chore: retire next branch, main now drives staging deploys (CPL-272)

.github/workflows/contract-bindings-check.yml

@@ -2,7 +2,7 @@ name: Contract Bindings Check
 
 on:
   push:
-    branches: [main, next]
+    branches: [main]
   pull_request:
 
 permissions:

.github/workflows/deploy-staging.yml

@@ -1,8 +1,7 @@
 # Deploy lit-api-server + lit-actions + otel-collector to Phala CVM
 #
 # Deployment targets:
-#   push to next → chipotle-next (direct automated deploy)
-#   push to main → chipotle-dev  (direct automated deploy)
+#   push to main → chipotle-next (direct automated deploy)
 #
 # For production (v* tag) deploys, see deploy-prod-1-propose.yml and deploy-prod-2-execute.yml.
 #
@@ -56,7 +55,7 @@ concurrency:
 
 on:
   push:
-    branches: [main, next]
+    branches: [main]
   workflow_dispatch:
 
 jobs:
@@ -101,16 +100,10 @@ jobs:
         id: set
         run: |
           if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            echo "phala_app_name=chipotle-dev" >> "$GITHUB_OUTPUT"
-            echo "instance_type=tdx.large" >> "$GITHUB_OUTPUT"
-            echo "gcp_project_id=chipotle-dev" >> "$GITHUB_OUTPUT"
-            echo "node_config=NodeConfig.main.toml" >> "$GITHUB_OUTPUT"
-            DOMAIN="api.dev.litprotocol.com"
-          elif [ "${{ github.ref }}" = "refs/heads/next" ]; then
             echo "phala_app_name=chipotle-next" >> "$GITHUB_OUTPUT"
             echo "instance_type=tdx.small" >> "$GITHUB_OUTPUT"
             echo "gcp_project_id=chipotle-next" >> "$GITHUB_OUTPUT"
-            echo "node_config=NodeConfig.next.toml" >> "$GITHUB_OUTPUT"
+            echo "node_config=NodeConfig.main.toml" >> "$GITHUB_OUTPUT"
             DOMAIN="test.chipotle.litprotocol.com"
           else
             echo "Unsupported branch for deployment"
@@ -292,8 +285,8 @@ jobs:
         env:
           PHALA_CLOUD_API_KEY: ${{ secrets.PHALA_CLOUD_API_KEY }}
           PHALA_PRIVATE_KEY: ${{ secrets.PHALA_DSTACKAPP_PRIVATE_KEY }}
-          STRIPE_SECRET_KEY: ${{ github.ref != 'refs/heads/main' && secrets.STRIPE_SANDBOX_SECRET_KEY || '' }}
-          STRIPE_PUBLISHABLE_KEY: ${{ github.ref != 'refs/heads/main' && secrets.STRIPE_SANDBOX_PUBLISHABLE_KEY || '' }}
+          STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SANDBOX_SECRET_KEY }}
+          STRIPE_PUBLISHABLE_KEY: ${{ secrets.STRIPE_SANDBOX_PUBLISHABLE_KEY }}
           GCP_SERVICE_ACCOUNT_JSON: ${{ secrets.GCP_SERVICE_ACCOUNT_JSON }}
           BASE_CHAIN_RPC: ${{ secrets.BASE_CHAIN_RPC }}
           CERTBOT_AWS_ACCESS_KEY_ID: ${{ secrets.CERTBOT_AWS_ACCESS_KEY_ID }}

