ci

.woodpecker.yml

@@ -2,12 +2,15 @@ steps:
   build:
     image: woodpeckerci/plugin-docker
     settings:
-      registry: gitea.infra.mintel.me
+      registry: registry.infra.mintel.me
-      repo: gitea.infra.mintel.me/mintel/mb-grid-solutions
+      repo: registry.infra.mintel.me/mintel/mb-grid-solutions
       username:
-        from_secret: GITEA_USER
+        from_secret: REGISTRY_USER
       password:
-        from_secret: GITEA_TOKEN
+        from_secret: REGISTRY_PASS
+      tags:
+        - latest
+        - ${CI_COMMIT_SHA}
     when:
       event: push
       branch: main

docker-compose.yaml

@@ -1,7 +1,7 @@
 services:
   app:
     build: .
-    image: gitea.infra.mintel.me/mintel/mb-grid-solutions:latest
+    image: registry.infra.mintel.me/mintel/mb-grid-solutions:latest
     restart: always
     expose:
       - "3000"

docs/PLATFORM.md

@@ -13,12 +13,15 @@ Mintel runs the platform.
 
 These are for developers only (not customers):
 
-Git  
+Git (Gitea)  
 https://git.infra.mintel.me  
 
-CI  
+CI (Woodpecker)  
 https://ci.infra.mintel.me  
 
+Container Registry  
+https://registry.infra.mintel.me  
+
 Errors (GlitchTip)  
 https://errors.infra.mintel.me  
 
@@ -68,6 +71,21 @@ This directory contains:
 
 ---
 
+## Container Images
+
+All production images must be built by CI and pushed to the Mintel Registry.
+
+Registry:
+registry.infra.mintel.me
+
+Image naming:
+registry.infra.mintel.me/ORG/APP_NAME:TAG
+
+Example:
+registry.infra.mintel.me/mintel/mb-grid-solutions:latest
+
+---
+
 ## Databases
 
 ### Postgres (shared)
@@ -151,7 +169,7 @@ No downtime.
 
 ## Error tracking (GlitchTip)
 
-Each project gets a DSN, similar to Sentry.
+Each project gets a DSN (like Sentry).
 
 Example:
 
@@ -159,69 +177,77 @@ https://PUBLIC_KEY@errors.infra.mintel.me/PROJECT_ID
 
 Use as SENTRY_DSN in your app.
 
-All errors appear in GlitchTip.
-
 ---
 
 ## Analytics (Umami)
 
 Each site gets a website ID.
 
-Include this script in your site:
+Include this script:
 
 https://analytics.infra.mintel.me/script.js  
 data-website-id=YOUR_ID
 
-Traffic is visible in Umami.
-
 ---
 
 ## Deployment via Woodpecker
 
-Woodpecker deploys to Alpha via SSH.
+Woodpecker builds images and pushes them to the Mintel Registry, then deploys to Alpha via SSH.
 
 Target:
 deploy@alpha.mintel.me
 
-Auth:
-ALPHA_SSH_KEY is provided as a CI secret.
-
 ---
 
 ## Woodpecker pipeline example
+steps:
+build:
+image: woodpeckerci/plugin-docker
+settings:
+registry: registry.infra.mintel.me
+repo: registry.infra.mintel.me/mintel/mb-grid-solutions
+username:
+from_secret: REGISTRY_USER
+password:
+from_secret: REGISTRY_PASS
+tags:
+- latest
+- ${CI_COMMIT_SHA}
 
-Every repo must contain .woodpecker.yml:
+deploy:
-
+image: alpine
-pipeline:
+environment:
-  deploy:
+ALPHA_SSH_KEY:
-    image: alpine
+from_secret: ALPHA_SSH_KEY
-    commands:
+commands:
-      - apk add --no-cache openssh
+- apk add –no-cache openssh
-      - mkdir -p ~/.ssh
+- mkdir -p ~/.ssh
-      - echo "$ALPHA_SSH_KEY" > ~/.ssh/id_ed25519
+- echo “$ALPHA_SSH_KEY” > ~/.ssh/id_ed25519
-      - chmod 600 ~/.ssh/id_ed25519
+- chmod 600 ~/.ssh/id_ed25519
-      - ssh -o StrictHostKeyChecking=no deploy@alpha.mintel.me "cd /opt/alpha/sites/APP_NAME && docker compose pull && docker compose up -d"
+- ssh -o StrictHostKeyChecking=no deploy@alpha.mintel.me “cd /opt/alpha/sites/mb-grid-solutions && docker compose pull && docker compose up -d”
 
 ---
 
 ## Monitoring
 
-Errors: GlitchTip  
+Errors → GlitchTip  
-Traffic: Umami  
+Traffic → Umami  
-Uptime: Uptime-Kuma  
+Uptime → Uptime-Kuma  
-Logs: Dozzle  
+Logs → Dozzle  
 
-Infra monitors all services automatically.
+Infra monitors all services.
 
 ---
 
 ## Summary
 
 You push code.  
-Woodpecker deploys.  
+CI builds images.  
-Traefik routes domains.  
+Images go to the Mintel Registry.  
+Alpha pulls and runs them.  
+Traefik routes real domains.  
 Postgres and Redis are shared but isolated.  
-Zero-downtime updates are automatic.  
+Deploys are zero-downtime.  
-Errors, traffic and uptime are tracked.
+Everything is monitored.
 
 This is a real production platform.