Phala Network Docs
  • Home
    • ๐Ÿ‘พPhala Network Docs
  • Overview
    • โš–๏ธPhala Network
      • ๐Ÿ’ŽPhala Cloud
      • ๐ŸฅทDstack
      • ๐Ÿ”GPU TEE
    • ๐Ÿ’ŽPHA Token
      • ๐Ÿช™Introduction
      • ๐Ÿ‘Delegation
        • Delegate to StakePool
        • What is Vault
        • What is Share
        • WrappedBalances & W-PHA
        • Examples of Delegation
        • Use Phala App to Delegate
        • Estimate Your Reward
      • ๐Ÿ—ณ๏ธGovernance
        • Governance Mechanism
        • Join the Council
        • Voting for Councillors
        • Apply for Project Funding
        • Phala Treasury
        • Phala Governance
        • Setting Up an Account Identity
  • Phala Cloud
    • ๐Ÿš€Getting Started
      • Sign-up for Cloud Account
      • Start from Cloud UI
      • Start from Cloud CLI
      • Start from Template
    • ๐ŸŸงLaunch an Eliza Agent
    • ๐Ÿ“ฆCreate CVM
      • Create CVM with Docker Compose
      • Create CVM with Private Docker Image
      • Set Secure Environment Variables
      • Access Your Applications
      • Setting Up Custom Domain
      • Debug Your Application
      • Deployment Cheat Sheet
    • โš™๏ธCVM Management
      • Upgrade Application
      • Resize Resources
      • Check Logs
      • Private Log Viewer
    • ๐Ÿ”„Deploy Docker App in TEE
      • Expose Service Port
      • Generate RA Report
      • Access Database
      • Create Crypto Wallet
    • ๐Ÿ›ณ๏ธSetup a CI/CD Pipeline
    • ๐Ÿ› ๏ธPhala Cloud CLI Reference
      • phala
        • auth
        • cvms
        • docker
        • simulator
    • Production Checklist
    • โ“FAQs
    • ๐Ÿ”Troubleshooting
    • ๐Ÿ“–Glossary
    • ๐Ÿ“‹References
    • ๐Ÿ”’Use Cases
      • TEE with AI
      • TEE with FHE and MPC
      • TEE with ZK and ZKrollup
  • Dstack
    • Overview
    • Getting Started
    • Hardware Requirements
    • Design Documents
      • Decentralized Root-of-Trust
      • Key Management Protocol
      • Zero Trust HTTPs (TLS)
    • Acknowledgement
  • LLM in GPU TEE
    • ๐Ÿ‘ฉโ€๐Ÿ’ปHost LLM in GPU TEE
    • ๐Ÿ”GPU TEE Inference API
    • ๐ŸŽ๏ธGPU TEE Benchmark
  • Tech Specs
    • โ›“๏ธBlockchain
      • Blockchain Entities
      • Cluster of Workers
      • Secret Key Hierarchy
  • References
    • ๐Ÿ”Setting Up a Wallet on Phala
      • Acquiring PHA
    • ๐ŸŒ‰SubBridge
      • Cross-chain Transfer
      • Supported Assets
      • Asset Integration Guide
      • Technical Details
    • ๐Ÿ‘ทCommunity Builders
    • ๐ŸคนHackathon Guides
      • ETHGlobal Singapore
      • ETHGlobal San Francisco
      • ETHGlobal Bangkok
    • ๐ŸคฏAdvanced Topics
      • Cross Chain Solutions
      • System Contract and Drivers
      • Run Local Testnet
      • SideVM
    • ๐Ÿ†˜Support
      • Available Phala Chains
      • Resource Limits
      • Transaction Costs
      • Compatibility Matrix
      • Block Explorers
      • Faucet
    • โ‰๏ธFAQ
  • Compute Providers
    • ๐Ÿ™ƒBasic Info
      • Introduction
      • Gemini Tokenomics (Worker Rewards)
      • Budget balancer
      • Staking Mechanism
      • Requirements in Phala
      • Confidence Level & SGX Function
      • Rent Hardware
      • Error Summary
    • ๐ŸฆฟRun Workers on Phala
      • Solo Worker Deployment
      • PRBv3 Deployment
      • Using PRBv3 UI
      • PRB Worker Deployment
      • Switch Workers from Solo to PRB Mode
      • Headers-cache deployment
      • Archive node deployment
    • ๐Ÿ›ก๏ธGatekeeper
      • Collator
      • Gatekeeper
  • Web Directory
    • Discord
    • GitHub
    • Twitter
    • YouTube
    • Forum
    • Medium
    • Telegram
  • Legacy
    • Information
    • โš’๏ธPhala SDK
    • ๐Ÿ‘จโ€๐Ÿš€Builders Program
    • ๐ŸฅทAI Agent Contract
      • WapoJS Functions
      • Phala Agent Gateway
  • AI Agent Contract (Legacy)
    • ๐Ÿ‘ฉโ€๐Ÿ’ปGetting Started
      • Build Your First AI Agent Contract
      • Build An Agent to Transact Onchain
      • Build Your AI Agent Contract with OpenAI
      • Build Your AI Agent Contract with LangChain
      • Integrate with 3rd Party API with HTTP Request
      • Run a Local Testnet With Docker
      • AI Agent Contract Templates
    • ๐Ÿง™โ€โ™‚๏ธExamples
      • Create a Weather Agent w/ Function Calling
    • โ›“๏ธSupported Chains
    • FAQ
  • Agent Wars (Legacy)
    • ๐Ÿ“œIntroduction
    • ๐Ÿ’ธTokenomics
    • โ–ถ๏ธGetting Started
      • Wallet Setup & Get PHA
      • Buy and Sell Keys
    • ๐Ÿง‘โ€๐ŸซTutorial
Powered by GitBook
LogoLogo

Participate

  • Compute Providers
  • Node
  • Community
  • About Us

Resources

  • Technical Whitepaper
  • Token Economics
  • Docs
  • GitHub

More

  • Testnet
  • Explorer
  • Careers
  • Responsible Disclosure

COPYRIGHT ยฉ 2024 PHALA.LTD ALL RIGHTS RESERVED. May Phala be with you!

On this page
  • ๐Ÿ“‹ Prerequisites
  • ๐Ÿ”ง Step 1: Configure Repository Secrets
  • ๐Ÿš€ Step 2: Deployment Workflow
  • โœ… Step 3: Verify The Deployment
  • ๐Ÿ› ๏ธ Troubleshooting

Was this helpful?

Edit on GitHub
  1. Phala Cloud

Setup a CI/CD Pipeline

PreviousCreate Crypto WalletNextPhala Cloud CLI Reference

Last updated 6 days ago

Was this helpful?

This is a starter template for building a Phala Cloud TEE application easily with CI/CD instead of manually local build and deploy. You can fork this repository to start your own Cloud TEE application.

๐Ÿ“‹ Prerequisites

  • Fork the GitHub repository

  • Phala Cloud account ()

  • Docker Hub/Registry account, to push the built docker image to the registry

๐Ÿ”ง Step 1: Configure Repository Secrets

  1. Go to your repo Settings โ†’ Secrets and variables โ†’ Actions

  2. Add these required secrets:

Secret Name
Description
How to Get

DOCKER_REGISTRY_USERNAME

Your container registry username

From your Docker Hub/Registry account

DOCKER_REGISTRY_PASSWORD

Registry password/access token

PHALA_CLOUD_API_KEY

Phala Cloud authentication key

APP_NAME

Deployment name (e.g., my-tee-app)

Choose name without special characters except -

DOCKER_IMAGE

Full image path (e.g., docker.io/username/image-name)

Follow registry naming conventions

The above secrets are required for the deployment workflow to work. And you can add more secrets to the repository as needed. These secrets will be used in the deployment workflow to build the docker image and deploy to Phala TEE Cloud. Once the secrets are added, you can trigger the deployment workflow anytime.

๐Ÿš€ Step 2: Deployment Workflow

The GitHub Action will automatically:

  1. Build Docker image from Dockerfile, api-server/Dockerfile in this example.

  2. Push built docker image to your container registry

  3. Update the docker compose file with the new image

  4. Deploy to Phala TEE Cloud using phala CLI with the name you set in APP_NAME with the updated docker compose file.

Trigger Conditions:

on:
  push:
    branches: [main]
    paths:  # Only trigger when these files change, you can add more files to the list
      - "api-server/pyproject.toml"
      - "api-server/Dockerfile"
  workflow_dispatch:  # Manual trigger available

If you want to deploy to Phala TEE Cloud manually, you can trigger the workflow manually from the GitHub Actions page.

Docker Image Build and Publish:

Here the docker image that will be used is built and published to the Docker registry. After this is done, the docker image is updated in the ./api-server/docker-compose.yml file.

- name: Log in to GitHub Container Registry
  uses: docker/login-action@v3
  with:
    registry: ${{ env.DOCKER_REGISTRY }}
    username: ${{ env.DOCKER_REGISTRY_USERNAME }}
    password: ${{ env.DOCKER_REGISTRY_PASSWORD }}

- name: Build and Push Docker image
  uses: docker/build-push-action@v5
  with:
    context: api-server
    file: api-server/Dockerfile
    push: true
    tags: |
      ${{ env.DOCKER_IMAGE }}:latest
          ${{ env.DOCKER_IMAGE }}:${{ github.sha }}
- name: Update Docker Compose
  run: |
    sed -i "s|\${DOCKER_IMAGE}|${DOCKER_IMAGE}|g" ./api-server/docker-compose.yml

Phala Cloud Github Action:

Next, you will see where the PHALA_CLOUD_API_KEY and the APP_NAME will be used when configuring your CVM for deployment.

- name: Deploy to Phala Cloud
  uses: Leechael/phala-deploy-action@v2
  with:
    # Required parameters
    phala-api-key: ${{ secrets.PHALA_CLOUD_API_KEY }}
    
    # Optional parameters (with defaults)
    cvm-name: ''
    compose-file: './api-server/docker-compose.yml'  # Default: './docker-compose.yml'
    vcpu: '4'                         # Default: '2'
    memory: '4096'                    # Default: '2048'
    disk-size: '10'                   # Default: '40'
    envs: |                           # Environment variables in YAML format (will be converted to dotenv)
      EXAMPLE_ENV_VAR: 'none'
    app-id: ${{ secrets.APP_ID }}     # App ID of existing CVM to (if updating)
    node-id: ''                       # Node ID (Teepod ID)
    base-image: ''                    # Base image to use for the CVM

Lastly, the Phala deploy action will launch the CVM based on the configuration. Some important information for the action:

Parameter Name
Description
Value

phala-api-key

string (i.e phat_kekwhfh)

cvm-name

The name of the app/CVM to the value of our APP_NAME (if set) secret (e.g. โ€œmy-tee-appโ€). This name is what youโ€™ll see in the Phala Cloud dashboard.

string (i.e my-app)

compose-file

The docker compose file that will be our docker application deployed to the CVM.

file path (i.e. ./api-server/docker-compose.yml)

vcpu

Number of vCPUs for the CVM

string|number (i.e. "2")

memory

Amount of memory for the CVM

string|number in MB (i.e. "2048")

disk-size

Amount of disk storage for the CVM

string|number in GB (i.e. "20")

envs

Encrypted environment variables for the CVM

KEY: VALUE

app-id

(For upgrades) The app ID of the CVM. This is used for upgrades

app-id

node-id

The TEE node (teepod) ID of the TEE server. (Can leave empty)

string|number (i.e. "3")

base-image

Dstack base image used to deploy the CVM

string (i.e. dstack-0.3.5 or dev-dstack-0.3.5)

โœ… Step 3: Verify The Deployment

And then you can see the deployment details on the dashboard and visit the endpoint to test the application.

๐Ÿ› ๏ธ Troubleshooting

Common issues:

  1. Authentication Errors: Verify all secrets are correctly set

  2. Docker Build Failures: Check api-server/Dockerfile syntax

  3. Debug Github Actions Locally: You can debug the Github Actions locally by running act command. The act can be installed from https://github.com/nektos/act. The secerts you need to set are the same as the ones in the repository secrets to local .env file in the root of the repository.

From โ†’ "Create Token"

The API key for your Phala Cloud account. Obtain this from the Phala Cloud Dashboard: log in and use the โ€œCreate Tokenโ€ function to generate an API key. Follow the guide on .

After successful workflow run once the workflow is triggered and the deployment is successful, you can verify the deployment on .

๐Ÿ›ณ๏ธ
cloud-tee-starter-template
Sign up with Redeem Code
Phala Cloud Dashboard
Generate access token
Phala Cloud Dashboard
how to generate a Phala Cloud API Key