Fully dockerize cape-demo-docker (#979)

- Add script to initialize geth with deployed contract.
- Build docker image with initialized geth `cape/geth` on github.

.github/workflows/build.yml

@@ -33,10 +33,6 @@ jobs:
         run: |
           apk add --no-cache tar git
 
-      - name: Potential broken submodules fix
-        run: |
-          git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :
-
       - uses: actions/checkout@v2
         name: Checkout Repository
 
@@ -78,6 +74,9 @@ jobs:
       - name: Build all executables
         run: nix-shell --run "cargo build --release"
 
+      - name: Build demo geth data dir
+        run: nix-shell --run "demo/initialize-demo-geth"
+
       - uses: actions/upload-artifact@v2
         with:
           name: wallet-webserver
@@ -93,6 +92,12 @@ jobs:
             target/release/faucet
             target/release/minimal-relayer
 
+      - uses: actions/upload-artifact@v2
+        with:
+          name: geth-data-dir
+          path: |
+            scratch/geth-data-dir
+
   docker-wallet:
     runs-on: self-hosted
     needs: build
@@ -184,3 +189,42 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+
+  docker-geth:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - uses: actions/checkout@v2
+        name: Checkout Repository
+
+      - uses: actions/download-artifact@v2
+        with:
+          name: geth-data-dir
+          path: scratch/geth-data-dir/
+
+      - uses: docker/setup-buildx-action@v1
+        name: Setup Docker BuildKit (buildx)
+
+      - uses: docker/login-action@v1
+        name: Login to Github Container Repo
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/metadata-action@v3
+        name: Generate Docker Metadata
+        id: meta
+        with:
+          images: ghcr.io/espressosystems/cape/geth
+
+      - uses: docker/build-push-action@v2
+        name: Build and Push Docker
+        with:
+          context: ./
+          file: ./demo/geth.Dockerfile
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -27,4 +27,4 @@ __pycache__/
 /doc/mdbook
 .*.sw*
 
-demo/
+scratch/

bin/cape-demo-docker

@@ -8,135 +8,13 @@
 
 set -euo pipefail
 
-function remove-directory () {
-    if [ -n "$1" ] && [ -d "$1" ]; then
-        echo "Removing dir $1"
-        # Diretories were mounted into docker and files may be owned by root.
-        # Mount to /mnt inside docker and remove all regular and hidden files.
-        docker run --volume "$1":/mnt -it bash -c "rm -rf /mnt/{*,.[^.],.??*}"
-        rmdir $1
-    fi
-}
-
-RED='\033[0;31m'
-GETH_PORT=8545
-
-if nc -z localhost $GETH_PORT 2>&1; then
-    echo -e "${RED}GETH_PORT $GETH_PORT already in use! Aborting"
-    exit 1
-fi
-
-
-#
-# CAPE configuration
-#
-export CAPE_ADDRESS_BOOK_PORT=50000
-export CAPE_ADDRESS_BOOK_STORE_PATH=$(mktemp -d -t cape-address-book-store-XXXXXXX)
-
-export CAPE_EQS_PORT=50010
-export CAPE_EQS_STORE_PATH="$(mktemp -d -t cape-eqs-store-path-XXXXXXX)"
-
-export CAPE_RELAYER_PORT=50020
-export CAPE_RELAYER_WALLET_MNEMONIC="$TEST_MNEMONIC"
-
-export CAPE_FAUCET_PORT=50030
-export CAPE_FAUCET_WALLET_MNEMONIC="$TEST_MNEMONIC"
-export CAPE_FAUCET_WALLET_PATH="$(mktemp -d -t cape-faucet-wallet-XXXXXXX)"
-
-export CAPE_WALLET_PORT=50040
-
-# Create a faucet manager wallet and export variables printed to stdout
-export CAPE_FAUCET_MANAGER_MNEMONIC="$TEST_MNEMONIC"
-source <(cargo run --release --bin faucet-wallet-test-setup)
-
-# Clean up temporary directories when script exits.
-trap "exit" INT TERM
-trap cleanup EXIT
-cleanup(){
-    remove-directory "$CAPE_FAUCET_WALLET_PATH"
-    remove-directory "$CAPE_EQS_STORE_PATH"
-    remove-directory "$CAPE_ADDRESS_BOOK_STORE_PATH"
-    remove-directory "$GETH_DATA_DIR"
-}
-
-#
-# Set up a geth chain and deploy the contracts. Then shut it down.
-#
-GETH_DATA_DIR="$(mktemp -d -t "cap-ethereum-data-XXXXXXXX")"
-echo "Using keystore dir $GETH_DATA_DIR"
-mkdir -p "$GETH_DATA_DIR"
-
-NUM_KEYS=2
-ADDRESS_LIST=$(hdwallet-derive --mnemonic "$TEST_MNEMONIC" --num-keys $NUM_KEYS --property address | tr '\n' ',')
-# Default to 1 second block time
-PERIOD=${GETH_PERIOD:-1}
-make-genesis-block --addresses $ADDRESS_LIST --period $PERIOD > $GETH_DATA_DIR/genesis.json
-
-# Import private keys generated by hdwallet-derive script into geth
-while IFS= read -r LINE || [[ -n "$LINE" ]]; do
-    echo "Importing private key $LINE"
-    geth --verbosity 0 --datadir "$GETH_DATA_DIR" \
-        account import --password <(echo "") <(echo $LINE)
-done < <(hdwallet-derive --mnemonic "$TEST_MNEMONIC" --num-keys $NUM_KEYS --property private_key)
-
-echo "Initializing geth with genesis file"
-geth --dev init --datadir $GETH_DATA_DIR $GETH_DATA_DIR/genesis.json
-
-# docker compose will issue lots of warnings if some variables are not set, even
-# if these aren't needed to start this particular service.
-echo "Starting geth node ..."
-geth --http --dev --verbosity 1 \
-     --mine --maxpeers 0 --nodiscover \
-     --miner.gaslimit 25000000 \
-     --allow-insecure-unlock \
-     --password <(echo "") \
-     --datadir $GETH_DATA_DIR --unlock $ADDRESS_LIST &
-geth_pid=$!
-
-# Deploy contracts (this requires the address/key exported with the
-# faucet-wallet-test-setup binary)
-hardhat deploy --reset
-
-# Stop the geth node
-echo "Sending TERM signal to geth: PID $geth_pid"
-kill -TERM $geth_pid
-
-# Configure contract addresses
-export CAPE_TOKEN_ADDRESS="$(cat contracts/deployments/localhost/SimpleToken.json | jq -r .address)"
-export CAPE_CONTRACT_ADDRESS="$(cat contracts/deployments/localhost//CAPE.json | jq -r .address)"
-
-#
-# Export configuration
-#
-
-# Export the configuration *not* handled by docker compose for the docker compose demo.
-mkdir -p demo
-COMPOSE_ENV_FILE=demo/compose.env
-
-# Use a temp file to make sure the final file is complete once it exists.
-TMP_FILE="$(mktemp -t cape-tmp-env-XXXXXXX)"
-set | grep "CAPE_CONTRACT_ADDRESS.*=" | sort >> "$TMP_FILE"
-set | grep "CAPE_.*_PATH=" | sort >> "$TMP_FILE"
-set | grep "CAPE_.*_MNEMONIC=" | sort | tee >> "$TMP_FILE"
-# TODO it would be better to let docker compose handle the ports
-set | grep "CAPE_.*_PORT=" | sort | tee >> "$TMP_FILE"
-echo ADDRESS_LIST=$ADDRESS_LIST >> "$TMP_FILE"
-echo GETH_DATA_DIR=$GETH_DATA_DIR >> "$TMP_FILE"
-mv "$TMP_FILE" "$COMPOSE_ENV_FILE"
-
-echo
-echo "docker-compose demo config saved to $COMPOSE_ENV_FILE"
-echo "CAPE demo geth setup completed!"
-echo
-
-#
-# Start the docker containers
-#
-
-# If we are *not* using local docker images, make sure we pull the latest images.
-if [ -z "${CAPE_SERVICES_IMAGE:-}" ] && [ -z "${CAPE_WALLET_IMAGE:-}" ]; then
-    docker compose --env-file demo/compose.env pull
+# If we are *not* using local docker images, try to pull the latest images.
+if [ -z "${CAPE_SERVICES_IMAGE:-}" ] && [ -z "${CAPE_WALLET_IMAGE:-}" ] && [ -z "${CAPE_GETH_IMAGE:-}" ]; then
+    docker compose --env-file demo/compose.env pull || {
+        RED='\033[0;31m'
+        echo
+        echo -e "${RED}Failed fetch latest docker images. Will try starting anyway."
+        echo
+    }
 fi
 docker compose --env-file demo/compose.env up
-
-wait

demo/build-docker-geth

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+# Copyright (c) 2022 Espresso Systems (espressosys.com)
+# This file is part of the Configurable Asset Privacy for Ethereum (CAPE) library.
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -eu
+
+docker build -t cape/geth -f ./demo/geth.Dockerfile .

