From 8c23050f30d5fb37554cc70954319548574a36b3 Mon Sep 17 00:00:00 2001 From: k9ert <117085+k9ert@users.noreply.github.com> Date: Tue, 7 Apr 2026 10:56:55 +0200 Subject: [PATCH 1/6] feat: add blink-terminal Tilt dev setup Co-Authored-By: Claude Opus 4.6 (1M context) --- .../blink-terminal/templates/deployment.yaml | 5 ++- dev/addons/Tiltfile | 39 +++++++++++++++++++ dev/addons/blink-terminal-values.yml | 22 +++++++++++ dev/common/add-helm-repos.sh | 2 +- 4 files changed, 66 insertions(+), 2 deletions(-) create mode 100644 dev/addons/blink-terminal-values.yml diff --git a/charts/blink-terminal/templates/deployment.yaml b/charts/blink-terminal/templates/deployment.yaml index 59e0ccbc40..1b89f5348b 100644 --- a/charts/blink-terminal/templates/deployment.yaml +++ b/charts/blink-terminal/templates/deployment.yaml @@ -48,7 +48,10 @@ spec: key: "database-url" containers: - name: blink-terminal - image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" + image: "{{ .Values.image.repository }}{{ if .Values.image.digest }}@{{ .Values.image.digest }}{{ else }}:{{ .Values.image.tag | default "latest" }}{{ end }}" + {{- if .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- end }} ports: - containerPort: {{ .Values.service.port }} readinessProbe: diff --git a/dev/addons/Tiltfile b/dev/addons/Tiltfile index 51ac3eed7f..dfbd9627cb 100644 --- a/dev/addons/Tiltfile +++ b/dev/addons/Tiltfile @@ -154,3 +154,42 @@ helm_release( ) k8s_resource(workload='voucher', labels='addons') + +# blink-terminal +k8s_yaml(secret_from_dict( + name='blink-terminal', + namespace=addons_namespace, + inputs={ + "database-url" : "postgres://blink_terminal:blink_terminal@blink-terminal-postgresql:5432/blink_terminal", + "redis-password" : "", + "jwt-secret" : "dummy-jwt-secret-for-dev", + "encryption-key" : "dummy-encryption-key-for-dev", + "network-encryption-key" : "dummy-network-encryption-key", + "blinkpos-api-key" : "dummy", + "blinkpos-btc-wallet-id" : "dummy", + "blink-webhook-secret" : "dummy", + "citrusrate-api-key" : "dummy", + "citrusrate-base-url" : "https://api.citrusrate.com", + "pg-user-pw" : "blink_terminal" + } +)) + +helm_release( + '../../charts/blink-terminal', + name = 'blink-terminal', + namespace = addons_namespace, + values = ['./blink-terminal-values.yml'], + dependency_build=True, + add_repos=True +) + +k8s_resource(workload='blink-terminal', labels='addons') + +k8s_yaml(secret_from_dict( + name='blink-terminal-smoketest', + namespace=smoketest_namespace, + inputs={ + 'blink_terminal_endpoint' : 'blink-terminal.{}.svc.cluster.local'.format(addons_namespace), + 'blink_terminal_port' : '3000' + } +)) diff --git a/dev/addons/blink-terminal-values.yml b/dev/addons/blink-terminal-values.yml new file mode 100644 index 0000000000..de4c5c14e4 --- /dev/null +++ b/dev/addons/blink-terminal-values.yml @@ -0,0 +1,22 @@ +image: + repository: us.gcr.io/galoy-org/blink-terminal + digest: "" + tag: "latest" + pullPolicy: Never + +secrets: + create: false + +blinkTerminal: + blinkApiUrl: "http://galoy-oathkeeper-proxy.galoy-dev-galoy.svc.cluster.local:4455/graphql" + blinkEnvironment: "development" + enableHybridStorage: "false" + +postgresql: + auth: + existingSecret: blink-terminal + secretKeys: + userPasswordKey: "pg-user-pw" + primary: + persistence: + enabled: false diff --git a/dev/common/add-helm-repos.sh b/dev/common/add-helm-repos.sh index 886fa4b6ff..bbda69f51d 100755 --- a/dev/common/add-helm-repos.sh +++ b/dev/common/add-helm-repos.sh @@ -1,7 +1,7 @@ #!