Abehjati/release-price-service (#251)

* npm audit fix

* Update package name

* Remove guardian image and use official ones

* Update README

* Fix config file name

* Use aws public repo

.github/workflows/attester-image-push.yml

@@ -0,0 +1,45 @@
+name: Build and Push Images
+on:
+  push:
+    tags:
+      - pyth-attester-v*
+  workflow_dispatch:
+    inputs:
+      dispatch_description:
+        description: "Dispatch description"
+        required: true
+        type: string
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  p2w-attest-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set image tag to version of the git tag
+        if: ${{ startsWith(github.ref, 'refs/tags/pyth-attester-v') }}
+        run: |
+          PREFIX="refs/tags/pyth-attester-"
+          VERSION="${GITHUB_REF:${#PREFIX}}"
+          echo "IMAGE_TAG=${VERSION}" >> "${GITHUB_ENV}"
+      - name: Set image tag to the git commit hash
+        if: ${{ !startsWith(github.ref, 'refs/tags/pyth-attester-v') }}
+        run: |
+          echo "IMAGE_TAG=${{ github.sha }}" >> "${GITHUB_ENV}"
+      - uses: aws-actions/configure-aws-credentials@8a84b07f2009032ade05a88a28750d733cc30db1
+        with:
+          role-to-assume: arn:aws:iam::192824654885:role/github-actions-ecr
+          aws-region: eu-west-2
+      - uses: docker/login-action@v2
+        with:
+          registry: public.ecr.aws
+        env:
+          AWS_REGION: us-east-1
+      - run: |
+          DOCKER_BUILDKIT=1 docker build -f Dockerfile.client -t bridge-client .
+          DOCKER_BUILDKIT=1 docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f third_party/pyth/Dockerfile.p2w-attest .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        env:
+          ECR_REGISTRY: public.ecr.aws
+          ECR_REPOSITORY: pyth-network/xc-attest

.github/workflows/image-push.yml

@@ -1,47 +0,0 @@
-name: Build and Push Images
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-
-permissions:
-  contents: read
-  id-token: write
-jobs:
-  price-service-image:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: arn:aws:iam::192824654885:role/github-actions-ecr
-          aws-region: eu-west-2
-      - uses: aws-actions/amazon-ecr-login@v1
-        id: ecr_login
-      - run: |
-          DOCKER_BUILDKIT=1 docker build -f Dockerfile.wasm -o type=local,dest=. .
-          DOCKER_BUILDKIT=1 docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f third_party/pyth/price-service/Dockerfile.price_service .
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-        env:
-          ECR_REGISTRY: ${{ steps.ecr_login.outputs.registry }}
-          ECR_REPOSITORY: xc-server
-          IMAGE_TAG: ${{ github.sha }}
-  p2w-attest-image:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: arn:aws:iam::192824654885:role/github-actions-ecr
-          aws-region: eu-west-2
-      - uses: aws-actions/amazon-ecr-login@v1
-        id: ecr_login
-      - run: |
-          DOCKER_BUILDKIT=1 docker build -f Dockerfile.client -t bridge-client .
-          DOCKER_BUILDKIT=1 docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f third_party/pyth/Dockerfile.p2w-attest .
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-        env:
-          ECR_REGISTRY: ${{ steps.ecr_login.outputs.registry }}
-          ECR_REPOSITORY: xc-attest
-          IMAGE_TAG: ${{ github.sha }}

.github/workflows/price-service-image-push.yml

@@ -0,0 +1,45 @@
+name: Build and Push Images
+on:
+  push:
+    tags:
+      - pyth-price-service-v*
+  workflow_dispatch:
+    inputs:
+      dispatch_description:
+        description: "Dispatch description"
+        required: true
+        type: string
+permissions:
+  contents: read
+  id-token: write
+jobs:
+  price-service-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set image tag to version of the git tag
+        if: ${{ startsWith(github.ref, 'refs/tags/pyth-price-service-v') }}
+        run: |
+          PREFIX="refs/tags/pyth-price-service-"
+          VERSION="${GITHUB_REF:${#PREFIX}}"
+          echo "IMAGE_TAG=${VERSION}" >> "${GITHUB_ENV}"
+      - name: Set image tag to the git commit hash
+        if: ${{ !startsWith(github.ref, 'refs/tags/pyth-price-service-v') }}
+        run: |
+          echo "IMAGE_TAG=${{ github.sha }}" >> "${GITHUB_ENV}"
+      - uses: aws-actions/configure-aws-credentials@8a84b07f2009032ade05a88a28750d733cc30db1
+        with:
+          role-to-assume: arn:aws:iam::192824654885:role/github-actions-ecr
+          aws-region: eu-west-2
+      - uses: docker/login-action@v2
+        with:
+          registry: public.ecr.aws
+        env:
+          AWS_REGION: us-east-1
+      - run: |
+          DOCKER_BUILDKIT=1 docker build -f Dockerfile.wasm -o type=local,dest=. .
+          DOCKER_BUILDKIT=1 docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f third_party/pyth/price-service/Dockerfile.price_service .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+        env:
+          ECR_REGISTRY: public.ecr.aws
+          ECR_REPOSITORY: pyth-network/xc-server

Dockerfile.guardian

@@ -1,26 +0,0 @@
-# syntax=docker.io/docker/dockerfile:1.3@sha256:42399d4635eddd7a9b8a24be879d2f9a930d0ed040a61324cfdf59ef1357b3b2
-FROM docker.io/golang:1.17.5@sha256:90d1ab81f3d157ca649a9ff8d251691b810d95ea6023a03cdca139df58bca599
-
-RUN apt-get update -qq && apt-get install -yq unzip
-
-WORKDIR /app
-
-# After 2.8.7.1
-ARG WORMHOLE_VERSION=73307397bcbb4bd8dc11bdb8324d6f50ac83f133
-ADD https://github.com/certusone/wormhole/archive/${WORMHOLE_VERSION}.zip .
-RUN unzip ${WORMHOLE_VERSION}.zip && rm -rf ${WORMHOLE_VERSION}.zip
-ARG WORMHOLE_DIR=/app/wormhole-${WORMHOLE_VERSION}
-
-WORKDIR $WORMHOLE_DIR/tools
-RUN CGO_ENABLED=0 ./build.sh
-
-WORKDIR $WORMHOLE_DIR
-RUN tools/bin/buf lint && tools/bin/buf generate
-
-WORKDIR ${WORMHOLE_DIR}/node/tools
-RUN go build -mod=readonly -o /dlv github.com/go-delve/delve/cmd/dlv
-
-WORKDIR ${WORMHOLE_DIR}/node
-RUN go build -race -gcflags="all=-N -l" --ldflags '-extldflags "-Wl,--allow-multiple-definition"' -mod=readonly -o /guardiand github.com/certusone/wormhole/node
-
-ENTRYPOINT /guardiand

Tiltfile

@@ -75,12 +75,6 @@ local_resource(
 )
 
 
-docker_build(
-    ref = "guardiand-image",
-    context = ".",
-    dockerfile = "Dockerfile.guardian",
-)
-
 def build_node_yaml():
     node_yaml = read_yaml_stream("devnet/node.yaml")
 

devnet/node.yaml

@@ -53,7 +53,7 @@ spec:
                 path: bigtable-key.json
       containers:
         - name: guardiand
-          image: guardiand-image
+          image: ghcr.io/certusone/guardiand:v2.8.8.1
           volumeMounts:
             - mountPath: /run/node
               name: node-rundir

devnet/spy.yaml

@@ -35,12 +35,12 @@ spec:
       terminationGracePeriodSeconds: 0
       containers:
         - name: spy
-          image: guardiand-image
+          image: ghcr.io/certusone/guardiand:v2.8.8.1
           command:
             - /guardiand
             - spy
             - --nodeKey
-            - /tmp/node.key
+            - /node.key
             - --spyRPC
             - "[::]:7072"
             # Hardcoded devnet bootstrap (generated from deterministic key in guardiand)

third_party/pyth/price-service/README.md

@@ -1,39 +1,32 @@
 # Pyth Price Service
 
-This service exposes a REST api to provide latest attestation message for a price feed id.
+This service exposes a REST and WS api to provide latest attestation message for a price feed id.
 
 ## Build
 
-To build the spy_guardian docker container:
+To build the pyth_price_service docker container from the repo root:
 
 ```
-$ docker build -f Dockerfile.spy_guardian -t spy_guardian .
-```
-
-To build the pyth_price_service docker container:
-
-```
-$ docker build -f Dockerfile.pyth_price_service -t pyth_price_service .
+$ docker build -f third_party/pyth/price-service/Dockerfile.pyth_price_service -t pyth_price_service .
 ```
 
 Run the spy_guardian docker container in TestNet:
 
 ```
-$ docker run --platform linux/amd64 -d --network=host spy_guardian \
+$ docker run --platform linux/amd64 -d --network=host ghcr.io/certusone/guardiand:v2.8.8.1 spy \
+--nodeKey /node.key --spyRPC "[::]:7073" \
 --bootstrap /dns4/wormhole-testnet-v2-bootstrap.certus.one/udp/8999/quic/p2p/12D3KooWBY9ty9CXLBXGQzMuqkziLntsVcyz4pk1zWaJRvJn6Mmt \
---network /wormhole/testnet/2/1 \
---spyRPC "[::]:7073"
+--network /wormhole/testnet/2/1
 ```
 
 Or run the spy_guardian docker container in MainNet:
 For the MainNet gossip network parameters, see https://github.com/certusone/wormhole-networks/blob/master/mainnetv2/info.md
 
 ```
-$ docker run --platform linux/amd64 -d --network=host spy_guardian \
+$ docker run --platform linux/amd64 -d --network=host ghcr.io/certusone/guardiand:v2.8.8.1 spy \
+--nodeKey /node.key --spyRPC "[::]:7073" \
 --bootstrap <guardianNetworkBootstrapParameterForMainNet> \
 --network <guardianNetworkPathForMainNet> \
---spyRPC "[::]:7073"
-
 ```
 
 Then to run the pyth_price_service docker container using a config file called
@@ -43,7 +36,7 @@ following:
 ```
 $ docker run \
 --volume=${HOME}/pyth_price_service:/var/pyth_price_service \
--e pyth_price_service_CONFIG=/var/pyth_price_service/env \
+-e PYTH_PRICE_SERVICE_CONFIG=/var/pyth_price_service/env \
 --network=host \
 -d \
 pyth_price_service

third_party/pyth/price-service/package-lock.json

@@ -7599,9 +7599,9 @@
       "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="
     },
     "node_modules/protobufjs": {
-      "version": "6.11.2",
-      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-6.11.2.tgz",
-      "integrity": "sha512-4BQJoPooKJl2G9j3XftkIXjoC9C0Av2NOrWmbLWT1vH32GcSUHjM0Arra6UfTsVyfMAuFzaLucXn1sadxJydAw==",
+      "version": "6.11.3",
+      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-6.11.3.tgz",
+      "integrity": "sha512-xL96WDdCZYdU7Slin569tFX712BxsxslWwAfAhCYjQKGTq7dAU91Lomy6nLLhh/dyGhk/YH4TwTSRxTzhuHyZg==",
       "hasInstallScript": true,
       "dependencies": {
         "@protobufjs/aspromise": "^1.1.2",
@@ -14723,9 +14723,9 @@
       }
     },
     "protobufjs": {
-      "version": "6.11.2",
-      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-6.11.2.tgz",
-      "integrity": "sha512-4BQJoPooKJl2G9j3XftkIXjoC9C0Av2NOrWmbLWT1vH32GcSUHjM0Arra6UfTsVyfMAuFzaLucXn1sadxJydAw==",
+      "version": "6.11.3",
+      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-6.11.3.tgz",
+      "integrity": "sha512-xL96WDdCZYdU7Slin569tFX712BxsxslWwAfAhCYjQKGTq7dAU91Lomy6nLLhh/dyGhk/YH4TwTSRxTzhuHyZg==",
       "requires": {
         "@protobufjs/aspromise": "^1.1.2",
         "@protobufjs/base64": "^1.1.2",

third_party/pyth/price-service/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@pythnetwork/price-service",
+  "name": "@pythnetwork/pyth-price-service",
   "version": "1.0.0",
   "description": "Pyth Price Service",
   "main": "index.js",

third_party/pyth/price-service/src/index.ts

@@ -8,8 +8,8 @@ import { RestAPI } from "./rest";
 import { WebSocketAPI } from "./ws";
 
 let configFile: string = ".env";
-if (process.env.PYTH_RELAY_CONFIG) {
-  configFile = process.env.PYTH_RELAY_CONFIG;
+if (process.env.PYTH_PRICE_SERVICE_CONFIG) {
+  configFile = process.env.PYTH_PRICE_SERVICE_CONFIG;
 }
 
 console.log("Loading config file [%s]", configFile);