Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 3 additions & 7 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
# Convenience targets for local dev and CI.
# format/format-check apply the unified ruff config to both packages.
# lint + typecheck stay scoped to deploy_gcp until deploy_tee is wired
# into CI (separate change).

PKG := deploy_gcp
FMT_PKG := deploy_gcp deploy_tee
PKG := deploy_gcp deploy_tee

.PHONY: help lint format format-check typecheck check

Expand All @@ -22,10 +18,10 @@ lint:
uv run ruff check $(PKG)

format:
uv run ruff format $(FMT_PKG)
uv run ruff format $(PKG)

format-check:
uv run ruff format --check $(FMT_PKG)
uv run ruff format --check $(PKG)

typecheck:
uv run ty check $(PKG)
11 changes: 9 additions & 2 deletions deploy_tee/cloud/azure/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,14 @@ def _copy_disk(
) -> None:
# Copy disk
logger.info("Copying disk")
cmd = ["azcopy", "copy", image_path, sas_uri, "--blob-type", "PageBlob"]
cmd = [
"azcopy",
"copy",
str(image_path),
sas_uri,
"--blob-type",
"PageBlob",
]
cls.run_command(cmd, show_logs=show_logs)

@classmethod
Expand Down Expand Up @@ -520,7 +527,7 @@ def add_nsg_rule(
cls.run_command(cmd, show_logs=config.show_logs)

@staticmethod
def get_nsg_rules(config: DeployConfigs) -> list[str]:
def get_nsg_rules(config: DeployConfigs) -> list[tuple[str, ...]]:
tcp_rules = [
(f"Allow{port}", f"{103 + i}", f"{port}", "tcp", "*", f"TCP {port} rule")
for i, port in enumerate(OPEN_PORTS)
Expand Down
3 changes: 2 additions & 1 deletion deploy_tee/cloud/gcp/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import time
from pathlib import Path

from google.api_core.extended_operation import ExtendedOperation
from google.cloud import compute_v1, resourcemanager_v3, storage

from deploy_tee.cloud.azure.api import AzureApi
Expand All @@ -33,7 +34,7 @@

# Disk Operations
def wait_for_extended_operation(
operation: compute_v1.Operation,
operation: ExtendedOperation,
operation_name: str,
timeout: int = 600,
) -> None:
Expand Down
7 changes: 4 additions & 3 deletions deploy_tee/image/measurements.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,11 @@


def write_measurements_tmpfile(measurements: Measurements) -> Path:
measurements_tmpfile = Path(tempfile.mktemp())
with open(measurements_tmpfile, "w+") as f:
# delete=False: the caller (Deployer) reads this file later and removes
# it in cleanup().
with tempfile.NamedTemporaryFile(mode="w", suffix=".json", delete=False) as f:
json.dump([measurements], f)
return measurements_tmpfile
return Path(f.name)


def generate_measurements(image_path: Path, home: str) -> Measurements:
Expand Down
4 changes: 2 additions & 2 deletions deploy_tee/pulumi/seismic_node/Pulumi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ runtime:
name: python
options:
# Use the repo-wide venv managed by uv at the deploy/ root.
# Operator runs `uv sync --group pulumi` once from the repo root
# to install pulumi + pulumi-azure-native into ../../.venv.
# Operator runs `uv sync` once from the repo root to install deps
# (incl. pulumi + pulumi-azure-native) into ../../../.venv.
virtualenv: ../../../.venv
10 changes: 5 additions & 5 deletions deploy_tee/pulumi/seismic_node/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,14 @@ Stack outputs:
macOS) and authenticated to a state backend. Local file works for
personal/dev deployments: `pulumi login --local`.
- `az login` for the Azure provider.
- Pulumi Python deps installed into the repo's shared venv:
- Python deps installed into the repo's shared venv:
```bash
# from repo root
uv sync --group pulumi
uv sync
```
Adds `pulumi` + `pulumi-azure-native` into `.venv/`. Pulumi.yaml
here is configured to use that venv via `virtualenv: ../../../.venv`,
so `pulumi up` finds it automatically.
Installs `pulumi` + `pulumi-azure-native` (regular deps) into
`.venv/`. Pulumi.yaml here is configured to use that venv via
`virtualenv: ../../../.venv`, so `pulumi up` finds it automatically.

## Deploy

Expand Down
6 changes: 4 additions & 2 deletions deploy_tee/tests/test_manifest.py
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,8 @@ def _assemble(self, **overrides) -> AssembledManifest:
"genesis_hash_fn": lambda _p: self.ETH_HASH,
}
kwargs.update(overrides)
return assemble(**kwargs)
# ty can't verify a **kwargs dict-splat against typed params.
return assemble(**kwargs) # ty: ignore[invalid-argument-type]

def _ctx(self, **overrides) -> GateContext:
kwargs = {
Expand All @@ -287,7 +288,8 @@ def _ctx(self, **overrides) -> GateContext:
"genesis_hash_fn": lambda _p: self.ETH_HASH,
}
kwargs.update(overrides)
return GateContext(**kwargs)
# ty can't verify a **kwargs dict-splat against typed params.
return GateContext(**kwargs) # ty: ignore[invalid-argument-type]

def test_assemble_passes_gates_and_is_deterministic(self):
first = self._assemble()
Expand Down
2 changes: 1 addition & 1 deletion deploy_tee/utils/summit_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def _get(self, path: str) -> str:
response.raise_for_status()
return response.text

def _get_json(self, path: str) -> str:
def _get_json(self, path: str) -> Json:
response = requests.get(f"{self.url}/{path}")
response.raise_for_status()
return response.json()
Expand Down
10 changes: 3 additions & 7 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,13 @@ dependencies = [
"eth-account>=0.13.0",
"azure-identity>=1.19.0",
"azure-mgmt-compute>=33.0.0",
# pulumi is used to provision TDX CVMs under deploy_tee.
"pulumi>=3.130.0",
"pulumi-azure-native>=2.60.0",
]

[dependency-groups]
dev = ["ruff>=0.8.0", "ty>=0.0.1a1"]
# Pulumi-CLI program lives at deploy_tee/pulumi/. Heavy deps
# (pulumi-azure-native is ~150MB), so opt-in via:
# uv sync --group pulumi
pulumi = [
"pulumi>=3.130.0",
"pulumi-azure-native>=2.60.0",
]

[project.scripts]
seismic-deploy = "deploy_gcp.seismic_deploy.cli:cli"
Expand Down
12 changes: 4 additions & 8 deletions uv.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading