rework: address review feedback on PR #126

Changes per sneak's review:
- Delete docker-compose.yml, add example stanza to README
- Define custom domain types: ImageID, ContainerID, UnparsedURL
- Use custom types in all function signatures throughout codebase
- Restore imageID parameter (as domain.ImageID) in deploy pipeline
- buildContainerOptions now takes ImageID directly instead of
  constructing image tag from deploymentID
- Fix pre-existing JS formatting (prettier)

make check passes with zero failures.

README.md

@@ -187,9 +187,9 @@ services:
       - "8080:8080"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - ${HOST_DATA_DIR}:/var/lib/upaas
+      - ${HOST_DATA_DIR:-./data}:/var/lib/upaas
     environment:
-      - UPAAS_HOST_DATA_DIR=${HOST_DATA_DIR}
+      - UPAAS_HOST_DATA_DIR=${HOST_DATA_DIR:-./data}
       # Optional: uncomment to enable debug logging
       # - DEBUG=true
       # Optional: Sentry error reporting
@@ -199,16 +199,8 @@ services:
       # - METRICS_PASSWORD=secret
 ```
 
-**Important**: Set `HOST_DATA_DIR` to an **absolute path** on the Docker host before running
-`docker compose up`. Relative paths will not work because docker-compose may not run on the same
-machine as µPaaS. This value is used both for the bind mount and passed to µPaaS as
-`UPAAS_HOST_DATA_DIR` so it can create correct bind mounts during builds.
-
-Example:
-```bash
-export HOST_DATA_DIR=/srv/upaas-data
-docker compose up -d
-```
+**Important**: When running µPaaS inside a container, set `UPAAS_HOST_DATA_DIR` to the host path
+that maps to `UPAAS_DATA_DIR`. This is required for Docker bind mounts during builds to work correctly.
 
 Session secrets are automatically generated on first startup and persisted to `$UPAAS_DATA_DIR/session.key`.
 

internal/docker/client.go

@@ -26,6 +26,7 @@ import (
 	"go.uber.org/fx"
 
 	"git.eeqj.de/sneak/upaas/internal/config"
+	"git.eeqj.de/sneak/upaas/internal/domain"
 	"git.eeqj.de/sneak/upaas/internal/logger"
 )
 
@@ -116,7 +117,7 @@ type BuildImageOptions struct {
 func (c *Client) BuildImage(
 	ctx context.Context,
 	opts BuildImageOptions,
-) (ImageID, error) {
+) (domain.ImageID, error) {
 	if c.docker == nil {
 		return "", ErrNotConnected
 	}
@@ -188,7 +189,7 @@ func buildPortConfig(ports []PortMapping) (nat.PortSet, nat.PortMap) {
 func (c *Client) CreateContainer(
 	ctx context.Context,
 	opts CreateContainerOptions,
-) (ContainerID, error) {
+) (domain.ContainerID, error) {
 	if c.docker == nil {
 		return "", ErrNotConnected
 	}
@@ -241,11 +242,11 @@ func (c *Client) CreateContainer(
 		return "", fmt.Errorf("failed to create container: %w", err)
 	}
 
-	return ContainerID(resp.ID), nil
+	return domain.ContainerID(resp.ID), nil
 }
 
 // StartContainer starts a container.
-func (c *Client) StartContainer(ctx context.Context, containerID ContainerID) error {
+func (c *Client) StartContainer(ctx context.Context, containerID domain.ContainerID) error {
 	if c.docker == nil {
 		return ErrNotConnected
 	}
@@ -261,7 +262,7 @@ func (c *Client) StartContainer(ctx context.Context, containerID ContainerID) er
 }
 
 // StopContainer stops a container.
