Merge pull request #20 from permaweb/feat/dev_process

Implement long-lived WASM exec in `hb_converge`, message caching during execution, and `dev_process` basics

Author: samcamwilliams

.github/documentation/cd.md

@@ -0,0 +1,58 @@
+# CD
+
+## Table of Contents
+- [Description](#description)
+- [Variables](#variables)
+- [Jobs](#jobs)
+- [Credentials](#credentials)
+
+### Description 
+This workflow is triggered when a push is made to the `main` branch and is responsible for building and deploying AO/HyperBEAM to a confidential VM in GCP.
+
+### Variables
+
+The following variables are defined by the workflow:
+- `GCP_PROJECT`: The GCP project to deploy the application to (hyperbeam-cd)
+- `GCP_IMAGE_NAME`: The name of the Packer image that is built (hyperbeam-image)
+- `GCP_INSTANCE_NAME`: The name of the GCP instance (hyperbeam)
+- `GCP_ZONE`: The GCP zone to deploy to (us-central1-a)
+
+### Jobs
+
+The workflow consists of four main jobs:
+
+1. **build**: 
+   - Sets up the build environment with Erlang, Packer, and Rebar3
+   - Builds and releases AO/HyperBEAM
+   - Creates a Packer image with a unique name using timestamp and commit SHA
+   - Tags the image with workflow run ID and commit SHA
+
+2. **deploy**:
+   - Creates a confidential AMD SEV-SNP VM using the built image
+   - Configures the VM with secure boot, vTPM, and integrity monitoring
+
+3. **test**:
+   - Waits for deployment to complete
+   - Runs tests (placeholder for actual test implementation)
+
+4. **cleanup**:
+   - Deletes the created VM instance
+   - Cleans up old images, keeping only the last 5
+
+### Credentials
+
+The credentials are stored as a GitHub secret named `CD_SERVICE_ACCOUNT` containing GCP service account credentials.
+They were created as follows:
+```sh
+$ gcloud iam service-accounts create hyperbeam-cd-gha \
+    --description="Service account for the hyperbeam-cd project" \
+    --display-name="hyperbeam-cd-gha"
+```
+
+and the `.json` credentials file was created as follows:
+```sh
+$ gcloud iam service-accounts keys create "hyperbeam-cd-gha.json" \
+ --iam-account "[email protected]"
+```
+
+The workflow uses these credentials to authenticate with Google Cloud using the `google-github-actions/auth` action.

.github/documentation/workflows.md

@@ -0,0 +1,8 @@
+# Workflows
+
+This document contains information about all of the workflows in the `.github/workflows` directory. 
+These workflows are GitHub Actions workflows that are used for a variety of CI/CD tasks.
+
+## Table of Contents
+
+- [CD](cd.md)

.github/workflows/cd.yaml

@@ -0,0 +1,138 @@
+name: Build and Deploy AO/HyperBEAM
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  GCP_IMAGE_NAME: hyperbeam-image
+  GCP_PROJECT: hyperbeam-cd
+  GCP_INSTANCE_NAME: hyperbeam
+  GCP_ZONE: us-central1-a
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      image_name: ${{ steps.set_image_name.outputs.image_name }}
+    steps:
+      - uses: actions/checkout@v4
+      - id: auth
+        name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.CD_SERVICE_ACCOUNT }}
+
+      - name: Setup GCloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Setup build tools (Erlang, Packer and Rebar3)
+        run: | 
+          curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+          sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+          sudo apt-get update
+          sudo apt-get install -y packer git libssl-dev ncurses-dev make cmake gcc g++
+          git clone https://github.com/erlang/otp.git && cd otp && git checkout maint-27 && ./configure && make -j8 && sudo make install
+          git clone https://github.com/erlang/rebar3.git && cd rebar3 && ./bootstrap && sudo mv rebar3 /usr/local/bin/
+
+      - name: Build and release AO/HyperBEAM with Rebar3
+        run: | 
+          rebar3 clean
+          rebar3 get-deps
+          rebar3 compile
+          rebar3 release
+
+      - name: Set image name with timestamp and commit SHA
+        id: set_image_name
+        run: |
+          SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)
+          TIMESTAMPED_IMAGE_NAME="${{ env.GCP_IMAGE_NAME }}-${SHORT_SHA}-$(date +%Y%m%d-%H%M%S)"
+          echo "image_name=${TIMESTAMPED_IMAGE_NAME}" >> "$GITHUB_OUTPUT"
+
+      - name: Build Packer Image
+        run: | 
+          packer init .
+          packer validate .
+          packer build -var "image_name=${{ steps.set_image_name.outputs.image_name }}" -var "project_id=${{ env.GCP_PROJECT }}" .
+
+      - name: Tag image for reference
+        run: |
+          gcloud compute images add-labels ${{ steps.set_image_name.outputs.image_name }} \
+            --project=${{ env.GCP_PROJECT }} \
+            --labels=workflow_run=${{ github.run_id }},commit_sha=${{ github.sha }}
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - id: auth
+        name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.CD_SERVICE_ACCOUNT }}
+
+      - name: Setup GCloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Create Confidential VM
+        run: |
+          gcloud compute instances create ${{ env.GCP_INSTANCE_NAME }} \
+            --zone=${{ env.GCP_ZONE }}  \
+            --machine-type=n2d-standard-2 \
+            --min-cpu-platform="AMD Milan" \
+            --confidential-compute-type=SEV_SNP \
+            --maintenance-policy=TERMINATE \
+            --image-family=ubuntu-2404-lts-amd64 \
+            --image-project=ubuntu-os-cloud \
+            --project=${{ env.GCP_PROJECT }} \
+            --network-interface=network-tier=PREMIUM,nic-type=GVNIC,stack-type=IPV4_ONLY,subnet=default \
+            --tags=http-server,https-server \
+            --shielded-secure-boot \
+            --shielded-vtpm \
+            --shielded-integrity-monitoring \
+            --create-disk=auto-delete=yes,boot=yes,device-name=${{ env.GCP_INSTANCE_NAME }},image=projects/${{ env.GCP_PROJECT }}/global/images/${{ needs.build.outputs.image_name }},mode=rw,size=20,type=pd-balanced
+
+  test:
+    needs: deploy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Wait for deployment
+        run: sleep 60  # Add appropriate wait time for your service to start
+
+      - name: Run tests
+        run: |
+          # Add your test commands here
+          echo "Running tests..."
+
+  cleanup:
+    needs: [build, test]  # Added build to needs to access the image name
+    if: always()
+    runs-on: ubuntu-latest
+    steps:
+      - id: auth
+        name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ secrets.CD_SERVICE_ACCOUNT }}
+
+      - name: Setup GCloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Delete Confidential VM
+        run: |
+          gcloud compute instances delete ${{ env.GCP_INSTANCE_NAME }} \
+            --project=${{ env.GCP_PROJECT }} \
+            --zone=${{ env.GCP_ZONE }} \
+            --quiet
+
+      - name: Clean up old images
+        run: |
+          # Keep only the last 5 images
+          gcloud compute images list \
+            --project=${{ env.GCP_PROJECT }} \
+            --filter="name ~ '^${{ env.GCP_IMAGE_NAME }}-'" \
+            --format="get(name)" \
+            --sort-by=~creationTimestamp \
+            | tail -n +6 \
+            | xargs -r gcloud compute images delete --quiet --project=${{ env.GCP_PROJECT }}

.gitignore

@@ -30,7 +30,6 @@ node_modules
 c_src/*.o
 c_src/*.d
 priv/*
-rebar.lock
 .DS_STORE
 TEST-data*
 test-cache/*

erlang_ls.config

@@ -24,4 +24,4 @@ lenses:
     - show-behaviour-usages
 providers:
   enabled:
-    - signature-help
+    - signature-help

packer.pkr.hcl

@@ -10,7 +10,7 @@ packer {
 # Define required variables
 variable "project_id" {
   type    = string
-  default = "arweave-437622"
+  default = "hyperbeam-cd"
 }
 
 variable "region" {
@@ -23,15 +23,16 @@ variable "zone" {
   default = "us-east1-c"
 }
 
-variable "image_family" {
+variable "image_name" {
   type    = string
-  default = "ao-image"
+  default = "hyperbeam-image"
 }
 
 # Source block to define GCP builder
 source "googlecompute" "ubuntu" {
   project_id          = var.project_id
   source_image_family = "ubuntu-2204-lts"
+  image_name          = var.image_name
   zone                = var.zone
   machine_type        = "n1-standard-1"
   ssh_username        = "packer"
@@ -65,31 +66,31 @@ build {
   # Upload the pre-built release (with ERTS included) to the instance
   provisioner "file" {
     source      = "./_build/default/rel/ao"
-    destination = "/tmp/ao"
+    destination = "/tmp/hyperbeam"
   }
 
   provisioner "shell" {
     inline = [
       # Move the release to /opt with sudo
-      "sudo mv /tmp/ao /opt/ao",
-      "sudo chmod -R 755 /opt/ao",
+      "sudo mv /tmp/hyperbeam /opt/hyperbeam",
+      "sudo chmod -R 755 /opt/hyperbeam",
 
       # Create a symlink to make it easier to run the app
-      "sudo ln -s /opt/ao/bin/ao /usr/local/bin/ao",
+      "sudo ln -s /opt/hyperbeam/bin/hyperbeam /usr/local/bin/hyperbeam",
 
       # (Optional) If you want to create a systemd service to manage the app
-      "echo '[Unit]' | sudo tee /etc/systemd/system/ao.service",
-      "echo 'Description=Permaweb Node' | sudo tee -a /etc/systemd/system/ao.service",
-      "echo '[Service]' | sudo tee -a /etc/systemd/system/ao.service",
-      "echo 'Type=simple' | sudo tee -a /etc/systemd/system/ao.service",
-      "echo 'ExecStart=/opt/ao/bin/ao foreground' | sudo tee -a /etc/systemd/system/ao.service",
-      "echo 'Restart=on-failure' | sudo tee -a /etc/systemd/system/ao.service",
-      "echo '[Install]' | sudo tee -a /etc/systemd/system/ao.service",
-      "echo 'WantedBy=multi-user.target' | sudo tee -a /etc/systemd/system/ao.service",
+      "echo '[Unit]' | sudo tee /etc/systemd/system/hyperbeam.service",
+      "echo 'Description=Permaweb Node' | sudo tee -a /etc/systemd/system/hyperbeam.service",
+      "echo '[Service]' | sudo tee -a /etc/systemd/system/hyperbeam.service",
+      "echo 'Type=simple' | sudo tee -a /etc/systemd/system/hyperbeam.service",
+      "echo 'ExecStart=/opt/hyperbeam/bin/hyperbeam foreground' | sudo tee -a /etc/systemd/system/hyperbeam.service",
+      "echo 'Restart=on-failure' | sudo tee -a /etc/systemd/system/hyperbeam.service",
+      "echo '[Install]' | sudo tee -a /etc/systemd/system/hyperbeam.service",
+      "echo 'WantedBy=multi-user.target' | sudo tee -a /etc/systemd/system/hyperbeam.service",
 
       # Enable and start the service
-      "sudo systemctl enable ao",
-      "sudo systemctl start ao"
+      "sudo systemctl enable hyperbeam",
+      "sudo systemctl start hyperbeam"
     ]
   }
 

rebar.config

@@ -33,7 +33,8 @@
 	{jiffy, {git, "https://github.com/ArweaveTeam/jiffy.git", {ref, "74c956defa9116c85d76f77c3e9b5bd6de7bd39a"}}},
 	{cowboy, {git, "https://github.com/ninenines/cowboy", {tag, "2.12.0"}}},
 	{prometheus, "4.11.0"},
-	{prometheus_cowboy, "0.1.8"}
+	{prometheus_cowboy, "0.1.8"},
+    {rocksdb, "1.8.0"}
 ]}.
 
