chore: working worker and own Dockerfile

Fix worker not to request TLS when connecting to redis under local testing. Provide own Dockerfile for local development that can also be used to run ipython shell.
brave-intl · Jul 2, 2024 · 435d166 · 435d166
1 parent 39e317a
commit 435d166
Show file tree

Hide file tree

Showing 6 changed files with 79 additions and 23 deletions.
diff --git a/Makefile b/Makefile
@@ -16,7 +16,7 @@ ifdef TEST_RUN
 	TEST_FLAGS = --tags=$(TEST_TAGS) $(TEST_PKG) --run=$(TEST_RUN)
 endif
 
-.PHONY: all buildcmd docker test create-json-schema lint clean download-mod pcrs pcrs-only nitro-shim/tools/eifbuild/eifbuild
+.PHONY: all buildcmd docker docker-local test create-json-schema lint clean download-mod pcrs pcrs-only nitro-shim/tools/eifbuild/eifbuild
 
 all: test create-json-schema buildcmd
 
@@ -101,6 +101,9 @@ docker:
 		--build-arg BUILD_TIME=$(BUILD_TIME) -t bat-go:$(GIT_VERSION)$(BUILD_TIME) .
 	docker tag bat-go:$(GIT_VERSION)$(BUILD_TIME) bat-go:latest
 
+docker-local:
+	docker build -t bat-go-local -f local-dev/local.dockerfile --target image .
+
 docker-reproducible:
 	$(eval TMP_CHECKOUT = $(shell mktemp -d 2>/dev/null || mktemp -d -t 'bat-go-tmp'))
 	git clone . $(TMP_CHECKOUT)

diff --git a/docker-compose.payments.yml b/docker-compose.payments.yml
@@ -4,7 +4,7 @@ services:
     restart: always
     #ports:
     #  - '6379:6379'
-    command: redis-server --save 20 1 --loglevel verbose --requirepass idBocFijvo --user redis
+    command: redis-server --save 20 1 --loglevel verbose --requirepass testpass --user redis
     #volumes:
     #  - redis-cache:/data
 
@@ -30,23 +30,27 @@ services:
       # - "/var/run/docker.sock:/var/run/docker.sock"
 
   worker:
-    image: bat-go-repro:latest
-    command: bat-go serve payments worker
+    image: bat-go-local
+    command: /build/bat-go serve payments worker
+    depends_on:
+      - redis
+      - localstack
     environment:
+      - NITRO_ENCLAVE_MOCKING=1
       - REDIS_ADDR=redis:6379
-      - REDIS_USER=user
-      - REDIS_PASS=idBocFijvo
+      - REDIS_USER=default
+      - REDIS_PASS=testpass
       - DEBUG=1
       - ENVIRONMENT=development
-      - NITRO_API_BASE=http://web.payment-dev.svc.cluster.local
+      - NITRO_API_BASE=http://service:18080
 
   service:
-    image: bat-go:latest
-    command: bat-go serve nitro inside-enclave --egress-address none --log-address none --upstream-url http://0.0.0.0:8080
+    image: bat-go-local
+    command: /build/bat-go serve nitro inside-enclave --egress-address none --log-address none --upstream-url http://0.0.0.0:8080
     volumes:
       - ./payments-test-secretes.json:/etc/bat-test-secretes.json:ro
     environment:
-      - ENCLAVE_MOCKING=1
+      - NITRO_ENCLAVE_MOCKING=1
       - DEBUG=1
       - ADDR=0.0.0.0:18080
       - ADDR2=0.0.0.0:18443
@@ -62,8 +66,8 @@ services:
       - AWS_CONTAINER_AUTHORIZATION_TOKEN=${AWS_CONTAINER_AUTHORIZATION_TOKEN-}
 
     ports:
-      - "18080:18080"
-      - "18443:18443"
+      - "127.0.0.1:18080:18080"
+      - "127.0.0.1:18443:18443"
 
 volumes:
   redis-cache:

diff --git a/libs/nitro/mocking.go b/libs/nitro/mocking.go
@@ -1,10 +1,8 @@
 package nitro
 
-var enclaveMocking bool
+import "os"
 
