Merge pull request 'fix(k8s): translate service names to localhost for sidecar containers' (#989) from fix-sidecar-localhost into main

Reviewed-on: cerc-io/stack-orchestrator#989

.gitea/workflows/test-deploy.yml

@@ -2,7 +2,8 @@ name: Deploy Test
 
 on:
   pull_request:
-    branches: '*'
+    branches:
+      - main
   push:
     branches:
       - main

.gitea/workflows/test-k8s-deploy.yml

@@ -2,7 +2,8 @@ name: K8s Deploy Test
 
 on:
   pull_request:
-    branches: '*'
+    branches:
+      - main
   push:
     branches: '*'
     paths:

.gitea/workflows/test-k8s-deployment-control.yml

@@ -2,7 +2,8 @@ name: K8s Deployment Control Test
 
 on:
   pull_request:
-    branches: '*'
+    branches:
+      - main
   push:
     branches: '*'
     paths:

.gitea/workflows/test-webapp.yml

@@ -2,7 +2,8 @@ name: Webapp Test
 
 on:
   pull_request:
-    branches: '*'
+    branches:
+      - main
   push:
     branches:
       - main

.gitea/workflows/triggers/test-container-registry

@@ -1 +1,3 @@
-Change this file to trigger running the test-container-registry CI job
+Change this file to trigger running the test-container-registry CI job
+Triggered: 2026-01-21
+Triggered: 2026-01-21 19:28:29

.gitea/workflows/triggers/test-database

@@ -1,2 +1,2 @@
 Change this file to trigger running the test-database CI job
-Trigger test run
+Trigger test run

.github/workflows/triggers/fixturenet-eth-test

@@ -1,2 +1 @@
 Change this file to trigger running the fixturenet-eth-test CI job
-

.pre-commit-config.yaml

@@ -0,0 +1,34 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+        args: ['--allow-multiple-documents']
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-added-large-files
+
+  - repo: https://github.com/psf/black
+    rev: 23.12.1
+    hooks:
+      - id: black
+        language_version: python3
+
+  - repo: https://github.com/PyCQA/flake8
+    rev: 7.1.1
+    hooks:
+      - id: flake8
+        args: ['--max-line-length=88', '--extend-ignore=E203,W503,E402']
+
+  - repo: https://github.com/RobertCraigie/pyright-python
+    rev: v1.1.345
+    hooks:
+      - id: pyright
+
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.35.1
+    hooks:
+      - id: yamllint
+        args: [-d, relaxed]

CLAUDE.md

@@ -0,0 +1,121 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code when working with the stack-orchestrator project.
+
+## Some rules to follow
+NEVER speculate about the cause of something
+NEVER assume your hypotheses are true without evidence
+
+ALWAYS clearly state when something is a hypothesis
+ALWAYS use evidence from the systems your interacting with to support your claims and hypotheses
+ALWAYS run `pre-commit run --all-files` before committing changes
+
+## Key Principles
+
+### Development Guidelines
+- **Single responsibility** - Each component has one clear purpose
+- **Fail fast** - Let errors propagate, don't hide failures
+- **DRY/KISS** - Minimize duplication and complexity
+
+## Development Philosophy: Conversational Literate Programming
+
+### Approach
+This project follows principles inspired by literate programming, where development happens through explanatory conversation rather than code-first implementation.
+
+### Core Principles
+- **Documentation-First**: All changes begin with discussion of intent and reasoning
+- **Narrative-Driven**: Complex systems are explained through conversational exploration
+- **Justification Required**: Every coding task must have a corresponding TODO.md item explaining the "why"
+- **Iterative Understanding**: Architecture and implementation evolve through dialogue
+
+### Working Method
+1. **Explore and Understand**: Read existing code to understand current state
+2. **Discuss Architecture**: Workshop complex design decisions through conversation
+3. **Document Intent**: Update TODO.md with clear justification before coding
+4. **Explain Changes**: Each modification includes reasoning and context
+5. **Maintain Narrative**: Conversations serve as living documentation of design evolution
+
+### Implementation Guidelines
+- Treat conversations as primary documentation
+- Explain architectural decisions before implementing
+- Use TODO.md as the "literate document" that justifies all work
+- Maintain clear narrative threads across sessions
+- Workshop complex ideas before coding
+
+This approach treats the human-AI collaboration as a form of **conversational literate programming** where understanding emerges through dialogue before code implementation.
+
+## External Stacks Preferred
+
+When creating new stacks for any reason, **use the external stack pattern** rather than adding stacks directly to this repository.
+
+External stacks follow this structure:
+
+```
+my-stack/
+└── stack-orchestrator/
+    ├── stacks/
+    │   └── my-stack/
+    │       ├── stack.yml
+    │       └── README.md
+    ├── compose/
+    │   └── docker-compose-my-stack.yml
+    └── config/
+        └── my-stack/
+            └── (config files)
+```
+
+### Usage
+
+```bash
+# Fetch external stack
+laconic-so fetch-stack github.com/org/my-stack
+
+# Use external stack
+STACK_PATH=~/cerc/my-stack/stack-orchestrator/stacks/my-stack
+laconic-so --stack $STACK_PATH deploy init --output spec.yml
+laconic-so --stack $STACK_PATH deploy create --spec-file spec.yml --deployment-dir deployment
+laconic-so deployment --dir deployment start
+```
+
+### Examples
+
+- `zenith-karma-stack` - Karma watcher deployment
+- `urbit-stack` - Fake Urbit ship for testing
+- `zenith-desk-stack` - Desk deployment stack
+
+## Architecture: k8s-kind Deployments
+
+### One Cluster Per Host
+One Kind cluster per host by design. Never request or expect separate clusters.
+
+- `create_cluster()` in `helpers.py` reuses any existing cluster
+- `cluster-id` in deployment.yml is an identifier, not a cluster request
+- All deployments share: ingress controller, etcd, certificates
+
+### Stack Resolution
+- External stacks detected via `Path(stack).exists()` in `util.py`
+- Config/compose resolution: external path first, then internal fallback
+- External path structure: `stack_orchestrator/data/stacks/<name>/stack.yml`
+
+### Secret Generation Implementation
+- `GENERATE_TOKEN_PATTERN` in `deployment_create.py` matches `$generate:type:length$`
+- `_generate_and_store_secrets()` creates K8s Secret
+- `cluster_info.py` adds `envFrom` with `secretRef` to containers
+- Non-secret config written to `config.env`
+
+### Repository Cloning
+`setup-repositories --git-ssh` clones repos defined in stack.yml's `repos:` field. Requires SSH agent.
+
+### Key Files (for codebase navigation)
+- `repos/setup_repositories.py`: `setup-repositories` command (git clone)
+- `deployment_create.py`: `deploy create` command, secret generation
+- `deployment.py`: `deployment start/stop/restart` commands
+- `deploy_k8s.py`: K8s deployer, cluster management calls
+- `helpers.py`: `create_cluster()`, etcd cleanup, kind operations
+- `cluster_info.py`: K8s resource generation (Deployment, Service, Ingress)
+
+## Insights and Observations
+
+### Design Principles
+- **When something times out that doesn't mean it needs a longer timeout it means something that was expected never happened, not that we need to wait longer for it.**
+- **NEVER change a timeout because you believe something truncated, you don't understand timeouts, don't edit them unless told to explicitly by user.**

LICENSE

@@ -658,4 +658,4 @@
                                    You should also get your employer (if you work as a programmer) or school,
                                  if any, to sign a "copyright disclaimer" for the program, if necessary.
                                  For more information on this, and how to apply and follow the GNU AGPL, see
-                                 <http://www.gnu.org/licenses/>.
+                                 <http://www.gnu.org/licenses/>.

README.md

@@ -26,7 +26,7 @@ curl -SL https://github.com/docker/compose/releases/download/v2.11.2/docker-comp
 chmod +x ~/.docker/cli-plugins/docker-compose
 ```
 
-Next decide on a directory where you would like to put the stack-orchestrator program. Typically this would be 
+Next decide on a directory where you would like to put the stack-orchestrator program. Typically this would be
 a "user" binary directory such as `~/bin` or perhaps `/usr/local/laconic` or possibly just the current working directory.
 
 Now, having selected that directory, download the latest release from [this page](https://git.vdb.to/cerc-io/stack-orchestrator/tags) into it (we're using `~/bin` below for concreteness but edit to suit if you selected a different directory). Also be sure that the destination directory exists and is writable:
@@ -71,6 +71,59 @@ The various [stacks](/stack_orchestrator/data/stacks) each contain instructions
 - [laconicd with console and CLI](stack_orchestrator/data/stacks/fixturenet-laconic-loaded)
 - [kubo (IPFS)](stack_orchestrator/data/stacks/kubo)
 
+## Deployment Types
+
+- **compose**: Docker Compose on local machine
+- **k8s**: External Kubernetes cluster (requires kubeconfig)
+- **k8s-kind**: Local Kubernetes via Kind - one cluster per host, shared by all deployments
+
+## External Stacks
+
+Stacks can live in external git repositories. Required structure:
+
+```
+<repo>/
+  stack_orchestrator/data/
+    stacks/<stack-name>/stack.yml
+    compose/docker-compose-<pod-name>.yml
+  deployment/spec.yml
+```
+
+## Deployment Commands
+
+```bash
+# Create deployment from spec
+laconic-so --stack <path> deploy create --spec-file <spec.yml> --deployment-dir <dir>
+
+# Start (creates cluster on first run)
+laconic-so deployment --dir <dir> start
+
+# GitOps restart (git pull + redeploy, preserves data)
+laconic-so deployment --dir <dir> restart
+
+# Stop
+laconic-so deployment --dir <dir> stop
+```
+
+## spec.yml Reference
+
+```yaml
+stack: stack-name-or-path
+deploy-to: k8s-kind
+network:
+  http-proxy:
+    - host-name: app.example.com
+      routes:
+        - path: /
+          proxy-to: service-name:port
+  acme-email: admin@example.com
+config:
+  ENV_VAR: value
+  SECRET_VAR: $generate:hex:32$   # Auto-generated, stored in K8s Secret
+volumes:
+  volume-name:
+```
+
 ## Contributing
 
 See the [CONTRIBUTING.md](/docs/CONTRIBUTING.md) for developer mode install.
@@ -78,5 +131,3 @@ See the [CONTRIBUTING.md](/docs/CONTRIBUTING.md) for developer mode install.
 ## Platform Support
 
 Native aarm64 is _not_ currently supported. x64 emulation on ARM64 macos should work (not yet tested).
-
-

TODO.md

@@ -0,0 +1,16 @@
+# TODO
+
+## Features Needed
+
+### Update Stack Command
+We need an "update stack" command in stack orchestrator and cleaner documentation regarding how to do continuous deployment with and without payments.
+
+**Context**: Currently, `deploy init` generates a spec file and `deploy create` creates a deployment directory. The `deployment update` command (added by Thomas Lackey) only syncs env vars and restarts - it doesn't regenerate configurations. There's a gap in the workflow for updating stack configurations after initial deployment.
+
+## Architecture Refactoring
+
+### Separate Deployer from Stack Orchestrator CLI
+The deployer logic should be decoupled from the CLI tool to allow independent development and reuse.
+
+### Separate Stacks from Stack Orchestrator Repo
+Stacks should live in their own repositories, not bundled with the orchestrator tool. This allows stacks to evolve independently and be maintained by different teams.

docs/cli.md

@@ -65,3 +65,71 @@ Force full rebuild of packages:
 ```
 $ laconic-so build-npms --include <package-name> --force-rebuild
 ```
+
+## deploy
+
+The `deploy` command group manages persistent deployments. The general workflow is `deploy init` to generate a spec file, then `deploy create` to create a deployment directory from the spec, then runtime commands like `deploy up` and `deploy down`.
+
+### deploy init
+
+Generate a deployment spec file from a stack definition:
+```
+$ laconic-so --stack <stack-name> deploy init --output <spec-file>
+```
+
+Options:
+- `--output` (required): write spec file here
+- `--config`: provide config variables for the deployment
+- `--config-file`: provide config variables in a file
+- `--kube-config`: provide a config file for a k8s deployment
+- `--image-registry`: provide a container image registry url for this k8s cluster
+- `--map-ports-to-host`: map ports to the host (`any-variable-random`, `localhost-same`, `any-same`, `localhost-fixed-random`, `any-fixed-random`)
+
+### deploy create
+
+Create a deployment directory from a spec file:
+```
+$ laconic-so --stack <stack-name> deploy create --spec-file <spec-file> --deployment-dir <dir>
+```
+
+Update an existing deployment in-place (preserving data volumes and env file):
+```
+$ laconic-so --stack <stack-name> deploy create --spec-file <spec-file> --deployment-dir <dir> --update
+```
+
+Options:
+- `--spec-file` (required): spec file to use
+- `--deployment-dir`: target directory for deployment files
+- `--update`: update an existing deployment directory, preserving data volumes and env file. Changed files are backed up with a `.bak` suffix. The deployment's `config.env` and `deployment.yml` are also preserved.
+- `--network-dir`: network configuration supplied in this directory
+- `--initial-peers`: initial set of persistent peers
+
+### deploy up
+
+Start a deployment:
+```
+$ laconic-so deployment --dir <deployment-dir> up
+```
+
+### deploy down
+
+Stop a deployment:
+```
+$ laconic-so deployment --dir <deployment-dir> down
+```
+Use `--delete-volumes` to also remove data volumes.
+
+### deploy ps
+
+Show running services:
+```
+$ laconic-so deployment --dir <deployment-dir> ps
+```
+
+### deploy logs
+
+View service logs:
+```
+$ laconic-so deployment --dir <deployment-dir> logs
+```
+Use `-f` to follow and `-n <count>` to tail.

docs/deployment_patterns.md

@@ -0,0 +1,202 @@
+# Deployment Patterns
+
+## GitOps Pattern
+
+For production deployments, we recommend a GitOps approach where your deployment configuration is tracked in version control.
+
+### Overview
+
+- **spec.yml is your source of truth**: Maintain it in your operator repository
+- **Don't regenerate on every restart**: Run `deploy init` once, then customize and commit
+- **Use restart for updates**: The restart command respects your git-tracked spec.yml
+
+### Workflow
+
+1. **Initial setup**: Run `deploy init` once to generate a spec.yml template
+2. **Customize and commit**: Edit spec.yml with your configuration (hostnames, resources, etc.) and commit to your operator repo
+3. **Deploy from git**: Use the committed spec.yml for deployments
+4. **Update via git**: Make changes in git, then restart to apply
+
+```bash
+# Initial setup (run once)
+laconic-so --stack my-stack deploy init --output spec.yml
+
+# Customize for your environment
+vim spec.yml  # Set hostname, resources, etc.
+
+# Commit to your operator repository
+git add spec.yml
+git commit -m "Add my-stack deployment configuration"
+git push
+
+# On deployment server: deploy from git-tracked spec
+laconic-so deploy create \
+  --spec-file /path/to/operator-repo/spec.yml \
+  --deployment-dir my-deployment
+
+laconic-so deployment --dir my-deployment start
+```
+
+### Updating Deployments
+
+When you need to update a deployment:
+
+```bash
+# 1. Make changes in your operator repo
+vim /path/to/operator-repo/spec.yml
+git commit -am "Update configuration"
+git push
+
+# 2. On deployment server: pull and restart
+cd /path/to/operator-repo && git pull
+laconic-so deployment --dir my-deployment restart
+```
+
+The `restart` command:
+- Pulls latest code from the stack repository
+- Uses your git-tracked spec.yml (does NOT regenerate from defaults)
+- Syncs the deployment directory
+- Restarts services
+
+### Anti-patterns
+
+**Don't do this:**
+```bash
+# BAD: Regenerating spec on every deployment
+laconic-so --stack my-stack deploy init --output spec.yml
+laconic-so deploy create --spec-file spec.yml ...
+```
+
+This overwrites your customizations with defaults from the stack's `commands.py`.
+
+**Do this instead:**
+```bash
+# GOOD: Use your git-tracked spec
+git pull  # Get latest spec.yml from your operator repo
+laconic-so deployment --dir my-deployment restart
+```
+
+## Private Registry Authentication
+
+For deployments using images from private container registries (e.g., GitHub Container Registry), configure authentication in your spec.yml:
+
+### Configuration
+
+Add a `registry-credentials` section to your spec.yml:
+
+```yaml
+registry-credentials:
+  server: ghcr.io
+  username: your-org-or-username
+  token-env: REGISTRY_TOKEN
+```
+
+**Fields:**
+- `server`: The registry hostname (e.g., `ghcr.io`, `docker.io`, `gcr.io`)
+- `username`: Registry username (for GHCR, use your GitHub username or org name)
+- `token-env`: Name of the environment variable containing your API token/PAT
+
+### Token Environment Variable
+
+The `token-env` pattern keeps credentials out of version control. Set the environment variable when running `deployment start`:
+
+```bash
+export REGISTRY_TOKEN="your-personal-access-token"
+laconic-so deployment --dir my-deployment start
+```
+
+For GHCR, create a Personal Access Token (PAT) with `read:packages` scope.
+
+### Ansible Integration
+
+When using Ansible for deployments, pass the token from a credentials file:
+
+```yaml
+- name: Start deployment
+  ansible.builtin.command:
+    cmd: laconic-so deployment --dir {{ deployment_dir }} start
+  environment:
+    REGISTRY_TOKEN: "{{ lookup('file', '~/.credentials/ghcr_token') }}"
+```
+
+### How It Works
+
+1. laconic-so reads the `registry-credentials` config from spec.yml
+2. Creates a Kubernetes `docker-registry` secret named `{deployment}-registry`
+3. The deployment's pods reference this secret for image pulls
+
+## Cluster and Volume Management
+
+### Stopping Deployments
+
+The `deployment stop` command has two important flags:
+
+```bash
+# Default: stops deployment, deletes cluster, PRESERVES volumes
+laconic-so deployment --dir my-deployment stop
+
+# Explicitly delete volumes (USE WITH CAUTION)
+laconic-so deployment --dir my-deployment stop --delete-volumes
+```
+
+### Volume Persistence
+
+Volumes persist across cluster deletion by design. This is important because:
+- **Data survives cluster recreation**: Ledger data, databases, and other state are preserved
+- **Faster recovery**: No need to re-sync or rebuild data after cluster issues
+- **Safe cluster upgrades**: Delete and recreate cluster without data loss
+
+**Only use `--delete-volumes` when:**
+- You explicitly want to start fresh with no data
+- The user specifically requests volume deletion
+- You're cleaning up a test/dev environment completely
+
+### Shared Cluster Architecture
+
+In kind deployments, multiple stacks share a single cluster:
+- First `deployment start` creates the cluster
+- Subsequent deployments reuse the existing cluster
+- `deployment stop` on ANY deployment deletes the shared cluster
+- Other deployments will fail until cluster is recreated
+
+To stop a single deployment without affecting the cluster:
+```bash
+laconic-so deployment --dir my-deployment stop --skip-cluster-management
+```
+
+## Volume Persistence in k8s-kind
+
+k8s-kind has 3 storage layers:
+
+- **Docker Host**: The physical server running Docker
+- **Kind Node**: A Docker container simulating a k8s node
+- **Pod Container**: Your workload
+
+For k8s-kind, volumes with paths are mounted from Docker Host → Kind Node → Pod via extraMounts.
+
+| spec.yml volume | Storage Location | Survives Pod Restart | Survives Cluster Restart |
+|-----------------|------------------|---------------------|-------------------------|
+| `vol:` (empty)  | Kind Node PVC    | ✅ | ❌ |
+| `vol: ./data/x` | Docker Host      | ✅ | ✅ |
+| `vol: /abs/path`| Docker Host      | ✅ | ✅ |
+
+**Recommendation**: Always use paths for data you want to keep. Relative paths
+(e.g., `./data/rpc-config`) resolve to `$DEPLOYMENT_DIR/data/rpc-config` on the
+Docker Host.
+
+### Example
+
+```yaml
+# In spec.yml
+volumes:
+  rpc-config: ./data/rpc-config  # Persists to $DEPLOYMENT_DIR/data/rpc-config
+  chain-data: ./data/chain       # Persists to $DEPLOYMENT_DIR/data/chain
+  temp-cache:                    # Empty = Kind Node PVC (lost on cluster delete)
+```
+
+### The Antipattern
+
+Empty-path volumes appear persistent because they survive pod restarts (data lives
+in Kind Node container). However, this data is lost when the kind cluster is
+recreated. This "false persistence" has caused data loss when operators assumed
+their data was safe.

docs/fetching-containers.md

@@ -1,9 +1,9 @@
 # Fetching pre-built container images
-When Stack Orchestrator deploys a stack containing a suite of one or more containers it expects images for those containers to be on the local machine with a tag of the form `<image-name>:local` Images for these containers can be built from source (and optionally base container images from public registries) with the `build-containers` subcommand. 
+When Stack Orchestrator deploys a stack containing a suite of one or more containers it expects images for those containers to be on the local machine with a tag of the form `<image-name>:local` Images for these containers can be built from source (and optionally base container images from public registries) with the `build-containers` subcommand.
 
 However, the task of building a large number of containers from source may consume considerable time and machine resources. This is where the `fetch-containers` subcommand steps in. It is designed to work exactly like `build-containers` but instead the images, pre-built, are fetched from an image registry then re-tagged for deployment. It can be used in place of `build-containers` for any stack provided the necessary containers, built for the local machine architecture (e.g. arm64 or x86-64) have already been published in an image registry.
 ## Usage
 To use `fetch-containers`, provide an image registry path, a username and token/password with read access to the registry, and optionally specify `--force-local-overwrite`. If this argument is not specified, if there is already a locally built or previously fetched image for a stack container on the machine, it will not be overwritten and a warning issued.
 ```
 $ laconic-so --stack mobymask-v3-demo fetch-containers --image-registry git.vdb.to/cerc-io --registry-username <registry-user> --registry-token <registry-token> --force-local-overwrite
-```
+```

docs/gitea-with-laconicd-fixturenet.md

@@ -7,7 +7,7 @@ Deploy a local Gitea server, publish NPM packages to it, then use those packages
 ```bash
 laconic-so --stack build-support build-containers
 laconic-so --stack package-registry setup-repositories
-laconic-so --stack package-registry build-containers 
+laconic-so --stack package-registry build-containers
 laconic-so --stack package-registry deploy up
 ```
 

docs/helm-chart-generation.md

@@ -0,0 +1,113 @@
+# Helm Chart Generation
+
+Generate Kubernetes Helm charts from stack compose files using Kompose.
+
+## Prerequisites
+
+Install Kompose:
+
+```bash
+# Linux
+curl -L https://github.com/kubernetes/kompose/releases/download/v1.34.0/kompose-linux-amd64 -o kompose
+chmod +x kompose
+sudo mv kompose /usr/local/bin/
+
+# macOS
+brew install kompose
+
+# Verify
+kompose version
+```
+
+## Usage
+
+### 1. Create spec file
+
+```bash
+laconic-so --stack <stack-name> deploy --deploy-to k8s init \
+  --kube-config ~/.kube/config \
+  --output spec.yml
+```
+
+### 2. Generate Helm chart
+
+```bash
+laconic-so --stack <stack-name> deploy create \
+  --spec-file spec.yml \
+  --deployment-dir my-deployment \
+  --helm-chart
+```
+
+### 3. Deploy to Kubernetes
+
+```bash
+helm install my-release my-deployment/chart
+kubectl get pods -n zenith
+```
+
+## Output Structure
+
+```bash
+my-deployment/
+├── spec.yml              # Reference
+├── stack.yml             # Reference
+└── chart/                # Helm chart
+  ├── Chart.yaml
+  ├── README.md
+  └── templates/
+    └── *.yaml
+```
+
+## Example
+
+```bash
+# Generate chart for stage1-zenithd
+laconic-so --stack stage1-zenithd deploy --deploy-to k8s init \
+  --kube-config ~/.kube/config \
+  --output stage1-spec.yml
+
+laconic-so --stack stage1-zenithd deploy create \
+  --spec-file stage1-spec.yml \
+  --deployment-dir stage1-deployment \
+  --helm-chart
+
+# Deploy
+helm install stage1-zenithd stage1-deployment/chart
+```
+
+## Production Deployment (TODO)
+
+### Local Development
+
+```bash
+# Access services using port-forward
+kubectl port-forward service/zenithd 26657:26657
+kubectl port-forward service/nginx-api-proxy 1317:80
+kubectl port-forward service/cosmos-explorer 4173:4173
+```
+
+### Production Access Options
+
+- Option 1: Ingress + cert-manager (Recommended)
+  - Install ingress-nginx + cert-manager
+  - Point DNS to cluster LoadBalancer IP
+  - Auto-provisions Let's Encrypt TLS certs
+  - Access: `https://api.zenith.example.com`
+- Option 2: Cloud LoadBalancer
+  - Use cloud provider's LoadBalancer service type
+  - Point DNS to assigned external IP
+  - Manual TLS cert management
+- Option 3: Bare Metal (MetalLB + Ingress)
+  - MetalLB provides LoadBalancer IPs from local network
+  - Same Ingress setup as cloud
+- Option 4: NodePort + External Proxy
+  - Expose services on 30000-32767 range
+  - External nginx/Caddy proxies 80/443 → NodePort
+  - Manual cert management
+
+### Changes Needed
+
+- Add Ingress template to charts
+- Add TLS configuration to values.yaml
+- Document cert-manager setup
+- Add production deployment guide

docs/k8s-deployment-enhancements.md

@@ -24,4 +24,3 @@ node-tolerations:
     value: typeb
 ```
 This example denotes that the stack's pods will tolerate a taint: `nodetype=typeb`
-

docs/release-process.md

@@ -26,4 +26,3 @@ $ ./scripts/tag_new_release.sh 1 0 17
 $ ./scripts/build_shiv_package.sh
 $ ./scripts/publish_shiv_package_github.sh 1 0 17
 ```
-

docs/spec.md

@@ -4,9 +4,9 @@ Note: this page is out of date (but still useful) - it will no longer be useful
 
 ## Implementation
 
-The orchestrator's operation is driven by files shown below. 
+The orchestrator's operation is driven by files shown below.
 
-- `repository-list.txt` contains the list of git repositories; 
+- `repository-list.txt` contains the list of git repositories;
 - `container-image-list.txt` contains the list of container image names
 - `pod-list.txt` specifies the set of compose components (corresponding to individual docker-compose-xxx.yml files which may in turn specify more than one container).
 - `container-build/` contains the files required to build each container image

docs/webapp.md

@@ -7,7 +7,7 @@ compilation and static page generation are separated in the `build-webapp` and `
 
 This offers much more flexibilty than standard Next.js build methods, since any environment variables accessed
 via `process.env`, whether for pages or for API, will have values drawn from their runtime deployment environment,
-not their build environment. 
+not their build environment.
 
 ## Building
 

pyproject.toml

@@ -0,0 +1,110 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "laconic-stack-orchestrator"
+version = "1.1.0"
+description = "Orchestrates deployment of the Laconic stack"
+readme = "README.md"
+license = {text = "GNU Affero General Public License"}
+authors = [
+    {name = "Cerc", email = "info@cerc.io"}
+]
+requires-python = ">=3.8"
+classifiers = [
+    "Programming Language :: Python :: 3.8",
+    "Operating System :: OS Independent",
+]
+dependencies = [
+    "python-decouple>=3.8",
+    "python-dotenv==1.0.0",
+    "GitPython>=3.1.32",
+    "tqdm>=4.65.0",
+    "python-on-whales>=0.64.0",
+    "click>=8.1.6",
+    "PyYAML>=6.0.1",
+    "ruamel.yaml>=0.17.32",
+    "pydantic==1.10.9",
+    "tomli==2.0.1",
+    "validators==0.22.0",
+    "kubernetes>=28.1.0",
+    "humanfriendly>=10.0",
+    "python-gnupg>=0.5.2",
+    "requests>=2.3.2",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.0.0",
+    "pytest-cov>=4.0.0",
+    "black>=22.0.0",
+    "flake8>=5.0.0",
+    "pyright>=1.1.0",
+    "yamllint>=1.28.0",
+    "pre-commit>=3.0.0",
+]
+
+[project.scripts]
+laconic-so = "stack_orchestrator.main:cli"
+
+[project.urls]
+Homepage = "https://git.vdb.to/cerc-io/stack-orchestrator"
+
+[tool.setuptools.packages.find]
+where = ["."]
+
+[tool.setuptools.package-data]
+"*" = ["data/**"]
+
+[tool.black]
+line-length = 88
+target-version = ['py38']
+
+[tool.flake8]
+max-line-length = 88
+extend-ignore = ["E203", "W503", "E402"]
+
+[tool.pyright]
+pythonVersion = "3.9"
+typeCheckingMode = "basic"
+reportMissingImports = "none"
+reportMissingModuleSource = "none"
+reportUnusedImport = "error"
+include = ["stack_orchestrator/**/*.py", "tests/**/*.py"]
+exclude = ["**/build/**", "**/__pycache__/**"]
+
+[tool.mypy]
+python_version = "3.8"
+warn_return_any = true
+warn_unused_configs = true
+disallow_untyped_defs = true
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+python_classes = ["Test*"]
+python_functions = ["test_*"]
+markers = [
+    "slow: marks tests as slow (deselect with '-m \"not slow\"')",
+    "e2e: marks tests as end-to-end (requires real infrastructure)",
+]
+addopts = [
+    "--cov",
+    "--cov-report=term-missing",
+    "--cov-report=html",
+    "--strict-markers",
+]
+asyncio_default_fixture_loop_scope = "function"
+
+[tool.coverage.run]
+source = ["stack_orchestrator"]
+disable_warnings = ["couldnt-parse"]
+
+[tool.coverage.report]
+exclude_lines = [
+    "pragma: no cover",
+    "def __repr__",
+    "raise AssertionError",
+    "raise NotImplementedError",
+]

pyrightconfig.json

@@ -0,0 +1,9 @@
+{
+  "pythonVersion": "3.9",
+  "typeCheckingMode": "basic",
+  "reportMissingImports": "none",
+  "reportMissingModuleSource": "none",
+  "reportUnusedImport": "error",
+  "include": ["stack_orchestrator/**/*.py", "tests/**/*.py"],
+  "exclude": ["**/build/**", "**/__pycache__/**"]
+}

scripts/publish_shiv_package_github.sh

@@ -4,7 +4,7 @@
 # https://github.com/cerc-io/github-release-api
 # User must define: CERC_GH_RELEASE_SCRIPTS_DIR
 # pointing to the location of that cloned repository
-# e.g. 
+# e.g.
 # cd ~/projects
 # git clone https://github.com/cerc-io/github-release-api
 # cd ./stack-orchestrator

scripts/quick-install-linux.sh

@@ -94,7 +94,7 @@ sudo apt -y install jq
 # laconic-so depends on git
 sudo apt -y install git
 # curl used below
-sudo apt -y install curl 
+sudo apt -y install curl
 # docker repo add depends on gnupg and updated ca-certificates
 sudo apt -y install ca-certificates gnupg
 

scripts/tag_new_release.sh

@@ -3,7 +3,7 @@
 # Uses this script package to tag a new release:
 # User must define: CERC_GH_RELEASE_SCRIPTS_DIR
 # pointing to the location of that cloned repository
-# e.g. 
+# e.g.
 # cd ~/projects
 # git clone https://github.com/cerc-io/github-release-api
 # cd ./stack-orchestrator

setup.py

@@ -1,5 +1,7 @@
-# See https://medium.com/nerd-for-tech/how-to-build-and-distribute-a-cli-tool-with-python-537ae41d9d78
+# See
+# https://medium.com/nerd-for-tech/how-to-build-and-distribute-a-cli-tool-with-python-537ae41d9d78
 from setuptools import setup, find_packages
+
 with open("README.md", "r", encoding="utf-8") as fh:
     long_description = fh.read()
 with open("requirements.txt", "r", encoding="utf-8") as fh:
@@ -7,26 +9,26 @@ with open("requirements.txt", "r", encoding="utf-8") as fh:
 with open("stack_orchestrator/data/version.txt", "r", encoding="utf-8") as fh:
     version = fh.readlines()[-1].strip(" \n")
 setup(
-    name='laconic-stack-orchestrator',
+    name="laconic-stack-orchestrator",
     version=version,
-    author='Cerc',
-    author_email='info@cerc.io',
-    license='GNU Affero General Public License',
-    description='Orchestrates deployment of the Laconic stack',
+    author="Cerc",
+    author_email="info@cerc.io",
+    license="GNU Affero General Public License",
+    description="Orchestrates deployment of the Laconic stack",
     long_description=long_description,
     long_description_content_type="text/markdown",
-    url='https://git.vdb.to/cerc-io/stack-orchestrator',
-    py_modules=['stack_orchestrator'],
+    url="https://git.vdb.to/cerc-io/stack-orchestrator",
+    py_modules=["stack_orchestrator"],
     packages=find_packages(),
     install_requires=[requirements],
-    python_requires='>=3.7',
+    python_requires=">=3.7",
     include_package_data=True,
-    package_data={'': ['data/**']},
+    package_data={"": ["data/**"]},
     classifiers=[
         "Programming Language :: Python :: 3.8",
         "Operating System :: OS Independent",
     ],
     entry_points={
-        'console_scripts': ['laconic-so=stack_orchestrator.main:cli'],
-    }
+        "console_scripts": ["laconic-so=stack_orchestrator.main:cli"],
+    },
 )

stack_orchestrator/base.py

@@ -23,11 +23,10 @@ def get_stack(config, stack):
     if stack == "package-registry":
         return package_registry_stack(config, stack)
     else:
-        return base_stack(config, stack)
+        return default_stack(config, stack)
 
 
 class base_stack(ABC):
-
     def __init__(self, config, stack):
         self.config = config
         self.stack = stack
@@ -41,15 +40,27 @@ class base_stack(ABC):
         pass
 
 
-class package_registry_stack(base_stack):
+class default_stack(base_stack):
+    """Default stack implementation for stacks without specific handling."""
 
+    def ensure_available(self):
+        return True
+
+    def get_url(self):
+        return None
+
+
+class package_registry_stack(base_stack):
     def ensure_available(self):
         self.url = "<no registry url set>"
         # Check if we were given an external registry URL
         url_from_environment = os.environ.get("CERC_NPM_REGISTRY_URL")
         if url_from_environment:
             if self.config.verbose:
-                print(f"Using package registry url from CERC_NPM_REGISTRY_URL: {url_from_environment}")
+                print(
+                    f"Using package registry url from CERC_NPM_REGISTRY_URL: "
+                    f"{url_from_environment}"
+                )
             self.url = url_from_environment
         else:
             # Otherwise we expect to use the local package-registry stack
@@ -62,10 +73,16 @@ class package_registry_stack(base_stack):
                 # TODO: get url from deploy-stack
                 self.url = "http://gitea.local:3000/api/packages/cerc-io/npm/"
             else:
-                # If not, print a message about how to start it and return fail to the caller
-                print("ERROR: The package-registry stack is not running, and no external registry "
-                      "specified with CERC_NPM_REGISTRY_URL")
-                print("ERROR: Start the local package registry with: laconic-so --stack package-registry deploy-system up")
+                # If not, print a message about how to start it and return fail to the
+                # caller
+                print(
+                    "ERROR: The package-registry stack is not running, "
+                    "and no external registry specified with CERC_NPM_REGISTRY_URL"
+                )
+                print(
+                    "ERROR: Start the local package registry with: "
+                    "laconic-so --stack package-registry deploy-system up"
+                )
                 return False
         return True
 
@@ -76,7 +93,9 @@ class package_registry_stack(base_stack):
 def get_npm_registry_url():
     # If an auth token is not defined, we assume the default should be the cerc registry
     # If an auth token is defined, we assume the local gitea should be used.
-    default_npm_registry_url = "http://gitea.local:3000/api/packages/cerc-io/npm/" if config(
-        "CERC_NPM_AUTH_TOKEN", default=None
-        ) else "https://git.vdb.to/api/packages/cerc-io/npm/"
+    default_npm_registry_url = (
+        "http://gitea.local:3000/api/packages/cerc-io/npm/"
+        if config("CERC_NPM_AUTH_TOKEN", default=None)
+        else "https://git.vdb.to/api/packages/cerc-io/npm/"
+    )
     return config("CERC_NPM_REGISTRY_URL", default=default_npm_registry_url)

stack_orchestrator/build/build_containers.py

@@ -18,7 +18,8 @@
 # env vars:
 # CERC_REPO_BASE_DIR defaults to ~/cerc
 
-# TODO: display the available list of containers; allow re-build of either all or specific containers
+# TODO: display the available list of containers;
+# allow re-build of either all or specific containers
 
 import os
 import sys
@@ -34,14 +35,17 @@ from stack_orchestrator.build.publish import publish_image
 from stack_orchestrator.build.build_util import get_containers_in_scope
 
 # TODO: find a place for this
-#    epilog="Config provided either in .env or settings.ini or env vars: CERC_REPO_BASE_DIR (defaults to ~/cerc)"
+#    epilog="Config provided either in .env or settings.ini or env vars:
+#    CERC_REPO_BASE_DIR (defaults to ~/cerc)"
 
 
-def make_container_build_env(dev_root_path: str,
-                             container_build_dir: str,
-                             debug: bool,
-                             force_rebuild: bool,
-                             extra_build_args: str):
+def make_container_build_env(
+    dev_root_path: str,
+    container_build_dir: str,
+    debug: bool,
+    force_rebuild: bool,
+    extra_build_args: str,
+):
     container_build_env = {
         "CERC_NPM_REGISTRY_URL": get_npm_registry_url(),
         "CERC_GO_AUTH_TOKEN": config("CERC_GO_AUTH_TOKEN", default=""),
@@ -50,11 +54,15 @@ def make_container_build_env(dev_root_path: str,
         "CERC_CONTAINER_BASE_DIR": container_build_dir,
         "CERC_HOST_UID": f"{os.getuid()}",
         "CERC_HOST_GID": f"{os.getgid()}",
-        "DOCKER_BUILDKIT": config("DOCKER_BUILDKIT", default="0")
+        "DOCKER_BUILDKIT": config("DOCKER_BUILDKIT", default="0"),
     }
     container_build_env.update({"CERC_SCRIPT_DEBUG": "true"} if debug else {})
     container_build_env.update({"CERC_FORCE_REBUILD": "true"} if force_rebuild else {})
-    container_build_env.update({"CERC_CONTAINER_EXTRA_BUILD_ARGS": extra_build_args} if extra_build_args else {})
+    container_build_env.update(
+        {"CERC_CONTAINER_EXTRA_BUILD_ARGS": extra_build_args}
+        if extra_build_args
+        else {}
+    )
     docker_host_env = os.getenv("DOCKER_HOST")
     if docker_host_env:
         container_build_env.update({"DOCKER_HOST": docker_host_env})
@@ -67,12 +75,18 @@ def process_container(build_context: BuildContext) -> bool:
         print(f"Building: {build_context.container}")
 
     default_container_tag = f"{build_context.container}:local"
-    build_context.container_build_env.update({"CERC_DEFAULT_CONTAINER_IMAGE_TAG": default_container_tag})
+    build_context.container_build_env.update(
+        {"CERC_DEFAULT_CONTAINER_IMAGE_TAG": default_container_tag}
+    )
 
     # Check if this is in an external stack
     if stack_is_external(build_context.stack):
-        container_parent_dir = Path(build_context.stack).parent.parent.joinpath("container-build")
-        temp_build_dir = container_parent_dir.joinpath(build_context.container.replace("/", "-"))
+        container_parent_dir = Path(build_context.stack).parent.parent.joinpath(
+            "container-build"
+        )
+        temp_build_dir = container_parent_dir.joinpath(
+            build_context.container.replace("/", "-")
+        )
         temp_build_script_filename = temp_build_dir.joinpath("build.sh")
         # Now check if the container exists in the external stack.
         if not temp_build_script_filename.exists():
@@ -90,21 +104,34 @@ def process_container(build_context: BuildContext) -> bool:
         build_command = build_script_filename.as_posix()
     else:
         if opts.o.verbose:
-            print(f"No script file found: {build_script_filename}, using default build script")
-        repo_dir = build_context.container.split('/')[1]
-        # TODO: make this less of a hack -- should be specified in some metadata somewhere
-        # Check if we have a repo for this container. If not, set the context dir to the container-build subdir
+            print(
+                f"No script file found: {build_script_filename}, "
+                "using default build script"
+            )
+        repo_dir = build_context.container.split("/")[1]
+        # TODO: make this less of a hack -- should be specified in
+        # some metadata somewhere. Check if we have a repo for this
+        # container. If not, set the context dir to container-build subdir
         repo_full_path = os.path.join(build_context.dev_root_path, repo_dir)
-        repo_dir_or_build_dir = repo_full_path if os.path.exists(repo_full_path) else build_dir
-        build_command = os.path.join(build_context.container_build_dir,
-                                     "default-build.sh") + f" {default_container_tag} {repo_dir_or_build_dir}"
+        repo_dir_or_build_dir = (
+            repo_full_path if os.path.exists(repo_full_path) else build_dir
+        )
+        build_command = (
+            os.path.join(build_context.container_build_dir, "default-build.sh")
+            + f" {default_container_tag} {repo_dir_or_build_dir}"
+        )
     if not opts.o.dry_run:
         # No PATH at all causes failures with podman.
         if "PATH" not in build_context.container_build_env:
             build_context.container_build_env["PATH"] = os.environ["PATH"]
         if opts.o.verbose:
-            print(f"Executing: {build_command} with environment: {build_context.container_build_env}")
-        build_result = subprocess.run(build_command, shell=True, env=build_context.container_build_env)
+            print(
+                f"Executing: {build_command} with environment: "
+                f"{build_context.container_build_env}"
+            )
+        build_result = subprocess.run(
+            build_command, shell=True, env=build_context.container_build_env
+        )
         if opts.o.verbose:
             print(f"Return code is: {build_result.returncode}")
         if build_result.returncode != 0:
@@ -117,33 +144,61 @@ def process_container(build_context: BuildContext) -> bool:
 
 
 @click.command()
-@click.option('--include', help="only build these containers")
-@click.option('--exclude', help="don\'t build these containers")
-@click.option("--force-rebuild", is_flag=True, default=False, help="Override dependency checking -- always rebuild")
+@click.option("--include", help="only build these containers")
+@click.option("--exclude", help="don't build these containers")
+@click.option(
+    "--force-rebuild",
+    is_flag=True,
+    default=False,
+    help="Override dependency checking -- always rebuild",
+)
 @click.option("--extra-build-args", help="Supply extra arguments to build")
-@click.option("--publish-images", is_flag=True, default=False, help="Publish the built images in the specified image registry")
-@click.option("--image-registry", help="Specify the image registry for --publish-images")
+@click.option(
+    "--publish-images",
+    is_flag=True,
+    default=False,
+    help="Publish the built images in the specified image registry",
+)
+@click.option(
+    "--image-registry", help="Specify the image registry for --publish-images"
+)
 @click.pass_context
-def command(ctx, include, exclude, force_rebuild, extra_build_args, publish_images, image_registry):
-    '''build the set of containers required for a complete stack'''
+def command(
+    ctx,
+    include,
+    exclude,
+    force_rebuild,
+    extra_build_args,
+    publish_images,
+    image_registry,
+):
+    """build the set of containers required for a complete stack"""
 
     local_stack = ctx.obj.local_stack
     stack = ctx.obj.stack
 
-    # See: https://stackoverflow.com/questions/25389095/python-get-path-of-root-project-structure
-    container_build_dir = Path(__file__).absolute().parent.parent.joinpath("data", "container-build")
+    # See: https://stackoverflow.com/questions/25389095/
+    # python-get-path-of-root-project-structure
+    container_build_dir = (
+        Path(__file__).absolute().parent.parent.joinpath("data", "container-build")
+    )
 
     if local_stack:
-        dev_root_path = os.getcwd()[0:os.getcwd().rindex("stack-orchestrator")]
-        print(f'Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: {dev_root_path}')
+        dev_root_path = os.getcwd()[0 : os.getcwd().rindex("stack-orchestrator")]
+        print(
+            f"Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: "
+            f"{dev_root_path}"
+        )
     else:
-        dev_root_path = os.path.expanduser(config("CERC_REPO_BASE_DIR", default="~/cerc"))
+        dev_root_path = os.path.expanduser(
+            config("CERC_REPO_BASE_DIR", default="~/cerc")
+        )
 
     if not opts.o.quiet:
-        print(f'Dev Root is: {dev_root_path}')
+        print(f"Dev Root is: {dev_root_path}")
 
     if not os.path.isdir(dev_root_path):
-        print('Dev root directory doesn\'t exist, creating')
+        print("Dev root directory doesn't exist, creating")
 
     if publish_images:
         if not image_registry:
@@ -151,21 +206,22 @@ def command(ctx, include, exclude, force_rebuild, extra_build_args, publish_imag
 
     containers_in_scope = get_containers_in_scope(stack)
 
-    container_build_env = make_container_build_env(dev_root_path,
-                                                   container_build_dir,
-                                                   opts.o.debug,
-                                                   force_rebuild,
-                                                   extra_build_args)
+    container_build_env = make_container_build_env(
+        dev_root_path,
+        container_build_dir,
+        opts.o.debug,
+        force_rebuild,
+        extra_build_args,
+    )
 
     for container in containers_in_scope:
         if include_exclude_check(container, include, exclude):
-
             build_context = BuildContext(
                 stack,
                 container,
                 container_build_dir,
                 container_build_env,
-                dev_root_path
+                dev_root_path,
             )
             result = process_container(build_context)
             if result:
@@ -174,10 +230,16 @@ def command(ctx, include, exclude, force_rebuild, extra_build_args, publish_imag
             else:
                 print(f"Error running build for {build_context.container}")
                 if not opts.o.continue_on_error:
-                    error_exit("container build failed and --continue-on-error not set, exiting")
+                    error_exit(
+                        "container build failed and --continue-on-error "
+                        "not set, exiting"
+                    )
                     sys.exit(1)
                 else:
-                    print("****** Container Build Error, continuing because --continue-on-error is set")
+                    print(
+                        "****** Container Build Error, continuing because "
+                        "--continue-on-error is set"
+                    )
         else:
             if opts.o.verbose:
                 print(f"Excluding: {container}")

stack_orchestrator/build/build_npms.py

@@ -32,14 +32,18 @@ builder_js_image_name = "cerc/builder-js:local"
 
