Add docker compose definition to run the relayer as a service (#70)

### What was the problem?

This PR resolves #LISK-960

### How was it solved?

- [x] Optimized Dockerfile
- [x] Added docker-compose.yml
- [x] Update `appspec.yml` to use docker-compose.yml
- [x] Set up new CodePipeline & CodeDeploy application to deploy to the
new EC2 server instance
- [x] Set up new CloudWatch group to capture the docker container logs
- [x] Add scripts for local development on docker
- [x] Remove unused file: `cloudbuild.yml`

### How was it tested?

Against Sepolia on the new server instance against the current branch.

---------

Co-authored-by: Incede <[email protected]>

.github/workflows/branch.yaml

@@ -10,7 +10,7 @@ jobs:
     timeout-minutes: 30 # `yarn test` takes longer time
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Use Node.js 20
         uses: actions/setup-node@v3
         with:

.github/workflows/docker.yaml

@@ -29,13 +29,15 @@ jobs:
       - name: Docker image
         id: docker-image
         run: |
-          echo "image=${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_REPOSITORY }}:${{ github.sha }}" >> $GITHUB_OUTPUT
+          echo "image=${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_REPOSITORY }}" >> $GITHUB_OUTPUT
 
       - name: Build and push the image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         id: docker-build
         with:
           context: ./
           file: ./Dockerfile
           push: true
-          tags: latest,${{ steps.docker-image.outputs.image }}
+          tags: |
+            ${{ steps.docker-image.outputs.image }}:latest
+            ${{ steps.docker-image.outputs.image }}:${{ github.sha }}

.github/workflows/pr.yaml

@@ -1,4 +1,5 @@
 name: "PR"
+
 on:
   pull_request:
 
@@ -8,7 +9,7 @@ jobs:
     timeout-minutes: 30 # `yarn test` takes longer time
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Use Node.js 20
         uses: actions/setup-node@v3
         with:

.prettierignore

@@ -19,6 +19,7 @@ dist/
 ## ignore files
 .*ignore
 .nvmrc
+*.patch
 
 # Ignore extensions
 *.env

Dockerfile

@@ -1,13 +1,31 @@
-FROM node:20
+ARG NODEJS_VERSION=20
 
-WORKDIR /relayer
+##### Stage 1
 
-COPY . ./
+FROM node:$NODEJS_VERSION-alpine AS builder
 
-RUN apt-get update
-RUN apt-get install -y libudev-dev libusb-1.0-0-dev jq yarn rsync
-RUN yarn
+RUN apk add --no-cache alpine-sdk=~1 python3=~3 && \
+    adduser -D builder && \
+    chown -R builder:builder /home/builder/
 
-RUN yarn build
+USER builder
+WORKDIR /home/builder/build
 
-ENTRYPOINT ["/bin/bash", "scripts/runCommand.sh"]
+COPY . .
+
+RUN yarn install --frozen-lockfile && yarn build
+
+##### Stage 2
+
+FROM node:$NODEJS_VERSION-alpine
+
+RUN apk add --no-cache aws-cli=~2 jq=~1 && \
+    adduser -D lisk && \
+    chown -R lisk:lisk /home/lisk/
+
+USER lisk
+WORKDIR /home/lisk/across-relayer
+
+COPY --chown=lisk:lisk --from=builder /home/builder/build/dist/ ./dist/
+COPY --chown=lisk:lisk --from=builder /home/builder/build/node_modules/ ./node_modules/
+COPY --chown=lisk:lisk --from=builder /home/builder/build/config/ ./config/

appspec.yml

@@ -4,11 +4,9 @@ files:
   - source: /
     destination: /home/ubuntu/lisk-across-relayer
 hooks:
-  AfterInstall:
-    - location: scripts/installDependencies.sh
-      runas: root
-    - location: scripts/installApplication.sh
-      runas: root
+  ApplicationStop:
+    - location: scripts/lisk/docker/composeStop.sh
+      timeout: 330
   ApplicationStart:
-    - location: scripts/runMainnet.sh
-      runas: root
+    - location: scripts/lisk/docker/composeStart.sh
+      timeout: 300

