isolated NATS logic

ci/scripts/bff/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 BFF_ENV_NAME="${BFF_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${BFF_ENV_NAME}/.env.runtime"
 
@@ -48,17 +50,13 @@ load_env_file ./.env.version
 
 BFF_MONGO_SECRET_PATH="${BFF_MONGO_SECRET_PATH:?missing BFF_MONGO_SECRET_PATH}"
 BFF_API_SECRET_PATH="${BFF_API_SECRET_PATH:?missing BFF_API_SECRET_PATH}"
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
 
 export MONGO_USER="$(./ci/vlt kv_get kv "${BFF_MONGO_SECRET_PATH}" user)"
 export MONGO_PASSWORD="$(./ci/vlt kv_get kv "${BFF_MONGO_SECRET_PATH}" password)"
 
 export API_ENDPOINT_SECRET="$(./ci/vlt kv_get kv "${BFF_API_SECRET_PATH}" secret)"
 
-export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/bff.sh

ci/scripts/billing_fees/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 FEES_ENV_NAME="${FEES_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${FEES_ENV_NAME}/.env.runtime"
 
@@ -47,15 +49,11 @@ load_env_file "${RUNTIME_ENV_FILE}"
 load_env_file ./.env.version
 
 FEES_MONGO_SECRET_PATH="${FEES_MONGO_SECRET_PATH:?missing FEES_MONGO_SECRET_PATH}"
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
 
 export FEES_MONGO_USER="$(./ci/vlt kv_get kv "${FEES_MONGO_SECRET_PATH}" user)"
 export FEES_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${FEES_MONGO_SECRET_PATH}" password)"
 
-export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/billing_fees.sh

ci/scripts/chain_gateway/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 CHAIN_GATEWAY_ENV_NAME="${CHAIN_GATEWAY_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${CHAIN_GATEWAY_ENV_NAME}/.env.runtime"
 
@@ -50,8 +52,6 @@ CHAIN_GATEWAY_MONGO_SECRET_PATH="${CHAIN_GATEWAY_MONGO_SECRET_PATH:?missing CHAI
 CHAIN_GATEWAY_RPC_SECRET_PATH="${CHAIN_GATEWAY_RPC_SECRET_PATH:?missing CHAIN_GATEWAY_RPC_SECRET_PATH}"
 CHAIN_GATEWAY_WALLET_SECRET_PATH="${CHAIN_GATEWAY_WALLET_SECRET_PATH:?missing CHAIN_GATEWAY_WALLET_SECRET_PATH}"
 CHAIN_GATEWAY_VAULT_SECRET_PATH="${CHAIN_GATEWAY_VAULT_SECRET_PATH:?missing CHAIN_GATEWAY_VAULT_SECRET_PATH}"
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
 
 export CHAIN_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_MONGO_SECRET_PATH}" user)"
 export CHAIN_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_MONGO_SECRET_PATH}" password)"
@@ -68,9 +68,7 @@ if [ -z "${CHAIN_GATEWAY_VAULT_ROLE_ID}" ] || [ -z "${CHAIN_GATEWAY_VAULT_SECRET
   exit 1
 fi
 
-export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/chain_gateway.sh

ci/scripts/common/ensure_env_version.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 set -eu
 
-echo "[fx-pipeline] rewriting .env.version" >&2
+echo "[build pipeline] rewriting .env.version" >&2
 
 if [ -f ./.env.version ]; then
   while IFS= read -r line || [ -n "$line" ]; do

ci/scripts/common/nats_env.sh

@@ -0,0 +1,20 @@
+# Helper for loading NATS credentials and URL in deploy scripts.
+load_nats_env() {
+  : "${NATS_HOST:?missing NATS_HOST}"
+  : "${NATS_PORT:?missing NATS_PORT}"
+
+  nats_secret_path="${NATS_SECRET_PATH:-sendico/nats}"
+  export NATS_USER="$(./ci/vlt kv_get kv "${nats_secret_path}" user)"
+  export NATS_PASSWORD="$(./ci/vlt kv_get kv "${nats_secret_path}" password)"
+
+  nats_url_var="${NATS_URL_VAR:-NATS_URL}"
+  nats_url_scheme="${NATS_URL_SCHEME:-nats}"
+  case "${nats_url_var}" in
+    ''|[!A-Za-z_]*|*[!A-Za-z0-9_]*)
+      echo "[nats-env] invalid NATS_URL_VAR: ${nats_url_var}" >&2
+      exit 1
+      ;;
+  esac
+
+  export "${nats_url_var}=${nats_url_scheme}://${NATS_HOST}:${NATS_PORT}"
+}

ci/scripts/discovery/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 DISCOVERY_ENV_NAME="${DISCOVERY_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${DISCOVERY_ENV_NAME}/.env.runtime"
 
@@ -46,12 +48,7 @@ normalize_env_file ./.env.version
 load_env_file "${RUNTIME_ENV_FILE}"
 load_env_file ./.env.version
 
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
-
-export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/discovery.sh

ci/scripts/fx/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 FX_ENV_NAME="${FX_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${FX_ENV_NAME}/.env.runtime"
 
@@ -54,9 +56,7 @@ export FX_MONGO_USER="$(./ci/vlt kv_get kv "${FX_MONGO_SECRET_PATH}" user)"
 export FX_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${FX_MONGO_SECRET_PATH}" password)"
 
 if [ "${FX_NEEDS_NATS}" = "true" ]; then
-  export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-  export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-  export FX_NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+  NATS_URL_VAR=FX_NATS_URL load_nats_env
 fi
 
 bash ci/prod/scripts/bootstrap/network.sh

ci/scripts/ledger/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 LEDGER_ENV_NAME="${LEDGER_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${LEDGER_ENV_NAME}/.env.runtime"
 
@@ -47,15 +49,11 @@ load_env_file "${RUNTIME_ENV_FILE}"
 load_env_file ./.env.version
 
 LEDGER_MONGO_SECRET_PATH="${LEDGER_MONGO_SECRET_PATH:?missing LEDGER_MONGO_SECRET_PATH}"
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
 
 export LEDGER_MONGO_USER="$(./ci/vlt kv_get kv "${LEDGER_MONGO_SECRET_PATH}" user)"
 export LEDGER_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${LEDGER_MONGO_SECRET_PATH}" password)"
 
-export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/ledger.sh

ci/scripts/mntx/deploy.sh

@@ -30,6 +30,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 MNTX_GATEWAY_ENV_NAME="${MNTX_GATEWAY_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${MNTX_GATEWAY_ENV_NAME}/.env.runtime"
 
@@ -50,15 +52,11 @@ load_env_file ./.env.version
 
 MNTX_GATEWAY_MONETIX_SECRET_PATH="${MNTX_GATEWAY_MONETIX_SECRET_PATH:-sendico/gateway/monetix}"
 MNTX_GATEWAY_NATS_SECRET_PATH="${MNTX_GATEWAY_NATS_SECRET_PATH:-sendico/nats}"
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
 
 export MONETIX_PROJECT_ID="$(./ci/vlt kv_get kv "${MNTX_GATEWAY_MONETIX_SECRET_PATH}" project_id)"
 export MONETIX_SECRET_KEY="$(./ci/vlt kv_get kv "${MNTX_GATEWAY_MONETIX_SECRET_PATH}" secret_key)"
 
-export NATS_USER="$(./ci/vlt kv_get kv "${MNTX_GATEWAY_NATS_SECRET_PATH}" user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv "${MNTX_GATEWAY_NATS_SECRET_PATH}" password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+NATS_SECRET_PATH="${MNTX_GATEWAY_NATS_SECRET_PATH}" load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/mntx_gateway.sh

ci/scripts/notification/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 NOTIFICATION_ENV_NAME="${NOTIFICATION_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${NOTIFICATION_ENV_NAME}/.env.runtime"
 
@@ -50,8 +52,6 @@ NOTIFICATION_MONGO_SECRET_PATH="${NOTIFICATION_MONGO_SECRET_PATH:?missing NOTIFI
 NOTIFICATION_MAIL_SECRET_PATH="${NOTIFICATION_MAIL_SECRET_PATH:?missing NOTIFICATION_MAIL_SECRET_PATH}"
 NOTIFICATION_API_SECRET_PATH="${NOTIFICATION_API_SECRET_PATH:?missing NOTIFICATION_API_SECRET_PATH}"
 NOTIFICATION_TELEGRAM_SECRET_PATH="${NOTIFICATION_TELEGRAM_SECRET_PATH:?missing NOTIFICATION_TELEGRAM_SECRET_PATH}"
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
 
 export MONGO_USER="$(./ci/vlt kv_get kv "${NOTIFICATION_MONGO_SECRET_PATH}" user)"
 export MONGO_PASSWORD="$(./ci/vlt kv_get kv "${NOTIFICATION_MONGO_SECRET_PATH}" password)"
@@ -69,9 +69,7 @@ if TELEGRAM_THREAD_ID_VALUE="$(./ci/vlt kv_get kv "${NOTIFICATION_TELEGRAM_SECRE
 fi
 export TELEGRAM_THREAD_ID
 
-export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/notification.sh

ci/scripts/payments_orchestrator/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 PAYMENTS_ENV_NAME="${PAYMENTS_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${PAYMENTS_ENV_NAME}/.env.runtime"
 
@@ -47,15 +49,11 @@ load_env_file "${RUNTIME_ENV_FILE}"
 load_env_file ./.env.version
 
 PAYMENTS_MONGO_SECRET_PATH="${PAYMENTS_MONGO_SECRET_PATH:?missing PAYMENTS_MONGO_SECRET_PATH}"
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
 
 export PAYMENTS_MONGO_USER="$(./ci/vlt kv_get kv "${PAYMENTS_MONGO_SECRET_PATH}" user)"
 export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_MONGO_SECRET_PATH}" password)"
 
-export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/payments_orchestrator.sh

ci/scripts/tgsettle/deploy.sh

@@ -32,6 +32,8 @@ load_env_file() {
   done <"$file"
 }
 
+. ci/scripts/common/nats_env.sh
+
 TGSETTLE_GATEWAY_ENV_NAME="${TGSETTLE_GATEWAY_ENV:-prod}"
 RUNTIME_ENV_FILE="./ci/${TGSETTLE_GATEWAY_ENV_NAME}/.env.runtime"
 
@@ -47,15 +49,11 @@ load_env_file "${RUNTIME_ENV_FILE}"
 load_env_file ./.env.version
 
 TGSETTLE_GATEWAY_MONGO_SECRET_PATH="${TGSETTLE_GATEWAY_MONGO_SECRET_PATH:?missing TGSETTLE_GATEWAY_MONGO_SECRET_PATH}"
-: "${NATS_HOST:?missing NATS_HOST}"
-: "${NATS_PORT:?missing NATS_PORT}"
 
 export TGSETTLE_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${TGSETTLE_GATEWAY_MONGO_SECRET_PATH}" user)"
 export TGSETTLE_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${TGSETTLE_GATEWAY_MONGO_SECRET_PATH}" password)"
 
-export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)"
-export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)"
-export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}"
+load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
 bash ci/prod/scripts/deploy/tgsettle_gateway.sh