 
 @click.command()
-@click.option('--include', help="only build these packages")
-@click.option('--exclude', help="don\'t build these packages")
-@click.option("--force-rebuild", is_flag=True, default=False,
-              help="Override existing target package version check -- force rebuild")
+@click.option("--include", help="only build these packages")
+@click.option("--exclude", help="don't build these packages")
+@click.option(
+    "--force-rebuild",
+    is_flag=True,
+    default=False,
+    help="Override existing target package version check -- force rebuild",
+)
 @click.option("--extra-build-args", help="Supply extra arguments to build")
 @click.pass_context
 def command(ctx, include, exclude, force_rebuild, extra_build_args):
-    '''build the set of npm packages required for a complete stack'''
+    """build the set of npm packages required for a complete stack"""
 
     quiet = ctx.obj.quiet
     verbose = ctx.obj.verbose
@@ -65,45 +69,54 @@ def command(ctx, include, exclude, force_rebuild, extra_build_args):
         sys.exit(1)
 
     if local_stack:
-        dev_root_path = os.getcwd()[0:os.getcwd().rindex("stack-orchestrator")]
-        print(f'Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: {dev_root_path}')
+        dev_root_path = os.getcwd()[0 : os.getcwd().rindex("stack-orchestrator")]
+        print(
+            f"Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: "
+            f"{dev_root_path}"
+        )
     else:
-        dev_root_path = os.path.expanduser(config("CERC_REPO_BASE_DIR", default="~/cerc"))
+        dev_root_path = os.path.expanduser(
+            config("CERC_REPO_BASE_DIR", default="~/cerc")
+        )
 
     build_root_path = os.path.join(dev_root_path, "build-trees")
 
     if verbose:
-        print(f'Dev Root is: {dev_root_path}')
+        print(f"Dev Root is: {dev_root_path}")
 
     if not os.path.isdir(dev_root_path):
-        print('Dev root directory doesn\'t exist, creating')
+        print("Dev root directory doesn't exist, creating")
         os.makedirs(dev_root_path)
     if not os.path.isdir(dev_root_path):
-        print('Build root directory doesn\'t exist, creating')
+        print("Build root directory doesn't exist, creating")
         os.makedirs(build_root_path)
 
     # See: https://stackoverflow.com/a/20885799/1701505
     from stack_orchestrator import data
-    with importlib.resources.open_text(data, "npm-package-list.txt") as package_list_file:
+
+    with importlib.resources.open_text(
+        data, "npm-package-list.txt"
+    ) as package_list_file:
         all_packages = package_list_file.read().splitlines()
 
     packages_in_scope = []
     if stack:
         stack_config = get_parsed_stack_config(stack)
         # TODO: syntax check the input here
-        packages_in_scope = stack_config['npms']
+        packages_in_scope = stack_config["npms"]
     else:
         packages_in_scope = all_packages
 
     if verbose:
-        print(f'Packages: {packages_in_scope}')
+        print(f"Packages: {packages_in_scope}")
 
     def build_package(package):
         if not quiet:
             print(f"Building npm package: {package}")
         repo_dir = package
         repo_full_path = os.path.join(dev_root_path, repo_dir)
-        # Copy the repo and build that to avoid propagating JS tooling file changes back into the cloned repo
+        # Copy the repo and build that to avoid propagating
+        # JS tooling file changes back into the cloned repo
         repo_copy_path = os.path.join(build_root_path, repo_dir)
         # First delete any old build tree
         if os.path.isdir(repo_copy_path):
@@ -116,41 +129,63 @@ def command(ctx, include, exclude, force_rebuild, extra_build_args):
             print(f"Copying build tree from: {repo_full_path} to: {repo_copy_path}")
         if not dry_run:
             copytree(repo_full_path, repo_copy_path)
-        build_command = ["sh", "-c", f"cd /workspace && build-npm-package-local-dependencies.sh {npm_registry_url}"]
+        build_command = [
+            "sh",
+            "-c",
+            "cd /workspace && "
+            f"build-npm-package-local-dependencies.sh {npm_registry_url}",
+        ]
         if not dry_run:
             if verbose:
                 print(f"Executing: {build_command}")
             # Originally we used the PEP 584 merge operator:
-            # envs = {"CERC_NPM_AUTH_TOKEN": npm_registry_url_token} | ({"CERC_SCRIPT_DEBUG": "true"} if debug else {})
-            # but that isn't available in Python 3.8 (default in Ubuntu 20) so for now we use dict.update:
-            envs = {"CERC_NPM_AUTH_TOKEN": npm_registry_url_token,
-                    "LACONIC_HOSTED_CONFIG_FILE": "config-hosted.yml"  # Convention used by our web app packages
-                    }
+            # envs = {"CERC_NPM_AUTH_TOKEN": npm_registry_url_token} |
+            #        ({"CERC_SCRIPT_DEBUG": "true"} if debug else {})
+            # but that isn't available in Python 3.8 (default in Ubuntu 20)
+            # so for now we use dict.update:
+            envs = {
+                "CERC_NPM_AUTH_TOKEN": npm_registry_url_token,
+                # Convention used by our web app packages
+                "LACONIC_HOSTED_CONFIG_FILE": "config-hosted.yml",
+            }
             envs.update({"CERC_SCRIPT_DEBUG": "true"} if debug else {})
             envs.update({"CERC_FORCE_REBUILD": "true"} if force_rebuild else {})
-            envs.update({"CERC_CONTAINER_EXTRA_BUILD_ARGS": extra_build_args} if extra_build_args else {})
+            envs.update(
+                {"CERC_CONTAINER_EXTRA_BUILD_ARGS": extra_build_args}
+                if extra_build_args
+                else {}
+            )
             try:
-                docker.run(builder_js_image_name,
-                           remove=True,
-                           interactive=True,
-                           tty=True,
-                           user=f"{os.getuid()}:{os.getgid()}",
-                           envs=envs,
-                           # TODO: detect this host name in npm_registry_url rather than hard-wiring it
-                           add_hosts=[("gitea.local", "host-gateway")],
-                           volumes=[(repo_copy_path, "/workspace")],
-                           command=build_command
-                           )
-                # Note that although the docs say that build_result should contain
-                # the command output as a string, in reality it is always the empty string.
-                # Since we detect errors via catching exceptions below, we can safely ignore it here.
+                docker.run(
+                    builder_js_image_name,
+                    remove=True,
+                    interactive=True,
+                    tty=True,
+                    user=f"{os.getuid()}:{os.getgid()}",
+                    envs=envs,
+                    # TODO: detect this host name in npm_registry_url
+                    # rather than hard-wiring it
+                    add_hosts=[("gitea.local", "host-gateway")],
+                    volumes=[(repo_copy_path, "/workspace")],
+                    command=build_command,
+                )
+                # Note that although the docs say that build_result should
+                # contain the command output as a string, in reality it is
+                # always the empty string. Since we detect errors via catching
+                # exceptions below, we can safely ignore it here.
             except DockerException as e:
                 print(f"Error executing build for {package} in container:\n {e}")
                 if not continue_on_error:
-                    print("FATAL Error: build failed and --continue-on-error not set, exiting")
+                    print(
+                        "FATAL Error: build failed and --continue-on-error "
+                        "not set, exiting"
+                    )
                     sys.exit(1)
                 else:
-                    print("****** Build Error, continuing because --continue-on-error is set")
+                    print(
+                        "****** Build Error, continuing because "
+                        "--continue-on-error is set"
+                    )
 
         else:
             print("Skipped")
@@ -168,6 +203,12 @@ def _ensure_prerequisites():
     # Tell the user how to build it if not
     images = docker.image.list(builder_js_image_name)
     if len(images) == 0:
-        print(f"FATAL: builder image: {builder_js_image_name} is required but was not found")
-        print("Please run this command to create it: laconic-so --stack build-support build-containers")
+        print(
+            f"FATAL: builder image: {builder_js_image_name} is required "
+            "but was not found"
+        )
+        print(
+            "Please run this command to create it: "
+            "laconic-so --stack build-support build-containers"
+        )
         sys.exit(1)

stack_orchestrator/build/build_types.py

@@ -24,6 +24,5 @@ class BuildContext:
     stack: str
     container: str
     container_build_dir: Path
-    container_build_env: Mapping[str,str]
+    container_build_env: Mapping[str, str]
     dev_root_path: str
-

stack_orchestrator/build/build_util.py

@@ -20,21 +20,23 @@ from stack_orchestrator.util import get_parsed_stack_config, warn_exit
 
 
 def get_containers_in_scope(stack: str):
-
     containers_in_scope = []
     if stack:
         stack_config = get_parsed_stack_config(stack)
         if "containers" not in stack_config or stack_config["containers"] is None:
             warn_exit(f"stack {stack} does not define any containers")
-        containers_in_scope = stack_config['containers']
+        containers_in_scope = stack_config["containers"]
     else:
         # See: https://stackoverflow.com/a/20885799/1701505
         from stack_orchestrator import data
-        with importlib.resources.open_text(data, "container-image-list.txt") as container_list_file:
+
+        with importlib.resources.open_text(
+            data, "container-image-list.txt"
+        ) as container_list_file:
             containers_in_scope = container_list_file.read().splitlines()
 
     if opts.o.verbose:
-        print(f'Containers: {containers_in_scope}')
+        print(f"Containers: {containers_in_scope}")
         if stack:
             print(f"Stack: {stack}")
 

stack_orchestrator/build/build_webapp.py

@@ -18,7 +18,8 @@
 # env vars:
 # CERC_REPO_BASE_DIR defaults to ~/cerc
 
-# TODO: display the available list of containers; allow re-build of either all or specific containers
+# TODO: display the available list of containers;
+# allow re-build of either all or specific containers
 
 import os
 import sys
@@ -32,40 +33,55 @@ from stack_orchestrator.build.build_types import BuildContext
 
 
 @click.command()
-@click.option('--base-container')
-@click.option('--source-repo', help="directory containing the webapp to build", required=True)
-@click.option("--force-rebuild", is_flag=True, default=False, help="Override dependency checking -- always rebuild")
+@click.option("--base-container")
+@click.option(
+    "--source-repo", help="directory containing the webapp to build", required=True
+)
+@click.option(
+    "--force-rebuild",
+    is_flag=True,
+    default=False,
+    help="Override dependency checking -- always rebuild",
+)
 @click.option("--extra-build-args", help="Supply extra arguments to build")
 @click.option("--tag", help="Container tag (default: cerc/<app_name>:local)")
 @click.pass_context
 def command(ctx, base_container, source_repo, force_rebuild, extra_build_args, tag):
-    '''build the specified webapp container'''
+    """build the specified webapp container"""
     logger = TimedLogger()
 
-    quiet = ctx.obj.quiet
     debug = ctx.obj.debug
     verbose = ctx.obj.verbose
     local_stack = ctx.obj.local_stack
     stack = ctx.obj.stack
 
-    # See: https://stackoverflow.com/questions/25389095/python-get-path-of-root-project-structure
-    container_build_dir = Path(__file__).absolute().parent.parent.joinpath("data", "container-build")
+    # See: https://stackoverflow.com/questions/25389095/
+    # python-get-path-of-root-project-structure
+    container_build_dir = (
+        Path(__file__).absolute().parent.parent.joinpath("data", "container-build")
+    )
 
     if local_stack:
-        dev_root_path = os.getcwd()[0:os.getcwd().rindex("stack-orchestrator")]
-        logger.log(f'Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: {dev_root_path}')
+        dev_root_path = os.getcwd()[0 : os.getcwd().rindex("stack-orchestrator")]
+        logger.log(
+            f"Local stack dev_root_path (CERC_REPO_BASE_DIR) overridden to: "
+            f"{dev_root_path}"
+        )
     else:
-        dev_root_path = os.path.expanduser(config("CERC_REPO_BASE_DIR", default="~/cerc"))
+        dev_root_path = os.path.expanduser(
+            config("CERC_REPO_BASE_DIR", default="~/cerc")
+        )
 
     if verbose:
-        logger.log(f'Dev Root is: {dev_root_path}')
+        logger.log(f"Dev Root is: {dev_root_path}")
 
     if not base_container:
         base_container = determine_base_container(source_repo)
 
     # First build the base container.
-    container_build_env = build_containers.make_container_build_env(dev_root_path, container_build_dir, debug,
-                                                                    force_rebuild, extra_build_args)
+    container_build_env = build_containers.make_container_build_env(
+        dev_root_path, container_build_dir, debug, force_rebuild, extra_build_args
+    )
 
     if verbose:
         logger.log(f"Building base container: {base_container}")
@@ -85,12 +101,13 @@ def command(ctx, base_container, source_repo, force_rebuild, extra_build_args, t
     if verbose:
         logger.log(f"Base container {base_container} build finished.")
 
-    # Now build the target webapp.  We use the same build script, but with a different Dockerfile and work dir.
+    # Now build the target webapp. We use the same build script,
+    # but with a different Dockerfile and work dir.
     container_build_env["CERC_WEBAPP_BUILD_RUNNING"] = "true"
     container_build_env["CERC_CONTAINER_BUILD_WORK_DIR"] = os.path.abspath(source_repo)
-    container_build_env["CERC_CONTAINER_BUILD_DOCKERFILE"] = os.path.join(container_build_dir,
-                                                                          base_container.replace("/", "-"),
-                                                                          "Dockerfile.webapp")
+    container_build_env["CERC_CONTAINER_BUILD_DOCKERFILE"] = os.path.join(
+        container_build_dir, base_container.replace("/", "-"), "Dockerfile.webapp"
+    )
     if not tag:
         webapp_name = os.path.abspath(source_repo).split(os.path.sep)[-1]
         tag = f"cerc/{webapp_name}:local"

stack_orchestrator/build/fetch_containers.py

@@ -52,7 +52,8 @@ def _local_tag_for(container: str):
 
 # See: https://docker-docs.uclv.cu/registry/spec/api/
 # Emulate this:
-# $ curl -u "my-username:my-token" -X GET "https://<container-registry-hostname>/v2/cerc-io/cerc/test-container/tags/list"
+# $ curl -u "my-username:my-token" -X GET \
+#   "https://<container-registry-hostname>/v2/cerc-io/cerc/test-container/tags/list"
 # {"name":"cerc-io/cerc/test-container","tags":["202402232130","202402232208"]}
 def _get_tags_for_container(container: str, registry_info: RegistryInfo) -> List[str]:
     # registry looks like: git.vdb.to/cerc-io
@@ -60,7 +61,9 @@ def _get_tags_for_container(container: str, registry_info: RegistryInfo) -> List
     url = f"https://{registry_parts[0]}/v2/{registry_parts[1]}/{container}/tags/list"
     if opts.o.debug:
         print(f"Fetching tags from: {url}")
-    response = requests.get(url, auth=(registry_info.registry_username, registry_info.registry_token))
+    response = requests.get(
+        url, auth=(registry_info.registry_username, registry_info.registry_token)
+    )
     if response.status_code == 200:
         tag_info = response.json()
         if opts.o.debug:
@@ -68,7 +71,10 @@ def _get_tags_for_container(container: str, registry_info: RegistryInfo) -> List
         tags_array = tag_info["tags"]
         return tags_array
     else:
-        error_exit(f"failed to fetch tags from image registry, status code: {response.status_code}")
+        error_exit(
+            f"failed to fetch tags from image registry, "
+            f"status code: {response.status_code}"
+        )
 
 
 def _find_latest(candidate_tags: List[str]):
@@ -79,9 +85,9 @@ def _find_latest(candidate_tags: List[str]):
     return sorted_candidates[-1]
 
 
-def _filter_for_platform(container: str, 
-                         registry_info: RegistryInfo,
-                         tag_list: List[str]) -> List[str] :
+def _filter_for_platform(
+    container: str, registry_info: RegistryInfo, tag_list: List[str]
+) -> List[str]:
     filtered_tags = []
     this_machine = platform.machine()
     # Translate between Python and docker platform names
@@ -98,7 +104,7 @@ def _filter_for_platform(container: str,
         manifest = manifest_cmd.inspect_verbose(remote_tag)
         if opts.o.debug:
             print(f"manifest: {manifest}")
-        image_architecture =  manifest["Descriptor"]["platform"]["architecture"]
+        image_architecture = manifest["Descriptor"]["platform"]["architecture"]
         if opts.o.debug:
             print(f"image_architecture: {image_architecture}")
         if this_machine == image_architecture:
@@ -137,21 +143,44 @@ def _add_local_tag(remote_tag: str, registry: str, local_tag: str):
 
