From 0b9d72c878bf95e2ba88afcd66934f71d1e4def8 Mon Sep 17 00:00:00 2001 From: Justin Paul Date: Sat, 6 Jun 2026 11:58:49 -0400 Subject: [PATCH] Drop bundled Watchtower; rely on the host's global Watchtower ripper already runs a single global nickfedor/watchtower (label-enabled) that watches every stack; the bundled containrrr/watchtower was redundant and crash-looped (its Docker API client is too old for Docker 29). Keep the watchtower.enable labels on backend/frontend so the host instance auto-deploys them; remove the per-stack service and profile. Co-Authored-By: Claude Opus 4.8 (1M context) Signed-off-by: Justin Paul --- deploy/.env.example | 6 +++--- deploy/docker-compose.yml | 19 +++++-------------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/deploy/.env.example b/deploy/.env.example index a8c14f7..63a373f 100644 --- a/deploy/.env.example +++ b/deploy/.env.example @@ -31,9 +31,9 @@ S3_REGION=us-east-1 PROVENANCE_SITE_ADDRESS=:80 # --- Deploy-host services (optional, selected via COMPOSE_PROFILES) --- -# 'tunnel' -> cloudflared connector (needs CLOUDFLARE_TUNNEL_TOKEN; public hostname -> http://caddy:80) -# 'watchtower' -> auto-pull updated backend/frontend images every 2 min (needs `docker login git.jpaul.io` on the host) -# Combine with commas. On the lab host: COMPOSE_PROFILES=tunnel,watchtower +# 'tunnel' -> cloudflared connector (needs CLOUDFLARE_TUNNEL_TOKEN; public hostname -> http://caddy:80) +# Auto-deploy is handled by the host's global Watchtower (watches the +# watchtower-enabled backend/frontend labels) — no profile needed here. CLOUDFLARE_TUNNEL_TOKEN= COMPOSE_PROFILES= diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index 25486d7..c494d90 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -108,20 +108,11 @@ services: profiles: - tunnel - # Auto-deploy: watch the label-enabled app containers (backend, frontend), - # poll the registry every 2 minutes, and recreate on a new :test-main digest. - # Scoped by label so it never touches Postgres/MinIO/Caddy. Registry creds come - # from the host docker config (the `docker login git.jpaul.io` on the host). - # Opt-in via the "watchtower" profile. - watchtower: - image: containrrr/watchtower:latest - restart: unless-stopped - command: --label-enable --cleanup --interval 120 - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ${HOME:-/root}/.docker/config.json:/config.json:ro - profiles: - - watchtower +# Auto-deploy is handled by the host's global Watchtower (a single +# nickfedor/watchtower instance watches every container labelled +# `com.centurylinklabs.watchtower.enable=true` across all stacks). The backend +# and frontend carry that label above, so a new :test-main image is pulled and +# the container recreated automatically — no per-stack Watchtower needed. volumes: pgdata: -- 2.52.0