config/sepolia/relayerExternalInventory.json

@@ -0,0 +1,41 @@
+{
+  "wrapEtherTarget": 0.1,
+  "wrapEtherThreshold": 0.125,
+  "wrapEtherTargetPerChain": {
+    "1": 1
+  },
+  "wrapEtherThresholdPerChain": {
+    "1": 2
+  },
+  "tokenConfig": {
+    "0xfFf9976782d46CC05630D1f6eBAb18b2324d6B14": {
+      "11155111": {
+        "targetPct": 100,
+        "thresholdPct": 100,
+        "unwrapWethThreshold": 0.5,
+        "unwrapWethTarget": 1
+      },
+      "4202": {
+        "targetPct": 30,
+        "thresholdPct": 10,
+        "unwrapWethThreshold": 0.025,
+        "unwrapWethTarget": 0.1,
+        "targetOverageBuffer": 1.5
+      }
+    },
+    "0x16B840bA01e2b05fc2268eAf6d18892a11EC29D6": {
+      "4202": {
+        "targetPct": 30,
+        "thresholdPct": 10,
+        "targetOverageBuffer": 2.5
+      }
+    },
+    "0xaA8E23Fb1079EA71e0a56F48a2aA51851D8433D0": {
+      "4202": {
+        "targetPct": 30,
+        "thresholdPct": 10,
+        "targetOverageBuffer": 1.5
+      }
+    }
+  }
+}

docker-compose.yml

@@ -0,0 +1,48 @@
+services:
+  redis:
+    image: redis:7-alpine
+    platform: linux/amd64
+    volumes:
+      - redis-data:/data
+    networks:
+      - across_relayer_network
+    restart: always
+    command: redis-server
+    healthcheck:
+      test: redis-cli ping
+      interval: 15s
+      timeout: 5s
+      retries: 3
+
+  relayer_1:
+    image: ${AWS_ECR_REGISTRY}/${AWS_ECR_REPOSITORY}:${ACROSS_RELAYER_IMAGE_TAG}
+    platform: linux/amd64
+    depends_on:
+      redis:
+        condition: service_healthy
+    volumes:
+      - ./scripts/lisk/docker/${NETWORK:-mainnet}/containerStartBot_1.sh:/home/lisk/across-relayer/scripts/start.sh
+    networks:
+      - across_relayer_network
+    restart: always
+    command: ["/bin/sh", "/home/lisk/across-relayer/scripts/start.sh"]
+    logging:
+      driver: awslogs
+      options:
+        awslogs-region: eu-west-3
+        awslogs-group: /ec2/lisk-across-relayer
+        awslogs-stream: ec2/lisk.across.relayer.docker.log
+    environment:
+      - REDIS_URL=redis://redis:6379
+    ports:
+      - ${RELAYER_1_API_SERVER_HOST:-0.0.0.0}:${RELAYER_1_API_SERVER_PORT:-3000}:${RELAYER_1_API_SERVER_PORT:-3000}
+    healthcheck:
+      test: curl --fail http://relayer_1:${RELAYER_1_API_SERVER_PORT:-3000}/healthz
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+
+networks:
+  across_relayer_network:
+
+volumes:
+  redis-data:

scripts/lisk/docker/changeToAppInstallDir.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -eu
+
+app_install_dir="/home/ubuntu/lisk-across-relayer"
+echo "App install dir: $app_install_dir"
+
+cd ${app_install_dir}

scripts/lisk/docker/composeStart.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -eu
+
+. $(dirname "$0")/changeToAppInstallDir.sh
+
+. $(dirname "$0")/setEnvVariables.sh
+
+aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ECR_REGISTRY}
+docker compose up --pull always --detach

scripts/lisk/docker/composeStop.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -eu
+
+. $(dirname "$0")/changeToAppInstallDir.sh
+
+. $(dirname "$0")/setEnvVariables.sh
+
+# Wait for the CI to build and push the Docker image to ECR
+sleep 300
+docker compose down --rmi all

scripts/lisk/docker/dev/changeToAppInstallDir.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -eu
+
+app_install_dir=$(dirname $(realpath "$0"))/../../../..
+
+cd ${app_install_dir}
+
+echo "App install dir set to: $PWD"