 
 @click.command()
-@click.option('--include', help="only fetch these containers")
-@click.option('--exclude', help="don\'t fetch these containers")
-@click.option("--force-local-overwrite", is_flag=True, default=False, help="Overwrite a locally built image, if present")
-@click.option("--image-registry", required=True, help="Specify the image registry to fetch from")
-@click.option("--registry-username", required=True, help="Specify the image registry username")
-@click.option("--registry-token", required=True, help="Specify the image registry access token")
+@click.option("--include", help="only fetch these containers")
+@click.option("--exclude", help="don't fetch these containers")
+@click.option(
+    "--force-local-overwrite",
+    is_flag=True,
+    default=False,
+    help="Overwrite a locally built image, if present",
+)
+@click.option(
+    "--image-registry", required=True, help="Specify the image registry to fetch from"
+)
+@click.option(
+    "--registry-username", required=True, help="Specify the image registry username"
+)
+@click.option(
+    "--registry-token", required=True, help="Specify the image registry access token"
+)
 @click.pass_context
-def command(ctx, include, exclude, force_local_overwrite, image_registry, registry_username, registry_token):
-    '''EXPERIMENTAL: fetch the images for a stack from remote registry'''
+def command(
+    ctx,
+    include,
+    exclude,
+    force_local_overwrite,
+    image_registry,
+    registry_username,
+    registry_token,
+):
+    """EXPERIMENTAL: fetch the images for a stack from remote registry"""
 
     registry_info = RegistryInfo(image_registry, registry_username, registry_token)
     docker = DockerClient()
     if not opts.o.quiet:
         print("Logging into container registry:")
-    docker.login(registry_info.registry, registry_info.registry_username, registry_info.registry_token)
+    docker.login(
+        registry_info.registry,
+        registry_info.registry_username,
+        registry_info.registry_token,
+    )
     # Generate list of target containers
     stack = ctx.obj.stack
     containers_in_scope = get_containers_in_scope(stack)
@@ -172,19 +201,24 @@ def command(ctx, include, exclude, force_local_overwrite, image_registry, regist
                 print(f"Fetching: {image_to_fetch}")
             _fetch_image(image_to_fetch, registry_info)
             # Now check if the target container already exists exists locally already
-            if (_exists_locally(container)):
+            if _exists_locally(container):
                 if not opts.o.quiet:
                     print(f"Container image {container} already exists locally")
                 # if so, fail unless the user specified force-local-overwrite
-                if (force_local_overwrite):
+                if force_local_overwrite:
                     # In that case remove the existing :local tag
                     if not opts.o.quiet:
-                        print(f"Warning: overwriting local tag from this image: {container} because "
-                              "--force-local-overwrite was specified")
+                        print(
+                            f"Warning: overwriting local tag from this image: "
+                            f"{container} because --force-local-overwrite was specified"
+                        )
                 else:
                     if not opts.o.quiet:
-                        print(f"Skipping local tagging for this image: {container} because that would "
-                              "overwrite an existing :local tagged image, use --force-local-overwrite to do so.")
+                        print(
+                            f"Skipping local tagging for this image: {container} "
+                            "because that would overwrite an existing :local tagged "
+                            "image, use --force-local-overwrite to do so."
+                        )
                     continue
             # Tag the fetched image with the :local tag
             _add_local_tag(image_to_fetch, image_registry, local_tag)
@@ -192,4 +226,7 @@ def command(ctx, include, exclude, force_local_overwrite, image_registry, regist
             if opts.o.verbose:
                 print(f"Excluding: {container}")
     if not all_containers_found:
-        print("Warning: couldn't find usable images for one or more containers, this stack will not deploy")
+        print(
+            "Warning: couldn't find usable images for one or more containers, "
+            "this stack will not deploy"
+        )

stack_orchestrator/constants.py

@@ -39,3 +39,9 @@ node_affinities_key = "node-affinities"
 node_tolerations_key = "node-tolerations"
 kind_config_filename = "kind-config.yml"
 kube_config_filename = "kubeconfig.yml"
+cri_base_filename = "cri-base.json"
+unlimited_memlock_key = "unlimited-memlock"
+runtime_class_key = "runtime-class"
+high_memlock_runtime = "high-memlock"
+high_memlock_spec_filename = "high-memlock-spec.json"
+acme_email_key = "acme-email"

stack_orchestrator/data/compose/docker-compose-fixturenet-blast.yml

@@ -20,7 +20,7 @@ services:
     depends_on:
       generate-jwt:
         condition: service_completed_successfully
-    env_file: 
+    env_file:
       - ../config/fixturenet-blast/${NETWORK:-fixturenet}.config
   blast-geth:
     image: blastio/blast-geth:${NETWORK:-testnet-sepolia}
@@ -51,7 +51,7 @@ services:
       --nodiscover
       --maxpeers=0
       --rollup.disabletxpoolgossip=true
-    env_file: 
+    env_file:
       - ../config/fixturenet-blast/${NETWORK:-fixturenet}.config
     depends_on:
       geth-init:
@@ -73,7 +73,7 @@ services:
       --rollup.config="/blast/rollup.json"
     depends_on:
       - blast-geth
-    env_file: 
+    env_file:
       - ../config/fixturenet-blast/${NETWORK:-fixturenet}.config
 
 volumes:

stack_orchestrator/data/compose/docker-compose-laconicd.yml

@@ -14,4 +14,3 @@ services:
       - "9090"
       - "9091"
       - "1317"
-

stack_orchestrator/data/compose/docker-compose-mainnet-blast.yml

@@ -19,7 +19,7 @@ services:
     depends_on:
       generate-jwt:
         condition: service_completed_successfully
-    env_file: 
+    env_file:
       - ../config/mainnet-blast/${NETWORK:-mainnet}.config
   blast-geth:
     image: blastio/blast-geth:${NETWORK:-mainnet}
@@ -53,7 +53,7 @@ services:
       --nodiscover
       --maxpeers=0
       --rollup.disabletxpoolgossip=true
-    env_file: 
+    env_file:
       - ../config/mainnet-blast/${NETWORK:-mainnet}.config
     depends_on:
       geth-init:
@@ -76,7 +76,7 @@ services:
       --rollup.config="/blast/rollup.json"
     depends_on:
       - blast-geth
-    env_file: 
+    env_file:
       - ../config/mainnet-blast/${NETWORK:-mainnet}.config
 
 volumes:

stack_orchestrator/data/compose/docker-compose-mars.yml

@@ -17,4 +17,3 @@ services:
       - URL_NEUTRON_TEST_REST=https://rest-palvus.pion-1.ntrn.tech
       - URL_NEUTRON_TEST_RPC=https://rpc-palvus.pion-1.ntrn.tech
       - WALLET_CONNECT_ID=0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x0x
-

stack_orchestrator/data/compose/docker-compose-reth.yml

@@ -32,4 +32,4 @@ services:
 volumes:
   reth_data:
   lighthouse_data:
-  shared_data:
+  shared_data:

stack_orchestrator/data/compose/docker-compose-test-database.yml

@@ -12,7 +12,7 @@ services:
       POSTGRES_INITDB_ARGS: "-E UTF8 --locale=C"
     ports:
       - "5432"
-    
+
   test-client:
     image: cerc/test-database-client:local
 

stack_orchestrator/data/compose/docker-compose-test.yml

@@ -8,6 +8,8 @@ services:
       CERC_TEST_PARAM_2: "CERC_TEST_PARAM_2_VALUE"
       CERC_TEST_PARAM_3: ${CERC_TEST_PARAM_3:-FAILED}
     volumes:
+      - ../config/test/script.sh:/opt/run.sh
+      - ../config/test/settings.env:/opt/settings.env
       - test-data-bind:/data
       - test-data-auto:/data2
       - test-config:/config:ro

stack_orchestrator/data/config/fixturenet-blast/fixturenet.config

@@ -1,2 +1,2 @@
 GETH_ROLLUP_SEQUENCERHTTP=https://sequencer.s2.testblast.io
-OP_NODE_P2P_BOOTNODES=enr:-J-4QM3GLUFfKMSJQuP1UvuKQe8DyovE7Eaiit0l6By4zjTodkR4V8NWXJxNmlg8t8rP-Q-wp3jVmeAOml8cjMj__ROGAYznzb_HgmlkgnY0gmlwhA-cZ_eHb3BzdGFja4X947FQAIlzZWNwMjU2azGhAiuDqvB-AsVSRmnnWr6OHfjgY8YfNclFy9p02flKzXnOg3RjcIJ2YYN1ZHCCdmE,enr:-J-4QDCVpByqQ8nFqCS9aHicqwUfXgzFDslvpEyYz19lvkHLIdtcIGp2d4q5dxHdjRNTO6HXCsnIKxUeuZSPcEbyVQCGAYznzz0RgmlkgnY0gmlwhANiQfuHb3BzdGFja4X947FQAIlzZWNwMjU2azGhAy3AtF2Jh_aPdOohg506Hjmtx-fQ1AKmu71C7PfkWAw9g3RjcIJ2YYN1ZHCCdmE
+OP_NODE_P2P_BOOTNODES=enr:-J-4QM3GLUFfKMSJQuP1UvuKQe8DyovE7Eaiit0l6By4zjTodkR4V8NWXJxNmlg8t8rP-Q-wp3jVmeAOml8cjMj__ROGAYznzb_HgmlkgnY0gmlwhA-cZ_eHb3BzdGFja4X947FQAIlzZWNwMjU2azGhAiuDqvB-AsVSRmnnWr6OHfjgY8YfNclFy9p02flKzXnOg3RjcIJ2YYN1ZHCCdmE,enr:-J-4QDCVpByqQ8nFqCS9aHicqwUfXgzFDslvpEyYz19lvkHLIdtcIGp2d4q5dxHdjRNTO6HXCsnIKxUeuZSPcEbyVQCGAYznzz0RgmlkgnY0gmlwhANiQfuHb3BzdGFja4X947FQAIlzZWNwMjU2azGhAy3AtF2Jh_aPdOohg506Hjmtx-fQ1AKmu71C7PfkWAw9g3RjcIJ2YYN1ZHCCdmE

stack_orchestrator/data/config/fixturenet-eth-metrics/grafana/etc/dashboards/fixturenet_dashboard.json

@@ -1411,4 +1411,4 @@
   "uid": "nT9VeZoVk",
   "version": 2,
   "weekStart": ""
-}
+}

stack_orchestrator/data/config/fixturenet-optimism/optimism-contracts/deploy-contracts.sh

@@ -65,7 +65,7 @@ if [ -n "$CERC_L1_ADDRESS" ] && [ -n "$CERC_L1_PRIV_KEY" ]; then
   # Sequencer
   SEQ=$(echo "$wallet3" | awk '/Address:/{print $2}')
   SEQ_KEY=$(echo "$wallet3" | awk '/Private key:/{print $3}')
-  
+
   echo "Funding accounts."
   wait_for_block 1 300
   cast send --from $ADMIN --rpc-url $CERC_L1_RPC --value 5ether $PROPOSER --private-key $ADMIN_KEY

stack_orchestrator/data/config/fixturenet-pocket/genesis.json

@@ -56,7 +56,7 @@
                             "value": "!validator-pubkey"
                         }
                     }
-                } 
+                }
             ],
             "supply": []
         },
@@ -269,4 +269,4 @@
             "claims": null
         }
     }
-}
+}

stack_orchestrator/data/config/keycloak/import/cerc-realm.json

@@ -2084,4 +2084,4 @@
   "clientPolicies": {
     "policies": []
   }
-}
+}

stack_orchestrator/data/config/mainnet-blast/import/cerc-realm.json

@@ -2388,4 +2388,4 @@
   "clientPolicies": {
     "policies": []
   }
-}
+}

stack_orchestrator/data/config/mainnet-blast/rollup.json

@@ -29,4 +29,3 @@
     "l1_system_config_address": "0x5531dcff39ec1ec727c4c5d2fc49835368f805a9",
     "protocol_versions_address": "0x0000000000000000000000000000000000000000"
   }
-  

stack_orchestrator/data/config/mainnet-eth-keycloak/import/cerc-realm.json

@@ -2388,4 +2388,4 @@
   "clientPolicies": {
     "policies": []
   }
-}
+}

stack_orchestrator/data/config/mainnet-eth-keycloak/scripts/keycloak-mirror/keycloak-mirror.py

@@ -12,7 +12,10 @@ from fabric import Connection
 
 
 def dump_src_db_to_file(db_host, db_port, db_user, db_password, db_name, file_name):
-    command = f"pg_dump -h {db_host} -p {db_port} -U {db_user} -d {db_name} -c --inserts -f {file_name}"
+    command = (
+        f"pg_dump -h {db_host} -p {db_port} -U {db_user} "
+        f"-d {db_name} -c --inserts -f {file_name}"
+    )
     my_env = os.environ.copy()
     my_env["PGPASSWORD"] = db_password
     print(f"Exporting from {db_host}:{db_port}/{db_name} to {file_name}... ", end="")

stack_orchestrator/data/config/mainnet-go-opera/go-opera.env

@@ -1 +0,0 @@
-

stack_orchestrator/data/config/monitoring/grafana/dashboards/subgraphs-dashboard.json

@@ -1901,4 +1901,4 @@
   "uid": "b54352dd-35f6-4151-97dc-265bab0c67e9",
   "version": 18,
   "weekStart": ""
-}
+}

stack_orchestrator/data/config/monitoring/watcher-alert-rules.yml

@@ -849,7 +849,7 @@ groups:
         annotations:
           summary: Watcher {{ index $labels "instance" }} of group {{ index $labels "job" }} is falling behind external head by {{ index $values "diff" }}
         isPaused: false
-      
+
       # Secured Finance
       - uid: secured_finance_diff_external
         title: secured_finance_watcher_head_tracking

stack_orchestrator/data/config/ponder/deploy-erc20-contract.sh

@@ -14,7 +14,7 @@ echo ACCOUNT_PRIVATE_KEY=${CERC_PRIVATE_KEY_DEPLOYER} >> .env
 if [ -f ${erc20_address_file} ]; then
   echo "${erc20_address_file} already exists, skipping ERC20 contract deployment"
   cat ${erc20_address_file}
-  
+
   # Keep the container running
   tail -f
 fi

stack_orchestrator/data/config/test/script.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Hello"

stack_orchestrator/data/config/test/settings.env

@@ -0,0 +1 @@
+ANSWER=42

stack_orchestrator/data/config/watcher-mobymask/mobymask-watcher-db.sql

@@ -940,4 +940,3 @@ ALTER TABLE ONLY public.state
 --
 -- PostgreSQL database dump complete
 --
-

stack_orchestrator/data/container-build/cerc-builder-gerbil/README.md

@@ -18,4 +18,3 @@ root@7c4124bb09e3:/src#
 ```
 
 Now gerbil commands can be run.
-

stack_orchestrator/data/container-build/cerc-builder-js/yarn-local-registry-fixup.sh

@@ -23,7 +23,7 @@ local_npm_registry_url=$2
 versioned_target_package=$(yarn list --pattern ${target_package} --depth=0 --json --non-interactive --no-progress | jq -r '.data.trees[].name')
 # Use yarn info to get URL checksums etc from the new registry
 yarn_info_output=$(yarn info --json $versioned_target_package 2>/dev/null)
-# First check if the target version actually exists. 
+# First check if the target version actually exists.
 # If it doesn't exist there will be no .data.dist.tarball element,
 # and jq will output the string "null"
 package_tarball=$(echo $yarn_info_output | jq -r .data.dist.tarball)

stack_orchestrator/data/container-build/cerc-fixturenet-eth-genesis/genesis/accounts/mnemonic_to_csv.py

@@ -11,6 +11,8 @@ if len(sys.argv) > 1:
 with open(testnet_config_path) as stream:
     data = yaml.safe_load(stream)
 
-for key, value in data['el_premine'].items():
-    acct = w3.eth.account.from_mnemonic(data['mnemonic'], account_path=key, passphrase='')
+for key, value in data["el_premine"].items():
+    acct = w3.eth.account.from_mnemonic(
+        data["mnemonic"], account_path=key, passphrase=""
+    )
     print("%s,%s,%s" % (key, acct.address, acct.key.hex()))

stack_orchestrator/data/container-build/cerc-go-ethereum-foundry/stateful/foundry.toml

@@ -4,4 +4,4 @@ out = 'out'
 libs = ['lib']
 remappings = ['ds-test/=lib/ds-test/src/']
 
-# See more config options https://github.com/gakonst/foundry/tree/master/config
+# See more config options https://github.com/gakonst/foundry/tree/master/config

stack_orchestrator/data/container-build/cerc-go-ethereum-foundry/stateful/src/Stateful.sol

@@ -20,4 +20,4 @@ contract Stateful {
   function inc() public {
     x = x + 1;
   }
-}
+}

stack_orchestrator/data/container-build/cerc-laconic-registry-cli/demo-records/demo-record-10.yml

@@ -11,4 +11,4 @@ record:
     foo: bar
   tags:
     - a
-    - b 
+    - b

stack_orchestrator/data/container-build/cerc-laconic-registry-cli/demo-records/demo-record-11.yml

@@ -9,4 +9,4 @@ record:
     foo: bar
   tags:
     - a
-    - b 
+    - b

stack_orchestrator/data/container-build/cerc-laconicd/build.sh

@@ -1,4 +1,4 @@
 #!/usr/bin/env bash
 # Build cerc/laconicd
 source ${CERC_CONTAINER_BASE_DIR}/build-base.sh
-docker build -t cerc/laconicd:local ${build_command_args} ${CERC_REPO_BASE_DIR}/laconicd
+docker build -t cerc/laconicd:local ${build_command_args} ${CERC_REPO_BASE_DIR}/laconicd

stack_orchestrator/data/container-build/cerc-nextjs-base/scripts/start-serving-app.sh

@@ -36,7 +36,7 @@ if [ -f "./run-webapp.sh" ]; then
   ./run-webapp.sh &
   tpid=$!
   wait $tpid
-else 
+else
   "$SCRIPT_DIR/apply-runtime-env.sh" "`pwd`" .next .next-r
   mv .next .next.old
   mv .next-r/.next .

stack_orchestrator/data/container-build/cerc-ping-pub/Dockerfile.base

@@ -5,4 +5,3 @@ WORKDIR /app
 COPY . .
 
 RUN yarn
-

stack_orchestrator/data/container-build/cerc-ping-pub/scripts/update-explorer-config.sh

@@ -22,7 +22,7 @@ fi
 # infers the directory from which to load chain configuration files
 # by the presence or absense of the substring "testnet" in the host name
 # (browser side -- the host name of the host in the address bar of the browser)
-# Accordingly we configure our network in both directories in order to 
+# Accordingly we configure our network in both directories in order to
 # subvert this lunacy.
 explorer_mainnet_config_dir=/app/chains/mainnet
 explorer_testnet_config_dir=/app/chains/testnet

stack_orchestrator/data/container-build/cerc-test-container/Dockerfile

@@ -1,9 +1,6 @@
-FROM ubuntu:latest
+FROM alpine:latest
 
-RUN apt-get update && export DEBIAN_FRONTEND=noninteractive && export DEBCONF_NOWARNINGS="yes" && \
-    apt-get install -y software-properties-common && \
-    apt-get install -y nginx && \
-    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN apk add --no-cache nginx
 
 EXPOSE 80
 

stack_orchestrator/data/container-build/cerc-test-container/run.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 set -e
 
 if [ -n "$CERC_SCRIPT_DEBUG" ]; then
@@ -8,14 +8,14 @@ fi
 echo "Test container starting"
 
 DATA_DEVICE=$(df | grep "/data$" | awk '{ print $1 }')
-if [[ -n "$DATA_DEVICE" ]]; then
+if [ -n "$DATA_DEVICE" ]; then
   echo "/data: MOUNTED dev=${DATA_DEVICE}"
 else
   echo "/data: not mounted"
 fi
 
 DATA2_DEVICE=$(df | grep "/data2$" | awk '{ print $1 }')
-if [[ -n "$DATA_DEVICE" ]]; then
+if [ -n "$DATA_DEVICE" ]; then
   echo "/data2: MOUNTED dev=${DATA2_DEVICE}"
 else
   echo "/data2: not mounted"
@@ -23,7 +23,7 @@ fi
 
 # Test if the container's filesystem is old (run previously) or new
 for d in /data /data2; do
-  if [[ -f "$d/exists" ]];
+  if [ -f "$d/exists" ];
   then
       TIMESTAMP=`cat $d/exists`
       echo "$d filesystem is old, created: $TIMESTAMP"
@@ -52,7 +52,7 @@ fi
 if [ -d "/config" ]; then
   echo "/config: EXISTS"
   for f in /config/*; do
-    if [[ -f "$f" ]] || [[ -L "$f" ]]; then
+    if [ -f "$f" ] || [ -L "$f" ]; then
       echo "$f:"
       cat "$f"
       echo ""
@@ -64,4 +64,4 @@ else
 fi
 
 # Run nginx which will block here forever
-/usr/sbin/nginx -g "daemon off;"
+nginx -g "daemon off;"

stack_orchestrator/data/container-build/cerc-test-database-client/build.sh

@@ -2,4 +2,4 @@
 # Build cerc/test-container
 source ${CERC_CONTAINER_BASE_DIR}/build-base.sh
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
-docker build -t cerc/test-database-client:local -f ${SCRIPT_DIR}/Dockerfile ${build_command_args} $SCRIPT_DIR
+docker build -t cerc/test-database-client:local -f ${SCRIPT_DIR}/Dockerfile ${build_command_args} $SCRIPT_DIR

stack_orchestrator/data/container-build/cerc-webapp-base/scripts/start-serving-app.sh

@@ -8,7 +8,7 @@ CERC_WEBAPP_FILES_DIR="${CERC_WEBAPP_FILES_DIR:-/data}"
 CERC_ENABLE_CORS="${CERC_ENABLE_CORS:-false}"
 CERC_SINGLE_PAGE_APP="${CERC_SINGLE_PAGE_APP}"
 
-if [ -z "${CERC_SINGLE_PAGE_APP}" ]; then 
+if [ -z "${CERC_SINGLE_PAGE_APP}" ]; then
   # If there is only one HTML file, assume an SPA.
   if [ 1 -eq $(find "${CERC_WEBAPP_FILES_DIR}" -name '*.html' | wc -l) ]; then
     CERC_SINGLE_PAGE_APP=true

stack_orchestrator/data/k8s/components/ingress/ingress-caddy-kind-deploy.yaml

@@ -0,0 +1,261 @@
+# Caddy Ingress Controller for kind
+# Based on: https://github.com/caddyserver/ingress
+# Provides automatic HTTPS with Let's Encrypt
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: caddy-system
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: caddy-ingress-controller
+  namespace: caddy-system
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: caddy-ingress-controller
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+      - endpoints
+      - nodes
+      - pods
+      - namespaces
+      - services
+    verbs:
+      - list
+      - watch
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - list
+      - watch
+      - get
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - create
+      - update
+      - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: caddy-ingress-controller
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: caddy-ingress-controller
+subjects:
+  - kind: ServiceAccount
+    name: caddy-ingress-controller
+    namespace: caddy-system
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: caddy-ingress-controller-configmap
+  namespace: caddy-system
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+data:
+  # Caddy global options
+  acmeCA: "https://acme-v02.api.letsencrypt.org/directory"
+  email: ""
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: caddy-ingress-controller
+  namespace: caddy-system
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+    app.kubernetes.io/component: controller
+spec:
+  type: NodePort
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+      protocol: TCP
+    - name: https
+      port: 443
+      targetPort: https
+      protocol: TCP
+  selector:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+    app.kubernetes.io/component: controller
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: caddy-ingress-controller
+  namespace: caddy-system
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+    app.kubernetes.io/component: controller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: caddy-ingress-controller
+      app.kubernetes.io/instance: caddy-ingress
+      app.kubernetes.io/component: controller
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: caddy-ingress-controller
+        app.kubernetes.io/instance: caddy-ingress
+        app.kubernetes.io/component: controller
+    spec:
+      serviceAccountName: caddy-ingress-controller
+      terminationGracePeriodSeconds: 60
+      nodeSelector:
+        ingress-ready: "true"
+        kubernetes.io/os: linux
+      tolerations:
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Equal
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+          operator: Equal
+      containers:
+        - name: caddy-ingress-controller
+          image: caddy/ingress:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 80
+              hostPort: 80
+              protocol: TCP
+            - name: https
+              containerPort: 443
+              hostPort: 443
+              protocol: TCP
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          args:
+            - -config-map=caddy-system/caddy-ingress-controller-configmap
+            - -class-name=caddy
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi
+            limits:
+              cpu: 1000m
+              memory: 512Mi
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 9765
+            initialDelaySeconds: 3
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 9765
+            initialDelaySeconds: 3
+            periodSeconds: 10
+          securityContext:
+            allowPrivilegeEscalation: true
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+              drop:
+                - ALL
+            runAsUser: 0
+            runAsGroup: 0
+          volumeMounts:
+            - name: caddy-data
+              mountPath: /data
+            - name: caddy-config
+              mountPath: /config
+      volumes:
+        - name: caddy-data
+          emptyDir: {}
+        - name: caddy-config
+          emptyDir: {}
+---
+apiVersion: networking.k8s.io/v1
+kind: IngressClass
+metadata:
+  name: caddy
+  labels:
+    app.kubernetes.io/name: caddy-ingress-controller
+    app.kubernetes.io/instance: caddy-ingress
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: "true"
+spec:
+  controller: caddy.io/ingress-controller

stack_orchestrator/data/stacks/build-support/README.md

@@ -6,7 +6,7 @@ JS/TS/NPM builds need an npm registry to store intermediate package artifacts.
 This can be supplied by the user (e.g. using a hosted registry or even npmjs.com), or a local registry using gitea can be deployed by stack orchestrator.
 To use a user-supplied registry set these environment variables:
 
-`CERC_NPM_REGISTRY_URL` and 
+`CERC_NPM_REGISTRY_URL` and
 `CERC_NPM_AUTH_TOKEN`
 
 Leave `CERC_NPM_REGISTRY_URL` un-set to use the local gitea registry.
@@ -22,7 +22,7 @@ $ laconic-so --stack build-support build-containers
 
 ```
 $ laconic-so --stack package-registry setup-repositories
-$ laconic-so --stack package-registry build-containers 
+$ laconic-so --stack package-registry build-containers
 $ laconic-so --stack package-registry deploy up
 [+] Running 3/3
  ⠿ Network laconic-aecc4a21d3a502b14522db97d427e850_gitea       Created                                                                                    0.0s

stack_orchestrator/data/stacks/fixturenet-blast/stack.yml

@@ -14,4 +14,3 @@ containers:
 pods:
   - fixturenet-blast
   - foundry
-  

stack_orchestrator/data/stacks/fixturenet-eth-loaded/README.md

@@ -3,4 +3,3 @@
 A "loaded" version of fixturenet-eth, with all the bells and whistles enabled.
 
 TODO: write me
-

stack_orchestrator/data/stacks/fixturenet-laconicd/README.md

@@ -12,7 +12,7 @@ $ chmod +x ./laconic-so
 $ export PATH=$PATH:$(pwd)  # Or move laconic-so to ~/bin or your favorite on-path directory
 ```
 ## 2. Prepare the local build environment
-Note that this step needs only to be done once on a new machine. 
+Note that this step needs only to be done once on a new machine.
 Detailed instructions can be found [here](../build-support/README.md). For the impatient run these commands:
 ```
 $ laconic-so --stack build-support build-containers --exclude cerc/builder-gerbil

stack_orchestrator/data/stacks/fixturenet-optimism/README.md

@@ -52,7 +52,7 @@ laconic-so --stack fixturenet-optimism deploy init --map-ports-to-host any-fixed
 It is usually necessary to expose certain container ports on one or more the host's addresses to allow incoming connections.
 Any ports defined in the Docker compose file are exposed by default with random port assignments, bound to "any" interface (IP address 0.0.0.0), but the port mappings can be customized by editing the "spec" file generated by `laconic-so deploy init`.
 
-In addition, a stack-wide port mapping "recipe" can be applied at the time the 
+In addition, a stack-wide port mapping "recipe" can be applied at the time the
 `laconic-so deploy init` command is run, by supplying the  desired recipe with the `--map-ports-to-host` option. The following recipes are supported:
 | Recipe | Host Port Mapping |
 |--------|-------------------|
@@ -62,11 +62,11 @@ In addition, a stack-wide port mapping "recipe" can be applied at the time the
 | localhost-fixed-random | Bind to 127.0.0.1 using a random port number selected at the time the command is run (not checked for already in use)|
 | any-fixed-random | Bind to 0.0.0.0 using a random port number selected at the time the command is run (not checked for already in use) |
 
-For example, you may wish to use `any-fixed-random` to generate the initial mappings and then edit the spec file to set the `fixturenet-eth-geth-1` RPC to port 8545 and the `op-geth` RPC to port 9545 on the host.  
+For example, you may wish to use `any-fixed-random` to generate the initial mappings and then edit the spec file to set the `fixturenet-eth-geth-1` RPC to port 8545 and the `op-geth` RPC to port 9545 on the host.
 
 Or, you may wish to use `any-same` for the initial mappings -- in which case you'll have to edit the spec to file to ensure the various geth instances aren't all trying to publish to host ports 8545/8546 at once.
 
-### Data volumes 
+### Data volumes
 Container data volumes are bind-mounted to specified paths in the host filesystem.
 The default setup (generated by `laconic-so deploy init`) places the volumes in the `./data` subdirectory of the deployment directory. The default mappings can be customized by editing the "spec" file generated by `laconic-so deploy init`.
 
@@ -101,7 +101,7 @@ docker logs -f <CONTAINER_ID>
 
 ## Example: bridge some ETH from L1 to L2
 
-Send some ETH from the desired account to the `L1StandardBridgeProxy` contract on L1 to test bridging to L2.  
+Send some ETH from the desired account to the `L1StandardBridgeProxy` contract on L1 to test bridging to L2.
 
 We can use the testing account `0xe6CE22afe802CAf5fF7d3845cec8c736ecc8d61F` which is pre-funded and unlocked, and the `cerc/foundry:local` container to make use of the `cast` cli.
 

stack_orchestrator/data/stacks/fixturenet-optimism/deploy/commands.py

@@ -17,16 +17,21 @@ from stack_orchestrator.deploy.deployment_context import DeploymentContext
 
 
 def create(context: DeploymentContext, extra_args):
-    # Slightly modify the base fixturenet-eth compose file to replace the startup script for fixturenet-eth-geth-1
-    # We need to start geth with the flag to allow non eip-155 compliant transactions in order to publish the
-    # deterministic-deployment-proxy contract, which itself is a prereq for Optimism contract deployment
-    fixturenet_eth_compose_file = context.deployment_dir.joinpath('compose', 'docker-compose-fixturenet-eth.yml')
+    # Slightly modify the base fixturenet-eth compose file to replace the
+    # startup script for fixturenet-eth-geth-1
+    # We need to start geth with the flag to allow non eip-155 compliant
+    # transactions in order to publish the
+    # deterministic-deployment-proxy contract, which itself is a prereq for
+    # Optimism contract deployment
+    fixturenet_eth_compose_file = context.deployment_dir.joinpath(
+        "compose", "docker-compose-fixturenet-eth.yml"
+    )
 
-    new_script = '../config/fixturenet-optimism/run-geth.sh:/opt/testnet/run.sh'
+    new_script = "../config/fixturenet-optimism/run-geth.sh:/opt/testnet/run.sh"
 
     def add_geth_volume(yaml_data):
-        if new_script not in yaml_data['services']['fixturenet-eth-geth-1']['volumes']:
-            yaml_data['services']['fixturenet-eth-geth-1']['volumes'].append(new_script)
+        if new_script not in yaml_data["services"]["fixturenet-eth-geth-1"]["volumes"]:
+            yaml_data["services"]["fixturenet-eth-geth-1"]["volumes"].append(new_script)
 
     context.modify_yaml(fixturenet_eth_compose_file, add_geth_volume)
 

stack_orchestrator/data/stacks/fixturenet-optimism/l2-only.md

@@ -38,7 +38,7 @@ laconic-so --stack fixturenet-optimism deploy init --map-ports-to-host any-fixed
 It is usually necessary to expose certain container ports on one or more the host's addresses to allow incoming connections.
 Any ports defined in the Docker compose file are exposed by default with random port assignments, bound to "any" interface (IP address 0.0.0.0), but the port mappings can be customized by editing the "spec" file generated by `laconic-so deploy init`.
 
-In addition, a stack-wide port mapping "recipe" can be applied at the time the 
+In addition, a stack-wide port mapping "recipe" can be applied at the time the
 `laconic-so deploy init` command is run, by supplying the  desired recipe with the `--map-ports-to-host` option. The following recipes are supported:
 | Recipe | Host Port Mapping |
 |--------|-------------------|
@@ -48,9 +48,9 @@ In addition, a stack-wide port mapping "recipe" can be applied at the time the
 | localhost-fixed-random | Bind to 127.0.0.1 using a random port number selected at the time the command is run (not checked for already in use)|
 | any-fixed-random | Bind to 0.0.0.0 using a random port number selected at the time the command is run (not checked for already in use) |
 
-For example, you may wish to use `any-fixed-random` to generate the initial mappings and then edit the spec file to set the `op-geth` RPC to an easy to remember port like 8545 or 9545 on the host.  
+For example, you may wish to use `any-fixed-random` to generate the initial mappings and then edit the spec file to set the `op-geth` RPC to an easy to remember port like 8545 or 9545 on the host.
 
-### Data volumes 
+### Data volumes
 Container data volumes are bind-mounted to specified paths in the host filesystem.
 The default setup (generated by `laconic-so deploy init`) places the volumes in the `./data` subdirectory of the deployment directory. The default mappings can be customized by editing the "spec" file generated by `laconic-so deploy init`.
 

stack_orchestrator/data/stacks/fixturenet-payments/ponder-demo.md

@@ -128,7 +128,7 @@ Stack components:
       removed
       topics
       transactionHash
-      transactionIndex 
+      transactionIndex
     }
 
     getEthBlock(
@@ -211,14 +211,14 @@ Stack components:
         hash
       }
       log {
-        id 
+        id
       }
       block {
         number
       }
     }
     metadata {
-      pageEndsAtTimestamp	
+      pageEndsAtTimestamp
       isLastPage
     }
   }
@@ -227,7 +227,7 @@ Stack components:
 * Open watcher Ponder app endpoint http://localhost:42069
 
   * Try GQL query to see transfer events
-    
+
     ```graphql
     {
       transferEvents (orderBy: "timestamp", orderDirection: "desc") {
@@ -251,9 +251,9 @@ Stack components:
     ```bash
     export TOKEN_ADDRESS=$(docker exec payments-ponder-er20-contracts-1 jq -r '.address' ./deployment/erc20-address.json)
     ```
-  
+
   * Transfer token
-  
+
     ```bash
     docker exec -it payments-ponder-er20-contracts-1 bash -c "yarn token:transfer:docker --token ${TOKEN_ADDRESS} --to 0xe22AD83A0dE117bA0d03d5E94Eb4E0d80a69C62a --amount 5000"
     ```

stack_orchestrator/data/stacks/fixturenet-pocket/README.md

@@ -48,7 +48,7 @@ or see the full logs:
 $ laconic-so --stack fixturenet-pocket deploy logs pocket
 ```
 ## 5. Send a relay request to Pocket node
-The Pocket node serves relay requests at `http://localhost:8081/v1/client/sim`  
+The Pocket node serves relay requests at `http://localhost:8081/v1/client/sim`
 
 Example request:
 ```

stack_orchestrator/data/stacks/fixturenet-sushiswap-subgraph/README.md

@@ -154,12 +154,12 @@ http://127.0.0.1:<HOST_PORT>/subgraphs/name/sushiswap/v3-lotus/graphql
       deployment
       hasIndexingErrors
     }
-    
+
     factories {
       poolCount
       id
     }
-    
+
     pools {
       id
       token0 {

stack_orchestrator/data/stacks/graph-node/deploy-subgraph.md

@@ -7,7 +7,7 @@ We will use the [ethereum-gravatar](https://github.com/graphprotocol/graph-tooli
 - Clone the repo
   ```bash
   git clone git@github.com:graphprotocol/graph-tooling.git
-  
+
   cd graph-tooling
   ```
 
@@ -54,11 +54,11 @@ The following steps should be similar for every subgraph
 - Create and deploy the subgraph
   ```bash
   pnpm graph create example --node <GRAPH_NODE_DEPLOY_ENDPOINT>
-  
+
   pnpm graph deploy example --ipfs <GRAPH_NODE_IPFS_ENDPOINT> --node <GRAPH_NODE_DEPLOY_ENDPOINT>
   ```
   - `GRAPH_NODE_DEPLOY_ENDPOINT` and `GRAPH_NODE_IPFS_ENDPOINT` will be available after graph-node has been deployed
-  - More details can be seen in [Create a deployment](./README.md#create-a-deployment) section 
+  - More details can be seen in [Create a deployment](./README.md#create-a-deployment) section
 
 - The subgraph GQL endpoint will be seen after deploy command runs successfully
 

stack_orchestrator/data/stacks/kubo/stack.yml

@@ -1,7 +1,7 @@
 version: "1.0"
-name: kubo 
+name: kubo
 description: "Run kubo (IPFS)"
 repos:
 containers:
 pods:
-  - kubo 
+  - kubo

stack_orchestrator/data/stacks/laconic-dot-com/README.md

@@ -2,7 +2,7 @@
 
 ```
 laconic-so --stack laconic-dot-com setup-repositories
-laconic-so --stack laconic-dot-com build-containers 
+laconic-so --stack laconic-dot-com build-containers
 laconic-so --stack laconic-dot-com deploy init --output laconic-website-spec.yml --map-ports-to-host localhost-same
 laconic-so --stack laconic-dot-com deploy create --spec-file laconic-website-spec.yml --deployment-dir lx-website
 laconic-so deployment --dir lx-website start

stack_orchestrator/data/stacks/lasso/README.md

@@ -2,6 +2,6 @@
 
 ```
 laconic-so --stack lasso setup-repositories
-laconic-so --stack lasso build-containers 
+laconic-so --stack lasso build-containers
 laconic-so --stack lasso deploy up
 ```

stack_orchestrator/data/stacks/mainnet-blast/deploy/commands.py

@@ -22,18 +22,24 @@ import yaml
 def create(context, extra_args):
     # Our goal here is just to copy the json files for blast
     yml_path = context.deployment_dir.joinpath("spec.yml")
-    with open(yml_path, 'r') as file:
+    with open(yml_path, "r") as file:
         data = yaml.safe_load(file)
 
-    mount_point = data['volumes']['blast-data']
+    mount_point = data["volumes"]["blast-data"]
     if mount_point[0] == "/":
         deploy_dir = Path(mount_point)
     else:
         deploy_dir = context.deployment_dir.joinpath(mount_point)
 
     command_context = extra_args[2]
-    compose_file = [f for f in command_context.cluster_context.compose_files if "mainnet-blast" in f][0]
-    source_config_file = Path(compose_file).parent.parent.joinpath("config", "mainnet-blast", "genesis.json")
+    compose_file = [
+        f for f in command_context.cluster_context.compose_files if "mainnet-blast" in f
+    ][0]
+    source_config_file = Path(compose_file).parent.parent.joinpath(
+        "config", "mainnet-blast", "genesis.json"
+    )
     copy(source_config_file, deploy_dir)
-    source_config_file = Path(compose_file).parent.parent.joinpath("config", "mainnet-blast", "rollup.json")
+    source_config_file = Path(compose_file).parent.parent.joinpath(
+        "config", "mainnet-blast", "rollup.json"
+    )
     copy(source_config_file, deploy_dir)

stack_orchestrator/data/stacks/mainnet-eth-plugeth/README.md

@@ -92,7 +92,7 @@ volumes:
   mainnet_eth_plugeth_geth_1_data: ./data/mainnet_eth_plugeth_geth_1_data
   mainnet_eth_plugeth_lighthouse_1_data: ./data/mainnet_eth_plugeth_lighthouse_1_data
 ```
-In addition, a stack-wide port mapping "recipe" can be applied at the time the 
+In addition, a stack-wide port mapping "recipe" can be applied at the time the
 `laconic-so deploy init` command is run, by supplying the  desired recipe with the `--map-ports-to-host` option. The following recipes are supported:
 | Recipe | Host Port Mapping |
 |--------|-------------------|

stack_orchestrator/data/stacks/mainnet-eth-plugeth/deploy/commands.py

@@ -27,6 +27,8 @@ def setup(ctx):
 def create(ctx, extra_args):
     # Generate the JWT secret and save to its config file
     secret = token_hex(32)
-    jwt_file_path = ctx.deployment_dir.joinpath("data", "mainnet_eth_plugeth_config_data", "jwtsecret")
-    with open(jwt_file_path, 'w+') as jwt_file:
+    jwt_file_path = ctx.deployment_dir.joinpath(
+        "data", "mainnet_eth_plugeth_config_data", "jwtsecret"
+    )
+    with open(jwt_file_path, "w+") as jwt_file:
         jwt_file.write(secret)