demo/compose.env

@@ -0,0 +1,9 @@
+CAPE_CONTRACT_ADDRESS=0xCf7Ed3AccA5a467e9e704C703E8D87F634fB0Fc9
+CAPE_TOKEN_ADDRESS=0x5FC8d32690cc91D4c39d9d3abcBD16989F875707
+CAPE_ADDRESS_BOOK_PORT=50000
+CAPE_EQS_PORT=50010
+CAPE_FAUCET_PORT=50030
+CAPE_RELAYER_PORT=50020
+CAPE_WALLET_PORT=50040
+CAPE_RELAYER_WALLET_MNEMONIC="test test test test test test test test test test test junk"
+CAPE_FAUCET_WALLET_MNEMONIC="test test test test test test test test test test test junk"

demo/geth.Dockerfile

@@ -0,0 +1,6 @@
+FROM ethereum/client-go:v1.10.15
+COPY demo/start-geth-docker /start-geth-docker
+COPY scratch/geth-data-dir /data
+ENTRYPOINT []
+CMD ["/bin/sh", "/start-geth-docker"]
+EXPOSE 8545

demo/initialize-demo-geth

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+# Copyright (c) 2022 Espresso Systems (espressosys.com)
+# This file is part of the Configurable Asset Privacy for Ethereum (CAPE) library.
+#
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -euo pipefail
+
+RED='\033[0;31m'
+GETH_PORT=8545
+
+if nc -z localhost $GETH_PORT 2>&1; then
+    echo -e "${RED}GETH_PORT $GETH_PORT already in use! Aborting"
+    exit 1
+fi
+
+# Create a faucet manager wallet and export variables printed to stdout
+export CAPE_FAUCET_MANAGER_MNEMONIC="$TEST_MNEMONIC"
+source <(cargo run --release --bin faucet-wallet-test-setup)
+
+#
+# Set up a geth chain and deploy the contracts. Then shut it down.
+#
+GETH_DATA_DIR="scratch/geth-data-dir"
+echo "Using keystore dir $GETH_DATA_DIR"
+mkdir -p "$GETH_DATA_DIR"
+
+NUM_KEYS=2
+ADDRESS_LIST=$(hdwallet-derive --mnemonic "$TEST_MNEMONIC" --num-keys $NUM_KEYS --property address | tr '\n' ',')
+# Default to 1 second block time
+PERIOD=${GETH_PERIOD:-1}
+make-genesis-block --addresses $ADDRESS_LIST --period $PERIOD > $GETH_DATA_DIR/genesis.json
+
+# Import private keys generated by hdwallet-derive script into geth
+while IFS= read -r LINE || [[ -n "$LINE" ]]; do
+    echo "Importing private key $LINE"
+    geth --verbosity 0 --datadir "$GETH_DATA_DIR" \
+        account import --password <(echo "") <(echo $LINE)
+done < <(hdwallet-derive --mnemonic "$TEST_MNEMONIC" --num-keys $NUM_KEYS --property private_key)
+
+echo "Initializing geth with genesis file"
+geth --dev init --datadir $GETH_DATA_DIR $GETH_DATA_DIR/genesis.json
+
+# docker compose will issue lots of warnings if some variables are not set, even
+# if these aren't needed to start this particular service.
+echo "Starting geth node ..."
+geth --http --dev --verbosity 1 \
+     --mine --maxpeers 0 --nodiscover \
+     --miner.gaslimit 25000000 \
+     --allow-insecure-unlock \
+     --password <(echo "") \
+     --datadir $GETH_DATA_DIR --unlock $ADDRESS_LIST &
+geth_pid=$!
+
+# Deploy contracts (this requires the address/key exported with the
+# faucet-wallet-test-setup binary)
+hardhat deploy --reset
+
+# Stop the geth node
+echo "Sending TERM signal to geth: PID $geth_pid"
+kill -TERM $geth_pid
+
+echo "Geth DATA_DIR at $GETH_DATA_DIR"

demo/start-geth-docker

@@ -0,0 +1,14 @@
+#!/usr/bin/env sh
+set -eu
+
+# Use `hdwallet-derive` to generate the addresses from a mnenmonic
+ADDRESS_LIST="0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266,0x70997970C51812dc3A010C7d01b50e0d17dc79C8"
+
+geth --dev \
+     --http --http.addr 0.0.0.0 --http.vhosts "*" \
+     --verbosity 1 \
+     --mine --maxpeers 0 --nodiscover \
+     --miner.gaslimit 25000000 \
+     --allow-insecure-unlock \
+     --password <(echo "") \
+     --datadir /data --unlock $ADDRESS_LIST