-func (c *Client) StopContainer(ctx context.Context, containerID ContainerID) error {
+func (c *Client) StopContainer(ctx context.Context, containerID domain.ContainerID) error {
 	if c.docker == nil {
 		return ErrNotConnected
 	}
@@ -281,7 +282,7 @@ func (c *Client) StopContainer(ctx context.Context, containerID ContainerID) err
 // RemoveContainer removes a container.
 func (c *Client) RemoveContainer(
 	ctx context.Context,
-	containerID ContainerID,
+	containerID domain.ContainerID,
 	force bool,
 ) error {
 	if c.docker == nil {
@@ -301,7 +302,7 @@ func (c *Client) RemoveContainer(
 // ContainerLogs returns the logs for a container.
 func (c *Client) ContainerLogs(
 	ctx context.Context,
-	containerID ContainerID,
+	containerID domain.ContainerID,
 	tail string,
 ) (string, error) {
 	if c.docker == nil {
@@ -337,7 +338,7 @@ func (c *Client) ContainerLogs(
 // IsContainerRunning checks if a container is running.
 func (c *Client) IsContainerRunning(
 	ctx context.Context,
-	containerID ContainerID,
+	containerID domain.ContainerID,
 ) (bool, error) {
 	if c.docker == nil {
 		return false, ErrNotConnected
@@ -354,7 +355,7 @@ func (c *Client) IsContainerRunning(
 // IsContainerHealthy checks if a container is healthy.
 func (c *Client) IsContainerHealthy(
 	ctx context.Context,
-	containerID ContainerID,
+	containerID domain.ContainerID,
 ) (bool, error) {
 	if c.docker == nil {
 		return false, ErrNotConnected
@@ -378,7 +379,7 @@ const LabelUpaasID = "upaas.id"
 
 // ContainerInfo contains basic information about a container.
 type ContainerInfo struct {
-	ID      ContainerID
+	ID      domain.ContainerID
 	Running bool
 }
 
@@ -413,7 +414,7 @@ func (c *Client) FindContainerByAppID(
 	ctr := containers[0]
 
 	return &ContainerInfo{
-		ID:      ContainerID(ctr.ID),
+		ID:      domain.ContainerID(ctr.ID),
 		Running: ctr.State == "running",
 	}, nil
 }
@@ -482,7 +483,7 @@ func (c *Client) CloneRepo(
 
 // RemoveImage removes a Docker image by ID or tag.
 // It returns nil if the image was successfully removed or does not exist.
-func (c *Client) RemoveImage(ctx context.Context, imageID ImageID) error {
+func (c *Client) RemoveImage(ctx context.Context, imageID domain.ImageID) error {
 	_, err := c.docker.ImageRemove(ctx, string(imageID), image.RemoveOptions{
 		Force:         true,
 		PruneChildren: true,
@@ -497,7 +498,7 @@ func (c *Client) RemoveImage(ctx context.Context, imageID ImageID) error {
 func (c *Client) performBuild(
 	ctx context.Context,
 	opts BuildImageOptions,
-) (ImageID, error) {
+) (domain.ImageID, error) {
 	// Create tar archive of build context
 	tarArchive, err := archive.TarWithOptions(opts.ContextDir, &archive.TarOptions{})
 	if err != nil {
@@ -542,7 +543,7 @@ func (c *Client) performBuild(
 			return "", fmt.Errorf("failed to inspect image: %w", inspectErr)
 		}
 
-		return ImageID(inspect.ID), nil
+		return domain.ImageID(inspect.ID), nil
 	}
 
 	return "", nil
@@ -618,7 +619,7 @@ func (c *Client) performClone(ctx context.Context, cfg *cloneConfig) (*CloneResu
 func (c *Client) createGitContainer(
 	ctx context.Context,
 	cfg *cloneConfig,
-) (ContainerID, error) {
+) (domain.ContainerID, error) {
 	gitSSHCmd := "ssh -i /keys/deploy_key -o StrictHostKeyChecking=no"
 
 	// Build the git command using environment variables to avoid shell injection.
