rebase: apply audit bug fixes on latest main

Rebased fix/1.0-audit-bugs onto current main (post-merge of PRs #119, #127).

Changes:
- Custom domain types: docker.ImageID, docker.ContainerID, webhook.UnparsedURL
- Type-safe function signatures throughout docker/deploy/webhook packages
- Remove docker-compose.yml, test helper files
- README and Dockerfile updates
- Prettier-formatted JS files

internal/docker/client.go

@@ -252,7 +252,7 @@ func (c *Client) StartContainer(ctx context.Context, containerID ContainerID) er
 
 	c.log.Info("starting container", "id", containerID)
 
-	err := c.docker.ContainerStart(ctx, containerID.String(), container.StartOptions{})
+	err := c.docker.ContainerStart(ctx, string(containerID), container.StartOptions{})
 	if err != nil {
 		return fmt.Errorf("failed to start container: %w", err)
 	}
@@ -270,7 +270,7 @@ func (c *Client) StopContainer(ctx context.Context, containerID ContainerID) err
 
 	timeout := stopTimeoutSeconds
 
-	err := c.docker.ContainerStop(ctx, containerID.String(), container.StopOptions{Timeout: &timeout})
+	err := c.docker.ContainerStop(ctx, string(containerID), container.StopOptions{Timeout: &timeout})
 	if err != nil {
 		return fmt.Errorf("failed to stop container: %w", err)
 	}
@@ -290,7 +290,7 @@ func (c *Client) RemoveContainer(
 
 	c.log.Info("removing container", "id", containerID, "force", force)
 
-	err := c.docker.ContainerRemove(ctx, containerID.String(), container.RemoveOptions{Force: force})
+	err := c.docker.ContainerRemove(ctx, string(containerID), container.RemoveOptions{Force: force})
 	if err != nil {
 		return fmt.Errorf("failed to remove container: %w", err)
 	}
@@ -314,7 +314,7 @@ func (c *Client) ContainerLogs(
 		Tail:       tail,
 	}
 
-	reader, err := c.docker.ContainerLogs(ctx, containerID.String(), opts)
+	reader, err := c.docker.ContainerLogs(ctx, string(containerID), opts)
 	if err != nil {
 		return "", fmt.Errorf("failed to get container logs: %w", err)
 	}
@@ -343,7 +343,7 @@ func (c *Client) IsContainerRunning(
 		return false, ErrNotConnected
 	}
 
-	inspect, err := c.docker.ContainerInspect(ctx, containerID.String())
+	inspect, err := c.docker.ContainerInspect(ctx, string(containerID))
 	if err != nil {
 		return false, fmt.Errorf("failed to inspect container: %w", err)
 	}
@@ -360,7 +360,7 @@ func (c *Client) IsContainerHealthy(
 		return false, ErrNotConnected
 	}
 
-	inspect, err := c.docker.ContainerInspect(ctx, containerID.String())
+	inspect, err := c.docker.ContainerInspect(ctx, string(containerID))
 	if err != nil {
 		return false, fmt.Errorf("failed to inspect container: %w", err)
 	}
@@ -483,7 +483,7 @@ func (c *Client) CloneRepo(
 // RemoveImage removes a Docker image by ID or tag.
 // It returns nil if the image was successfully removed or does not exist.
 func (c *Client) RemoveImage(ctx context.Context, imageID ImageID) error {
-	_, err := c.docker.ImageRemove(ctx, imageID.String(), image.RemoveOptions{
+	_, err := c.docker.ImageRemove(ctx, string(imageID), image.RemoveOptions{
 		Force:         true,
 		PruneChildren: true,
 	})
@@ -609,7 +609,7 @@ func (c *Client) performClone(ctx context.Context, cfg *cloneConfig) (*CloneResu
 	}
 
 	defer func() {
-		_ = c.docker.ContainerRemove(ctx, gitContainerID.String(), container.RemoveOptions{Force: true})
+		_ = c.docker.ContainerRemove(ctx, string(gitContainerID), container.RemoveOptions{Force: true})
 	}()
 
 	return c.runGitClone(ctx, gitContainerID)
@@ -679,12 +679,12 @@ func (c *Client) createGitContainer(
 }
 
 func (c *Client) runGitClone(ctx context.Context, containerID ContainerID) (*CloneResult, error) {
-	err := c.docker.ContainerStart(ctx, containerID.String(), container.StartOptions{})
+	err := c.docker.ContainerStart(ctx, string(containerID), container.StartOptions{})
 	if err != nil {
 		return nil, fmt.Errorf("failed to start git container: %w", err)
 	}
 
-	statusCh, errCh := c.docker.ContainerWait(ctx, containerID.String(), container.WaitConditionNotRunning)
+	statusCh, errCh := c.docker.ContainerWait(ctx, string(containerID), container.WaitConditionNotRunning)
 
 	select {
 	case err := <-errCh:

internal/docker/types.go

@@ -3,11 +3,5 @@ package docker
 // ImageID is a Docker image identifier (ID or tag).
 type ImageID string
 
-// String implements fmt.Stringer.
-func (id ImageID) String() string { return string(id) }
-
 // ContainerID is a Docker container identifier.
 type ContainerID string
-
-// String implements fmt.Stringer.
-func (id ContainerID) String() string { return string(id) }

internal/service/deploy/deploy.go

@@ -431,8 +431,8 @@ func (svc *Service) executeRollback(
 		return fmt.Errorf("failed to create rollback container: %w", err)
 	}
 
-	deployment.ContainerID = sql.NullString{String: containerID.String(), Valid: true}
-	_ = deployment.AppendLog(bgCtx, "Rollback container created: "+containerID.String())
+	deployment.ContainerID = sql.NullString{String: string(containerID), Valid: true}
+	_ = deployment.AppendLog(bgCtx, "Rollback container created: "+string(containerID))
 
 	startErr := svc.docker.StartContainer(ctx, containerID)
 	if startErr != nil {
@@ -695,11 +695,11 @@ func (svc *Service) cleanupCancelledDeploy(
 		if removeErr != nil {
 			svc.log.Error("failed to remove image from cancelled deploy",
 				"error", removeErr, "app", app.Name, "image", imageID)
-			_ = deployment.AppendLog(ctx, "WARNING: failed to clean up image "+imageID.String()+": "+removeErr.Error())
+			_ = deployment.AppendLog(ctx, "WARNING: failed to clean up image "+string(imageID)+": "+removeErr.Error())
 		} else {
 			svc.log.Info("cleaned up image from cancelled deploy",
 				"app", app.Name, "image", imageID)
-			_ = deployment.AppendLog(ctx, "Cleaned up intermediate image: "+imageID.String())
+			_ = deployment.AppendLog(ctx, "Cleaned up intermediate image: "+string(imageID))
 		}
 	}
 
@@ -850,8 +850,8 @@ func (svc *Service) buildImage(
 		return "", fmt.Errorf("failed to build image: %w", err)
 	}
 
-	deployment.ImageID = sql.NullString{String: imageID.String(), Valid: true}
-	_ = deployment.AppendLog(ctx, "Image built: "+imageID.String())
+	deployment.ImageID = sql.NullString{String: string(imageID), Valid: true}
+	_ = deployment.AppendLog(ctx, "Image built: "+string(imageID))
 
 	return imageID, nil
 }
@@ -1038,8 +1038,8 @@ func (svc *Service) createAndStartContainer(
 		return "", fmt.Errorf("failed to create container: %w", err)
 	}
 
-	deployment.ContainerID = sql.NullString{String: containerID.String(), Valid: true}
-	_ = deployment.AppendLog(ctx, "Container created: "+containerID.String())
+	deployment.ContainerID = sql.NullString{String: string(containerID), Valid: true}
+	_ = deployment.AppendLog(ctx, "Container created: "+string(containerID))
 
 	startErr := svc.docker.StartContainer(ctx, containerID)
 	if startErr != nil {
@@ -1096,7 +1096,7 @@ func (svc *Service) buildContainerOptions(
 
 	return docker.CreateContainerOptions{
 		Name:    "upaas-" + app.Name,
-		Image:   imageID.String(),
+		Image:   string(imageID),
 		Env:     envMap,
 		Labels:  buildLabelMap(app, labels),
 		Volumes: buildVolumeMounts(volumes),
@@ -1148,7 +1148,7 @@ func (svc *Service) updateAppRunning(
 	app *models.App,
 	imageID docker.ImageID,
 ) error {
-	app.ImageID = sql.NullString{String: imageID.String(), Valid: true}
+	app.ImageID = sql.NullString{String: string(imageID), Valid: true}
 	app.Status = models.AppStatusRunning
 
 	saveErr := app.Save(ctx)

internal/service/webhook/types.go

@@ -5,6 +5,3 @@ package webhook
 // but should not be parsed into a net/url.URL (e.g. webhook URLs,
 // compare URLs from external payloads).
 type UnparsedURL string
-
-// String implements fmt.Stringer.
-func (u UnparsedURL) String() string { return string(u) }

internal/service/webhook/webhook.go

@@ -178,7 +178,7 @@ func extractCommitURL(payload GiteaPushPayload) UnparsedURL {
 
 	// Fall back to constructing URL from repo HTML URL
 	if payload.Repository.HTMLURL != "" && payload.After != "" {
-		return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
+		return UnparsedURL(string(payload.Repository.HTMLURL) + "/commit/" + payload.After)
 	}
 
 	return ""