From c701f77237ac19910e123ef0dd7bbeda4167f395 Mon Sep 17 00:00:00 2001 From: bunker-admin Date: Mon, 23 Mar 2026 14:50:16 -0600 Subject: [PATCH] Add :latest fallback to registry image pull in upgrade.sh When --use-registry is set, the upgrade script tries to pull images tagged with the current HEAD SHA. If images were built at an earlier commit, that SHA tag won't exist. Now tries :latest before falling back to a full source build. Also applies to nginx and code-server. Bunker Admin --- scripts/upgrade.sh | 49 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 8 deletions(-) diff --git a/scripts/upgrade.sh b/scripts/upgrade.sh index ea6ba85a..22c85e70 100755 --- a/scripts/upgrade.sh +++ b/scripts/upgrade.sh @@ -831,17 +831,50 @@ if [[ "$USE_REGISTRY" == "true" ]]; then info "Registry mode: ${REGISTRY} (tag: ${REGISTRY_TAG})" write_progress 4 "Container Rebuild" 55 "Pulling images from registry..." - # Pull core app containers; fall back to source build if registry unavailable + # Pull core app containers: try SHA tag → :latest fallback → source build + PULLED_TAG="" if docker compose pull api admin media-api 2>/dev/null; then - success "Core images pulled from registry" + success "Core images pulled from registry (tag: ${REGISTRY_TAG})" + PULLED_TAG="$REGISTRY_TAG" + elif [[ "$REGISTRY_TAG" != "latest" ]]; then + warn "Tag :${REGISTRY_TAG} not in registry — trying :latest" + export IMAGE_TAG="latest" + if docker compose pull api admin media-api 2>/dev/null; then + success "Core images pulled from registry (tag: latest)" + PULLED_TAG="latest" + # Retag :latest as :SHA so compose up uses consistent tags + for svc in api admin media-api; do + local_img="${REGISTRY}/changemaker-${svc}" + docker tag "${local_img}:latest" "${local_img}:${REGISTRY_TAG}" 2>/dev/null || true + done + export IMAGE_TAG="$REGISTRY_TAG" + else + warn "Registry pull failed for :latest too — falling back to source build" + export IMAGE_TAG="$REGISTRY_TAG" + docker compose build $SOURCE_CONTAINERS + success "Source containers rebuilt (registry fallback)" + fi else warn "Registry pull failed — falling back to source build" docker compose build $SOURCE_CONTAINERS success "Source containers rebuilt (registry fallback)" fi - # nginx: pull if available, else rebuild only if config changed - if ! docker compose pull nginx 2>/dev/null; then + # nginx: try SHA → :latest → rebuild if config changed + NGINX_PULLED=false + if docker compose pull nginx 2>/dev/null; then + success "nginx pulled from registry (tag: ${IMAGE_TAG})" + NGINX_PULLED=true + elif [[ "$REGISTRY_TAG" != "latest" ]]; then + export IMAGE_TAG="latest" + if docker compose pull nginx 2>/dev/null; then + docker tag "${REGISTRY}/changemaker-nginx:latest" "${REGISTRY}/changemaker-nginx:${REGISTRY_TAG}" 2>/dev/null || true + success "nginx pulled from registry (tag: latest)" + NGINX_PULLED=true + fi + export IMAGE_TAG="$REGISTRY_TAG" + fi + if [[ "$NGINX_PULLED" == "false" ]]; then if echo "$CHANGED_FILES" | grep -q "^nginx/"; then info "Rebuilding nginx (config changed, not in registry)..." docker compose build nginx @@ -851,7 +884,7 @@ if [[ "$USE_REGISTRY" == "true" ]]; then fi fi - # code-server: pull from registry if Dockerfile changed; never build during upgrade + # code-server: pull from registry if available; never build during upgrade # (code-server is 9GB+ and takes 30+ min to build — run build-and-push.sh separately) CS_IMAGE="${REGISTRY}/changemaker-code-server" if docker image inspect "${CS_IMAGE}:${REGISTRY_TAG}" &>/dev/null 2>&1; then @@ -859,11 +892,11 @@ if [[ "$USE_REGISTRY" == "true" ]]; then elif docker compose pull code-server 2>/dev/null; then success "code-server pulled from registry" else - # Retag any existing local code-server image so compose up doesn't try to build it - for fallback_tag in local latest; do + # Try :latest, then retag any existing local image so compose up doesn't build + for fallback_tag in latest local; do if docker image inspect "${CS_IMAGE}:${fallback_tag}" &>/dev/null 2>&1; then docker tag "${CS_IMAGE}:${fallback_tag}" "${CS_IMAGE}:${REGISTRY_TAG}" 2>/dev/null || true - info "Tagged code-server:${fallback_tag} → :${REGISTRY_TAG} (registry push pending)" + info "Tagged code-server:${fallback_tag} → :${REGISTRY_TAG}" break fi done