CI pipeline (.gitea/workflows/ci.yml):
- Job lint (ruff), typecheck (mypy mcp_common gating + servizi
warn-only), test (pytest 455).
- Job build-and-push solo su main: builda gateway + 6 image MCP via
docker/build-push-action@v6, login al registry Gitea con
docker/login-action@v3 + secrets.GITEA_TOKEN auto-iniettato.
- Cache distribuita type=gha per layer Docker → run successivi 5-10x
più veloci. Tag :latest + :sha-XXXXXXX per ogni image.
Deploy VPS (docker-compose.prod.yml):
- Niente build locale: solo `image:` da git.tielogic.xyz/adriano/
cerbero-mcp/<service>:latest. Variabile IMAGE_TAG per pin a sha
specifico.
- Servizio Watchtower containerizzato che polla ogni 5min (configurabile
via WATCHTOWER_POLL_INTERVAL) e auto-aggiorna i container con label
com.centurylinklabs.watchtower.enable=true. Auth registry riusa
~/.docker/config.json bind-mounted readonly.
DEPLOYMENT.md: runbook completo per setup VPS, login registry, secrets,
.env, smoke test post-deploy, rollback (pin a sha), disable auto-update,
nota Traefik upload limit. README aggiornato con link.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
AdrianoDev
c251fda886