feat(ci): publish steward image to the registry + remote-deploy compose
Add the rule-46 image-publish lane: a `publish` job gated on [lint, unit, integration] that builds the runtime Dockerfile in ci-builder and pushes git.fabledsword.com/bvandeusen/steward:<sha> always, :dev on dev and :latest on main. Authenticates with the REGISTRY_TOKEN repo secret (the injected GITHUB_TOKEN lacks write:package). Steward is the first family app to implement the publish lane; mechanics mirror CI-runner's build-ci-python.yml. Add compose.deploy.yml for a persistent remote instance that pulls :dev (no source bind-mounts, persistent app_data+pgdata volumes, bundled Postgres), plus a README "Remote dev instance" runbook and the POSTGRES_PASSWORD env key. Fix .env.example's database URL var to the canonical STEWARD_DATABASE_URL (single underscore) and document the publish lane in ci-requirements.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
+7
-1
@@ -2,5 +2,11 @@
|
||||
# These override values in config.yaml
|
||||
|
||||
STEWARD_SECRET_KEY=change-me
|
||||
STEWARD_DATABASE__URL=postgresql+asyncpg://steward:password@localhost/steward
|
||||
STEWARD_DATABASE_URL=postgresql+asyncpg://steward:password@localhost/steward
|
||||
STEWARD_SMTP__PASSWORD=
|
||||
|
||||
# --- compose.deploy.yml (remote instance) only ---
|
||||
# Password for the bundled Postgres; the steward service builds its
|
||||
# STEWARD_DATABASE_URL from it. Leave STEWARD_SECRET_KEY above unset to let the
|
||||
# app generate + persist one on the /data volume.
|
||||
POSTGRES_PASSWORD=change-me
|
||||
|
||||
Reference in New Issue
Block a user