From 5a335366f0bf3f162a0d8dab434abcbaf305ace9 Mon Sep 17 00:00:00 2001
From: Kissadada <kissada@bandprotocol.com>
Date: Wed, 26 Feb 2025 14:04:21 +0700
Subject: [PATCH] Falcon deployment

---
 Dockerfile      | 14 ++++++---
 cloudbuild.yaml | 78 +++++++++++++++++++++++++++++++++++++++++++++++++
 config.toml     | 30 +++++++++++++++++++
 run.sh          | 11 +++++++
 4 files changed, 129 insertions(+), 4 deletions(-)
 create mode 100644 cloudbuild.yaml
 create mode 100644 config.toml
 create mode 100644 run.sh

diff --git a/Dockerfile b/Dockerfile
index 5702e11..df0d2aa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # ============================ Build Stage ============================
-FROM --platform=$BUILDPLATFORM golang:1.22.3-alpine3.19 as build
+FROM golang:1.22.3-alpine3.19 as build
 
 LABEL org.opencontainers.image.source="https://github.com/bandprotocol/falcon"
 
@@ -31,11 +31,15 @@ RUN if [ -d "/go/bin/linux_${TARGETARCH}" ]; then mv /go/bin/linux_${TARGETARCH}
 # ============================ Final Stage ============================
 FROM alpine:3.19
 
-RUN apk add --no-cache ca-certificates
+RUN apk add --update --no-cache ca-certificates shadow
 
 # Set working directory inside the container
 WORKDIR /app
 
+# Copy start up script
+COPY run.sh .
+RUN chmod +x run.sh
+
 # Create non-root user for security
 RUN addgroup -S falcon && adduser -S falcon -G falcon
 
@@ -45,7 +49,9 @@ COPY --from=build /go/bin/falcon /usr/bin/falcon
 # Set ownership for non-root user
 RUN chown -R falcon:falcon /app
 
-# Switch to non-root user
+# Set $HOME and Switch to non-root user
+RUN usermod -d /app falcon
 USER falcon
 
-ENTRYPOINT ["falcon", "start"]
+#ENTRYPOINT ["tail", "-f", "/dev/null"]
+ENTRYPOINT ["sh", "run.sh"]
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
new file mode 100644
index 0000000..bb127c0
--- /dev/null
+++ b/cloudbuild.yaml
@@ -0,0 +1,78 @@
+steps:
+# git authentication
+- name: "gcr.io/cloud-builders/git"
+  id: git ssh authentication
+  secretEnv: ["SSH_KEY"]
+  entrypoint: "bash"
+  args:
+  - -c
+  - |
+    echo "$$SSH_KEY" >> /root/.ssh/id_rsa
+    chmod 400 /root/.ssh/id_rsa
+    cp known_hosts.github /root/.ssh/known_hosts
+  volumes:
+  - name: "ssh"
+    path: /root/.ssh
+
+# build docker image
+- name: "gcr.io/cloud-builders/docker"
+  id: build-docker-iamge
+  args: ["build", "-t", "asia-southeast1-docker.pkg.dev/${PROJECT_ID}/band-feeder/$_SERVICE_NAME:$SHORT_SHA", "."]
+
+# push docker image in GCR
+- name: "gcr.io/cloud-builders/docker"
+  id: push-docker-image-to-gcr
+  args: ["push", "asia-southeast1-docker.pkg.dev/${PROJECT_ID}/band-feeder/$_SERVICE_NAME:$SHORT_SHA"]
+
+  # install yq
+- name: gcr.io/cloud-builders/wget
+  args:
+  - "-qO"
+  - /workspace/yq
+  - "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64"
+
+# update image based on SHORT_SHA and push in manifest repo
+- name: "gcr.io/cloud-builders/gcloud"
+  id: update-image
+  entrypoint: /bin/sh
+  secretEnv: ["SSH_KEY"]
+  args:
+  - "-c"
+  - |
+    chmod +x /workspace/yq
+    git clone git@github.com:bandprotocol/band-feeder-gke-manifest-testnet.git -b ${_CD_BRANCH}
+    cd band-feeder-gke-manifest-testnet/helm-values/playground
+
+    sed -i -e "/^image:/,/tag:/{/^\([[:space:]]*tag: \).*/s//\1"\"${SHORT_SHA}\""/}" poc-falcon.yaml
+    toml=`cat /workspace/config.toml` /workspace/yq -i '.configMap.json = strenv(toml) ' poc-falcon.yaml
+
+
+    echo "Pushing changes to k8s manifest repo ..."
+    git config --global user.name "cloudbuild-commit"
+    git config --global user.email "cloudbuild-commit@gmail.com"
+    git add -A
+    git status
+    git commit -m "Updated image tag based on ${SHORT_SHA} for ${_SERVICE_NAME}"
+    git pull --rebase
+    until git push git@github.com:bandprotocol/band-feeder-gke-manifest-testnet.git ${_CD_BRANCH}
+    do
+      git pull --rebase
+      git push git@github.com:bandprotocol/band-feeder-gke-manifest-testnet.git ${_CD_BRANCH}
+    done
+  volumes:
+  - name: "ssh"
+    path: /root/.ssh
+
+substitutions:
+  _SERVICE_NAME: poc-falcon
+  _CD_BRANCH: poc-production
+
+options:
+  logging: CLOUD_LOGGING_ONLY
+  machineType: "E2_HIGHCPU_8"
+  dynamic_substitutions: true
+
+availableSecrets:
+  secretManager:
+  - versionName: projects/${PROJECT_ID}/secrets/github-token/versions/latest
+    env: "SSH_KEY"
diff --git a/config.toml b/config.toml
new file mode 100644
index 0000000..0aaf0a5
--- /dev/null
+++ b/config.toml
@@ -0,0 +1,30 @@
+[global]
+log_level = ''
+checking_packet_interval = 60000000000
+sync_tunnels_interval = 60000000000
+max_checking_packet_penalty_duration = 300000000000
+penalty_exponential_factor = 1.1
+
+[bandchain]
+rpc_endpoints = ['https://rpc.band-v3-testnet.bandchain.org/']
+liveliness_checking_interval = 1800000000000
+timeout = 5
+
+[target_chains]
+
+[target_chains.holesky-testnet]
+endpoints = ['https://ethereum-holesky-rpc.publicnode.com']
+chain_type = 'evm'
+max_retry = 3
+query_timeout = 3000000000
+execute_timeout = 0
+chain_id = 17000
+tunnel_router_address = '0xD3F452702484c9Fe7889F820B01BF7B0E20b221B'
+block_confirmation = 1
+waiting_tx_duration = 90000000000
+liveliness_checking_interval = 1800000000000
+max_priority_fee = 100000000
+max_base_fee = 100000000
+checking_tx_interval = 3000000000
+gas_type = 'eip1559'
+gas_multiplier = 1.3
diff --git a/run.sh b/run.sh
new file mode 100644
index 0000000..87599c8
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Copy config from config map mount path
+falcon config init
+cp /config/config.toml /app/.falcon/config/config.toml
+
+# Add keys to key ring
+falcon keys add holesky-testnet testkey-1 --private-key $ETH_PRIV_KEY
+
+# Start Service
+falcon start