README.md

@@ -157,8 +157,8 @@ Environment variables:
 | Variable | Description | Default |
 |----------|-------------|---------|
 | `PORT` | HTTP listen port | 8080 |
-| `UPAAS_DATA_DIR` | Data directory for SQLite and keys | ./data |
-| `UPAAS_HOST_DATA_DIR` | Host path for DATA_DIR (when running in container) | same as DATA_DIR |
+| `UPAAS_DATA_DIR` | Data directory for SQLite and keys | `./data` (local dev only — use absolute path for Docker) |
+| `UPAAS_HOST_DATA_DIR` | Host path for DATA_DIR (when running in container) | *(none — must be set to an absolute path)* |
 | `UPAAS_DOCKER_HOST` | Docker socket path | unix:///var/run/docker.sock |
 | `DEBUG` | Enable debug logging | false |
 | `SENTRY_DSN` | Sentry error reporting DSN | "" |
@@ -176,8 +176,35 @@ docker run -d \
   upaas
 ```
 
-**Important**: When running µPaaS inside a container, set `UPAAS_HOST_DATA_DIR` to the host path
-that maps to `UPAAS_DATA_DIR`. This is required for Docker bind mounts during builds to work correctly.
+### Docker Compose
+
+```yaml
+services:
+  upaas:
+    build: .
+    restart: unless-stopped
+    ports:
+      - "8080:8080"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${HOST_DATA_DIR}:/var/lib/upaas
+    environment:
+      - UPAAS_HOST_DATA_DIR=${HOST_DATA_DIR}
+      # Optional: uncomment to enable debug logging
+      # - DEBUG=true
+      # Optional: Sentry error reporting
+      # - SENTRY_DSN=https://...
+      # Optional: Prometheus metrics auth
+      # - METRICS_USERNAME=prometheus
+      # - METRICS_PASSWORD=secret
+```
+
+**Important**: You **must** set `HOST_DATA_DIR` to an **absolute path** on the host before running
+`docker compose up`. This value is bind-mounted into the container and passed as `UPAAS_HOST_DATA_DIR`
+so that Docker bind mounts during builds resolve correctly. Relative paths (e.g. `./data`) will break
+container builds because the Docker daemon resolves paths relative to the host, not the container.
+
+Example: `HOST_DATA_DIR=/srv/upaas/data docker compose up -d`
 
 Session secrets are automatically generated on first startup and persisted to `$UPAAS_DATA_DIR/session.key`.
 

docker-compose.yml

@@ -1,20 +0,0 @@
-services:
-  upaas:
-    build: .
-    restart: unless-stopped
-    ports:
-      - "8080:8080"
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - upaas-data:/var/lib/upaas
-    # environment:
-      # Optional: uncomment to enable debug logging
-      # - DEBUG=true
-      # Optional: Sentry error reporting
-      # - SENTRY_DSN=https://...
-      # Optional: Prometheus metrics auth
-      # - METRICS_USERNAME=prometheus
-      # - METRICS_PASSWORD=secret
-
-volumes:
-  upaas-data:

internal/database/migrations.go

@@ -113,9 +113,9 @@ func (d *Database) applyMigration(ctx context.Context, filename string) error {
 		return fmt.Errorf("failed to record migration: %w", err)
 	}
 
-	commitErr := transaction.Commit()
-	if commitErr != nil {
-		return fmt.Errorf("failed to commit migration: %w", commitErr)
+	err = transaction.Commit()
+	if err != nil {
+		return fmt.Errorf("failed to commit migration: %w", err)
 	}
 
 	return nil

internal/docker/client.go

@@ -14,7 +14,7 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/docker/docker/api/types"
+	dockertypes "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/image"
@@ -26,6 +26,7 @@ import (
 	"go.uber.org/fx"
 
 	"git.eeqj.de/sneak/upaas/internal/config"
+
 	"git.eeqj.de/sneak/upaas/internal/logger"
 )
 
@@ -116,7 +117,7 @@ type BuildImageOptions struct {
 func (c *Client) BuildImage(
 	ctx context.Context,
 	opts BuildImageOptions,
-) (string, error) {
+) (ImageID, error) {
 	if c.docker == nil {
 		return "", ErrNotConnected
 	}
@@ -188,7 +189,7 @@ func buildPortConfig(ports []PortMapping) (nat.PortSet, nat.PortMap) {
 func (c *Client) CreateContainer(
 	ctx context.Context,
 	opts CreateContainerOptions,
-) (string, error) {
+) (ContainerID, error) {
 	if c.docker == nil {
 		return "", ErrNotConnected
 	}
@@ -241,18 +242,18 @@ func (c *Client) CreateContainer(
 		return "", fmt.Errorf("failed to create container: %w", err)
 	}
 
-	return resp.ID, nil
+	return ContainerID(resp.ID), nil
 }
 
 // StartContainer starts a container.
