Merge pull request #396 from oasisprotocol/matevz/feature/rofl-deploy

`oasis rofl deploy` instructions

Author: matevz

cmd/rofl/build/build.go

@@ -14,9 +14,7 @@ import (
 	"github.com/oasisprotocol/oasis-core/go/common/cbor"
 	"github.com/oasisprotocol/oasis-core/go/common/sgx"
 	"github.com/oasisprotocol/oasis-core/go/runtime/bundle"
-	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/client"
 	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/connection"
-	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/modules/rofl"
 
 	buildRofl "github.com/oasisprotocol/cli/build/rofl"
 	"github.com/oasisprotocol/cli/cmd/common"
@@ -120,7 +118,7 @@ var (
 			runScript(manifest, buildRofl.ScriptBuildPost)
 
 			// Write the bundle out.
-			outFn := fmt.Sprintf("%s.%s.orc", manifest.Name, deploymentName)
+			outFn := roflCommon.GetOrcFilename(manifest, deploymentName)
 			if outputFn != "" {
 				outFn = outputFn
 			}
@@ -184,24 +182,12 @@ var (
 
 				// When not in offline mode, also verify on-chain enclave identities.
 				if !offline {
-					var conn connection.Connection
 					ctx := context.Background()
-					conn, err = connection.Connect(ctx, npa.Network)
+					var cfgEnclaves map[sgx.EnclaveIdentity]struct{}
+					cfgEnclaves, err = roflCommon.GetRegisteredEnclaves(ctx, deployment.AppID, npa)
 					cobra.CheckErr(err)
 
-					var appID rofl.AppID
-					_ = appID.UnmarshalText([]byte(deployment.AppID)) // Already verified.
-
-					var appCfg *rofl.AppConfig
-					appCfg, err = conn.Runtime(npa.ParaTime).ROFL.App(ctx, client.RoundLatest, appID)
-					cobra.CheckErr(err)
-
-					cfgEnclaves := make(map[sgx.EnclaveIdentity]struct{})
-					for _, eid := range appCfg.Policy.Enclaves {
-						cfgEnclaves[eid] = struct{}{}
-					}
-
-					if !maps.Equal(manifestEnclaves, cfgEnclaves) {
+					if !maps.Equal(buildEnclaves, cfgEnclaves) {
 						fmt.Println("Built enclave identities DIFFER from on-chain enclave identities!")
 						showIdentityDiff(buildEnclaves, cfgEnclaves, "On-chain")
 						cobra.CheckErr(fmt.Errorf("enclave identity verification failed"))

cmd/rofl/common/enclave.go

@@ -0,0 +1,39 @@
+package common
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/oasisprotocol/oasis-core/go/common/sgx"
+	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/client"
+	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/connection"
+	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/modules/rofl"
+
+	"github.com/oasisprotocol/cli/cmd/common"
+)
+
+// GetRegisteredEnclaves retrieves currently registered on-chain enclaves for the given deployment.
+func GetRegisteredEnclaves(ctx context.Context, rawAppID string, npa *common.NPASelection) (map[sgx.EnclaveIdentity]struct{}, error) {
+	var conn connection.Connection
+	var err error
+	if conn, err = connection.Connect(ctx, npa.Network); err != nil {
+		return nil, err
+	}
+
+	var appID rofl.AppID
+	if err = appID.UnmarshalText([]byte(rawAppID)); err != nil {
+		return nil, fmt.Errorf("unable to extract app id: %v", err)
+	}
+
+	var appCfg *rofl.AppConfig
+	if appCfg, err = conn.Runtime(npa.ParaTime).ROFL.App(ctx, client.RoundLatest, appID); err != nil {
+		return nil, err
+	}
+
+	cfgEnclaves := make(map[sgx.EnclaveIdentity]struct{})
+	for _, eid := range appCfg.Policy.Enclaves {
+		cfgEnclaves[eid] = struct{}{}
+	}
+
+	return cfgEnclaves, nil
+}

cmd/rofl/common/manifest.go

@@ -87,3 +87,8 @@ func MaybeLoadManifestAndSetNPA(cfg *config.Config, npa *common.NPASelection, de
 	}
 	return manifest, d, nil
 }
+
+// GetOrcFilename generates a filename based on the project name and deployment.
+func GetOrcFilename(manifest *rofl.Manifest, deploymentName string) string {
+	return fmt.Sprintf("%s.%s.orc", manifest.Name, deploymentName)
+}

cmd/rofl/mgmt.go

@@ -5,12 +5,14 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"maps"
 	"os"
 	"path/filepath"
 
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"
 
+	"github.com/oasisprotocol/oasis-core/go/common/sgx"
 	"github.com/oasisprotocol/oasis-core/go/common/sgx/pcs"
 	"github.com/oasisprotocol/oasis-core/go/common/sgx/quote"
 	consensus "github.com/oasisprotocol/oasis-core/go/consensus/api"
@@ -455,6 +457,53 @@ var (
 		},
 	}
 
+	deployCmd = &cobra.Command{
+		Use:   "deploy",
+		Short: "Deploy ROFL to a specified instance",
+		Args:  cobra.NoArgs,
+		Run: func(_ *cobra.Command, _ []string) {
+			cfg := cliConfig.Global()
+			npa := common.GetNPASelection(cfg)
+
+			manifest, deployment := roflCommon.LoadManifestAndSetNPA(cfg, npa, deploymentName, &roflCommon.ManifestOptions{
+				NeedAppID: true,
+				NeedAdmin: true,
+			})
+
+			manifestEnclaves := make(map[sgx.EnclaveIdentity]struct{})
+			for _, eid := range deployment.Policy.Enclaves {
+				manifestEnclaves[eid] = struct{}{}
+			}
+
+			ctx := context.Background()
+			cfgEnclaves, err := roflCommon.GetRegisteredEnclaves(ctx, deployment.AppID, npa)
+			cobra.CheckErr(err)
+
+			if !maps.Equal(manifestEnclaves, cfgEnclaves) {
+				// TODO: Generate and run Update TX automatically.
+				cobra.CheckErr("Local enclave identities DIFFER from on-chain enclave identities! Run `oasis rofl update` first")
+			}
+
+			orcFilename := roflCommon.GetOrcFilename(manifest, deploymentName)
+			cfgSnippet := "      runtime:\n" +
+				"        paths:\n" +
+				"          - /node/rofls/" + orcFilename + "\n"
+			fmt.Printf(
+				"To deploy your ROFL app, you can decide between one of the two options:\n"+
+					"\nA. RUN YOUR OWN OASIS NODE\n\n"+
+					"   1. Follow https://docs.oasis.io/node/run-your-node/paratime-client-node\n"+
+					"      and configure your TDX Oasis node\n"+
+					"   2. Copy '%s' to your node, for example:\n\n"+
+					"      scp %s mynode.com:/node/rofls\n\n"+
+					"   3. Add the following snippet to your Oasis node config.yml:\n\n%s\n"+
+					"   4. Restart your node\n"+
+					"\nB. DEPLOY YOUR ROFL TO THE OASIS PROVIDER\n\n"+
+					"   1. Upload '%s' to a publicly accessible file server\n"+
+					"   2. Reach out to us at https://oasis.io/discord #dev-central channel and we\n"+
+					"      will run your ROFL app on our TDX Oasis nodes\n", orcFilename, orcFilename, cfgSnippet, orcFilename)
+		},
+	}
+
 	upgradeCmd = &cobra.Command{
 		Use:   "upgrade",
 		Short: "Upgrade all artifacts to their latest default versions",
@@ -676,6 +725,10 @@ func init() {
 	updateCmd.Flags().AddFlagSet(deploymentFlags)
 	updateCmd.Flags().AddFlagSet(updateFlags)
 
+	deployCmd.Flags().AddFlagSet(common.SelectorFlags)
+	deployCmd.Flags().AddFlagSet(common.RuntimeTxFlags)
+	deployCmd.Flags().AddFlagSet(deploymentFlags)
+
 	removeCmd.Flags().AddFlagSet(common.SelectorFlags)
 	removeCmd.Flags().AddFlagSet(common.RuntimeTxFlags)
 	removeCmd.Flags().AddFlagSet(deploymentFlags)

cmd/rofl/rofl.go

@@ -16,6 +16,7 @@ func init() {
 	Cmd.AddCommand(initCmd)
 	Cmd.AddCommand(createCmd)
 	Cmd.AddCommand(updateCmd)
+	Cmd.AddCommand(deployCmd)
 	Cmd.AddCommand(removeCmd)
 	Cmd.AddCommand(showCmd)
 	Cmd.AddCommand(trustRootCmd)

docs/rofl.md

@@ -127,6 +127,10 @@ account, staked amount, current ROFL policy and running instances:
 
 ![code](../examples/rofl/show.out.static)
 
+## Deploy ROFL app {#deploy}
+
+Run `rofl deploy` to automatically deploy your app to the provider on-chain.
+
 ## Advanced
 
 ### Show ROFL identity {#identity}