feat: BE docker deployment

Author: bogdan-manole

Dockerfile.web

@@ -1,10 +1,7 @@
 FROM node:16
 
-RUN git clone https://github.com/input-output-hk/dapps-certification.git
-RUN mv dapps-certification app
 WORKDIR /app/
-RUN git checkout develop
-WORKDIR /app/react-web
+COPY react-web /app
 COPY ./docker-files/.env.local .
 RUN npm install
 
@@ -13,5 +10,9 @@ RUN sed -i 's/https:\/\/input-output-hk.github.io\/dapps-certification/http:\/\/
 #"proxy": "https://testing.dapps.iog.io/"
 RUN sed -i 's/https:\/\/testing.dapps.iog.io/http:\/\/localhost:3000/g'  package.json
 
-#ENTRYPOINT [ "/bin/sh" ]
+COPY ./docker-files/start_web.sh .
+RUN chmod +x ./start_web.sh
+
+ENTRYPOINT [ "./start_web.sh" ]
+#ENTRYPOINT [ "/bin/sh","-c","./start_web.sh"]
 CMD [ "npm","start" ]

Dockerfile.ws

@@ -214,6 +214,7 @@ logHandleText :: (MonadUnliftIO m)
 logHandleText backend addLogEntry h = go
   where
     go = do
+      liftIO $ hSetEncoding h utf8
       acqEv <- acquireEvent backend ReadingHandleLog
       join $ with acqEv \ev -> do
         chunk <- liftIO $ hGetChunk h

dapps-certification-helpers/src/IOHK/Certification/Actions.hs

@@ -1,16 +1,10 @@
 version: "3.9"
 services:
-  plutus-certification-ws:
-    build:
-      context: .
-      dockerfile: Dockerfile.ws
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    ports:
-      - "9671:9671"
   plutus-certification-web:
     build:
       context: .
       dockerfile: Dockerfile.web
+    environment:
+      - REACT_APP_BASE_URL=https://google.com:8080
     ports:
       - "3000:3000"

docker-compose.yml

@@ -0,0 +1,8 @@
+ WALLET_ADDRESS=addr_test1qphgqts20fhx0yx7ug42xehcnryukchy5k7hpaksgxax2fzt5w2gu33s8wrw3c9tjs97dr5pulsvf39e56v7c9ar39asptcrtp \
+ WALLET_ID=73857344a0cf884fe044abfe85660cc9a81f6366 \
+ WALLET_PASSPHRASE=test123456 \
+ WALLET_URL="http://192.168.2.128:8090" \
+ WALLET_CERTIFICATION_PRICE=1000000 \
+ JWT_SECRET2=secret \
+ PORT=80 \
+ nix run .#runDockerImage

docker-files/run.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+#REACT_APP_BASE_URL="http://localhost:9671"
+echo $REACT_APP_BASE_URL
+npm start
+
+

docker-files/start_web.sh

@@ -12,7 +12,99 @@
   in flake-utils.lib.eachSystem supportedSystems (system: let
     overlays = [ haskellNix.overlay ];
 
+    #***************************************************************************************
+    # Docker image
+
     pkgs = import nixpkgs { inherit system overlays; inherit (haskellNix) config; };
+    pkgsLinux = pkgs // { system = "x86_64-linux"; };
+
+    imgAttributes = {
+      name = "plutus-certification";
+      tag = "8";
+    };
+    nixConfig = ''
+        trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= iohk.cachix.org-1:DpRUyj7h7V830dp/i6Nti+NEO2/nhblbov/8MW7Rqoo= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+        substituters = https://hydra.iohk.io https://cache.nixos.org/ https://cache.iog.io
+        build-users-group = nixbld
+        sandbox = false
+        experimental-features = nix-command flakes
+        allow-import-from-derivation = true
+        filter-syscalls = false
+    '';
+    entryPoint =
+      let addParameter = paramName: varName: '' 
+          if [ -n "${"$"}${varName}" ]; then
+            args="$args --${paramName} ${"$"}${varName}"
+          fi
+      '';
+      in (pkgs.writeShellScript "entryPoint" ''
+        set -eEo pipefail
+        args="--local "
+        ${addParameter "wallet-id" "WALLET_ID"} \
+        ${addParameter "wallet-address" "WALLET_ADDRESS"} \
+        ${addParameter "wallet-passphrase" "WALLET_PASSPHRASE"}
+        ${addParameter "wallet-url" "WALLET_URL"}
+        ${addParameter "wallet-certification-price" "WALLET_CERTIFICATION_PRICE"}
+        ${addParameter "gh-access-token" "GH_ACCESS_TOKEN"}
+        ${addParameter "signature-timeout" "SIGNATURE_TIMEOUT"}
+        ${addParameter "use-whitelist" "USE_WHITELIST"}
+        ${addParameter "unsafe-plain-address-auth" "UNSAFE_PLAIN_ADDRESS_AUTH"}
+        ${addParameter "port" "PORT"}
+        if [ -n "$JWT_SECRET" ];
+        then
+            args="$args --jwt-secret $JWT_SECRET"
+            ${addParameter "jwt-expiration-seconds" "JWT_EXPIRATION"}
+        else 
+          args="$args --unsafe-plain-address-auth"
+        fi
+
+        # create a temporary directory for executing flakes
+        mkdir -p /tmp
+
+        # copy the certificate bundle to the right place
+        mkdir -p /etc/ssl/certs
+        script="cp ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt"
+        
+        #TODO: change this --unsafe-bypass-subscription-validation
+        args="$args --unsafe-bypass-subscription-validation"
+
+        echo $script >&2
+        eval "$script"
+
+        script="${flake.packages."plutus-certification:exe:plutus-certification"}/bin/plutus-certification $args"
+        echo $script >&2
+        eval "$script"
+      '').outPath;
+  
+    nixImage = pkgs.dockerTools.pullImage {
+      imageName = "nixos/nix";
+      imageDigest = "sha256:31b808456afccc2a419507ea112e152cf27e9bd2527517b0b6ca8639cc423501";
+      sha256 = "0bbw3r0civlcm3inj23fq8f25aw63rnaay09qjbrvfjd7pcfbyqn";
+      finalImageName = "nixos/nix";
+      finalImageTag = "2.15.0";
+    };
+    genFlake = flake.packages."dapps-certification-helpers:exe:generate-flake";
+    buildFlake = flake.packages."dapps-certification-helpers:exe:build-flake";
+    
+    image = pkgs.dockerTools.buildImage (imgAttributes // {
+      fromImage = nixImage;
+      diskSize = 5120;
+      #contents = [ pkgs.hello ];
+      copyToRoot = pkgs.buildEnv {
+        name = "image-root";
+        paths = [ pkgs.curl pkgs.zsh pkgs.coreutils pkgs.nmon pkgs.cacert genFlake buildFlake ];
+        pathsToLink = [ "/bin" ];
+      };
+       runAsRoot = ''
+        rm -rf /etc/nix/nix.conf
+        echo "${nixConfig}" > /etc/nix/nix.conf
+       '';
+
+      config = {
+        Cmd = ["${entryPoint}"];
+        User = "root";
+      };
+    });
 
