build: reintroduces namespacing for jormungandr/vitss (#173)

Author: jmgilman

.std/automation/devshells/dev/shell-profile

@@ -1 +1 @@
-shell-profile-5-link
+shell-profile-14-link

flake.lock

@@ -5,7 +5,7 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
 
     ## Std ##
-    std.url = "github:divnix/std";
+    std.url = "github:divnix/std/target-in-actions";
     std.inputs.nixpkgs.follows = "nixpkgs";
 
     # Rust overlay

flake.nix

@@ -3,7 +3,7 @@
   cell,
 }: let
   inherit (inputs) nixpkgs std;
-  inherit (inputs.cells.lib) constants;
+  inherit (inputs.cells.lib) lib;
   l = nixpkgs.lib // builtins;
 
   mkArtifact = namespace:
@@ -16,4 +16,4 @@
       '';
     };
 in
-  constants.mapToNamespaces {prefix = "artifacts";} mkArtifact
+  lib.mapToNamespaces "artifacts" mkArtifact

nix/artifacts/artifacts.nix

@@ -3,17 +3,22 @@
   cell,
 }: let
   inherit (inputs) nixpkgs std;
-  inherit (inputs.cells.lib) constants;
+  inherit (inputs.cells.lib) constants lib;
   l = nixpkgs.lib // builtins;
 
-  mkOCI = name: let
-    operable = cell.operables.${name};
+  mkOCI = namespace: let
+    # TODO: fix git rev
+    rev =
+      if (inputs.self.rev != "not-a-commit")
+      then inputs.self.rev
+      else "dirty";
   in
     std.lib.ops.mkStandardOCI {
-      inherit operable;
-      name = "${constants.registry}/${name}";
+      name = "${constants.registry}/jormungandr";
+      tag = "${rev}-${namespace}";
+      operable = cell.operables."jormungandr-${namespace}";
       debug = true;
     };
-in {
-  jormungandr = mkOCI "jormungandr";
-}
+in
+  {}
+  // lib.mapToNamespaces "jormungandr" mkOCI

nix/jormungandr/containers.nix

@@ -4,71 +4,67 @@
 }: let
   inherit (inputs) nixpkgs std;
   inherit (inputs.cells.artifacts) artifacts;
-  inherit (inputs.cells.lib) constants;
+  inherit (inputs.cells.lib) lib;
   l = nixpkgs.lib // builtins;
 
   package = cell.packages.jormungandr;
-in {
-  jormungandr = std.lib.ops.mkOperable {
-    inherit package;
-    # TODO: Remove all the bitte stuff
-    # TODO: update artifact path to correct mount path
-    runtimeScript = ''
-      ulimit -n 1024
 
-      nodeConfig="$NOMAD_TASK_DIR/node-config.json"
-      runConfig="$NOMAD_TASK_DIR/running.json"
-      runYaml="$NOMAD_TASK_DIR/running.yaml"
-
-      chmod u+rwx -R "$NOMAD_TASK_DIR" || true
-
-      function convert () {
+  mkOperable = namespace: let
+    artifacts' = artifacts."artifacts-${namespace}";
+  in
+    std.lib.ops.mkOperable {
+      inherit package;
+      # TODO: Remove all the bitte stuff
+      runtimeScript = ''
+        ulimit -n 1024
+        nodeConfig="$NOMAD_TASK_DIR/node-config.json"
+        runConfig="$NOMAD_TASK_DIR/running.json"
+        runYaml="$NOMAD_TASK_DIR/running.yaml"
         chmod u+rwx -R "$NOMAD_TASK_DIR" || true
-        cp "$nodeConfig" "$runConfig"
-        remarshal --if json --of yaml "$runConfig" > "$runYaml"
-      }
-
-      if [ "$RESET" = "true" ]; then
-        echo "RESET is given, will start from scratch..."
-        rm -rf "$STORAGE_DIR"
-      elif [ -d "$STORAGE_DIR" ]; then
-        echo "$STORAGE_DIR found, not restoring from backup..."
-      else
-        echo "$STORAGE_DIR not found, restoring backup..."
-
-        restic restore latest \
-          --verbose=5 \
-          --no-lock \
-          --tag "$NAMESPACE" \
-          --target / \
-        || echo "couldn't restore backup, continue startup procedure..."
-      fi
-
-      set +x
-      echo "waiting for $REQUIRED_PEER_COUNT peers"
-      until [ "$(jq -e -r '.p2p.trusted_peers | length' < "$nodeConfig" || echo 0)" -ge "$REQUIRED_PEER_COUNT" ]; do
-        sleep 1
-      done
-      set -x
-
-      convert
-
-      if [ -n "$PRIVATE" ]; then
-        echo "Running with node with secrets..."
-        exec ${l.getExe package} \
-          --storage "$STORAGE_DIR" \
-          --config "$NOMAD_TASK_DIR/running.yaml" \
-          --genesis-block "artifacts/block0.bin" \
-          --secret "$NOMAD_SECRETS_DIR/bft-secret.yaml" \
-          "$@" || true
-      else
-        echo "Running with follower node..."
-        exec ${l.getExe package} \
-          --storage "$STORAGE_DIR" \
-          --config "$NOMAD_TASK_DIR/running.yaml" \
-          --genesis-block "artifacts/block0.bin" \
-          "$@" || true
-      fi
-    '';
-  };
-}
+        function convert () {
+          chmod u+rwx -R "$NOMAD_TASK_DIR" || true
+          cp "$nodeConfig" "$runConfig"
+          remarshal --if json --of yaml "$runConfig" > "$runYaml"
+        }
+        if [ "$RESET" = "true" ]; then
+          echo "RESET is given, will start from scratch..."
+          rm -rf "$STORAGE_DIR"
+        elif [ -d "$STORAGE_DIR" ]; then
+          echo "$STORAGE_DIR found, not restoring from backup..."
+        else
+          echo "$STORAGE_DIR not found, restoring backup..."
+          restic restore latest \
+            --verbose=5 \
+            --no-lock \
+            --tag "$NAMESPACE" \
+            --target / \
+          || echo "couldn't restore backup, continue startup procedure..."
+        fi
+        set +x
+        echo "waiting for $REQUIRED_PEER_COUNT peers"
+        until [ "$(jq -e -r '.p2p.trusted_peers | length' < "$nodeConfig" || echo 0)" -ge "$REQUIRED_PEER_COUNT" ]; do
+          sleep 1
+        done
+        set -x
+        convert
+        if [ -n "$PRIVATE" ]; then
+          echo "Running with node with secrets..."
+          exec ${l.getExe package} \
+            --storage "$STORAGE_DIR" \
+            --config "$NOMAD_TASK_DIR/running.yaml" \
+            --genesis-block "${artifacts'}/block0.bin" \
+            --secret "$NOMAD_SECRETS_DIR/bft-secret.yaml" \
+            "$@" || true
+        else
+          echo "Running with follower node..."
+          exec ${l.getExe package} \
+            --storage "$STORAGE_DIR" \
+            --config "$NOMAD_TASK_DIR/running.yaml" \
+            --genesis-block "${artifacts'}/block0.bin" \
+            "$@" || true
+        fi
+      '';
+    };
+in
+  {}
+  // lib.mapToNamespaces "jormungandr" mkOperable

nix/jormungandr/operables.nix

@@ -4,44 +4,33 @@
 }: let
   inherit (inputs) nixpkgs;
   l = nixpkgs.lib // builtins;
+in rec {
+  # The current funding round we are in
+  fundRound = 10;
+
+  # The current SVE round we are in
+  sveRound = 2;
 
+  # List of target environments we generate artifacts for
   envs = [
     "dev"
     "signoff"
     "perf"
     "dryrun"
     "prod"
   ];
-  events = [
-    "fund10"
-    "sve1"
-    "sve2"
-  ];
 
-  mkNamespaces = event: l.map (env: "${event}-${env}") envs;
-in rec {
-  inherit envs events;
-  namespaces = l.flatten (l.map (event: mkNamespaces event) events);
-  registry = "432820653916.dkr.ecr.eu-central-1.amazonaws.com";
+  # A list of all possible round/namespace combinations
+  # fund10-dev, fund10-dryrun, sve2-signoff, sve2-prod, etc.
+  namespaces = let
+    events = [
+      "fund${l.toString fundRound}"
+      "sve${l.toString sveRound}"
+    ];
+    mkNamespaces = event: l.map (env: "${event}-${env}") envs;
+  in
+    l.flatten (l.map (event: mkNamespaces event) events);
 
