From 41e016e9a6850241e2a4f75e92915c24f53626f6 Mon Sep 17 00:00:00 2001
From: Max Mayfield <max@dd0c.net>
Date: Mon, 2 Mar 2026 05:15:37 +0000
Subject: [PATCH] Add local Docker registry: registry:2 on :5000,
 build-push.sh, CI auto-deploy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- docker-compose services now pull from localhost:5000 instead of building locally
- build-push.sh builds + pushes all 5 Node images to local registry
- CI workflows get build-push job: test → build → push → deploy
- Deploy becomes: docker compose pull && docker compose up -d
- Eliminates silent git pull + stale Docker cache issues
---
 .gitea/workflows/ci-p2-drift.yml  | 18 ++++++++
 .gitea/workflows/ci-p3-alert.yml  | 18 ++++++++
 .gitea/workflows/ci-p4-portal.yml | 18 ++++++++
 .gitea/workflows/ci-p5-cost.yml   | 18 ++++++++
 .gitea/workflows/ci-p6-run.yml    | 18 ++++++++
 products/build-push.sh            | 75 +++++++++++++++++++++++++++++++
 products/docker-compose.yml       | 30 ++++++-------
 7 files changed, 180 insertions(+), 15 deletions(-)
 create mode 100755 products/build-push.sh

diff --git a/.gitea/workflows/ci-p2-drift.yml b/.gitea/workflows/ci-p2-drift.yml
index 2b44c37..7a374fb 100644
--- a/.gitea/workflows/ci-p2-drift.yml
+++ b/.gitea/workflows/ci-p2-drift.yml
@@ -48,3 +48,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/02-iac-drift-detection/saas && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-drift:latest ./02-iac-drift-detection/saas
+          docker push localhost:5000/dd0c-drift:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull drift
+          docker compose up -d drift
diff --git a/.gitea/workflows/ci-p3-alert.yml b/.gitea/workflows/ci-p3-alert.yml
index bd02856..7bfdda8 100644
--- a/.gitea/workflows/ci-p3-alert.yml
+++ b/.gitea/workflows/ci-p3-alert.yml
@@ -23,3 +23,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/03-alert-intelligence && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-alert:latest ./03-alert-intelligence
+          docker push localhost:5000/dd0c-alert:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull alert
+          docker compose up -d alert
diff --git a/.gitea/workflows/ci-p4-portal.yml b/.gitea/workflows/ci-p4-portal.yml
index 7f59dfa..72b1dd7 100644
--- a/.gitea/workflows/ci-p4-portal.yml
+++ b/.gitea/workflows/ci-p4-portal.yml
@@ -23,3 +23,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/04-lightweight-idp && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-portal:latest ./04-lightweight-idp
+          docker push localhost:5000/dd0c-portal:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull portal
+          docker compose up -d portal
diff --git a/.gitea/workflows/ci-p5-cost.yml b/.gitea/workflows/ci-p5-cost.yml
index 798f71f..d66a82c 100644
--- a/.gitea/workflows/ci-p5-cost.yml
+++ b/.gitea/workflows/ci-p5-cost.yml
@@ -23,3 +23,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/05-aws-cost-anomaly && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-cost:latest ./05-aws-cost-anomaly
+          docker push localhost:5000/dd0c-cost:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull cost
+          docker compose up -d cost
diff --git a/.gitea/workflows/ci-p6-run.yml b/.gitea/workflows/ci-p6-run.yml
index 3701b91..c2ca55f 100644
--- a/.gitea/workflows/ci-p6-run.yml
+++ b/.gitea/workflows/ci-p6-run.yml
@@ -23,3 +23,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/06-runbook-automation/saas && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-run:latest ./06-runbook-automation/saas
+          docker push localhost:5000/dd0c-run:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull run
+          docker compose up -d run
diff --git a/products/build-push.sh b/products/build-push.sh
new file mode 100755
index 0000000..132c9e5
--- /dev/null
+++ b/products/build-push.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+# dd0c CI Build & Push to Local Registry
+# Builds Docker images for all Node services and pushes to localhost:5000
+#
+# Usage:
+#   ./build-push.sh              # Build all services
+#   ./build-push.sh drift alert  # Build specific services
+
+set -euo pipefail
+
+REGISTRY="${REGISTRY:-localhost:5000}"
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+declare -A CONTEXTS=(
+  ["dd0c-drift"]="02-iac-drift-detection/saas"
+  ["dd0c-alert"]="03-alert-intelligence"
+  ["dd0c-portal"]="04-lightweight-idp"
+  ["dd0c-cost"]="05-aws-cost-anomaly"
+  ["dd0c-run"]="06-runbook-automation/saas"
+)
+
+# If args provided, filter to those services
+if [ $# -gt 0 ]; then
+  TARGETS=()
+  for arg in "$@"; do
+    key="dd0c-${arg}"
+    if [ -n "${CONTEXTS[$key]+x}" ]; then
+      TARGETS+=("$key")
+    else
+      echo -e "${RED}Unknown service: $arg${NC}" >&2
+      echo "Available: drift alert portal cost run" >&2
+      exit 1
+    fi
+  done
+else
+  TARGETS=("dd0c-drift" "dd0c-alert" "dd0c-portal" "dd0c-cost" "dd0c-run")
+fi
+
+echo -e "${YELLOW}dd0c Build & Push — $(date -u '+%Y-%m-%d %H:%M UTC')${NC}"
+echo -e "Registry: ${REGISTRY}\n"
+
+FAILED=0
+for img in "${TARGETS[@]}"; do
+  ctx="${CONTEXTS[$img]}"
+  tag="${REGISTRY}/${img}:latest"
+
+  echo -e "${YELLOW}▸ Building ${img}${NC}"
+  if docker build -t "$tag" "$SCRIPT_DIR/$ctx" --no-cache; then
+    echo -e "${YELLOW}  Pushing ${tag}${NC}"
+    if docker push "$tag"; then
+      echo -e "  ${GREEN}✓${NC} ${img}"
+    else
+      echo -e "  ${RED}✗${NC} Push failed: ${img}"
+      ((FAILED++)) || true
+    fi
+  else
+    echo -e "  ${RED}✗${NC} Build failed: ${img}"
+    ((FAILED++)) || true
+  fi
+  echo ""
+done
+
+if [ "$FAILED" -eq 0 ]; then
+  echo -e "${GREEN}All images built and pushed.${NC}"
+  echo -e "Deploy: ${YELLOW}docker compose pull && docker compose up -d${NC}"
+else
+  echo -e "${RED}${FAILED} service(s) failed.${NC}"
+  exit 1
+fi
diff --git a/products/docker-compose.yml b/products/docker-compose.yml
index e3df9a5..6842d13 100644
--- a/products/docker-compose.yml
+++ b/products/docker-compose.yml
@@ -47,6 +47,15 @@ services:
     volumes:
       - meili_data:/meili_data
 
+  # --- Local Docker Registry ---
+  registry:
+    image: registry:2
+    ports:
+      - "5000:5000"
+    volumes:
+      - registry_data:/var/lib/registry
+    restart: unless-stopped
+
   # --- dd0c Products ---
   # P1: LLM Cost Router (Rust — API server)
   # NOTE: Rust services are behind the "rust" profile because they take 10+ min to compile.
@@ -105,9 +114,7 @@ services:
 
   # P2: IaC Drift Detection (SaaS)
   drift:
-    build:
-      context: ./02-iac-drift-detection/saas
-      dockerfile: Dockerfile
+    image: localhost:5000/dd0c-drift:latest
     ports:
       - "3002:3000"
     environment:
@@ -123,9 +130,7 @@ services:
 
   # P3: Alert Intelligence
   alert:
-    build:
-      context: ./03-alert-intelligence
-      dockerfile: Dockerfile
+    image: localhost:5000/dd0c-alert:latest
     ports:
       - "3003:3000"
     environment:
@@ -141,9 +146,7 @@ services:
 
   # P4: Lightweight IDP / Service Catalog
   portal:
-    build:
-      context: ./04-lightweight-idp
-      dockerfile: Dockerfile
+    image: localhost:5000/dd0c-portal:latest
     ports:
       - "3004:3000"
     environment:
@@ -161,9 +164,7 @@ services:
 
   # P5: AWS Cost Anomaly Detection
   cost:
-    build:
-      context: ./05-aws-cost-anomaly
-      dockerfile: Dockerfile
+    image: localhost:5000/dd0c-cost:latest
     ports:
       - "3007:3000"
     environment:
@@ -180,9 +181,7 @@ services:
 
   # P6: Runbook Automation (SaaS)
   run:
-    build:
-      context: ./06-runbook-automation/saas
-      dockerfile: Dockerfile
+    image: localhost:5000/dd0c-run:latest
     ports:
       - "3006:3000"
     environment:
@@ -199,3 +198,4 @@ services:
 volumes:
   pg_data:
   meili_data:
+  registry_data: