[PR #776] Reef chain #2892

New Issue

GiteaMirror · 2026-04-23T03:37:33-05:00

GiteaMirror commented

2026-04-23 03:37:33 -05:00

📋 Pull Request Information

Original PR: https://github.com/Dokploy/templates/pull/776
Author: @anukulpandey
Created: 4/8/2026
Status: 🔄 Open

Base: canary ← Head: reef-chain

📝 Commits (10+)

50cc1bc feat: reef chain bootstrap
f5949cb fix: missing doc field
91653cd feat: reef rpc
41920f4 fix: meta
72b2109 feat: toml changes
8869a34 fix: var in rpc
35bfe1c feat: minimal rpc
bba1445 feat: default envs
f63563f bootnode toml
2971695 feat: icon

📊 Changes

30 files changed (+3264 additions, -18 deletions)

View changed files

➕ blueprints/reef-bootnode/docker-compose.yml (+51 -0)
➕ blueprints/reef-bootnode/reef.svg (+68 -0)
➕ blueprints/reef-bootnode/template.toml (+37 -0)
➕ blueprints/reef-dev-cluster/docker-compose.yml (+92 -0)
➕ blueprints/reef-dev-cluster/faucet/package.json (+13 -0)
➕ blueprints/reef-dev-cluster/faucet/server.js (+696 -0)
➕ blueprints/reef-dev-cluster/reef.svg (+68 -0)
➕ blueprints/reef-dev-cluster/run-cluster.sh (+549 -0)
➕ blueprints/reef-dev-cluster/template.toml (+51 -0)
➕ blueprints/reef-eth-rpc/docker-compose.yml (+16 -0)
➕ blueprints/reef-eth-rpc/reef.svg (+68 -0)
➕ blueprints/reef-eth-rpc/template.toml (+19 -0)
➕ blueprints/reef-faucet/docker-compose.yml (+49 -0)
➕ blueprints/reef-faucet/faucet/package.json (+13 -0)
➕ blueprints/reef-faucet/faucet/server.js (+696 -0)
➕ blueprints/reef-faucet/reef.svg (+68 -0)
➕ blueprints/reef-faucet/template.toml (+27 -0)
➕ blueprints/reef-keygen/docker-compose.yml (+41 -0)
➕ blueprints/reef-keygen/reef.svg (+68 -0)
➕ blueprints/reef-keygen/template.toml (+11 -0)

...and 10 more files

📄 Description

What is this PR about?

New PR of Reef Chain

This PR updates the Reef Chain templates to the new stable2512 deployment flow and switches all runtime-fetched scripts to the dedicated scripts repository:

https://github.com/anukulpandey/dokploy-reef-chain-scripts

Included changes

Updated reef-bootnode to fetch bootstrap/runtime scripts from the new scripts repo
Updated reef-validator to fetch the validator startup script from the new scripts repo
Updated reef-rpc to fetch the RPC startup script from the new scripts repo
Updated reef-spec-gen to fetch the spec generator API and helper scripts from the new scripts repo
Updated reef-dev-cluster to stop downloading the old Makefile-based workflow and instead use the new non-tmux cluster launcher script
Exposed 8545 in reef-dev-cluster for bundled eth-rpc
Added a new reef-faucet template
Updated Reef metadata and Docker Hub links in meta.json
Removed dependency on the old reef-dokploy-templates-v2 raw GitHub paths

Why this change

This aligns the Reef templates with the newer stable2512 chain workflow and centralizes all runtime scripts in a single dedicated repository so Dokploy services fetch a stable, maintained source at startup.

Checklist

Before submitting this PR, please make sure that:

I have read the suggestions in the README.md file https://github.com/Dokploy/templates?tab=readme-ov-file#general-requirements-when-creating-a-template
I have tested the template in my instance, so the maintainers don't spend time trying to figure out what's wrong.
I have added tests that demonstrate that my correction works or that my new feature works.

Close automatically the related issues using the keywords: closes #ISSUE_NUMBER

Screenshots or Videos

N/A

Greptile Summary

This PR updates all Reef Chain templates to the stable2512 workflow, centralizes runtime scripts in a dedicated external repository, and adds a new reef-faucet template. Several structural issues conflict with the project's Docker Compose conventions documented in AGENTS.md and need to be addressed before merging:

Every template uses ports instead of the required expose, missing restart policy, and most lack the required version: \"3.8\" header.
The reef-spec-gen service is named reef-spec-api, breaking the mandatory folder-name match and the domain config in its template.toml.
Multiple template.toml files hardcode the same validator private-key seeds as default values (including FAUCET_SEED), violating the "never hardcode secrets" rule.
All templates download startup scripts from the mutable main branch of an external repo without hash verification, creating a supply-chain risk.

Confidence Score: 3/5

Not safe to merge — multiple P1 violations of documented Dokploy conventions, a service naming mismatch that breaks domain routing, hardcoded validator private-key seeds, and unpinned external script downloads creating supply-chain exposure.

Five P1 findings are present: (1) all templates use ports instead of the mandatory expose, (2) none have a restart policy, (3) five templates omit version: "3.8" and one uses "3.9", (4) the reef-spec-gen service name mismatch will break its domain config, and (5) hardcoded default private-key seeds across four templates violate the no-secrets rule and introduce a real security risk on any default deployment.

All docker-compose.yml files (ports/restart/version), blueprints/reef-spec-gen/docker-compose.yml (service name), and all template.toml files that hardcode seed values (reef-bootnode, reef-dev-cluster, reef-validator, reef-faucet).

Vulnerabilities

Hardcoded private-key seeds: reef-bootnode, reef-dev-cluster, reef-validator, and reef-faucet all ship the same three validator seeds as default template.toml values. A default deployment controls a live chain with publicly-known signing keys and a known faucet treasury key.
Supply-chain risk via unpinned external scripts: Every template downloads shell/Python/JS scripts from anukulpandey/dokploy-reef-chain-scripts on the main branch at startup with no checksum validation. A compromised or modified push to that repo will silently affect all running deployments on next restart.

_{Reviews (1): Last reviewed commit: "Wire Reef templates to external scripts ..." | Re-trigger Greptile}

Greptile also left 6 inline comments on this PR.

_{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!}

Context used:

