"No build" option per service.

[EnigmaCurry]

A "No build" environment is one that can be reproduced exactly on multiple Docker hosts, by using tagged images pulled from a private registry.

Many services are simple images that are pulled and run (e.g., whoami) - and the image can easily be overridden (e.g., WHOAMI_IMAGE). In a "No build" scenario, these services do not need to change, since there is no build.

Other services (e.g., traefik) have a build directive, so they are built from scratch on each Docker server you install it on. There are multiple problems with this situation:

• Every server build its own image, therefore they are not guaranteed to be the same between them.
• Builds may fail.
• Every server requires working internet access at build time.

It should be possible to override each service that currently has a build directive so that it only fetches a pre-built image from your private registry. For example, you would need to build images on one online server, tag and push those images, and then on other docker servers you could just pull those images.

# docker-compose.prebuilt.yaml
services:
  app:
    build: null             # removes the build instruction
    image: ${REGISTRY}/app:${BUILD_TAG}

services like Traefik should have an env var that enables this override:

### In traefik/.env_{CONTEXT}_default : 
TRAEFIK_NO_BUILD=true

The default in .env-dist should be blank. When you run make config, the default should be filled in with DEFAULT_NO_BUILD from the root .env file:

### in root .env_{CONTEXT} :
# This is the default answer to fill in the {SERVICE}_NO_BUILD var if it is left blank:
DEFAULT_NO_BUILD=false

# Tag for all built images
BUILD_TAG=prod_2025-09-29
# Server for private registry for use when `{SERVICE}_NO_BUILD=true`
REGISTRY=registry.example.com

This task will also require a review of each container's image to ensure they are stateless and/or to tag multiple versions of images for various build args passed.