot-blockless-extension/releases/assets/142012669" -o upshot-extension.tar.gz
-RUN mkdir /app/runtime/extensions && tar -xvkf ./upshot-extension.tar.gz -C /app/runtime/extensions
+RUN curl -L -s -H "Authorization: token ${ghcr_token}" -H 'Accept:application/octet-stream' \
+      "https://api.github.com/repos/upshot-tech/upshot-blockless-extension/releases/assets/142012669" \
+      -o upshot-extension.tar.gz && \
+    mkdir /app/runtime/extensions && \
+    tar -xvkf ./upshot-extension.tar.gz -C /app/runtime/extensions && \
+    rm ./upshot-extension.tar.gz
 
 # libssl 1.1
-RUN curl -o ./libssl.deb -sSL http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb
-RUN dpkg -i ./libssl.deb
+RUN curl -o ./libssl.deb -sSL http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4_amd64.deb && \
+    dpkg -i ./libssl.deb && \
+    rm ./libssl.deb
 
 # Install AWS CLI so we can use to backup to IPFS s3 compatible storage providers
-RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
-  && unzip awscliv2.zip -d /usr/src && rm -f awscliv2.zip \
-  && /usr/src/aws/install --bin-dir /usr/bin
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
+    unzip awscliv2.zip -d /usr/src && \
+    rm -f awscliv2.zip && \
+    /usr/src/aws/install --bin-dir /usr/bin
 
-## setup 
+## setup
 RUN mkdir /app/keys
-COPY ./dist/upshot-node upshot-node
-COPY ./dist/upshot-keys upshot-keys
+COPY --from=builder /src/dist/upshot-node upshot-node
+COPY --from=builder /src/dist/upshot-keys upshot-keys
 
 ## run script
 COPY ./docker/run.sh ./run.sh
@@ -47,9 +75,12 @@ ENV KEY_PASSWORD=""
 ENV CHAIN_RPC_NODE="http://0.0.0.0:26657"
 ENV NODE_KEY_PATH=/app/keys/priv.bin
 ENV WORKSPACE_ROOT=/tmp/node
-ENV RUNETIME_PATH=/app/runtime 
+ENV RUNETIME_PATH=/app/runtime
 ENV REST_API=8080
 ENV P2P_PORT=9527
 
+EXPOSE 8080 9527
+# VOLUME ${APP_PATH}
+
 ## run script
-ENTRYPOINT ["/app/run.sh"]
+ENTRYPOINT ["/app/run.sh"]

infra/staging-task-def.json

@@ -0,0 +1,31 @@
+{
+    "executionRoleArn": "arn:aws:iam::696230526504:role/ecsTaskExecutionRole",
+    "containerDefinitions": [
+        {
+            "image": "696230526504.dkr.ecr.us-east-1.amazonaws.com/upshot-compute-node-staging",
+            "essential": true,
+            "name": "upshot-compute-node",
+            "portMappings": [
+                {
+                    "hostPort": 8080,
+                    "protocol": "tcp",
+                    "containerPort": 8080
+                },
+                {
+                    "hostPort": 9527,
+                    "protocol": "tcp",
+                    "containerPort": 9527
+                }
+            ],
+            "mountPoints": []
+        }
+    ],
+    "taskRoleArn": "arn:aws:iam::696230526504:role/ECS_TASK_ROLE",
+    "family": "upshot-compute-node-staging",
+    "requiresCompatibilities": [
+        "FARGATE"
+    ],
+    "networkMode": "awsvpc",
+    "cpu": "512",
+    "memory": "1024"
+}