Add local Docker registry: registry:2 on :5000, build-push.sh, CI auto-deploy

- docker-compose services now pull from localhost:5000 instead of building locally
- build-push.sh builds + pushes all 5 Node images to local registry
- CI workflows get build-push job: test → build → push → deploy
- Deploy becomes: docker compose pull && docker compose up -d
- Eliminates silent git pull + stale Docker cache issues

.gitea/workflows/ci-p2-drift.yml

@@ -48,3 +48,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/02-iac-drift-detection/saas && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-drift:latest ./02-iac-drift-detection/saas
+          docker push localhost:5000/dd0c-drift:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull drift
+          docker compose up -d drift

.gitea/workflows/ci-p3-alert.yml

@@ -23,3 +23,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/03-alert-intelligence && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-alert:latest ./03-alert-intelligence
+          docker push localhost:5000/dd0c-alert:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull alert
+          docker compose up -d alert

.gitea/workflows/ci-p4-portal.yml

@@ -23,3 +23,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/04-lightweight-idp && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-portal:latest ./04-lightweight-idp
+          docker push localhost:5000/dd0c-portal:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull portal
+          docker compose up -d portal

.gitea/workflows/ci-p5-cost.yml

@@ -23,3 +23,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/05-aws-cost-anomaly && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-cost:latest ./05-aws-cost-anomaly
+          docker push localhost:5000/dd0c-cost:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull cost
+          docker compose up -d cost

.gitea/workflows/ci-p6-run.yml

@@ -23,3 +23,21 @@ jobs:
 
       - name: Test
         run: cd $GITHUB_WORKSPACE/products/06-runbook-automation/saas && npm test
+
+  build-push:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        run: git clone --depth=1 http://192.168.86.11:3005/jarvis/dd0c.git $GITHUB_WORKSPACE || true
+      - name: Build and push
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker build -t localhost:5000/dd0c-run:latest ./06-runbook-automation/saas
+          docker push localhost:5000/dd0c-run:latest
+      - name: Deploy
+        run: |
+          cd $GITHUB_WORKSPACE/products
+          docker compose pull run
+          docker compose up -d run

products/build-push.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+
+# dd0c CI Build & Push to Local Registry
+# Builds Docker images for all Node services and pushes to localhost:5000
+#
+# Usage:
+#   ./build-push.sh              # Build all services
+#   ./build-push.sh drift alert  # Build specific services
+
+set -euo pipefail
+
+REGISTRY="${REGISTRY:-localhost:5000}"
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+declare -A CONTEXTS=(
+  ["dd0c-drift"]="02-iac-drift-detection/saas"
+  ["dd0c-alert"]="03-alert-intelligence"
+  ["dd0c-portal"]="04-lightweight-idp"
+  ["dd0c-cost"]="05-aws-cost-anomaly"
+  ["dd0c-run"]="06-runbook-automation/saas"
+)
+
+# If args provided, filter to those services
+if [ $# -gt 0 ]; then
+  TARGETS=()
+  for arg in "$@"; do
+    key="dd0c-${arg}"
+    if [ -n "${CONTEXTS[$key]+x}" ]; then
+      TARGETS+=("$key")
+    else
+      echo -e "${RED}Unknown service: $arg${NC}" >&2
+      echo "Available: drift alert portal cost run" >&2
+      exit 1
+    fi
+  done
+else
+  TARGETS=("dd0c-drift" "dd0c-alert" "dd0c-portal" "dd0c-cost" "dd0c-run")
+fi
+
+echo -e "${YELLOW}dd0c Build & Push — $(date -u '+%Y-%m-%d %H:%M UTC')${NC}"
+echo -e "Registry: ${REGISTRY}\n"
+
+FAILED=0
+for img in "${TARGETS[@]}"; do
+  ctx="${CONTEXTS[$img]}"
+  tag="${REGISTRY}/${img}:latest"
+
+  echo -e "${YELLOW}▸ Building ${img}${NC}"
+  if docker build -t "$tag" "$SCRIPT_DIR/$ctx" --no-cache; then
+    echo -e "${YELLOW}  Pushing ${tag}${NC}"
+    if docker push "$tag"; then
+      echo -e "  ${GREEN}✓${NC} ${img}"
+    else
+      echo -e "  ${RED}✗${NC} Push failed: ${img}"
+      ((FAILED++)) || true
+    fi
+  else
+    echo -e "  ${RED}✗${NC} Build failed: ${img}"
+    ((FAILED++)) || true
+  fi
+  echo ""
+done
+
+if [ "$FAILED" -eq 0 ]; then
+  echo -e "${GREEN}All images built and pushed.${NC}"
+  echo -e "Deploy: ${YELLOW}docker compose pull && docker compose up -d${NC}"
+else
+  echo -e "${RED}${FAILED} service(s) failed.${NC}"
+  exit 1
+fi

products/docker-compose.yml

@@ -47,6 +47,15 @@ services:
     volumes:
       - meili_data:/meili_data
 
+  # --- Local Docker Registry ---
+  registry:
+    image: registry:2
+    ports:
+      - "5000:5000"
+    volumes:
+      - registry_data:/var/lib/registry
+    restart: unless-stopped
+
   # --- dd0c Products ---
   # P1: LLM Cost Router (Rust — API server)
   # NOTE: Rust services are behind the "rust" profile because they take 10+ min to compile.
@@ -105,9 +114,7 @@ services:
 
   # P2: IaC Drift Detection (SaaS)
   drift:
-    build:
+    image: localhost:5000/dd0c-drift:latest
-      context: ./02-iac-drift-detection/saas
-      dockerfile: Dockerfile
     ports:
       - "3002:3000"
     environment:
@@ -123,9 +130,7 @@ services:
 
   # P3: Alert Intelligence
   alert:
-    build:
+    image: localhost:5000/dd0c-alert:latest
-      context: ./03-alert-intelligence
-      dockerfile: Dockerfile
     ports:
       - "3003:3000"
     environment:
@@ -141,9 +146,7 @@ services:
 
   # P4: Lightweight IDP / Service Catalog
   portal:
-    build:
+    image: localhost:5000/dd0c-portal:latest
-      context: ./04-lightweight-idp
-      dockerfile: Dockerfile
     ports:
       - "3004:3000"
     environment:
@@ -161,9 +164,7 @@ services:
 
   # P5: AWS Cost Anomaly Detection
   cost:
-    build:
+    image: localhost:5000/dd0c-cost:latest
-      context: ./05-aws-cost-anomaly
-      dockerfile: Dockerfile
     ports:
       - "3007:3000"
     environment:
@@ -180,9 +181,7 @@ services:
 
   # P6: Runbook Automation (SaaS)
   run:
-    build:
+    image: localhost:5000/dd0c-run:latest
-      context: ./06-runbook-automation/saas
-      dockerfile: Dockerfile
     ports:
       - "3006:3000"
     environment:
@@ -199,3 +198,4 @@ services:
 volumes:
   pg_data:
   meili_data:
+  registry_data: