add github flows for integrating with origin-deployment (#2)

* add github flows for integrating with origin-deployment * Add dockerfile, add tests in pipeline --------- Co-authored-by: s-a-tanjim <[email protected]>
provenant-dev · Oct 30, 2024 · f0779f5 · f0779f5
1 parent 97427c7
commit f0779f5
Show file tree

Hide file tree

Showing 10 changed files with 295 additions and 9 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,93 @@
+# Git
+.git
+.gitignore
+
+# CI
+.codeclimate.yml
+.travis.yml
+.taskcluster.yml
+
+# Docker
+compose.yml
+.docker
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*/__pycache__/
+*/*/__pycache__/
+*/*/*/__pycache__/
+*.py[cod]
+*/*.py[cod]
+*/*/*.py[cod]
+*/*/*/*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.cache
+nosetests.xml
+coverage.xml
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Virtual environment
+.env/
+.venv/
+venv/
+
+# PyCharm
+.idea
+
+# Python mode for VIM
+.ropeproject
+*/.ropeproject
+*/*/.ropeproject
+*/*/*/.ropeproject
+
+# Vim swap files
+*.swp
+*/*.swp
+*/*/*.swp
+*/*/*/*.swp
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,24 @@
+name: "-"
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: ${{ github.job.name }}
+    runs-on: ${{ vars.RUNNER_TYPE }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build image
+        run: |
+          docker build --file Dockerfile -t ${{ github.sha }} .
+          docker save -o /tmp/${{ github.sha }}.tar ${{ github.sha }}
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ github.sha }}
+          path: /tmp/${{ github.sha }}.tar
+          retention-days: 1
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -0,0 +1,76 @@
+name: Publish & Deploy
+run-name: "${{ inputs.AWS_ENV || 'DEV' }}: ${{ github.event.pull_request.title || github.ref }} ${{ inputs.UUID }}"
+
+on:
+  pull_request:
+    types: [ closed ]
+    branches: [ dev ]
+
+  workflow_dispatch:
+    inputs:
+      AWS_ENV:
+        required: true
+        default: DEV
+        type: choice
+        description: Environment to Deploy
+        options: [ DEV, STAGE, PROD ]
+      UUID:
+        required: false
+        type: string
+        description: UUID of workflow
+
+env:
+  SVC_NAME: "cesr_verifier"
+
+jobs:
+  setup:
+    if: |
+      (contains(github.event.pull_request.title, '[no-deploy]') == false && github.event.pull_request.merged == true) ||
+      inputs.UUID ||
+      github.event_name == 'workflow_dispatch'
+    runs-on: ${{ vars.RUNNER_TYPE }}
+    steps:
+      - run: echo "Dummy"
+    outputs:
+      AWS_ENV: ${{ inputs.AWS_ENV || 'DEV' }}
+      SVC_NAME: ${{ env.SVC_NAME }}
+
+  build:
+    needs: setup
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+
+  tag-push:
+    name: ${{ needs.setup.outputs.AWS_ENV }}
+    needs: [ setup, build ]
+    uses: provenant-dev/github-action-helper/.github/workflows/tag-push.yml@main
+    secrets: inherit
+    with:
+      AWS_ENV: ${{ needs.setup.outputs.AWS_ENV }}
+
+  set-version:
+    name: ${{ needs.setup.outputs.AWS_ENV }}
+    needs: [ setup, tag-push ]
+    uses: provenant-dev/github-action-helper/.github/workflows/set-version.yml@main
+    secrets: inherit
+    with:
+      DEPLOY_ENV: ${{ needs.setup.outputs.AWS_ENV }}
+      RELEASE_VERSION: ${{ needs.tag-push.outputs.RELEASE_VERSION }}
+      SVC_NAME: ${{ needs.setup.outputs.SVC_NAME }}
+
+  publish:
+    name: ${{ needs.setup.outputs.AWS_ENV }}
+    needs: [ setup, tag-push ]
+    uses: provenant-dev/github-action-helper/.github/workflows/publish.yml@main
+    secrets: inherit
+    with:
+      AWS_ENV: ${{ needs.setup.outputs.AWS_ENV }}
+      RELEASE_VERSION: ${{ needs.tag-push.outputs.RELEASE_VERSION }}
+
+  deploy:
+    name: ${{ needs.setup.outputs.AWS_ENV }}
+    needs: [ setup, publish, set-version ]
+    uses: provenant-dev/github-action-helper/.github/workflows/deploy-helm.yml@main
+    secrets: inherit
+    with:
+      AWS_ENV: ${{ needs.setup.outputs.AWS_ENV }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,30 @@
+name: Build, Tests & Push
+run-name: "${{ github.event.pull_request.title || github.ref }} ${{ inputs.UUID }}"
+
+on:
+  pull_request:
+    types: [ opened, synchronize ]
+    branches: [ dev ]
+  workflow_dispatch:
+    inputs:
+      UUID:
+        required: false
+        type: string
+        description: "UUID of workflow"
+
+jobs:
+  build:
