johba/harb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feature/ci (#84)

Browse source 
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/harb/pulls/84
This commit is contained in:
johba 2026-02-02 19:24:57 +01:00
parent beefe22f90
commit 4277f19b68
41 changed files with 3149 additions and 298 deletions
Download patch file Download diff file Expand all files Collapse all files

109
.woodpecker/build-ci-images.yml Normal file
View file

@ -0,0 +1,109 @@
# Build and push CI images for E2E testing services
# Triggered on changes to service code or Dockerfiles
kind: pipeline
type: docker
name: build-ci-images
when:
event: push
branch:
- master
- feature/ci
path:
include:
- .woodpecker/build-ci-images.yml
- docker/Dockerfile.*-ci
- docker/ci-entrypoints/**
- kraiken-lib/**
- onchain/**
- services/ponder/**
- services/txnBot/**
- web-app/**
- landing/**
steps:
# Compile Solidity contracts to generate ABI files needed by Dockerfiles
- name: compile-contracts
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
set -euo pipefail
# Initialize git submodules (required for forge dependencies)
git submodule update --init --recursive
# Install uni-v3-lib dependencies (required for Uniswap interfaces)
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
# Build contracts to generate ABI files
cd onchain
export PATH=/root/.foundry/bin:$PATH
forge build
'
- name: build-and-push-images
image: docker:27-cli
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
REGISTRY: registry.niovi.voyage
REGISTRY_USER: ciuser
REGISTRY_PASSWORD:
from_secret: registry_password
commands:
- |
set -eux
# Login to registry
echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$REGISTRY_USER" --password-stdin
# Build and push node-ci (base image with Foundry pre-installed)
echo "=== Building node-ci ==="
docker build \
-f docker/Dockerfile.node-ci \
-t "$REGISTRY/harb/node-ci:${CI_COMMIT_SHA:0:7}" \
-t "$REGISTRY/harb/node-ci:latest" \
.
docker push "$REGISTRY/harb/node-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/node-ci:latest"
# Build and push ponder-ci
echo "=== Building ponder-ci ==="
docker build \
-f docker/Dockerfile.ponder-ci \
-t "$REGISTRY/harb/ponder-ci:${CI_COMMIT_SHA:0:7}" \
-t "$REGISTRY/harb/ponder-ci:latest" \
.
docker push "$REGISTRY/harb/ponder-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/ponder-ci:latest"
# Build and push webapp-ci
echo "=== Building webapp-ci ==="
docker build \
-f docker/Dockerfile.webapp-ci \
-t "$REGISTRY/harb/webapp-ci:${CI_COMMIT_SHA:0:7}" \
-t "$REGISTRY/harb/webapp-ci:latest" \
.
docker push "$REGISTRY/harb/webapp-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/webapp-ci:latest"
# Build and push landing-ci
echo "=== Building landing-ci ==="
docker build \
-f docker/Dockerfile.landing-ci \
-t "$REGISTRY/harb/landing-ci:${CI_COMMIT_SHA:0:7}" \
-t "$REGISTRY/harb/landing-ci:latest" \
.
docker push "$REGISTRY/harb/landing-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/landing-ci:latest"
# Build and push txnbot-ci
echo "=== Building txnbot-ci ==="
docker build \
-f docker/Dockerfile.txnbot-ci \
-t "$REGISTRY/harb/txnbot-ci:${CI_COMMIT_SHA:0:7}" \
-t "$REGISTRY/harb/txnbot-ci:latest" \
.
docker push "$REGISTRY/harb/txnbot-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/txnbot-ci:latest"
echo "=== All CI images built and pushed ==="

58
.woodpecker/ci.yml Normal file
View file

@ -0,0 +1,58 @@
kind: pipeline
type: docker
name: ci
when:
event: pull_request
steps:
- name: bootstrap-deps
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
set -euo pipefail
git submodule update --init --recursive
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
'
- name: foundry-suite
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
set -euo pipefail
cd onchain
export PATH=/root/.foundry/bin:$PATH
forge --version
forge build
forge test -vvv
forge snapshot
'
- name: node-quality
image: registry.niovi.voyage/harb/node-ci:latest
environment:
CI: "true"
commands:
- |
bash -lc '
set -euo pipefail
npm config set fund false
npm config set audit false
./scripts/build-kraiken-lib.sh
npm install --prefix landing --no-audit --no-fund
npm run lint --prefix landing
npm run build --prefix landing
npm install --prefix web-app --no-audit --no-fund
npm run lint --prefix web-app
npm run test --prefix web-app -- --run
npm run build --prefix web-app
npm install --prefix services/ponder --no-audit --no-fund
npm run lint --prefix services/ponder
npm run build --prefix services/ponder
npm install --prefix services/txnBot --no-audit --no-fund
npm run lint --prefix services/txnBot
npm run test --prefix services/txnBot
npm run build --prefix services/txnBot
'

70
.woodpecker/contracts.yml Normal file
View file

@ -0,0 +1,70 @@
kind: pipeline
type: docker
name: contracts-local-fork
when:
event: pull_request
steps:
- name: bootstrap-deps
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
set -euo pipefail
git submodule update --init --recursive
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
'
- name: forge-suite
image: registry.niovi.voyage/harb/node-ci:latest
environment:
HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
commands:
- |
bash -lc '
set -euo pipefail
cd onchain
export PATH=/root/.foundry/bin:$PATH
forge build
forge test -vv --ffi
forge snapshot
'
---
kind: pipeline
type: docker
name: contracts-base-sepolia
when:
event: pull_request
steps:
- name: bootstrap-deps
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
set -euo pipefail
git submodule update --init --recursive
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
'
- name: forge-suite
image: registry.niovi.voyage/harb/node-ci:latest
environment:
HARB_ENV: BASE_SEPOLIA
BASE_SEPOLIA_RPC:
from_secret: base_sepolia_rpc
commands:
- |
bash -lc '
set -euo pipefail
cd onchain
export BASE_SEPOLIA_RPC="$BASE_SEPOLIA_RPC"
export PATH=/root/.foundry/bin:$PATH
forge build
forge test -vv --ffi
forge snapshot
'

439
.woodpecker/e2e.yml Normal file
View file

@ -0,0 +1,439 @@
# E2E Testing Pipeline using Native Woodpecker Services
# No Docker-in-Docker - uses pre-built images for fast startup
kind: pipeline
type: docker
name: e2e
when:
event: pull_request
# All background services - services get proper DNS resolution in Woodpecker
# Note: Services can't depend on steps, so they wait internally for contracts.env
services:
# PostgreSQL for Ponder
- name: postgres
image: postgres:16-alpine
environment:
POSTGRES_USER: ponder
POSTGRES_PASSWORD: ponder_local
POSTGRES_DB: ponder_local
# Anvil blockchain fork
- name: anvil
image: ghcr.io/foundry-rs/foundry:latest
entrypoint:
- anvil
- --host=0.0.0.0
- --port=8545
- --fork-url=https://sepolia.base.org
- --fork-block-number=20000000
- --chain-id=31337
- --accounts=10
- --balance=10000
# Ponder indexer - waits for contracts.env from bootstrap
- name: ponder
image: registry.niovi.voyage/harb/ponder-ci:latest
commands:
- |
set -eu
# Wait for contracts.env (bootstrap writes it after deploying)
echo "=== Waiting for contracts.env ==="
for i in $(seq 1 120); do
if [ -f /woodpecker/src/contracts.env ]; then
echo "Found contracts.env after $i attempts"
break
fi
echo "Waiting for contracts.env... ($i/120)"
sleep 3
done
if [ ! -f /woodpecker/src/contracts.env ]; then
echo "ERROR: contracts.env not found after 6 minutes"
exit 1
fi
# Source contract addresses from bootstrap
. /woodpecker/src/contracts.env
echo "=== Contract addresses ==="
echo "KRAIKEN=$KRAIKEN"
echo "STAKE=$STAKE"
echo "START_BLOCK=$START_BLOCK"
# Export env vars required by ponder
export DATABASE_URL="$DATABASE_URL"
export DATABASE_SCHEMA="ponder_ci_$START_BLOCK"
export START_BLOCK="$START_BLOCK"
export KRAIKEN_ADDRESS="$KRAIKEN"
export STAKE_ADDRESS="$STAKE"
export PONDER_NETWORK=BASE_SEPOLIA_LOCAL_FORK
export PONDER_RPC_URL_BASE_SEPOLIA_LOCAL_FORK="$PONDER_RPC_URL_1"
export PONDER_RPC_URL_1="$PONDER_RPC_URL_1"
echo "=== Starting Ponder (pre-built image) ==="
cd /app/services/ponder
{
echo "DATABASE_URL=${DATABASE_URL}"
echo "PONDER_RPC_URL_1=${PONDER_RPC_URL_1}"
echo "DATABASE_SCHEMA=${DATABASE_SCHEMA}"
echo "START_BLOCK=${START_BLOCK}"
} > .env.local
exec npm run dev
# Webapp - waits for contracts.env from bootstrap
- name: webapp
image: registry.niovi.voyage/harb/webapp-ci:latest
environment:
CI: "true"
commands:
- |
set -eu
# Wait for contracts.env (bootstrap writes it after deploying)
echo "=== Waiting for contracts.env ==="
for i in $(seq 1 120); do
if [ -f /woodpecker/src/contracts.env ]; then
echo "Found contracts.env after $i attempts"
break
fi
echo "Waiting for contracts.env... ($i/120)"
sleep 3
done
if [ ! -f /woodpecker/src/contracts.env ]; then
echo "ERROR: contracts.env not found after 6 minutes"
exit 1
fi
# Source contract addresses from bootstrap
. /woodpecker/src/contracts.env
# Export environment variables for Vite
export VITE_KRAIKEN_ADDRESS="$KRAIKEN"
export VITE_STAKE_ADDRESS="$STAKE"
export VITE_DEFAULT_CHAIN_ID=31337
export VITE_LOCAL_RPC_PROXY_TARGET=http://anvil:8545
export VITE_LOCAL_GRAPHQL_PROXY_TARGET=http://ponder:42069
export VITE_SWAP_ROUTER=0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4
export VITE_BASE_PATH=/app/
# kraiken-lib/src MUST be baked into the pre-built image
# (Woodpecker services don't have workspace access, so we can't copy from /woodpecker/src/)
echo "=== Verifying kraiken-lib/src in pre-built image ==="
if [ -d /app/kraiken-lib/src ]; then
echo "kraiken-lib/src found in image"
ls -la /app/kraiken-lib/
else
echo "ERROR: kraiken-lib/src not found in image!"
echo "The webapp-ci image needs to be rebuilt. Run build-ci-images pipeline."
echo "Services in Woodpecker don't have workspace access - kraiken-lib/src must be baked into the image."
exit 1
fi
echo "=== Starting webapp (pre-built image) ==="
cd /app/web-app
# Explicitly set CI=true to disable Vue DevTools in vite.config.ts
# (prevents 500 errors from devtools path resolution in CI environment)
export CI=true
echo "CI=$CI (should be 'true' to disable Vue DevTools)"
exec npm run dev -- --host 0.0.0.0 --port 5173 --base /app/
# Landing page - no contracts needed, starts immediately
- name: landing
image: registry.niovi.voyage/harb/landing-ci:latest
commands:
- |
set -eu
echo "=== Starting landing (pre-built image) ==="
cd /app/landing
exec npm run dev -- --host 0.0.0.0 --port 5174
# Caddy proxy - waits for contracts.env to ensure other services are starting
- name: caddy
image: caddy:2.8-alpine
commands:
- |
# Wait briefly for other services to start
echo "=== Waiting for contracts.env before starting Caddy ==="
for i in $(seq 1 120); do
if [ -f /woodpecker/src/contracts.env ]; then
echo "Found contracts.env, starting Caddy..."
break
fi
echo "Waiting for contracts.env... ($i/120)"
sleep 3
done
printf '%s\n' ':8081 {' \
' route /app* {' \
' reverse_proxy webapp:5173' \
' }' \
' route /api/graphql* {' \
' uri strip_prefix /api' \
' reverse_proxy ponder:42069' \
' }' \
' route /api/rpc* {' \
' uri strip_prefix /api/rpc' \
' reverse_proxy anvil:8545' \
' }' \
' reverse_proxy landing:5174' \
'}' > /etc/caddy/Caddyfile
exec caddy run --config /etc/caddy/Caddyfile
steps:
# Step 0: Install dependencies for onchain compilation
- name: install-deps
image: node:20-alpine
commands:
- |
set -eu
apk add --no-cache git
echo "=== Installing uni-v3-lib dependencies ==="
git submodule update --init --recursive
cd onchain/lib/uni-v3-lib
npm install
# Step 1: Wait for base services and deploy contracts
# Uses pre-built node-ci image with Foundry pre-installed (saves ~60s)
- name: bootstrap
image: registry.niovi.voyage/harb/node-ci:latest
depends_on:
- install-deps
commands:
- |
set -eu
# Foundry is pre-installed in node-ci image
echo "=== Foundry version ==="
forge --version
cast --version
echo "=== Waiting for Anvil ==="
for i in $(seq 1 60); do
if cast chain-id --rpc-url http://anvil:8545 2>/dev/null; then
echo "Anvil is ready"
break
fi
echo "Waiting for Anvil... ($i/60)"
sleep 2
done
echo "=== Deploying contracts ==="
cd onchain
# Deploy contracts using forge script
forge script script/DeployLocal.sol:DeployLocal \
--rpc-url http://anvil:8545 \
--private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 \
--broadcast
# Extract deployed addresses using Node.js (available in this image)
node -e "
const data = require('./broadcast/DeployLocal.sol/31337/run-latest.json');
const txns = data.transactions;
const kraiken = txns.find(t => t.contractName === 'Kraiken').contractAddress;
const stake = txns.find(t => t.contractName === 'Stake').contractAddress;
const lm = txns.find(t => t.contractName === 'LiquidityManager').contractAddress;
console.log('KRAIKEN=' + kraiken);
console.log('STAKE=' + stake);
console.log('LIQUIDITY_MANAGER=' + lm);
" > ../addresses.txt
. ../addresses.txt
# Get current block number as start block
START_BLOCK=$(cast block-number --rpc-url http://anvil:8545)
echo "=== Contract Deployment Complete ==="
echo "KRAIKEN: $KRAIKEN"
echo "STAKE: $STAKE"
echo "LIQUIDITY_MANAGER: $LIQUIDITY_MANAGER"
echo "START_BLOCK: $START_BLOCK"
# Build kraiken-lib BEFORE writing contracts.env
# (services wait for contracts.env, so kraiken-lib must be ready first)
echo "=== Building kraiken-lib (shared dependency) ==="
cd ../kraiken-lib
npm ci --ignore-scripts
./node_modules/.bin/tsc
cd ../onchain
# Write environment file for other services (absolute path for detached services)
{
echo "KRAIKEN=$KRAIKEN"
echo "STAKE=$STAKE"
echo "LIQUIDITY_MANAGER=$LIQUIDITY_MANAGER"
echo "START_BLOCK=$START_BLOCK"
echo "PONDER_RPC_URL_1=http://anvil:8545"
echo "DATABASE_URL=postgres://ponder:ponder_local@postgres:5432/ponder_local"
echo "RPC_URL=http://anvil:8545"
} > /woodpecker/src/contracts.env
# Write deployments-local.json for E2E tests
printf '{\n "contracts": {\n "Kraiken": "%s",\n "Stake": "%s",\n "LiquidityManager": "%s"\n }\n}\n' \
"$KRAIKEN" "$STAKE" "$LIQUIDITY_MANAGER" > deployments-local.json
echo "=== deployments-local.json written ==="
cat deployments-local.json
# Deployer and fee destination addresses
DEPLOYER_PK=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
DEPLOYER_ADDR=0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266
FEE_DEST=0xf6a3eef9088A255c32b6aD2025f83E57291D9011
WETH=0x4200000000000000000000000000000000000006
SWAP_ROUTER=0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4
MAX_UINT=0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
echo "=== Funding LiquidityManager ==="
cast send --rpc-url http://anvil:8545 \
--private-key $DEPLOYER_PK \
"$LIQUIDITY_MANAGER" --value 0.1ether
echo "=== Granting recenter access ==="
cast rpc --rpc-url http://anvil:8545 anvil_impersonateAccount $FEE_DEST
cast send --rpc-url http://anvil:8545 --from $FEE_DEST --unlocked \
"$LIQUIDITY_MANAGER" "setRecenterAccess(address)" $DEPLOYER_ADDR
cast rpc --rpc-url http://anvil:8545 anvil_stopImpersonatingAccount $FEE_DEST
echo "=== Calling recenter() to seed liquidity ==="
cast send --rpc-url http://anvil:8545 --private-key $DEPLOYER_PK \
"$LIQUIDITY_MANAGER" "recenter()"
echo "=== Seeding application state (initial swap) ==="
# Wrap ETH to WETH
cast send --rpc-url http://anvil:8545 --private-key $DEPLOYER_PK \
$WETH "deposit()" --value 0.02ether
# Approve router
cast send --rpc-url http://anvil:8545 --private-key $DEPLOYER_PK \
$WETH "approve(address,uint256)" $SWAP_ROUTER $MAX_UINT
# Execute initial KRK swap
cast send --legacy --gas-limit 300000 --rpc-url http://anvil:8545 --private-key $DEPLOYER_PK \
$SWAP_ROUTER "exactInputSingle((address,address,uint24,address,uint256,uint256,uint160))" \
"($WETH,$KRAIKEN,10000,$DEPLOYER_ADDR,10000000000000000,0,0)"
# Fund txnBot wallet
TXNBOT_ADDR=0x70997970C51812dc3A010C7d01b50e0d17dc79C8
cast send --rpc-url http://anvil:8545 \
--private-key $DEPLOYER_PK \
--value 10ether \
$TXNBOT_ADDR
echo "TXNBOT_PRIVATE_KEY=0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d" >> /woodpecker/src/contracts.env
echo "=== Bootstrap complete ==="
# Step 2: Wait for stack to be healthy (services run in background)
# Max 3 minutes - fail fast if services don't come up
- name: wait-for-stack
image: alpine:3.20
depends_on:
- bootstrap
commands:
- |
set -eu
apk add --no-cache curl
echo "=== Waiting for stack to be healthy (max 7 min) ==="
MAX_ATTEMPTS=84 # 84 * 5s = 420s = 7 minutes
ATTEMPT=0
while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
ATTEMPT=$((ATTEMPT + 1))
PONDER_OK=0
WEBAPP_OK=0
LANDING_OK=0
CADDY_OK=0
# Check each service with verbose output on failure
# Ponder dev mode serves at root (/) - matches Dockerfile healthcheck
if curl -sf --max-time 3 http://ponder:42069/ > /dev/null 2>&1; then
PONDER_OK=1
fi
# Webapp configured with --base /app/
if curl -sf --max-time 3 http://webapp:5173/app/ > /dev/null 2>&1; then
WEBAPP_OK=1
fi
if curl -sf --max-time 3 http://landing:5174/ > /dev/null 2>&1; then
LANDING_OK=1
fi
# Caddy check: verify proxy is working by checking webapp through Caddy
# Use /app/ since it's a reliable known-good route (landing fallback can return 403 if not ready)
if curl -sf --max-time 3 http://caddy:8081/app/ > /dev/null 2>&1; then
CADDY_OK=1
fi
echo "[$(date +%T)] ($ATTEMPT/$MAX_ATTEMPTS) ponder=$PONDER_OK webapp=$WEBAPP_OK landing=$LANDING_OK caddy=$CADDY_OK"
if [ "$PONDER_OK" = "1" ] && [ "$WEBAPP_OK" = "1" ] && [ "$LANDING_OK" = "1" ] && [ "$CADDY_OK" = "1" ]; then
echo "All services healthy!"
echo "=== Stack is healthy ==="
exit 0
fi
sleep 5
done
echo "ERROR: Services did not become healthy within 7 minutes"
echo "Final status: ponder=$PONDER_OK webapp=$WEBAPP_OK landing=$LANDING_OK caddy=$CADDY_OK"
# Show more diagnostic info
echo "=== Diagnostic: checking individual endpoints ==="
echo "--- Ponder root (/) ---"
curl -v --max-time 5 http://ponder:42069/ 2>&1 | head -20 || true
echo "--- Webapp /app/ ---"
curl -v --max-time 5 http://webapp:5173/app/ 2>&1 | head -20 || true
echo "--- Landing / ---"
curl -v --max-time 5 http://landing:5174/ 2>&1 | head -20 || true
echo "--- Caddy / (landing via proxy) ---"
curl -v --max-time 5 http://caddy:8081/ 2>&1 | head -20 || true
exit 1
# Step 3: Run E2E tests
- name: run-e2e-tests
image: mcr.microsoft.com/playwright:v1.55.1-jammy
depends_on:
- wait-for-stack
timeout: 600
environment:
STACK_BASE_URL: http://caddy:8081
STACK_RPC_URL: http://caddy:8081/api/rpc
STACK_WEBAPP_URL: http://caddy:8081
STACK_GRAPHQL_URL: http://caddy:8081/api/graphql
CI: "true"
commands:
- |
set -eux
echo "=== Installing test dependencies ==="
npm config set fund false
npm config set audit false
npm ci --no-audit --no-fund
echo "=== Running E2E tests ==="
npx playwright test --reporter=list
# Step 4: Collect artifacts
- name: collect-artifacts
image: alpine:3.20
depends_on:
- run-e2e-tests
when:
status:
- success
- failure
commands:
- |
set -eu
apk add --no-cache tar gzip
mkdir -p artifacts
if [ -d playwright-report ]; then
tar -czf artifacts/playwright-report.tgz playwright-report
echo "✓ Playwright report archived"
fi
if [ -d test-results ]; then
tar -czf artifacts/test-results.tgz test-results
echo "✓ Test results archived"
fi
ls -lh artifacts/ 2>/dev/null || echo "No artifacts"

45
.woodpecker/fuzz-nightly.yml Normal file
View file

@ -0,0 +1,45 @@
kind: pipeline
type: docker
name: fuzz-nightly
when:
event: cron
steps:
- name: bootstrap-deps
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
set -euo pipefail
git submodule update --init --recursive
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
'
- name: fuzz
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
set -euo pipefail
if ! command -v bc >/dev/null 2>&1; then
apt-get update
apt-get install -y bc
fi
cd onchain
export PATH=/root/.foundry/bin:$PATH
forge --version
./analysis/run-fuzzing.sh BullMarketOptimizer runs=75
'
- name: package-results
image: alpine:3.20
when:
status:
- success
- failure
commands:
- set -e
- apk add --no-cache tar
- mkdir -p artifacts
- if [ -d onchain/analysis ]; then tar -czf artifacts/fuzz-results.tgz onchain/analysis; fi

177
.woodpecker/release.yml Normal file
View file

@ -0,0 +1,177 @@
kind: pipeline
type: docker
name: release
when:
event: tag
steps:
- name: version-check
image: registry.niovi.voyage/harb/node-ci:latest
when:
event: tag
commands:
- |
bash -lc '
set -euo pipefail
git submodule update --init --recursive
corepack enable
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
export PATH=/root/.foundry/bin:$PATH
forge build >/dev/null
npm config set fund false
npm config set audit false
npm install --prefix kraiken-lib --no-audit --no-fund
./scripts/build-kraiken-lib.sh
node <<\"NODE\"
import fs from \"fs\";
const sol = fs.readFileSync(\"onchain/src/Kraiken.sol\", \"utf8\");
const lib = fs.readFileSync(\"kraiken-lib/src/version.ts\", \"utf8\");
const contractVersionMatch = sol.match(/VERSION\\s*=\\s*(\\d+)/);
if (!contractVersionMatch) {
console.error(\"Unable to find VERSION constant in Kraiken.sol\");
process.exit(1);
}
const contractVersion = Number(contractVersionMatch[1]);
const libVersionMatch = lib.match(/KRAIKEN_LIB_VERSION\\s*=\\s*(\\d+)/);
if (!libVersionMatch) {
console.error(\"Unable to find KRAIKEN_LIB_VERSION in kraiken-lib/src/version.ts\");
process.exit(1);
}
const libVersion = Number(libVersionMatch[1]);
const compatMatch = lib.match(/COMPATIBLE_CONTRACT_VERSIONS\\s*=\\s*\\[([^\\]]*)\\]/);
if (!compatMatch) {
console.error(\"Unable to find COMPATIBLE_CONTRACT_VERSIONS in kraiken-lib/src/version.ts\");
process.exit(1);
}
const compatibleVersions = compatMatch[1]
.split(\",\")
.map(v => v.trim())
.filter(Boolean)
.map(Number);
if (contractVersion !== libVersion) {
console.error(\"Contract VERSION (\" + contractVersion + \") and KRAIKEN_LIB_VERSION (\" + libVersion + \") differ\");
process.exit(1);
}
if (!compatibleVersions.includes(contractVersion)) {
console.error(\"Contract VERSION \" + contractVersion + \" missing from COMPATIBLE_CONTRACT_VERSIONS [\" + compatibleVersions.join(\", \") + \"]\");
process.exit(1);
}
console.log(\"Version check passed for VERSION \" + contractVersion);
NODE
'
- name: build-artifacts
image: registry.niovi.voyage/harb/node-ci:latest
depends_on:
- version-check
when:
event: tag
commands:
- |
bash -lc '
set -euo pipefail
npm config set fund false
npm config set audit false
npm install --prefix kraiken-lib --no-audit --no-fund
