RR1-T101 Adding LocalX support

[ucswift]

Summary by CodeRabbit

• New Features

  • Docker container now supports optional LocalXpose tunneling (disabled by default).
  • Multiple tunnel configuration modes available: YAML file, reserved endpoints, or dynamic tunnels.
  • New environment variables for tunnel authentication and SMTP port configuration.

• Chores

  • Updated Docker build and container startup process.

[coderabbitai]

Warning

Rate limit exceeded

@ucswift has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 23 minutes and 48 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6422022a-6a81-4dff-8713-dfc432331a86

📥 Commits

Reviewing files that changed from the base of the PR and between 063e324 and 7bf1e3b.

📒 Files selected for processing (3)

• .github/workflows/dotnet.yml
• Dockerfile
• docker-entrypoint.sh

📝 Walkthrough

Walkthrough

The changes introduce LocalXpose CLI integration into the Docker build via a new multistage stage, replace the direct .NET entrypoint with a new script that conditionally manages tunneling setup based on environment variables, and add JetBrains IDEA directories to gitignore.

Changes

Cohort / File(s)	Summary
Version Control Configuration .gitignore	Added pattern to exclude JetBrains IDEA configuration directories from version control.
Docker Build & Entrypoint Dockerfile, docker-entrypoint.sh	Added loclx-download multistage to build LocalXpose CLI; switched container entrypoint from directly executing .NET assembly to running new shell script; introduced LocalXpose environment variable configuration with conditional tunnel setup logic supporting three tunnel modes (YAML config, reserved endpoint, or ephemeral), SMTP port detection, and authentication handling.

Sequence Diagram(s)

sequenceDiagram
    participant Container as Docker Container
    participant Entrypoint as docker-entrypoint.sh
    participant LocalXpose as LocalXpose CLI
    participant Relay as Relay Application
    
    Container->>Entrypoint: Execute entrypoint script
    
    alt LOCLX_ENABLED == true
        Entrypoint->>Entrypoint: Determine SMTP_PORT from env
        
        alt LOCLX_TOKEN is set
            Entrypoint->>LocalXpose: loclx login with token
            LocalXpose-->>Entrypoint: Authentication response
        else No LOCLX_TOKEN
            Entrypoint->>Entrypoint: Log warning
        end
        
        alt /etc/resgrid/loclx-tunnels.yaml exists
            Entrypoint->>LocalXpose: loclx tunnel -c /etc/resgrid/loclx-tunnels.yaml
        else LOCLX_RESERVED_ENDPOINT set
            Entrypoint->>LocalXpose: loclx tunnel (reserved) to localhost:SMTP_PORT
        else Fallback
            Entrypoint->>LocalXpose: loclx tunnel (ephemeral) to localhost:SMTP_PORT
        end
        
        LocalXpose-->>Entrypoint: Tunnel PID
        Entrypoint->>Entrypoint: Log tunnel PID
    end
    
    Entrypoint->>Relay: exec dotnet Resgrid.Audio.Relay.Console.dll
    Relay-->>Container: Running

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A tunnel through LocalXpose we weave,
The relay now enters with style and grace,
Configuration flows like carrots in space,
Docker builds faster, .idea we leave—
Hop, hop, hop, to production we achieve! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'RR1-T101 Adding LocalX support' accurately reflects the main changes: adding LocalXpose CLI integration and tunneling support via new Dockerfile configurations and entrypoint script.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch develop

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 23 minutes and 48 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docker-entrypoint.sh`:
- Line 34: Replace passing the token via CLI args to avoid exposing secrets:
stop invoking loclx auth login with the --token flag (the line containing "loclx
auth login --token \"${LOCLX_TOKEN}\"") and instead export the token as the
expected environment variable and call auth login without --token; for Docker
set LX_ACCESS_TOKEN (or ACCESS_TOKEN per CLI docs) from LOCLX_TOKEN (e.g. export
LX_ACCESS_TOKEN="${LOCLX_TOKEN}") before running loclx auth login so the CLI
reads the token from the environment rather than process arguments.

In `@Dockerfile`:
- Around line 10-17: The Dockerfile's loclx-download stage currently fetches
"releases/latest" and hardcodes loclx-linux-amd64.zip without checksum or
multi-arch support; update the loclx-download stage to pin a specific release
tag (e.g., set LOCLX_VERSION), build the download URL using that variable and
the build ARG TARGETARCH (use loclx-linux-${TARGETARCH}.zip), also download the
corresponding SHA256SUM or .sha256 file and run sha256sum -c to verify integrity
before running the install step (ensure the workflow fails on mismatch), and
keep the existing find/install steps but only after checksum verification.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ab12ab27-5be9-44bd-affa-3edf95f417f3

📥 Commits

Reviewing files that changed from the base of the PR and between 5390fa3 and 063e324.

📒 Files selected for processing (3)

• .gitignore
• Dockerfile
• docker-entrypoint.sh

[ucswift]

Approve

[github-actions]

This PR is approved.