Squashed commit of the following:

commit 4f965ce
Author: Ankur Dubey <[email protected]>
Date:   Fri Jul 12 14:08:50 2024 +0400

    Update pr.yaml

commit 62e9acf
Author: Takwa <[email protected]>
Date:   Thu Jul 11 16:47:18 2024 +0200

    add resources to cron

commit c0e152f
Author: Takwa <[email protected]>
Date:   Thu Jul 11 16:46:56 2024 +0200

    add apiversion to cron job

commit 365120c
Merge: 6960a17 558c2a4
Author: TakGN <[email protected]>
Date:   Thu Jul 11 16:35:30 2024 +0200

    Merge pull request #22 from bcnmy/pipeline

    ci: helm charts and github action workflows

commit 558c2a4
Author: Takwa <[email protected]>
Date:   Thu Jul 11 16:33:56 2024 +0200

    newlines

commit 398d46e
Author: Takwa <[email protected]>
Date:   Thu Jul 11 16:32:43 2024 +0200

    add newlines

commit 0e60c8b
Author: Takwa <[email protected]>
Date:   Thu Jul 11 16:29:20 2024 +0200

    add dockerfile

commit 304ca88
Author: Takwa <[email protected]>
Date:   Thu Jul 11 16:26:58 2024 +0200

    ci: helm charts and github action workflows

commit 6960a17
Merge: 544f53c b38bac4
Author: Aman Raj <[email protected]>
Date:   Thu Jul 11 16:51:39 2024 +0400

    Merge pull request #20 from bcnmy/dev

    Dev main sync

commit 544f53c
Merge: a51ba93 daf5530
Author: Ankur Dubey <[email protected]>
Date:   Wed Jun 12 12:35:25 2024 +0400

    Merge branch 'main' of github.com:bcnmy/reflux

commit daf5530
Author: Ankur Dubey <[email protected]>
Date:   Tue Jun 11 20:03:23 2024 +0400

    Create pull_request_template.md

.github/workflows/pr.yaml

@@ -0,0 +1,67 @@
+name: PR
+on:
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  test:
+    name: cargo test
+    runs-on: ubuntu-latest
+    services:
+      mongodb:
+        image: mongo:latest
+        ports:
+          - 27017:27017
+        options: >-
+          --health-cmd="mongosh --eval 'db.adminCommand({ ping: 1 })'"
+          --health-interval=30s
+          --health-timeout=10s
+          --health-retries=10
+      redis:
+        image: redis:latest
+        ports:
+          - 6379:6379
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+      - run: cargo test --all-features
+    env:
+      BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }}
+      COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }}
+      COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }}
+      ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }}
+      ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }}
+      OPTIMISM_RPC_URL: ${{ secrets.OPTIMISM_RPC_URL }}
+      BAE_RPC_URL: ${{ secrets.BASE_RPC_URL }}
+      MONGO_URL: ${{ secrets.MONGO_URL }}
+      REDIS_URL: ${{ secrets.REDIS_URL }}
+    environment: Testing
+
+  container_img_build_push_gar:
+    needs: [test]
+    # Allow the job to fetch a GitHub ID token
+    permissions:
+      id-token: write
+      contents: read
+    # The plan is to build and push each docker image in parallel.
+    strategy:
+      matrix:
+        image:
+          - us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux 
+          # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE
+          # {owner}/{repo}/.github/workflows/{filename}@{ref}
+    uses: bcnmy/devops/.github/workflows/container_img_build_push_gar.yaml@master
+    with:
+      image: ${{ matrix.image }}
+      dockerfile: Dockerfile
+      # GCP project where the identity provider is
+      # gcloud projects describe prj-workload-identity-001
+      gcp_project_number: '766873424314'
+      gcp_pool_id: 'pool-id-github-actions'
+      # gcp_provider_id: 'ga-GITHUB_REPO_NAME'
+      gcp_provider_id: 'ga-reflux'
+      # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE
+      gcp_registry: 'us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux'
+      gcp_service_account: '[email protected]'