-  mapToNamespaces = {
-    prefix ? "",
-    suffix ? "",
-  }: fn:
-    l.listToAttrs (
-      l.map
-      (
-        namespace: {
-          name =
-            if prefix != ""
-            then
-              if suffix != ""
-              then "${prefix}-${namespace}-${suffix}"
-              else "${prefix}-${namespace}"
-            else "${namespace}";
-          value = fn namespace;
-        }
-      )
-      namespaces
-    );
+  # The OCI registry we are pushing to
+  registry = "432820653916.dkr.ecr.eu-central-1.amazonaws.com";
 }

nix/lib/constants.nix

@@ -3,6 +3,7 @@
   cell,
 }: let
   inherit (inputs) nixpkgs std;
+  inherit (inputs.cells.lib) constants;
   inherit (cell.toolchains) naersk rustToolchain;
   l = nixpkgs.lib // builtins;
 in rec {
@@ -114,4 +115,19 @@ in rec {
         openssl
       ];
     };
+
+  # Maps a function to all possible namespaces, returning results of the
+  # function calls as an attribute set where the key is `{service}-{namespace}`
+  # and the value is the function result.
+  mapToNamespaces = service: fn:
+    l.listToAttrs (
+      l.map
+      (
+        namespace: {
+          name = "${service}-${namespace}";
+          value = fn namespace;
+        }
+      )
+      constants.namespaces
+    );
 }

nix/lib/lib.nix

@@ -3,17 +3,22 @@
   cell,
 }: let
   inherit (inputs) nixpkgs std;
-  inherit (inputs.cells.lib) constants;
+  inherit (inputs.cells.lib) constants lib;
   l = nixpkgs.lib // builtins;
 
-  mkOCI = name: let
-    operable = cell.operables.${name};
+  mkOCI = namespace: let
+    # TODO: fix git rev
+    rev =
+      if (inputs.self.rev != "not-a-commit")
+      then inputs.self.rev
+      else "dirty";
   in
     std.lib.ops.mkStandardOCI {
-      inherit operable;
-      name = "${constants.registry}/${name}";
+      name = "${constants.registry}/vit-servicing-station-server";
+      tag = "${rev}-${namespace}";
+      operable = cell.operables."vit-servicing-station-server-${namespace}";
       debug = true;
     };
-in {
-  vit-servicing-station-server = mkOCI "vit-servicing-station-server";
-}
+in
+  {}
+  // lib.mapToNamespaces "vit-servicing-station-server" mkOCI

nix/vit-servicing-station/containers.nix

@@ -4,27 +4,26 @@
 }: let
   inherit (inputs) nixpkgs std;
   inherit (inputs.cells.artifacts) artifacts;
-  inherit (inputs.cells.lib) constants;
+  inherit (inputs.cells.lib) lib;
   l = nixpkgs.lib // builtins;
 
-  mkSimpleOperable = {
-    name,
-    runtimeInputs ? [],
-    args ? [],
-  }: let
-    package = cell.packages.${name};
+  package = cell.packages.vit-servicing-station-server;
+
+  mkVitOperable = namespace: let
+    artifacts' = artifacts."artifacts-${namespace}";
   in
     std.lib.ops.mkOperable {
-      inherit package runtimeInputs;
+      inherit package;
+      runtimeInputs = [
+        artifacts'
+      ];
       runtimeScript = std.lib.ops.mkOperableScript {
-        inherit args package;
+        inherit package;
+        args = {
+          "--in-settings-file" = "/local/station-config.json";
+        };
       };
     };
-in {
-  vit-servicing-station-server = mkSimpleOperable {
-    name = "vit-servicing-station-server";
-    args = {
-      "--in-settings-file" = "/local/station-config.json";
-    };
-  };
-}
+in
+  {}
+  // lib.mapToNamespaces "vit-servicing-station-server" mkVitOperable