chore: simplify staging (#2018)

This simplify the staging servers system. It's using the docker image: [watchtower](https://github.com/containrrr/watchtower) to automatically pull-update new gno versions. It's currently deployed on the server: we now have - https://rpc.staging.gno.land - http://rpc.staging.gno.land:26657 - http://rpc.staging.gno.land:36657 (to be compliant with previous version) <details><summary>Contributors' checklist...</summary> - [ ] Added new tests, or not needed, or not feasible - [ ] Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory - [ ] Updated the official documentation or not needed - [ ] No breaking changes were made, or a `BREAKING CHANGE: xxx` message was included in the description - [ ] Added references to related issues and PRs - [ ] Provided any useful hints for running manual tests - [ ] Added new benchmarks to [generated graphs](https://gnoland.github.io/benchmarks), if any. More info [here](https://github.com/gnolang/gno/blob/master/.benchmarks/README.md). </details>
gnolang · Aug 22, 2024 · e60e4ca · e60e4ca
1 parent e94f76f
commit e60e4ca
Show file tree

Hide file tree

Showing 3 changed files with 136 additions and 117 deletions.
diff --git a/docs/reference/network-config.md b/docs/reference/network-config.md
@@ -9,7 +9,7 @@ id: network-config
 | Portal Loop | https://rpc.gno.land:443 | `portal-loop` |
 | Test4 | https://rpc.test4.gno.land:443 | `test4` |
 | Test3 | https://rpc.test3.gno.land:443 | `test3` |
-| Staging | http://rpc.staging.gno.land:36657 | `staging` |
+| Staging | https://rpc.staging.gno.land:443  | `staging` |
 
 ### WebSocket endpoints
 All networks follow the same pattern for websocket connections: 

diff --git a/misc/deployments/staging.gno.land/docker-compose.yml b/misc/deployments/staging.gno.land/docker-compose.yml
@@ -1,130 +1,126 @@
-version: "2"
-
+name: "staging-gno-land"
 services:
+ traefik:
+ image: "traefik:v2.11"
+ restart: unless-stopped
+ command:
+ - "--api.insecure=true"
+ - "--providers.docker=true"
+ - "--providers.docker.exposedbydefault=false"
+ - "--entrypoints.web.address=:80"
+ - "--entrypoints.rpc.address=:26657"
+ - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+ - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+ - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
+ - "--entryPoints.web.forwardedHeaders.insecure"
+ - "--entrypoints.traefik.address=:8080"
+ - "--entrypoints.websecure.address=:443"
+
+ - "--certificatesresolvers.le.acme.tlschallenge=true"
+ - "--certificatesresolvers.le.acme.email=dev@gno.land"
+ - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
+ ports:
+ - "80:80"
+ - "443:443"
+ - "26657:26657"
+ volumes:
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+ - ./letsencrypt:/letsencrypt
+
  gnoland:
- container_name: gnoland
- build: ../../..
+ image: ghcr.io/gnolang/gno/gnoland:master
+ restart: unless-stopped
+ entrypoint: /entrypoint.sh
+ working_dir: /gnoroot
  environment:
- - VIRTUAL_HOST=rpc.staging.gno.land
- - VIRTUAL_PORT=26657
- - LETSENCRYPT_HOST=rpc.staging.gno.land
- - LOG_LEVEL=4
- working_dir: /opt/gno/src/gno.land
- command:
- - gnoland
- - start
- - --skip-failing-genesis-txs
- - --chainid=staging
- - --genesis-remote=staging.gno.land:26657
+ CHAIN_ID: staging
+ MONIKER: gno-staging
  volumes:
- - "./data/gnoland:/opt/gno/src/gno.land/gnoland-data"
- ports:
- - 26656:26656
- - 26657:26657
- restart: on-failure
- logging:
- driver: "json-file"
- options:
- max-file: "10"
- max-size: "100m"
+ - ./gnoland.entrypoint.sh:/entrypoint.sh
+ #ports:
+ # - 26656:26656
+ labels:
+ com.centurylinklabs.watchtower.enable: "true"
+ traefik.enable: "true"
+ traefik.http.routers.gnoland.entrypoints: "web,websecure"
+ traefik.http.routers.gnoland.rule: "Host(`rpc.staging.gno.land`)"
+ traefik.http.routers.gnoland.service: gnoland-rpc
+ traefik.http.routers.gnoland.tls: "true"
+ traefik.http.routers.gnoland.tls.certresolver: "le"
+ traefik.http.routers.gnoland-rpc.entrypoints: "rpc"
+ traefik.http.routers.gnoland-rpc.rule: "PathPrefix(`/`)"
+ traefik.http.routers.gnoland-rpc.service: gnoland-rpc
+ traefik.http.services.gnoland-rpc.loadbalancer.server.port: 26657
 
  gnoweb:
- container_name: gnoweb
- build: ../../..
- command:
+ image: ghcr.io/gnolang/gno/gnoweb:master
+ restart: unless-stopped
+ env_file: ".env"
+ entrypoint:
  - gnoweb
- - --bind=0.0.0.0:80
- - --remote=gnoland:26657
- - --captcha-site=$RECAPTCHA_SITE_KEY
- - --faucet-url=https://faucet-staging.gno.land/
- - --help-chainid=staging
- - --help-remote=staging.gno.land:26657
+ - --bind=0.0.0.0:8888
+ - --remote=http://traefik:26657
+ - --faucet-url=https://faucet-api.staging.gno.land
+ - --captcha-site=$CAPTCHA_SITE_KEY
  - --with-analytics
- volumes:
- - "./overlay:/overlay:ro"
- links:
- - gnoland
- environment:
- - VIRTUAL_HOST=staging.gno.land
- - LETSENCRYPT_HOST=staging.gno.land
- # from .env
- - RECAPTCHA_SITE_KEY
- restart: on-failure
- logging:
- driver: "json-file"
- options:
- max-file: "10"
- max-size: "100m"
+ - --help-chainid=staging
+ - --help-remote=https://rpc.staging.gno.land:443
+ labels:
+ com.centurylinklabs.watchtower.enable: "true"
+ traefik.enable: "true"
+ traefik.http.routers.gnoweb.entrypoints: "web,websecure"
+ traefik.http.routers.gnoweb.rule: "Host(`staging.gno.land`)"
+ traefik.http.routers.gnoweb.tls: "true"
+ traefik.http.routers.gnoweb.tls.certresolver: "le"
 
  gnofaucet:
- container_name: gnofaucet
- build: ../../..
- command: sh -xc "
- date &&
- mkdir -p /.gno &&
- expect -c \"set timeout -1; spawn gnokey add --home /.gno/ --recover faucet; expect \\\"Enter a passphrase\\\"; send \\\"$GNOKEY_PASS\\r\\\"; expect \\\"Repeat the passphrase\\\"; send \\\"$GNOKEY_PASS\\r\\\"; expect \\\"Enter your bip39 mnemonic\\\"; send \\\"$FAUCET_WORDS\\r\\\"; expect eof\" &&
- while true; do
- expect -c \"set timeout -1; spawn gnofaucet serve --send 50000000ugnot --captcha-secret \\\"$RECAPTCHA_SECRET_KEY\\\" --remote gnoland:26657 --chain-id staging --home /.gno/ faucet; expect \\\"Enter password\\\"; send \\\"$GNOKEY_PASS\\r\\\"; expect eof\";
- sleep 5;
- done
- "
- links:
- - gnoland
- environment:
- - VIRTUAL_HOST=faucet-staging.gno.land
- - VIRTUAL_PORT=5050
- - LETSENCRYPT_HOST=faucet-staging.gno.land
- # from .env
- - RECAPTCHA_SECRET_KEY
- - FAUCET_WORDS
- - GNOKEY_PASS
- ports:
- - 5050
- restart: on-failure
- logging:
- driver: "json-file"
- options:
- max-file: "10"
- max-size: "100m"
+ image: ghcr.io/gnolang/gno/gnofaucet-slim
+ restart: unless-stopped
+ command:
+ - "serve"
+ - "--listen-address=0.0.0.0:5050"
+ - "--chain-id=staging"
+ - "--is-behind-proxy=true"
+ - "--mnemonic=${FAUCET_MNEMONIC}"
+ - "--num-accounts=1"
+ - "--remote=http://traefik:26657"
+ - "--captcha-secret=${CAPTCHA_SECRET_KEY}"
+ env_file: ".env"
+ # environment:
+ # from .env
+ # - RECAPTCHA_SECRET_KEY
+ labels:
+ com.centurylinklabs.watchtower.enable: "true"
+ traefik.enable: "true"
+ traefik.http.routers.gnofaucet-api.entrypoints: "websecure"
+ traefik.http.routers.gnofaucet-api.rule: "Host(`faucet-api.staging.gno.land`) || Host(`faucet-api.staging.gnoteam.com`)"
+ traefik.http.routers.gnofaucet-api.tls: "true"
+ traefik.http.routers.gnofaucet-api.tls.certresolver: "le"
+ traefik.http.middlewares.gnofaucet-ratelimit.ratelimit.average: "6"
+ traefik.http.middlewares.gnofaucet-ratelimit.ratelimit.period: "1m"
 
- nginx-proxy:
- image: nginxproxy/nginx-proxy
- container_name: nginx-proxy
- ports:
- - "80:80"
- - "443:443"
+ watchtower:
+ image: containrrr/watchtower
+ restart: unless-stopped
+ command: --interval 30 --http-api-metrics --label-enable
  volumes:
- - conf:/etc/nginx/conf.d
- - vhost:/etc/nginx/vhost.d
- - html:/usr/share/nginx/html
- - certs:/etc/nginx/certs:ro
- - /var/run/docker.sock:/tmp/docker.sock:ro
- logging:
- driver: "json-file"
- options:
- max-file: "10"
- max-size: "100m"
-
- acme-companion:
- image: nginxproxy/acme-companion
- container_name: nginx-proxy-acme
+ - /var/run/docker.sock:/var/run/docker.sock
  environment:
- - DEFAULT_EMAIL=noreply@gno.land
- volumes_from:
- - nginx-proxy
- volumes:
- - certs:/etc/nginx/certs:rw
- - acme:/etc/acme.sh
- - /var/run/docker.sock:/var/run/docker.sock:ro
- logging:
- driver: "json-file"
- options:
- max-file: "10"
- max-size: "100m"
+ WATCHTOWER_HTTP_API_TOKEN: "mytoken"
 
-volumes:
- conf:
- vhost:
- html:
- certs:
- acme:
+ restarter:
+ image: docker:cli
+ restart: unless-stopped
+ entrypoint: [ "/bin/sh", "-c" ]
+ working_dir: "/app"
+ volumes:
+ - ".:/app"
+ - "/var/run/docker.sock:/var/run/docker.sock"
+ command:
+ - |
+ while true; do
+ if [ "$$(date +'%H:%M')" = '22:00' ]; then
+ docker compose restart gnoland
+ fi
+ sleep 60
+ done
diff --git a/misc/deployments/staging.gno.land/gnoland.entrypoint.sh b/misc/deployments/staging.gno.land/gnoland.entrypoint.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+
+set -ex
+
+MONIKER=${MONIKER:-"gnode"}
+P2P_LADDR=${P2P_LADDR:-"tcp://0.0.0.0:26656"}
+RPC_LADDR=${RPC_LADDR:-"tcp://0.0.0.0:26657"}
+
+CHAIN_ID=${CHAIN_ID:-"staging"}
+
+rm -rfv ./gnoland-data genesis.json
+
+gnoland config init
+gnoland secrets init
+
+gnoland config set moniker "${MONIKER}"
+gnoland config set rpc.laddr "${RPC_LADDR}"
+gnoland config set p2p.laddr "${P2P_LADDR}"
+
+exec gnoland start \
+ --skip-failing-genesis-txs \
+ --chainid="${CHAIN_ID}" \
+ --lazy