tf cloud

.github/workflows/pull-request-write.yml

@@ -17,6 +17,40 @@ env:
   OCTOLYTICS_DIMENSION_REPOSITORY_ID: 590614152
 
 jobs:
+  build-lint-all:
+    name: "build-lint-all"
+    runs-on:
+      - buildjet-32vcpu-ubuntu-2204
+    concurrency:
+      group: build-lint-all-${{ github.ref }}
+      cancel-in-progress: true
+    steps:
+      - name: cachix-install-nix-action
+        uses: cachix/install-nix-action@be4cef7b776998e97233d6e0b84c538eb8122d76
+        with:
+          install_url: https://releases.nixos.org/nix/${{ env.NIX_VERSION }}/install
+          nix_path: nixpkgs=channel:${{ env.NIXPKGS_CHANNEL }}
+          extra_nix_config: |
+            sandbox = relaxed
+            narinfo-cache-negative-ttl = 0      
+            system-features = kvm
+            http2 = true
+      - name: cachix-cachix-action
+        uses: cachix/cachix-action@298387a7aea14d6564aa5d6ead79272878339c8b
+        with:
+          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
+          name: ${{ env.CACHIX_NAME }}
+      - name: nix-channel-env
+        run: |  
+          nix-channel --add https://nixos.org/channels/${{ env.NIXPKGS_CHANNEL }} nixpkgs
+          nix-channel --update
+          nix profile install nixpkgs#git
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          persist-credentials: false
+      - run: nix build .#lint-all
+
   build-and-publish-draft:
       # as soon as it will be slow, can 
       # 1. run in parallel 
@@ -59,8 +93,6 @@ jobs:
           mkdir out
           nix build .#release --print-build-logs --show-trace --no-update-lock-file
           cp ./result/lib/* ./result/bin/* ./out
-      - name: linters (clippy, fmt, documentation)
-        run: nix build .#lint 
       - name: action-gh-release
         # so we do not allow non team members to do releases
         if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.id != env.OCTOLYTICS_DIMENSION_REPOSITORY_ID) || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.id == env.OCTOLYTICS_DIMENSION_REPOSITORY_ID) }}

.gitignore

@@ -31,6 +31,8 @@ result
 *.log
 out
 .secret
+terraform/**/*.pem
+.env
 
 # Local .terraform directories
 **/.terraform/*
@@ -39,9 +41,6 @@ out
 *.tfstate
 *.tfstate.*
 
-# Crash log files
-crash.log
-crash.*.log
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version 
@@ -67,4 +66,4 @@ override.tf.json
 .terraformrc
 terraform.rc
 
-!terraform.tfstate.sops
+!**.sops

docs/net.md

@@ -0,0 +1,12 @@
+
+# How to add new net
+
+1. Buy domain and move it to AWS (other providers possible, so this is already encoded) and enable proper limits and billing
+2. You have to enable AWS login locally mighty enough. Nix will eat what you have (like awscli2)
+3. Tell `domain`, admin `email`, state encryption "age" key to nix via `email` and `domain` attributes in `flake.nix`
+4. Set `UPTIME_TOKEN` into env.
+5. run `terraform/base.nix` to apply base layer with node image
+6. Generate `gen-node-key` for `.secret/node-a`, `-b`, etc
+7. Run `terraform/testnet.nix` to deploy testnet and bind it to DNS
+8. Get `ip` from `output` of 6, and put it into `flake.nix` for `deploy-testnet-node-a`, `deploy-testnet-node-b`, etc
+9. Run relevant nix scripts  

docs/validator.md

@@ -0,0 +1,8 @@
+# How to add more validators
+
+0. [You are running net](net.md)
+1. `gen-node-key` for `.secret/node-d`
+2. Add `node-d` into `terraform/testnet.nix` in places where `node-b` mentioned (instances, zones, keys). Run.
+3. Copy `node-d` IP.
+4. In `flake.nix` add `node-d` in all places where mentioned `node-b`. Run `deploy-node-d` routine.
+5. Follow [guide](../examples/adding-new-validator/README.md) on how to get validator public keys set and add it into chain.

examples/adding-new-validator/README.md

@@ -42,26 +42,29 @@ As you can see, Alice and Bob are producing blocks, and I have connected to the
   ![The image shows that validator are running](images/initial.png)
 * We have to allowlist Charlie initially. How to allowlist the validator user see in the [guide](../adding-user-to-allowlist/README.md)
 * Go to Develop/RPC tab in the block explorer.
-* Submit RPC to the author.rotateKeys()
+* Submit RPC to the `author.rotateKeys()`
 
   ![The image shows example output of the rotate_keys](images/rotate_keys.png)
 * Copy the received key
   * In our example is: `0xdc97a6016d31900481e291be8d7d6149156109ee9132d3eb8965140e3104384453ec873dc7f96e4e3119931120668939f36dc643a33b3ee3f12d75cf406df9094835ea42bfcfc8468ba7777d5701d28992c7f79032d81c88fededacf3dea357e`
 * We have received three keys. (can be more later one). Each key is 32 bytes (64 symbols omitting initial 0x).
-You have to split them into three separate parts as below
-  * Aura: `0xdc97a6016d31900481e291be8d7d6149156109ee9132d3eb8965140e31043844`
-  * Grandpa: `0x53ec873dc7f96e4e3119931120668939f36dc643a33b3ee3f12d75cf406df909`
-  * I'm online: `0x4835ea42bfcfc8468ba7777d5701d28992c7f79032d81c88fededacf3dea357e`
-* Go to the Developer/Extrinsics and submit the session.setKeys transaction
+
+You have to split them into three separate parts as below (Runtime Calls -> sessionKeys -> decodeSessionKey):
+
+* Aura: `0xdc97a6016d31900481e291be8d7d6149156109ee9132d3eb8965140e31043844`
+* Grandpa: `0x53ec873dc7f96e4e3119931120668939f36dc643a33b3ee3f12d75cf406df909`
+* I'm online: `0x4835ea42bfcfc8468ba7777d5701d28992c7f79032d81c88fededacf3dea357e`
+* Go to the Developer/Extrinsics and submit the `session.setKeys` transaction
 
   ![The image shows how to set_keys with given data](images/set_keys.png)
   * Fill the data with your keys
   * proof: `0x`
 
 * Submit the transaction and sign it.
-* Go to the Developer/Sudo tab and choose validatorManager.registerValidator transaction
+* Go to the Developer/Sudo tab and choose `validatorManager.registerValidator` transaction
+
+![The image shows example how to register validator](images/adding_validator.png)
 
-  ![The image shows example how to register validator](images/adding_validator.png)
 * Submit sudo and sign the transaction.
 * The validator is supposed to become active in two sessions. Verify that it is working.