./scripts/build-kraiken-lib.sh
npm install --prefix landing --no-audit --no-fund
npm install --prefix web-app --no-audit --no-fund
npm install --prefix services/ponder --no-audit --no-fund
npm install --prefix services/txnBot --no-audit --no-fund
npm install --no-audit --no-fund
export PATH=/root/.foundry/bin:$PATH
forge --version
(cd onchain && forge build)
npm run build --prefix landing
npm run build --prefix web-app
npm run build --prefix services/ponder
npm run build --prefix services/txnBot
rm -rf release
mkdir -p release/dist
cp -r onchain/out release/dist/abi
cp -r kraiken-lib/dist release/dist/kraiken-lib
cp -r landing/dist release/dist/landing
cp -r web-app/dist release/dist/web-app
cp -r services/txnBot/dist release/dist/txn-bot
if [ -d services/ponder/generated ]; then
cp -r services/ponder/generated release/dist/ponder-generated
fi
tar -czf release-bundle.tgz -C release dist
'
- name: docker-publish
image: registry.niovi.voyage/harb/playwright-ci:latest
pull: true
privileged: true
depends_on:
- build-artifacts
when:
event: tag
environment:
REGISTRY_SERVER:
from_secret: registry_server
REGISTRY_NAMESPACE:
from_secret: registry_namespace
REGISTRY_USERNAME:
from_secret: registry_username
REGISTRY_PASSWORD:
from_secret: registry_password
commands:
- |
bash -lc '
set -eo pipefail
if [ -z "${CI_COMMIT_TAG:-}" ]; then
echo "CI_COMMIT_TAG not set" >&2
exit 1
fi
if [ -z "${REGISTRY_SERVER:-}" ] || [ -z "${REGISTRY_NAMESPACE:-}" ]; then
echo "Registry server or namespace missing" >&2
exit 1
fi
TAG=$(printf '%s' "$CI_COMMIT_TAG" | sed "s#^refs/tags/##")
export TAG
if [ -z "${COMPOSE_PROJECT_NAME:-}" ]; then
COMPOSE_PROJECT_NAME=harb
fi
REGISTRY_ROOT="${REGISTRY_SERVER:-registry.niovi.voyage}"
REGISTRY_NS="${REGISTRY_NAMESPACE:-harb}"
REGISTRY_BASE="$REGISTRY_ROOT/$REGISTRY_NS"
docker login "$REGISTRY_ROOT" -u "$REGISTRY_USERNAME" -p "$REGISTRY_PASSWORD"
# Build and publish CI base images
node_ci_tmp=harb-node-ci-build
playwright_ci_tmp=harb-playwright-ci-build
docker build -f docker/Dockerfile.node-ci -t "$node_ci_tmp" .
docker tag "$node_ci_tmp" "$REGISTRY_BASE/node-ci:$TAG"
docker push "$REGISTRY_BASE/node-ci:$TAG"
docker tag "$REGISTRY_BASE/node-ci:$TAG" "$REGISTRY_BASE/node-ci:latest"
docker push "$REGISTRY_BASE/node-ci:latest"
docker build -f docker/Dockerfile.playwright-ci -t "$playwright_ci_tmp" .
docker tag "$playwright_ci_tmp" "$REGISTRY_BASE/playwright-ci:$TAG"
docker push "$REGISTRY_BASE/playwright-ci:$TAG"
docker tag "$REGISTRY_BASE/playwright-ci:$TAG" "$REGISTRY_BASE/playwright-ci:latest"
docker push "$REGISTRY_BASE/playwright-ci:latest"
docker-compose build ponder webapp landing txn-bot
for service in ponder webapp landing txn-bot; do
image=$(docker image ls --filter "label=com.docker.compose.project=$COMPOSE_PROJECT_NAME" --filter "label=com.docker.compose.service=$service" --format "{{.Repository}}:{{ .Tag }}" | head -n1)
if [ -z "$image" ]; then
echo "Unable to find built image for $service" >&2
exit 1
fi
target="$REGISTRY_BASE/$service"
docker tag "$image" "$target:$TAG"
docker push "$target:$TAG"
docker tag "$target:$TAG" "$target:latest"
docker push "$target:latest"
done
'