johba/harb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: consolidate CI and local dev orchestration (#108)

Browse source 
## Summary
- Extract shared bootstrap functions into `scripts/bootstrap-common.sh` (eliminates ~120 lines of duplicated forge/cast commands from e2e.yml)
- Create reusable `scripts/wait-for-service.sh` for health checks (replaces 60-line inline wait-for-stack)
- Merge dev and CI entrypoints into unified scripts branching on `CI` env var (delete `docker/ci-entrypoints/`)
- Replace 4 per-service CI Dockerfiles with parameterized `docker/Dockerfile.service-ci`
- Add `sync-tax-rates.mjs` to CI image builder stage
- Fix: CI now grants txnBot recenter access (was missing)
- Fix: txnBot funding parameterized (CI=10eth, local=1eth)
- Delete 5 obsolete migration docs and 4 DinD integration files

Net: -1540 lines removed

Closes #107

## Test plan
- [ ] E2E pipeline passes (bootstrap sources shared script, services use old images with commands override)
- [ ] build-ci-images pipeline builds all 4 services with unified Dockerfile
- [ ] Local dev stack boots via `./scripts/dev.sh start`

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/harb/pulls/108
This commit is contained in:
johba 2026-02-03 12:07:28 +01:00
parent 4277f19b68
commit e5e1308e72
45 changed files with 882 additions and 2627 deletions
Download patch file Download diff file Expand all files Collapse all files

77
.woodpecker/build-ci-images.yml
View file

@ -13,14 +13,18 @@ when:
path:
include:
- .woodpecker/build-ci-images.yml
- docker/Dockerfile.*-ci
- docker/ci-entrypoints/**
- docker/Dockerfile.service-ci
- docker/Dockerfile.node-ci
- containers/*-entrypoint.sh
- containers/entrypoint-common.sh
- kraiken-lib/**
- onchain/**
- services/ponder/**
- services/txnBot/**
- web-app/**
- landing/**
- scripts/sync-tax-rates.mjs
- scripts/bootstrap-common.sh
steps:
# Compile Solidity contracts to generate ABI files needed by Dockerfiles
@ -28,7 +32,7 @@ steps:
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
# Initialize git submodules (required for forge dependencies)
git submodule update --init --recursive
@ -56,54 +60,85 @@ steps:
# Login to registry
echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$REGISTRY_USER" --password-stdin
SHA="${CI_COMMIT_SHA:0:7}"
# Build and push node-ci (base image with Foundry pre-installed)
echo "=== Building node-ci ==="
docker build \
-f docker/Dockerfile.node-ci \
-t "$REGISTRY/harb/node-ci:${CI_COMMIT_SHA:0:7}" \
-t "$REGISTRY/harb/node-ci:$SHA" \
-t "$REGISTRY/harb/node-ci:latest" \
.
docker push "$REGISTRY/harb/node-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/node-ci:$SHA"
docker push "$REGISTRY/harb/node-ci:latest"
# Build and push ponder-ci
# Build and push ponder-ci (unified Dockerfile)
echo "=== Building ponder-ci ==="
docker build \
-f docker/Dockerfile.ponder-ci \
-t "$REGISTRY/harb/ponder-ci:${CI_COMMIT_SHA:0:7}" \
-f docker/Dockerfile.service-ci \
--build-arg SERVICE_DIR=services/ponder \
--build-arg SERVICE_PORT=42069 \
--build-arg ENTRYPOINT_SCRIPT=containers/ponder-entrypoint.sh \
--build-arg HEALTHCHECK_RETRIES=12 \
--build-arg HEALTHCHECK_START=20s \
--build-arg NEEDS_SYMLINKS=false \
-t "$REGISTRY/harb/ponder-ci:$SHA" \
-t "$REGISTRY/harb/ponder-ci:latest" \
.
docker push "$REGISTRY/harb/ponder-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/ponder-ci:$SHA"
docker push "$REGISTRY/harb/ponder-ci:latest"
# Build and push webapp-ci
# Build and push webapp-ci (unified Dockerfile)
echo "=== Building webapp-ci ==="
docker build \
-f docker/Dockerfile.webapp-ci \
-t "$REGISTRY/harb/webapp-ci:${CI_COMMIT_SHA:0:7}" \
-f docker/Dockerfile.service-ci \
--build-arg SERVICE_DIR=web-app \
--build-arg SERVICE_PORT=5173 \
--build-arg HEALTHCHECK_PATH=/app/ \
--build-arg HEALTHCHECK_RETRIES=84 \
--build-arg HEALTHCHECK_START=15s \
--build-arg ENTRYPOINT_SCRIPT=containers/webapp-entrypoint.sh \
--build-arg NODE_ENV=development \
--build-arg NEEDS_SYMLINKS=true \
-t "$REGISTRY/harb/webapp-ci:$SHA" \
-t "$REGISTRY/harb/webapp-ci:latest" \
.
docker push "$REGISTRY/harb/webapp-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/webapp-ci:$SHA"
docker push "$REGISTRY/harb/webapp-ci:latest"
# Build and push landing-ci
# Build and push landing-ci (unified Dockerfile)
echo "=== Building landing-ci ==="
docker build \
-f docker/Dockerfile.landing-ci \
-t "$REGISTRY/harb/landing-ci:${CI_COMMIT_SHA:0:7}" \
-f docker/Dockerfile.service-ci \
--build-arg SERVICE_DIR=landing \
--build-arg SERVICE_PORT=5174 \
--build-arg ENTRYPOINT_SCRIPT=containers/landing-ci-entrypoint.sh \
--build-arg NODE_ENV=development \
--build-arg HEALTHCHECK_RETRIES=6 \
--build-arg HEALTHCHECK_START=10s \
--build-arg NEEDS_SYMLINKS=false \
-t "$REGISTRY/harb/landing-ci:$SHA" \
-t "$REGISTRY/harb/landing-ci:latest" \
.
docker push "$REGISTRY/harb/landing-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/landing-ci:$SHA"
docker push "$REGISTRY/harb/landing-ci:latest"
# Build and push txnbot-ci
# Build and push txnbot-ci (unified Dockerfile)
echo "=== Building txnbot-ci ==="
docker build \
-f docker/Dockerfile.txnbot-ci \
-t "$REGISTRY/harb/txnbot-ci:${CI_COMMIT_SHA:0:7}" \
-f docker/Dockerfile.service-ci \
--build-arg SERVICE_DIR=services/txnBot \
--build-arg SERVICE_PORT=43069 \
--build-arg HEALTHCHECK_PATH=/status \
--build-arg HEALTHCHECK_RETRIES=4 \
--build-arg HEALTHCHECK_START=10s \
--build-arg ENTRYPOINT_SCRIPT=containers/txnbot-entrypoint.sh \
--build-arg NPM_INSTALL_CMD=install \
--build-arg NEEDS_SYMLINKS=false \
-t "$REGISTRY/harb/txnbot-ci:$SHA" \
-t "$REGISTRY/harb/txnbot-ci:latest" \
.
docker push "$REGISTRY/harb/txnbot-ci:${CI_COMMIT_SHA:0:7}"
docker push "$REGISTRY/harb/txnbot-ci:$SHA"
docker push "$REGISTRY/harb/txnbot-ci:latest"
echo "=== All CI images built and pushed ==="

6
.woodpecker/ci.yml
View file

@ -10,7 +10,7 @@ steps:
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
git submodule update --init --recursive
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
@ -20,7 +20,7 @@ steps:
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
cd onchain
export PATH=/root/.foundry/bin:$PATH
@ -36,7 +36,7 @@ steps:
CI: "true"
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
npm config set fund false
npm config set audit false

8
.woodpecker/contracts.yml
View file

@ -10,7 +10,7 @@ steps:
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
git submodule update --init --recursive
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
@ -22,7 +22,7 @@ steps:
HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
cd onchain
export PATH=/root/.foundry/bin:$PATH
@ -45,7 +45,7 @@ steps:
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
git submodule update --init --recursive
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
@ -59,7 +59,7 @@ steps:
from_secret: base_sepolia_rpc
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
cd onchain
export BASE_SEPOLIA_RPC="$BASE_SEPOLIA_RPC"

193
.woodpecker/e2e.yml
View file

@ -203,127 +203,18 @@ steps:
- install-deps
commands:
- |
set -eu
# Foundry is pre-installed in node-ci image
echo "=== Foundry version ==="
forge --version
cast --version
echo "=== Waiting for Anvil ==="
for i in $(seq 1 60); do
if cast chain-id --rpc-url http://anvil:8545 2>/dev/null; then
echo "Anvil is ready"
break
fi
echo "Waiting for Anvil... ($i/60)"
sleep 2
done
echo "=== Deploying contracts ==="
cd onchain
# Deploy contracts using forge script
forge script script/DeployLocal.sol:DeployLocal \
--rpc-url http://anvil:8545 \
--private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 \
--broadcast
# Extract deployed addresses using Node.js (available in this image)
node -e "
const data = require('./broadcast/DeployLocal.sol/31337/run-latest.json');
const txns = data.transactions;
const kraiken = txns.find(t => t.contractName === 'Kraiken').contractAddress;
const stake = txns.find(t => t.contractName === 'Stake').contractAddress;
const lm = txns.find(t => t.contractName === 'LiquidityManager').contractAddress;
console.log('KRAIKEN=' + kraiken);
console.log('STAKE=' + stake);
console.log('LIQUIDITY_MANAGER=' + lm);
" > ../addresses.txt
. ../addresses.txt
# Get current block number as start block
START_BLOCK=$(cast block-number --rpc-url http://anvil:8545)
echo "=== Contract Deployment Complete ==="
echo "KRAIKEN: $KRAIKEN"
echo "STAKE: $STAKE"
echo "LIQUIDITY_MANAGER: $LIQUIDITY_MANAGER"
echo "START_BLOCK: $START_BLOCK"
# Build kraiken-lib BEFORE writing contracts.env
# (services wait for contracts.env, so kraiken-lib must be ready first)
echo "=== Building kraiken-lib (shared dependency) ==="
cd ../kraiken-lib
npm ci --ignore-scripts
./node_modules/.bin/tsc
cd ../onchain
# Write environment file for other services (absolute path for detached services)
{
echo "KRAIKEN=$KRAIKEN"
echo "STAKE=$STAKE"
echo "LIQUIDITY_MANAGER=$LIQUIDITY_MANAGER"
echo "START_BLOCK=$START_BLOCK"
echo "PONDER_RPC_URL_1=http://anvil:8545"
echo "DATABASE_URL=postgres://ponder:ponder_local@postgres:5432/ponder_local"
echo "RPC_URL=http://anvil:8545"
} > /woodpecker/src/contracts.env
# Write deployments-local.json for E2E tests
printf '{\n "contracts": {\n "Kraiken": "%s",\n "Stake": "%s",\n "LiquidityManager": "%s"\n }\n}\n' \
"$KRAIKEN" "$STAKE" "$LIQUIDITY_MANAGER" > deployments-local.json
echo "=== deployments-local.json written ==="
cat deployments-local.json
# Deployer and fee destination addresses
DEPLOYER_PK=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
DEPLOYER_ADDR=0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266
FEE_DEST=0xf6a3eef9088A255c32b6aD2025f83E57291D9011
WETH=0x4200000000000000000000000000000000000006
SWAP_ROUTER=0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4
MAX_UINT=0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
echo "=== Funding LiquidityManager ==="
cast send --rpc-url http://anvil:8545 \
--private-key $DEPLOYER_PK \
"$LIQUIDITY_MANAGER" --value 0.1ether
echo "=== Granting recenter access ==="
cast rpc --rpc-url http://anvil:8545 anvil_impersonateAccount $FEE_DEST
cast send --rpc-url http://anvil:8545 --from $FEE_DEST --unlocked \
"$LIQUIDITY_MANAGER" "setRecenterAccess(address)" $DEPLOYER_ADDR
cast rpc --rpc-url http://anvil:8545 anvil_stopImpersonatingAccount $FEE_DEST
echo "=== Calling recenter() to seed liquidity ==="
cast send --rpc-url http://anvil:8545 --private-key $DEPLOYER_PK \
"$LIQUIDITY_MANAGER" "recenter()"
echo "=== Seeding application state (initial swap) ==="
# Wrap ETH to WETH
cast send --rpc-url http://anvil:8545 --private-key $DEPLOYER_PK \
$WETH "deposit()" --value 0.02ether
# Approve router
cast send --rpc-url http://anvil:8545 --private-key $DEPLOYER_PK \
