Skip to content

Commit 5b7158f

Browse files
akandic47akandic47
committed
chore: migrate staging deployment to env variables (#163)
Replace base64-encoded config files with individual SYG_* environment variables in the staging workflow and docker-compose.
1 parent 3b1d493 commit 5b7158f

3 files changed

Lines changed: 79 additions & 27 deletions

File tree

.github/workflows/deploy-portainer-staging.yml

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -53,13 +53,21 @@ jobs:
5353
DOCKER_COMPOSE_PATH: ./deploy/docker-compose.staging.yml
5454
# export here all secrets used in the docker-compose environment
5555
SIGNING_IMAGE_VERSION: ${{ github.event.inputs.image_version || 'latest' }}
56-
CONFIG_1_FULL: ${{ secrets.CONFIG_1_FULL }}
57-
CONFIG_2_FULL: ${{ secrets.CONFIG_2_FULL }}
58-
CONFIG_3_FULL: ${{ secrets.CONFIG_3_FULL }}
56+
SPRINTER_SIGNING_DOMAIN: ${{ secrets.SPRINTER_SIGNING_DOMAIN }}
57+
# Shared across all relayers
58+
SYG_CHAINS: ${{ secrets.SYG_CHAINS }}
59+
SYG_RELAYER_SOLVERCONFIG_ACCESSKEY: ${{ secrets.SYG_RELAYER_SOLVERCONFIG_ACCESSKEY }}
60+
SYG_RELAYER_SOLVERCONFIG_SECRETKEY: ${{ secrets.SYG_RELAYER_SOLVERCONFIG_SECRETKEY }}
61+
SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY: ${{ secrets.SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY }}
62+
SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY: ${{ secrets.SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY }}
63+
SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL: ${{ secrets.SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL }}
64+
# Per-relayer secrets
65+
SYG_RELAYER_MPCCONFIG_KEY_1: ${{ secrets.SYG_RELAYER_MPCCONFIG_KEY_1 }}
5966
KEYSHARE_1: ${{ secrets.KEYSHARE_1 }}
60-
KEYSHARE_2: ${{ secrets.KEYSHARE_2}}
67+
SYG_RELAYER_MPCCONFIG_KEY_2: ${{ secrets.SYG_RELAYER_MPCCONFIG_KEY_2 }}
68+
KEYSHARE_2: ${{ secrets.KEYSHARE_2 }}
69+
SYG_RELAYER_MPCCONFIG_KEY_3: ${{ secrets.SYG_RELAYER_MPCCONFIG_KEY_3 }}
6170
KEYSHARE_3: ${{ secrets.KEYSHARE_3 }}
62-
SPRINTER_SIGNING_DOMAIN: ${{ secrets.SPRINTER_SIGNING_DOMAIN }}
6371
run: |
6472
envsubst < ${DOCKER_COMPOSE_PATH} > docker-compose.rendered.yml
6573
echo "Rendered docker-compose"

deploy/.env.staging.template

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
SIGNING_IMAGE_VERSION=
2+
SPRINTER_SIGNING_DOMAIN=
3+
4+
# Shared across all relayers
5+
SYG_CHAINS=
6+
SYG_RELAYER_SOLVERCONFIG_ACCESSKEY=
7+
SYG_RELAYER_SOLVERCONFIG_SECRETKEY=
8+
SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY=
9+
SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY=
10+
SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL=
11+
12+
# Per-relayer secrets
13+
SYG_RELAYER_MPCCONFIG_KEY_1=
14+
KEYSHARE_1=
15+
16+
SYG_RELAYER_MPCCONFIG_KEY_2=
17+
KEYSHARE_2=
18+
19+
SYG_RELAYER_MPCCONFIG_KEY_3=
20+
KEYSHARE_3=

deploy/docker-compose.staging.yml

Lines changed: 46 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,26 @@
11
services:
22
relayer1:
33
image: ghcr.io/sprintertech/sprinter-signing:${SIGNING_IMAGE_VERSION}
4-
command:
4+
command:
55
- |
66
mkdir -p /cfg/keyshares
7-
echo $${${no_var}CONFIG_FULL} | base64 --decode > $${${no_var}CONFIG_PATH}
8-
echo $${${no_var}KEYSHARE} | base64 --decode > $${${no_var}KEYSHARE_PATH}
9-
/signing run --config $${${no_var}CONFIG_PATH} --staging
7+
printenv KEYSHARE > "$${SYG_RELAYER_MPCCONFIG_KEYSHAREPATH}"
8+
/signing run --config env --staging
109
entrypoint: ["/bin/sh", "-c"]
1110
environment:
12-
- CONFIG_FULL=${CONFIG_1_FULL}
11+
- SYG_RELAYER_MPCCONFIG_KEY=${SYG_RELAYER_MPCCONFIG_KEY_1}
12+
- SYG_RELAYER_MPCCONFIG_KEYSHAREPATH=/cfg/keyshares/0.keyshare
1313
- KEYSHARE=${KEYSHARE_1}
14-
- CONFIG_PATH=/cfg/config_1.json
15-
- KEYSHARE_PATH=/cfg/keyshares/0.keyshare
14+
- SYG_RELAYER_MPCCONFIG_PORT=9000
15+
- SYG_RELAYER_MPCCONFIG_COMMHEALTHCHECKINTERVAL=1h
16+
- SYG_RELAYER_LOGLEVEL=debug
17+
- SYG_CHAINS=${SYG_CHAINS}
18+
- SYG_RELAYER_SOLVERCONFIG_ACCESSKEY=${SYG_RELAYER_SOLVERCONFIG_ACCESSKEY}
19+
- SYG_RELAYER_SOLVERCONFIG_SECRETKEY=${SYG_RELAYER_SOLVERCONFIG_SECRETKEY}
20+
- SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY=${SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY}
21+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY=${SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY}
22+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL=${SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL}
23+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_PATH=topology-1
1624
- VIRTUAL_HOST=${SPRINTER_SIGNING_DOMAIN}
1725
labels:
1826
logging: "alloy"
@@ -26,40 +34,56 @@ services:
2634

2735
relayer2:
2836
image: ghcr.io/sprintertech/sprinter-signing:${SIGNING_IMAGE_VERSION}
29-
command:
37+
command:
3038
- |
3139
mkdir -p /cfg/keyshares
32-
echo $${${no_var}CONFIG_FULL} | base64 --decode > $${${no_var}CONFIG_PATH}
33-
echo $${${no_var}KEYSHARE} | base64 --decode > $${${no_var}KEYSHARE_PATH}
34-
/signing run --config $${${no_var}CONFIG_PATH} --staging
40+
printenv KEYSHARE > "$${SYG_RELAYER_MPCCONFIG_KEYSHAREPATH}"
41+
/signing run --config env --staging
3542
entrypoint: ["/bin/sh", "-c"]
3643
environment:
37-
- CONFIG_FULL=${CONFIG_2_FULL}
44+
- SYG_RELAYER_MPCCONFIG_KEY=${SYG_RELAYER_MPCCONFIG_KEY_2}
45+
- SYG_RELAYER_MPCCONFIG_KEYSHAREPATH=/cfg/keyshares/1.keyshare
3846
- KEYSHARE=${KEYSHARE_2}
39-
- CONFIG_PATH=/cfg/config_2.json
40-
- KEYSHARE_PATH=/cfg/keyshares/1.keyshare
47+
- SYG_RELAYER_MPCCONFIG_PORT=9000
48+
- SYG_RELAYER_MPCCONFIG_COMMHEALTHCHECKINTERVAL=1h
49+
- SYG_RELAYER_LOGLEVEL=debug
50+
- SYG_CHAINS=${SYG_CHAINS}
51+
- SYG_RELAYER_SOLVERCONFIG_ACCESSKEY=${SYG_RELAYER_SOLVERCONFIG_ACCESSKEY}
52+
- SYG_RELAYER_SOLVERCONFIG_SECRETKEY=${SYG_RELAYER_SOLVERCONFIG_SECRETKEY}
53+
- SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY=${SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY}
54+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY=${SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY}
55+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL=${SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL}
56+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_PATH=topology-2
4157
labels:
4258
logging: "alloy"
4359
logging_jobname: "containerlogs"
4460
service_name: "signing_relayer_2_staging"
45-
restart: always
4661
ports:
4762
- 3001:3000
63+
restart: always
4864

4965
relayer3:
5066
image: ghcr.io/sprintertech/sprinter-signing:${SIGNING_IMAGE_VERSION}
51-
command:
67+
command:
5268
- |
5369
mkdir -p /cfg/keyshares
54-
echo $${${no_var}CONFIG_FULL} | base64 --decode > $${${no_var}CONFIG_PATH}
55-
echo $${${no_var}KEYSHARE} | base64 --decode > $${${no_var}KEYSHARE_PATH}
56-
/signing run --config $${${no_var}CONFIG_PATH} --staging
70+
printenv KEYSHARE > "$${SYG_RELAYER_MPCCONFIG_KEYSHAREPATH}"
71+
/signing run --config env --staging
5772
entrypoint: ["/bin/sh", "-c"]
5873
environment:
59-
- CONFIG_FULL=${CONFIG_3_FULL}
74+
- SYG_RELAYER_MPCCONFIG_KEY=${SYG_RELAYER_MPCCONFIG_KEY_3}
75+
- SYG_RELAYER_MPCCONFIG_KEYSHAREPATH=/cfg/keyshares/2.keyshare
6076
- KEYSHARE=${KEYSHARE_3}
61-
- CONFIG_PATH=/cfg/config_3.json
62-
- KEYSHARE_PATH=/cfg/keyshares/2.keyshare
77+
- SYG_RELAYER_MPCCONFIG_PORT=9000
78+
- SYG_RELAYER_MPCCONFIG_COMMHEALTHCHECKINTERVAL=1h
79+
- SYG_RELAYER_LOGLEVEL=debug
80+
- SYG_CHAINS=${SYG_CHAINS}
81+
- SYG_RELAYER_SOLVERCONFIG_ACCESSKEY=${SYG_RELAYER_SOLVERCONFIG_ACCESSKEY}
82+
- SYG_RELAYER_SOLVERCONFIG_SECRETKEY=${SYG_RELAYER_SOLVERCONFIG_SECRETKEY}
83+
- SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY=${SYG_RELAYER_COINMARKETCAPCONFIG_APIKEY}
84+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY=${SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_ENCRYPTIONKEY}
85+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL=${SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_URL}
86+
- SYG_RELAYER_MPCCONFIG_TOPOLOGYCONFIGURATION_PATH=topology-3
6387
labels:
6488
logging: "alloy"
6589
logging_jobname: "containerlogs"

0 commit comments

Comments
 (0)