Skip to content

fix: correct dstack-ingress image digest (CPL-152)#188

Merged
Garandor merged 1 commit intonextfrom
fix/cpl-152-dstack-ingress-digest
Mar 26, 2026
Merged

fix: correct dstack-ingress image digest (CPL-152)#188
Garandor merged 1 commit intonextfrom
fix/cpl-152-dstack-ingress-digest

Conversation

@Garandor
Copy link
Copy Markdown
Contributor

@Garandor Garandor commented Mar 26, 2026

Summary

Changes

- dstacktee/dstack-ingress:1.4@sha256:11c0481ca2e3566f514a1c8a2cc69af1e0bb9dab2e4ea49b469c81ec8e7c5c72
+ docker.io/dstacktee/dstack-ingress:1.4@sha256:11c0481ca1e2ef9c959187ff3c01c7f59c26d631c7717a571ad994b96203bb0b

Test plan

  • Deploy to next and verify https://test.chipotle.litprotocol.com/ serves over TLS

🤖 Generated with Claude Code

@linear
Copy link
Copy Markdown

linear bot commented Mar 26, 2026

CPL-152 Update docker-compose + deploy workflow for Phase 0

PR: #181 (target: next)

What was done

docker-compose.phala.yml

  • Added dstack-ingress service (pinned image @sha256: digest) for Route 53 DNS-01 TLS
  • All required dstack-ingress env vars: DOMAIN, GATEWAY_DOMAIN (_.dstack-base-prod5.phala.network), DNS_PROVIDER, TARGET_ENDPOINT, CERTBOT_EMAIL, SET_CAA
  • CERTBOT_EMAIL hardcoded to admin@litprotocol.com (public in ACME registration)
  • Route 53 credentials via CERTBOT_-prefixed env vars (CERTBOT_AWS_ACCESS_KEY_ID, CERTBOT_AWS_SECRET_ACCESS_KEY)
  • Optional AWS_ROLE_ARN / AWS_REGION documented as comments (not needed with direct IAM permissions)
  • cert-data volume for Let's Encrypt persistence
  • Comments link to dstack-ingress DNS_PROVIDERS.md
  • lit-static stays removed (moved to Cloudflare Pages in CPL-33)

.github/workflows/deploy-phala.yml

  • Custom domain is mandatory — no optional stripping logic
  • mainapi.chipotle.litprotocol.com, nexttest.chipotle.litprotocol.com
  • base_url and api_root_url derived from domain (no redundant URLs)
  • CERTBOT_AWS_ACCESS_KEY_ID is a GitHub variable (not a secret)
  • CERTBOT_AWS_SECRET_ACCESS_KEY is a GitHub secret

Required GitHub configuration

  • Variable: CERTBOT_AWS_ACCESS_KEY_ID — Route 53 IAM access key
  • Secret: CERTBOT_AWS_SECRET_ACCESS_KEY — Route 53 IAM secret key

Status

  • Compose file validates
  • Merged with next — conflicts resolved
  • CI green
  • Blocked on CPL-151 for IAM credentials + GitHub secrets

Blocked on

  • CPL-151 (IAM credentials + GitHub secrets)

@Garandor @claude
fix: correct dstack-ingress image digest (CPL-152)
f7d8609 
Use the digest from the official dstack-ingress v1.4 release:
https://github.com/Dstack-TEE/dstack-examples/releases/tag/dstack-ingress-v1.4

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Garandor Garandor force-pushed the fix/cpl-152-dstack-ingress-digest branch from 25864a4 to f7d8609 Compare March 26, 2026 21:54
@Garandor Garandor merged commit 1c01105 into next Mar 26, 2026
1 check passed
Garandor added a commit that referenced this pull request Mar 27, 2026
@Garandor @claude
fix: correct dstack-ingress image digest (CPL-152) (#188)
223a22e 
Use the digest from the official dstack-ingress v1.4 release:
https://github.com/Dstack-TEE/dstack-examples/releases/tag/dstack-ingress-v1.4

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Garandor