rebase: apply audit bug fixes on latest main

Rebased fix/1.0-audit-bugs onto current main (post-merge of PRs #119, #127). Changes: - Custom domain types: docker.ImageID, docker.ContainerID, webhook.UnparsedURL - Type-safe function signatures throughout docker/deploy/webhook packages - Remove docker-compose.yml, test helper files - README and Dockerfile updates - Prettier-formatted JS files
Merge pull request 'fix: use imageID in createAndStartContainer (closes #124 )' (#127 ) from fix/use-image-id-in-container into main
2026-02-23 11:56:09 -08:00 · 2026-02-23 20:48:23 +01:00 · 2026-02-23 20:48:09 +01:00 · 2026-02-21 02:24:51 -08:00 · 2026-02-21 00:50:44 -08:00 · 2026-02-20 14:35:12 +01:00
12 changed files with 3734 additions and 609 deletions
--- a/README.md
+++ b/README.md
@@ -176,8 +176,39 @@ docker run -d \
  upaas
 ```

-**Important**: When running µPaaS inside a container, set `UPAAS_HOST_DATA_DIR` to the host path
-that maps to `UPAAS_DATA_DIR`. This is required for Docker bind mounts during builds to work correctly.
+### Docker Compose
+
+```yaml
+services:
+  upaas:
+    build: .
+    restart: unless-stopped
+    ports:
+      - "8080:8080"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${HOST_DATA_DIR}:/var/lib/upaas
+    environment:
+      - UPAAS_HOST_DATA_DIR=${HOST_DATA_DIR}
+      # Optional: uncomment to enable debug logging
+      # - DEBUG=true
+      # Optional: Sentry error reporting
+      # - SENTRY_DSN=https://...
+      # Optional: Prometheus metrics auth
+      # - METRICS_USERNAME=prometheus
+      # - METRICS_PASSWORD=secret
+```
+
+**Important**: Set `HOST_DATA_DIR` to an **absolute path** on the Docker host before running
+`docker compose up`. Relative paths will not work because docker-compose may not run on the same
+machine as µPaaS. This value is used both for the bind mount and passed to µPaaS as
+`UPAAS_HOST_DATA_DIR` so it can create correct bind mounts during builds.
+
+Example:
+```bash
+export HOST_DATA_DIR=/srv/upaas-data
+docker compose up -d
+```

 Session secrets are automatically generated on first startup and persisted to `$UPAAS_DATA_DIR/session.key`.

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,20 +0,0 @@
-services:
-  upaas:
-    build: .
-    restart: unless-stopped
-    ports:
-      - "8080:8080"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - upaas-data:/var/lib/upaas
-    # environment:
-      # Optional: uncomment to enable debug logging
-      # - DEBUG=true
-      # Optional: Sentry error reporting
-      # - SENTRY_DSN=https://...
-      # Optional: Prometheus metrics auth
-      # - METRICS_USERNAME=prometheus
-      # - METRICS_PASSWORD=secret
-
-volumes:
-  upaas-data:
--- a/internal/database/migrations.go
+++ b/internal/database/migrations.go
@@ -113,9 +113,9 @@ func (d *Database) applyMigration(ctx context.Context, filename string) error {
 		return fmt.Errorf("failed to record migration: %w", err)
 	}

-	commitErr := transaction.Commit()
-	if commitErr != nil {
-		return fmt.Errorf("failed to commit migration: %w", commitErr)
+	err = transaction.Commit()
+	if err != nil {
+		return fmt.Errorf("failed to commit migration: %w", err)
 	}

 	return nil
--- a/internal/docker/client.go
+++ b/internal/docker/client.go
@@ -14,7 +14,7 @@ import (
 	"strconv"
 	"strings"

-	"github.com/docker/docker/api/types"
+	dockertypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/image"
@@ -116,7 +116,7 @@ type BuildImageOptions struct {
 func (c *Client) BuildImage(
 	ctx context.Context,
 	opts BuildImageOptions,
-) (string, error) {
+) (ImageID, error) {
 	if c.docker == nil {
 		return "", ErrNotConnected
 	}
@@ -188,7 +188,7 @@ func buildPortConfig(ports []PortMapping) (nat.PortSet, nat.PortMap) {
 func (c *Client) CreateContainer(
 	ctx context.Context,
 	opts CreateContainerOptions,
-) (string, error) {
+) (ContainerID, error) {
 	if c.docker == nil {
 		return "", ErrNotConnected
 	}
@@ -241,18 +241,18 @@ func (c *Client) CreateContainer(
 		return "", fmt.Errorf("failed to create container: %w", err)
 	}

-	return resp.ID, nil
+	return ContainerID(resp.ID), nil
 }

 // StartContainer starts a container.
-func (c *Client) StartContainer(ctx context.Context, containerID string) error {
+func (c *Client) StartContainer(ctx context.Context, containerID ContainerID) error {
 	if c.docker == nil {
 		return ErrNotConnected
 	}

 	c.log.Info("starting container", "id", containerID)

-	err := c.docker.ContainerStart(ctx, containerID, container.StartOptions{})
+	err := c.docker.ContainerStart(ctx, string(containerID), container.StartOptions{})
 	if err != nil {
 		return fmt.Errorf("failed to start container: %w", err)
 	}
@@ -261,7 +261,7 @@ func (c *Client) StartContainer(ctx context.Context, containerID string) error {
 }

 // StopContainer stops a container.
-func (c *Client) StopContainer(ctx context.Context, containerID string) error {
+func (c *Client) StopContainer(ctx context.Context, containerID ContainerID) error {
 	if c.docker == nil {
 		return ErrNotConnected
 	}
@@ -270,7 +270,7 @@ func (c *Client) StopContainer(ctx context.Context, containerID string) error {

 	timeout := stopTimeoutSeconds

-	err := c.docker.ContainerStop(ctx, containerID, container.StopOptions{Timeout: &timeout})
+	err := c.docker.ContainerStop(ctx, string(containerID), container.StopOptions{Timeout: &timeout})
 	if err != nil {
 		return fmt.Errorf("failed to stop container: %w", err)
 	}
@@ -281,7 +281,7 @@ func (c *Client) StopContainer(ctx context.Context, containerID string) error {
 // RemoveContainer removes a container.
 func (c *Client) RemoveContainer(
 	ctx context.Context,
-	containerID string,
+	containerID ContainerID,
 	force bool,
 ) error {
 	if c.docker == nil {
@@ -290,7 +290,7 @@ func (c *Client) RemoveContainer(

 	c.log.Info("removing container", "id", containerID, "force", force)

-	err := c.docker.ContainerRemove(ctx, containerID, container.RemoveOptions{Force: force})
+	err := c.docker.ContainerRemove(ctx, string(containerID), container.RemoveOptions{Force: force})
 	if err != nil {
 		return fmt.Errorf("failed to remove container: %w", err)
 	}
@@ -301,7 +301,7 @@ func (c *Client) RemoveContainer(
 // ContainerLogs returns the logs for a container.
 func (c *Client) ContainerLogs(
 	ctx context.Context,
-	containerID string,
+	containerID ContainerID,
 	tail string,
 ) (string, error) {
 	if c.docker == nil {
@@ -314,7 +314,7 @@ func (c *Client) ContainerLogs(
 		Tail:       tail,
 	}

-	reader, err := c.docker.ContainerLogs(ctx, containerID, opts)
+	reader, err := c.docker.ContainerLogs(ctx, string(containerID), opts)
 	if err != nil {
 		return "", fmt.Errorf("failed to get container logs: %w", err)
 	}
@@ -337,13 +337,13 @@ func (c *Client) ContainerLogs(
 // IsContainerRunning checks if a container is running.
 func (c *Client) IsContainerRunning(
 	ctx context.Context,
-	containerID string,
+	containerID ContainerID,
 ) (bool, error) {
 	if c.docker == nil {
 		return false, ErrNotConnected
 	}

-	inspect, err := c.docker.ContainerInspect(ctx, containerID)
+	inspect, err := c.docker.ContainerInspect(ctx, string(containerID))
 	if err != nil {
 		return false, fmt.Errorf("failed to inspect container: %w", err)
 	}
@@ -354,13 +354,13 @@ func (c *Client) IsContainerRunning(
 // IsContainerHealthy checks if a container is healthy.
 func (c *Client) IsContainerHealthy(
 	ctx context.Context,
-	containerID string,
+	containerID ContainerID,
 ) (bool, error) {
 	if c.docker == nil {
 		return false, ErrNotConnected
 	}

-	inspect, err := c.docker.ContainerInspect(ctx, containerID)
+	inspect, err := c.docker.ContainerInspect(ctx, string(containerID))
 	if err != nil {
 		return false, fmt.Errorf("failed to inspect container: %w", err)
 	}
@@ -378,7 +378,7 @@ const LabelUpaasID = "upaas.id"

 // ContainerInfo contains basic information about a container.
 type ContainerInfo struct {
-	ID      string
+	ID      ContainerID
 	Running bool
 }

@@ -413,7 +413,7 @@ func (c *Client) FindContainerByAppID(
 	ctr := containers[0]

 	return &ContainerInfo{
-		ID:      ctr.ID,
+		ID:      ContainerID(ctr.ID),
 		Running: ctr.State == "running",
 	}, nil
 }
@@ -482,8 +482,8 @@ func (c *Client) CloneRepo(

 // RemoveImage removes a Docker image by ID or tag.
 // It returns nil if the image was successfully removed or does not exist.
-func (c *Client) RemoveImage(ctx context.Context, imageID string) error {
-	_, err := c.docker.ImageRemove(ctx, imageID, image.RemoveOptions{
+func (c *Client) RemoveImage(ctx context.Context, imageID ImageID) error {
+	_, err := c.docker.ImageRemove(ctx, string(imageID), image.RemoveOptions{
 		Force:         true,
 		PruneChildren: true,
 	})
@@ -497,7 +497,7 @@ func (c *Client) RemoveImage(ctx context.Context, imageID string) error {
 func (c *Client) performBuild(
 	ctx context.Context,
 	opts BuildImageOptions,
-) (string, error) {
+) (ImageID, error) {
 	// Create tar archive of build context
 	tarArchive, err := archive.TarWithOptions(opts.ContextDir, &archive.TarOptions{})
 	if err != nil {
@@ -512,7 +512,7 @@ func (c *Client) performBuild(
 	}()

 	// Build image
-	resp, err := c.docker.ImageBuild(ctx, tarArchive, types.ImageBuildOptions{
+	resp, err := c.docker.ImageBuild(ctx, tarArchive, dockertypes.ImageBuildOptions{
 		Dockerfile: opts.DockerfilePath,
 		Tags:       opts.Tags,
 		Remove:     true,
@@ -542,7 +542,7 @@ func (c *Client) performBuild(
 			return "", fmt.Errorf("failed to inspect image: %w", inspectErr)
 		}

-		return inspect.ID, nil
+		return ImageID(inspect.ID), nil
 	}

 	return "", nil
@@ -603,22 +603,22 @@ func (c *Client) performClone(ctx context.Context, cfg *cloneConfig) (*CloneResu
 		}
 	}()

-	containerID, err := c.createGitContainer(ctx, cfg)
+	gitContainerID, err := c.createGitContainer(ctx, cfg)
 	if err != nil {
 		return nil, err
 	}

 	defer func() {
-		_ = c.docker.ContainerRemove(ctx, containerID, container.RemoveOptions{Force: true})
+		_ = c.docker.ContainerRemove(ctx, string(gitContainerID), container.RemoveOptions{Force: true})
 	}()

-	return c.runGitClone(ctx, containerID)
+	return c.runGitClone(ctx, gitContainerID)
 }

 func (c *Client) createGitContainer(
 	ctx context.Context,
 	cfg *cloneConfig,
-) (string, error) {
+) (ContainerID, error) {
 	gitSSHCmd := "ssh -i /keys/deploy_key -o StrictHostKeyChecking=no"

 	// Build the git command using environment variables to avoid shell injection.
@@ -675,16 +675,16 @@ func (c *Client) createGitContainer(
 		return "", fmt.Errorf("failed to create git container: %w", err)
 	}

-	return resp.ID, nil
+	return ContainerID(resp.ID), nil
 }

-func (c *Client) runGitClone(ctx context.Context, containerID string) (*CloneResult, error) {
-	err := c.docker.ContainerStart(ctx, containerID, container.StartOptions{})
+func (c *Client) runGitClone(ctx context.Context, containerID ContainerID) (*CloneResult, error) {
+	err := c.docker.ContainerStart(ctx, string(containerID), container.StartOptions{})
 	if err != nil {
 		return nil, fmt.Errorf("failed to start git container: %w", err)
 	}

-	statusCh, errCh := c.docker.ContainerWait(ctx, containerID, container.WaitConditionNotRunning)
+	statusCh, errCh := c.docker.ContainerWait(ctx, string(containerID), container.WaitConditionNotRunning)

 	select {
 	case err := <-errCh:
--- a/internal/docker/types.go
+++ b/internal/docker/types.go
@@ -0,0 +1,7 @@
+package docker
+
+// ImageID is a Docker image identifier (ID or tag).
+type ImageID string
+
+// ContainerID is a Docker container identifier.
+type ContainerID string
--- a/internal/handlers/app.go
+++ b/internal/handlers/app.go
@@ -72,7 +72,7 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
 		nameErr := validateAppName(name)
 		if nameErr != nil {
 			data["Error"] = "Invalid app name: " + nameErr.Error()
-			_ = tmpl.ExecuteTemplate(writer, "app_new.html", data)
+			h.renderTemplate(writer, tmpl, "app_new.html", data)

 			return
 		}
@@ -228,7 +228,7 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid
 				"App":   application,
 				"Error": "Invalid app name: " + nameErr.Error(),
 			}, request)
-			_ = tmpl.ExecuteTemplate(writer, "app_edit.html", data)
+			h.renderTemplate(writer, tmpl, "app_edit.html", data)

 			return
 		}
@@ -239,7 +239,7 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid
 				"App":   application,
 				"Error": "Invalid repository URL: " + repoURLErr.Error(),
 			}, request)
-			_ = tmpl.ExecuteTemplate(writer, "app_edit.html", data)
+			h.renderTemplate(writer, tmpl, "app_edit.html", data)

 			return
 		}
--- a/internal/models/deployment.go
+++ b/internal/models/deployment.go
@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"errors"
 	"fmt"
+	"strings"
 	"time"

 	"git.eeqj.de/sneak/upaas/internal/database"
@@ -76,7 +77,11 @@ func (d *Deployment) Reload(ctx context.Context) error {
 	return d.scan(row)
 }

+// maxLogSize is the maximum size of deployment logs stored in the database (1MB).
+const maxLogSize = 1 << 20
+
 // AppendLog appends a log line to the deployment logs.
+// If the total log size exceeds maxLogSize, the oldest lines are truncated.
 func (d *Deployment) AppendLog(ctx context.Context, line string) error {
 	var currentLogs string

@@ -84,7 +89,22 @@ func (d *Deployment) AppendLog(ctx context.Context, line string) error {
 		currentLogs = d.Logs.String
 	}

-	d.Logs = sql.NullString{String: currentLogs + line + "\n", Valid: true}
+	newLogs := currentLogs + line + "\n"
+
+	if len(newLogs) > maxLogSize {
+		// Keep the most recent logs that fit within the limit.
+		// Find a newline after the truncation point to avoid partial lines.
+		truncateAt := len(newLogs) - maxLogSize
+		idx := strings.Index(newLogs[truncateAt:], "\n")
+
+		if idx >= 0 {
+			newLogs = "[earlier logs truncated]\n" + newLogs[truncateAt+idx+1:]
+		} else {
+			newLogs = "[earlier logs truncated]\n" + newLogs[truncateAt:]
+		}
+	}
+
+	d.Logs = sql.NullString{String: newLogs, Valid: true}

 	return d.Save(ctx)
 }
--- a/internal/service/deploy/deploy.go
+++ b/internal/service/deploy/deploy.go
@@ -251,8 +251,8 @@ func New(lc fx.Lifecycle, params ServiceParams) (*Service, error) {
 }

 // GetBuildDir returns the build directory path for an app.
-func (svc *Service) GetBuildDir(appID string) string {
-	return filepath.Join(svc.config.DataDir, "builds", appID)
+func (svc *Service) GetBuildDir(appName string) string {
+	return filepath.Join(svc.config.DataDir, "builds", appName)
 }

 // GetLogFilePath returns the path to the log file for a deployment.
@@ -417,15 +417,13 @@ func (svc *Service) executeRollback(

 	svc.removeOldContainer(ctx, app, deployment)

-	rollbackOpts, err := svc.buildContainerOptions(ctx, app, deployment.ID)
+	rollbackOpts, err := svc.buildContainerOptions(ctx, app, docker.ImageID(previousImageID))
 	if err != nil {
 		svc.failDeployment(bgCtx, app, deployment, err)

 		return fmt.Errorf("failed to build container options: %w", err)
 	}

-	rollbackOpts.Image = previousImageID
-
 	containerID, err := svc.docker.CreateContainer(ctx, rollbackOpts)
 	if err != nil {
 		svc.failDeployment(bgCtx, app, deployment, fmt.Errorf("failed to create rollback container: %w", err))
@@ -433,8 +431,8 @@ func (svc *Service) executeRollback(
 		return fmt.Errorf("failed to create rollback container: %w", err)
 	}

-	deployment.ContainerID = sql.NullString{String: containerID, Valid: true}
-	_ = deployment.AppendLog(bgCtx, "Rollback container created: "+containerID)
+	deployment.ContainerID = sql.NullString{String: string(containerID), Valid: true}
+	_ = deployment.AppendLog(bgCtx, "Rollback container created: "+string(containerID))

 	startErr := svc.docker.StartContainer(ctx, containerID)
 	if startErr != nil {
@@ -516,7 +514,7 @@ func (svc *Service) buildImageWithTimeout(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-) (string, error) {
+) (docker.ImageID, error) {
 	buildCtx, cancel := context.WithTimeout(ctx, buildTimeout)
 	defer cancel()

@@ -541,7 +539,7 @@ func (svc *Service) deployContainerWithTimeout(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID string,
+	imageID docker.ImageID,
 ) error {
 	deployCtx, cancel := context.WithTimeout(ctx, deployTimeout)
 	defer cancel()
@@ -669,7 +667,7 @@ func (svc *Service) checkCancelled(
 	bgCtx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID string,
+	imageID docker.ImageID,
 ) error {
 	if !errors.Is(deployCtx.Err(), context.Canceled) {
 		return nil
@@ -689,7 +687,7 @@ func (svc *Service) cleanupCancelledDeploy(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID string,
+	imageID docker.ImageID,
 ) {
 	// Clean up the intermediate Docker image if one was built
 	if imageID != "" {
@@ -697,11 +695,11 @@ func (svc *Service) cleanupCancelledDeploy(
 		if removeErr != nil {
 			svc.log.Error("failed to remove image from cancelled deploy",
 				"error", removeErr, "app", app.Name, "image", imageID)
-			_ = deployment.AppendLog(ctx, "WARNING: failed to clean up image "+imageID+": "+removeErr.Error())
+			_ = deployment.AppendLog(ctx, "WARNING: failed to clean up image "+string(imageID)+": "+removeErr.Error())
 		} else {
 			svc.log.Info("cleaned up image from cancelled deploy",
 				"app", app.Name, "image", imageID)
-			_ = deployment.AppendLog(ctx, "Cleaned up intermediate image: "+imageID)
+			_ = deployment.AppendLog(ctx, "Cleaned up intermediate image: "+string(imageID))
 		}
 	}

@@ -818,7 +816,7 @@ func (svc *Service) buildImage(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-) (string, error) {
+) (docker.ImageID, error) {
 	workDir, cleanup, err := svc.cloneRepository(ctx, app, deployment)
 	if err != nil {
 		return "", err
@@ -852,8 +850,8 @@ func (svc *Service) buildImage(
 		return "", fmt.Errorf("failed to build image: %w", err)
 	}

-	deployment.ImageID = sql.NullString{String: imageID, Valid: true}
-	_ = deployment.AppendLog(ctx, "Image built: "+imageID)
+	deployment.ImageID = sql.NullString{String: string(imageID), Valid: true}
+	_ = deployment.AppendLog(ctx, "Image built: "+string(imageID))

 	return imageID, nil
 }
@@ -1011,16 +1009,16 @@ func (svc *Service) removeOldContainer(
 		svc.log.Warn("failed to remove old container", "error", removeErr)
 	}

-	_ = deployment.AppendLog(ctx, "Old container removed: "+containerInfo.ID[:12])
+	_ = deployment.AppendLog(ctx, "Old container removed: "+string(containerInfo.ID[:12]))
 }

 func (svc *Service) createAndStartContainer(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	_ string,
-) (string, error) {
-	containerOpts, err := svc.buildContainerOptions(ctx, app, deployment.ID)
+	imageID docker.ImageID,
+) (docker.ContainerID, error) {
+	containerOpts, err := svc.buildContainerOptions(ctx, app, imageID)
 	if err != nil {
 		svc.failDeployment(ctx, app, deployment, err)

@@ -1040,8 +1038,8 @@ func (svc *Service) createAndStartContainer(
 		return "", fmt.Errorf("failed to create container: %w", err)
 	}

-	deployment.ContainerID = sql.NullString{String: containerID, Valid: true}
-	_ = deployment.AppendLog(ctx, "Container created: "+containerID)
+	deployment.ContainerID = sql.NullString{String: string(containerID), Valid: true}
+	_ = deployment.AppendLog(ctx, "Container created: "+string(containerID))

 	startErr := svc.docker.StartContainer(ctx, containerID)
 	if startErr != nil {
@@ -1064,7 +1062,7 @@ func (svc *Service) createAndStartContainer(
 func (svc *Service) buildContainerOptions(
 	ctx context.Context,
 	app *models.App,
-	deploymentID int64,
+	imageID docker.ImageID,
 ) (docker.CreateContainerOptions, error) {
 	envVars, err := app.GetEnvVars(ctx)
 	if err != nil {
@@ -1098,7 +1096,7 @@ func (svc *Service) buildContainerOptions(

 	return docker.CreateContainerOptions{
 		Name:    "upaas-" + app.Name,
-		Image:   fmt.Sprintf("upaas-%s:%d", app.Name, deploymentID),
+		Image:   string(imageID),
 		Env:     envMap,
 		Labels:  buildLabelMap(app, labels),
 		Volumes: buildVolumeMounts(volumes),
@@ -1148,9 +1146,9 @@ func buildPortMappings(ports []*models.Port) []docker.PortMapping {
 func (svc *Service) updateAppRunning(
 	ctx context.Context,
 	app *models.App,
-	imageID string,
+	imageID docker.ImageID,
 ) error {
-	app.ImageID = sql.NullString{String: imageID, Valid: true}
+	app.ImageID = sql.NullString{String: string(imageID), Valid: true}
 	app.Status = models.AppStatusRunning

 	saveErr := app.Save(ctx)
--- a/internal/service/webhook/types.go
+++ b/internal/service/webhook/types.go
@@ -0,0 +1,7 @@
+package webhook
+
+// UnparsedURL is a URL stored as a plain string without parsing.