Context used - AGENTS.md (source)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/Dokploy/templates/pull/776 **Author:** [@anukulpandey](https://github.com/anukulpandey) **Created:** 4/8/2026 **Status:** 🔄 Open **Base:** `canary` ← **Head:** `reef-chain` --- ### 📝 Commits (10+) - [`50cc1bc`](https://github.com/Dokploy/templates/commit/50cc1bc779759c3f3f6d7fc7483c16c4c53b851f) feat: reef chain bootstrap - [`f5949cb`](https://github.com/Dokploy/templates/commit/f5949cb2048d5f55ecde51535bd1d59b8a5a2c9c) fix: missing doc field - [`91653cd`](https://github.com/Dokploy/templates/commit/91653cddb3a068dab6a97a583c42d178bc020d59) feat: reef rpc - [`41920f4`](https://github.com/Dokploy/templates/commit/41920f451cf1fb562b85d6c05399d5b2bdff8b37) fix: meta - [`72b2109`](https://github.com/Dokploy/templates/commit/72b210923629dab03d60182b699b15ee5b5dbd1a) feat: toml changes - [`8869a34`](https://github.com/Dokploy/templates/commit/8869a34d506645bab2bad417fac2d5dde5a49380) fix: var in rpc - [`35bfe1c`](https://github.com/Dokploy/templates/commit/35bfe1ccf350244cdfa13f45576ec1d799a267db) feat: minimal rpc - [`bba1445`](https://github.com/Dokploy/templates/commit/bba1445886816e8d52ccaa8a51de3a50787c2b93) feat: default envs - [`f63563f`](https://github.com/Dokploy/templates/commit/f63563fe64cb0aa7b456edd8a9733435b397f7ad) bootnode toml - [`2971695`](https://github.com/Dokploy/templates/commit/297169572debc0c49857c44c453ea59f97c3d9e7) feat: icon ### 📊 Changes **30 files changed** (+3264 additions, -18 deletions) <details> <summary>View changed files</summary> ➕ `blueprints/reef-bootnode/docker-compose.yml` (+51 -0) ➕ `blueprints/reef-bootnode/reef.svg` (+68 -0) ➕ `blueprints/reef-bootnode/template.toml` (+37 -0) ➕ `blueprints/reef-dev-cluster/docker-compose.yml` (+92 -0) ➕ `blueprints/reef-dev-cluster/faucet/package.json` (+13 -0) ➕ `blueprints/reef-dev-cluster/faucet/server.js` (+696 -0) ➕ `blueprints/reef-dev-cluster/reef.svg` (+68 -0) ➕ `blueprints/reef-dev-cluster/run-cluster.sh` (+549 -0) ➕ `blueprints/reef-dev-cluster/template.toml` (+51 -0) ➕ `blueprints/reef-eth-rpc/docker-compose.yml` (+16 -0) ➕ `blueprints/reef-eth-rpc/reef.svg` (+68 -0) ➕ `blueprints/reef-eth-rpc/template.toml` (+19 -0) ➕ `blueprints/reef-faucet/docker-compose.yml` (+49 -0) ➕ `blueprints/reef-faucet/faucet/package.json` (+13 -0) ➕ `blueprints/reef-faucet/faucet/server.js` (+696 -0) ➕ `blueprints/reef-faucet/reef.svg` (+68 -0) ➕ `blueprints/reef-faucet/template.toml` (+27 -0) ➕ `blueprints/reef-keygen/docker-compose.yml` (+41 -0) ➕ `blueprints/reef-keygen/reef.svg` (+68 -0) ➕ `blueprints/reef-keygen/template.toml` (+11 -0) _...and 10 more files_ </details> ### 📄 Description ## What is this PR about? New PR of Reef Chain This PR updates the Reef Chain templates to the new `stable2512` deployment flow and switches all runtime-fetched scripts to the dedicated scripts repository: - `https://github.com/anukulpandey/dokploy-reef-chain-scripts` ### Included changes - Updated `reef-bootnode` to fetch bootstrap/runtime scripts from the new scripts repo - Updated `reef-validator` to fetch the validator startup script from the new scripts repo - Updated `reef-rpc` to fetch the RPC startup script from the new scripts repo - Updated `reef-spec-gen` to fetch the spec generator API and helper scripts from the new scripts repo - Updated `reef-dev-cluster` to stop downloading the old Makefile-based workflow and instead use the new non-`tmux` cluster launcher script - Exposed `8545` in `reef-dev-cluster` for bundled `eth-rpc` - Added a new `reef-faucet` template - Updated Reef metadata and Docker Hub links in `meta.json` - Removed dependency on the old `reef-dokploy-templates-v2` raw GitHub paths ### Why this change This aligns the Reef templates with the newer `stable2512` chain workflow and centralizes all runtime scripts in a single dedicated repository so Dokploy services fetch a stable, maintained source at startup. ## Checklist Before submitting this PR, please make sure that: - [ ] I have read the suggestions in the README.md file https://github.com/Dokploy/templates?tab=readme-ov-file#general-requirements-when-creating-a-template - [ ] I have tested the template in my instance, so the maintainers don't spend time trying to figure out what's wrong. - [ ] I have added tests that demonstrate that my correction works or that my new feature works. ## Issues related (if applicable) Close automatically the related issues using the keywords: `closes #ISSUE_NUMBER` ## Screenshots or Videos N/A  <h3>Greptile Summary</h3> This PR updates all Reef Chain templates to the `stable2512` workflow, centralizes runtime scripts in a dedicated external repository, and adds a new `reef-faucet` template. Several structural issues conflict with the project's Docker Compose conventions documented in AGENTS.md and need to be addressed before merging: - Every template uses `ports` instead of the required `expose`, missing `restart` policy, and most lack the required `version: \"3.8\"` header. - The `reef-spec-gen` service is named `reef-spec-api`, breaking the mandatory folder-name match and the domain config in its `template.toml`. - Multiple `template.toml` files hardcode the same validator private-key seeds as default values (including `FAUCET_SEED`), violating the \"never hardcode secrets\" rule. - All templates download startup scripts from the mutable `main` branch of an external repo without hash verification, creating a supply-chain risk. <h3>Confidence Score: 3/5</h3> Not safe to merge — multiple P1 violations of documented Dokploy conventions, a service naming mismatch that breaks domain routing, hardcoded validator private-key seeds, and unpinned external script downloads creating supply-chain exposure. Five P1 findings are present: (1) all templates use `ports` instead of the mandatory `expose`, (2) none have a `restart` policy, (3) five templates omit `version: "3.8"` and one uses "3.9", (4) the `reef-spec-gen` service name mismatch will break its domain config, and (5) hardcoded default private-key seeds across four templates violate the no-secrets rule and introduce a real security risk on any default deployment. All `docker-compose.yml` files (ports/restart/version), `blueprints/reef-spec-gen/docker-compose.yml` (service name), and all `template.toml` files that hardcode seed values (`reef-bootnode`, `reef-dev-cluster`, `reef-validator`, `reef-faucet`). <details open><summary><h3>Vulnerabilities</h3></summary> - **Hardcoded private-key seeds**: `reef-bootnode`, `reef-dev-cluster`, `reef-validator`, and `reef-faucet` all ship the same three validator seeds as default `template.toml` values. A default deployment controls a live chain with publicly-known signing keys and a known faucet treasury key. - **Supply-chain risk via unpinned external scripts**: Every template downloads shell/Python/JS scripts from `anukulpandey/dokploy-reef-chain-scripts` on the `main` branch at startup with no checksum validation. A compromised or modified push to that repo will silently affect all running deployments on next restart. </details> <sub>Reviews (1): Last reviewed commit: ["Wire Reef templates to external scripts ..."](https://github.com/dokploy/templates/commit/819e26d63ed91f1c1465b45ca1eb5cfd63c44644) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=27697842)</sub> > Greptile also left **6 inline comments** on this PR. <sub>(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!</sub> **Context used:** - Context used - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=09330bde-2058-497c-9c64-ceae637fb5b2))  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-23 03:37:33 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/templates#2892