-func (c *Client) StartContainer(ctx context.Context, containerID string) error {
+func (c *Client) StartContainer(ctx context.Context, containerID ContainerID) error {
 	if c.docker == nil {
 		return ErrNotConnected
 	}
 
 	c.log.Info("starting container", "id", containerID)
 
-	err := c.docker.ContainerStart(ctx, containerID, container.StartOptions{})
+	err := c.docker.ContainerStart(ctx, containerID.String(), container.StartOptions{})
 	if err != nil {
 		return fmt.Errorf("failed to start container: %w", err)
 	}
@@ -261,7 +262,7 @@ func (c *Client) StartContainer(ctx context.Context, containerID string) error {
 }
 
 // StopContainer stops a container.
-func (c *Client) StopContainer(ctx context.Context, containerID string) error {
+func (c *Client) StopContainer(ctx context.Context, containerID ContainerID) error {
 	if c.docker == nil {
 		return ErrNotConnected
 	}
@@ -270,7 +271,7 @@ func (c *Client) StopContainer(ctx context.Context, containerID string) error {
 
 	timeout := stopTimeoutSeconds
 
-	err := c.docker.ContainerStop(ctx, containerID, container.StopOptions{Timeout: &timeout})
+	err := c.docker.ContainerStop(ctx, containerID.String(), container.StopOptions{Timeout: &timeout})
 	if err != nil {
 		return fmt.Errorf("failed to stop container: %w", err)
 	}
@@ -281,7 +282,7 @@ func (c *Client) StopContainer(ctx context.Context, containerID string) error {
 // RemoveContainer removes a container.
 func (c *Client) RemoveContainer(
 	ctx context.Context,
-	containerID string,
+	containerID ContainerID,
 	force bool,
 ) error {
 	if c.docker == nil {
@@ -290,7 +291,7 @@ func (c *Client) RemoveContainer(
 
 	c.log.Info("removing container", "id", containerID, "force", force)
 
-	err := c.docker.ContainerRemove(ctx, containerID, container.RemoveOptions{Force: force})
+	err := c.docker.ContainerRemove(ctx, containerID.String(), container.RemoveOptions{Force: force})
 	if err != nil {
 		return fmt.Errorf("failed to remove container: %w", err)
 	}
@@ -301,7 +302,7 @@ func (c *Client) RemoveContainer(
 // ContainerLogs returns the logs for a container.
 func (c *Client) ContainerLogs(
 	ctx context.Context,
-	containerID string,
+	containerID ContainerID,
 	tail string,
 ) (string, error) {
 	if c.docker == nil {
@@ -314,7 +315,7 @@ func (c *Client) ContainerLogs(
 		Tail:       tail,
 	}
 
-	reader, err := c.docker.ContainerLogs(ctx, containerID, opts)
+	reader, err := c.docker.ContainerLogs(ctx, containerID.String(), opts)
 	if err != nil {
 		return "", fmt.Errorf("failed to get container logs: %w", err)
 	}
@@ -337,13 +338,13 @@ func (c *Client) ContainerLogs(
 // IsContainerRunning checks if a container is running.
 func (c *Client) IsContainerRunning(
 	ctx context.Context,
-	containerID string,
+	containerID ContainerID,
 ) (bool, error) {
 	if c.docker == nil {
 		return false, ErrNotConnected
 	}
 
-	inspect, err := c.docker.ContainerInspect(ctx, containerID)
+	inspect, err := c.docker.ContainerInspect(ctx, containerID.String())
 	if err != nil {
 		return false, fmt.Errorf("failed to inspect container: %w", err)
 	}
@@ -354,13 +355,13 @@ func (c *Client) IsContainerRunning(
 // IsContainerHealthy checks if a container is healthy.
