Ratio1
diff --git a/‎extensions/business/container_apps/container_app_runner.py‎
Lines changed: 266 additions & 71 deletions b/‎extensions/business/container_apps/container_app_runner.py‎
Lines changed: 266 additions & 71 deletions
diff --git a/‎extensions/business/deeploy/deeploy_const.py‎
Lines changed: 1 addition & 1 deletion b/‎extensions/business/deeploy/deeploy_const.py‎
Lines changed: 1 addition & 1 deletion
@@ -1098,15 +1098,126 @@ def on_close(self):
     super(ContainerAppRunnerPlugin, self).on_close()
 
 
+  def _get_local_image(self):
+    """
+    Get the local Docker image if it exists.
+
+    Returns:
+      Image object or None if image doesn't exist locally
+    """
+    if not self.cfg_image:
+      return None
+
+    try:
+      img = self.docker_client.images.get(self.cfg_image)
+      return img
+    except Exception:
+      return None
+
+  def _pull_image_from_registry(self):
+    """
+    Pull image from registry (assumes authentication already done).
+
+    Returns:
+      Image object or None if pull failed
+
+    Raises:
+      RuntimeError: If authentication hasn't been performed
+    """
+    if not self.cfg_image:
+      self.P("No Docker image configured", color='r')
+      return None
+
+    try:
+      self.P(f"Pulling image '{self.cfg_image}'...", color='b')
+      img = self.docker_client.images.pull(self.cfg_image)
+
+      # docker-py may return Image or list[Image]
+      if isinstance(img, list) and img:
+        img = img[-1]
+
+      self.P(f"Successfully pulled image '{self.cfg_image}'", color='g')
+      return img
+
+    except Exception as e:
+      self.P(f"Image pull failed: {e}", color='r')
+      return None
+
+  def _pull_image_with_fallback(self):
+    """
+    Pull image from registry with fallback to local image.
+
+    This is the main image acquisition method that:
+    1. Authenticates with registry
+    2. Attempts to pull from registry
+    3. Falls back to local image if pull fails
+    4. Returns None only if both pull and local check fail
+
+    Returns:
+      Image object or None if no image is available
+
+    Raises:
+      RuntimeError: If authentication fails and no local image exists
+    """
+    # Step 1: Authenticate with registry
+    if not self._login_to_registry():
+      self.P("Registry authentication failed", color='y')
+      # Try to use local image if authentication fails
+      local_img = self._get_local_image()
+      if local_img:
+        self.P(f"Using local image (registry login failed): {self.cfg_image}", color='y')
+        return local_img
+      raise RuntimeError("Failed to authenticate with registry and no local image available.")
+
+    # Step 2: Attempt to pull from registry
+    img = self._pull_image_from_registry()
+    if img:
+      return img
+
+    # Step 3: Fallback to local image
+    self.P(f"Pull failed, checking for local image: {self.cfg_image}", color='b')
+    local_img = self._get_local_image()
+    if local_img:
+      self.P(f"Using local image as fallback: {self.cfg_image}", color='y')
+      return local_img
+
+    # Step 4: No image available
+    self.P(f"No image available (pull failed and no local image): {self.cfg_image}", color='r')
+    return None
+
+  def _get_image_digest(self, img):
+    """
+    Extract digest hash from image object.
+
+    Args:
+      img: Docker image object
+
+    Returns:
+      str or None: Digest hash (sha256:...) or None
+    """
+    if not img:
+      return None
+
+    try:
+      img.reload()
+    except Exception as e:
+      self.Pd(f"Warning: Could not reload image attributes: {e}")
+
+    attrs = getattr(img, "attrs", {}) or {}
+    repo_digests = attrs.get("RepoDigests") or []
+    if repo_digests:
+      # 'repo@sha256:...'
+      digest = repo_digests[0].split("@")[-1]
+      return digest
+    # Fallback to image id (sha256:...)
+    return getattr(img, "id", None)
+
   def _get_latest_image_hash(self):
     """
     Get the latest identifier for the configured Docker image tag.
 
-    This method tries to resolve the remote content digest for ``self.cfg_image`` by
-    asking the Docker daemon to perform a metadata-only pull (if the image is
-    already up to date, no layers are re-downloaded). It returns the repo digest
-    (e.g., ``sha256:...``) when available; if not available, it falls back to the
-    local image ID.
+    This method pulls the image and extracts its digest for version tracking.
+    Used by AUTOUPDATE feature to detect image changes.
 
