Deployment of notary-server using GH Actions & AWS CodeDeploy

.github/scripts/build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -ex
+
+environment=$1
+
+cd notary-server
+cargo build --release
+aws s3 cp target/release/notary-server s3://tlsn-deploy/$environment/
+
+exit 0

.github/scripts/deploy.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+set -ex
+
+environment=$1
+branch=$2
+
+INSTANCE_ID=$(aws ec2 describe-instances --filters Name=tag:Name,Values=[tlsnotary-backend] --query "Reservations[*].Instances[*][InstanceId]" --output text)
+aws ec2 create-tags --resources $INSTANCE_ID --tags "Key=$environment,Value=$branch"
+
+COMMIT_HASH=$(git rev-parse HEAD)
+DEPLOY_ID=$(aws deploy create-deployment --application-name tlsn-$environment --deployment-group-name tlsn-$environment-group --github-location repository=$GITHUB_REPOSITORY,commitId=$COMMIT_HASH --ignore-application-stop-failures --file-exists OVERWRITE --output text)
+
+while true; do
+  STATUS=$(aws deploy get-deployment --deployment-id $DEPLOY_ID --query 'deploymentInfo.status' --output text)
+  if [ $STATUS != "InProgress" ] && [ $STATUS != "Created" ]; then
+    if [ $STATUS = "Succeeded" ]; then
+       echo "SUCCESS"
+       exit 0
+    else
+       echo "Failed"
+       exit 1
+    fi
+  else
+    echo "Deploying..."
+  fi
+     sleep 30
+done

.github/workflows/deploy.yml

@@ -0,0 +1,48 @@
+name: Deploy
+on:
+  #push:
+  #  branches: [ main ]
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: "Environment"
+        required: true
+        default: "enable"
+        type: choice
+        options:
+        - nightly
+        - stable
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:  
+  deploy:
+    runs-on: ubuntu-latest
+    env:
+      DATA_ENV: ${{ github.event.inputs.environment || 'nightly' }}
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:      
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::490752553772:role/tlsn-deploy-slc
+          role-duration-seconds: 1800
+          aws-region: eu-central-1
+
+      - name: Cargo build
+        run: |
+          .github/scripts/build.sh ${{ env.DATA_ENV }}
+
+      - name: Trigger Deployment
+        run: |
+          .github/scripts/deploy.sh ${{ env.DATA_ENV }} $GITHUB_REF_NAME

appspec.yml

@@ -0,0 +1,30 @@
+version: 0.0
+os: linux
+files:
+  - source: /
+    destination: /home/ubuntu/tlsn
+permissions:
+  - object: /home/ubuntu/tlsn
+    owner: ubuntu
+    group: ubuntu
+hooks:
+  BeforeInstall:
+    - location: scripts/before_install.sh
+      timeout: 300
+      runas: ubuntu
+  AfterInstall:
+    - location: scripts/after_install.sh
+      timeout: 300
+      runas: ubuntu
+  ApplicationStart:
+    - location: scripts/start_app.sh
+      timeout: 300
+      runas: ubuntu
+  ApplicationStop:
+    - location: scripts/stop_app.sh
+      timeout: 300
+      runas: ubuntu
+  ValidateService:
+    - location: scripts/validate_app.sh
+      timeout: 300
+      runas: ubuntu

scripts/after_install.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+export PATH=$PATH:/home/ubuntu/.cargo/bin
+
+APP_NAME=$(echo $APPLICATION_NAME | awk -F- '{ print $2 }')
+BRANCH=$(curl http://169.254.169.254/latest/meta-data/tags/instance/$APP_NAME)
+
+# Prepare directory
+sudo rm -rf ~/$APP_NAME/tlsn
+sudo mv ~/tlsn/ ~/$APP_NAME
+sudo mkdir -p ~/$APP_NAME/tlsn/notary-server/target/release
+sudo chown -R ubuntu.ubuntu ~/$APP_NAME
+
+git clone -b $BRANCH --no-checkout https://github.com/tlsnotary/tlsn.git /tmp/tlsn_remove
+cp -rp /tmp/tlsn_remove/.git ~/$APP_NAME/tlsn
+rm -rf /tmp/tlsn_remove
+
+# Download binary
+aws s3 cp s3://tlsn-deploy/$APP_NAME/notary-server ~/$APP_NAME/tlsn/notary-server/target/release
+chmod +x ~/$APP_NAME/tlsn/notary-server/target/release/notary-server
+
+exit 0

scripts/before_install.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+#set -e
+
+APP_NAME=$(echo $APPLICATION_NAME | awk -F- '{ print $2 }')
+
+if [ ! -d $APP_NAME ]; then
+   mkdir ~/$APP_NAME
+fi
+
+exit 0

scripts/start_app.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+export PATH=$PATH:/home/ubuntu/.cargo/bin
+
+APP_NAME=$(echo $APPLICATION_NAME | awk -F- '{ print $2 }')
+
+cd ~/$APP_NAME/tlsn/notary-server
+target/release/notary-server --config-file ~/.notary/$APP_NAME/config.yaml &> ~/$APP_NAME/tlsn/notary.log &
+
+exit 0

scripts/stop_app.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -e
+
+APP_NAME=$(echo $APPLICATION_NAME | awk -F- '{ print $2 }')
+
+PID=$(pgrep -f notary.*$APP_NAME)
+kill -15 $PID
+
+exit 0

scripts/validate_app.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+# Verify proccess is running
+APP_NAME=$(echo $APPLICATION_NAME | awk -F- '{ print $2 }')
+
+pgrep -f notary.*$APP_NAME
+[ $? -eq 0 ] || exit 1
+
+# Verify that listening sockets exist
+if [ "$APPLICATION_NAME" == "tlsn-nightly" ]; then
+    port=7048
+else
+    port=7047
+fi
+
+exposed_ports=$(netstat -lnt4 | egrep -cw $port)
+[ $exposed_ports -eq 1 ] || exit 1
+
+exit 0