{
  "id": "container_image_registry_build_pipeline",
  "label": "Container Image Registry & Build Pipeline Canonical",
  "phase": "phase-04",
  "category": "containerization",
  "status": "ACTIVE_DH_MIRROR",
  "purpose": "Define how DEVON-DEV builds, versions, stores, promotes and rolls back container images before sandbox, production or any registered environment can run them.",
  "function": "Keep every container image tied to a traceable build record with image name, tag, version, digest, Dockerfile origin, source branch, build_id, target environment, build date, build status, promotion approval and rollback image.",
  "image_build_contract": {
    "requires_image_name": true,
    "requires_image_tag": true,
    "requires_version": true,
    "requires_hash_digest": true,
    "requires_dockerfile_origin": true,
    "requires_source_branch": true,
    "requires_build_id": true,
    "requires_target_environment": true,
    "requires_build_date": true,
    "requires_build_status": true,
    "requires_promotion_approval": true,
    "requires_rollback_image": true,
    "blocks_unversioned_images": true,
    "blocks_unknown_build_origin": true,
    "blocks_promotion_without_traceability": true,
    "decision_authority": "NONE_FSM_DECIDES"
  },
  "technology_requirements": [
    {
      "technology": "Docker build",
      "required_for": "Build DEVON-DEV container images with controlled Dockerfile origin, build context, image name, tag, version and digest.",
      "required_by_phase": "phase-04",
      "required_by_category": "container_image_registry_build_pipeline",
      "required_by_buckets": [
        "Prerequisites",
        "Installation",
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "MISSING until build runner, build context and image output contract exist",
      "validation_command": "MISSING until image build can prove image name, tag, version, Dockerfile origin, build_id and digest",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/container_image_registry_build_pipeline_canonical.json",
      "status_source": "Documentation Hub + future Build Runner + Execution Ledger + Image Registry records",
      "blocking_if_missing": true,
      "failure_impact": "Without Docker build governance, DEVON-DEV can produce images whose Dockerfile origin, build context, version or digest cannot be proven."
    },
    {
      "technology": "Docker Compose build",
      "required_for": "Build multi-service DEVON-DEV images consistently from registered Compose contexts without mixing sandbox, production or unrelated service definitions.",
      "required_by_phase": "phase-04",
      "required_by_category": "container_image_registry_build_pipeline",
      "required_by_buckets": [
        "Installation",
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery"
      ],
      "expected_version": "MISSING until Compose build context and service-image mapping are registered",
      "validation_command": "MISSING until compose build can prove service name, image name, tag, build context and target environment",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/container_image_registry_build_pipeline_canonical.json",
      "status_source": "Documentation Hub + future Compose Build logs + Environment Registry",
      "blocking_if_missing": true,
      "failure_impact": "Without Compose build governance, service images can be built from wrong context or promoted without clear service-to-image mapping."
    },
    {
      "technology": "Git-based image tagging",
      "required_for": "Tie container image tags to source branch, commit, release intent and build_id for rollback and audit.",
      "required_by_phase": "phase-04",
      "required_by_category": "container_image_registry_build_pipeline",
      "required_by_buckets": [
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "MISSING until branch, commit and build_id tagging policy exists",
      "validation_command": "MISSING until image tag can prove branch, commit, build_id, environment and promotion status",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/container_image_registry_build_pipeline_canonical.json",
      "status_source": "Documentation Hub + future Git metadata + Image Registry records",
      "blocking_if_missing": true,
      "failure_impact": "Without Git-based tagging, DEVON-DEV cannot reliably connect a running container image back to the source state that produced it."
    },
    {
      "technology": "Private image registry",
      "required_for": "Store promoted DEVON-DEV container images with controlled version, digest, promotion state and rollback availability when maturity requires registry-backed image distribution.",
      "required_by_phase": "phase-04",
      "required_by_category": "container_image_registry_build_pipeline",
      "required_by_buckets": [
        "Installation",
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "PLANNED_OR_MISSING until private registry decision is materially approved",
      "validation_command": "MISSING until registry push, pull, digest verification and rollback-image lookup checks exist",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/container_image_registry_build_pipeline_canonical.json",
      "status_source": "Documentation Hub + future devon-image-registry records + Execution Ledger",
      "blocking_if_missing": false,
      "failure_impact": "Without a registry path at maturity, promoted images remain tied to local build artifacts and rollback may depend on fragile host state."
    },
    {
      "technology": "devon-build-pipeline",
      "required_for": "Run controlled image builds outside ad hoc terminal execution once the build process requires its own service, state, logs, queue or scale boundary.",
      "required_by_phase": "phase-04",
      "required_by_category": "container_image_registry_build_pipeline",
      "required_by_buckets": [
        "Installation",
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "PLANNED_OR_MISSING until build pipeline service is materially required",
      "validation_command": "MISSING until build pipeline exposes build request, build log, image output, digest, failure and rollback-image records",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/container_image_registry_build_pipeline_canonical.json",
      "status_source": "Documentation Hub + future devon-build-pipeline health check + Execution Ledger",
      "blocking_if_missing": false,
      "failure_impact": "Without a governed build pipeline when scale requires it, builds can drift back into manual terminal execution and lose auditability."
    }
  ],
  "depends_on": [
    "cdms",
    "server_workspace_manager",
    "environment_registry",
    "deployment_order",
    "artifact_registry",
    "validation_matrix",
    "fsm_absolute_decision",
    "decision_rule_registry",
    "tool_registry",
    "config_registry",
    "architecture_source_registry"
  ],
  "used_by": [
    "container_network_policy",
    "volume_persistence_governance",
    "production_deployment_gate",
    "backup_rollback",
    "test_validation_runner",
    "execution_ledger",
    "runtime_status",
    "future_execution_monitoring_panel"
  ]
}
