From c3a784f7dfc7c11e4069c0a81dbc9c3303b0d3d5 Mon Sep 17 00:00:00 2001
From: Charlie Lye <karl.lye@gmail.com>
Date: Thu, 15 Feb 2024 18:42:34 +0000
Subject: [PATCH] refactor: ecr login retry (#4617)

* Refactors the retry logic out of ecr_login and dockerhub_login in
favour of using our `retry` wrapper script.
* Makes our `bootstrap_docker.sh` script check if there are any aws
credentials first, before attempting to use ecr to skip build.

---------

Co-authored-by: ludamad <adam.domurad@gmail.com>
---
 build-system/scripts/build_local            |  2 +-
 build-system/scripts/cond_run_compose       |  2 +-
 build-system/scripts/cond_run_container     |  2 +-
 build-system/scripts/create_ecr_manifest    |  2 +-
 build-system/scripts/deploy_dockerhub       |  4 ++--
 build-system/scripts/dockerhub_login        |  9 ++-------
 build-system/scripts/ecr_login              | 12 +++---------
 build-system/scripts/ensure_repo            |  2 +-
 build-system/scripts/extract_repo           |  6 +++---
 l1-contracts/Dockerfile                     |  2 +-
 l1-contracts/scripts/ci_deploy_contracts.sh |  2 +-
 yarn-project/scripts/run_script.sh          |  2 +-
 12 files changed, 18 insertions(+), 29 deletions(-)

diff --git a/build-system/scripts/build_local b/build-system/scripts/build_local
index 0bc99f17d4a..d32d70eb349 100755
--- a/build-system/scripts/build_local
+++ b/build-system/scripts/build_local
@@ -102,7 +102,7 @@ for E in "${PROJECTS[@]}"; do
       echo -e "${GREEN}Image exists locally. Tagging as $DEPLOY_IMAGE_URI${RESET}"
       docker tag $CACHE_IMAGE_URI $DEPLOY_IMAGE_URI
     else
-      if [ -z "$NO_CACHE" ] && ecr_login && image_exists $REPO $TAG ; then
+      if [ -z "$NO_CACHE" ] && [ -f ~/.aws/credentials ] && ecr_login && image_exists $REPO $TAG ; then
         docker pull $CACHE_IMAGE_URI
       else
         docker build ${ADDITIONAL_ARGS:-} --build-arg ARG_COMMIT_HASH=$COMMIT_HASH -f $DOCKERFILE -t $CACHE_IMAGE_URI .
diff --git a/build-system/scripts/cond_run_compose b/build-system/scripts/cond_run_compose
index 1eeb83b56dc..89c8749690b 100755
--- a/build-system/scripts/cond_run_compose
+++ b/build-system/scripts/cond_run_compose
@@ -20,7 +20,7 @@ echo "Success tag: $SUCCESS_TAG"
 
 if ! check_rebuild $SUCCESS_TAG $REPOSITORY; then
   # Login to pull our ecr images with docker.
-  ecr_login
+  retry ecr_login
 
   # For each dependency and self, pull in the latest image and give it correct tag.
   for REPO in $(query_manifest runDependencies $REPOSITORY $JOB_NAME); do
diff --git a/build-system/scripts/cond_run_container b/build-system/scripts/cond_run_container
index 12badea45af..80cbf8a9182 100755
--- a/build-system/scripts/cond_run_container
+++ b/build-system/scripts/cond_run_container
@@ -18,7 +18,7 @@ echo "Success tag: $SUCCESS_TAG"
 if ! check_rebuild $SUCCESS_TAG $REPOSITORY; then
   IMAGE_URI=$(calculate_image_uri $REPOSITORY)
   # Login to pull our ecr images with docker.
-  ecr_login
+  retry ecr_login
   retry docker pull $IMAGE_URI
   docker run --rm -t $IMAGE_URI $@
   retry tag_remote_image $REPOSITORY $BASE_TAG $SUCCESS_TAG
diff --git a/build-system/scripts/create_ecr_manifest b/build-system/scripts/create_ecr_manifest
index fcc96d7651e..0495c3c165b 100755
--- a/build-system/scripts/create_ecr_manifest
+++ b/build-system/scripts/create_ecr_manifest
@@ -11,7 +11,7 @@ set -eu
 REPOSITORY=$1
 ARCH_LIST=$2
 
-ecr_login
+retry ecr_login
 
 CONTENT_HASH=$(calculate_content_hash $REPOSITORY)
 MULTIARCH_IMAGE_URI=$ECR_URL/$REPOSITORY:cache-$CONTENT_HASH
diff --git a/build-system/scripts/deploy_dockerhub b/build-system/scripts/deploy_dockerhub
index b8d925b0711..7d627ab48f8 100755
--- a/build-system/scripts/deploy_dockerhub
+++ b/build-system/scripts/deploy_dockerhub
@@ -22,8 +22,8 @@ else
 fi
 
 # Login to dockerhub and ecr
-dockerhub_login
-ecr_login
+retry dockerhub_login
+retry ecr_login
 
 # Install skopeo, and immediately hack it to newer version.
 sudo apt install -y skopeo
diff --git a/build-system/scripts/dockerhub_login b/build-system/scripts/dockerhub_login
index 50a2068377b..9724325f7f5 100755
--- a/build-system/scripts/dockerhub_login
+++ b/build-system/scripts/dockerhub_login
@@ -1,8 +1,3 @@
 #!/usr/bin/env bash
-set -eu
-# Retries up to 3 times with 10 second intervals
-for i in $(seq 1 3); do
-  echo "$DOCKERHUB_PASSWORD" | docker login -u $DOCKERHUB_USERNAME --password-stdin && exit || sleep 10
-done
-echo "$@ failed dockerhub_login after 3 attempts"
-exit 1
+set -euo pipefail
+echo "$DOCKERHUB_PASSWORD" | docker login -u $DOCKERHUB_USERNAME --password-stdin
diff --git a/build-system/scripts/ecr_login b/build-system/scripts/ecr_login
index 331b49d4024..5d9e6671e59 100755
--- a/build-system/scripts/ecr_login
+++ b/build-system/scripts/ecr_login
@@ -1,11 +1,5 @@
 #!/usr/bin/env bash
-set -eu
+set -euo pipefail
 REGION=${1:-$ECR_REGION}
-# Retries up to 3 times with 10 second intervals
-for i in $(seq 1 3); do
-  aws ecr get-login-password --region $REGION \
-    | docker login --username AWS --password-stdin $AWS_ACCOUNT.dkr.ecr.$REGION.amazonaws.com 2> /dev/null \
-    && exit || sleep 10
-done
-echo "$@ failed ecr_login after 3 attempts"
-exit 1
+aws ecr get-login-password --region $REGION \
+  | docker login --username AWS --password-stdin $AWS_ACCOUNT.dkr.ecr.$REGION.amazonaws.com 2> /dev/null
\ No newline at end of file
diff --git a/build-system/scripts/ensure_repo b/build-system/scripts/ensure_repo
index d5dc5d8d2c0..260f82fb4c0 100755
--- a/build-system/scripts/ensure_repo
+++ b/build-system/scripts/ensure_repo
@@ -26,7 +26,7 @@ REGION=$2
 REFRESH_LIFECYCLE=${3:-}
 
 # Login to ECR.
-ecr_login $REGION
+retry ecr_login $REGION
 
 # Create the repository if it doesn't exist.
 if ! aws ecr describe-repositories --region $REGION --repository-names $REPOSITORY > /dev/null 2>&1; then
diff --git a/build-system/scripts/extract_repo b/build-system/scripts/extract_repo
index 353bb4b1b20..537e4948870 100755
--- a/build-system/scripts/extract_repo
+++ b/build-system/scripts/extract_repo
@@ -9,7 +9,7 @@ shift
 
 IMAGE_COMMIT_URI=$(calculate_image_uri $REPOSITORY)
 echo "Pulling $IMAGE_COMMIT_URI..."
-ecr_login
+retry ecr_login
 retry docker pull $IMAGE_COMMIT_URI
 TEMP_CONTAINER=$(docker create $IMAGE_COMMIT_URI dummy_cmd)
 
@@ -23,9 +23,9 @@ function extract_from_temp_container {
 }
 
 # Default to extracting the entire /usr/src dir
-if [ $# -eq 0 ]; then 
+if [ $# -eq 0 ]; then
   extract_from_temp_container /usr/src ./
-else 
+else
   while [ $# -gt 0 ]; do
     extract_from_temp_container $1 $2
     shift 2
diff --git a/l1-contracts/Dockerfile b/l1-contracts/Dockerfile
index 63ac606953a..1ced5c8672e 100644
--- a/l1-contracts/Dockerfile
+++ b/l1-contracts/Dockerfile
@@ -12,4 +12,4 @@ RUN forge install --no-commit \
 RUN forge clean && forge fmt --check && forge build && forge test
 RUN yarn && yarn lint
 RUN git add . && yarn slither && yarn slither-has-diff
-RUN forge build
\ No newline at end of file
+RUN forge build
diff --git a/l1-contracts/scripts/ci_deploy_contracts.sh b/l1-contracts/scripts/ci_deploy_contracts.sh
index 3aef4037fc6..328653535ff 100755
--- a/l1-contracts/scripts/ci_deploy_contracts.sh
+++ b/l1-contracts/scripts/ci_deploy_contracts.sh
@@ -17,7 +17,7 @@ if check_rebuild "cache-$CONTENT_HASH-$DEPLOY_TAG-deployed" $REPOSITORY; then
 fi
 
 # Login to pull our ecr images with docker.
-ecr_login
+retry ecr_login
 
 # Contract addresses will be saved in the serve directory
 mkdir -p serve
diff --git a/yarn-project/scripts/run_script.sh b/yarn-project/scripts/run_script.sh
index a06cf4eb42e..f352e120814 100755
--- a/yarn-project/scripts/run_script.sh
+++ b/yarn-project/scripts/run_script.sh
@@ -5,7 +5,7 @@ set -eu
 
 export PATH="$PATH:$(git rev-parse --show-toplevel)/build-system/scripts"
 
-ecr_login
+retry ecr_login
 
 REPO="yarn-project"
 retry docker pull $(calculate_image_uri $REPO)