+ fx

ci/prod/.env.runtime

@@ -24,3 +24,26 @@ NATS_PORT=4222
 NATS_MONITORING_PORT=8222
 NATS_PROMETHEUS_PORT=7777
 NATS_COMPOSE_PROJECT=sendico-nats
+
+# FX deployments
+FX_GO_VERSION=latest
+
+# Shared Mongo settings for FX services
+FX_MONGO_HOST=sendico_db1
+FX_MONGO_PORT=27017
+FX_MONGO_DATABASE=fx
+FX_MONGO_AUTH_SOURCE=admin
+FX_MONGO_REPLICA_SET=sendico-rs
+
+# FX ingestor stack
+FX_INGESTOR_DIR=fx_ingestor
+FX_INGESTOR_COMPOSE_PROJECT=sendico-fx-ingestor
+FX_INGESTOR_SERVICE_NAME=sendico_fx_ingestor
+FX_INGESTOR_METRICS_PORT=9102
+
+# FX oracle stack
+FX_ORACLE_DIR=fx_oracle
+FX_ORACLE_COMPOSE_PROJECT=sendico-fx-oracle
+FX_ORACLE_SERVICE_NAME=sendico_fx_oracle
+FX_ORACLE_GRPC_PORT=50051
+FX_ORACLE_METRICS_PORT=9400

ci/prod/compose/fx_ingestor.dockerfile

@@ -0,0 +1,34 @@
+# syntax=docker/dockerfile:1.7
+
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+FROM golang:alpine AS build
+ARG APP_VERSION=dev
+ARG GIT_REV=unknown
+ARG BUILD_BRANCH=unknown
+ARG BUILD_DATE=unknown
+ARG BUILD_USER=ci
+WORKDIR /src
+COPY . .
+WORKDIR /src/api/fx/ingestor
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
+    go build -trimpath -ldflags "\
+      -s -w \
+      -X github.com/tech/sendico/fx/ingestor/internal/appversion.Version=${APP_VERSION} \
+      -X github.com/tech/sendico/fx/ingestor/internal/appversion.Revision=${GIT_REV} \
+      -X github.com/tech/sendico/fx/ingestor/internal/appversion.Branch=${BUILD_BRANCH} \
+      -X github.com/tech/sendico/fx/ingestor/internal/appversion.BuildUser=${BUILD_USER} \
+      -X github.com/tech/sendico/fx/ingestor/internal/appversion.BuildDate=${BUILD_DATE}" \
+    -o /out/fx-ingestor .
+
+FROM alpine:latest AS runtime
+RUN apk add --no-cache ca-certificates tzdata wget
+WORKDIR /app
+COPY api/fx/ingestor/config.yml /app/config.yml
+COPY --from=build /out/fx-ingestor /app/fx-ingestor
+EXPOSE 9102
+ENTRYPOINT ["/app/fx-ingestor"]
+CMD ["--config.file", "/app/config.yml"]

ci/prod/compose/fx_ingestor.yml

@@ -0,0 +1,39 @@
+# Compose v2 - FX ingestor
+
+x-common-env: &common-env
+  env_file:
+    - ../env/.env.runtime
+    - ../env/.env.version
+
+networks:
+  sendico-net:
+    external: true
+    name: sendico-net
+
+services:
+  sendico_fx_ingestor:
+    <<: *common-env
+    container_name: sendico-fx-ingestor
+    restart: unless-stopped
+    image: ${REGISTRY_URL}/fx/ingestor:${APP_V}
+    pull_policy: always
+    environment:
+      FX_MONGO_HOST: ${FX_MONGO_HOST}
+      FX_MONGO_PORT: ${FX_MONGO_PORT}
+      FX_MONGO_DATABASE: ${FX_MONGO_DATABASE}
+      FX_MONGO_USER: ${FX_MONGO_USER}
+      FX_MONGO_PASSWORD: ${FX_MONGO_PASSWORD}
+      FX_MONGO_AUTH_SOURCE: ${FX_MONGO_AUTH_SOURCE}
+      FX_MONGO_REPLICA_SET: ${FX_MONGO_REPLICA_SET}
+      FX_INGESTOR_METRICS_PORT: ${FX_INGESTOR_METRICS_PORT}
+    command: ["--config.file", "/app/config.yml"]
+    ports:
+      - "0.0.0.0:${FX_INGESTOR_METRICS_PORT}:${FX_INGESTOR_METRICS_PORT}"
+    healthcheck:
+      test: ["CMD-SHELL","wget -qO- http://localhost:${FX_INGESTOR_METRICS_PORT}/health | grep -q '\"status\":\"ok\"'"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+    networks:
+      - sendico-net

