Setup a CI/CD Pipeline
Last updated
Was this helpful?
Last updated
Was this helpful?
This is a starter template for building a Phala Cloud TEE application easily with CI/CD instead of manually local build and deploy. You can fork this repository to start your own Cloud TEE application.
Fork the GitHub repository
Phala Cloud account ()
Docker Hub/Registry account, to push the built docker image to the registry
Go to your repo Settings โ Secrets and variables โ Actions
Add these required secrets:
DOCKER_REGISTRY_USERNAME
Your container registry username
From your Docker Hub/Registry account
DOCKER_REGISTRY_PASSWORD
Registry password/access token
PHALA_CLOUD_API_KEY
Phala Cloud authentication key
APP_NAME
Deployment name (e.g., my-tee-app)
Choose name without special characters except -
DOCKER_IMAGE
Full image path (e.g., docker.io/username/image-name)
Follow registry naming conventions
The above secrets are required for the deployment workflow to work. And you can add more secrets to the repository as needed. These secrets will be used in the deployment workflow to build the docker image and deploy to Phala TEE Cloud. Once the secrets are added, you can trigger the deployment workflow anytime.
The GitHub Action will automatically:
Build Docker image from Dockerfile, api-server/Dockerfile in this example.
Push built docker image to your container registry
Update the docker compose file with the new image
Deploy to Phala TEE Cloud using phala CLI with the name you set in APP_NAME with the updated docker compose file.
If you want to deploy to Phala TEE Cloud manually, you can trigger the workflow manually from the GitHub Actions page.
Here the docker image that will be used is built and published to the Docker registry. After this is done, the docker image is updated in the ./api-server/docker-compose.yml file.
Next, you will see where the PHALA_CLOUD_API_KEY and the APP_NAME will be used when configuring your CVM for deployment.
Lastly, the Phala deploy action will launch the CVM based on the configuration. Some important information for the action:
phala-api-key
string (i.e phat_kekwhfh)
cvm-name
The name of the app/CVM to the value of our APP_NAME (if set) secret (e.g. โmy-tee-appโ). This name is what youโll see in the Phala Cloud dashboard.
string (i.e my-app)
compose-file
The docker compose file that will be our docker application deployed to the CVM.
file path (i.e. ./api-server/docker-compose.yml)
vcpu
Number of vCPUs for the CVM
string|number (i.e. "2")
memory
Amount of memory for the CVM
string|number in MB (i.e. "2048")
disk-size
Amount of disk storage for the CVM
string|number in GB (i.e. "20")
envs
Encrypted environment variables for the CVM
KEY: VALUE
app-id
(For upgrades) The app ID of the CVM. This is used for upgrades
app-id
node-id
The TEE node (teepod) ID of the TEE server. (Can leave empty)
string|number (i.e. "3")
base-image
Dstack base image used to deploy the CVM
string (i.e. dstack-0.3.5 or dev-dstack-0.3.5)
And then you can see the deployment details on the dashboard and visit the endpoint to test the application.
Common issues:
Authentication Errors: Verify all secrets are correctly set
Docker Build Failures: Check api-server/Dockerfile syntax
Debug Github Actions Locally: You can debug the Github Actions locally by running act command. The act can be installed from https://github.com/nektos/act. The secerts you need to set are the same as the ones in the repository secrets to local .env file in the root of the repository.
From โ "Create Token"
The API key for your Phala Cloud account. Obtain this from the Phala Cloud Dashboard: log in and use the โCreate Tokenโ function to generate an API key. Follow the guide on .
After successful workflow run once the workflow is triggered and the deployment is successful, you can verify the deployment on .
