Use host global Watchtower (drop bundled one) #4

Merged
justin merged 1 commits from watchtower-use-host into main 2026-06-06 11:58:51 -04:00
2 changed files with 8 additions and 17 deletions
+3 -3
View File
@@ -31,9 +31,9 @@ S3_REGION=us-east-1
PROVENANCE_SITE_ADDRESS=:80
# --- Deploy-host services (optional, selected via COMPOSE_PROFILES) ---
# 'tunnel' -> cloudflared connector (needs CLOUDFLARE_TUNNEL_TOKEN; public hostname -> http://caddy:80)
# 'watchtower' -> auto-pull updated backend/frontend images every 2 min (needs `docker login git.jpaul.io` on the host)
# Combine with commas. On the lab host: COMPOSE_PROFILES=tunnel,watchtower
# 'tunnel' -> cloudflared connector (needs CLOUDFLARE_TUNNEL_TOKEN; public hostname -> http://caddy:80)
# Auto-deploy is handled by the host's global Watchtower (watches the
# watchtower-enabled backend/frontend labels) — no profile needed here.
CLOUDFLARE_TUNNEL_TOKEN=
COMPOSE_PROFILES=
+5 -14
View File
@@ -108,20 +108,11 @@ services:
profiles:
- tunnel
# Auto-deploy: watch the label-enabled app containers (backend, frontend),
# poll the registry every 2 minutes, and recreate on a new :test-main digest.
# Scoped by label so it never touches Postgres/MinIO/Caddy. Registry creds come
# from the host docker config (the `docker login git.jpaul.io` on the host).
# Opt-in via the "watchtower" profile.
watchtower:
image: containrrr/watchtower:latest
restart: unless-stopped
command: --label-enable --cleanup --interval 120
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${HOME:-/root}/.docker/config.json:/config.json:ro
profiles:
- watchtower
# Auto-deploy is handled by the host's global Watchtower (a single
# nickfedor/watchtower instance watches every container labelled
# `com.centurylinklabs.watchtower.enable=true` across all stacks). The backend
# and frontend carry that label above, so a new :test-main image is pulled and
# the container recreated automatically — no per-stack Watchtower needed.
volumes:
pgdata: