One-shot deploy script that wraps the podman build + run dance:
./deploy.sh # build → replace container → prune (default)
./deploy.sh build # build + tag only
./deploy.sh run # restart from existing :latest, no rebuild
./deploy.sh prune # drop old timestamped images
./deploy.sh config # print resolved configuration
Each build tags the image with both :latest AND a UTC timestamp
(YYYYMMDD-HHMMSS), so rollback is a tag retag away. Prune keeps the
N most recent timestamped images (KEEP_IMAGES, default 3); :latest
is never touched. The matching regex is strict — only the exact
YYYYMMDD-HHMMSS pattern — so a stray "dev" or hand-typed tag can't
get caught.
Settings come from an optional deploy.env (gitignored; example in
deploy.env.example). Parser is allowlist-based: only recognised
keys apply, malformed lines and command-substitution forms are
ignored. Available overrides: IMAGE_NAME, CONTAINER_NAME,
VOLUME_NAME, HOST_PORT, BIND_ADDR, KEEP_IMAGES, PUBLIC_BASE_URL,
EXTRA_PODMAN_RUN_ARGS. HOST_PORT and KEEP_IMAGES are integer-
validated before use.
Uses podman run --replace per the global ops guidance (atomic,
idempotent, no stop→rm→run race). BUILDAH_FORMAT=docker so the
HEALTHCHECK directive in the Containerfile survives. shellcheck
clean.
README's Deployment section rewritten to lead with the script;
manual podman snippet kept as fallback.
