Skip to main content

Quickstart

You will ROFLize your app in five steps:

  1. Initialize the ROFL manifest.
  2. Create a new app on blockchain.
  3. Build a ROFL bundle.
  4. Encrypt secrets and store them on-chain.
  5. Deploy your app to ROFL node.

Prerequisites

Containerized App

Your app should already run inside a container and have a Docker-like image ready to download from docker.io, GitHub containers registry or some other public OCI repository.

If you never containerized an app yet, head over to the Containerize your app chapter.

Oasis CLI

Download the latest Oasis CLI release and install it on your computer.

Some Tokens

You'll need about 150 tokens in your Oasis CLI account for ROFL registration, renting a machine and paying for gas:

Invoke the following to create a new account:

oasis wallet create my_account --file.algorithm secp256k1-bip44

You can later also import this account to Metamask or other Ethereum-compatible tooling like Hardhat.

Next, head over to the Oasis faucet to get free Testnet tokens. When deploying your app on Mainnet, you will need to buy ROSE.

Initialize

Inside your app folder which contains compose.yaml run oasis rofl init. This will generate the initial rofl.yaml manifest file:

oasis rofl init

Change the memory, the number of cpus and the root filesystem storage section under resources to fit your needs:

rofl.yaml
name: my-app
version: 0.1.0
tee: tdx
kind: container
resources:
  memory: 512 # in megabytes
  cpus: 1
  storage:
    kind: disk-persistent
    size: 512 # in megabytes
artifacts:
  firmware: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.6.2/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f
  kernel: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.6.2/stage1.bin#e5d4d654ca1fa2c388bf64b23fc6e67815893fc7cb8b7cfee253d87963f54973
  stage2: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.6.2/stage2-podman.tar.bz2#b2ea2a0ca769b6b2d64e3f0c577ee9c08f0bb81a6e33ed5b15b2a7e50ef9a09f
  container:
    runtime: https://github.com/oasisprotocol/oasis-sdk/releases/download/rofl-containers%2Fv0.8.0/rofl-containers#08eb5bbe5df26af276d9a72e9fd7353b3a90b7d27e1cf33e276a82dfd551eec6
    compose: compose.yaml

Create

Create a new app on-chain with oasis rofl create. By default, the app will be registered on Sapphire Mainnet. Pass --network tesnet parameter to use Testnet:

oasis rofl create --network testnet

If the transaction succeeds, you should be able to find your app on the Oasis Explorer.

Build

Next, build the ROFL bundle.

oasis rofl build

As a result, a new .orc file will appear inside your project folder.

Secrets

If your application uses environment variables you would like to privately store on-chain, use the oasis rofl secret command, for example:

echo -n "my-secret-token" | oasis rofl secret set TOKEN -

This will populate the TOKEN secret and you can use it in your compose file as follows:

compose.yaml
services:
  python-telegram-bot:
    build: .
    image: "ghcr.io/oasisprotocol/demo-rofl-tgbot:ollama"
    platform: linux/amd64
    environment:
      - TOKEN=${TOKEN}

To submit the secrets and the ROFL bundle information from the previous step on-chain, run oasis rofl update:

oasis rofl update

Deploy

Deploy your app to a ROFL provider with the oasis rofl deploy command:

oasis rofl deploy

By default, a new machine that fits required resources provided by the Oasis foundation will be bootstrapped.

You can check the status of the machine with oasis rofl machine show:

oasis rofl machine show

If everything works, you should be able to fetch your application logs with oasis rofl machine logs:

oasis rofl machine logs

Congratulations, you have just deployed your first app in ROFL! 🎉