feat(keyfunder): add standalone keyfunder package with Docker workflow

Author: paulbalaji

.github/workflows/keyfunder-docker.yml

@@ -0,0 +1,125 @@
+name: Build and Push KeyFunder Image to GCR
+on:
+  push:
+    branches: [main]
+    tags:
+      - '**'
+  pull_request:
+    paths:
+      - 'typescript/keyfunder/**'
+      - '.github/workflows/keyfunder-docker.yml'
+  workflow_dispatch:
+    inputs:
+      include_arm64:
+        description: 'Include arm64 in the build'
+        required: false
+        default: 'false'
+
+concurrency:
+  group: build-push-keyfunder-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check-env:
+    runs-on: ubuntu-latest
+    outputs:
+      gcloud-service-key: ${{ steps.gcloud-service-key.outputs.defined }}
+    steps:
+      - id: gcloud-service-key
+        env:
+          GCLOUD_SERVICE_KEY: ${{ secrets.GCLOUD_SERVICE_KEY }}
+        if: "${{ env.GCLOUD_SERVICE_KEY != '' }}"
+        run: echo "defined=true" >> $GITHUB_OUTPUT
+
+  build-and-push-to-gcr:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+
+    needs: [check-env]
+    if: needs.check-env.outputs.gcloud-service-key == 'true'
+
+    steps:
+      - name: Generate GitHub App Token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.HYPER_GONK_APP_ID }}
+          private-key: ${{ secrets.HYPER_GONK_PRIVATE_KEY }}
+
+      - uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Generate tag data
+        id: taggen
+        run: |
+          echo "TAG_DATE=$(date +'%Y%m%d-%H%M%S')" >> $GITHUB_OUTPUT
+          echo "TAG_SHA=$(echo '${{ github.event.pull_request.head.sha || github.sha }}' | cut -b 1-7)" >> $GITHUB_OUTPUT
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            gcr.io/abacus-labs-dev/hyperlane-keyfunder
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=raw,value=${{ steps.taggen.outputs.TAG_SHA }}-${{ steps.taggen.outputs.TAG_DATE }}
+
+      - name: Set up Depot CLI
+        uses: depot/setup-action@v1
+
+      - name: Login to GCR
+        uses: docker/login-action@v3
+        with:
+          registry: gcr.io
+          username: _json_key
+          password: ${{ secrets.GCLOUD_SERVICE_KEY }}
+
+      - name: Determine platforms
+        id: determine-platforms
+        run: |
+          if [ "${{ github.event.inputs.include_arm64 }}" == "true" ]; then
+            echo "platforms=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
+          else
+            echo "platforms=linux/amd64" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Get Foundry version
+        id: foundry-version
+        run: |
+          FOUNDRY_VERSION=$(cat solidity/.foundryrc)
+          echo "FOUNDRY_VERSION=$FOUNDRY_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Build and push
+        id: build
+        uses: depot/build-push-action@v1
+        with:
+          project: 3cpjhx94qv
+          context: ./
+          file: ./typescript/keyfunder/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ steps.determine-platforms.outputs.platforms }}
+          build-args: |
+            FOUNDRY_VERSION=${{ steps.foundry-version.outputs.FOUNDRY_VERSION }}
+            SERVICE_VERSION=${{ steps.taggen.outputs.TAG_SHA }}-${{ steps.taggen.outputs.TAG_DATE }}
+
+      - name: Comment image tags on PR
+        if: github.event_name == 'pull_request'
+        uses: ./.github/actions/docker-image-comment
+        with:
+          comment_tag: keyfunder-docker-image
+          image_name: KeyFunder Docker Image
+          emoji: 🔑
+          image_tags: ${{ steps.meta.outputs.tags }}
+          pr_number: ${{ github.event.pull_request.number }}
+          github_token: ${{ steps.generate-token.outputs.token }}
+          job_status: ${{ job.status }}

.gitignore

@@ -43,4 +43,7 @@ yalc.lock
 **/deployer-key.json
 
 # .yarn as we use pnpm now
-.yarn
+.yarn
+
+# opencode
+.opencode/

Dockerfile

@@ -31,6 +31,7 @@ COPY typescript/github-proxy/package.json ./typescript/github-proxy/
 COPY typescript/helloworld/package.json ./typescript/helloworld/
 COPY typescript/http-registry-server/package.json ./typescript/http-registry-server/
 COPY typescript/infra/package.json ./typescript/infra/
+COPY typescript/keyfunder/package.json ./typescript/keyfunder/
 COPY typescript/provider-sdk/package.json ./typescript/provider-sdk/
 COPY typescript/radix-sdk/package.json ./typescript/radix-sdk/
 COPY typescript/rebalancer/package.json ./typescript/rebalancer/

pnpm-lock.yaml

@@ -0,0 +1,7 @@
+.env*
+/dist
+/bundle
+/cache
+
+# allow check-in of .env.example
+!.env.example

typescript/keyfunder/.gitignore

@@ -0,0 +1,3 @@
+{
+  "import": ["tsx"]
+}

typescript/keyfunder/.mocharc.json

@@ -0,0 +1,73 @@
+FROM node:20-slim AS builder
+
+WORKDIR /hyperlane-monorepo
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git g++ make python3 python3-pip jq bash curl ca-certificates unzip \
+    && rm -rf /var/lib/apt/lists/*
+
+ARG FOUNDRY_VERSION
+ARG SERVICE_VERSION=dev
+ARG TARGETARCH
+SHELL ["/bin/bash", "-c"]
+RUN set -o pipefail && \
+    ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64" || echo "amd64") && \
+    curl --fail -L "https://github.com/foundry-rs/foundry/releases/download/${FOUNDRY_VERSION}/foundry_${FOUNDRY_VERSION}_linux_${ARCH}.tar.gz" | tar -xzC /usr/local/bin forge cast
+SHELL ["/bin/sh", "-c"]
+
+COPY package.json ./
+RUN corepack enable && corepack install
+
+COPY pnpm-lock.yaml pnpm-workspace.yaml ./
+
+COPY patches ./patches
+
+COPY typescript/keyfunder/package.json ./typescript/keyfunder/
+COPY typescript/sdk/package.json ./typescript/sdk/
+COPY typescript/provider-sdk/package.json ./typescript/provider-sdk/
+COPY typescript/utils/package.json ./typescript/utils/
+COPY typescript/cosmos-sdk/package.json ./typescript/cosmos-sdk/
+COPY typescript/cosmos-types/package.json ./typescript/cosmos-types/
+COPY typescript/radix-sdk/package.json ./typescript/radix-sdk/
+COPY typescript/tsconfig/package.json ./typescript/tsconfig/
+COPY typescript/eslint-config/package.json ./typescript/eslint-config/
+COPY typescript/deploy-sdk/package.json ./typescript/deploy-sdk/
+COPY solidity/package.json ./solidity/
+COPY solhint-plugin/package.json ./solhint-plugin/
+COPY starknet/package.json ./starknet/
+
+RUN pnpm install --frozen-lockfile
+
+COPY turbo.json ./
+COPY typescript/keyfunder ./typescript/keyfunder
+COPY typescript/sdk ./typescript/sdk
+COPY typescript/provider-sdk ./typescript/provider-sdk
+COPY typescript/utils ./typescript/utils
+COPY typescript/cosmos-sdk ./typescript/cosmos-sdk
+COPY typescript/cosmos-types ./typescript/cosmos-types
+COPY typescript/radix-sdk ./typescript/radix-sdk
+COPY typescript/tsconfig ./typescript/tsconfig
+COPY typescript/eslint-config ./typescript/eslint-config
+COPY typescript/deploy-sdk ./typescript/deploy-sdk
+COPY solidity ./solidity
+COPY solhint-plugin ./solhint-plugin
+COPY starknet ./starknet
+
+RUN pnpm turbo run bundle --filter=@hyperlane-xyz/keyfunder
+
+FROM node:20-alpine AS runner
+
+WORKDIR /app
+
+RUN apk add --no-cache ca-certificates
+
+COPY --from=builder /hyperlane-monorepo/typescript/keyfunder/bundle ./bundle
+
+RUN npm install @google-cloud/pino-logging-gcp-config
+
+ARG SERVICE_VERSION=dev
+ENV NODE_ENV=production
+ENV LOG_LEVEL=info
+ENV SERVICE_VERSION=${SERVICE_VERSION}
+
+CMD ["node", "bundle/index.js"]