From 4e96a32714da6b0994c1ca1727c93fe74c858ba8 Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Sat, 21 Feb 2026 16:01:05 -0600 Subject: [PATCH] chore: switch from develop/dev to main/latest image tags Remove develop branch references from CI, compose, env, and docs now that all development uses trunk-based workflow on main. - CI: remove develop branch filters and dev tag logic - Compose: default IMAGE_TAG from dev to latest - Env: update IMAGE_TAG default and comments - Docs: update branching strategy, PR targets, and image tag docs Co-Authored-By: Claude Opus 4.6 --- .env.example | 6 ++---- .woodpecker/README.md | 13 ++++++------- .woodpecker/api.yml | 10 ++++------ .woodpecker/coordinator.yml | 10 ++++------ .woodpecker/infra.yml | 18 +++++++----------- .woodpecker/orchestrator.yml | 10 ++++------ .woodpecker/web.yml | 10 ++++------ README.md | 11 +++++------ docker-compose.openbao.yml | 4 ++-- docker-compose.yml | 12 ++++++------ docker/DOCKER-COMPOSE-GUIDE.md | 11 +++++------ docs/AGENTS.md | 6 +++--- docs/CONTRIBUTING.md | 9 ++++----- docs/OPENBAO-DEPLOYMENT.md | 4 ++-- docs/PORTAINER-DEPLOYMENT.md | 8 ++++---- docs/SWARM-DEPLOYMENT.md | 6 +++--- docs/harbor-tag-retention-policy.md | 12 +++++------- 17 files changed, 70 insertions(+), 90 deletions(-) diff --git a/.env.example b/.env.example index 96f3b7b..1700b65 100644 --- a/.env.example +++ b/.env.example @@ -215,11 +215,9 @@ NODE_ENV=development # Used by docker-compose.yml (pulls images) and docker-swarm.yml # For local builds, use docker-compose.build.yml instead # Options: -# - dev: Pull development images from registry (default, built from develop branch) -# - latest: Pull latest stable images from registry (built from main branch) -# - : Use specific commit SHA tag (e.g., 658ec077) +# - latest: Pull latest images from registry (default, built from main branch) # - : Use specific version tag (e.g., v1.0.0) -IMAGE_TAG=dev +IMAGE_TAG=latest # ====================== # Docker Compose Profiles diff --git a/.woodpecker/README.md b/.woodpecker/README.md index e36e8c1..ed36194 100644 --- a/.woodpecker/README.md +++ b/.woodpecker/README.md @@ -85,12 +85,11 @@ install -> [ruff-check, mypy, security-bandit, security-pip-audit, test] ## Image Tagging -| Condition | Tag | Purpose | -| ---------------- | -------------------------- | -------------------------- | -| Always | `${CI_COMMIT_SHA:0:8}` | Immutable commit reference | -| `main` branch | `latest` | Current production release | -| `develop` branch | `dev` | Current development build | -| Git tag | tag value (e.g., `v1.0.0`) | Semantic version release | +| Condition | Tag | Purpose | +| ------------- | -------------------------- | -------------------------- | +| Always | `${CI_COMMIT_SHA:0:8}` | Immutable commit reference | +| `main` branch | `latest` | Current latest build | +| Git tag | tag value (e.g., `v1.0.0`) | Semantic version release | ## Required Secrets @@ -138,5 +137,5 @@ Fails on blockers or critical/high severity security findings. ### Pipeline runs Docker builds on pull requests -- Docker build steps have `when: branch: [main, develop]` guards +- Docker build steps have `when: branch: [main]` guards - PRs only run quality gates, not Docker builds diff --git a/.woodpecker/api.yml b/.woodpecker/api.yml index 42220a8..a2ab0f3 100644 --- a/.woodpecker/api.yml +++ b/.woodpecker/api.yml @@ -152,12 +152,10 @@ steps: DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:$CI_COMMIT_TAG" elif [ "$CI_COMMIT_BRANCH" = "main" ]; then DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:dev" fi /kaniko/executor --context . --dockerfile apps/api/Dockerfile --snapshot-mode=redo $DESTINATIONS when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - build @@ -180,7 +178,7 @@ steps: elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then SCAN_TAG="latest" else - SCAN_TAG="dev" + SCAN_TAG="latest" fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json @@ -188,7 +186,7 @@ steps: --ignorefile .trivyignore \ git.mosaicstack.dev/mosaic/stack-api:$$SCAN_TAG when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - docker-build-api @@ -230,7 +228,7 @@ steps: } link_package "stack-api" when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - security-trivy-api diff --git a/.woodpecker/coordinator.yml b/.woodpecker/coordinator.yml index fa1aa8d..a5d70b8 100644 --- a/.woodpecker/coordinator.yml +++ b/.woodpecker/coordinator.yml @@ -92,12 +92,10 @@ steps: DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-coordinator:$CI_COMMIT_TAG" elif [ "$CI_COMMIT_BRANCH" = "main" ]; then DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-coordinator:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-coordinator:dev" fi /kaniko/executor --context apps/coordinator --dockerfile apps/coordinator/Dockerfile --snapshot-mode=redo $DESTINATIONS when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - ruff-check @@ -124,7 +122,7 @@ steps: elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then SCAN_TAG="latest" else - SCAN_TAG="dev" + SCAN_TAG="latest" fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json @@ -132,7 +130,7 @@ steps: --ignorefile .trivyignore \ git.mosaicstack.dev/mosaic/stack-coordinator:$$SCAN_TAG when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - docker-build-coordinator @@ -174,7 +172,7 @@ steps: } link_package "stack-coordinator" when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - security-trivy-coordinator diff --git a/.woodpecker/infra.yml b/.woodpecker/infra.yml index 881fb83..a1c13ee 100644 --- a/.woodpecker/infra.yml +++ b/.woodpecker/infra.yml @@ -36,12 +36,10 @@ steps: DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-postgres:$CI_COMMIT_TAG" elif [ "$CI_COMMIT_BRANCH" = "main" ]; then DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-postgres:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-postgres:dev" fi /kaniko/executor --context docker/postgres --dockerfile docker/postgres/Dockerfile --snapshot-mode=redo $DESTINATIONS when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] docker-build-openbao: @@ -61,12 +59,10 @@ steps: DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-openbao:$CI_COMMIT_TAG" elif [ "$CI_COMMIT_BRANCH" = "main" ]; then DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-openbao:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-openbao:dev" fi /kaniko/executor --context docker/openbao --dockerfile docker/openbao/Dockerfile --snapshot-mode=redo $DESTINATIONS when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] # === Container Security Scans === @@ -87,7 +83,7 @@ steps: elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then SCAN_TAG="latest" else - SCAN_TAG="dev" + SCAN_TAG="latest" fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json @@ -95,7 +91,7 @@ steps: --ignorefile .trivyignore \ git.mosaicstack.dev/mosaic/stack-postgres:$$SCAN_TAG when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - docker-build-postgres @@ -116,7 +112,7 @@ steps: elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then SCAN_TAG="latest" else - SCAN_TAG="dev" + SCAN_TAG="latest" fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json @@ -124,7 +120,7 @@ steps: --ignorefile .trivyignore \ git.mosaicstack.dev/mosaic/stack-openbao:$$SCAN_TAG when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - docker-build-openbao @@ -167,7 +163,7 @@ steps: link_package "stack-postgres" link_package "stack-openbao" when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - security-trivy-postgres diff --git a/.woodpecker/orchestrator.yml b/.woodpecker/orchestrator.yml index 072a572..aca8b66 100644 --- a/.woodpecker/orchestrator.yml +++ b/.woodpecker/orchestrator.yml @@ -109,12 +109,10 @@ steps: DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:$CI_COMMIT_TAG" elif [ "$CI_COMMIT_BRANCH" = "main" ]; then DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:dev" fi /kaniko/executor --context . --dockerfile apps/orchestrator/Dockerfile --snapshot-mode=redo $DESTINATIONS when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - build @@ -137,7 +135,7 @@ steps: elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then SCAN_TAG="latest" else - SCAN_TAG="dev" + SCAN_TAG="latest" fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json @@ -145,7 +143,7 @@ steps: --ignorefile .trivyignore \ git.mosaicstack.dev/mosaic/stack-orchestrator:$$SCAN_TAG when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - docker-build-orchestrator @@ -187,7 +185,7 @@ steps: } link_package "stack-orchestrator" when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - security-trivy-orchestrator diff --git a/.woodpecker/web.yml b/.woodpecker/web.yml index cb17486..c97c8ad 100644 --- a/.woodpecker/web.yml +++ b/.woodpecker/web.yml @@ -120,12 +120,10 @@ steps: DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:$CI_COMMIT_TAG" elif [ "$CI_COMMIT_BRANCH" = "main" ]; then DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:latest" - elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then - DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:dev" fi /kaniko/executor --context . --dockerfile apps/web/Dockerfile --snapshot-mode=redo --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - build @@ -148,7 +146,7 @@ steps: elif [ "$$CI_COMMIT_BRANCH" = "main" ]; then SCAN_TAG="latest" else - SCAN_TAG="dev" + SCAN_TAG="latest" fi mkdir -p ~/.docker echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json @@ -156,7 +154,7 @@ steps: --ignorefile .trivyignore \ git.mosaicstack.dev/mosaic/stack-web:$$SCAN_TAG when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - docker-build-web @@ -198,7 +196,7 @@ steps: } link_package "stack-web" when: - - branch: [main, develop] + - branch: [main] event: [push, manual, tag] depends_on: - security-trivy-web diff --git a/README.md b/README.md index 6bc4fed..7d70e52 100644 --- a/README.md +++ b/README.md @@ -232,7 +232,7 @@ docker compose -f docker-compose.openbao.yml up -d sleep 30 # Wait for auto-initialization # 5. Deploy swarm stack -IMAGE_TAG=dev ./scripts/deploy-swarm.sh mosaic +IMAGE_TAG=latest ./scripts/deploy-swarm.sh mosaic # 6. Check deployment status docker stack services mosaic @@ -526,10 +526,9 @@ KNOWLEDGE_CACHE_TTL=300 # 5 minutes ### Branch Strategy -- `main` — Stable releases only -- `develop` — Active development (default working branch) -- `feature/*` — Feature branches from develop -- `fix/*` — Bug fix branches +- `main` — Trunk branch (all development merges here) +- `feature/*` — Feature branches from main +- `fix/*` — Bug fix branches from main ### Running Locally @@ -739,7 +738,7 @@ See [Type Sharing Strategy](docs/2-development/3-type-sharing/1-strategy.md) for 4. Run tests: `pnpm test` 5. Build: `pnpm build` 6. Commit with conventional format: `feat(#issue): Description` -7. Push and create a pull request to `develop` +7. Push and create a pull request to `main` ### Commit Format diff --git a/docker-compose.openbao.yml b/docker-compose.openbao.yml index d07e9dc..2e4cc09 100644 --- a/docker-compose.openbao.yml +++ b/docker-compose.openbao.yml @@ -14,7 +14,7 @@ services: # OpenBao Secrets Vault # ====================== openbao: - image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev} + image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-latest} entrypoint: ["dumb-init", "--"] command: ["bao", "server", "-config=/openbao/config/config.hcl"] environment: @@ -48,7 +48,7 @@ services: # Has built-in retry logic (polls OpenBao API for 60 seconds). # After init, runs an unseal watch loop to handle container restarts. openbao-init: - image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev} + image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-latest} command: /openbao/init.sh environment: VAULT_ADDR: http://openbao:8200 diff --git a/docker-compose.yml b/docker-compose.yml index 275e8fb..ee433f3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ services: # PostgreSQL Database # ====================== postgres: - image: git.mosaicstack.dev/mosaic/stack-postgres:${IMAGE_TAG:-dev} + image: git.mosaicstack.dev/mosaic/stack-postgres:${IMAGE_TAG:-latest} container_name: mosaic-postgres restart: unless-stopped environment: @@ -251,7 +251,7 @@ services: # OpenBao Secrets Management (Optional) # ====================== openbao: - image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev} + image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-latest} container_name: mosaic-openbao restart: unless-stopped user: root @@ -283,7 +283,7 @@ services: - "com.mosaic.description=OpenBao secrets management" openbao-init: - image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev} + image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-latest} container_name: mosaic-openbao-init restart: unless-stopped user: root @@ -345,7 +345,7 @@ services: # Mosaic API # ====================== api: - image: git.mosaicstack.dev/mosaic/stack-api:${IMAGE_TAG:-dev} + image: git.mosaicstack.dev/mosaic/stack-api:${IMAGE_TAG:-latest} container_name: mosaic-api restart: unless-stopped environment: @@ -424,7 +424,7 @@ services: # Mosaic Orchestrator # ====================== orchestrator: - image: git.mosaicstack.dev/mosaic/stack-orchestrator:${IMAGE_TAG:-dev} + image: git.mosaicstack.dev/mosaic/stack-orchestrator:${IMAGE_TAG:-latest} container_name: mosaic-orchestrator restart: unless-stopped # Run as non-root user (node:node, UID 1000) @@ -491,7 +491,7 @@ services: # Mosaic Web # ====================== web: - image: git.mosaicstack.dev/mosaic/stack-web:${IMAGE_TAG:-dev} + image: git.mosaicstack.dev/mosaic/stack-web:${IMAGE_TAG:-latest} container_name: mosaic-web restart: unless-stopped environment: diff --git a/docker/DOCKER-COMPOSE-GUIDE.md b/docker/DOCKER-COMPOSE-GUIDE.md index 13f2e89..5fe94d8 100644 --- a/docker/DOCKER-COMPOSE-GUIDE.md +++ b/docker/DOCKER-COMPOSE-GUIDE.md @@ -12,10 +12,10 @@ Pull and run the latest images from the Gitea container registry: # Copy environment template cp .env.example .env -# Edit .env and set IMAGE_TAG (optional, defaults to 'dev') -# IMAGE_TAG=dev # Development images (develop branch) -# IMAGE_TAG=latest # Production images (main branch) +# Edit .env and set IMAGE_TAG (optional, defaults to 'latest') +# IMAGE_TAG=latest # Latest images from main branch (default) # IMAGE_TAG=658ec077 # Specific commit SHA +# IMAGE_TAG=v1.0.0 # Specific version tag # Pull and start services docker compose pull @@ -49,8 +49,7 @@ docker compose -f docker-compose.build.yml up -d --build The `IMAGE_TAG` environment variable controls which image version to pull: -- `dev` - Latest development build from `develop` branch (default) -- `latest` - Latest stable build from `main` branch +- `latest` - Latest build from `main` branch (default) - `658ec077` - Specific commit SHA (first 8 characters) - `v1.0.0` - Specific version tag @@ -210,7 +209,7 @@ The repository includes three example compose files for common deployment scenar ```bash # Set in .env COMPOSE_PROFILES=full -IMAGE_TAG=dev +IMAGE_TAG=latest # Start all services docker compose up -d diff --git a/docs/AGENTS.md b/docs/AGENTS.md index 17618e1..3cd35de 100644 --- a/docs/AGENTS.md +++ b/docs/AGENTS.md @@ -29,12 +29,12 @@ Context = tokens = cost. Be smart. 2. Code → TDD: write test (RED), implement (GREEN), refactor 3. Test → pnpm test (must pass) 4. Push → git push origin feature/XX-description -5. PR → Create PR to develop (not main) +5. PR → Create PR to main 6. Review → Wait for approval or self-merge if authorized 7. Close → Close related issues via API ``` -**Never merge directly to develop without a PR.** +**Never merge directly to main without a PR.** ### Issue Management @@ -53,7 +53,7 @@ curl -s -X PATCH -H "Authorization: token $TOKEN" -H "Content-Type: application/ -d '{"state":"closed"}' # Create PR (tea CLI works for this) -tea pulls create --repo mosaic/stack --base develop --head feature/XX-name \ +tea pulls create --repo mosaic/stack --base main --head feature/XX-name \ --title "feat(#XX): Title" --description "Description" ``` diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index f5861ae..bb6952f 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -159,13 +159,12 @@ We follow a Git-based workflow with the following branch types: ### Workflow -1. Always branch from `develop` -2. Merge back to `develop` via pull request -3. `main` is for stable releases only +1. Always branch from `main` +2. Merge back to `main` via pull request ```bash # Start a new feature -git checkout develop +git checkout main git pull --rebase git checkout -b feature/my-feature-name @@ -269,7 +268,7 @@ Clarified pagination and filtering parameters. 