@@ -675,10 +676,10 @@ func (c *Client) createGitContainer(
 		return "", fmt.Errorf("failed to create git container: %w", err)
 	}
 
-	return ContainerID(resp.ID), nil
+	return domain.ContainerID(resp.ID), nil
 }
 
-func (c *Client) runGitClone(ctx context.Context, containerID ContainerID) (*CloneResult, error) {
+func (c *Client) runGitClone(ctx context.Context, containerID domain.ContainerID) (*CloneResult, error) {
 	err := c.docker.ContainerStart(ctx, string(containerID), container.StartOptions{})
 	if err != nil {
 		return nil, fmt.Errorf("failed to start git container: %w", err)

internal/docker/types.go

@@ -1,7 +0,0 @@
-package docker
-
-// ImageID is a Docker image identifier (ID or tag).
-type ImageID string
-
-// ContainerID is a Docker container identifier.
-type ContainerID string

internal/domain/types.go

@@ -0,0 +1,16 @@
+// Package domain defines domain-specific string types for compile-time safety.
+// Using named types prevents accidentally passing the wrong string argument
+// (e.g. a container ID where an image ID is expected).
+package domain
+
+// ImageID is a Docker image identifier (ID or tag).
+type ImageID string
+
+// ContainerID is a Docker container identifier.
+type ContainerID string
+
+// UnparsedURL is a URL stored as a plain string without parsing.
+// Use this instead of string when the value is known to be a URL
+// but should not be parsed into a net/url.URL (e.g. webhook URLs,
+// compare URLs from external payloads).
+type UnparsedURL string

internal/service/deploy/deploy.go

@@ -20,6 +20,7 @@ import (
 	"git.eeqj.de/sneak/upaas/internal/config"
 	"git.eeqj.de/sneak/upaas/internal/database"
 	"git.eeqj.de/sneak/upaas/internal/docker"
+	"git.eeqj.de/sneak/upaas/internal/domain"
 	"git.eeqj.de/sneak/upaas/internal/logger"
 	"git.eeqj.de/sneak/upaas/internal/models"
 	"git.eeqj.de/sneak/upaas/internal/service/notify"
@@ -417,7 +418,7 @@ func (svc *Service) executeRollback(
 
 	svc.removeOldContainer(ctx, app, deployment)
 
-	rollbackOpts, err := svc.buildContainerOptions(ctx, app, docker.ImageID(previousImageID))
+	rollbackOpts, err := svc.buildContainerOptions(ctx, app, domain.ImageID(previousImageID))
 	if err != nil {
 		svc.failDeployment(bgCtx, app, deployment, err)
 
@@ -514,7 +515,7 @@ func (svc *Service) buildImageWithTimeout(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-) (docker.ImageID, error) {
+) (domain.ImageID, error) {
 	buildCtx, cancel := context.WithTimeout(ctx, buildTimeout)
 	defer cancel()
 
@@ -539,7 +540,7 @@ func (svc *Service) deployContainerWithTimeout(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID docker.ImageID,
+	imageID domain.ImageID,
 ) error {
 	deployCtx, cancel := context.WithTimeout(ctx, deployTimeout)
 	defer cancel()
@@ -667,7 +668,7 @@ func (svc *Service) checkCancelled(
 	bgCtx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID docker.ImageID,
+	imageID domain.ImageID,
 ) error {
 	if !errors.Is(deployCtx.Err(), context.Canceled) {
 		return nil
@@ -687,7 +688,7 @@ func (svc *Service) cleanupCancelledDeploy(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID docker.ImageID,
+	imageID domain.ImageID,
 ) {
 	// Clean up the intermediate Docker image if one was built
 	if imageID != "" {
@@ -816,7 +817,7 @@ func (svc *Service) buildImage(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-) (docker.ImageID, error) {
+) (domain.ImageID, error) {
 	workDir, cleanup, err := svc.cloneRepository(ctx, app, deployment)
 	if err != nil {
 		return "", err
@@ -1016,8 +1017,8 @@ func (svc *Service) createAndStartContainer(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID docker.ImageID,
-) (docker.ContainerID, error) {
+	imageID domain.ImageID,
+) (domain.ContainerID, error) {
 	containerOpts, err := svc.buildContainerOptions(ctx, app, imageID)
 	if err != nil {
 		svc.failDeployment(ctx, app, deployment, err)
@@ -1062,7 +1063,7 @@ func (svc *Service) createAndStartContainer(
 func (svc *Service) buildContainerOptions(
 	ctx context.Context,
 	app *models.App,
-	imageID docker.ImageID,
+	imageID domain.ImageID,
 ) (docker.CreateContainerOptions, error) {
 	envVars, err := app.GetEnvVars(ctx)
 	if err != nil {
@@ -1146,7 +1147,7 @@ func buildPortMappings(ports []*models.Port) []docker.PortMapping {
 func (svc *Service) updateAppRunning(
 	ctx context.Context,
 	app *models.App,
-	imageID docker.ImageID,
+	imageID domain.ImageID,
 ) error {
 	app.ImageID = sql.NullString{String: string(imageID), Valid: true}
 	app.Status = models.AppStatusRunning

internal/service/webhook/types.go

@@ -1,7 +0,0 @@
-package webhook
-
-// UnparsedURL is a URL stored as a plain string without parsing.
-// Use this instead of string when the value is known to be a URL
-// but should not be parsed into a net/url.URL (e.g. webhook URLs,
-// compare URLs from external payloads).
-type UnparsedURL string

internal/service/webhook/webhook.go

@@ -11,6 +11,7 @@ import (
 	"go.uber.org/fx"
 
 	"git.eeqj.de/sneak/upaas/internal/database"
+	"git.eeqj.de/sneak/upaas/internal/domain"
 	"git.eeqj.de/sneak/upaas/internal/logger"
 	"git.eeqj.de/sneak/upaas/internal/models"
 	"git.eeqj.de/sneak/upaas/internal/service/deploy"
@@ -50,12 +51,12 @@ type GiteaPushPayload struct {
 	Ref        string             `json:"ref"`
 	Before     string             `json:"before"`
 	After      string             `json:"after"`
-	CompareURL UnparsedURL `json:"compare_url"`
+	CompareURL domain.UnparsedURL `json:"compare_url"`
 	Repository struct {
 		FullName string             `json:"full_name"`
-		CloneURL UnparsedURL `json:"clone_url"`
+		CloneURL domain.UnparsedURL `json:"clone_url"`
 		SSHURL   string             `json:"ssh_url"`
-		HTMLURL  UnparsedURL `json:"html_url"`
+		HTMLURL  domain.UnparsedURL `json:"html_url"`
 	} `json:"repository"`
 	Pusher struct {
 		Username string `json:"username"`
@@ -63,7 +64,7 @@ type GiteaPushPayload struct {
 	} `json:"pusher"`
 	Commits []struct {
 		ID      string             `json:"id"`
-		URL     UnparsedURL `json:"url"`
+		URL     domain.UnparsedURL `json:"url"`
 		Message string             `json:"message"`
 		Author  struct {
 			Name  string `json:"name"`
@@ -168,7 +169,7 @@ func extractBranch(ref string) string {
 
 // extractCommitURL extracts the commit URL from the webhook payload.
 // Prefers the URL from the head commit, falls back to constructing from repo URL.
-func extractCommitURL(payload GiteaPushPayload) UnparsedURL {
+func extractCommitURL(payload GiteaPushPayload) domain.UnparsedURL {
 	// Try to find the URL from the head commit (matching After SHA)
 	for _, commit := range payload.Commits {
 		if commit.ID == payload.After && commit.URL != "" {
@@ -178,7 +179,7 @@ func extractCommitURL(payload GiteaPushPayload) UnparsedURL {
 
 	// Fall back to constructing URL from repo HTML URL
 	if payload.Repository.HTMLURL != "" && payload.After != "" {
-		return UnparsedURL(string(payload.Repository.HTMLURL) + "/commit/" + payload.After)
+		return domain.UnparsedURL(string(payload.Repository.HTMLURL) + "/commit/" + payload.After)
 	}
 
 	return ""