Mirror drawbar CI/CD: push to LAN registry, pull via public FQDN

Split the registry endpoints like the drawbar containers. Per-component Gitea Actions workflows (build-backend, build-frontend; runs-on docker, path-filtered) push images to the LAN endpoint 192.168.0.2:1234 over plain HTTP (buildx insecure/http) to bypass Cloudflare's request-body limit, then link each package to the repo via the Gitea API. Auth via the REGISTRY_TOKEN Actions secret (the same token drawbar uses). Tag scheme: test-main / test-sha-<long> / version / latest (v* tags).

The deploy compose now PULLS git.jpaul.io/justin/provenance-{backend,frontend}:${IMAGE_TAG:-test-main} (no host build); docker-compose.dev.yml is a local-build override for dev / pre-CI. Replaces the previous single build.yml. Docs + memory updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
This commit is contained in:
2026-06-06 11:19:26 -04:00
parent 6c3a9a89aa
commit 4921ce0776
8 changed files with 241 additions and 72 deletions
+4
View File
@@ -4,6 +4,10 @@
# --- Core ---
APP_ENV=development
# --- Images (pulled from git.jpaul.io; CI pushes to the LAN registry) ---
# test-main = current main build; or pin a semver / test-sha-<sha> for rollback.
IMAGE_TAG=test-main
# --- Database (Postgres) ---
POSTGRES_USER=provenance
POSTGRES_PASSWORD=change-me
+18
View File
@@ -0,0 +1,18 @@
name: provenance
# Dev override: build the backend/frontend images locally instead of pulling
# them from the registry. Layer it on top of the base compose:
# docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d --build
#
# Use this before CI has published images, or to test local changes.
services:
backend:
build:
context: ../backend
dockerfile: Dockerfile
frontend:
build:
context: ../frontend
dockerfile: Dockerfile
+7 -6
View File
@@ -2,6 +2,11 @@ name: provenance
# One stack stands up the whole system. Configuration is entirely env-driven
# (see .env.example). Run from this directory: `docker compose up -d`.
#
# backend/frontend are PULLED from the public registry (git.jpaul.io); CI pushes
# them to the LAN endpoint (192.168.0.2:1234). For local building instead of
# pulling, layer the dev override:
# docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d --build
services:
postgres:
@@ -36,9 +41,7 @@ services:
restart: unless-stopped
backend:
build:
context: ../backend
dockerfile: Dockerfile
image: git.jpaul.io/justin/provenance-backend:${IMAGE_TAG:-test-main}
environment:
APP_ENV: ${APP_ENV:-development}
DATABASE_URL: ${DATABASE_URL:-postgresql+asyncpg://provenance:provenance@postgres:5432/provenance}
@@ -58,9 +61,7 @@ services:
restart: unless-stopped
frontend:
build:
context: ../frontend
dockerfile: Dockerfile
image: git.jpaul.io/justin/provenance-frontend:${IMAGE_TAG:-test-main}
environment:
NODE_ENV: production
depends_on: