Skip to content

setup-a-ci-cd-pipeline.mdx

Latest commit

 

History

History
108 lines (78 loc) · 3.38 KB

setup-a-ci-cd-pipeline.mdx

File metadata and controls

108 lines (78 loc) · 3.38 KB
title Set Up a CI/CD Pipeline
description Automate CVM deployments with GitHub Actions

Automate your Phala Cloud deployments with GitHub Actions. Push to main, and your CVM updates automatically.

Prerequisites

  • A GitHub repository with your application code
  • A Phala Cloud account
  • A Docker Hub or container registry account

Configure Repository Secrets

Go to your repo's Settings > Secrets and variables > Actions and add these secrets:

Secret Description
PHALA_CLOUD_API_KEY From Phala Cloud Dashboard > Avatar > API Tokens
DOCKER_REGISTRY_USERNAME Your Docker Hub username
DOCKER_REGISTRY_PASSWORD Docker Hub access token
DOCKER_IMAGE Full image path, e.g., docker.io/username/my-app
APP_NAME CVM name, e.g., my-tee-app

Create the Workflow

Create .github/workflows/deploy.yml:

name: Deploy to Phala Cloud

on:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Log in to Docker Registry
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
          password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}

      - name: Build and Push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ secrets.DOCKER_IMAGE }}:${{ github.sha }}

      - name: Update compose with image tag
        run: |
          sed -i "s|\${DOCKER_IMAGE}|${{ secrets.DOCKER_IMAGE }}:${{ github.sha }}|g" docker-compose.yml

      - name: Install Phala CLI
        run: npm install -g phala

      - name: Deploy to Phala Cloud
        env:
          PHALA_CLOUD_API_KEY: ${{ secrets.PHALA_CLOUD_API_KEY }}
        run: phala deploy -c docker-compose.yml -n ${{ secrets.APP_NAME }}

Your docker-compose.yml should reference the image variable:

services:
  app:
    image: ${DOCKER_IMAGE}
    ports:
      - "80:80"

How It Works

  1. Push to main triggers the workflow
  2. Build creates a Docker image tagged with the commit SHA
  3. Push uploads the image to your registry
  4. Update replaces the image variable in docker-compose.yml
  5. Deploy creates or updates the CVM with phala deploy

The CLI automatically detects existing CVMs by name. If my-tee-app exists, it updates; otherwise, it creates a new one.

Verify Deployment

After the workflow completes, check your Phala Cloud Dashboard to confirm the CVM is running. The endpoint URL appears in the CVM details.

You can also verify from the command line:

phala cvms get my-tee-app

Troubleshooting

Authentication errors: Verify PHALA_CLOUD_API_KEY is set correctly. Test locally with phala status.

Build failures: Ensure your Dockerfile builds locally with docker build .

Deploy failures: Check that docker-compose.yml is valid and the image path matches your registry. For API error codes like ERR-01-xxx, see the Error Codes Reference.

Debug locally: Use act to run GitHub Actions locally with a .env file containing your secrets.