Add Watchtower auto-deploy for app images (2-minute poll)

Watchtower (profile-gated) watches only the label-enabled backend/frontend containers and recreates them when a new :test-main digest lands in the registry, polling every 120s. Scoped by label so it never touches Postgres/MinIO/Caddy/cloudflared. Reads registry creds from the host docker config. Lab host runs COMPOSE_PROFILES=tunnel,watchtower.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
This commit is contained in:
2026-06-06 11:55:38 -04:00
parent 11f0f79866
commit 768d1b23d4
2 changed files with 23 additions and 3 deletions
+4 -3
View File
@@ -30,9 +30,10 @@ S3_REGION=us-east-1
# tunnel forwards plain HTTP to caddy:80.
PROVENANCE_SITE_ADDRESS=:80
# --- Cloudflare Tunnel (optional) ---
# Enable by setting COMPOSE_PROFILES=tunnel and supplying the connector token
# from the Cloudflare dashboard. Public hostname -> http://caddy:80.
# --- Deploy-host services (optional, selected via COMPOSE_PROFILES) ---
# 'tunnel' -> cloudflared connector (needs CLOUDFLARE_TUNNEL_TOKEN; public hostname -> http://caddy:80)
# 'watchtower' -> auto-pull updated backend/frontend images every 2 min (needs `docker login git.jpaul.io` on the host)
# Combine with commas. On the lab host: COMPOSE_PROFILES=tunnel,watchtower
CLOUDFLARE_TUNNEL_TOKEN=
COMPOSE_PROFILES=