Merge remote-tracking branch 'origin/main' into siliev/system-contrac…

…ts-deployer
ten-protocol · Oct 10, 2024 · 939b404 · 939b404
2 parents 2110a23 + ab6da10
commit 939b404
Show file tree

Hide file tree

Showing 371 changed files with 48,669 additions and 35,070 deletions.
diff --git a/.github/workflows/manual-deploy-obscuro-gateway-database.yml b/.github/workflows/manual-deploy-obscuro-gateway-database.yml
@@ -90,6 +90,50 @@ jobs:
             && curl -fsSL https://get.docker.com -o get-docker.sh && sh ./get-docker.sh \
             && git clone --depth 1 -b ${{ env.BRANCH_NAME }} https://github.com/ten-protocol/go-ten.git /home/obscuro/go-obscuro \
             && docker network create --driver bridge node_network || true \
+            && mkdir -p /home/obscuro/promtail \
+            && echo "
+            server:
+              http_listen_port: 9080
+              grpc_listen_port: 0
+
+            positions:
+              filename: /tmp/positions.yaml
+
+            clients:
+              - url: ${{ vars.METRICS_URI }}
+                batchwait: 3s
+                batchsize: 1048576
+                tls_config:
+                  insecure_skip_verify: true
+                basic_auth:
+                  username: ${{ secrets.LOKI_USER }}
+                  password: ${{ secrets.LOKI_PASSWORD }}
+
+            scrape_configs:
+            - job_name: flog_scrape
+              docker_sd_configs:
+                - host: unix:///var/run/docker.sock
+                  refresh_interval: 5s
+              relabel_configs:
+                - source_labels: [\"__meta_docker_container_name\"]
+                  regex: \"/(.*)\"
+                  target_label: \"container\"
+                - source_labels: [\"__meta_docker_container_log_stream\"]
+                  target_label: \"logstream\"
+                - source_labels: [\"__meta_docker_container_label_logging_jobname\"]
+                  target_label: \"job\"
+                - replacement: ${{ github.event.inputs.testnet_type }}-OG-MariaDB-${{ GITHUB.RUN_NUMBER }}
+                  target_label: "node_name"
+            " > /home/obscuro/promtail/promtail-config.yaml \
+            && docker run -d --name promtail \
+              --network node_network \
+              -e HOSTNAME=${{ github.event.inputs.testnet_type }}-OG-MariaDB-${{ GITHUB.RUN_NUMBER }} \
+              -v /var/log:/var/log \
+              -v /home/obscuro/promtail:/etc/promtail \
+              -v /var/lib/docker/containers:/var/lib/docker/containers:ro \
+              -v /var/run/docker.sock:/var/run/docker.sock \
+              grafana/promtail:latest \
+              -config.file=/etc/promtail/promtail-config.yaml -config.expand-env=true \
             && cd /home/obscuro/go-obscuro/ \
             && docker run -d --name ${{ github.event.inputs.testnet_type }}-OG-MariaDB-${{ GITHUB.RUN_NUMBER }} \
                 -p 3306:3306 \

diff --git a/.github/workflows/manual-deploy-obscuro-gateway.yml b/.github/workflows/manual-deploy-obscuro-gateway.yml
@@ -10,7 +10,7 @@
 #  - GATEWAY_MAX_CONCURRENT_REQUESTS_PER_USER
 
 # If we are deploying to a non primary instance all those variables should be prefixed with the instance name
-# example: dexynth-DOCKER_BUILD_TAG_GATEWAY
+# example: DEXYNTH_DOCKER_BUILD_TAG_GATEWAY
 
 
 name: '[M] Deploy Ten Gateway Backend'
@@ -34,15 +34,15 @@ on:
         type: choice
         options:
           - "primary"
-          - "dexynth"
+          - "DEXYNTH"
 
 jobs:
   validate-inputs:
     runs-on: ubuntu-latest
     steps:
       - name: "Check if deployment is allowed"
         run: |
-          if [[ "${{ github.event.inputs.instance_type }}" == "Dexynth" && "${{ github.event.inputs.testnet_type }}" != "sepolia-testnet" ]]; then
+          if [[ "${{ github.event.inputs.instance_type }}" == "DEXYNTH" && "${{ github.event.inputs.testnet_type }}" != "sepolia-testnet" ]]; then
             echo "Error: Dexynth can only be deployed to sepolia-testnet."
             exit 1
           fi
@@ -60,15 +60,16 @@ jobs:
 
           if [[ "${{ github.event.inputs.instance_type }}" != "primary" ]]; then
             INSTANCE_SUFFIX="_${{ github.event.inputs.instance_type }}"
+            INSTANCE_SUFFIX2="-${{ github.event.inputs.instance_type }}"
             INSTANCE_PREFIX="${{ github.event.inputs.instance_type }}_"
           fi
 
           echo "INSTANCE_SUFFIX=$INSTANCE_SUFFIX" >> $GITHUB_ENV
           echo "INSTANCE_PREFIX=$INSTANCE_PREFIX" >> $GITHUB_ENV
 
           # Set infrastructure variables
-          PUBLIC_IP="${{ github.event.inputs.testnet_type }}-OG-static${INSTANCE_SUFFIX}"
-          DNS_NAME="obscurogateway-${{ github.event.inputs.testnet_type }}${INSTANCE_SUFFIX}"
+          PUBLIC_IP="${{ github.event.inputs.testnet_type }}-OG-static${INSTANCE_SUFFIX2,,}"
+          DNS_NAME="obscurogateway-${{ github.event.inputs.testnet_type }}${INSTANCE_SUFFIX2,,}"
           VM_NAME="${{ github.event.inputs.testnet_type }}-OG-${{ github.run_number }}${INSTANCE_SUFFIX}"
           DEPLOY_GROUP="ObscuroGateway-${{ github.event.inputs.testnet_type }}-${{ github.run_number }}${INSTANCE_SUFFIX}"
           VNET_NAME="ObscuroGateway-${{ github.event.inputs.testnet_type }}-01VNET${INSTANCE_SUFFIX}"
@@ -149,7 +150,7 @@ jobs:
 
       - name: Build and Push Docker Image
         run: |
-          DOCKER_BUILDKIT=1 docker build --build-arg TESTNET_TYPE=${{ github.event.inputs.testnet_type }} -t ${{ env.DOCKER_BUILD_TAG_GATEWAY }} -f ./tools/walletextension/Dockerfile .
+          DOCKER_BUILDKIT=1 docker build --build-arg TESTNET_TYPE=${{ github.event.inputs.testnet_type }} -t ${{ env.DOCKER_BUILD_TAG_GATEWAY }} -f ./tools/walletextension/enclave.Dockerfile .
           docker push ${{ env.DOCKER_BUILD_TAG_GATEWAY }}
 
       # This will fail some deletions due to resource dependencies ( ie. you must first delete the vm before deleting the disk)
@@ -190,7 +191,7 @@ jobs:
             --public-ip-address "${{ env.PUBLIC_IP }}" \
             --tags deploygroup="${{ env.DEPLOY_GROUP }}"  ${{ env.AZURE_DEPLOY_GROUP_GATEWAY }}=true \
             --vnet-name "${{ env.VNET_NAME }}" --subnet "${{ env.SUBNET_NAME }}" \
-            --size 	Standard_D4_v5 --image Canonical:0001-com-ubuntu-server-focal:20_04-lts-gen2:latest \
+            --size Standard_DC2s_v3 --storage-sku StandardSSD_LRS --image ObscuroConfUbuntu \
             --authentication-type password
 
       - name: "Open TEN node-${{ matrix.host_id }} ports on Azure"
@@ -210,18 +211,90 @@ jobs:
           inlineScript: |
             az vm run-command invoke -g Testnet -n "${{ env.VM_NAME }}"  \
             --command-id RunShellScript \
-            --scripts 'mkdir -p /home/obscuro \
-            && sudo apt-get update \
-            && sudo apt-get install -y gcc \
-            && sudo snap refresh && sudo snap install --channel=1.18 go --classic \
-            && curl -fsSL https://get.docker.com -o get-docker.sh && sh ./get-docker.sh \
-            && git clone --depth 1 -b ${{ env.BRANCH_NAME }} https://github.com/ten-protocol/go-ten.git /home/obscuro/go-obscuro \
-            && docker network create --driver bridge node_network || true \
-            && cd /home/obscuro/go-obscuro/ \
-            && docker run -d -p 80:80 -p 81:81 --name "${{ env.VM_NAME }}" \
-              -e OBSCURO_GATEWAY_VERSION="${{ GITHUB.RUN_NUMBER }}-${{ GITHUB.SHA }}" \
-               --log-opt max-file=3 --log-opt max-size=10m \
-               ${{ env.DOCKER_BUILD_TAG_GATEWAY }} \
-               -host=0.0.0.0 -port=80 -portWS=81 -nodeHost=${{ env.L2_RPC_URL_VALIDATOR }} -verbose=true \
-               -logPath=sys_out -dbType=mariaDB -dbConnectionURL="obscurouser:${{ secrets.OBSCURO_GATEWAY_MARIADB_USER_PWD }}@tcp(obscurogateway-mariadb-${{  github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:3306)/ogdb" \
-               -rateLimitUserComputeTime=${{ env.GATEWAY_RATE_LIMIT_USER_COMPUTE_TIME }} -rateLimitWindow=${{ env.GATEWAY_RATE_LIMIT_WINDOW }} -maxConcurrentRequestsPerUser=${{ env.GATEWAY_MAX_CONCURRENT_REQUESTS_PER_USER }} '
+            --scripts '
+            set -e
+
+            mkdir -p /home/obscuro
+
+            # Wait for dpkg lock to be released
+            while sudo fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
+              echo "Waiting for dpkg lock to be released..."
+              sleep 1
+            done
+
+            # Proceed with package installations
+            sudo apt-get update
+            sudo apt-get install -y gcc
+            sudo snap refresh && sudo snap install --channel=1.18 go --classic
+
+            # Wait again before running get-docker.sh
+            while sudo fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do
+              echo "Waiting for dpkg lock to be released before installing Docker..."
+              sleep 1
+            done
+
+            curl -fsSL https://get.docker.com -o get-docker.sh && sh ./get-docker.sh
+            git clone --depth 1 -b "${{ env.BRANCH_NAME }}" https://github.com/ten-protocol/go-ten.git /home/obscuro/go-obscuro
+            docker network create --driver bridge node_network || true
+            cd /home/obscuro/go-obscuro/
+
+            # Promtail Integration Start
+            mkdir -p /home/obscuro/promtail
+
+            cat <<EOF > /home/obscuro/promtail/promtail-config.yaml
+            
+            server:
+              http_listen_port: 9080
+              grpc_listen_port: 0
+
+            positions:
+              filename: /tmp/positions.yaml
+
+            clients:
+              - url: "${{ vars.METRICS_URI }}"
+                batchwait: 3s
+                batchsize: 1048576
+                tls_config:
+                  insecure_skip_verify: true
+                basic_auth:
+                  username: "${{ secrets.LOKI_USER }}"
+                  password: "${{ secrets.LOKI_PASSWORD }}"
+
+            scrape_configs:
+            - job_name: flog_scrape
+              docker_sd_configs:
+                - host: unix:///var/run/docker.sock
+                  refresh_interval: 5s
+              relabel_configs:
+                - source_labels: ["__meta_docker_container_name"]
+                  regex: "/(.*)"
+                  target_label: "container"
+                - source_labels: ["__meta_docker_container_log_stream"]
+                  target_label: "logstream"
+                - source_labels: ["__meta_docker_container_label_logging_jobname"]
+                  target_label: "job"
+                - replacement: "${{ env.VM_NAME }}"
+                  target_label: "node_name"
+            EOF
+            
+            docker run -d --name promtail \
+            --network node_network \
+            -e HOSTNAME="${{ env.VM_NAME }}" \
+            -v /var/log:/var/log \
+            -v /home/obscuro/promtail:/etc/promtail \
+            -v /var/lib/docker/containers:/var/lib/docker/containers:ro \
+            -v /var/run/docker.sock:/var/run/docker.sock \
+            grafana/promtail:latest \
+            -config.file=/etc/promtail/promtail-config.yaml -config.expand-env=true
+            # Promtail Integration End
+            
+            # Start Ten Gateway Container
+            docker run -d -p 80:80 -p 81:81 --name "${{ env.VM_NAME }}" \
+            --device /dev/sgx_enclave --device /dev/sgx_provision \
+            -e OBSCURO_GATEWAY_VERSION="${{ github.run_number }}-${{ github.sha }}" \
+            -e OE_SIMULATION=0 \
+            "${{ env.DOCKER_BUILD_TAG_GATEWAY }}" \
+            ego run /home/ten/go-ten/tools/walletextension/main/main \
+            -host=0.0.0.0 -port=80 -portWS=81 -nodeHost="${{ env.L2_RPC_URL_VALIDATOR }}" -verbose=true \
+            -logPath=sys_out -dbType=mariaDB -dbConnectionURL="obscurouser:${{ secrets.OBSCURO_GATEWAY_MARIADB_USER_PWD }}@tcp(obscurogateway-mariadb-${{ github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:3306)/ogdb" \
+            -rateLimitUserComputeTime="${{ env.GATEWAY_RATE_LIMIT_USER_COMPUTE_TIME }}" -rateLimitWindow="${{ env.GATEWAY_RATE_LIMIT_WINDOW }}" -maxConcurrentRequestsPerUser="${{ env.GATEWAY_MAX_CONCURRENT_REQUESTS_PER_USER }}" '
diff --git a/.github/workflows/manual-deploy-ten-bridge.yml b/.github/workflows/manual-deploy-ten-bridge.yml
@@ -58,8 +58,8 @@ jobs:
           name: ${{ github.event.inputs.testnet_type }}-fe-ten-bridge
           location: "uksouth"
           restart-policy: "Never"
-          environment-variables: NEXT_PUBLIC_BRIDGE_API_HOST=https://${{ github.event.inputs.testnet_type }}.ten.xyz/v1 NEXT_PUBLIC_FE_VERSION=${{ GITHUB.RUN_NUMBER }}-${{ GITHUB.SHA }}
-          command-line: npm run start-prod
+          environment-variables: NEXT_PUBLIC_BRIDGE_API_HOST=${{ vars.NEXT_PUBLIC_BRIDGE_API_HOST }} NEXT_PUBLIC_FE_VERSION=${{ GITHUB.RUN_NUMBER }}-${{ GITHUB.SHA }}
+          command-line: pnpm run start-prod
           ports: "80"
           cpu: 2
           memory: 2
diff --git a/.github/workflows/manual-deploy-ten-gateway-frontend.yml b/.github/workflows/manual-deploy-ten-gateway-frontend.yml
@@ -7,10 +7,10 @@
 # - TENSCAN_URL
 