     Returns
     -------
@@ -1120,78 +1231,87 @@ def _get_latest_image_hash(self):
       credentials configured.
     - This call contacts the registry; tune ``poll_interval`` appropriately.
     """
-    if not self.cfg_image:
-      self.P("No Docker image configured", color='r')
-      return None
+    img = self._pull_image_with_fallback()
+    return self._get_image_digest(img)
 
-    # Ensure we're logged in to the registry before pulling
-    if not self._login_to_registry():
-      raise RuntimeError("Failed to login to container registry. Cannot proceed without authentication.")
+  def _has_image_hash_changed(self, latest_hash):
+    """
+    Check if image hash has changed from current version.
+
+    Args:
+      latest_hash: Latest image hash from registry
+
+    Returns:
+      bool: True if hash changed and update needed, False otherwise
+    """
+    if not latest_hash:
+      # Pull failed, can't determine if update needed
+      return False
+
+    if not self.current_image_hash:
+      # First time - establish baseline
+      self.P(f"Establishing baseline image hash: {latest_hash}", color='b')
+      self.current_image_hash = latest_hash
+      return False
+
+    # Compare hashes
+    return latest_hash != self.current_image_hash
+
+  def _handle_image_update(self, new_hash):
+    """
+    Handle detected image update by updating hash and restarting container.
+
+    Args:
+      new_hash: New image hash detected
+    """
+    self.P(f"New image version detected ({new_hash} != {self.current_image_hash}). Restarting container...", color='y')
+
+    # Update current_image_hash BEFORE restart
+    # This prevents infinite retry loops if restart fails
+    old_hash = self.current_image_hash
+    self.current_image_hash = new_hash
 
     try:
-      self.P(f"Image check: pulling '{self.cfg_image}' for metadata...", color='b')
-      img = self.docker_client.images.pull(self.cfg_image)
-      # docker-py may return Image or list[Image]
-      if isinstance(img, list) and img:
-        img = img[-1]
-      # Ensure attributes loaded
-      try:
-        img.reload()
-      except Exception as e:
-        self.P(f"Warning: Could not reload image attributes: {e}", color='y')
-      # end try
-
-      attrs = getattr(img, "attrs", {}) or {}
-      repo_digests = attrs.get("RepoDigests") or []
-      if repo_digests:
-        # 'repo@sha256:...'
-        digest = repo_digests[0].split("@")[-1]
-        return digest
-      # Fallback to image id (sha256:...)
-      return getattr(img, "id", None)
-      
+      self._restart_container()
     except Exception as e:
-      self.P(f"Image pull failed: {e}", color='r')
-      # Fallback: check local image only
-      try:
-        self.P(f"Checking local image: {self.cfg_image}", color='b')
-        img = self.docker_client.images.get(self.cfg_image)
-        try:
-          img.reload()
-        except Exception as e:
-          self.P(f"Warning: Could not reload local image attributes: {e}", color='y')
-        # end try reload
-        attrs = getattr(img, "attrs", {}) or {}
-        repo_digests = attrs.get("RepoDigests") or []
-        if repo_digests:
-          digest = repo_digests[0].split("@")[-1]
-          return digest
-        return getattr(img, "id", None)
-        
-      except Exception as e2:
-        self.P(f"Could not get local image: {e2}", color='r')
-      # end try check for local image
-    # end try
-    return None
+      self.P(f"Container restart failed after image update: {e}", color='r')
+      # Hash already updated, won't retry this version
+      self.P(f"Image hash updated from {old_hash} to {new_hash}, but container restart failed", color='y')
 
   def _check_image_updates(self, current_time=None):
-    """Check for a new version of the Docker image and restart container if found."""
+    """
+    Periodic check for image updates when AUTOUPDATE is enabled.
+
+    This method:
+    1. Checks if update check is due (based on interval)
+    2. Pulls latest image and gets its hash
+    3. Compares with current hash
+    4. Triggers restart if changed
+
+    Args:
+      current_time: Current timestamp (for interval checking)
+    """
     if not self.cfg_autoupdate:
       return
-      
-    if current_time - self._last_image_check >= self.cfg_autoupdate_interval:
-      self._last_image_check = current_time
-      latest_image_hash = self._get_latest_image_hash()
-      if latest_image_hash and self.current_image_hash and latest_image_hash != self.current_image_hash:
-        self.P(f"New image version detected ({latest_image_hash} != {self.current_image_hash}). Restarting container...", color='y')
-        # Update current_image_hash to the new one
-        self.current_image_hash = latest_image_hash
-        # Restart container from scratch
-        self._restart_container()
-      elif latest_image_hash:
-        self.P(f"Current image hash: {self.current_image_hash} vs latest: {latest_image_hash}")
-      # end if new image hash
-    # end if time elapsed
+
+    # Check if update check is due
+    if current_time - self._last_image_check < self.cfg_autoupdate_interval:
+      return
+
+    self._last_image_check = current_time
+
+    # Get latest image hash
+    latest_hash = self._get_latest_image_hash()
+    if not latest_hash:
+      self.P("Failed to check for image updates (pull failed). Container continues running.", color='y')
+      return
+
+    # Check if update is needed
+    if self._has_image_hash_changed(latest_hash):
+      self._handle_image_update(latest_hash)
+    else:
+      self.Pd(f"Image up to date: {self.current_image_hash}")
+
     return
 
   def _restart_container(self):
@@ -1210,6 +1330,11 @@ def _restart_container(self):
 
     self._validate_runner_config()
 
+    # Ensure image is available (respecting AUTOUPDATE and IMAGE_PULL_POLICY)
+    if not self._ensure_image_available():
+      self.P("Failed to ensure image availability during restart, cannot start container", color='r')
+      return
+
     self.container = self.start_container()
     if not self.container:
       return
@@ -1219,12 +1344,82 @@ def _restart_container(self):
     self._maybe_execute_build_and_run()
     return
 
+  def _ensure_image_with_autoupdate(self):
+    """
+    Ensure image is available with autoupdate enabled.
+    Always pulls and tracks hash for version comparison.
+
+    Returns:
+      bool: True if image available and hash tracked, False otherwise
+    """
+    self.Pd("AUTOUPDATE enabled, pulling image and tracking hash")
+    self.current_image_hash = self._get_latest_image_hash()
+    return self.current_image_hash is not None
+
+  def _ensure_image_always_pull(self):
+    """
+    Ensure image is available with 'always' pull policy.
+    Pulls image without tracking hash.
+
+    Returns:
+      bool: True if image pulled successfully, False otherwise
+    """
+    self.Pd("IMAGE_PULL_POLICY is 'always', pulling image")
+    img = self._pull_image_with_fallback()
+    return img is not None
+
+  def _ensure_image_if_not_present(self):
+    """
+    Ensure image is available with 'if-not-present' policy.
+    Only pulls if image doesn't exist locally.
+
+    Returns:
+      bool: True if image is available (locally or after pull), False otherwise
+    """
+    # Check if image exists locally
+    local_img = self._get_local_image()
+    if local_img:
+      self.P(f"Image '{self.cfg_image}' found locally", color='g')
+      return True
+
+    # Image not found locally, pull it
+    self.P(f"Image not found locally, pulling '{self.cfg_image}'...", color='b')
+    img = self._pull_image_with_fallback()
+    return img is not None
+
+  def _ensure_image_available(self):
+    """
+    Ensure the container image is available before starting container.
+
+    This method uses a strategy pattern based on configuration:
+    - AUTOUPDATE enabled: Always pull + track hash (update detection)
+    - IMAGE_PULL_POLICY='always': Always pull (no tracking)
+    - IMAGE_PULL_POLICY='if-not-present' or default: Pull only if missing locally
+
+    Returns:
+      bool: True if image is available, False otherwise
+    """
+    # Strategy 1: AUTOUPDATE (takes precedence)
+    if self.cfg_autoupdate:
+      return self._ensure_image_with_autoupdate()
+
+    # Strategy 2: Always pull policy
+    if self.cfg_image_pull_policy == "always":
+      return self._ensure_image_always_pull()
+
+    # Strategy 3: If-not-present policy (default)
+    return self._ensure_image_if_not_present()
+
   def _handle_initial_launch(self):
     """Handle the initial container launch."""
     try:
       self.P("Initial container launch...", color='b')
-      if self.cfg_autoupdate:
-        self.current_image_hash = self._get_latest_image_hash()
+
+      # Ensure image is available before starting container
+      if not self._ensure_image_available():
+        self.P("Failed to ensure image availability, cannot start container", color='r')
+        return
+
       self.container = self.start_container()
       if not self.container:
         return
 
@@ -197,7 +197,7 @@ class DEEPLOY_PLUGIN_DATA:
 
 CONTAINER_APP_RUNNER_SIGNATURE = 'CONTAINER_APP_RUNNER'
 WORKER_APP_RUNNER_SIGNATURE = 'WORKER_APP_RUNNER'
-
+CONTAINERIZED_APPS_SIGNATURES = [CONTAINER_APP_RUNNER_SIGNATURE, WORKER_APP_RUNNER_SIGNATURE]
 
 class JOB_APP_TYPES:
   GENERIC = "generic"