Nginx

Can you help with advice on organizing access to the site using docker swarm and ci / cd?

The questions are:

1. What should be the access scheme to the https site if swarm is used and why?
- one gateway with nginx as reverse_proxy and one or more upstream applications?
- no gateway: nginx and app in singular for each service?
- other
(in my opinion, it all depends on the task, because each approach has advantages / disadvantages. I would like to consult on this matter)

2. how to determine which of the services has been updated automatically (so as not to rebuild the docker image and not rebuild unmodified images)? My current repository in github contains services arranged in folders inside, and containers are collected with each push to master. I do not want to decompose services into separate git branches, because it kills the whole idea of ​​a single repository. I would like to talk to someone with experience in these matters.

Colleagues. I ask you to recommend contacts of people with whom we could talk on the first and second questions.

PS I searched on Google. there is some inconsistency in the articles. well, for example, to organize access via https (so that the sertbot can update certificates), they make a background process with nginx that is rebuilt by a script running in the foreground. after this, there is no particular confidence in the rest of what is written, although it may be true.