Deploy a Docker Compose application
ReaperCI treats the Compose project on the VPS as an operator-owned deployment
definition. It builds and pushes application images, then performs a typed
docker compose pull and up -d in an allowlisted absolute directory. The hub
does not mount the VPS Docker socket.
Prepare the VPS
Create a dedicated directory such as /srv/acme-app and place the reviewed
compose.yaml there. For an outbound connector, include /srv in
--deploy-roots. For direct SSH, use a dedicated Unix account with permission
only for the required Compose project.
Reference the externally reachable ReaperCI registry and a stable deployment tag in the server-side Compose file:
services:
app:
image: ci.example.com/acme-app:staging
restart: unless-stopped
ports:
- "8080:8080"
Configure the target Docker daemon to trust and reach the registry, and set
REAPERCI_REGISTRY_PULL_HOST=ci.example.com on the hub. ReaperCI logs in with
its robot credential before pull and removes the temporary Docker client config.
Pipeline
on:
push: [main]
manual: true
steps:
- name: test
image: golang:1.26.5-bookworm
run: go test ./...
timeout: 15m
- name: image
dockerfile: Dockerfile
tags:
- acme-app:staging
dependsOn: [test]
deploy:
environment: staging
compose: /srv/acme-app
approve: manual
# Fail before mutation unless the current runtime can be snapshotted safely.
autoRollback: true
healthCheck:
url: https://staging.example.com/healthz
interval: 5s
timeout: 10s
failureThreshold: 3
Use an environment-scoped secret when Compose needs a runtime value. ReaperCI writes a short-lived mode-0600 environment file for the operation and does not return its contents in the deployment record.
Verify and promote
Approve staging, confirm every service is healthy, and inspect the recorded Compose service summary. Promotion copies immutable release inputs to the next environment; it does not bypass that environment's policy. For production, prefer an immutable image tag in the production Compose definition and update that reviewed definition as part of the release process rather than relying on an ambiguous mutable tag.
Before enabling autoRollback, establish and inspect one healthy deployment on
the target. ReaperCI records the actual sha256: image ID for every Compose
service. If the next health check fails, it queues a typed rollback that overlays
those exact IDs on the reviewed base Compose file and runs up -d --no-build --pull never. Registry availability and tag movement therefore cannot change
the rollback target. The target must retain the previous images locally; include
that assumption in disk cleanup and rollback drills.