From c158c70ca1e8338ef27d85e688e9a4fc6df625e2 Mon Sep 17 00:00:00 2001
From: 0xflashboy <jake@monad.foundation>
Date: Tue, 13 Jan 2026 22:46:37 +0000
Subject: [PATCH 1/2] Dockerize backend

---
 backend/.dockerignore | 40 ++++++++++++++++++++++++++++++++++++++++
 backend/Dockerfile    | 31 +++++++++++++++++++++++++++++++
 docker-compose.yml    | 27 +++++++++++++++++++++++++++
 3 files changed, 98 insertions(+)
 create mode 100644 backend/.dockerignore
 create mode 100644 backend/Dockerfile
 create mode 100644 docker-compose.yml

diff --git a/backend/.dockerignore b/backend/.dockerignore
new file mode 100644
index 0000000..53a4f71
--- /dev/null
+++ b/backend/.dockerignore
@@ -0,0 +1,40 @@
+# Git files
+.git
+.gitignore
+.github
+
+# Build artifacts
+target/
+
+# Documentation
+*.md
+README*
+CHANGELOG*
+
+# Docker files
+.dockerignore
+Dockerfile*
+docker-compose*
+
+# IDE and editor files
+.vscode
+.idea
+*.iml
+.DS_Store
+*.swp
+*.swo
+*~
+
+# Environment files
+.env
+.env.local
+.env.*.local
+
+# Test and coverage
+*.test
+coverage/
+.nyc_output
+
+# Logs
+*.log
+logs/
diff --git a/backend/Dockerfile b/backend/Dockerfile
new file mode 100644
index 0000000..114a47e
--- /dev/null
+++ b/backend/Dockerfile
@@ -0,0 +1,31 @@
+FROM rust:1.91-slim
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y \
+    git \
+    curl \
+    gcc \
+    g++ \
+    cmake \
+    pkg-config \
+    libssl-dev \
+    libclang-dev \
+    libzstd-dev \
+    libhugetlbfs-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set working directory
+WORKDIR /usr/src/app
+
+# Copy all source files
+COPY . .
+
+# Build the binary
+RUN cargo build --release --bin backend
+
+# Expose WebSocket port
+EXPOSE 8443
+
+# Set entrypoint with default server address for container
+ENTRYPOINT ["cargo", "run", "--release", "--bin", "backend", "--"]
+CMD ["--server-addr", "0.0.0.0:8443"]
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..66cb1f1
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '3.9'
+
+services:
+  backend:
+    build:
+      context: ./backend
+      dockerfile: Dockerfile
+    container_name: backend
+    network_mode: host
+    environment:
+      - RUST_LOG=info
+    volumes:
+      # Mount the Monad event ring (read-only)
+      # Note: Update the host path if your event ring is located elsewhere
+      - /var/lib/hugetlbfs/user/monad/pagesize-2MB/event-rings:/var/lib/hugetlbfs/user/monad/pagesize-2MB/event-rings:ro
+      # Optional: Persistent logs volume
+      - logs:/var/log/eventwatch
+    restart: unless-stopped
+    command: ["--server-addr", "0.0.0.0:8443"]
+    logging:
+      driver: json-file
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+volumes:
+  logs:

From 49ba4c052bd15d09a788a6780242a74932836a6b Mon Sep 17 00:00:00 2001
From: Brandon Graham <brandon@monad.foundation>
Date: Tue, 13 Jan 2026 15:54:00 -0800
Subject: [PATCH 2/2] This PR introduces an automated workflow to build and
 publish the backend container to GHCR upon merging to `main`. (#59)

*   **Optimized Dockerfile**: Added `backend/Dockerfile_build_and_publish` using a multi-stage build.
*   **GitHub Action**: Added `.github/workflows/publish-backend.yml` to automatically build and push the container.
*   **Versioning**: Images are tagged with `latest` and `sha-<short_commit_hash>`.

*   **Size & Compatibility**: We use `rust:1.91-slim` (based on Debian Bookworm) for building and `debian:bookworm-slim` for the final runtime. This pairing ensures binary compatibility while stripping out the massive build toolchain (~1GB+) to leave a minimal, production-ready image.
*   **Separation of Concerns**: Kept the original `Dockerfile` for local development/debug builds, while the new `Dockerfile_build_and_publish` is strictly for deployment artifacts.

**Action Required After First Run:**
Since this repository is private, the new package will be created as **Private** by default. To make it publicly accessible:

1.  Wait for the first Action run to complete successfully.
2.  Go to the repository/organization's **Packages** page.
3.  Select the `execution-events-example` package.
4.  Go to **Package Settings** -> **Change visibility**.
5.  Change visibility from **Private** to **Public**.
---
 .github/workflows/publish-backend.yml | 50 +++++++++++++++++++++++++++
 backend/Dockerfile_build_and_publish  | 50 +++++++++++++++++++++++++++
 2 files changed, 100 insertions(+)
 create mode 100644 .github/workflows/publish-backend.yml
 create mode 100644 backend/Dockerfile_build_and_publish

diff --git a/.github/workflows/publish-backend.yml b/.github/workflows/publish-backend.yml
new file mode 100644
index 0000000..cd24c29
--- /dev/null
+++ b/.github/workflows/publish-backend.yml
@@ -0,0 +1,50 @@
+name: Publish Backend Container
+
+on:
+  push:
+    branches: [ "main" ]
+    paths:
+      - 'backend/**'
+      - '.github/workflows/publish-backend.yml'
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=sha,format=short
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./backend
+          file: ./backend/Dockerfile_build_and_publish
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
diff --git a/backend/Dockerfile_build_and_publish b/backend/Dockerfile_build_and_publish
new file mode 100644
index 0000000..5c6ddae
--- /dev/null
+++ b/backend/Dockerfile_build_and_publish
@@ -0,0 +1,50 @@
+# Builder stage
+FROM rust:1.91-slim AS builder
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y \
+    git \
+    curl \
+    gcc \
+    g++ \
+    cmake \
+    pkg-config \
+    libssl-dev \
+    libclang-dev \
+    libzstd-dev \
+    libhugetlbfs-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set working directory
+WORKDIR /usr/src/app
+
+# Copy all source files
+COPY . .
+
+# Build the binary
+RUN cargo build --release --bin backend
+
+# Runtime stage
+FROM debian:bookworm-slim AS runtime
+
+# Install runtime dependencies
+RUN apt-get update && apt-get install -y \
+    libssl3 \
+    libzstd1 \
+    libhugetlbfs0 \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set working directory
+WORKDIR /usr/src/app
+
+# Copy the compiled binary from the builder stage
+COPY --from=builder /usr/src/app/target/release/backend /usr/local/bin/backend
+
+# Expose WebSocket port
+EXPOSE 8443
+
+# Set entrypoint
+ENTRYPOINT ["backend"]
+CMD ["--server-addr", "0.0.0.0:8443"]
+