chore: switch from develop/dev to main/latest image tags (#434)

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

docs/AGENTS.md

@@ -29,12 +29,12 @@ Context = tokens = cost. Be smart.
 2. Code      → TDD: write test (RED), implement (GREEN), refactor
 3. Test      → pnpm test (must pass)
 4. Push      → git push origin feature/XX-description
-5. PR        → Create PR to develop (not main)
+5. PR        → Create PR to main
 6. Review    → Wait for approval or self-merge if authorized
 7. Close     → Close related issues via API
 ```
 
-**Never merge directly to develop without a PR.**
+**Never merge directly to main without a PR.**
 
 ### Issue Management
 
@@ -53,7 +53,7 @@ curl -s -X PATCH -H "Authorization: token $TOKEN" -H "Content-Type: application/
   -d '{"state":"closed"}'
 
 # Create PR (tea CLI works for this)
-tea pulls create --repo mosaic/stack --base develop --head feature/XX-name \
+tea pulls create --repo mosaic/stack --base main --head feature/XX-name \
   --title "feat(#XX): Title" --description "Description"
 ```
 

docs/CONTRIBUTING.md

@@ -159,13 +159,12 @@ We follow a Git-based workflow with the following branch types:
 
 ### Workflow
 
-1. Always branch from `develop`
-2. Merge back to `develop` via pull request
-3. `main` is for stable releases only
+1. Always branch from `main`
+2. Merge back to `main` via pull request
 
 ```bash
 # Start a new feature
-git checkout develop
+git checkout main
 git pull --rebase
 git checkout -b feature/my-feature-name
 
@@ -269,7 +268,7 @@ Clarified pagination and filtering parameters.
 2. Create a PR via GitLab at:
    https://git.mosaicstack.dev/mosaic/stack/-/merge_requests
 
-3. Target branch: `develop`
+3. Target branch: `main`
 
 4. Fill in the PR template:
    - **Title:** `feat(#issue): Brief description` (follows commit format)

docs/OPENBAO-DEPLOYMENT.md

@@ -144,7 +144,7 @@ sleep 30
 docker logs mosaic-openbao-init
 
 # 3. Deploy swarm stack
-IMAGE_TAG=dev ./scripts/deploy-swarm.sh mosaic
+IMAGE_TAG=latest ./scripts/deploy-swarm.sh mosaic
 
 # 4. Verify API connects to OpenBao
 docker service logs mosaic_api | grep -i openbao
@@ -172,7 +172,7 @@ docker logs mosaic-openbao-init
 # OPENBAO_SECRET_ID=...
 
 # 2. Deploy stack (no OpenBao)
-IMAGE_TAG=dev ./scripts/deploy-swarm.sh mosaic
+IMAGE_TAG=latest ./scripts/deploy-swarm.sh mosaic
 
 # 3. Verify API connects to external Vault
 docker service logs mosaic_api | grep -i vault

docs/PORTAINER-DEPLOYMENT.md

@@ -62,7 +62,7 @@ If using private registry images from `git.mosaicstack.dev`:
 4. **Web editor:** Copy and paste contents of `docker-compose.portainer.yml`
 5. **Environment variables:**
    ```
-   IMAGE_TAG=dev
+   IMAGE_TAG=latest
    OPENBAO_PORT=8200
    ```
 6. Click **Deploy the stack**
@@ -90,7 +90,7 @@ If using private registry images from `git.mosaicstack.dev`:
 **Option A: Git Repository (Recommended)**
 
 - Repository URL: `https://git.mosaicstack.dev/mosaic/stack`
-- Repository reference: `refs/heads/develop`
+- Repository reference: `refs/heads/main`
 - Compose path: `docker-compose.swarm.yml`
 - Authentication: Enable if repository is private
 - Enable **Automatic updates** (optional)
@@ -103,7 +103,7 @@ If using private registry images from `git.mosaicstack.dev`:
 4. **Environment variables:**
 
    ```
-   IMAGE_TAG=dev
+   IMAGE_TAG=latest
    POSTGRES_PASSWORD=<your-secure-password>
    JWT_SECRET=<your-jwt-secret>
    BETTER_AUTH_SECRET=<your-auth-secret>
@@ -148,7 +148,7 @@ If using private registry images from `git.mosaicstack.dev`:
 
 ```bash
 # Image Configuration
-IMAGE_TAG=dev                    # or 'latest' or specific commit SHA
+IMAGE_TAG=latest                    # or 'latest' or specific commit SHA
 
 # Database
 POSTGRES_PASSWORD=<secure-password>

docs/SWARM-DEPLOYMENT.md

@@ -49,7 +49,7 @@ nano .env
 - `OIDC_CLIENT_ID` - From your Authentik/OIDC provider
 - `OIDC_CLIENT_SECRET` - From your Authentik/OIDC provider
 - `OIDC_ISSUER` - Your OIDC provider URL (must end with `/`)
-- `IMAGE_TAG` - `dev` or `latest` or specific commit SHA
+- `IMAGE_TAG` - `latest` (default) or specific version/commit SHA
 
 ### 2. Configure for External Services (Optional)
 
@@ -131,10 +131,10 @@ See [OpenBao Deployment Guide](OPENBAO-DEPLOYMENT.md) for detailed options.
 cd /opt/mosaic/stack
 
 # Using the deploy script (recommended)
-IMAGE_TAG=dev ./scripts/deploy-swarm.sh mosaic
+IMAGE_TAG=latest ./scripts/deploy-swarm.sh mosaic
 
 # Or manually
-IMAGE_TAG=dev docker stack deploy \
+IMAGE_TAG=latest docker stack deploy \
   -c docker-compose.swarm.yml \
   --with-registry-auth mosaic
 ```

docs/harbor-tag-retention-policy.md

@@ -9,17 +9,15 @@ Images are tagged based on branch and event type:
 | Trigger           | Tags Applied      | Example              |
 | ----------------- | ----------------- | -------------------- |
 | Push to `main`    | `{sha}`, `latest` | `658ec077`, `latest` |
-| Push to `develop` | `{sha}`, `dev`    | `a1b2c3d4`, `dev`    |
 | Git tag (release) | `{sha}`, `{tag}`  | `658ec077`, `v1.0.0` |
 
 ### Tag Meanings
 
-| Tag                        | Purpose                                    | Stability |
-| -------------------------- | ------------------------------------------ | --------- |
-| `latest`                   | Current production-ready build from `main` | Stable    |
-| `dev`                      | Current development build from `develop`   | Unstable  |
-| `v*` (e.g., `v1.0.0`)      | Versioned release                          | Immutable |
-| `{sha}` (e.g., `658ec077`) | Specific commit for traceability           | Immutable |
+| Tag                        | Purpose                            | Stability |
+| -------------------------- | ---------------------------------- | --------- |
+| `latest`                   | Current build from `main`          | Latest    |
+| `v*` (e.g., `v1.0.0`)      | Versioned release                  | Immutable |
+| `{sha}` (e.g., `658ec077`) | Specific commit for traceability   | Immutable |
 
 ## Retention Policy Configuration