scripts/lisk/docker/dev/composeStart.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+set -eu
+
+if [ ! -z "$(git status --untracked-files=no --porcelain)" ]; then
+  echo "Please stash/commit your local changes and re-run the script."
+  exit 1
+fi
+
+. $(dirname $(realpath "$0"))/changeToAppInstallDir.sh
+
+. scripts/lisk/docker/dev/setEnvVariables.sh
+
+mkdir -p $PWD/.aws
+cp $HOME/.aws/credentials $PWD/.aws/
+git apply scripts/lisk/docker/dev/docker-compose-dev.patch
+
+aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ECR_REGISTRY}
+docker compose up --pull always --detach

scripts/lisk/docker/dev/composeStop.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -eu
+
+. $(dirname $(realpath "$0"))/changeToAppInstallDir.sh
+
+. scripts/lisk/docker/dev/setEnvVariables.sh
+
+docker compose down --rmi all
+
+git apply -R scripts/lisk/docker/dev/docker-compose-dev.patch
+rm -rf $PWD/.aws

scripts/lisk/docker/dev/docker-compose-dev.patch

@@ -0,0 +1,29 @@
+diff --git a/docker-compose.yml b/docker-compose.yml
+index 5c229e7e..c4177aaf 100644
+--- a/docker-compose.yml
++++ b/docker-compose.yml
+@@ -21,17 +21,18 @@ services:
+       redis:
+         condition: service_healthy
+     volumes:
++      - ./.aws/credentials:/home/lisk/.aws/credentials
+       - ./scripts/lisk/docker/${NETWORK:-mainnet}/containerStartBot_1.sh:/home/lisk/across-relayer/scripts/start.sh
+     networks:
+       - across_relayer_network
+     restart: always
+     command: ["/bin/sh", "/home/lisk/across-relayer/scripts/start.sh"]
+-    logging:
+-      driver: awslogs
+-      options:
+-        awslogs-region: eu-west-3
+-        awslogs-group: /ec2/lisk-across-relayer
+-        awslogs-stream: ec2/lisk.across.relayer.docker.log
++    # logging:
++    #   driver: awslogs
++    #   options:
++    #     awslogs-region: eu-west-3
++    #     awslogs-group: /ec2/lisk-across-relayer
++    #     awslogs-stream: ec2/lisk.across.relayer.docker.log
+     environment:
+       - REDIS_URL=redis://redis:6379
+     ports:

scripts/lisk/docker/dev/setEnvVariables.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+set -eu
+
+# Set env var from secrets
+# secret_id=arn:aws:secretsmanager:eu-west-3:132202091885:secret:mainnet/lisk-across-relayer/aws-CSi7ka
+secret_id=arn:aws:secretsmanager:eu-west-3:132202091885:secret:sepolia/across-relayer-dev/aws-7CIqpl
+RELAYER_CONFIG=`aws --region eu-west-3 secretsmanager get-secret-value --secret-id ${secret_id} | jq --raw-output .SecretString | jq -r .`
+
+echo "Setting environment variables within the current shell on the host"
+
+export AWS_REGION=`echo $RELAYER_CONFIG | jq -r ."AWS_REGION"`
+
+export AWS_ECR_REGISTRY=`echo $RELAYER_CONFIG | jq -r ."AWS_ECR_REGISTRY"`
+
+export AWS_ECR_REPOSITORY=`echo $RELAYER_CONFIG | jq -r ."AWS_ECR_REPOSITORY"`
+
+export ACROSS_RELAYER_IMAGE_TAG=`echo $RELAYER_CONFIG | jq -r ."ACROSS_RELAYER_IMAGE_TAG"`
+
+export NETWORK=`echo $RELAYER_CONFIG | jq -r ."NETWORK"`
+
+export RELAYER_1_API_SERVER_HOST=`echo $RELAYER_CONFIG | jq -r ."RELAYER_1_API_SERVER_HOST"`
+
+export RELAYER_1_API_SERVER_PORT=`echo $RELAYER_CONFIG | jq -r ."RELAYER_1_API_SERVER_PORT"`
+
+echo "Finished setting all the environment variables within the current shell on the host"