/bin/bash function add_helm_repos() { - yq e '.dependencies[] | select(.repository | test("^oci://") | not) | .name + " " + .repository' "$1" | while read -r name repo; do + yq e '.dependencies[] | select(.repository != "" and (.repository | test("^oci://") | not)) | .name + " " + .repository' "$1" | while read -r name repo; do helm repo add "$name" "$repo" done } From 126560445ef9f8e7fc180104f542d8fb30a6a54e Mon Sep 17 00:00:00 2001 From: k9ert <117085+k9ert@users.noreply.github.com> Date: Tue, 7 Apr 2026 11:55:10 +0200 Subject: [PATCH 2/6] feat: add port-forward + document local image build Co-Authored-By: Claude Opus 4.6 (1M context) --- dev/addons/Tiltfile | 2 +- dev/addons/blink-terminal-values.yml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/dev/addons/Tiltfile b/dev/addons/Tiltfile index dfbd9627cb..b35c456a8e 100644 --- a/dev/addons/Tiltfile +++ b/dev/addons/Tiltfile @@ -183,7 +183,7 @@ helm_release( add_repos=True ) -k8s_resource(workload='blink-terminal', labels='addons') +k8s_resource(workload='blink-terminal', labels='addons', port_forwards='3100:3000') k8s_yaml(secret_from_dict( name='blink-terminal-smoketest', diff --git a/dev/addons/blink-terminal-values.yml b/dev/addons/blink-terminal-values.yml index de4c5c14e4..2d874c96a0 100644 --- a/dev/addons/blink-terminal-values.yml +++ b/dev/addons/blink-terminal-values.yml @@ -1,3 +1,8 @@ +# TODO: remove image overrides once CI publishes a real image to GCR +# After that, the chart's default digest will work and this block can be deleted +# Until then: build locally and import into k3d: +# cd ~/src/blink-terminal && docker build -t us.gcr.io/galoy-org/blink-terminal:latest . +# k3d image import us.gcr.io/galoy-org/blink-terminal:latest image: repository: us.gcr.io/galoy-org/blink-terminal digest: "" From b93c2c16c95219cdd2720147dd1c20add7bbd829 Mon Sep 17 00:00:00 2001 From: k9ert <117085+k9ert@users.noreply.github.com> Date: Wed, 15 Apr 2026 15:26:33 +0200 Subject: [PATCH 3/6] fix(blink-terminal): use published digest + stop reload loop - bump chart digest to sha256:7dcab573 (prior 932eff48 was never pushed) - drop local image override in dev/addons/blink-terminal-values.yml - set HOSTNAME=0.0.0.0 so Next.js 14 binds on all ifaces (port-forward) - Tiltfile: ignore tmpcharts-*/** to stop helm-dep-build reload loop Co-Authored-By: Claude Opus 4.6 (1M context) --- charts/blink-terminal/templates/deployment.yaml | 2 ++ dev/Tiltfile | 2 +- dev/addons/blink-terminal-values.yml | 11 ----------- 3 files changed, 3 insertions(+), 12 deletions(-) diff --git a/charts/blink-terminal/templates/deployment.yaml b/charts/blink-terminal/templates/deployment.yaml index 1b89f5348b..717805e9ef 100644 --- a/charts/blink-terminal/templates/deployment.yaml +++ b/charts/blink-terminal/templates/deployment.yaml @@ -67,6 +67,8 @@ spec: initialDelaySeconds: 15 periodSeconds: 30 env: + - name: HOSTNAME + value: "0.0.0.0" - name: BLINK_API_URL value: {{ .Values.blinkTerminal.blinkApiUrl }} - name: BLINK_ENVIRONMENT diff --git a/dev/Tiltfile b/dev/Tiltfile index acc19bcaa1..73ad5ba7ec 100644 --- a/dev/Tiltfile +++ b/dev/Tiltfile @@ -7,4 +7,4 @@ include('./stablesats/Tiltfile') include('./kafka-connect/Tiltfile') include('./smoketest/Tiltfile') -watch_settings(ignore=['**/charts/*.tgz', '**/tmpcharts-*']) +watch_settings(ignore=['**/charts/*.tgz', '**/tmpcharts-*', '**/tmpcharts-*/**']) diff --git a/dev/addons/blink-terminal-values.yml b/dev/addons/blink-terminal-values.yml index 2d874c96a0..3259a8b013 100644 --- a/dev/addons/blink-terminal-values.yml +++ b/dev/addons/blink-terminal-values.yml @@ -1,14 +1,3 @@ -# TODO: remove image overrides once CI publishes a real image to GCR -# After that, the chart's default digest will work and this block can be deleted -# Until then: build locally and import into k3d: -# cd ~/src/blink-terminal && docker build -t us.gcr.io/galoy-org/blink-terminal:latest . -# k3d image import us.gcr.io/galoy-org/blink-terminal:latest -image: - repository: us.gcr.io/galoy-org/blink-terminal - digest: "" - tag: "latest" - pullPolicy: Never - secrets: create: false From ab3b13145f182558c36bbfe5de4bee5130c943e9 Mon Sep 17 00:00:00 2001 From: k9ert <117085+k9ert@users.noreply.github.com> Date: Tue, 21 Apr 2026 10:14:07 +0200 Subject: [PATCH 4/6] refactor(blink-terminal): citrusrate-base-url as plain value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Non-secret URL — moved out of Vault/secret into values.yaml env. Matches blink-org-infra#378 decision to drop it from Vault. Co-Authored-By: Claude Opus 4.7 (1M context) --- charts/blink-terminal/templates/deployment.yaml | 5 +---- charts/blink-terminal/templates/secrets.yaml | 1 - charts/blink-terminal/values.yaml | 2 +- dev/addons/Tiltfile | 1 - 4 files changed, 2 insertions(+), 7 deletions(-) diff --git a/charts/blink-terminal/templates/deployment.yaml b/charts/blink-terminal/templates/deployment.yaml index 717805e9ef..28a102c028 100644 --- a/charts/blink-terminal/templates/deployment.yaml +++ b/charts/blink-terminal/templates/deployment.yaml @@ -133,9 +133,6 @@ spec: name: {{ template "blink-terminal.fullname" . }} key: "citrusrate-api-key" - name: CITRUSRATE_BASE_URL - valueFrom: - secretKeyRef: - name: {{ template "blink-terminal.fullname" . }} - key: "citrusrate-base-url" + value: {{ .Values.blinkTerminal.citrusrateBaseUrl }} resources: {{ toYaml .Values.resources | nindent 10 }} diff --git a/charts/blink-terminal/templates/secrets.yaml b/charts/blink-terminal/templates/secrets.yaml index ec2928d16f..6395150033 100644 --- a/charts/blink-terminal/templates/secrets.yaml +++ b/charts/blink-terminal/templates/secrets.yaml @@ -18,5 +18,4 @@ data: blinkpos-btc-wallet-id: {{ .Values.secrets.blinkposBtcWalletId | b64enc | quote }} blink-webhook-secret: {{ .Values.secrets.blinkWebhookSecret | b64enc | quote }} citrusrate-api-key: {{ .Values.secrets.citrusrateApiKey | b64enc | quote }} - citrusrate-base-url: {{ .Values.secrets.citrusrateBaseUrl | b64enc | quote }} {{- end }} diff --git a/charts/blink-terminal/values.yaml b/charts/blink-terminal/values.yaml index 9c6ef5c95d..388d5b3cba 100644 --- a/charts/blink-terminal/values.yaml +++ b/charts/blink-terminal/values.yaml @@ -12,7 +12,6 @@ secrets: blinkposBtcWalletId: "" blinkWebhookSecret: "" citrusrateApiKey: "" - citrusrateBaseUrl: "" blinkTerminal: blinkApiUrl: "http://galoy-oathkeeper-proxy.galoy-dev-galoy.svc.cluster.local:4455/graphql" blinkEnvironment: "staging" @@ -23,6 +22,7 @@ blinkTerminal: loglevel: "info" otelExporterOtlpEndpoint: http://localhost:4318 tracingServiceName: "blink-terminal" + citrusrateBaseUrl: "https://api.citrusrate.com" image: repository: us.gcr.io/galoy-org/blink-terminal digest: "sha256:f905ff77db8455fc5c7e0a0ff77e7056d2eb34a5276a54c2ff7c7b37ecd7ef02" # METADATA:: repository=https://github.com/blinkbitcoin/blink-terminal;commit_ref=5541b76;app=blink-terminal; diff --git a/dev/addons/Tiltfile b/dev/addons/Tiltfile index b35c456a8e..c82a0dc293 100644 --- a/dev/addons/Tiltfile +++ b/dev/addons/Tiltfile @@ -169,7 +169,6 @@ k8s_yaml(secret_from_dict( "blinkpos-btc-wallet-id" : "dummy", "blink-webhook-secret" : "dummy", "citrusrate-api-key" : "dummy", - "citrusrate-base-url" : "https://api.citrusrate.com", "pg-user-pw" : "blink_terminal" } )) From be6efa3ae4c551588ae9a9f9924d6d9379658d5e Mon Sep 17 00:00:00 2001 From: k9ert <117085+k9ert@users.noreply.github.com> Date: Tue, 21 Apr 2026 12:05:53 +0200 Subject: [PATCH 5/6] fix(blink-terminal): citrusrate URL + drop stale testflight secret - values.yaml default: https://citrusrate-be.onrender.com (matches app) - testflight: drop citrusrate-base-url from Secret (chart reads from values) Co-Authored-By: Claude Opus 4.7 (1M context) --- charts/blink-terminal/values.yaml | 2 +- ci/testflight/blink-terminal/main.tf | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/charts/blink-terminal/values.yaml b/charts/blink-terminal/values.yaml index 388d5b3cba..4f69b8fbf5 100644 --- a/charts/blink-terminal/values.yaml +++ b/charts/blink-terminal/values.yaml @@ -22,7 +22,7 @@ blinkTerminal: loglevel: "info" otelExporterOtlpEndpoint: http://localhost:4318 tracingServiceName: "blink-terminal" - citrusrateBaseUrl: "https://api.citrusrate.com" + citrusrateBaseUrl: "https://citrusrate-be.onrender.com" image: repository: us.gcr.io/galoy-org/blink-terminal digest: "sha256:f905ff77db8455fc5c7e0a0ff77e7056d2eb34a5276a54c2ff7c7b37ecd7ef02" # METADATA:: repository=https://github.com/blinkbitcoin/blink-terminal;commit_ref=5541b76;app=blink-terminal; diff --git a/ci/testflight/blink-terminal/main.tf b/ci/testflight/blink-terminal/main.tf index 3f38d725a3..8b14cefd26 100644 --- a/ci/testflight/blink-terminal/main.tf +++ b/ci/testflight/blink-terminal/main.tf @@ -57,7 +57,6 @@ resource "kubernetes_secret" "blink_terminal" { "blinkpos-btc-wallet-id" : "dummy" "blink-webhook-secret" : "dummy" "citrusrate-api-key" : "dummy" - "citrusrate-base-url" : "https://api.citrusrate.com" "pg-user-pw" : random_password.postgresql.result } } From a96f7821c77403ec82033377a439164630c84d13 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Tue, 28 Apr 2026 10:48:53 +0200 Subject: [PATCH 6/6] fix: conflict, change applied already --- dev/common/add-helm-repos.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/common/add-helm-repos.sh b/dev/common/add-helm-repos.sh index bbda69f51d..886fa4b6ff 100755 --- a/dev/common/add-helm-repos.sh +++ b/dev/common/add-helm-repos.sh @@ -1,7 +1,7 @@ #!/bin/bash function add_helm_repos() { - yq e '.dependencies[] | select(.repository != "" and (.repository | test("^oci://") | not)) | .name + " " + .repository' "$1" | while read -r name repo; do + yq e '.dependencies[] | select(.repository | test("^oci://") | not) | .name + " " + .repository' "$1" | while read -r name repo; do helm repo add "$name" "$repo" done }