diff --git a/deploy/.env.example b/deploy/.env.example index 87f2a5e..a8c14f7 100644 --- a/deploy/.env.example +++ b/deploy/.env.example @@ -30,9 +30,10 @@ S3_REGION=us-east-1 # tunnel forwards plain HTTP to caddy:80. PROVENANCE_SITE_ADDRESS=:80 -# --- Cloudflare Tunnel (optional) --- -# Enable by setting COMPOSE_PROFILES=tunnel and supplying the connector token -# from the Cloudflare dashboard. Public hostname -> http://caddy:80. +# --- Deploy-host services (optional, selected via COMPOSE_PROFILES) --- +# 'tunnel' -> cloudflared connector (needs CLOUDFLARE_TUNNEL_TOKEN; public hostname -> http://caddy:80) +# 'watchtower' -> auto-pull updated backend/frontend images every 2 min (needs `docker login git.jpaul.io` on the host) +# Combine with commas. On the lab host: COMPOSE_PROFILES=tunnel,watchtower CLOUDFLARE_TUNNEL_TOKEN= COMPOSE_PROFILES= diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index d87e925..25486d7 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -42,6 +42,8 @@ services: backend: image: git.jpaul.io/justin/provenance-backend:${IMAGE_TAG:-test-main} + labels: + com.centurylinklabs.watchtower.enable: "true" environment: APP_ENV: ${APP_ENV:-development} DATABASE_URL: ${DATABASE_URL:-postgresql+asyncpg://provenance:provenance@postgres:5432/provenance} @@ -62,6 +64,8 @@ services: frontend: image: git.jpaul.io/justin/provenance-frontend:${IMAGE_TAG:-test-main} + labels: + com.centurylinklabs.watchtower.enable: "true" environment: NODE_ENV: production depends_on: @@ -104,6 +108,21 @@ services: profiles: - tunnel + # Auto-deploy: watch the label-enabled app containers (backend, frontend), + # poll the registry every 2 minutes, and recreate on a new :test-main digest. + # Scoped by label so it never touches Postgres/MinIO/Caddy. Registry creds come + # from the host docker config (the `docker login git.jpaul.io` on the host). + # Opt-in via the "watchtower" profile. + watchtower: + image: containrrr/watchtower:latest + restart: unless-stopped + command: --label-enable --cleanup --interval 120 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${HOME:-/root}/.docker/config.json:/config.json:ro + profiles: + - watchtower + volumes: pgdata: miniodata: