Merge pull request #1 from penumbra-zone/nix-env

ci: add nix env and starter gha workflows

Author: conorsch

.dockerignore

@@ -0,0 +1,13 @@
+# ignore everything by default
+**
+
+# allow js files
+!*.json
+!*.yaml
+!*.js
+!*.ts
+
+# allow project source code
+!backend/
+!app/
+!public/

.envrc.example

@@ -0,0 +1 @@
+use flake

.github/workflows/container.yml

@@ -0,0 +1,56 @@
+---
+name: Create and publish container image
+on:
+  # Build on merge to main, or any tag push.
+  push:
+    branches:
+      - main
+    tags:
+      - '**[0-9]+.[0-9]+.[0-9]+*'
+  # Also support ad-hoc calls for workflow.
+  workflow_call:
+  workflow_dispatch:
+jobs:
+  penumbra:
+    runs-on: buildjet-16vcpu-ubuntu-2204
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          lfs: true
+
+      - name: Log in to the Docker Hub container registry (for pulls)
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to the GitHub container registry (for pushes)
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/penumbra-zone/p3numb3rs
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64
+          file: Containerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -3,3 +3,8 @@ node_modules
 /.cache
 /build
 .env
+.envrc
+.direnv/
+
+# optional db certs
+*.pem

Containerfile

@@ -0,0 +1,42 @@
+# Provide specific arg for setting the version of nodejs to use.
+# Should match what's in .nvmrc for development.
+ARG NODE_MAJOR_VERSION=18.20
+FROM docker.io/node:${NODE_MAJOR_VERSION}-alpine AS base
+# Install dependencies only when needed
+FROM base AS deps
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+
+# Install dependencies
+COPY package.json package-lock.json pnpm-lock.yaml* ./
+RUN corepack enable pnpm && pnpm install  --frozen-lockfile
+
+# Rebuild the source code only when needed
+FROM base AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+# Build the website as standalone output.
+RUN npm --version && node --version
+RUN npm run build
+
+# Production image, copy all the files and run next
+FROM base AS runner
+LABEL maintainer="team@penumbralabs.xyz"
+WORKDIR /app
+
+ENV NODE_ENV production
+
+# Create normal user for app
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nodejs
+
+COPY --from=builder --chown=nodejs:nodejs /app /app
+
+USER nodejs
+EXPOSE 3000
+ENV PORT 3000
+
+CMD HOSTNAME="0.0.0.0" npm start

README.md

@@ -1,40 +1,61 @@
-# Welcome to Remix!
+# p3numb3rs
 
-- 📖 [Remix docs](https://remix.run/docs)
+The `penumbers` code leverages [pindexer] to display user metrics
+about [Penumbra] network activity.
 
-## Development
+## Getting Started
 
-Run the dev server:
+The application is written in [Remix], and uses [pnpm] for package management.
+The fastest way to get started on the development environment is to use [Nix]:
 
-```shellscript
-npm run dev
+```shell
+sh <(curl -L https://nixos.org/nix/install)
+nix develop
+just dev
 ```
 
-## Deployment
+However, you still need a database to connect to.
+
+## Connecting to a database
 
-First, build your app for production:
+The p3numb3rs application requires a PostgreSQL database containing ABCI event information
+as written by [pindexer].
+You can set up a local devnet by following the [Penumbra devnet quickstart guide](https://guide.penumbra.zone/dev/devnet-quickstart),
+or plug in credentials for an already running database via environment variables:
 
-```sh
-npm run build
+```
+# add these to e.g. `.envrc`:
+export PENUMBRA_INDEXER_ENDPOINT="postgresql://<PGUSER>:<PGPASS>@<PGHOST>:<PGPORT>/<PGDATABASE>?sslmode=require""
+# optional: if you see "self-signed certificate in certificate chain" errors,
+# you'll likely need to export a `ca-cert.pem` file for the DB TLS.
+# export PENUMBRA_INDEXER_CA_CERT="$(cat ca-cert.pem)"
 ```
 
-Then run the app in production mode:
+If you see an error `self-signed certificate in certificate chain`, then you'll need to:
 
-```sh
-npm start
-```
+  1. obtain the CA certificate file for the backend database you're connecting to, and export it as `PENUMBRA_INDEXER_CA_CERT`.
+  2. _remove_ the `sslmode=require` string on the `PENUMBRA_INDEXER_ENDPOINT` var.
 
-Now you'll need to pick a host to deploy it to.
+See context in https://github.com/penumbra-zone/dex-explorer/issues/55. After configuring that information, run `just dev` again in the nix shell, and you should have events visible.
 
-### DIY
 
-If you're familiar with deploying Node applications, the built-in Remix app server is production-ready.
+## Deployment
+
+Merges to main will automatically build a container, hosted at `ghcr.io/penumbra-zone/p3numb3rs`.
+In order to run the application, you'll need to [deploy a Penumbra fullnode](https://guide.penumbra.zone/node/pd/running-node),
+with [ABCI event indexing enabled](https://guide.penumbra.zone/node/pd/indexing-events).
+Furthermore, you'll need to run [`pindexer`] and provide read-only access to that database to the application.
+The relevant environment variables you'll want to set are:
 
-Make sure to deploy the output of `npm run build`
+  * `PENUMBRA_INDEXER_ENDPOINT`: the URL to a Postgres database, managed by [pindexer]
+  * `PENUMBRA_INDEXER_CA_CERT`: optional; if set, the database connection will use the provided certificate authority when validating TLS
 
-- `build/server`
-- `build/client`
 
 ## Styling
 
 This template comes with [Tailwind CSS](https://tailwindcss.com/) already configured for a simple default starting experience. You can use whatever css framework you prefer. See the [Vite docs on css](https://vitejs.dev/guide/features.html#css) for more information.
+
+[Nix]: https://nixos.org/download/
+[Penumbra]: https://github.com/penumbra-zone/penumbra
+[Remix]: https://remix.run/docs
+[pindexer]: https://guide.penumbra.zone/node/pd/indexing-events#using-pindexer

backend/database/index.ts

@@ -1,10 +1,24 @@
 import pkg from "pg";
 const { Pool, types } = pkg;
+import fs from 'fs';
 import { Kysely, PostgresDialect } from "kysely";
 import { Schema } from "./schema";
 
+const ca = process.env.PENUMBRA_INDEXER_CA_CERT;
+const connectionString = process.env.PENUMBRA_INDEXER_ENDPOINT;
+const dbConfig = {
+  connectionString: connectionString,
+  ...(ca && {
+    ssl: {
+      rejectUnauthorized: true,
+      ca: ca.startsWith('-----BEGIN CERTIFICATE-----')
+        ? ca
+        : fs.readFileSync(ca, 'utf-8'),
+    },
+  }),
+};
 const dialect = new PostgresDialect({
-  pool: new Pool({ connectionString: process.env["DB_URL"] }),
+  pool: new Pool(dbConfig),
 });
 
 export type Database = Kysely<Schema>;

flake.lock

@@ -0,0 +1,24 @@
+{
+  description = "Dev shell for Penumbra insights dashboard web application";
+  # inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let pkgs = nixpkgs.legacyPackages.${system}; in
+      {
+        devShells.default = pkgs.mkShell {
+          name = "devShell";
+          nativeBuildInputs = [ pkgs.bashInteractive ];
+          buildInputs = with pkgs; [
+            fd
+            file
+            jq
+            just
+            pnpm
+            postgresql
+          ];
+        };
+      });
+}

flake.nix

@@ -0,0 +1,16 @@
+# A justfile for dex-explorer development.
+# Documents common tasks for local dev.
+
+# run the app locally with live reload, via pnpm
+dev:
+  pnpm install
+  pnpm dev
+
+# build container image
+container:
+  podman build -f Containerfile -t p3numb3rs .
+
+# run container
+run-container:
+  just container
+  podman run -e PENUMBRA_INDEXER_ENDPOINT -e PENUMBRA_INDEXER_CA_CERT -p 3000:3000 -it p3numb3rs

justfile

@@ -5,7 +5,7 @@
   "type": "module",
   "scripts": {
     "build": "remix vite:build",
-    "dev": "remix vite:dev",
+    "dev": "remix vite:dev --host",
     "lint": "eslint --ignore-path .gitignore --cache --cache-location ./node_modules/.cache/eslint .",
     "start": "remix-serve ./build/server/index.js",
     "typecheck": "tsc"
@@ -20,6 +20,7 @@
     "@remix-run/serve": "^2.12.1",
     "isbot": "^4.1.0",
     "kysely": "^0.27.4",
+    "p3numb3rs": "link:",
     "pg": "^8.13.0",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",