+// Use this instead of string when the value is known to be a URL
+// but should not be parsed into a net/url.URL (e.g. webhook URLs,
+// compare URLs from external payloads).
+type UnparsedURL string
--- a/internal/service/webhook/webhook.go
+++ b/internal/service/webhook/webhook.go
@@ -50,12 +50,12 @@ type GiteaPushPayload struct {
 	Ref        string      `json:"ref"`
 	Before     string      `json:"before"`
 	After      string      `json:"after"`
-	CompareURL string `json:"compare_url"`
+	CompareURL UnparsedURL `json:"compare_url"`
 	Repository struct {
 		FullName string      `json:"full_name"`
-		CloneURL string `json:"clone_url"`
+		CloneURL UnparsedURL `json:"clone_url"`
 		SSHURL   string      `json:"ssh_url"`
-		HTMLURL  string `json:"html_url"`
+		HTMLURL  UnparsedURL `json:"html_url"`
 	} `json:"repository"`
 	Pusher struct {
 		Username string `json:"username"`
@@ -63,7 +63,7 @@ type GiteaPushPayload struct {
 	} `json:"pusher"`
 	Commits []struct {
 		ID      string      `json:"id"`
-		URL     string `json:"url"`
+		URL     UnparsedURL `json:"url"`
 		Message string      `json:"message"`
 		Author  struct {
 			Name  string `json:"name"`
@@ -104,7 +104,7 @@ func (svc *Service) HandleWebhook(
 	event.EventType = eventType
 	event.Branch = branch
 	event.CommitSHA = sql.NullString{String: commitSHA, Valid: commitSHA != ""}
-	event.CommitURL = sql.NullString{String: commitURL, Valid: commitURL != ""}
+	event.CommitURL = sql.NullString{String: string(commitURL), Valid: commitURL != ""}
 	event.Payload = sql.NullString{String: string(payload), Valid: true}
 	event.Matched = matched
 	event.Processed = false
@@ -168,7 +168,7 @@ func extractBranch(ref string) string {

 // extractCommitURL extracts the commit URL from the webhook payload.
 // Prefers the URL from the head commit, falls back to constructing from repo URL.
-func extractCommitURL(payload GiteaPushPayload) string {
+func extractCommitURL(payload GiteaPushPayload) UnparsedURL {
 	// Try to find the URL from the head commit (matching After SHA)
 	for _, commit := range payload.Commits {
 		if commit.ID == payload.After && commit.URL != "" {
@@ -178,7 +178,7 @@ func extractCommitURL(payload GiteaPushPayload) string {

 	// Fall back to constructing URL from repo HTML URL
 	if payload.Repository.HTMLURL != "" && payload.After != "" {
-		return payload.Repository.HTMLURL + "/commit/" + payload.After
+		return UnparsedURL(string(payload.Repository.HTMLURL) + "/commit/" + payload.After)
 	}

 	return ""
--- a/static/js/alpine.min.js
+++ b/static/js/alpine.min.js
--- a/static/js/app.js
+++ b/static/js/app.js
@@ -22,7 +22,9 @@ document.addEventListener("alpine:init", () => {

            if (diffSec < 60) return "just now";
            if (diffMin < 60)
-        return diffMin + (diffMin === 1 ? " minute ago" : " minutes ago");
+                return (
+                    diffMin + (diffMin === 1 ? " minute ago" : " minutes ago")
+                );
            if (diffHour < 24)
                return diffHour + (diffHour === 1 ? " hour ago" : " hours ago");
            if (diffDay < 7)
@@ -34,7 +36,8 @@ document.addEventListener("alpine:init", () => {
         * Get the badge class for a given status
         */
        statusBadgeClass(status) {
-      if (status === "running" || status === "success") return "badge-success";
+            if (status === "running" || status === "success")
+                return "badge-success";
            if (status === "building" || status === "deploying")
                return "badge-warning";
            if (status === "failed" || status === "error") return "badge-error";
@@ -73,7 +76,9 @@ document.addEventListener("alpine:init", () => {
         */
        isScrolledToBottom(el, tolerance = 30) {
            if (!el) return true;
-      return el.scrollHeight - el.scrollTop - el.clientHeight <= tolerance;
+            return (
+                el.scrollHeight - el.scrollTop - el.clientHeight <= tolerance
+            );
        },

        /**
@@ -194,14 +199,22 @@ document.addEventListener("alpine:init", () => {

            // Set up scroll listeners after DOM is ready
            this.$nextTick(() => {
-        this._initScrollTracking(this.$refs.containerLogsWrapper, '_containerAutoScroll');
-        this._initScrollTracking(this.$refs.buildLogsWrapper, '_buildAutoScroll');
+                this._initScrollTracking(
+                    this.$refs.containerLogsWrapper,
+                    "_containerAutoScroll",
+                );
+                this._initScrollTracking(
+                    this.$refs.buildLogsWrapper,
+                    "_buildAutoScroll",
+                );
            });
        },

        _schedulePoll() {
            if (this._pollTimer) clearTimeout(this._pollTimer);
-      const interval = Alpine.store("utils").isDeploying(this.appStatus) ? 1000 : 10000;
+            const interval = Alpine.store("utils").isDeploying(this.appStatus)
+                ? 1000
+                : 10000;
            this._pollTimer = setTimeout(() => {
                this.fetchAll();
                this._schedulePoll();
@@ -210,18 +223,29 @@ document.addEventListener("alpine:init", () => {

        _initScrollTracking(el, flag) {
            if (!el) return;
-      el.addEventListener('scroll', () => {
+            el.addEventListener(
+                "scroll",
+                () => {
                    this[flag] = Alpine.store("utils").isScrolledToBottom(el);
-      }, { passive: true });
+                },
+                { passive: true },
+            );
        },

        fetchAll() {
            this.fetchAppStatus();
            // Only fetch logs when the respective pane is visible
-      if (this.$refs.containerLogsWrapper && this._isElementVisible(this.$refs.containerLogsWrapper)) {
+            if (
+                this.$refs.containerLogsWrapper &&
+                this._isElementVisible(this.$refs.containerLogsWrapper)
+            ) {
                this.fetchContainerLogs();
            }
-      if (this.showBuildLogs && this.$refs.buildLogsWrapper && this._isElementVisible(this.$refs.buildLogsWrapper)) {
+            if (
+                this.showBuildLogs &&
+                this.$refs.buildLogsWrapper &&
+                this._isElementVisible(this.$refs.buildLogsWrapper)
+            ) {
                this.fetchBuildLogs();
            }
            this.fetchRecentDeployments();
@@ -270,7 +294,9 @@ document.addEventListener("alpine:init", () => {
                this.containerStatus = data.status;
                if (changed && this._containerAutoScroll) {
                    this.$nextTick(() => {
-            Alpine.store("utils").scrollToBottom(this.$refs.containerLogsWrapper);
+                        Alpine.store("utils").scrollToBottom(
+                            this.$refs.containerLogsWrapper,
+                        );
                    });
                }
            } catch (err) {
@@ -291,7 +317,9 @@ document.addEventListener("alpine:init", () => {
                this.buildStatus = data.status;
                if (changed && this._buildAutoScroll) {
                    this.$nextTick(() => {
-            Alpine.store("utils").scrollToBottom(this.$refs.buildLogsWrapper);
+                        Alpine.store("utils").scrollToBottom(
+                            this.$refs.buildLogsWrapper,
+                        );
                    });
                }
            } catch (err) {
@@ -301,7 +329,9 @@ document.addEventListener("alpine:init", () => {

        async fetchRecentDeployments() {
            try {
-        const res = await fetch(`/apps/${this.appId}/recent-deployments`);
+                const res = await fetch(
+                    `/apps/${this.appId}/recent-deployments`,
+                );
                const data = await res.json();
                this.deployments = data.deployments || [];
            } catch (err) {
@@ -334,7 +364,8 @@ document.addEventListener("alpine:init", () => {

        get buildStatusBadgeClass() {
            return (
-        Alpine.store("utils").statusBadgeClass(this.buildStatus) + " text-xs"
+                Alpine.store("utils").statusBadgeClass(this.buildStatus) +
+                " text-xs"
            );
        },

@@ -375,9 +406,16 @@ document.addEventListener("alpine:init", () => {
            this.$nextTick(() => {
                const wrapper = this.$refs.logsWrapper;
                if (wrapper) {
-          wrapper.addEventListener('scroll', () => {
-            this._autoScroll = Alpine.store("utils").isScrolledToBottom(wrapper);
-          }, { passive: true });
+                    wrapper.addEventListener(
+                        "scroll",
+                        () => {
+                            this._autoScroll =
+                                Alpine.store("utils").isScrolledToBottom(
+                                    wrapper,
+                                );
+                        },
+                        { passive: true },
+                    );
                }
            });

@@ -408,7 +446,9 @@ document.addEventListener("alpine:init", () => {
                // Scroll to bottom only when content changes AND user hasn't scrolled up
                if (logsChanged && this._autoScroll) {
                    this.$nextTick(() => {
-            Alpine.store("utils").scrollToBottom(this.$refs.logsWrapper);
+                        Alpine.store("utils").scrollToBottom(
+                            this.$refs.logsWrapper,
+                        );
                    });
                }

@@ -533,7 +573,8 @@ document.addEventListener("alpine:init", () => {
                this.$el.querySelectorAll("[data-time]").forEach((el) => {
                    const time = el.getAttribute("data-time");
                    if (time) {
-            el.textContent = Alpine.store("utils").formatRelativeTime(time);
+                        el.textContent =
+                            Alpine.store("utils").formatRelativeTime(time);
                    }
                });
            }, 60000);
Author	SHA1	Message	Date
user	478746c356	rebase: apply audit bug fixes on latest main Rebased fix/1.0-audit-bugs onto current main (post-merge of PRs #119, #127). Changes: - Custom domain types: docker.ImageID, docker.ContainerID, webhook.UnparsedURL - Type-safe function signatures throughout docker/deploy/webhook packages - Remove docker-compose.yml, test helper files - README and Dockerfile updates - Prettier-formatted JS files	2026-02-23 11:56:09 -08:00
Jeffrey Paul	28f014ce95	Merge pull request 'fix: use imageID in createAndStartContainer (closes #124 )' (#127 ) from fix/use-image-id-in-container into main All checks were successful Check / check (push) Successful in 11m32s Details Reviewed-on: #127	2026-02-23 20:48:23 +01:00
Jeffrey Paul	dc638a07f1	Merge pull request 'fix: pin all external refs to cryptographic identity (closes #118 )' (#119 ) from fix/pin-external-refs-crypto-identity into main Some checks failed Check / check (push) Has been cancelled Details Reviewed-on: #119	2026-02-23 20:48:09 +01:00
user	0e8efe1043	fix: use imageID in createAndStartContainer (closes #124 ) All checks were successful Check / check (pull_request) Successful in 11m24s Details Wire the imageID parameter (returned from docker build) through createAndStartContainer and buildContainerOptions instead of reconstructing a mutable tag via fmt.Sprintf. This ensures containers reference the immutable image digest, avoiding tag-reuse races when deploys overlap. Changes: - Rename _ string to imageID string in createAndStartContainer - Change buildContainerOptions to accept imageID string instead of deploymentID int64 - Use imageID directly as the Image field in container options - Update rollback path to pass previousImageID directly - Add test verifying imageID flows through to container options - Add database.NewTestDatabase and logger.NewForTest test helpers	2026-02-21 02:24:51 -08:00
user	0ed2d02dfe	fix: pin all external refs to cryptographic identity (closes #118 ) All checks were successful Check / check (pull_request) Successful in 11m41s Details - Pin Docker base images to sha256 digests (golang, alpine) - Pin go install commands to commit SHAs (not version tags) - golangci-lint: 5d1e709b7be35cb2025444e19de266b056b7b7ee (v2.10.1) - goimports: 009367f5c17a8d4c45a961a3a509277190a9a6f0 (v0.42.0) - CI workflow was already correctly pinned to commit SHAs All references now use cryptographic identity, eliminating RCE risk from mutable tags.	2026-02-21 00:50:44 -08:00
Jeffrey Paul	ab526fc93d	Merge pull request 'fix: disable API v1 write methods (closes #112 )' (#115 ) from fix/disable-api-write-methods into main All checks were successful Check / check (push) Successful in 11m20s Details Reviewed-on: #115	2026-02-20 14:35:12 +01:00