[PR #1005] [MERGED] fix(infisical): update to v0.162.6 #16313

Closed
opened 2026-07-14 23:18:56 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Dokploy/templates/pull/1005
Author: @Siumauricio
Created: 7/14/2026
Status: Merged
Merged: 7/14/2026
Merged by: @Siumauricio

Base: canaryHead: fix/infisical-update


📝 Commits (1)

  • 29a7970 fix(infisical): update to v0.162.6

📊 Changes

3 files changed (+23 additions, -85 deletions)

View changed files

📝 blueprints/infisical/docker-compose.yml (+13 -46)
📝 blueprints/infisical/meta.json (+1 -1)
📝 blueprints/infisical/template.toml (+9 -38)

📄 Description

Summary

Updates the Infisical template from v0.135.0-postgres to v0.162.6 (latest stable as of 2026-07-14).

Changes

  • Image bump: infisical/infisical:v0.135.0-postgresinfisical/infisical:v0.162.6. Upstream stopped publishing the -postgres tag suffix after v0.146.0 — plain vX.Y.Z tags are now the (only) Postgres-backed standalone build.
  • Removed the db-migration service: since the standalone image gained auto-start-migrations, the backend runs migration:latest automatically on boot (guarded by a Postgres advisory lock). This matches the current official docker-compose.prod.yml, which no longer ships a migration service.
  • Per-deployment secrets: ENCRYPTION_KEY is now generated via ${hash:32} (random 16-byte hex, as required by upstream) and AUTH_SECRET via ${base64:32}, instead of the hardcoded example values from upstream's .env.example that every deployment shared.
  • Fixed SITE_URL: http://${main_domain} instead of http://${main_domain}:8080 — the domain is proxied by Traefik on port 80, so the :8080 suffix produced wrong absolute URLs (email links, OAuth redirects).
  • Refreshed SMTP env: added SMTP_FROM_ADDRESS, fixed SMTP_FROM_NAME (the toml previously set a nonexistent SMTP_NAME), and dropped SMTP_SECURE (removed upstream in favor of SMTP_REQUIRE_TLS/SMTP_IGNORE_TLS defaults).
  • Cleanup: removed the ~30 empty CLIENT_*/POSTHOG_*/CAPTCHA_* env placeholders from template.toml — they were never passed to the container (the compose environment: list doesn't include them), so this is a no-op functionally. Also removed pull_policy: always (tag is pinned) and the stray env_file/ALLOW_EMPTY_PASSWORD on redis.

Migration notes

  • Volume names (pg_infisical_data, redis_infisical_data) and Postgres 14 are unchanged, so existing deployments that re-apply the compose keep their data; on first boot of the new image the backend migrates the DB schema automatically.
  • Existing deployments keep their env (Dokploy templates only seed env at creation), so the new generated secrets only affect fresh installs. Do not change ENCRYPTION_KEY/AUTH_SECRET on an existing install.

Verification (deployed on hostinger.dokploy.com)

  • Deploy status: done in 103s, migrations auto-ran on boot
  • GET / → HTTP 200, Infisical frontend served through the generated domain
  • GET /api/status{"message":"Ok","redisConfigured":true,...}
  • GET /api/v1/admin/config{"initialized":false,"allowSignUp":true,...} and /admin/signup → 200 (fresh instance is bootstrappable)

Closes #215

🤖 Generated with Claude Code


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Dokploy/templates/pull/1005 **Author:** [@Siumauricio](https://github.com/Siumauricio) **Created:** 7/14/2026 **Status:** ✅ Merged **Merged:** 7/14/2026 **Merged by:** [@Siumauricio](https://github.com/Siumauricio) **Base:** `canary` ← **Head:** `fix/infisical-update` --- ### 📝 Commits (1) - [`29a7970`](https://github.com/Dokploy/templates/commit/29a7970397313724c0f6414e2a75592ad4f76775) fix(infisical): update to v0.162.6 ### 📊 Changes **3 files changed** (+23 additions, -85 deletions) <details> <summary>View changed files</summary> 📝 `blueprints/infisical/docker-compose.yml` (+13 -46) 📝 `blueprints/infisical/meta.json` (+1 -1) 📝 `blueprints/infisical/template.toml` (+9 -38) </details> ### 📄 Description ## Summary Updates the Infisical template from `v0.135.0-postgres` to **`v0.162.6`** (latest stable as of 2026-07-14). ### Changes - **Image bump**: `infisical/infisical:v0.135.0-postgres` → `infisical/infisical:v0.162.6`. Upstream stopped publishing the `-postgres` tag suffix after `v0.146.0` — plain `vX.Y.Z` tags are now the (only) Postgres-backed standalone build. - **Removed the `db-migration` service**: since the standalone image gained `auto-start-migrations`, the backend runs `migration:latest` automatically on boot (guarded by a Postgres advisory lock). This matches the current official [`docker-compose.prod.yml`](https://github.com/Infisical/infisical/blob/main/docker-compose.prod.yml), which no longer ships a migration service. - **Per-deployment secrets**: `ENCRYPTION_KEY` is now generated via `${hash:32}` (random 16-byte hex, as required by upstream) and `AUTH_SECRET` via `${base64:32}`, instead of the hardcoded example values from upstream's `.env.example` that every deployment shared. - **Fixed `SITE_URL`**: `http://${main_domain}` instead of `http://${main_domain}:8080` — the domain is proxied by Traefik on port 80, so the `:8080` suffix produced wrong absolute URLs (email links, OAuth redirects). - **Refreshed SMTP env**: added `SMTP_FROM_ADDRESS`, fixed `SMTP_FROM_NAME` (the toml previously set a nonexistent `SMTP_NAME`), and dropped `SMTP_SECURE` (removed upstream in favor of `SMTP_REQUIRE_TLS`/`SMTP_IGNORE_TLS` defaults). - **Cleanup**: removed the ~30 empty `CLIENT_*`/`POSTHOG_*`/`CAPTCHA_*` env placeholders from `template.toml` — they were never passed to the container (the compose `environment:` list doesn't include them), so this is a no-op functionally. Also removed `pull_policy: always` (tag is pinned) and the stray `env_file`/`ALLOW_EMPTY_PASSWORD` on redis. ### Migration notes - Volume names (`pg_infisical_data`, `redis_infisical_data`) and Postgres 14 are unchanged, so existing deployments that re-apply the compose keep their data; on first boot of the new image the backend migrates the DB schema automatically. - Existing deployments keep their env (Dokploy templates only seed env at creation), so the new generated secrets only affect fresh installs. **Do not** change `ENCRYPTION_KEY`/`AUTH_SECRET` on an existing install. ### Verification (deployed on hostinger.dokploy.com) - Deploy status: `done` in 103s, migrations auto-ran on boot - `GET /` → HTTP 200, Infisical frontend served through the generated domain - `GET /api/status` → `{"message":"Ok","redisConfigured":true,...}` - `GET /api/v1/admin/config` → `{"initialized":false,"allowSignUp":true,...}` and `/admin/signup` → 200 (fresh instance is bootstrappable) Closes #215 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-07-14 23:18:56 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/templates#16313