ci/prod/compose/fx_oracle.dockerfile

@@ -0,0 +1,34 @@
+# syntax=docker/dockerfile:1.7
+
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+FROM golang:alpine AS build
+ARG APP_VERSION=dev
+ARG GIT_REV=unknown
+ARG BUILD_BRANCH=unknown
+ARG BUILD_DATE=unknown
+ARG BUILD_USER=ci
+WORKDIR /src
+COPY . .
+WORKDIR /src/api/fx/oracle
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
+    go build -trimpath -ldflags "\
+      -s -w \
+      -X github.com/tech/sendico/fx/oracle/internal/appversion.Version=${APP_VERSION} \
+      -X github.com/tech/sendico/fx/oracle/internal/appversion.Revision=${GIT_REV} \
+      -X github.com/tech/sendico/fx/oracle/internal/appversion.Branch=${BUILD_BRANCH} \
+      -X github.com/tech/sendico/fx/oracle/internal/appversion.BuildUser=${BUILD_USER} \
+      -X github.com/tech/sendico/fx/oracle/internal/appversion.BuildDate=${BUILD_DATE}" \
+    -o /out/fx-oracle .
+
+FROM alpine:latest AS runtime
+RUN apk add --no-cache ca-certificates tzdata wget
+WORKDIR /app
+COPY api/fx/oracle/config.yml /app/config.yml
+COPY --from=build /out/fx-oracle /app/fx-oracle
+EXPOSE 50051 9400
+ENTRYPOINT ["/app/fx-oracle"]
+CMD ["--config.file", "/app/config.yml"]

ci/prod/compose/fx_oracle.yml

@@ -0,0 +1,46 @@
+# Compose v2 - FX oracle
+
+x-common-env: &common-env
+  env_file:
+    - ../env/.env.runtime
+    - ../env/.env.version
+
+networks:
+  sendico-net:
+    external: true
+    name: sendico-net
+
+services:
+  sendico_fx_oracle:
+    <<: *common-env
+    container_name: sendico-fx-oracle
+    restart: unless-stopped
+    image: ${REGISTRY_URL}/fx/oracle:${APP_V}
+    pull_policy: always
+    environment:
+      FX_MONGO_HOST: ${FX_MONGO_HOST}
+      FX_MONGO_PORT: ${FX_MONGO_PORT}
+      FX_MONGO_DATABASE: ${FX_MONGO_DATABASE}
+      FX_MONGO_USER: ${FX_MONGO_USER}
+      FX_MONGO_PASSWORD: ${FX_MONGO_PASSWORD}
+      FX_MONGO_AUTH_SOURCE: ${FX_MONGO_AUTH_SOURCE}
+      FX_MONGO_REPLICA_SET: ${FX_MONGO_REPLICA_SET}
+      FX_ORACLE_GRPC_PORT: ${FX_ORACLE_GRPC_PORT}
+      FX_ORACLE_METRICS_PORT: ${FX_ORACLE_METRICS_PORT}
+      NATS_URL: ${FX_NATS_URL}
+      NATS_HOST: ${NATS_HOST}
+      NATS_PORT: ${NATS_PORT}
+      NATS_USER: ${NATS_USER}
+      NATS_PASSWORD: ${NATS_PASSWORD}
+    command: ["--config.file", "/app/config.yml"]
+    ports:
+      - "0.0.0.0:${FX_ORACLE_GRPC_PORT}:50051"
+      - "0.0.0.0:${FX_ORACLE_METRICS_PORT}:${FX_ORACLE_METRICS_PORT}"
+    healthcheck:
+      test: ["CMD-SHELL","wget -qO- http://localhost:${FX_ORACLE_METRICS_PORT}/health | grep -q '\"status\":\"ok\"'"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+    networks:
+      - sendico-net

ci/prod/compose/nats.dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/busybox:1.36.1-musl AS busybox
+FROM docker.io/library/busybox:stable-musl AS busybox
 
 FROM docker.io/library/nats:latest
 COPY --from=busybox /bin/busybox /bin/busybox

ci/prod/scripts/deploy/fx.sh

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+set -euo pipefail
+[[ "${DEBUG_DEPLOY:-0}" = "1" ]] && set -x
+trap 'echo "[deploy-fx] error at line $LINENO" >&2' ERR
+
+if [[ $# -ne 1 ]]; then
+  echo "usage: $(basename "$0") <ingestor|oracle>" >&2
+  exit 64
+fi
+
+SERVICE="$1"
+
+: "${REMOTE_BASE:?missing REMOTE_BASE}"
+: "${SSH_USER:?missing SSH_USER}"
+: "${SSH_HOST:?missing SSH_HOST}"
+
+REMOTE_TARGET="${SSH_USER}@${SSH_HOST}"
+
+case "$SERVICE" in
+  ingestor)
+    : "${FX_INGESTOR_DIR:?missing FX_INGESTOR_DIR}"
+    REMOTE_DIR="${REMOTE_BASE%/}/${FX_INGESTOR_DIR}"
+    COMPOSE_PROJECT="${FX_INGESTOR_COMPOSE_PROJECT:-sendico-fx-ingestor}"
+    COMPOSE_FILE="fx_ingestor.yml"
+    SERVICE_NAMES="${FX_INGESTOR_SERVICE_NAME:-sendico_fx_ingestor}"
+    REQUIRED_SECRETS=(FX_MONGO_USER FX_MONGO_PASSWORD)
+    ;;
+  oracle)
+    : "${FX_ORACLE_DIR:?missing FX_ORACLE_DIR}"
+    REMOTE_DIR="${REMOTE_BASE%/}/${FX_ORACLE_DIR}"
+    COMPOSE_PROJECT="${FX_ORACLE_COMPOSE_PROJECT:-sendico-fx-oracle}"
+    COMPOSE_FILE="fx_oracle.yml"
+    SERVICE_NAMES="${FX_ORACLE_SERVICE_NAME:-sendico_fx_oracle}"
+    REQUIRED_SECRETS=(FX_MONGO_USER FX_MONGO_PASSWORD NATS_USER NATS_PASSWORD FX_NATS_URL)
+    ;;
+  *)
+    echo "unknown service: ${SERVICE}" >&2
+    exit 64
+    ;;
+esac
+
+for var in "${REQUIRED_SECRETS[@]}"; do
+  if [[ -z "${!var:-}" ]]; then
+    echo "missing required secret env: ${var}" >&2
+    exit 65
+  fi
+done
+
+if [[ ! -s .env.version ]]; then
+  echo ".env.version is missing; run version step first" >&2
+  exit 66
+fi
+
+SSH_OPTS=(
+  -i /root/.ssh/id_rsa
+  -o StrictHostKeyChecking=no
+  -o UserKnownHostsFile=/dev/null
+  -o LogLevel=ERROR
+  -q
+)
+if [[ "${DEBUG_DEPLOY:-0}" = "1" ]]; then
+  SSH_OPTS=("${SSH_OPTS[@]/-q/}" -vv)
+fi
+
+RSYNC_FLAGS=(-az --delete)
+[[ "${DEBUG_DEPLOY:-0}" = "1" ]] && RSYNC_FLAGS=(-avz --delete)
+
+ssh "${SSH_OPTS[@]}" "$REMOTE_TARGET" "mkdir -p ${REMOTE_DIR}/{compose,env}"
+
+rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" ci/prod/compose/ "$REMOTE_TARGET:${REMOTE_DIR}/compose/"
+rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" ci/prod/.env.runtime "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.runtime"
+rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" .env.version         "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.version"
+
+SERVICES_LINE="${SERVICE_NAMES}"
+
+ssh "${SSH_OPTS[@]}" "$REMOTE_TARGET" \
+  REMOTE_DIR="$REMOTE_DIR" \
+  COMPOSE_FILE="$COMPOSE_FILE" \
+  COMPOSE_PROJECT="$COMPOSE_PROJECT" \
+  SERVICES_LINE="$SERVICES_LINE" \
+  FX_MONGO_USER="$FX_MONGO_USER" \
+  FX_MONGO_PASSWORD="$FX_MONGO_PASSWORD" \
+  FX_NATS_URL="${FX_NATS_URL:-}" \
+  NATS_USER="${NATS_USER:-}" \
+  NATS_PASSWORD="${NATS_PASSWORD:-}" \
+  bash -s <<'EOSSH'
+set -euo pipefail
+cd "${REMOTE_DIR}/compose"
+set -a
+. ../env/.env.runtime
+. ../env/.env.version
+set +a
+export FX_MONGO_USER FX_MONGO_PASSWORD FX_NATS_URL NATS_USER NATS_PASSWORD
+COMPOSE_PROJECT_NAME="$COMPOSE_PROJECT"
+export COMPOSE_PROJECT_NAME
+read -r -a SERVICES <<<"${SERVICES_LINE}"
+
+pull_cmd=(docker compose -f "$COMPOSE_FILE" pull)
+up_cmd=(docker compose -f "$COMPOSE_FILE" up -d --remove-orphans)
+ps_cmd=(docker compose -f "$COMPOSE_FILE" ps)
+if [[ "${#SERVICES[@]}" -gt 0 ]]; then
+  pull_cmd+=("${SERVICES[@]}")
+  up_cmd+=("${SERVICES[@]}")
+  ps_cmd+=("${SERVICES[@]}")
+fi
+
+"${pull_cmd[@]}"
+"${up_cmd[@]}"
+"${ps_cmd[@]}"
+
+date -Is > .last_deploy
+logger -t "deploy-${COMPOSE_PROJECT}" "${COMPOSE_PROJECT} deployed at $(date -Is) in ${REMOTE_DIR}"
+EOSSH