The .git-COPY approach from a35e6c9 never actually deployed: BuildKit
rejected `COPY .git /tmp/.git` with "failed to calculate checks"
because Coolify's build context doesn't include .git, so deploy 86
failed and the stale 0144cb2 image kept serving "build dev" in the
footer.
Coolify v4 already injects SOURCE_COMMIT into the container env at
runtime by default (build-time only on opt-in, since it busts the
build cache by definition). Map SOURCE_COMMIT → GIT_COMMIT in
docker-compose, drop the build-time SHA stamping (and the repo-root
build context that only existed to reach .git), and shrink
_read_git_commit to a one-liner getenv.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Coolify v4 doesn't inject SOURCE_COMMIT (only COOLIFY_BRANCH,
COOLIFY_FQDN, COOLIFY_RESOURCE_UUID, COOLIFY_URL and the container
name). The previous build-arg approach always resolved to "dev".
Switch the web build context to the repo root so the Dockerfile can
COPY .git into a scratch path, parse HEAD → SHA with a small sh
snippet (handles both detached-HEAD and packed-refs), and stamp the
image with a /git_commit file. settings.py now prefers env GIT_COMMIT
(for local dev overrides) and falls back to /git_commit → "dev".
The .git copy is the last content layer, so only this thin layer
invalidates per commit; pip install stays cached.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Dockerfile takes SOURCE_COMMIT as a build arg and bakes it into the
image as GIT_COMMIT. Coolify sets SOURCE_COMMIT on every deploy, so
the value in the footer changes with each successful push → build.
ARG is placed after COPY . so only a thin final layer rebuilds when
the SHA changes; pip install stays cached. Outside Coolify the
default is "dev" and the footer renders "build dev".
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three isolated services (alert scraper, apply HTTP worker, web UI+DB)
with argon2 auth, signed cookies, CSRF, rate-limited login, kill switch,
apply circuit breaker, audit log, and strict CSP.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
