From dbb4572112dafc7f2e8fe2039149f18c9cd82e2d Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Fri, 12 Jun 2026 20:13:19 +0000 Subject: [PATCH] =?UTF-8?q?tts:=20pull=20Chatterbox=20from=20GHCR=20?= =?UTF-8?q?=E2=80=94=20the=20Forgejo-registry=20copy=20is=20unpullable?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Viktor reports the voice still isn't from the TTS service — correct: zero story_audio rows exist; the pod has sat in ImagePullBackOff since the first window because the 2026-06-09 Forgejo-registry push has a corrupt layer blob (HEAD 500s; pushed from a 94%-full disk) and identical digests can't heal corrupt registry storage. The off-infra GHA rebuild (tripit build-chatterbox.yml, devnen 915ae289, succeeded 03:23 UTC) now lives in private GHCR: switch the image there, pin the upstream-sha tag, and add the vault-backed ghcr-credentials pull secret (mirrors stacks/tripit). tripit's drain loop has 27 narrations queued and picks them up the moment the pod goes Ready. Co-Authored-By: Claude Fable 5 --- stacks/tts/main.tf | 42 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/stacks/tts/main.tf b/stacks/tts/main.tf index bf3fe91e..30bd8eff 100644 --- a/stacks/tts/main.tf +++ b/stacks/tts/main.tf @@ -1,7 +1,11 @@ variable "image_tag" { - type = string - default = "latest" - description = "chatterbox-tts image tag. Use the 8-char git SHA in CI; :latest for local trials." + type = string + # Pinned to the devnen upstream sha the GHA build was dispatched against + # (tripit .github/workflows/build-chatterbox.yml). NOT :cu128/:latest — the + # original Forgejo-registry push is unpullable (corrupt layer blob, 500 on + # HEAD), which is also why the image moved to GHCR. + default = "915ae289" + description = "chatterbox-tts GHCR image tag (devnen upstream short sha)." } # ───────────────────────────────────────────────────────────────────────────── @@ -55,7 +59,7 @@ variable "offpeak_guard_schedule" { locals { namespace = "tts" labels = { app = "chatterbox-tts" } - image = "forgejo.viktorbarzin.me/viktor/chatterbox-tts:${var.image_tag}" + image = "ghcr.io/viktorbarzin/chatterbox-tts:${var.image_tag}" # config.yaml rendered into a ConfigMap, mounted at /app/config.yaml (the # server's WORKDIR is /app). Voices, reference audio and the HF model cache @@ -268,6 +272,33 @@ resource "kubernetes_job" "models_dir_init" { timeouts { create = "3m" } } +# Pull secret for the PRIVATE ghcr.io/viktorbarzin/chatterbox-tts image (built +# off-infra by tripit's build-chatterbox.yml GHA workflow — the Forgejo registry +# copy is unpullable, corrupt layer blob). Mirrors stacks/tripit's ghcr secret. +data "vault_kv_secret_v2" "viktor" { + mount = "secret" + name = "viktor" +} + +resource "kubernetes_secret" "ghcr_credentials" { + metadata { + name = "ghcr-credentials" + namespace = kubernetes_namespace.tts.metadata[0].name + } + type = "kubernetes.io/dockerconfigjson" + data = { + ".dockerconfigjson" = jsonencode({ + auths = { + "ghcr.io" = { + username = "ViktorBarzin" + password = data.vault_kv_secret_v2.viktor.data["github_pat"] + auth = base64encode("ViktorBarzin:${data.vault_kv_secret_v2.viktor.data["github_pat"]}") + } + } + }) + } +} + resource "kubernetes_config_map" "chatterbox_config" { metadata { name = "chatterbox-config" @@ -328,6 +359,9 @@ resource "kubernetes_deployment" "chatterbox" { priority_class_name = "tier-2-gpu" image_pull_secrets { name = "registry-credentials" } + image_pull_secrets { + name = kubernetes_secret.ghcr_credentials.metadata[0].name + } container { name = "chatterbox-tts"