.github/workflows/deploy-static.yml

@@ -1,7 +1,7 @@
 name: Deploy Static Site
 on:
   push:
-    branches: [main, next]
+    branches: [main]
     paths:
       - 'lit-static/**'
       - '.github/workflows/deploy-static.yml'
@@ -17,26 +17,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-
-      - name: Inject API URL
-        run: sed -i "s|__LIT_API_BASE_URL__|https://api.dev.litprotocol.com|g" lit-static/dapps/dashboard/auth.js
-
-      - name: Deploy to Cloudflare Pages
-        uses: cloudflare/wrangler-action@v3
-        with:
-          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-          accountId: ${{ vars.CLOUDFLARE_ACCOUNT_ID }}
-          command: pages deploy lit-static --project-name=lit-static-dev --branch=main
-
-  deploy-next:
-    if: github.ref == 'refs/heads/next'
-    runs-on: self-hosted
-    steps:
-      - uses: actions/checkout@v4
-
       - uses: actions/setup-node@v4
         with:
           node-version: "20"
@@ -71,4 +51,4 @@ jobs:
         with:
           apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           accountId: ${{ vars.CLOUDFLARE_ACCOUNT_ID }}
-          command: pages deploy lit-static --project-name=lit-static-dev --branch=${{ github.head_ref }}
+          command: pages deploy lit-static --project-name=lit-static-next --branch=${{ github.head_ref }}

.github/workflows/k6-client-check.yml

@@ -5,7 +5,7 @@ name: k6 Client Check
 
 on:
   push:
-    branches: [main, next]
+    branches: [main]
   pull_request:
 
 permissions:

.github/workflows/k6-correctness.yml

@@ -37,7 +37,7 @@ jobs:
   correctness:
     runs-on: self-hosted
     env:
-      K6_ACCOUNTS_FILE: ${{ inputs.accounts_file || (github.ref_name == 'next' && './data/accounts.next.json' || './data/accounts.dev.json') }}
+      K6_ACCOUNTS_FILE: ${{ inputs.accounts_file || (github.ref_name == 'main' && './data/accounts.next.json' || './data/accounts.dev.json') }}
     steps:
       - uses: actions/checkout@v4
 

.github/workflows/k6-smoke.yml

@@ -37,7 +37,7 @@ jobs:
   k6-smoke:
     runs-on: self-hosted
     env:
-      K6_ACCOUNTS_FILE: ${{ inputs.accounts_file || (github.ref_name == 'next' && './data/accounts.next.json' || './data/accounts.dev.json') }}
+      K6_ACCOUNTS_FILE: ${{ inputs.accounts_file || (github.ref_name == 'main' && './data/accounts.next.json' || './data/accounts.dev.json') }}
     steps:
       - uses: actions/checkout@v4
 

.github/workflows/phala-simulator.yml

@@ -21,7 +21,7 @@ name: Phala Simulator Validation
 
 on:
   push:
-    branches: [main, next]
+    branches: [main]
   pull_request:
 
 permissions:
@@ -195,12 +195,8 @@ jobs:
             exit 1
           }
 
-          # Copy branch-appropriate config (NodeConfig.toml is gitignored); main uses main.toml, others use next.toml.
-          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            cp lit-api-server/NodeConfig.main.toml lit-api-server/NodeConfig.toml
-          else
-            cp lit-api-server/NodeConfig.next.toml lit-api-server/NodeConfig.toml
-          fi
+          # NodeConfig.toml is gitignored; copy the main config in.
+          cp lit-api-server/NodeConfig.main.toml lit-api-server/NodeConfig.toml
           # Pick a random free TCP port per run so concurrent jobs on the
           # same self-hosted host don't collide on the default Rocket port
           # (8000). ROCKET_PORT overrides lit-api-server/Rocket.toml.

Dockerfile

@@ -46,8 +46,8 @@ COPY --from=builder /app/lit-actions/target/debug/lit_actions /usr/local/bin/
 # Copy static assets (served by lit-api-server)
 COPY --from=builder /app/lit-api-server/static /app/lit-api-server/static/
 
-# Copy configuration file (main branch uses NodeConfig.main.toml; default: next)
-ARG NODE_CONFIG=NodeConfig.next.toml
+# Copy configuration file.
+ARG NODE_CONFIG=NodeConfig.main.toml
 COPY lit-api-server/${NODE_CONFIG} /app/NodeConfig.toml
 
