Merge remote-tracking branch 'origin/main' into bjrint-use-jwcrypto

Author: olethanh

.github/workflows/deploy-main-on-staging.yml

@@ -0,0 +1,62 @@
+# This workflow automatically deploys main on staging
+name: "Deploy `main` automatically on staging"
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy_staging_servers:
+    name: "Deploying on ${{ matrix.staging_servers.hostname }}"
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        staging_servers:
+          - hostname: "ovh.staging.aleph.sh"
+            # Use `ssh-keyscan -H host | base64 --wrap=0` to obtain the host keys
+            host_keys: "fDF8b3JHVkxyOU83Qnh0QmkvWjd4N0lVTkRDSHFRPXwxZEdZSnNjNlFyejA5QkR6cGROR1BLYjNES009IHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQmdRRHZwSmNpV2dscTNCbEsxY2xOUmNETnVQeFVCeGF3bE5qVElHZFV2MmoyTVo4KzliVVpDSkI1aXFIKzNvbkc5Vklla1RQdW1ybFlXbFMvZkkvSzM3dTh5UXJuQ3JkNi9XRm9XWWJOaTJ4NWxSOUhzaTViRXQ4MFAwRkFyVVpaSkdzbnRQdVhGeFJGR3dHeFNENTN2emVMbmU4VjRlaUxrQ3BjMDU5YzZVVHBublcvSjdRRnlzZURDUXIwVzFsMzBNcjlnTm1LbmpBd2VLWXdCS0hYaG42VGdSd1RYT1E3VXJCc3c2Q1d0OHI2N2g4QkJ2UHQ5OWt5OHl4dUw2Z25TRlhqeWhyKzVhd1lTY3VhVU5JS3B0Y2JFOWpISHhEY1FLSHN0akZZRHRsM0JWN29rUEkvUWJablpSMDVTdDgvZldoK2p5K3ZtR3BTWmtFckJ2NkUwdFhHMDhmdkdheVRXNWFVcWxRQmlLMzJpNmJlUWordjI3b0pUWndvcndBOVJCY1QramlCWVRNVUFpTTJrblhXMGlqT2ViWDNackpITm5QbXJkbjBTd1JldGlLRzg2SGdRK3d3a0dwd3UxVk01eTFlbTVwZ0VUdnU5SHg1RTFKeEJLcXJ3ZkdhTVVRWFZEWG8yNDg5bW1XZzA1aUFHejZIaXNTVWRESFlRKzhnWnA4PQp8MXxvUzkyc1NEb3RxU1hSb0F6MUpFS1V2RDhVTGM9fDVtSHZBSVdqbk1CN2IwcllRQlo0SXBpaFlqQT0gZWNkc2Etc2hhMi1uaXN0cDI1NiBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEF5TlRZQUFBQUlibWx6ZEhBeU5UWUFBQUJCQkZNanZFOEFsQmYxbkp1Y0ZlaEJjSUY2RE8wdGJOdU96OEx5QlFUdC82RlEwaWYyWVAxQUJ1TjBmYXVIT3R4WEx6b25vSGVhTDZaV0JoakhmRGV4NlY4PQp8MXxMc2lPc3RhVGk5bEhYSlFsWDJYQ3c3Q0lTU1k9fGk1RzlFTHJydHpaYkUrR2JjbWF1SDIxOG1ZND0gc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUp1QVNEMWY1d2dXM3pnd3FGalBXYzhPRi9BZ1pmSFFVa3lRMDE2c1MrRmoK"
+            os: "debian-12"
+            make_target: "all-podman-debian-12"
+            artifact_name: "aleph-vm.debian-12.deb"
+
+          - hostname: "hetzner.staging.aleph.sh"
+            # Use `ssh-keyscan -H host | base64 --wrap=0` to obtain the host keys
+            host_keys: "fDF8WUlKd0FYWnYxZ24vNkRCU0tkYjg0TC9sUngwPXwrRk96RzdoSTJ5Y3JzUW1uSEwrdEFBQkR4YUU9IHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQmdRRHBKcHF5ajUxWUluRkNyZjZUWjE5eUF3cHlXNTNHaFAxNXQ0Wm56cHBwOUVnNTNnZmVWdmk5WUV1bVV6cnVUN01LdFpobjNsb0U5YVFtRUYzSElpb3c5ZmlCWVA3aUMzUUFGdUJCandPUmQwV1RVWDZQQUN2c2p0b1JLWjJpTWZ2YXdITHdrWHErWnkrc2hHNU44L2pwQlJ4MC9paXJta2xPS0F5QWw0QTYzZ2MxMndsVGQzcS9IcDVxd1dSYVV3M1JVUTFTVVJSN2RGRW81VWxqeUZVYS9zdWV1STBYOXdLd0tPZ09iOEo3ZFZDMEdDT3VibkJXL3Jmb3N0YVV5eStaSzdQdzBrM251M2szTFZuUVlPTGlNOG1NMnJub2ZWZ2RSWXpiM3RTUVVrbk9wektBVzBXK3llWmpSOXp1UG4yNXF4bWxsRmRaNmt3QTFDcWY2MmQyQ0dtQ2NDU3dUSUl4ZHJ3M29oOEZOclpROTI4OGQvcmF4djZXZi9oZDI0Y1JqeDdFSEJxOUFWMW02UTZWeGxnSWl0WjIzODlsYjRmODNGclRrNUtib3J3Zm5oM3NaZFRSSkJqRjRhdHZ5NktsWFYxenROc05BeDhFN1RnTDMzVFlnRGc4RWlldGN1TVlzUlcwSnREdldBNGxsZDFQS3JrbDJ1LzZvLzNUb0xVPQp8MXxmQ3FnTjB2WHpMTnAzdklnZXdkSFRQRTA0ZUk9fDhnSituTC9hUGpEQlRMcUNJak1sZFpVbFRpST0gZWNkc2Etc2hhMi1uaXN0cDI1NiBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEF5TlRZQUFBQUlibWx6ZEhBeU5UWUFBQUJCQktWbnE5aWsvcHZFaDdXbHFydUtWZmdZeTlwOVpNQnVKV2IrZkVvS0hZY0ZSYld5c0lYRjJlalBnaUMyOFEvZExqeUhXd2RVZlMySFBMbGNxRVFEZlpvPQp8MXxtVzA4T3ZqUnh0bmRjYVNyc0poWXBQcXp2akk9fFlDcktMeUg4ZnJJR0lRV05RS3hiUnArNlIvTT0gc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUl5ZGNhTXF1dkZFTEpNUDBlRmhNUGJWZVBSVjlSUEhVRzhIZGZIQmRvaTEK"
+            os: "debian-12"
+            make_target: "all-podman-debian-12"
+            artifact_name: "aleph-vm.debian-12.deb"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          # Fetch the whole history for all tags and branches (required for aleph.__version__)
+          fetch-depth: 0
+
+      - run: |
+          cd packaging && make ${{ matrix.staging_servers.make_target }} && cd ..
+          ls packaging/target
+
+      - name: Setup SSH private key
+        run: |
+          mkdir ~/.ssh
+          echo $STAGING_SSH_PRIVATE_KEY | base64 --decode > ~/.ssh/id_ed25519
+          chmod 0700 ~/.ssh
+          chmod 0600 ~/.ssh/id_ed25519
+        env:
+          # Create using:
+          # ssh-keygen -t ed25519 -f ./id_ed25519
+          # cat ./id_ed25519 | base64 --wrap=0
+          STAGING_SSH_PRIVATE_KEY: ${{ secrets.STAGING_SSH_PRIVATE_KEY }}
+
+      - name: Install Aleph-VM on the Staging servers
+        run: |
+          echo ${{ matrix.staging_servers.host_keys }} | base64 --decode > ~/.ssh/known_hosts
+
+          # Wait for /var/lib/apt/lists/lock to be unlocked on the remote host via SSH.
+          while ssh root@${{ matrix.staging_servers.hostname }} lsof /var/lib/apt/lists/lock; do sleep 1; done
+
+          scp packaging/target/${{ matrix.staging_servers.artifact_name }} root@${{ matrix.staging_servers.hostname }}:/opt
+          ssh root@${{ matrix.staging_servers.hostname }} DEBIAN_FRONTEND=noninteractive "apt-get -o DPkg::Lock::Timeout=60 install -y --allow-downgrades /opt/${{ matrix.staging_servers.artifact_name }}"
+

.github/workflows/test-on-droplets-matrix.yml

@@ -1,107 +1,30 @@
-name: "Test on DigitalOcean Droplets"
-
+# These are end-to-end tests running on ephemeral DigitalOcean "Droplet" virtual machines
+# with the different operating systems that are supported.
+#
+# The main focus of these tests is to ensure that the packaging works on all supported platforms
+# and to ensure the compatibility of dependencies (system and vendored) across these platforms.
+name: "Testing on DigitalOcean Droplets"
+
+# Run automatically on main branches, Pull Request updates and allow manual execution using `workflow_dispatch`.
 on:
-  push
+  push:
+    branches:
+      - main
+  pull_request:
+    types:
+      - "opened"
+      - "reopened"
+      - "synchronize"
+      - "ready_for_review"
+  workflow_dispatch:
 
 jobs:
-  tests-python:
-    name: "Test Python code"
-    runs-on: ubuntu-22.04
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Workaround github issue https://github.com/actions/runner-images/issues/7192
-        run: sudo echo RESET grub-efi/install_devices | sudo debconf-communicate grub-pc
-
-      - name: Install required system packages only for Ubuntu Linux
-        run: |
-          sudo apt-get update
-          sudo apt-get -y upgrade
-          sudo apt-get install -y python3 python3-pip python3-aiohttp python3-msgpack python3-aiodns python3-alembic python3-sqlalchemy python3-setproctitle redis python3-aioredis python3-psutil sudo acl curl systemd-container squashfs-tools debootstrap python3-packaging python3-cpuinfo python3-nftables python3-jsonschema nftables
-          pip install --upgrade typing-extensions types-PyYAML
-
-      - name: Install required Python packages
-        run: |
-          python3 -m pip install hatch hatch-vcs coverage
-
-      - name: Test style wth ruff, black and isort
-        run: |
-          hatch run lint:style
-
-      - name: Test typing with Mypy
-        run: |
-          hatch run lint:typing
-
-      - name: Install required system packages for installing and running tests
-        run: |
-          sudo apt-get install libsystemd-dev cmake libdbus-1-dev libglib2.0-dev
-
-      - name: Download and build required files for running tests. Copied from packaging/Makefile.
-        run: |
-          sudo mkdir --parents /opt/firecracker/
-          sudo curl -fsSL -o "/opt/firecracker/vmlinux.bin" "https://ipfs.aleph.cloud/ipfs/bafybeiaj2lf6g573jiulzacvkyw4zzav7dwbo5qbeiohoduopwxs2c6vvy"
-          
-          rm -fr /tmp/firecracker-release
-          mkdir --parents /tmp/firecracker-release /opt/firecracker
-          curl -fsSL https://github.com/firecracker-microvm/firecracker/releases/download/v1.5.0/firecracker-v1.5.0-x86_64.tgz | tar -xz --no-same-owner --directory /tmp/firecracker-release
-          # Copy binaries:
-          cp /tmp/firecracker-release/release-v*/firecracker-v*[!.debug] /opt/firecracker/firecracker
-          cp /tmp/firecracker-release/release-v*/jailer-v*[!.debug] /opt/firecracker/jailer
-          chmod +x /opt/firecracker/firecracker
-          chmod +x /opt/firecracker/jailer
-          
-          find /opt
-
-      - name: "Build custom runtime"
-        run: |
-          sudo apt update
-          sudo apt install -y debootstrap ndppd acl cloud-image-utils qemu-utils qemu-system-x86
-          cd runtimes/aleph-debian-12-python && sudo ./create_disk_image.sh && cd ../..
-
-      - name: "Build example volume"
-        run: |
-          cd examples/volumes && bash build_squashfs.sh
-
-        # Unit tests create and delete network interfaces, and therefore require to run as root
-      - name: Run unit tests
-        run: |
-          sudo python3 -m pip install hatch hatch-vcs coverage
-          sudo hatch run testing:cov
-
-      - name: Upload coverage reports to Codecov
-        uses: codecov/[email protected]
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          slug: aleph-im/aleph-vm
-
-  code-quality-shell:
-    runs-on: ubuntu-22.04
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Workaround github issue https://github.com/actions/runner-images/issues/7192
-        run: sudo echo RESET grub-efi/install_devices | sudo debconf-communicate grub-pc
-
-      - name: Install required system packages only for Ubuntu Linux
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y shellcheck
-
-      - name: Run Shellcheck on all shell scripts
-        run: |
-          find ./ -type f -name "*.sh" -exec shellcheck {} \;
-  
 
   run_on_droplet:
     name: "Test Droplet with ${{ matrix.os_config.os_name }}-${{ matrix.check_vm.alias }}"
     runs-on: ubuntu-latest
     concurrency: "${{ matrix.os_config.concurrency_group }}-${{ matrix.check_vm.alias }}"
     timeout-minutes: 10
-    needs:
-      - tests-python
-      - code-quality-shell
 
     strategy:
       matrix:
@@ -238,6 +161,13 @@ jobs:
             -d '{"persistent_vms": [], "instances": ["${{ matrix.check_vm.item_hash }}"]}' \
             "http://${DROPLET_IPV4}:4020/control/allocations"
 
+      - name: Fetch system usage endpoint
+        run: |
+          export DROPLET_IPV4="$(doctl compute droplet get aleph-vm-ci-${{ matrix.os_config.alias }}-${{ matrix.check_vm.alias }} --output json | ./.github/scripts/extract_droplet_ipv4.py)"
+          curl -X GET -H "Content-Type: application/json" \
+            "http://${DROPLET_IPV4}:4020/about/usage/system"
+
+
       - name: Export aleph logs
         if: always()
         run: |

