ci/scripts/bff/deploy.sh

@@ -56,4 +56,5 @@ fi
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/bff.sh

ci/scripts/billing_documents/deploy.sh

@@ -46,4 +46,5 @@ export DOCUMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${DOCUMENTS_MONGO_SECRET_
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/billing_documents.sh

ci/scripts/billing_fees/deploy.sh

@@ -46,4 +46,5 @@ export FEES_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${FEES_MONGO_SECRET_PATH}" pas
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/billing_fees.sh

ci/scripts/callbacks/deploy.sh

@@ -53,4 +53,5 @@ fi
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/callbacks.sh

ci/scripts/chain_gateway/deploy.sh

@@ -61,4 +61,5 @@ fi
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/chain_gateway.sh

ci/scripts/common/ensure_remote_registry_login.sh

@@ -0,0 +1,65 @@
+#!/bin/sh
+set -eu
+
+if ! set -o pipefail 2>/dev/null; then
+  :
+fi
+
+REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
+cd "${REPO_ROOT}"
+
+: "${REGISTRY_URL:?missing REGISTRY_URL}"
+: "${SSH_USER:?missing SSH_USER}"
+: "${SSH_HOST:?missing SSH_HOST}"
+
+if [ ! -f secrets/REGISTRY_USER ] || [ ! -f secrets/REGISTRY_PASSWORD ]; then
+  echo "[remote-registry-login] missing registry credential files in secrets/" >&2
+  exit 1
+fi
+
+REGISTRY_HOST="${REGISTRY_URL#http://}"
+REGISTRY_HOST="${REGISTRY_HOST#https://}"
+REGISTRY_USER="$(cat secrets/REGISTRY_USER)"
+REGISTRY_PASSWORD="$(cat secrets/REGISTRY_PASSWORD)"
+
+: "${REGISTRY_USER:?missing REGISTRY_USER}"
+: "${REGISTRY_PASSWORD:?missing REGISTRY_PASSWORD}"
+
+b64enc() {
+  printf '%s' "$1" | base64 | tr -d '\n'
+}
+
+REGISTRY_HOST_B64="$(b64enc "${REGISTRY_HOST}")"
+REGISTRY_USER_B64="$(b64enc "${REGISTRY_USER}")"
+REGISTRY_PASSWORD_B64="$(b64enc "${REGISTRY_PASSWORD}")"
+REMOTE_TARGET="${SSH_USER}@${SSH_HOST}"
+
+SSH_OPTS="
+  -i /root/.ssh/id_rsa
+  -o StrictHostKeyChecking=no
+  -o UserKnownHostsFile=/dev/null
+  -o LogLevel=ERROR
+  -o BatchMode=yes
+  -o PreferredAuthentications=publickey
+  -o ConnectTimeout=10
+"
+
+ssh ${SSH_OPTS} "${REMOTE_TARGET}" \
+  REGISTRY_HOST_B64="${REGISTRY_HOST_B64}" \
+  REGISTRY_USER_B64="${REGISTRY_USER_B64}" \
+  REGISTRY_PASSWORD_B64="${REGISTRY_PASSWORD_B64}" \
+  sh -s <<'EOSSH'
+set -eu
+
+decode_b64() {
+  printf '%s' "$1" | base64 -d
+}
+
+REGISTRY_HOST="$(decode_b64 "${REGISTRY_HOST_B64}")"
+REGISTRY_USER="$(decode_b64 "${REGISTRY_USER_B64}")"
+REGISTRY_PASSWORD="$(decode_b64 "${REGISTRY_PASSWORD_B64}")"
+
+mkdir -p "${HOME}/.docker"
+printf '%s' "${REGISTRY_PASSWORD}" | docker login "${REGISTRY_HOST}" -u "${REGISTRY_USER}" --password-stdin >/dev/null
+echo "[remote-registry-login] logged into ${REGISTRY_HOST}"
+EOSSH

ci/scripts/discovery/deploy.sh

@@ -41,4 +41,5 @@ load_runtime_env_bundle "${DISCOVERY_ENV_NAME}"
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/discovery.sh

ci/scripts/frontend/deploy.sh

@@ -42,4 +42,5 @@ if [ ! -s .env.version ]; then
 fi
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/frontend.sh

ci/scripts/fx/deploy.sh

@@ -57,4 +57,5 @@ if [ "${FX_NEEDS_NATS}" = "true" ]; then
 fi
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/fx.sh "${FX_DEPLOY_TARGET}"

ci/scripts/ledger/deploy.sh

@@ -46,4 +46,5 @@ export LEDGER_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${LEDGER_MONGO_SECRET_PATH}"
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/ledger.sh

ci/scripts/mntx/deploy.sh

@@ -54,4 +54,5 @@ export MONETIX_SECRET_KEY="$(./ci/vlt kv_get kv "${MNTX_GATEWAY_MONETIX_SECRET_P
 NATS_SECRET_PATH="${MNTX_GATEWAY_NATS_SECRET_PATH}" load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/mntx_gateway.sh

ci/scripts/notification/deploy.sh

@@ -62,4 +62,5 @@ export TELEGRAM_THREAD_ID
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/notification.sh

ci/scripts/payments_methods/deploy.sh

@@ -46,4 +46,5 @@ export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_METHODS_MONGO_S
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/payments_methods.sh

ci/scripts/payments_orchestrator/deploy.sh

@@ -46,4 +46,5 @@ export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_MONGO_SECRET_PA
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/payments_orchestrator.sh

ci/scripts/payments_quotation/deploy.sh

@@ -46,4 +46,5 @@ export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_QUOTATION_MONGO
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/payments_quotation.sh

ci/scripts/tgsettle/deploy.sh

@@ -46,4 +46,5 @@ export TGSETTLE_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${TGSETTLE_GATEWAY
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/tgsettle_gateway.sh

ci/scripts/tron_gateway/deploy.sh

@@ -63,4 +63,5 @@ fi
 load_nats_env
 
 bash ci/prod/scripts/bootstrap/network.sh
+sh ci/scripts/common/ensure_remote_registry_login.sh
 bash ci/prod/scripts/deploy/tron_gateway.sh