fix(containers): switch VeriSimDB to pre-built GHCR image

.github/workflows/publish-verisimdb.yml

@@ -0,0 +1,72 @@
+# SPDX-License-Identifier: PMPL-1.0-or-later
+# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>
+#
+# Publish VeriSimDB container image to GHCR.
+#
+# Triggered manually or on a weekly schedule.
+# Builds from hyperpolymath/nextgen-databases (verisimdb/ subdirectory).
+# Pushes to ghcr.io/hyperpolymath/verisimdb.
+#
+# If nextgen-databases is private, set NEXTGEN_DATABASES_TOKEN secret to a
+# PAT with repo read access.
+name: Publish VeriSimDB Image
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Image tag to publish (default: latest)'
+        required: false
+        default: latest
+  schedule:
+    - cron: '0 4 * * 1'  # weekly, Monday 04:00 UTC
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  publish:
+    name: Build and Push VeriSimDB
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout nextgen-databases
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          repository: hyperpolymath/nextgen-databases
+          path: nextgen-databases
+          token: ${{ secrets.NEXTGEN_DATABASES_TOKEN || secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+
+      - name: Log in to GHCR
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract image metadata
+        id: meta
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        with:
+          images: ghcr.io/hyperpolymath/verisimdb
+          tags: |
+            type=raw,value=${{ inputs.tag || 'latest' }}
+            type=sha,prefix=sha-
+
+      - name: Build and push
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        with:
+          context: nextgen-databases/verisimdb
+          file: nextgen-databases/verisimdb/Containerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

containers/compose.toml

@@ -18,7 +18,7 @@
 name = "burble"
 
 [services.verisimdb]
-build = { context = "../../nextgen-databases/verisimdb", dockerfile = "Containerfile" }
+image = "ghcr.io/hyperpolymath/verisimdb:latest"
 restart = "unless-stopped"
 networks = ["burble-net"]
 healthcheck = { test = "wget -q --spider http://localhost:8080/health || exit 1", interval = "30s", timeout = "5s", retries = 3 }

containers/selur-compose.toml

@@ -29,7 +29,7 @@ name = "burble"
 # VeriSimDB — Persistent store (internal network only, not exposed)
 # =============================================================================
 [services.verisimdb]
-build = { context = "../../nextgen-databases/verisimdb", dockerfile = "Containerfile" }
+image = "ghcr.io/hyperpolymath/verisimdb:latest"
 restart = "unless-stopped"
 networks = ["burble-internal"]
 healthcheck = { test = "wget -q --spider http://localhost:8080/health || exit 1", interval = "30s", timeout = "5s", retries = 3 }