.github/workflows/test-using-pytest.yml

@@ -0,0 +1,96 @@
+name: "Test on DigitalOcean Droplets"
+
+on:
+  push
+
+jobs:
+  tests-python:
+    name: "Test Python code"
+    runs-on: ubuntu-22.04
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Workaround github issue https://github.com/actions/runner-images/issues/7192
+        run: sudo echo RESET grub-efi/install_devices | sudo debconf-communicate grub-pc
+
+      - name: Install required system packages only for Ubuntu Linux
+        run: |
+          sudo apt-get update
+          sudo apt-get -y upgrade
+          sudo apt-get install -y python3 python3-pip python3-aiohttp python3-msgpack python3-aiodns python3-alembic python3-sqlalchemy python3-setproctitle redis python3-aioredis python3-psutil sudo acl curl systemd-container squashfs-tools debootstrap python3-packaging python3-cpuinfo python3-nftables python3-jsonschema nftables
+          pip install --upgrade typing-extensions types-PyYAML
+
+      - name: Install required Python packages
+        run: |
+          python3 -m pip install hatch hatch-vcs coverage
+
+      - name: Test style wth ruff, black and isort
+        run: |
+          hatch run lint:style
+
+      - name: Test typing with Mypy
+        run: |
+          hatch run lint:typing
+
+      - name: Install required system packages for installing and running tests
+        run: |
+          sudo apt-get install libsystemd-dev cmake libdbus-1-dev libglib2.0-dev
+
+      - name: Download and build required files for running tests. Copied from packaging/Makefile.
+        run: |
+          sudo mkdir --parents /opt/firecracker/
+          sudo curl -fsSL -o "/opt/firecracker/vmlinux.bin" "https://ipfs.aleph.cloud/ipfs/bafybeiaj2lf6g573jiulzacvkyw4zzav7dwbo5qbeiohoduopwxs2c6vvy"
+          
+          rm -fr /tmp/firecracker-release
+          mkdir --parents /tmp/firecracker-release /opt/firecracker
+          curl -fsSL https://github.com/firecracker-microvm/firecracker/releases/download/v1.5.0/firecracker-v1.5.0-x86_64.tgz | tar -xz --no-same-owner --directory /tmp/firecracker-release
+          # Copy binaries:
+          cp /tmp/firecracker-release/release-v*/firecracker-v*[!.debug] /opt/firecracker/firecracker
+          cp /tmp/firecracker-release/release-v*/jailer-v*[!.debug] /opt/firecracker/jailer
+          chmod +x /opt/firecracker/firecracker
+          chmod +x /opt/firecracker/jailer
+          
+          find /opt
+
+      - name: "Build custom runtimes"
+        run: |
+          sudo apt update
+          sudo apt install -y debootstrap ndppd acl cloud-image-utils qemu-utils qemu-system-x86
+          cd runtimes/aleph-debian-12-python && sudo ./create_disk_image.sh && cd ../..
+          cd runtimes/instance-rootfs && sudo ./create-ubuntu-22-04-qemu-disk.sh && cd ../..
+
+      - name: "Build example volume"
+        run: |
+          cd examples/volumes && bash build_squashfs.sh
+
+        # Unit tests create and delete network interfaces, and therefore require to run as root
+      - name: Run unit tests
+        run: |
+          sudo python3 -m pip install hatch hatch-vcs coverage
+          sudo hatch run testing:cov
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/[email protected]
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          slug: aleph-im/aleph-vm
+
+  code-quality-shell:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Workaround github issue https://github.com/actions/runner-images/issues/7192
+        run: sudo echo RESET grub-efi/install_devices | sudo debconf-communicate grub-pc
+
+      - name: Install required system packages only for Ubuntu Linux
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y shellcheck
+
+      - name: Run Shellcheck on all shell scripts
+        run: |
+          find ./ -type f -name "*.sh" -exec shellcheck {} \;
+  

README.md

@@ -17,9 +17,7 @@ Writing programs in Python using ASGI compatible frameworks (
 
 Install Aleph-VM to run an Aleph.im Compute Resource Node easily from official pre-built packages.
 
-- [On Debian 11](./doc/INSTALL-Debian-11.md)
-- [On Debian 12](./doc/INSTALL-Debian-12.md)
-- [On Ubuntu 22.04](./doc/INSTALL-Ubuntu-22.04.md)
+See the official user doc https://docs.aleph.im/nodes/compute/
 
 ## 2. Install Aleph-VM from source