 # If we are deploying to a non primary instance all those variables should be prefixed with the instance name
-# example: dexynth-GATEWAY_URL
+# example: DEXYNTH_GATEWAY_URL
 
-name: '[M] Deploy Ten Gateway Frontend'
-run-name: '[M] Deploy Ten Gateway Frontend ( ${{ github.event.inputs.testnet_type }} )'
+name: "[M] Deploy Ten Gateway Frontend"
+run-name: "[M] Deploy Ten Gateway Frontend ( ${{ github.event.inputs.testnet_type }} )"
 on:
   workflow_dispatch:
     inputs:
@@ -30,14 +30,14 @@ on:
         type: choice
         options:
           - "primary"
-          - "dexynth"
+          - "DEXYNTH"
 jobs:
   validate-inputs:
     runs-on: ubuntu-latest
     steps:
       - name: "Check if deployment is allowed"
         run: |
-          if [[ "${{ github.event.inputs.instance_type }}" == "dexynth" && "${{ github.event.inputs.testnet_type }}" != "sepolia-testnet" ]]; then
+          if [[ "${{ github.event.inputs.instance_type }}" == "DEXYNTH" && "${{ github.event.inputs.testnet_type }}" != "sepolia-testnet" ]]; then
             echo "Error: Dexynth can only be deployed to sepolia-testnet."
             exit 1
           fi
@@ -53,16 +53,17 @@ jobs:
           INSTANCE_PREFIX=""
 
           if [[ "${{ github.event.inputs.instance_type }}" != "primary" ]]; then
-            INSTANCE_SUFFIX="-${{ github.event.inputs.instance_type }}"
-            INSTANCE_PREFIX="${{ github.event.inputs.instance_type }}-"
+            INSTANCE_SUFFIX="_${{ github.event.inputs.instance_type }}"
+            INSTANCE_SUFFIX2="-${{ github.event.inputs.instance_type }}"
+            INSTANCE_PREFIX="${{ github.event.inputs.instance_type }}_"
           fi
 
           echo "INSTANCE_SUFFIX=$INSTANCE_SUFFIX" >> $GITHUB_ENV
           echo "INSTANCE_PREFIX=$INSTANCE_PREFIX" >> $GITHUB_ENV
 
 
-          DNS_NAME_LABEL_GATEWAY_FE="${{ github.event.inputs.testnet_type }}-ten-gateway${INSTANCE_SUFFIX}"
-          IMAGE_NAME_GATEWAY_FE="${{ github.event.inputs.testnet_type }}-fe-ten-gateway${INSTANCE_SUFFIX}"
+          DNS_NAME_LABEL_GATEWAY_FE="${{ github.event.inputs.testnet_type }}-ten-gateway${INSTANCE_SUFFIX2,,}"
+          IMAGE_NAME_GATEWAY_FE="${{ github.event.inputs.testnet_type }}-fe-ten-gateway${INSTANCE_SUFFIX2,,}"
 
           echo "DNS_NAME_LABEL_GATEWAY_FE=$DNS_NAME_LABEL_GATEWAY_FE" >> $GITHUB_ENV
           echo "IMAGE_NAME_GATEWAY_FE=$IMAGE_NAME_GATEWAY_FE" >> $GITHUB_ENV
@@ -119,17 +120,18 @@ jobs:
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
 
-      - name: 'Build and Push Docker Image'
+      - name: "Build and Push Docker Image"
         run: |
           DOCKER_BUILDKIT=1 docker build \
-            --build-arg NEXT_PUBLIC_NETWORK_NAME=${{ env.NETWORK_NAME }} \
-            --build-arg NEXT_PUBLIC_TENSCAN_URL=${{ env.TENSCAN_URL }} \
-            --build-arg NEXT_PUBLIC_GATEWAY_URL=${{ env.GATEWAY_URL }} \
-            -t ${{ env.DOCKER_BUILD_TAG_GATEWAY_FE }} \
+            --build-arg NEXT_PUBLIC_API_HOST_ENVIRONMENT="${{ github.event.inputs.testnet_type }}"" \
+            --build-arg NEXT_PUBLIC_NETWORK_NAME="${{ env.NETWORK_NAME }}" \
+            --build-arg NEXT_PUBLIC_TENSCAN_URL="${{ env.TENSCAN_URL }}" \
+            --build-arg NEXT_PUBLIC_GATEWAY_URL="${{ env.GATEWAY_URL }}" \
+            -t "${{ env.DOCKER_BUILD_TAG_GATEWAY_FE }}" \
             -f ./tools/walletextension/frontend/Dockerfile .
-          docker push ${{ env.DOCKER_BUILD_TAG_GATEWAY_FE }}
+          docker push "${{ env.DOCKER_BUILD_TAG_GATEWAY_FE }}"
 
-      - name: 'Deploy Gateway FE to Azure Container Instances'
+      - name: "Deploy Gateway FE to Azure Container Instances"
         uses: "azure/aci-deploy@v1"
         with:
           resource-group: ${{ secrets.RESOURCE_GROUP }}
@@ -140,4 +142,4 @@ jobs:
           restart-policy: "Never"
           ports: "80"
           cpu: 2
-          memory: 2
+          memory: 2
diff --git a/.github/workflows/manual-deploy-ten-scan.yml b/.github/workflows/manual-deploy-ten-scan.yml
@@ -63,8 +63,8 @@ jobs:
           name: ${{ github.event.inputs.testnet_type }}-fe-ten-scan
           location: "uksouth"
           restart-policy: "Never"
-          environment-variables: NEXT_PUBLIC_API_HOST=https://${{ github.event.inputs.testnet_type }}-api.tenscan.io NEXT_PUBLIC_FE_VERSION=${{ GITHUB.RUN_NUMBER }}-${{ GITHUB.SHA }}
-          command-line: npm run start-prod
+          environment-variables: NEXT_PUBLIC_API_HOST=https://${{ github.event.inputs.testnet_type }}-api.tenscan.io NEXT_PUBLIC_FE_VERSION=${{ GITHUB.RUN_NUMBER }}-${{ GITHUB.SHA }} NEXT_PUBLIC_API_HOST_ENVIRONMENT=${{ github.event.inputs.testnet_type }}
+          command-line: pnpm run start-prod
           ports: "80"
           cpu: 2
           memory: 2

diff --git a/contracts/src/lib/ContractTransparencyConfig.sol b/contracts/src/lib/ContractTransparencyConfig.sol
@@ -4,18 +4,26 @@ pragma solidity ^0.8.20;
 // implement this interface if you want to configure the visibility rules of your smart contract
 // the TEN platform will interpret this information
 interface ContractTransparencyConfig {
+    // configuration per event log type
+    enum Field{
+        TOPIC1, TOPIC2, TOPIC3, // if any of these fields is in the relevantTo array, then the address in that topic will be able to query for that event
+        SENDER, // the tx.origin will be able to query for the event
+        EVERYONE // the event is public - visible to everyone
+    }
+
+    enum ContractCfg{
+        TRANSPARENT, //the internal state via getStorageAt will be accessible to everyone. All events will be public. This is the strongest setting.
+        PRIVATE // internal state is hidden, and events can be configured.
+    }
+
     // configuration per event log type
     struct EventLogConfig {
-        bytes eventSignature;
-        bool isPublic;  // everyone can see and query for this event
-        bool topic1CanView;    // If the event is private, and this is true, it means that the address from topic1 is an EOA that can view this event
-        bool topic2CanView;    // same
-        bool topic3CanView;    // same
-        bool visibleToSender; // if true, the tx signer will see this event. Default false
+        bytes32 eventSignature;
+        Field[] visibleTo;
     }
 
     struct VisibilityConfig {
-        bool isTransparent; // If true - the internal state via getStorageAt will be accessible to everyone. All events will be public. Default false
+        ContractCfg contractCfg;
         EventLogConfig[] eventLogConfigs;  // mapping from event signature to visibility configs per event
     }