$WETH "approve(address,uint256)" $SWAP_ROUTER $MAX_UINT
# Execute initial KRK swap
cast send --legacy --gas-limit 300000 --rpc-url http://anvil:8545 --private-key $DEPLOYER_PK \
$SWAP_ROUTER "exactInputSingle((address,address,uint24,address,uint256,uint256,uint160))" \
"($WETH,$KRAIKEN,10000,$DEPLOYER_ADDR,10000000000000000,0,0)"
# Fund txnBot wallet
TXNBOT_ADDR=0x70997970C51812dc3A010C7d01b50e0d17dc79C8
cast send --rpc-url http://anvil:8545 \
--private-key $DEPLOYER_PK \
--value 10ether \
$TXNBOT_ADDR
echo "TXNBOT_PRIVATE_KEY=0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d" >> /woodpecker/src/contracts.env
echo "=== Bootstrap complete ==="
# Create a bootstrap wrapper that runs under bash
# (Woodpecker uses /bin/sh which lacks 'source' and bash-isms)
export ANVIL_RPC=http://anvil:8545
export CONTRACT_ENV=/woodpecker/src/contracts.env
export LOG_FILE=/dev/null
export ONCHAIN_DIR="$PWD/onchain"
export TXNBOT_FUND_VALUE=10ether
export TXNBOT_ADDRESS=0x70997970C51812dc3A010C7d01b50e0d17dc79C8
export TXNBOT_PRIVATE_KEY=0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d
exec bash scripts/ci-bootstrap.sh
# Step 2: Wait for stack to be healthy (services run in background)
# Max 3 minutes - fail fast if services don't come up
- name: wait-for-stack
image: alpine:3.20
depends_on:
@ -331,62 +222,14 @@ steps:
commands:
- |
set -eu
apk add --no-cache curl
apk add --no-cache curl bash
echo "=== Waiting for stack to be healthy (max 7 min) ==="
MAX_ATTEMPTS=84 # 84 * 5s = 420s = 7 minutes
ATTEMPT=0
while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
ATTEMPT=$((ATTEMPT + 1))
PONDER_OK=0
WEBAPP_OK=0
LANDING_OK=0
CADDY_OK=0
# Check each service with verbose output on failure
# Ponder dev mode serves at root (/) - matches Dockerfile healthcheck
if curl -sf --max-time 3 http://ponder:42069/ > /dev/null 2>&1; then
PONDER_OK=1
fi
# Webapp configured with --base /app/
if curl -sf --max-time 3 http://webapp:5173/app/ > /dev/null 2>&1; then
WEBAPP_OK=1
fi
if curl -sf --max-time 3 http://landing:5174/ > /dev/null 2>&1; then
LANDING_OK=1
fi
# Caddy check: verify proxy is working by checking webapp through Caddy
# Use /app/ since it's a reliable known-good route (landing fallback can return 403 if not ready)
if curl -sf --max-time 3 http://caddy:8081/app/ > /dev/null 2>&1; then
CADDY_OK=1
fi
echo "[$(date +%T)] ($ATTEMPT/$MAX_ATTEMPTS) ponder=$PONDER_OK webapp=$WEBAPP_OK landing=$LANDING_OK caddy=$CADDY_OK"
if [ "$PONDER_OK" = "1" ] && [ "$WEBAPP_OK" = "1" ] && [ "$LANDING_OK" = "1" ] && [ "$CADDY_OK" = "1" ]; then
echo "All services healthy!"
echo "=== Stack is healthy ==="
exit 0
fi
sleep 5
done
echo "ERROR: Services did not become healthy within 7 minutes"
echo "Final status: ponder=$PONDER_OK webapp=$WEBAPP_OK landing=$LANDING_OK caddy=$CADDY_OK"
# Show more diagnostic info
echo "=== Diagnostic: checking individual endpoints ==="
echo "--- Ponder root (/) ---"
curl -v --max-time 5 http://ponder:42069/ 2>&1 | head -20 || true
echo "--- Webapp /app/ ---"
curl -v --max-time 5 http://webapp:5173/app/ 2>&1 | head -20 || true
echo "--- Landing / ---"
curl -v --max-time 5 http://landing:5174/ 2>&1 | head -20 || true
echo "--- Caddy / (landing via proxy) ---"
curl -v --max-time 5 http://caddy:8081/ 2>&1 | head -20 || true
exit 1
bash scripts/wait-for-service.sh http://ponder:42069/ 420 ponder
bash scripts/wait-for-service.sh http://webapp:5173/app/ 420 webapp
bash scripts/wait-for-service.sh http://landing:5174/ 420 landing
bash scripts/wait-for-service.sh http://caddy:8081/app/ 420 caddy
echo "=== Stack is healthy ==="
# Step 3: Run E2E tests
- name: run-e2e-tests
@ -428,12 +271,12 @@ steps:
if [ -d playwright-report ]; then
tar -czf artifacts/playwright-report.tgz playwright-report
echo "Playwright report archived"
echo "Playwright report archived"
fi
if [ -d test-results ]; then
tar -czf artifacts/test-results.tgz test-results
echo "Test results archived"
echo "Test results archived"
fi
ls -lh artifacts/ 2>/dev/null || echo "No artifacts"

4
.woodpecker/fuzz-nightly.yml
View file

@ -10,7 +10,7 @@ steps:
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
git submodule update --init --recursive
yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
@ -20,7 +20,7 @@ steps:
image: registry.niovi.voyage/harb/node-ci:latest
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
if ! command -v bc >/dev/null 2>&1; then
apt-get update

6
.woodpecker/release.yml
View file

@ -12,7 +12,7 @@ steps:
event: tag
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
git submodule update --init --recursive
corepack enable
@ -75,7 +75,7 @@ steps:
event: tag
commands:
- |
bash -lc '
bash -c '
set -euo pipefail
npm config set fund false
npm config set audit false
@ -125,7 +125,7 @@ steps:
from_secret: registry_password
commands:
- |
bash -lc '
bash -c '
set -eo pipefail
if [ -z "${CI_COMMIT_TAG:-}" ]; then
echo "CI_COMMIT_TAG not set" >&2