scripts/lisk/docker/mainnet/containerStartBot_1.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+app_dir=$PWD
+echo "Current DIR: $PWD"
+
+# Remove previous .env var if any
+readonly env_file="${app_dir}/.env"
+rm -f ${env_file}
+
+# Setting env var from secrets
+secret_id=arn:aws:secretsmanager:eu-west-3:132202091885:secret:mainnet/lisk-across-relayer/aws-CSi7ka
+RELAYER_CONFIG=`aws --region eu-west-3 secretsmanager get-secret-value --secret-id ${secret_id} | jq --raw-output .SecretString | jq -r .`
+
+AWSKMS_CONFIG=`echo $RELAYER_CONFIG | jq -r ."AWSKMS_CONFIG"`
+echo "AWSKMS_CONFIG=$AWSKMS_CONFIG" >> ${env_file}
+
+AWS_S3_STORAGE_CONFIG=`echo $RELAYER_CONFIG | jq -r ."AWS_S3_STORAGE_CONFIG"`
+echo "AWS_S3_STORAGE_CONFIG=$AWS_S3_STORAGE_CONFIG" >> ${env_file}
+
+RPC_PROVIDER_DRPC_1=`echo $RELAYER_CONFIG | jq -r ."RPC_PROVIDER_DRPC_1"`
+echo "RPC_PROVIDER_DRPC_1=$RPC_PROVIDER_DRPC_1" >> ${env_file}
+
+RPC_PROVIDER_TENDERLY_1=`echo $RELAYER_CONFIG | jq -r ."RPC_PROVIDER_TENDERLY_1"`
+echo "RPC_PROVIDER_TENDERLY_1=$RPC_PROVIDER_TENDERLY_1" >> ${env_file}
+
+RPC_PROVIDER_DRPC_1135=`echo $RELAYER_CONFIG | jq -r ."RPC_PROVIDER_DRPC_1135"`
+echo "RPC_PROVIDER_DRPC_1135=$RPC_PROVIDER_DRPC_1135" >> ${env_file}
+
+RPC_PROVIDER_GELATO_1135=`echo $RELAYER_CONFIG | jq -r ."RPC_PROVIDER_GELATO_1135"`
+echo "RPC_PROVIDER_GELATO_1135=$RPC_PROVIDER_GELATO_1135" >> ${env_file}
+
+SLACK_CONFIG=`echo $RELAYER_CONFIG | jq -r ."SLACK_CONFIG"`
+echo "SLACK_CONFIG=$SLACK_CONFIG" >> ${env_file}
+
+echo "All env vars from secrets are set."
+
+# Set the bot identifier
+echo "BOT_IDENTIFIER=LISK_ACROSS_RELAYER_1"  >> ${env_file}
+
+# Simulation mode OFF
+echo "SEND_RELAYS=true" >> ${env_file}
+echo "SEND_REBALANCES=true"  >> ${env_file}
+
+# RPC provider configuration
+echo "RPC_PROVIDERS=DRPC,GELATO,TENDERLY" >> ${env_file}
+echo "RPC_PROVIDERS_1=DRPC,TENDERLY" >> ${env_file}
+echo "RPC_PROVIDERS_1135=GELATO,DRPC" >> ${env_file}
+
+# Mainnet settings
+echo "RELAYER_ORIGIN_CHAINS=[1,1135]" >> ${env_file}
+echo "RELAYER_DESTINATION_CHAINS=[1,1135]" >> ${env_file}
+echo "MIN_RELAYER_FEE_PCT=0.00005" >> ${env_file}
+
+# Fee settings
+echo "PRIORITY_FEE_SCALER_1=0.8"  >> ${env_file}
+echo "RELAYER_GAS_PADDING=0"  >> ${env_file}
+
+# Supported token settings
+echo RELAYER_TOKENS=\'[\"0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2\", \"0x6033F7f88332B8db6ad452B7C6D5bB643990aE3f\", \"0xdAC17F958D2ee523a2206206994597C13D831ec7\"]\'  >> ${env_file}
+echo MIN_DEPOSIT_CONFIRMATIONS=\'{\"5000\": { \"1\": 5, \"1135\": 10 }, \"2000\": { \"1\": 4, \"1135\": 10 }, \"100\": { \"1\": 3, \"1135\": 10 } }\' >> ${env_file}
+echo RELAYER_EXTERNAL_INVENTORY_CONFIG=\'config/mainnet/relayerExternalInventory.json\' >> ${env_file}
+
+echo "All env vars are set."
+
+node ${app_dir}/dist/index.js --relayer --wallet awskms --keys relayerKey