fix: add certs to container and check for connections in build

Cargo.toml

@@ -13,6 +13,8 @@ members = [
   anyhow = "1.0.80"
   async-trait = "0.1.77"
   base64 = "0.21.7"
+  clap = { version = "=4.4.18", default-features = false, features = ["derive", "std"] }
+  curve25519-dalek = "=4.1.1"
   hmac = "0.12.1"
   jwt = "0.16.0"
   log = "0.4.20"

Dockerfile

@@ -21,6 +21,8 @@ RUN --mount=type=cache,target=/home/builder/.cargo \
 
 FROM --platform=linux/amd64 debian:bookworm-slim
 
+RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
+
 COPY --from=builder /home/builder/checkpointer/bin/* /usr/bin
 
 # Adding this step after copying the ceramic-one binary so that we always take the newest libs from the builder if the

checkpointer/Cargo.toml

@@ -13,6 +13,7 @@ async-trait = "0.1.77"
 calculator = { path = "../calculator" }
 ceramic-http-client = { workspace = true, features = ["remote"] }
 chrono.workspace = true
+clap.workspace = true
 futures-util = "0.3.30"
 models = { path = "../models" }
 reqwest = "0.11.23"

checkpointer/src/errors.rs

@@ -22,6 +22,8 @@ pub enum Error {
     #[error("{0}")]
     Ceramic(#[from] anyhow::Error),
     #[error("{0}")]
+    Reqwest(#[from] reqwest::Error),
+    #[error("{0}")]
     Custom(String),
 }
 

checkpointer/src/main.rs

@@ -16,10 +16,25 @@ mod persistence;
 use crate::persistence::SqlitePersistence;
 use batcher::{BatchCreationParameters, Batcher};
 use calculator::CalculatorParameters;
+use clap::{Parser, Subcommand};
 use errors::Error;
 use std::sync::atomic::AtomicBool;
 use std::sync::Arc;
 
+#[derive(Parser)]
+#[command(name = "CeramicCheckpointer")]
+#[command(version = "1.0")]
+#[command(about = "Provides batching and checkpointing for ceramic sse feeds", long_about = None)]
+struct Cli {
+    #[clap(subcommand)]
+    subcmd: Option<SubCmd>,
+}
+
+#[derive(Subcommand)]
+enum SubCmd {
+    SshCheck,
+}
+
 fn trace_error<B>(res: ServiceResponse<B>) -> Result<ErrorHandlerResponse<B>> {
     if let Some(ref e) = res.response().error() {
         tracing::error!("{:?}", e);
@@ -106,13 +121,33 @@ pub struct Config {
 #[actix_web::main]
 async fn main() -> Result<(), Error> {
     let _guard = util::init_tracing();
+    let cmd = Cli::parse();
 
     let config = Config {
         batcher: Batcher::new(Arc::new(SqlitePersistence::new().await?))?,
         calculator_params: CalculatorParameters::new().await?,
         calculate_active: Arc::new(AtomicBool::new(false)),
     };
 
+    match cmd.subcmd {
+        Some(SubCmd::SshCheck) => {
+            let url = config
+                .calculator_params
+                .ceramic_url
+                .join("/api/v0/node/healthcheck")?;
+            if !reqwest::get(url).await?.status().is_success() {
+                return Err(Error::custom("Failed to connect to ceramic"));
+            }
+        }
+        None => {
+            start_server(config).await?;
+        }
+    }
+
+    Ok(())
+}
+
+async fn start_server(config: Config) -> Result<(), Error> {
     HttpServer::new(move || {
         let svc = web::scope("/api/v1")
             .service(create_batcher)

ci-scripts/publish.sh

@@ -11,6 +11,7 @@
 # to login to docker. That password will be valid for 12h.
 
 docker buildx build --load -t 3box/checkpointer .
+docker run --rm 3box/checkpointer ssh-check
 docker tag 3box/checkpointer:latest public.ecr.aws/r5b3e0r5/3box/checkpointer:latest
 
 if [[ -n "$SHA" ]]; then

tester/Cargo.toml

@@ -9,8 +9,7 @@ edition = "2021"
 anyhow = "1.0.79"
 ceramic-http-client = { workspace = true, features = ["remote"] }
 chrono.workspace = true
-clap = { version = "=4.4.18", default-features = false, features = ["derive", "std"] }
-curve25519-dalek = "=4.1.1"
+clap.workspace = true
 models = { path = "../models" }
 serde.workspace = true
 serde_json.workspace = true