From 5b1aca86e7e5bb2e2bf69cd407b5d23ecf2308e0 Mon Sep 17 00:00:00 2001 From: Stephan D Date: Mon, 16 Mar 2026 17:42:54 +0100 Subject: [PATCH] fixed db / nats deployment --- ci/scripts/bff/deploy.sh | 1 + ci/scripts/billing_documents/deploy.sh | 1 + ci/scripts/billing_fees/deploy.sh | 1 + ci/scripts/callbacks/deploy.sh | 1 + ci/scripts/chain_gateway/deploy.sh | 1 + .../common/ensure_remote_registry_login.sh | 65 +++++++++++++++++++ ci/scripts/discovery/deploy.sh | 1 + ci/scripts/frontend/deploy.sh | 1 + ci/scripts/fx/deploy.sh | 1 + ci/scripts/ledger/deploy.sh | 1 + ci/scripts/mntx/deploy.sh | 1 + ci/scripts/notification/deploy.sh | 1 + ci/scripts/payments_methods/deploy.sh | 1 + ci/scripts/payments_orchestrator/deploy.sh | 1 + ci/scripts/payments_quotation/deploy.sh | 1 + ci/scripts/tgsettle/deploy.sh | 1 + ci/scripts/tron_gateway/deploy.sh | 1 + 17 files changed, 81 insertions(+) create mode 100644 ci/scripts/common/ensure_remote_registry_login.sh diff --git a/ci/scripts/bff/deploy.sh b/ci/scripts/bff/deploy.sh index ed5da034..17f5f53e 100755 --- a/ci/scripts/bff/deploy.sh +++ b/ci/scripts/bff/deploy.sh @@ -56,4 +56,5 @@ fi load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/bff.sh diff --git a/ci/scripts/billing_documents/deploy.sh b/ci/scripts/billing_documents/deploy.sh index 0b68b31b..bb175906 100755 --- a/ci/scripts/billing_documents/deploy.sh +++ b/ci/scripts/billing_documents/deploy.sh @@ -46,4 +46,5 @@ export DOCUMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${DOCUMENTS_MONGO_SECRET_ load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/billing_documents.sh diff --git a/ci/scripts/billing_fees/deploy.sh b/ci/scripts/billing_fees/deploy.sh index d2e16ffb..79813875 100644 --- a/ci/scripts/billing_fees/deploy.sh +++ b/ci/scripts/billing_fees/deploy.sh @@ -46,4 +46,5 @@ export FEES_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${FEES_MONGO_SECRET_PATH}" pas load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/billing_fees.sh diff --git a/ci/scripts/callbacks/deploy.sh b/ci/scripts/callbacks/deploy.sh index 5bd5ce6c..31840d71 100755 --- a/ci/scripts/callbacks/deploy.sh +++ b/ci/scripts/callbacks/deploy.sh @@ -53,4 +53,5 @@ fi load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/callbacks.sh diff --git a/ci/scripts/chain_gateway/deploy.sh b/ci/scripts/chain_gateway/deploy.sh index a064aa43..4b2ba259 100755 --- a/ci/scripts/chain_gateway/deploy.sh +++ b/ci/scripts/chain_gateway/deploy.sh @@ -61,4 +61,5 @@ fi load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/chain_gateway.sh diff --git a/ci/scripts/common/ensure_remote_registry_login.sh b/ci/scripts/common/ensure_remote_registry_login.sh new file mode 100644 index 00000000..8dd38859 --- /dev/null +++ b/ci/scripts/common/ensure_remote_registry_login.sh @@ -0,0 +1,65 @@ +#!/bin/sh +set -eu + +if ! set -o pipefail 2>/dev/null; then + : +fi + +REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)" +cd "${REPO_ROOT}" + +: "${REGISTRY_URL:?missing REGISTRY_URL}" +: "${SSH_USER:?missing SSH_USER}" +: "${SSH_HOST:?missing SSH_HOST}" + +if [ ! -f secrets/REGISTRY_USER ] || [ ! -f secrets/REGISTRY_PASSWORD ]; then + echo "[remote-registry-login] missing registry credential files in secrets/" >&2 + exit 1 +fi + +REGISTRY_HOST="${REGISTRY_URL#http://}" +REGISTRY_HOST="${REGISTRY_HOST#https://}" +REGISTRY_USER="$(cat secrets/REGISTRY_USER)" +REGISTRY_PASSWORD="$(cat secrets/REGISTRY_PASSWORD)" + +: "${REGISTRY_USER:?missing REGISTRY_USER}" +: "${REGISTRY_PASSWORD:?missing REGISTRY_PASSWORD}" + +b64enc() { + printf '%s' "$1" | base64 | tr -d '\n' +} + +REGISTRY_HOST_B64="$(b64enc "${REGISTRY_HOST}")" +REGISTRY_USER_B64="$(b64enc "${REGISTRY_USER}")" +REGISTRY_PASSWORD_B64="$(b64enc "${REGISTRY_PASSWORD}")" +REMOTE_TARGET="${SSH_USER}@${SSH_HOST}" + +SSH_OPTS=" + -i /root/.ssh/id_rsa + -o StrictHostKeyChecking=no + -o UserKnownHostsFile=/dev/null + -o LogLevel=ERROR + -o BatchMode=yes + -o PreferredAuthentications=publickey + -o ConnectTimeout=10 +" + +ssh ${SSH_OPTS} "${REMOTE_TARGET}" \ + REGISTRY_HOST_B64="${REGISTRY_HOST_B64}" \ + REGISTRY_USER_B64="${REGISTRY_USER_B64}" \ + REGISTRY_PASSWORD_B64="${REGISTRY_PASSWORD_B64}" \ + sh -s <<'EOSSH' +set -eu + +decode_b64() { + printf '%s' "$1" | base64 -d +} + +REGISTRY_HOST="$(decode_b64 "${REGISTRY_HOST_B64}")" +REGISTRY_USER="$(decode_b64 "${REGISTRY_USER_B64}")" +REGISTRY_PASSWORD="$(decode_b64 "${REGISTRY_PASSWORD_B64}")" + +mkdir -p "${HOME}/.docker" +printf '%s' "${REGISTRY_PASSWORD}" | docker login "${REGISTRY_HOST}" -u "${REGISTRY_USER}" --password-stdin >/dev/null +echo "[remote-registry-login] logged into ${REGISTRY_HOST}" +EOSSH diff --git a/ci/scripts/discovery/deploy.sh b/ci/scripts/discovery/deploy.sh index d227ff49..d493b706 100644 --- a/ci/scripts/discovery/deploy.sh +++ b/ci/scripts/discovery/deploy.sh @@ -41,4 +41,5 @@ load_runtime_env_bundle "${DISCOVERY_ENV_NAME}" load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/discovery.sh diff --git a/ci/scripts/frontend/deploy.sh b/ci/scripts/frontend/deploy.sh index e6d43232..936d747d 100755 --- a/ci/scripts/frontend/deploy.sh +++ b/ci/scripts/frontend/deploy.sh @@ -42,4 +42,5 @@ if [ ! -s .env.version ]; then fi bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/frontend.sh diff --git a/ci/scripts/fx/deploy.sh b/ci/scripts/fx/deploy.sh index 2ead545b..4ed123b4 100755 --- a/ci/scripts/fx/deploy.sh +++ b/ci/scripts/fx/deploy.sh @@ -57,4 +57,5 @@ if [ "${FX_NEEDS_NATS}" = "true" ]; then fi bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/fx.sh "${FX_DEPLOY_TARGET}" diff --git a/ci/scripts/ledger/deploy.sh b/ci/scripts/ledger/deploy.sh index 00f8a419..f7453349 100755 --- a/ci/scripts/ledger/deploy.sh +++ b/ci/scripts/ledger/deploy.sh @@ -46,4 +46,5 @@ export LEDGER_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${LEDGER_MONGO_SECRET_PATH}" load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/ledger.sh diff --git a/ci/scripts/mntx/deploy.sh b/ci/scripts/mntx/deploy.sh index 09f510da..4e5c757a 100644 --- a/ci/scripts/mntx/deploy.sh +++ b/ci/scripts/mntx/deploy.sh @@ -54,4 +54,5 @@ export MONETIX_SECRET_KEY="$(./ci/vlt kv_get kv "${MNTX_GATEWAY_MONETIX_SECRET_P NATS_SECRET_PATH="${MNTX_GATEWAY_NATS_SECRET_PATH}" load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/mntx_gateway.sh diff --git a/ci/scripts/notification/deploy.sh b/ci/scripts/notification/deploy.sh index f83fe9fc..bb8788cd 100755 --- a/ci/scripts/notification/deploy.sh +++ b/ci/scripts/notification/deploy.sh @@ -62,4 +62,5 @@ export TELEGRAM_THREAD_ID load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/notification.sh diff --git a/ci/scripts/payments_methods/deploy.sh b/ci/scripts/payments_methods/deploy.sh index 280c78be..72b9758a 100755 --- a/ci/scripts/payments_methods/deploy.sh +++ b/ci/scripts/payments_methods/deploy.sh @@ -46,4 +46,5 @@ export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_METHODS_MONGO_S load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/payments_methods.sh diff --git a/ci/scripts/payments_orchestrator/deploy.sh b/ci/scripts/payments_orchestrator/deploy.sh index e528667d..2fcf0461 100755 --- a/ci/scripts/payments_orchestrator/deploy.sh +++ b/ci/scripts/payments_orchestrator/deploy.sh @@ -46,4 +46,5 @@ export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_MONGO_SECRET_PA load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/payments_orchestrator.sh diff --git a/ci/scripts/payments_quotation/deploy.sh b/ci/scripts/payments_quotation/deploy.sh index 0a41b9dd..78bd3344 100755 --- a/ci/scripts/payments_quotation/deploy.sh +++ b/ci/scripts/payments_quotation/deploy.sh @@ -46,4 +46,5 @@ export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_QUOTATION_MONGO load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/payments_quotation.sh diff --git a/ci/scripts/tgsettle/deploy.sh b/ci/scripts/tgsettle/deploy.sh index 8eb88568..3e0e3851 100755 --- a/ci/scripts/tgsettle/deploy.sh +++ b/ci/scripts/tgsettle/deploy.sh @@ -46,4 +46,5 @@ export TGSETTLE_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${TGSETTLE_GATEWAY load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/tgsettle_gateway.sh diff --git a/ci/scripts/tron_gateway/deploy.sh b/ci/scripts/tron_gateway/deploy.sh index c55c8e78..8b083404 100755 --- a/ci/scripts/tron_gateway/deploy.sh +++ b/ci/scripts/tron_gateway/deploy.sh @@ -63,4 +63,5 @@ fi load_nats_env bash ci/prod/scripts/bootstrap/network.sh +sh ci/scripts/common/ensure_remote_registry_login.sh bash ci/prod/scripts/deploy/tron_gateway.sh