Skip to content

fix(wallet): playground II login and local reproducible-build fixes#637

Open
aterga wants to merge 3 commits into
mainfrom
arshavir/playground-deploy-fixes
Open

fix(wallet): playground II login and local reproducible-build fixes#637
aterga wants to merge 3 commits into
mainfrom
arshavir/playground-deploy-fixes

Conversation

@aterga

@aterga aterga commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes found while restoring the wiped playground environment (control_panel had run out of cycles and lost its module) and redeploying it end to end.

1. Internet Identity "Unverified origin" on playground/testing builds

Since the orbit.global domain migration (#520), derivationOrigin was gated only on import.meta.env.PROD, which is true for all IC-hosted build modes — playground and testing included (.env sets APP_MODE=production and the mode env files don't override it). Those builds therefore asked II to derive from https://orbitwallet.io, whose /.well-known/ii-alternative-origins only lists https://app.orbit.global, so II rejected every playground/testing login with Unverified origin. derivationOrigin is now only set when the build mode is production; other modes authenticate against their own origin (the pre-#520 behavior). Verified live on the redeployed playground wallet.

2. Local ./scripts/docker-build.sh failures from dirty working trees

  • .dockerignore only excluded the repo-root node_modules; Docker patterns are not recursive, so nested installs (apps/wallet, docs, cli) leaked host pnpm symlinks into the build context and corrupted the in-image install (Cannot find module .../vite/bin/vite.js). Now **/node_modules.
  • On Apple Silicon, buildx default provenance attestations produce a manifest list that the artifact-extraction docker create can't resolve for linux/amd64 (no match for platform). Disabled with --provenance=false.

3. Playground docs_portal canister id

scripts/deploy.sh --playground created the canister during the environment restore; this records its id (d537j-aaaaa-aaaal-asz5q-cai).

Test plan

  • Wallet rebuilt with BUILD_MODE=playground and synced to the playground canister: bundle bakes derivationOrigin: undefined, II login no longer shows "Unverified origin".
  • Production behavior unchanged: PROD && APP_BUILD_MODE === 'production' still yields https://orbitwallet.io.
  • docker-build.sh --wallet-dapp/--control-panel run clean on macOS (arm64) with nested node_modules present.

🤖 Generated with Claude Code

aterga and others added 3 commits June 12, 2026 00:50
@aterga @claude
fix(wallet): only set II derivationOrigin in the production build mode
f51311c 
Since the orbit.global domain migration (#520), every IC-hosted build
(including playground and testing) sent derivationOrigin
'https://orbitwallet.io' to Internet Identity. II validates the page
origin against that domain's /.well-known/ii-alternative-origins, which
only lists 'https://app.orbit.global', so logins from playground/testing
origins were rejected with 'Unverified origin'. Non-production build
modes now authenticate against their own origin, restoring the
pre-migration behavior.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@aterga @claude
fix(build): make local docker builds reproducible from dirty working …
1237f89 
…trees

Two issues broke ./scripts/docker-build.sh on developer machines:

- .dockerignore only excluded the repo-root node_modules; Docker
  patterns are not recursive, so nested installs (apps/wallet, docs,
  cli) leaked host-specific pnpm symlinks into the build context and
  corrupted the in-image pnpm install (vite binary missing). Use
  **/node_modules to exclude them at any depth.

- On Apple Silicon, buildx default provenance attestations wrap the
  image in a manifest list that the subsequent 'docker create' cannot
  resolve for linux/amd64 ('no match for platform'). Disable them with
  --provenance=false.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@aterga @claude
chore: record playground docs_portal canister id
a0371b8 
Created by scripts/deploy.sh --playground while restoring the wiped
playground environment (the control_panel had run out of cycles and
lost its module). Key order normalized by dfx.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@aterga aterga requested a review from a team as a code owner June 11, 2026 22:54
@zeropath-ai

zeropath-ai Bot commented Jun 11, 2026

Copy link
Copy Markdown

No security or compliance issues detected. Reviewed everything up to a0371b8.

Security Overview
Detected Code Changes
Change Type Relevant files
Configuration changes ► .dockerignore
    Ignore node_modules in Docker
► apps/wallet/src/configs/init.config.ts
    Conditionally set derivationOrigin based on production and build mode
► canister_ids.json
    Add playground canister ID for app_marketing and docs_portal
Enhancement ► scripts/docker-build.sh
    Disable provenance in docker build for broader platform compatibility

@aterga aterga requested a review from Copilot June 11, 2026 22:56
Copilot AI reviewed Jun 11, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR restores/repairs the playground deployment workflow for Orbit Wallet by fixing Internet Identity login behavior in non-production IC-hosted builds, improving local reproducible Docker builds when nested node_modules exist, and recording the restored playground docs_portal canister id.

Changes:

  • Gate derivationOrigin so it’s only set for the wallet’s production build mode (fixes II “Unverified origin” on playground/testing).
  • Improve local reproducible Docker builds by excluding nested node_modules from the build context and disabling provenance attestations to avoid manifest-list extraction issues on non-amd64 hosts.
  • Add the restored playground docs_portal canister id to canister_ids.json.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
apps/wallet/src/configs/init.config.ts Restricts II derivationOrigin usage to production build mode to fix playground/testing login.
scripts/docker-build.sh Adds --provenance=false to keep output compatible with docker create on non-amd64 hosts.
.dockerignore Excludes nested node_modules directories from Docker build context.
canister_ids.json Records the playground docs_portal canister id and reorders entries.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@aterga aterga requested a review from MRmarioruci June 12, 2026 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@MRmarioruci MRmarioruci Awaiting requested review from MRmarioruci

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aterga