2. Create a PR via GitLab at: https://git.mosaicstack.dev/mosaic/stack/-/merge_requests -3. Target branch: `develop` +3. Target branch: `main` 4. Fill in the PR template: - **Title:** `feat(#issue): Brief description` (follows commit format) diff --git a/docs/OPENBAO-DEPLOYMENT.md b/docs/OPENBAO-DEPLOYMENT.md index 930abd6..ca63603 100644 --- a/docs/OPENBAO-DEPLOYMENT.md +++ b/docs/OPENBAO-DEPLOYMENT.md @@ -144,7 +144,7 @@ sleep 30 docker logs mosaic-openbao-init # 3. Deploy swarm stack -IMAGE_TAG=dev ./scripts/deploy-swarm.sh mosaic +IMAGE_TAG=latest ./scripts/deploy-swarm.sh mosaic # 4. Verify API connects to OpenBao docker service logs mosaic_api | grep -i openbao @@ -172,7 +172,7 @@ docker logs mosaic-openbao-init # OPENBAO_SECRET_ID=... # 2. Deploy stack (no OpenBao) -IMAGE_TAG=dev ./scripts/deploy-swarm.sh mosaic +IMAGE_TAG=latest ./scripts/deploy-swarm.sh mosaic # 3. Verify API connects to external Vault docker service logs mosaic_api | grep -i vault diff --git a/docs/PORTAINER-DEPLOYMENT.md b/docs/PORTAINER-DEPLOYMENT.md index e331ee7..d46d665 100644 --- a/docs/PORTAINER-DEPLOYMENT.md +++ b/docs/PORTAINER-DEPLOYMENT.md @@ -62,7 +62,7 @@ If using private registry images from `git.mosaicstack.dev`: 4. **Web editor:** Copy and paste contents of `docker-compose.portainer.yml` 5. **Environment variables:** ``` - IMAGE_TAG=dev + IMAGE_TAG=latest OPENBAO_PORT=8200 ``` 6. Click **Deploy the stack** @@ -90,7 +90,7 @@ If using private registry images from `git.mosaicstack.dev`: **Option A: Git Repository (Recommended)** - Repository URL: `https://git.mosaicstack.dev/mosaic/stack` -- Repository reference: `refs/heads/develop` +- Repository reference: `refs/heads/main` - Compose path: `docker-compose.swarm.yml` - Authentication: Enable if repository is private - Enable **Automatic updates** (optional) @@ -103,7 +103,7 @@ If using private registry images from `git.mosaicstack.dev`: 4. **Environment variables:** ``` - IMAGE_TAG=dev + IMAGE_TAG=latest POSTGRES_PASSWORD= JWT_SECRET= BETTER_AUTH_SECRET= @@ -148,7 +148,7 @@ If using private registry images from `git.mosaicstack.dev`: ```bash # Image Configuration -IMAGE_TAG=dev # or 'latest' or specific commit SHA +IMAGE_TAG=latest # or 'latest' or specific commit SHA # Database POSTGRES_PASSWORD= diff --git a/docs/SWARM-DEPLOYMENT.md b/docs/SWARM-DEPLOYMENT.md index e389f24..72c1304 100644 --- a/docs/SWARM-DEPLOYMENT.md +++ b/docs/SWARM-DEPLOYMENT.md @@ -49,7 +49,7 @@ nano .env - `OIDC_CLIENT_ID` - From your Authentik/OIDC provider - `OIDC_CLIENT_SECRET` - From your Authentik/OIDC provider - `OIDC_ISSUER` - Your OIDC provider URL (must end with `/`) -- `IMAGE_TAG` - `dev` or `latest` or specific commit SHA +- `IMAGE_TAG` - `latest` (default) or specific version/commit SHA ### 2. Configure for External Services (Optional) @@ -131,10 +131,10 @@ See [OpenBao Deployment Guide](OPENBAO-DEPLOYMENT.md) for detailed options. cd /opt/mosaic/stack # Using the deploy script (recommended) -IMAGE_TAG=dev ./scripts/deploy-swarm.sh mosaic +IMAGE_TAG=latest ./scripts/deploy-swarm.sh mosaic # Or manually -IMAGE_TAG=dev docker stack deploy \ +IMAGE_TAG=latest docker stack deploy \ -c docker-compose.swarm.yml \ --with-registry-auth mosaic ``` diff --git a/docs/harbor-tag-retention-policy.md b/docs/harbor-tag-retention-policy.md index 8a462ff..f277515 100644 --- a/docs/harbor-tag-retention-policy.md +++ b/docs/harbor-tag-retention-policy.md @@ -9,17 +9,15 @@ Images are tagged based on branch and event type: | Trigger | Tags Applied | Example | | ----------------- | ----------------- | -------------------- | | Push to `main` | `{sha}`, `latest` | `658ec077`, `latest` | -| Push to `develop` | `{sha}`, `dev` | `a1b2c3d4`, `dev` | | Git tag (release) | `{sha}`, `{tag}` | `658ec077`, `v1.0.0` | ### Tag Meanings -| Tag | Purpose | Stability | -| -------------------------- | ------------------------------------------ | --------- | -| `latest` | Current production-ready build from `main` | Stable | -| `dev` | Current development build from `develop` | Unstable | -| `v*` (e.g., `v1.0.0`) | Versioned release | Immutable | -| `{sha}` (e.g., `658ec077`) | Specific commit for traceability | Immutable | +| Tag | Purpose | Stability | +| -------------------------- | ---------------------------------- | --------- | +| `latest` | Current build from `main` | Latest | +| `v*` (e.g., `v1.0.0`) | Versioned release | Immutable | +| `{sha}` (e.g., `658ec077`) | Specific commit for traceability | Immutable | ## Retention Policy Configuration