 func (c *Client) IsContainerHealthy(
 	ctx context.Context,
-	containerID string,
+	containerID ContainerID,
 ) (bool, error) {
 	if c.docker == nil {
 		return false, ErrNotConnected
 	}
 
-	inspect, err := c.docker.ContainerInspect(ctx, containerID)
+	inspect, err := c.docker.ContainerInspect(ctx, containerID.String())
 	if err != nil {
 		return false, fmt.Errorf("failed to inspect container: %w", err)
 	}
@@ -378,7 +379,7 @@ const LabelUpaasID = "upaas.id"
 
 // ContainerInfo contains basic information about a container.
 type ContainerInfo struct {
-	ID      string
+	ID      ContainerID
 	Running bool
 }
 
@@ -413,7 +414,7 @@ func (c *Client) FindContainerByAppID(
 	ctr := containers[0]
 
 	return &ContainerInfo{
-		ID:      ctr.ID,
+		ID:      ContainerID(ctr.ID),
 		Running: ctr.State == "running",
 	}, nil
 }
@@ -482,8 +483,8 @@ func (c *Client) CloneRepo(
 
 // RemoveImage removes a Docker image by ID or tag.
 // It returns nil if the image was successfully removed or does not exist.
-func (c *Client) RemoveImage(ctx context.Context, imageID string) error {
-	_, err := c.docker.ImageRemove(ctx, imageID, image.RemoveOptions{
+func (c *Client) RemoveImage(ctx context.Context, imageID ImageID) error {
+	_, err := c.docker.ImageRemove(ctx, imageID.String(), image.RemoveOptions{
 		Force:         true,
 		PruneChildren: true,
 	})
@@ -497,7 +498,7 @@ func (c *Client) RemoveImage(ctx context.Context, imageID string) error {
 func (c *Client) performBuild(
 	ctx context.Context,
 	opts BuildImageOptions,
-) (string, error) {
+) (ImageID, error) {
 	// Create tar archive of build context
 	tarArchive, err := archive.TarWithOptions(opts.ContextDir, &archive.TarOptions{})
 	if err != nil {
@@ -512,7 +513,7 @@ func (c *Client) performBuild(
 	}()
 
 	// Build image
-	resp, err := c.docker.ImageBuild(ctx, tarArchive, types.ImageBuildOptions{
+	resp, err := c.docker.ImageBuild(ctx, tarArchive, dockertypes.ImageBuildOptions{
 		Dockerfile: opts.DockerfilePath,
 		Tags:       opts.Tags,
 		Remove:     true,
@@ -542,7 +543,7 @@ func (c *Client) performBuild(
 			return "", fmt.Errorf("failed to inspect image: %w", inspectErr)
 		}
 
-		return inspect.ID, nil
+		return ImageID(inspect.ID), nil
 	}
 
 	return "", nil
@@ -603,22 +604,22 @@ func (c *Client) performClone(ctx context.Context, cfg *cloneConfig) (*CloneResu
 		}
 	}()
 
-	containerID, err := c.createGitContainer(ctx, cfg)
+	gitContainerID, err := c.createGitContainer(ctx, cfg)
 	if err != nil {
 		return nil, err
 	}
 
 	defer func() {
-		_ = c.docker.ContainerRemove(ctx, containerID, container.RemoveOptions{Force: true})
+		_ = c.docker.ContainerRemove(ctx, gitContainerID.String(), container.RemoveOptions{Force: true})
 	}()
 
-	return c.runGitClone(ctx, containerID)
+	return c.runGitClone(ctx, gitContainerID)
 }
 
 func (c *Client) createGitContainer(
 	ctx context.Context,
 	cfg *cloneConfig,
-) (string, error) {
+) (ContainerID, error) {
 	gitSSHCmd := "ssh -i /keys/deploy_key -o StrictHostKeyChecking=no"
 
 	// Build the git command using environment variables to avoid shell injection.
@@ -675,16 +676,16 @@ func (c *Client) createGitContainer(
 		return "", fmt.Errorf("failed to create git container: %w", err)
 	}
 
-	return resp.ID, nil
+	return ContainerID(resp.ID), nil
 }
 
-func (c *Client) runGitClone(ctx context.Context, containerID string) (*CloneResult, error) {
-	err := c.docker.ContainerStart(ctx, containerID, container.StartOptions{})
+func (c *Client) runGitClone(ctx context.Context, containerID ContainerID) (*CloneResult, error) {
+	err := c.docker.ContainerStart(ctx, containerID.String(), container.StartOptions{})
 	if err != nil {
 		return nil, fmt.Errorf("failed to start git container: %w", err)
 	}
 
-	statusCh, errCh := c.docker.ContainerWait(ctx, containerID, container.WaitConditionNotRunning)
+	statusCh, errCh := c.docker.ContainerWait(ctx, containerID.String(), container.WaitConditionNotRunning)
 
 	select {
 	case err := <-errCh:

internal/docker/types.go

@@ -0,0 +1,13 @@
+package docker
+
+// ImageID is a Docker image identifier (ID or tag).
+type ImageID string
+
+// String implements the fmt.Stringer interface.
+func (id ImageID) String() string { return string(id) }
+
+// ContainerID is a Docker container identifier.
+type ContainerID string
+
+// String implements the fmt.Stringer interface.
+func (id ContainerID) String() string { return string(id) }

internal/handlers/app.go

@@ -72,7 +72,7 @@ func (h *Handlers) HandleAppCreate() http.HandlerFunc { //nolint:funlen // valid
 		nameErr := validateAppName(name)
 		if nameErr != nil {
 			data["Error"] = "Invalid app name: " + nameErr.Error()
-			_ = tmpl.ExecuteTemplate(writer, "app_new.html", data)
+			h.renderTemplate(writer, tmpl, "app_new.html", data)
 
 			return
 		}
@@ -228,7 +228,7 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid
 				"App":   application,
 				"Error": "Invalid app name: " + nameErr.Error(),
 			}, request)
-			_ = tmpl.ExecuteTemplate(writer, "app_edit.html", data)
+			h.renderTemplate(writer, tmpl, "app_edit.html", data)
 
 			return
 		}
@@ -239,7 +239,7 @@ func (h *Handlers) HandleAppUpdate() http.HandlerFunc { //nolint:funlen // valid
 				"App":   application,
 				"Error": "Invalid repository URL: " + repoURLErr.Error(),
 			}, request)
-			_ = tmpl.ExecuteTemplate(writer, "app_edit.html", data)
+			h.renderTemplate(writer, tmpl, "app_edit.html", data)
 
 			return
 		}

internal/models/deployment.go

@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"errors"
 	"fmt"
+	"strings"
 	"time"
 
 	"git.eeqj.de/sneak/upaas/internal/database"
@@ -76,7 +77,11 @@ func (d *Deployment) Reload(ctx context.Context) error {
 	return d.scan(row)
 }
 
+// maxLogSize is the maximum size of deployment logs stored in the database (1MB).
+const maxLogSize = 1 << 20
+
 // AppendLog appends a log line to the deployment logs.
+// If the total log size exceeds maxLogSize, the oldest lines are truncated.
 func (d *Deployment) AppendLog(ctx context.Context, line string) error {
 	var currentLogs string
 
@@ -84,7 +89,22 @@ func (d *Deployment) AppendLog(ctx context.Context, line string) error {
 		currentLogs = d.Logs.String
 	}
 
-	d.Logs = sql.NullString{String: currentLogs + line + "\n", Valid: true}
+	newLogs := currentLogs + line + "\n"
+
+	if len(newLogs) > maxLogSize {
+		// Keep the most recent logs that fit within the limit.
+		// Find a newline after the truncation point to avoid partial lines.
+		truncateAt := len(newLogs) - maxLogSize
+		idx := strings.Index(newLogs[truncateAt:], "\n")
+
+		if idx >= 0 {
+			newLogs = "[earlier logs truncated]\n" + newLogs[truncateAt+idx+1:]
+		} else {
+			newLogs = "[earlier logs truncated]\n" + newLogs[truncateAt:]
+		}
+	}
+
+	d.Logs = sql.NullString{String: newLogs, Valid: true}
 
 	return d.Save(ctx)
 }

internal/service/deploy/deploy.go

@@ -251,8 +251,8 @@ func New(lc fx.Lifecycle, params ServiceParams) (*Service, error) {
 }
 
 // GetBuildDir returns the build directory path for an app.
-func (svc *Service) GetBuildDir(appID string) string {
-	return filepath.Join(svc.config.DataDir, "builds", appID)
+func (svc *Service) GetBuildDir(appName string) string {
+	return filepath.Join(svc.config.DataDir, "builds", appName)
 }
 
 // GetLogFilePath returns the path to the log file for a deployment.
@@ -417,7 +417,7 @@ func (svc *Service) executeRollback(
 
 	svc.removeOldContainer(ctx, app, deployment)
 
-	rollbackOpts, err := svc.buildContainerOptions(ctx, app, previousImageID)
+	rollbackOpts, err := svc.buildContainerOptions(ctx, app, docker.ImageID(previousImageID))
 	if err != nil {
 		svc.failDeployment(bgCtx, app, deployment, err)
 
@@ -431,8 +431,8 @@ func (svc *Service) executeRollback(
 		return fmt.Errorf("failed to create rollback container: %w", err)
 	}
 
-	deployment.ContainerID = sql.NullString{String: containerID, Valid: true}
-	_ = deployment.AppendLog(bgCtx, "Rollback container created: "+containerID)
+	deployment.ContainerID = sql.NullString{String: containerID.String(), Valid: true}
+	_ = deployment.AppendLog(bgCtx, "Rollback container created: "+containerID.String())
 
 	startErr := svc.docker.StartContainer(ctx, containerID)
 	if startErr != nil {
@@ -514,7 +514,7 @@ func (svc *Service) buildImageWithTimeout(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-) (string, error) {
+) (docker.ImageID, error) {
 	buildCtx, cancel := context.WithTimeout(ctx, buildTimeout)
 	defer cancel()
 
@@ -539,7 +539,7 @@ func (svc *Service) deployContainerWithTimeout(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID string,
+	imageID docker.ImageID,
 ) error {
 	deployCtx, cancel := context.WithTimeout(ctx, deployTimeout)
 	defer cancel()
@@ -667,7 +667,7 @@ func (svc *Service) checkCancelled(
 	bgCtx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID string,
+	imageID docker.ImageID,
 ) error {
 	if !errors.Is(deployCtx.Err(), context.Canceled) {
 		return nil
@@ -687,7 +687,7 @@ func (svc *Service) cleanupCancelledDeploy(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID string,
+	imageID docker.ImageID,
 ) {
 	// Clean up the intermediate Docker image if one was built
 	if imageID != "" {
@@ -695,11 +695,11 @@ func (svc *Service) cleanupCancelledDeploy(
 		if removeErr != nil {
 			svc.log.Error("failed to remove image from cancelled deploy",
 				"error", removeErr, "app", app.Name, "image", imageID)
-			_ = deployment.AppendLog(ctx, "WARNING: failed to clean up image "+imageID+": "+removeErr.Error())
+			_ = deployment.AppendLog(ctx, "WARNING: failed to clean up image "+imageID.String()+": "+removeErr.Error())
 		} else {
 			svc.log.Info("cleaned up image from cancelled deploy",
 				"app", app.Name, "image", imageID)
-			_ = deployment.AppendLog(ctx, "Cleaned up intermediate image: "+imageID)
+			_ = deployment.AppendLog(ctx, "Cleaned up intermediate image: "+imageID.String())
 		}
 	}
 
@@ -816,7 +816,7 @@ func (svc *Service) buildImage(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-) (string, error) {
+) (docker.ImageID, error) {
 	workDir, cleanup, err := svc.cloneRepository(ctx, app, deployment)
 	if err != nil {
 		return "", err
@@ -850,8 +850,8 @@ func (svc *Service) buildImage(
 		return "", fmt.Errorf("failed to build image: %w", err)
 	}
 
-	deployment.ImageID = sql.NullString{String: imageID, Valid: true}
-	_ = deployment.AppendLog(ctx, "Image built: "+imageID)
+	deployment.ImageID = sql.NullString{String: imageID.String(), Valid: true}
+	_ = deployment.AppendLog(ctx, "Image built: "+imageID.String())
 
 	return imageID, nil
 }
@@ -1009,15 +1009,15 @@ func (svc *Service) removeOldContainer(
 		svc.log.Warn("failed to remove old container", "error", removeErr)
 	}
 
-	_ = deployment.AppendLog(ctx, "Old container removed: "+containerInfo.ID[:12])
+	_ = deployment.AppendLog(ctx, "Old container removed: "+string(containerInfo.ID[:12]))
 }
 
 func (svc *Service) createAndStartContainer(
 	ctx context.Context,
 	app *models.App,
 	deployment *models.Deployment,
-	imageID string,
-) (string, error) {
+	imageID docker.ImageID,
+) (docker.ContainerID, error) {
 	containerOpts, err := svc.buildContainerOptions(ctx, app, imageID)
 	if err != nil {
 		svc.failDeployment(ctx, app, deployment, err)
@@ -1038,8 +1038,8 @@ func (svc *Service) createAndStartContainer(
 		return "", fmt.Errorf("failed to create container: %w", err)
 	}
 
-	deployment.ContainerID = sql.NullString{String: containerID, Valid: true}
-	_ = deployment.AppendLog(ctx, "Container created: "+containerID)
+	deployment.ContainerID = sql.NullString{String: containerID.String(), Valid: true}
+	_ = deployment.AppendLog(ctx, "Container created: "+containerID.String())
 
 	startErr := svc.docker.StartContainer(ctx, containerID)
 	if startErr != nil {
@@ -1062,7 +1062,7 @@ func (svc *Service) createAndStartContainer(
 func (svc *Service) buildContainerOptions(
 	ctx context.Context,
 	app *models.App,
-	imageID string,
+	imageID docker.ImageID,
 ) (docker.CreateContainerOptions, error) {
 	envVars, err := app.GetEnvVars(ctx)
 	if err != nil {
@@ -1096,7 +1096,7 @@ func (svc *Service) buildContainerOptions(
 
 	return docker.CreateContainerOptions{
 		Name:    "upaas-" + app.Name,
-		Image:   imageID,
+		Image:   imageID.String(),
 		Env:     envMap,
 		Labels:  buildLabelMap(app, labels),
 		Volumes: buildVolumeMounts(volumes),
@@ -1146,9 +1146,9 @@ func buildPortMappings(ports []*models.Port) []docker.PortMapping {
 func (svc *Service) updateAppRunning(
 	ctx context.Context,
 	app *models.App,
-	imageID string,
+	imageID docker.ImageID,
 ) error {
-	app.ImageID = sql.NullString{String: imageID, Valid: true}
+	app.ImageID = sql.NullString{String: imageID.String(), Valid: true}
 	app.Status = models.AppStatusRunning
 
 	saveErr := app.Save(ctx)

internal/service/deploy/deploy_container_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"git.eeqj.de/sneak/upaas/internal/database"
+	"git.eeqj.de/sneak/upaas/internal/docker"
 	"git.eeqj.de/sneak/upaas/internal/models"
 	"git.eeqj.de/sneak/upaas/internal/service/deploy"
 )
@@ -27,14 +28,14 @@ func TestBuildContainerOptionsUsesImageID(t *testing.T) {
 	log := slog.New(slog.NewTextHandler(os.Stderr, nil))
 	svc := deploy.NewTestService(log)
 
-	const expectedImageID = "sha256:abc123def456"
+	const expectedImageID = docker.ImageID("sha256:abc123def456")
 
 	opts, err := svc.BuildContainerOptionsExported(context.Background(), app, expectedImageID)
 	if err != nil {
 		t.Fatalf("buildContainerOptions returned error: %v", err)
 	}
 
-	if opts.Image != expectedImageID {
+	if opts.Image != expectedImageID.String() {
 		t.Errorf("expected Image=%q, got %q", expectedImageID, opts.Image)
 	}
 

internal/service/deploy/export_test.go

@@ -86,7 +86,7 @@ func (svc *Service) GetBuildDirExported(appName string) string {
 func (svc *Service) BuildContainerOptionsExported(
 	ctx context.Context,
 	app *models.App,
-	imageID string,
+	imageID docker.ImageID,
 ) (docker.CreateContainerOptions, error) {
 	return svc.buildContainerOptions(ctx, app, imageID)
 }

internal/service/webhook/types.go

@@ -0,0 +1,10 @@
+package webhook
+
+// UnparsedURL is a URL stored as a plain string without parsing.
+// Use this instead of string when the value is known to be a URL
+// but should not be parsed into a net/url.URL (e.g. webhook URLs,
+// compare URLs from external payloads).
+type UnparsedURL string
+
+// String implements the fmt.Stringer interface.
+func (u UnparsedURL) String() string { return string(u) }

internal/service/webhook/webhook.go

@@ -11,6 +11,7 @@ import (
 	"go.uber.org/fx"
 
 	"git.eeqj.de/sneak/upaas/internal/database"
+
 	"git.eeqj.de/sneak/upaas/internal/logger"
 	"git.eeqj.de/sneak/upaas/internal/models"
 	"git.eeqj.de/sneak/upaas/internal/service/deploy"
@@ -47,24 +48,24 @@ func New(_ fx.Lifecycle, params ServiceParams) (*Service, error) {
 //
 //nolint:tagliatelle // Field names match Gitea API (snake_case)
 type GiteaPushPayload struct {
-	Ref        string `json:"ref"`
-	Before     string `json:"before"`
-	After      string `json:"after"`
-	CompareURL string `json:"compare_url"`
+	Ref        string      `json:"ref"`
+	Before     string      `json:"before"`
+	After      string      `json:"after"`
+	CompareURL UnparsedURL `json:"compare_url"`
 	Repository struct {
-		FullName string `json:"full_name"`
-		CloneURL string `json:"clone_url"`
-		SSHURL   string `json:"ssh_url"`
-		HTMLURL  string `json:"html_url"`
+		FullName string      `json:"full_name"`
+		CloneURL UnparsedURL `json:"clone_url"`
+		SSHURL   string      `json:"ssh_url"`
+		HTMLURL  UnparsedURL `json:"html_url"`
 	} `json:"repository"`
 	Pusher struct {
 		Username string `json:"username"`
 		Email    string `json:"email"`
 	} `json:"pusher"`
 	Commits []struct {
-		ID      string `json:"id"`
-		URL     string `json:"url"`
-		Message string `json:"message"`
+		ID      string      `json:"id"`
+		URL     UnparsedURL `json:"url"`
+		Message string      `json:"message"`
 		Author  struct {
 			Name  string `json:"name"`
 			Email string `json:"email"`
@@ -104,7 +105,7 @@ func (svc *Service) HandleWebhook(
 	event.EventType = eventType
 	event.Branch = branch
 	event.CommitSHA = sql.NullString{String: commitSHA, Valid: commitSHA != ""}
-	event.CommitURL = sql.NullString{String: commitURL, Valid: commitURL != ""}
+	event.CommitURL = sql.NullString{String: commitURL.String(), Valid: commitURL != ""}
 	event.Payload = sql.NullString{String: string(payload), Valid: true}
 	event.Matched = matched
 	event.Processed = false
@@ -168,7 +169,7 @@ func extractBranch(ref string) string {
 
 // extractCommitURL extracts the commit URL from the webhook payload.
 // Prefers the URL from the head commit, falls back to constructing from repo URL.
-func extractCommitURL(payload GiteaPushPayload) string {
+func extractCommitURL(payload GiteaPushPayload) UnparsedURL {
 	// Try to find the URL from the head commit (matching After SHA)
 	for _, commit := range payload.Commits {
 		if commit.ID == payload.After && commit.URL != "" {
@@ -178,7 +179,7 @@ func extractCommitURL(payload GiteaPushPayload) string {
 
 	// Fall back to constructing URL from repo HTML URL
 	if payload.Repository.HTMLURL != "" && payload.After != "" {
-		return payload.Repository.HTMLURL + "/commit/" + payload.After
+		return UnparsedURL(payload.Repository.HTMLURL.String() + "/commit/" + payload.After)
 	}
 
 	return ""