stack_orchestrator/data/stacks/mainnet-eth/README.md

@@ -92,7 +92,7 @@ volumes:
   mainnet_eth_geth_1_data: ./data/mainnet_eth_geth_1_data
   mainnet_eth_lighthouse_1_data: ./data/mainnet_eth_lighthouse_1_data
 ```
-In addition, a stack-wide port mapping "recipe" can be applied at the time the 
+In addition, a stack-wide port mapping "recipe" can be applied at the time the
 `laconic-so deploy init` command is run, by supplying the  desired recipe with the `--map-ports-to-host` option. The following recipes are supported:
 | Recipe | Host Port Mapping |
 |--------|-------------------|

stack_orchestrator/data/stacks/mainnet-eth/deploy/commands.py

@@ -27,6 +27,8 @@ def setup(ctx):
 def create(ctx, extra_args):
     # Generate the JWT secret and save to its config file
     secret = token_hex(32)
-    jwt_file_path = ctx.deployment_dir.joinpath("data", "mainnet_eth_config_data", "jwtsecret")
-    with open(jwt_file_path, 'w+') as jwt_file:
+    jwt_file_path = ctx.deployment_dir.joinpath(
+        "data", "mainnet_eth_config_data", "jwtsecret"
+    )
+    with open(jwt_file_path, "w+") as jwt_file:
         jwt_file.write(secret)

stack_orchestrator/data/stacks/mainnet-go-opera/README.md

@@ -36,9 +36,9 @@ laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | 'mainnet-109331-no-histor
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.034] Maximum peer count                       total=50
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.034] Smartcard socket not found, disabling    err="stat /run/pcscd/pcscd.comm: no such file or directory"
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.034] Genesis file is a known preset           name="Mainnet-109331 without history"
-laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.052] Applying genesis state 
-laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.052] - Reading epochs unit 0 
-laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.054] - Reading blocks unit 0 
+laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.052] Applying genesis state
+laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.052] - Reading epochs unit 0
+laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.054] - Reading blocks unit 0
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.530] Applied genesis state                    name=main                             id=250 genesis=0x4a53c5445584b3bfc20dbfb2ec18ae20037c716f3ba2d9e1da768a9deca17cb4
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.531] Regenerated local transaction journal    transactions=0 accounts=0
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.532] Starting peer-to-peer node               instance=go-opera/v1.1.2-rc.5-50cd051d-1677276206/linux-amd64/go1.19.10
@@ -47,7 +47,7 @@ laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.537]
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.537] IPC endpoint opened                      url=/root/.opera/opera.ipc
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.538] HTTP server started                      endpoint=[::]:18545 prefix= cors=* vhosts=localhost
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.538] WebSocket enabled                        url=ws://[::]:18546
-laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.538] Rebuilding state snapshot 
+laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.538] Rebuilding state snapshot
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.538] EVM snapshot                             module=gossip-store at=000000..000000 generating=true
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.538] Resuming state snapshot generation       accounts=0 slots=0 storage=0.00B elapsed="189.74µs"
 laconic-f028f14527b95e2eb97f0c0229d00939-go-opera-1  | INFO [06-20|13:32:33.538] Generated state snapshot                 accounts=0 slots=0 storage=0.00B elapsed="265.061µs"

stack_orchestrator/data/stacks/mainnet-laconic/README.md

@@ -1,2 +1 @@
 # Laconic Mainnet Deployment (experimental)
-

stack_orchestrator/data/stacks/mainnet-laconic/deploy/commands.py

@@ -14,7 +14,10 @@
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 
 from stack_orchestrator.util import get_yaml
-from stack_orchestrator.deploy.deploy_types import DeployCommandContext, LaconicStackSetupCommand
+from stack_orchestrator.deploy.deploy_types import (
+    DeployCommandContext,
+    LaconicStackSetupCommand,
+)
 from stack_orchestrator.deploy.deployment_context import DeploymentContext
 from stack_orchestrator.deploy.stack_state import State
 from stack_orchestrator.deploy.deploy_util import VolumeMapping, run_container_command
@@ -75,7 +78,12 @@ def _copy_gentx_files(network_dir: Path, gentx_file_list: str):
     gentx_files = _comma_delimited_to_list(gentx_file_list)
     for gentx_file in gentx_files:
         gentx_file_path = Path(gentx_file)
-        copyfile(gentx_file_path, os.path.join(network_dir, "config", "gentx", os.path.basename(gentx_file_path)))
+        copyfile(
+            gentx_file_path,
+            os.path.join(
+                network_dir, "config", "gentx", os.path.basename(gentx_file_path)
+            ),
+        )
 
 
 def _remove_persistent_peers(network_dir: Path):
@@ -86,8 +94,13 @@ def _remove_persistent_peers(network_dir: Path):
     with open(config_file_path, "r") as input_file:
         config_file_content = input_file.read()
         persistent_peers_pattern = '^persistent_peers = "(.+?)"'
-        replace_with = "persistent_peers = \"\""
-        config_file_content = re.sub(persistent_peers_pattern, replace_with, config_file_content, flags=re.MULTILINE)
+        replace_with = 'persistent_peers = ""'
+        config_file_content = re.sub(
+            persistent_peers_pattern,
+            replace_with,
+            config_file_content,
+            flags=re.MULTILINE,
+        )
     with open(config_file_path, "w") as output_file:
         output_file.write(config_file_content)
 
@@ -100,8 +113,13 @@ def _insert_persistent_peers(config_dir: Path, new_persistent_peers: str):
     with open(config_file_path, "r") as input_file:
         config_file_content = input_file.read()
         persistent_peers_pattern = r'^persistent_peers = ""'
-        replace_with = f"persistent_peers = \"{new_persistent_peers}\""
-        config_file_content = re.sub(persistent_peers_pattern, replace_with, config_file_content, flags=re.MULTILINE)
+        replace_with = f'persistent_peers = "{new_persistent_peers}"'
+        config_file_content = re.sub(
+            persistent_peers_pattern,
+            replace_with,
+            config_file_content,
+            flags=re.MULTILINE,
+        )
     with open(config_file_path, "w") as output_file:
         output_file.write(config_file_content)
 
@@ -113,9 +131,11 @@ def _enable_cors(config_dir: Path):
         sys.exit(1)
     with open(config_file_path, "r") as input_file:
         config_file_content = input_file.read()
-        cors_pattern = r'^cors_allowed_origins = \[]'
+        cors_pattern = r"^cors_allowed_origins = \[]"
         replace_with = 'cors_allowed_origins = ["*"]'
-        config_file_content = re.sub(cors_pattern, replace_with, config_file_content, flags=re.MULTILINE)
+        config_file_content = re.sub(
+            cors_pattern, replace_with, config_file_content, flags=re.MULTILINE
+        )
     with open(config_file_path, "w") as output_file:
         output_file.write(config_file_content)
     app_file_path = config_dir.joinpath("app.toml")
@@ -124,9 +144,11 @@ def _enable_cors(config_dir: Path):
         sys.exit(1)
     with open(app_file_path, "r") as input_file:
         app_file_content = input_file.read()
-        cors_pattern = r'^enabled-unsafe-cors = false'
+        cors_pattern = r"^enabled-unsafe-cors = false"
         replace_with = "enabled-unsafe-cors = true"
-        app_file_content = re.sub(cors_pattern, replace_with, app_file_content, flags=re.MULTILINE)
+        app_file_content = re.sub(
+            cors_pattern, replace_with, app_file_content, flags=re.MULTILINE
+        )
     with open(app_file_path, "w") as output_file:
         output_file.write(app_file_content)
 
@@ -141,7 +163,9 @@ def _set_listen_address(config_dir: Path):
         existing_pattern = r'^laddr = "tcp://127.0.0.1:26657"'
         replace_with = 'laddr = "tcp://0.0.0.0:26657"'
         print(f"Replacing in: {config_file_path}")
-        config_file_content = re.sub(existing_pattern, replace_with, config_file_content, flags=re.MULTILINE)
+        config_file_content = re.sub(
+            existing_pattern, replace_with, config_file_content, flags=re.MULTILINE
+        )
     with open(config_file_path, "w") as output_file:
         output_file.write(config_file_content)
     app_file_path = config_dir.joinpath("app.toml")
@@ -152,10 +176,14 @@ def _set_listen_address(config_dir: Path):
         app_file_content = input_file.read()
         existing_pattern1 = r'^address = "tcp://localhost:1317"'
         replace_with1 = 'address = "tcp://0.0.0.0:1317"'
-        app_file_content = re.sub(existing_pattern1, replace_with1, app_file_content, flags=re.MULTILINE)
+        app_file_content = re.sub(
+            existing_pattern1, replace_with1, app_file_content, flags=re.MULTILINE
+        )
         existing_pattern2 = r'^address = "localhost:9090"'
         replace_with2 = 'address = "0.0.0.0:9090"'
-        app_file_content = re.sub(existing_pattern2, replace_with2, app_file_content, flags=re.MULTILINE)
+        app_file_content = re.sub(
+            existing_pattern2, replace_with2, app_file_content, flags=re.MULTILINE
+        )
     with open(app_file_path, "w") as output_file:
         output_file.write(app_file_content)
 
@@ -164,7 +192,10 @@ def _phase_from_params(parameters):
     phase = SetupPhase.ILLEGAL
     if parameters.initialize_network:
         if parameters.join_network or parameters.create_network:
-            print("Can't supply --join-network or --create-network with --initialize-network")
+            print(
+                "Can't supply --join-network or --create-network "
+                "with --initialize-network"
+            )
             sys.exit(1)
         if not parameters.chain_id:
             print("--chain-id is required")
@@ -176,24 +207,36 @@ def _phase_from_params(parameters):
         phase = SetupPhase.INITIALIZE
     elif parameters.join_network:
         if parameters.initialize_network or parameters.create_network:
-            print("Can't supply --initialize-network or --create-network with --join-network")
+            print(
+                "Can't supply --initialize-network or --create-network "
+                "with --join-network"
+            )
             sys.exit(1)
         phase = SetupPhase.JOIN
     elif parameters.create_network:
         if parameters.initialize_network or parameters.join_network:
-            print("Can't supply --initialize-network or --join-network with --create-network")
+            print(
+                "Can't supply --initialize-network or --join-network "
+                "with --create-network"
+            )
             sys.exit(1)
         phase = SetupPhase.CREATE
     elif parameters.connect_network:
         if parameters.initialize_network or parameters.join_network:
-            print("Can't supply --initialize-network or --join-network with --connect-network")
+            print(
+                "Can't supply --initialize-network or --join-network "
+                "with --connect-network"
+            )
             sys.exit(1)
         phase = SetupPhase.CONNECT
     return phase
 
 
-def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCommand, extra_args):
-
+def setup(
+    command_context: DeployCommandContext,
+    parameters: LaconicStackSetupCommand,
+    extra_args,
+):
     options = opts.o
 
     currency = "alnt"  # Does this need to be a parameter?
@@ -205,12 +248,9 @@ def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCo
 
     network_dir = Path(parameters.network_dir).absolute()
     laconicd_home_path_in_container = "/laconicd-home"
-    mounts = [
-        VolumeMapping(network_dir, laconicd_home_path_in_container)
-    ]
+    mounts = [VolumeMapping(str(network_dir), laconicd_home_path_in_container)]
 
     if phase == SetupPhase.INITIALIZE:
-
         # We want to create the directory so if it exists that's an error
         if os.path.exists(network_dir):
             print(f"Error: network directory {network_dir} already exists")
@@ -220,13 +260,18 @@ def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCo
 
         output, status = run_container_command(
             command_context,
-            "laconicd", f"laconicd init {parameters.node_moniker} --home {laconicd_home_path_in_container}\
-                --chain-id {parameters.chain_id} --default-denom {currency}", mounts)
+            "laconicd",
+            f"laconicd init {parameters.node_moniker} "
+            f"--home {laconicd_home_path_in_container} "
+            f"--chain-id {parameters.chain_id} --default-denom {currency}",
+            mounts,
+        )
         if options.debug:
             print(f"Command output: {output}")
 
     elif phase == SetupPhase.JOIN:
-        # In the join phase (alternative to connect) we are participating in a genesis ceremony for the chain
+        # In the join phase (alternative to connect) we are participating in a
+        # genesis ceremony for the chain
         if not os.path.exists(network_dir):
             print(f"Error: network directory {network_dir} doesn't exist")
             sys.exit(1)
@@ -234,52 +279,72 @@ def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCo
         chain_id = _get_chain_id_from_config(network_dir)
 
         output1, status1 = run_container_command(
-            command_context, "laconicd", f"laconicd keys add {parameters.key_name} --home {laconicd_home_path_in_container}\
-                --keyring-backend test", mounts)
+            command_context,
+            "laconicd",
+            f"laconicd keys add {parameters.key_name} "
+            f"--home {laconicd_home_path_in_container} --keyring-backend test",
+            mounts,
+        )
         if options.debug:
             print(f"Command output: {output1}")
         output2, status2 = run_container_command(
             command_context,
             "laconicd",
-            f"laconicd genesis add-genesis-account {parameters.key_name} 12900000000000000000000{currency}\
-                --home {laconicd_home_path_in_container} --keyring-backend test",
-            mounts)
+            f"laconicd genesis add-genesis-account {parameters.key_name} "
+            f"12900000000000000000000{currency} "
+            f"--home {laconicd_home_path_in_container} --keyring-backend test",
+            mounts,
+        )
         if options.debug:
             print(f"Command output: {output2}")
         output3, status3 = run_container_command(
             command_context,
             "laconicd",
-            f"laconicd genesis gentx  {parameters.key_name} 90000000000{currency} --home {laconicd_home_path_in_container}\
-                --chain-id {chain_id} --keyring-backend test",
-            mounts)
+            f"laconicd genesis gentx {parameters.key_name} "
+            f"90000000000{currency} --home {laconicd_home_path_in_container} "
+            f"--chain-id {chain_id} --keyring-backend test",
+            mounts,
+        )
         if options.debug:
             print(f"Command output: {output3}")
         output4, status4 = run_container_command(
             command_context,
             "laconicd",
-            f"laconicd keys show  {parameters.key_name} -a --home {laconicd_home_path_in_container} --keyring-backend test",
-            mounts)
+            f"laconicd keys show {parameters.key_name} -a "
+            f"--home {laconicd_home_path_in_container} --keyring-backend test",
+            mounts,
+        )
         print(f"Node account address: {output4}")
 
     elif phase == SetupPhase.CONNECT:
-        # In the connect phase (named to not conflict with join) we are making a node that syncs a chain with existing genesis.json
-        # but not with validator role. We need this kind of node in order to bootstrap it into a validator after it syncs
+        # In the connect phase (named to not conflict with join) we are
+        # making a node that syncs a chain with existing genesis.json
+        # but not with validator role. We need this kind of node in order to
+        # bootstrap it into a validator after it syncs
         output1, status1 = run_container_command(
-            command_context, "laconicd", f"laconicd keys add {parameters.key_name} --home {laconicd_home_path_in_container}\
-                --keyring-backend test", mounts)
+            command_context,
+            "laconicd",
+            f"laconicd keys add {parameters.key_name} "
+            f"--home {laconicd_home_path_in_container} --keyring-backend test",
+            mounts,
+        )
         if options.debug:
             print(f"Command output: {output1}")
         output2, status2 = run_container_command(
             command_context,
             "laconicd",
-            f"laconicd keys show  {parameters.key_name} -a --home {laconicd_home_path_in_container} --keyring-backend test",
-            mounts)
+            f"laconicd keys show {parameters.key_name} -a "
+            f"--home {laconicd_home_path_in_container} --keyring-backend test",
+            mounts,
+        )
         print(f"Node account address: {output2}")
         output3, status3 = run_container_command(
             command_context,
             "laconicd",
-            f"laconicd cometbft show-validator --home {laconicd_home_path_in_container}",
-            mounts)
+            f"laconicd cometbft show-validator "
+            f"--home {laconicd_home_path_in_container}",
+            mounts,
+        )
         print(f"Node validator address: {output3}")
 
     elif phase == SetupPhase.CREATE:
@@ -287,42 +352,74 @@ def setup(command_context: DeployCommandContext, parameters: LaconicStackSetupCo
             print(f"Error: network directory {network_dir} doesn't exist")
             sys.exit(1)
 
-        # In the CREATE phase, we are either a "coordinator" node, generating the genesis.json file ourselves
-        # OR we are a "not-coordinator" node, consuming a genesis file we got from the coordinator node.
+        # In the CREATE phase, we are either a "coordinator" node,
+        # generating the genesis.json file ourselves
+        # OR we are a "not-coordinator" node, consuming a genesis file from
+        # the coordinator node.
         if parameters.genesis_file:
             # We got the genesis file from elsewhere
             # Copy it into our network dir
             genesis_file_path = Path(parameters.genesis_file)
             if not os.path.exists(genesis_file_path):
-                print(f"Error: supplied genesis file: {parameters.genesis_file} does not exist.")
+                print(
+                    f"Error: supplied genesis file: {parameters.genesis_file} "
+                    "does not exist."
+                )
                 sys.exit(1)
-            copyfile(genesis_file_path, os.path.join(network_dir, "config", os.path.basename(genesis_file_path)))
+            copyfile(
+                genesis_file_path,
+                os.path.join(
+                    network_dir, "config", os.path.basename(genesis_file_path)
+                ),
+            )
         else:
             # We're generating the genesis file
             # First look in the supplied gentx files for the other nodes' keys
-            other_node_keys = _get_node_keys_from_gentx_files(parameters.gentx_address_list)
+            other_node_keys = _get_node_keys_from_gentx_files(
+                parameters.gentx_address_list
+            )
             # Add those keys to our genesis, with balances we determine here (why?)
+            outputk = None
             for other_node_key in other_node_keys:
                 outputk, statusk = run_container_command(
-                    command_context, "laconicd", f"laconicd genesis add-genesis-account {other_node_key} \
-                        12900000000000000000000{currency}\
-                        --home {laconicd_home_path_in_container} --keyring-backend test", mounts)
-            if options.debug:
+                    command_context,
+                    "laconicd",
+                    f"laconicd genesis add-genesis-account {other_node_key} "
+                    f"12900000000000000000000{currency} "
+                    f"--home {laconicd_home_path_in_container} "
+                    "--keyring-backend test",
+                    mounts,
+                )
+            if options.debug and outputk is not None:
                 print(f"Command output: {outputk}")
             # Copy the gentx json files into our network dir
             _copy_gentx_files(network_dir, parameters.gentx_file_list)
             # Now we can run collect-gentxs
             output1, status1 = run_container_command(
-                command_context, "laconicd", f"laconicd genesis collect-gentxs --home {laconicd_home_path_in_container}", mounts)
+                command_context,
+                "laconicd",
+                f"laconicd genesis collect-gentxs "
+                f"--home {laconicd_home_path_in_container}",
+                mounts,
+            )
             if options.debug:
                 print(f"Command output: {output1}")
-            print(f"Generated genesis file, please copy to other nodes as required: \
-                {os.path.join(network_dir, 'config', 'genesis.json')}")
-            # Last thing, collect-gentxs puts a likely bogus set of persistent_peers in config.toml so we remove that now
+            genesis_path = os.path.join(network_dir, "config", "genesis.json")
+            print(
+                f"Generated genesis file, please copy to other nodes "
+                f"as required: {genesis_path}"
+            )
+            # Last thing, collect-gentxs puts a likely bogus set of persistent_peers
+            # in config.toml so we remove that now
             _remove_persistent_peers(network_dir)
         # In both cases we validate the genesis file now
         output2, status1 = run_container_command(
-            command_context, "laconicd", f"laconicd genesis validate-genesis --home {laconicd_home_path_in_container}", mounts)
+            command_context,
+            "laconicd",
+            f"laconicd genesis validate-genesis "
+            f"--home {laconicd_home_path_in_container}",
+            mounts,
+        )
         print(f"validate-genesis result: {output2}")
 
     else:
@@ -341,15 +438,23 @@ def create(deployment_context: DeploymentContext, extra_args):
         sys.exit(1)
     config_dir_path = network_dir_path.joinpath("config")
     if not (config_dir_path.exists() and config_dir_path.is_dir()):
-        print(f"Error: supplied network directory does not contain a config directory: {config_dir_path}")
+        print(
+            f"Error: supplied network directory does not contain "
+            f"a config directory: {config_dir_path}"
+        )
         sys.exit(1)
     data_dir_path = network_dir_path.joinpath("data")
     if not (data_dir_path.exists() and data_dir_path.is_dir()):
-        print(f"Error: supplied network directory does not contain a data directory: {data_dir_path}")
+        print(
+            f"Error: supplied network directory does not contain "
+            f"a data directory: {data_dir_path}"
+        )
         sys.exit(1)
     # Copy the network directory contents into our deployment
     # TODO: change this to work with non local paths
-    deployment_config_dir = deployment_context.deployment_dir.joinpath("data", "laconicd-config")
+    deployment_config_dir = deployment_context.deployment_dir.joinpath(
+        "data", "laconicd-config"
+    )
     copytree(config_dir_path, deployment_config_dir, dirs_exist_ok=True)
     # If supplied, add the initial persistent peers to the config file
     if extra_args[1]:
@@ -360,7 +465,9 @@ def create(deployment_context: DeploymentContext, extra_args):
     _set_listen_address(deployment_config_dir)
     # Copy the data directory contents into our deployment
     # TODO: change this to work with non local paths
-    deployment_data_dir = deployment_context.deployment_dir.joinpath("data", "laconicd-data")
+    deployment_data_dir = deployment_context.deployment_dir.joinpath(
+        "data", "laconicd-data"
+    )
     copytree(data_dir_path, deployment_data_dir, dirs_exist_ok=True)
 
 

stack_orchestrator/data/stacks/mobymask/stack.yml

@@ -5,4 +5,4 @@ repos:
 containers:
   - cerc/watcher-mobymask
 pods:
-  - watcher-mobymask
+  - watcher-mobymask

stack_orchestrator/data/stacks/monitoring/README.md

@@ -180,7 +180,7 @@ Set the following env variables in the deployment env config file (`monitoring-d
   # (Optional, default: http://localhost:3000)
   GF_SERVER_ROOT_URL=
 
-  
+
   # RPC endpoint used by graph-node for upstream head metric
   # (Optional, default: https://mainnet.infura.io/v3)
   GRAPH_NODE_RPC_ENDPOINT=

stack_orchestrator/data/stacks/test-database/README.md

@@ -1,3 +1,3 @@
 # Test Database Stack
 
-A stack with a database for test/demo purposes.
+A stack with a database for test/demo purposes.

stack_orchestrator/data/stacks/test/README.md

@@ -1,3 +1,3 @@
 # Test Stack
 
-A stack for test/demo purposes.
+A stack for test/demo purposes.