     materializedPath = ./. + "/nix/materialized/${system}";
 
@@ -29,12 +121,83 @@
     };
 
     flake = project.flake {};
+    loadDockerImage = {
+      type= "app";
+      program = (pkgs.writeShellScript "loadDockerImage" ''
+          set -eEuo pipefail
+          echo "Loading docker image ${image}" >&2
+          ${pkgs.docker}/bin/docker load -i ${image}
+      '').outPath;
+    };
+    runDockerImage = 
+      let addEnvVar = varName: '' 
+          if [ -n "${"$"}${varName}" ]; then
+            docker_args="$docker_args -e ${varName}=${"$"}${varName}" 
+          fi
+      '';
+      in {
+        type = "app";
+        program = (pkgs.writeShellScript "runDockerImage" ''
+            set -eEo pipefail
+            export PATH="${pkgs.lib.makeBinPath [ pkgs.docker pkgs.coreutils]}"
+            echo "Executing ${loadDockerImage.program}..." >&2
+            ${loadDockerImage.program}
+            docker_args="-t --platform linux/amd64 --name ${imgAttributes.name}"
+
+            ${addEnvVar "WALLET_ID"}
+            ${addEnvVar "WALLET_ADDRESS"}
+            ${addEnvVar "WALLET_PASSPHRASE"}
+            ${addEnvVar "JWT_SECRET"}
+            ${addEnvVar "WALLET_URL"}
+            ${addEnvVar "WALLET_CERTIFICATION_PRICE"}
+            ${addEnvVar "GH_ACCESS_TOKEN"}
+            ${addEnvVar "JWT_EXPIRATION"}
+            ${addEnvVar "SIGNATURE_TIMEOUT"}
+            ${addEnvVar "USE_WHITELIST"}
+            ${addEnvVar "UNSAFE_PLAIN_ADDRESS_AUTH"}
+            ${addEnvVar "PORT"}
+
+            if [[ -z "$PORT" ]]; then
+              export PORT=9671
+            fi
+            docker_args="$docker_args -p $PORT:$PORT"
+            
+            script="docker run --rm $docker_args ${imgAttributes.name}:${imgAttributes.tag}"
+            echo $script >&2
+            eval "$script"
+        '').outPath;
+      };
+      pushDockerImage = {
+        type = "app";
+        #usage: nix run .\#apps.x86_64-linux.pushDockerImage  -- <docker registry>
+        #E.g. nix run .\#apps.x86_64-linux.pushDockerImage  -- ghcr.io/demoiog
+        program = (pkgs.writeShellScript "pushDockerImage" ''
+            set -eEuo pipefail
+            export PATH="${pkgs.lib.makeBinPath [ pkgs.docker pkgs.coreutils]}"
+            ${loadDockerImage.program}
+            echo "Pushing docker image ${image}" >&2
+            imageName="${imgAttributes.name}:${imgAttributes.tag}"
+
+            script="docker image tag $imageName $1/$imageName"
+            echo $script >&2
+            eval "$script"
+
+            script="docker push $1/$imageName"
+            echo $script >&2
+            eval "$script"
+
+        '').outPath;
+      };
   in flake // {
     packages = flake.packages // {
       inherit (project.plan-nix.passthru) generateMaterialized;
+      inherit image;
     };
     defaultPackage = flake.packages."plutus-certification:exe:plutus-certification";
     apps = flake.apps // {
+      inherit loadDockerImage;
+      inherit runDockerImage;
+      inherit pushDockerImage;
       updateAllMaterialized = {
         type = "app";
         program = (pkgs.writeShellScript "updateAllMaterialized" ''