-func MockEnclave() {
-	enclaveMocking = true
-}
+var enclaveMocking = os.Getenv("NITRO_ENCLAVE_MOCKING") != ""
 
 func EnclaveMocking() bool {
 	return enclaveMocking

diff --git a/local-dev/local.dockerfile b/local-dev/local.dockerfile
@@ -0,0 +1,52 @@
+FROM debian:bookworm AS base
+
+ARG DEBIAN_FRONTEND=noninteractive
+ARG GOLANG_VERSION=1.22.4
+
+RUN apt-get update \
+    && apt-get install -y -qq \
+        tmux curl man less \
+        python3 git make
+
+# Install Go
+RUN set -x && curl -L -o /var/tmp/go.tgz \
+    "https://go.dev/dl/go$GOLANG_VERSION.linux-amd64.tar.gz" \
+    && tar -C /usr/local -xf /var/tmp/go.tgz \
+    && rm /var/tmp/go.tgz \
+    && find /usr/local/go/bin -type f -perm /001 \
+        -exec ln -s -t /usr/local/bin '{}' +
+
+RUN useradd -m user
+
+RUN mkdir /build && chown user:user /build
+
+USER user
+WORKDIR /home/user
+
+#CMD [ "sleep", "infinity" ]
+
+# A helper stage to hold Go sources with go.mod and related infrequently changed
+# files moved to separated directory so they can be copied later before the *.go
+# files to allow to cache downloaded Go modules in a Docker layer independent
+# from more frequently changed sources.
+FROM base as sources
+
+COPY --chown=user:user . /build/repo
+RUN mkdir /build/mod-files && cd /build/repo && rm -rf .git \
+    && find . -name go.\* | xargs tar cf - | tar -C /build/mod-files -xf - \
+    && find . -name go.\* -delete
+
+FROM base as image
+
+RUN mkdir -p .cache
+
+COPY --link --from=sources --chown=user:user /build/mod-files/ /build/src/
+
+RUN cd /build/src/main && go mod download -x
+
+COPY --link --from=sources --chown=user:user /build/repo/ /build/src/
+
+RUN cd /build/src/main \
+    && CGO_ENABLED=0 GOOS=linux go build \
+        -o /build/bat-go main.go
+
diff --git a/services/nitro/nitro.go b/services/nitro/nitro.go
@@ -87,8 +87,6 @@ func init() {
 	viper.BindPFlag("enclave-decrypt-key-template-secret", NitroServeCmd.PersistentFlags().Lookup("enclave-decrypt-key-template-secret"))
 	viper.BindEnv("enclave-decrypt-key-template-secret", "ENCLAVE_DECRYPT_KEY_TEMPLATE_SECRET")
 
-	rootcmd.Must(viper.BindEnv("enclave-mocking", "ENCLAVE_MOCKING"))
-
 	NitroServeCmd.AddCommand(OutsideNitroServeCmd)
 	NitroServeCmd.AddCommand(InsideNitroServeCmd)
 	srvcmd.ServeCmd.AddCommand(NitroServeCmd)
@@ -118,10 +116,6 @@ var NitroServeCmd = &cobra.Command{
 func RunNitroServerInEnclave(cmd *cobra.Command, args []string) error {
 	ctx := cmd.Context()
 
-	if viper.GetString("enclave-mocking") != "" {
-		nitro.MockEnclave()
-	}
-
 	logaddr := viper.GetString("log-address")
 	logWriter := nitro.NewVsockWriter(logaddr)
 

diff --git a/services/payments/cmd/worker.go b/services/payments/cmd/worker.go
@@ -3,6 +3,7 @@ package cmd
 import (
 	rootcmd "github.com/brave-intl/bat-go/cmd"
 	appctx "github.com/brave-intl/bat-go/libs/context"
+	"github.com/brave-intl/bat-go/libs/nitro"
 	"github.com/brave-intl/bat-go/libs/redisconsumer"
 	"github.com/brave-intl/bat-go/services/payments"
 	"github.com/spf13/cobra"
@@ -20,7 +21,11 @@ func WorkerRun(command *cobra.Command, args []string) {
 	user := viper.GetString("redis-user")
 	pass := viper.GetString("redis-pass")
 
-	redisClient, err := redisconsumer.NewStreamClient(ctx, env, addr, user, pass, true)
+	redisUseTLS := true
+	if nitro.EnclaveMocking() {
+		redisUseTLS = false
+	}
+	redisClient, err := redisconsumer.NewStreamClient(ctx, env, addr, user, pass, redisUseTLS)
 	if err != nil {
 		logger.Error().Err(err).Msg("failed to start redis consumer")
 		return