 # Copy and set entrypoint script (starts lit_actions in background, then lit-api-server)

Dockerfile.lit-api-server

@@ -27,8 +27,8 @@ COPY --from=builder /build/lit-api-server/target/release/lit-api-server /usr/loc
 COPY --from=builder /build/lit-api-server/Rocket.toml /app/
 COPY --from=builder /build/lit-api-server/rpc-config.yaml /app/
 COPY --from=builder /build/lit-api-server/log_levels.toml /app/
-# NodeConfig.toml required at startup (main branch uses NodeConfig.main.toml; default: next)
-ARG NODE_CONFIG=NodeConfig.next.toml
+# NodeConfig.toml required at startup.
+ARG NODE_CONFIG=NodeConfig.main.toml
 COPY --from=builder /build/lit-api-server/${NODE_CONFIG} /app/NodeConfig.toml
 
 CMD ["lit-api-server"]

justfile

@@ -8,12 +8,12 @@ image_tag := env('DOCKER_TAG', `uuidgen | tr '[:upper:]' '[:lower:]' | tr -d '\n
 image_lit_actions     := image_base + '-lit-actions:'     + image_tag
 image_lit_api_server  := image_base + '-lit-api-server:'  + image_tag
 image_otel_collector  := image_base + '-otel-collector:'  + image_tag
-# main → chipotle-dev; any other branch → chipotle-next (override with PHALA_APP_NAME)
-app_name       := `git branch --show-current | xargs -I {} sh -c '[ "{}" = "main" ] && echo chipotle-dev || echo chipotle-next'`
-instance_type  := `git branch --show-current | xargs -I {} sh -c '[ "{}" = "main" ] && echo tdx.small || echo tdx.small'`
-gcp_project_id := `git branch --show-current | xargs -I {} sh -c '[ "{}" = "main" ] && echo chipotle-dev || echo chipotle-next'`
-node_config    := `git branch --show-current | xargs -I {} sh -c '[ "{}" = "main" ] && echo NodeConfig.main.toml || echo NodeConfig.next.toml'`
-domain         := `git branch --show-current | xargs -I {} sh -c '[ "{}" = "main" ] && echo api.dev.litprotocol.com || echo test.chipotle.litprotocol.com'`
+# main → chipotle-next (override with PHALA_APP_NAME)
+app_name       := 'chipotle-next'
+instance_type  := 'tdx.small'
+gcp_project_id := 'chipotle-next'
+node_config    := 'NodeConfig.main.toml'
+domain         := 'test.chipotle.litprotocol.com'
 
 import "justfile.deploy"
 import "justfile.sim"

justfile.sim

@@ -173,13 +173,8 @@ sim-verify: sim-build verifier-build api-server
         exit 1
     }
 
-    # Copy branch-appropriate config (NodeConfig.toml is gitignored); main uses main.toml, others use next.toml.
-    BRANCH=$(git -C "$PROJECT_ROOT" branch --show-current)
-    if [ "$BRANCH" = "main" ]; then
-        cp "$PROJECT_ROOT/lit-api-server/NodeConfig.main.toml" "$PROJECT_ROOT/lit-api-server/NodeConfig.toml"
-    else
-        cp "$PROJECT_ROOT/lit-api-server/NodeConfig.next.toml" "$PROJECT_ROOT/lit-api-server/NodeConfig.toml"
-    fi
+    # NodeConfig.toml is gitignored; copy the main config in.
+    cp "$PROJECT_ROOT/lit-api-server/NodeConfig.main.toml" "$PROJECT_ROOT/lit-api-server/NodeConfig.toml"
     API_BIN="$PROJECT_ROOT/lit-api-server/target/debug/lit-api-server"
     echo "Starting lit-api-server (demo config)..."
     (cd "$PROJECT_ROOT/lit-api-server" && DSTACK_SOCKET="$SIM_SOCK" "$API_BIN") >> "$SIM_TMP/lit-api-server.log" 2>&1 &

lit-api-server/NodeConfig.main.toml

@@ -1,3 +1,5 @@
 [chain]
 name = "base"
-contract_address = "0x4c8eb9f329ebfdb369f0c90954875ef8f568ad24"
+contract_address = "0x98e501fab2d60a5119a185e1563f10cb54bc6068"
+
+# contract_address = "0x6c4989c3c2aab271444b4b7b4ec3aca6da1bf1e5" # old contracts, TODO: about 10 USD still sitting in api-payer signers