.github/workflows/release.yaml

@@ -0,0 +1,87 @@
+    name: Version_Release
+    on:
+      push:
+        tags:
+          - v0.**
+    jobs:
+      # test:
+      #   name: cargo test
+      #   runs-on: ubuntu-latest
+      #   services:
+      #     mongodb:
+      #       image: mongo:latest
+      #       ports:
+      #         - 27017:27017
+      #       options: >-
+      #         --health-cmd="mongosh --eval 'db.adminCommand({ ping: 1 })'"
+      #         --health-interval=30s
+      #         --health-timeout=10s
+      #         --health-retries=10
+      #     redis:
+      #       image: redis:latest
+      #       ports:
+      #         - 6379:6379
+      #   steps:
+      #     - uses: actions/checkout@v4
+      #     - uses: dtolnay/rust-toolchain@stable
+      #     - uses: Swatinem/rust-cache@v2
+      #     - run: cargo test --all-features
+      #   env:
+      #     BUNGEE_API_KEY: ${{ secrets.BUNGEE_API_KEY }}
+      #     COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }}
+      #     COVALENT_API_KEY: ${{ secrets.COVALENT_API_KEY }}
+      #   environment: Testing
+
+      container_img_build_push_gar:
+        # needs: [test]
+        # Allow the job to fetch a GitHub ID token
+        permissions:
+          id-token: write
+          contents: read
+        # The plan is to build and push each docker image in parallel.
+        strategy:
+          matrix:
+            image:
+              - us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux 
+              # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE
+              # {owner}/{repo}/.github/workflows/{filename}@{ref}
+        uses: bcnmy/devops/.github/workflows/container_img_build_push_gar.yaml@master
+        with:
+          image: ${{ matrix.image }}
+          dockerfile: Dockerfile
+          # GCP project where the identity provider is
+          # gcloud projects describe prj-workload-identity-001
+          gcp_project_number: '766873424314'
+          gcp_pool_id: 'pool-id-github-actions'
+          # gcp_provider_id: 'ga-GITHUB_REPO_NAME'
+          gcp_provider_id: 'ga-reflux'
+          # LOCATION-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE
+          gcp_registry: 'us-docker.pkg.dev/biconomy-prod/biconomy-prod/reflux'
+          gcp_service_account: '[email protected]'
+
+      deploy_prod:
+        needs: [container_img_build_push_gar]
+        # Allow the job to fetch a GitHub ID token
+        # runs-on: ubuntu-latest
+        permissions:
+          id-token: write
+          contents: read
+        uses: bcnmy/devops/.github/workflows/deploy_to_gke.yaml@master
+        with:
+          environment: 'prod'
+          # GCP project where the identity provider is
+          # gcloud projects describe prj-workload-identity-001
+          gcp_project_number: '766873424314'
+          gcp_project_id: 'biconomy-prod'
+          gcp_bastion: ''
+          gcp_bastion_zone: ''
+          gcp_pool_id: 'pool-id-github-actions'
+          # created by devops/gcp/github-actions/configure_workload_identity_federation_with_github_actions_pipelines.sh
+          # gcp_provider_id: 'ga-GITHUB_REPO_NAME'
+          gcp_provider_id: 'ga-reflux'
+          # SERVICE_ACCOUNT_EMAIL="${SERVICE_ACCOUNT}@${PROJECT}.iam.gserviceaccount.com"
+          gcp_service_account: '[email protected]'
+          gcp_cluster_name: 'biconomy-prod'
+          gcp_cluster_location: 'us-east1'
+          use_internal_ip: false
+          deploy_command: './k8s/deploy_prod.sh ${GITHUB_REF:10}'

Dockerfile

@@ -1,10 +1,51 @@
-FROM rust:latest as builder
-WORKDIR /reflux
-COPY . .
-RUN cargo install --path bin/reflux --profile release
-
-FROM debian:latest
-RUN apt-get update
-RUN apt-get upgrade -y
-RUN apt-get install -y libssl-dev ca-certificates
-COPY --from=builder /usr/local/cargo/bin/reflux /app/reflux
+FROM --platform=linux/amd64 rust:1.79.0-slim-bullseye AS builder
+
+ENV APP_PATH=/reflux
+
+RUN apt-get update  && apt-get install -y --no-install-recommends libssl-dev pkg-config
+
+RUN USER=root cargo new --bin reflux
+
+WORKDIR ${APP_PATH}
+
+COPY . ${APP_PATH}
+
+COPY Cargo.toml Cargo.lock ${APP_PATH}
+
+RUN cargo build --release --manifest-path ${APP_PATH}/Cargo.toml
+
+
+
+# Second stage
+FROM --platform=linux/amd64 debian:bullseye-slim as execution
+
+
+# Tini allows us to avoid several Docker edge cases, see https://github.com/krallin/tini.
+# NOTE: See https://github.com/hexops/dockerfile#is-tini-still-required-in-2020-i-thought-docker-added-it-natively
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    tini libssl-dev ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Non-root user for security purposes.
+#
+# UIDs below 10,000 are a security risk, as a container breakout could result
+# in the container being ran as a more privileged user on the host kernel with
+# the same UID.
+#
+# Static GID/UID is also useful for chown'ing files outside the container where
+# such a user does not exist.
+RUN addgroup --gid 10001 --system nonroot \
+  && adduser  --uid 10000 --system --ingroup nonroot --home /home/nonroot nonroot
+
+
+WORKDIR /home/nonroot/reflux
+
+COPY --from=builder --chown=10000:10001 /reflux/target/release/reflux /usr/local/bin/
+
+USER nonroot
+
+ENTRYPOINT ["/usr/bin/tini", "--"]
+
+# Run the binary
+CMD ["reflux"]

k8s/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: reflux
+description: A Helm chart for reflux deployed on Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "v0.0.1"

k8s/deploy_prod.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+GIT_ROOT=$(git rev-parse --show-toplevel)
+SCRIPT_DIR="${GIT_ROOT}"/k8s
+
+IMAGE_TAG=$1
+
+if [[ -z "${IMAGE_TAG}" ]] ; then
+  IMAGE_TAG=latest
+fi
+
+time helm upgrade reflux "${SCRIPT_DIR}" \
+     --install \
+     --wait \
+     --atomic \
+     --values "${SCRIPT_DIR}/values.prod.yaml" \
+     --set-string namespace=reflux \
+     --set image_tag="${IMAGE_TAG}" \
+     --namespace reflux

k8s/templates/_helpers.tpl

@@ -0,0 +1,76 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "reflux.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+DD-Trace lables and annotations
+*/}}
+{{- define "datadog.datatrace" -}}
+tags.us5.datadoghq.com/env: {{ .Values.datadog.env }}
+tags.us5.datadoghq.com/service: {{ .Values.datadog.service }}
+tags.us5.datadoghq.com/version: {{ .Values.datadog.version }}
+{{- end }}
+
+{{- define "datadog.datatrace-admission" -}}
+admission.us5.datadoghq.com/config.mode: socket
+admission.us5.datadoghq.com/enabled: "true"
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "reflux.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "reflux.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "reflux.labels" -}}
+helm.sh/chart: {{ include "reflux.chart" . }}
+{{ include "reflux.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "reflux.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "reflux.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "reflux.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "reflux.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

k8s/templates/configmap-dd.yaml

@@ -0,0 +1,11 @@
+{{- if .Values.datadog.enable }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.name }}-dd-configmap
+  namespace: {{ .Values.namespace }}
+data:
+{{- range $key, $value := .Values.datadog.configs }}
+  {{ $key }}: {{ $value | quote }}
+{{- end }}         
+{{- end }}