 {shell, [
@@ -51,3 +52,8 @@
 	{include_erts, true},
 	{extended_start_script, true}
 ]}.
+
+% {dist_node, [
+%     {setcookie, 'hb'},
+%     {name, 'hb@hb-node'}
+% ]}.

rebar.lock

@@ -0,0 +1,43 @@
+{"1.2.0",
+[{<<"accept">>,{pkg,<<"accept">>,<<"0.3.5">>},2},
+ {<<"b64fast">>,
+  {git,"https://github.com/ArweaveTeam/b64fast.git",
+       {ref,"58f0502e49bf73b29d95c6d02460d1fb8d2a5273"}},
+  0},
+ {<<"cowboy">>,
+  {git,"https://github.com/ninenines/cowboy",
+       {ref,"3ea8395eb8f53a57acb5d3c00b99c70296e7cdbd"}},
+  0},
+ {<<"cowlib">>,
+  {git,"https://github.com/ninenines/cowlib",
+       {ref,"1eb7f4293a652adcfe43b1835d22c58d8def839f"}},
+  1},
+ {<<"jiffy">>,
+  {git,"https://github.com/ArweaveTeam/jiffy.git",
+       {ref,"74c956defa9116c85d76f77c3e9b5bd6de7bd39a"}},
+  0},
+ {<<"prometheus">>,{pkg,<<"prometheus">>,<<"4.11.0">>},0},
+ {<<"prometheus_cowboy">>,{pkg,<<"prometheus_cowboy">>,<<"0.1.8">>},0},
+ {<<"prometheus_httpd">>,{pkg,<<"prometheus_httpd">>,<<"2.1.11">>},1},
+ {<<"quantile_estimator">>,{pkg,<<"quantile_estimator">>,<<"0.2.1">>},1},
+ {<<"ranch">>,
+  {git,"https://github.com/ninenines/ranch",
+       {ref,"a692f44567034dacf5efcaa24a24183788594eb7"}},
+  1},
+ {<<"rocksdb">>,{pkg,<<"rocksdb">>,<<"1.8.0">>},0}]}.
+[
+{pkg_hash,[
+ {<<"accept">>, <<"B33B127ABCA7CC948BBE6CAA4C263369ABF1347CFA9D8E699C6D214660F10CD1">>},
+ {<<"prometheus">>, <<"B95F8DE8530F541BD95951E18E355A840003672E5EDA4788C5FA6183406BA29A">>},
+ {<<"prometheus_cowboy">>, <<"CFCE0BC7B668C5096639084FCD873826E6220EA714BF60A716F5BD080EF2A99C">>},
+ {<<"prometheus_httpd">>, <<"F616ED9B85B536B195D94104063025A91F904A4CFC20255363F49A197D96C896">>},
+ {<<"quantile_estimator">>, <<"EF50A361F11B5F26B5F16D0696E46A9E4661756492C981F7B2229EF42FF1CD15">>},
+ {<<"rocksdb">>, <<"0AE072F9818DAC03E18BA0E4B436450D24040DFB1A526E2198B451FD9FA0284F">>}]},
+{pkg_hash_ext,[
+ {<<"accept">>, <<"11B18C220BCC2EAB63B5470C038EF10EB6783BCB1FCDB11AA4137DEFA5AC1BB8">>},
+ {<<"prometheus">>, <<"719862351AABF4DF7079B05DC085D2BBCBE3AC0AC3009E956671B1D5AB88247D">>},
+ {<<"prometheus_cowboy">>, <<"BA286BECA9302618418892D37BCD5DC669A6CC001F4EB6D6AF85FF81F3F4F34C">>},
+ {<<"prometheus_httpd">>, <<"0BBE831452CFDF9588538EB2F570B26F30C348ADAE5E95A7D87F35A5910BCF92">>},
+ {<<"quantile_estimator">>, <<"282A8A323CA2A845C9E6F787D166348F776C1D4A41EDE63046D72D422E3DA946">>},
+ {<<"rocksdb">>, <<"185E645EA480E9325D5EFE362BF3D2A38EDFC31B5145031B0CBEED978E89523C">>}]}
+].