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+
+  tests:
+    uses: ./.github/workflows/tests.yml
+    secrets: inherit
+
+  push:
+    needs: build
+    if: ${{ github.event_name != 'pull_request' && !inputs.UUID }}
+    uses: provenant-dev/github-action-helper/.github/workflows/tag-push.yml@main
+    secrets: inherit
+    with:
+      AWS_ENV: 'DEV'
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -0,0 +1,25 @@
+name: Run tests
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  tests:
+    runs-on: ${{ vars.RUNNER_TYPE }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.inputs.branch_name }}
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          pip install -r requirements.txt
+          pip install pytest
+      
+      - name: Run tests
+        run: pytest tests/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,29 @@
+FROM public.ecr.aws/docker/library/python:3.12-alpine3.20 AS base-image
+
+FROM base-image AS builder
+RUN apk add git patch gcc linux-headers musl-dev rustup libsodium-dev
+RUN rustup-init -y && source $HOME/.cargo/env
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+RUN python -m pip install --upgrade pip
+
+WORKDIR /app
+COPY . .
+
+RUN pip install -r requirements.txt
+
+FROM base-image
+
+RUN apk add --no-cache bash patch libsodium-dev jq linux-headers
+
+COPY --from=builder /usr /usr
+
+RUN addgroup --system --gid 1001 origin \
+  && adduser --system --uid 1001 --disabled-password --shell /bin/false -G origin origin
+
+WORKDIR /app
+COPY --from=builder --chown=origin:origin /app /app
+USER origin
+
+ENTRYPOINT [ "verifier" ]
+CMD [ "server", "start", "--config-dir", "scripts", "--config-file", "verifier-config.json", "--http", "10100" ]
diff --git a/README.md b/README.md
@@ -24,5 +24,5 @@ curl -X PUT http://localhost:7676/presentations/EFgXpBg0WwFqdnCV0lHfZqjP-ZAlO4XB
 curl -X PUT http://localhost:7676/presentations/EKLZNI1s8U0PCGG1XtjIX6VV-O6GCtdv1qpFPlEzZJuO -vvvv -H "Content-Type: application/json+cesr" --data "@./tests/data/credential/EKLZNI1s8U0PCGG1XtjIX6VV-O6GCtdv1qpFPlEzZJuO.cesr"
 ```
 
-
-
+## State of the Application
+This service writes data into disk as part of verifying the data. However, we will not consider it a stateful application as those are temporary data.
diff --git a/compose.yml b/compose.yml
@@ -0,0 +1,8 @@
+services:
+  cesr-verifier:
+    image: provenant/cesr-verifier:dev
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - 10100:10100
diff --git a/scripts/keri/cf/verifier-config.json b/scripts/keri/cf/verifier-config.json
@@ -3,13 +3,13 @@
     "iurls": [
     ],
     "durls": [
-      "http://schema.provenant.net:7723/oobi/EBNaNu-M9P5cgrnfl2Fvymy4E_jvxxyjb70PRtiANlJy",
-      "http://schema.provenant.net:7723/oobi/EMhvwOlyEJ9kN4PrwCpr9Jsv7TxPhiYveZ0oP3lJzdEi", 
-      "http://schema.provenant.net:7723/oobi/EKA57bKBKxr_kN7iN5i7lMUxpMG-s19dRcmov1iDxz-E", 
-      "http://schema.provenant.net:7723/oobi/EEy9PkikFcANV1l7EHukCeXqrzT1hNZjGlUk7wuMO5jw",
-      "http://schema.provenant.net:7723/oobi/ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY",
-      "http://schema.provenant.net:7723/oobi/EH6ekLjSr8V32WyFbGe1zXjTzFs9PkTYmupJ9H65O14g",
-      "http://schema.provenant.net:7723/oobi/EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao"
+      "http://schema.origincloud.net/oobi/EBNaNu-M9P5cgrnfl2Fvymy4E_jvxxyjb70PRtiANlJy",
+      "http://schema.origincloud.net/oobi/EMhvwOlyEJ9kN4PrwCpr9Jsv7TxPhiYveZ0oP3lJzdEi", 
+      "http://schema.origincloud.net/oobi/EKA57bKBKxr_kN7iN5i7lMUxpMG-s19dRcmov1iDxz-E", 
+      "http://schema.origincloud.net/oobi/EEy9PkikFcANV1l7EHukCeXqrzT1hNZjGlUk7wuMO5jw",
+      "http://schema.origincloud.net/oobi/ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY",
+      "http://schema.origincloud.net/oobi/EH6ekLjSr8V32WyFbGe1zXjTzFs9PkTYmupJ9H65O14g",
+      "http://schema.origincloud.net/oobi/EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao"
     ],
     "LEIs": [
     ]

diff --git a/src/verifier/app/cli/commands/server/start.py b/src/verifier/app/cli/commands/server/start.py
@@ -22,6 +22,7 @@
 parser.add_argument('-p', '--http',
                     action='store',
                     default=7676,
+                    type=int,
                     help="Port on which to listen for verification requests")
 parser.add_argument('-n', '--name',
                     action='store',