Merge v5.0.0 into stable #19
Conversation
github-actions
bot
added
documentation
|
@copilot Please run ci/cd checks on the v5 branch to ensure stable. |
|
@linuskang I've opened a new pull request, #20, to work on those changes. Once the pull request is ready, I'll request review from you. |
There was a problem hiding this comment.
Pull request overview
This pull request merges v5.0.0 into stable, introducing comprehensive Docker-based deployment infrastructure, CI/CD automation, and improved configuration management for self-hosting the Bubbly Maps application.
Key Changes:
- Production-ready Docker configuration with multi-stage builds and standalone Next.js output
- GitHub Actions workflows for PR automation (labeling, size checking, welcome messages) and Docker image builds
- Environment configuration examples and documentation improvements for self-hosting
Reviewed changes
Copilot reviewed 10 out of 18 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
prisma/schema.prisma |
Added Debian OpenSSL binary target for Docker compatibility |
generated/prisma/* |
Auto-generated Prisma client files reflecting schema updates |
package.json |
Added sharp dependency for image processing |
package-lock.json |
Updated lock file with sharp dependencies moved to production |
next.config.js |
Added standalone output mode for Docker deployment |
Dockerfile |
New multi-stage production-ready Docker image configuration |
docker-compose.yml |
Docker Compose orchestration file with environment variable examples |
.dockerignore |
Excludes unnecessary files from Docker build context |
.env.example |
Comprehensive environment variable template |
README.md |
Updated self-hosting documentation and access instructions |
.github/workflows/prs.yml |
PR automation workflow for labeling and validation |
.github/workflows/deploy-docker.yml |
Docker build and publish workflow with security scanning |
.github/labler.yml |
Configuration for automatic PR labeling (filename has typo) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| with: | ||
| repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
| pr-message: | | ||
| 👋 Thanks for opening your first pull request! |
There was a problem hiding this comment.
Trailing whitespace present on line 65. This is inconsistent with the rest of the file and should be removed for better code hygiene.
| 👋 Thanks for opening your first pull request! | |
| 👋 Thanks for opening your first pull request! |
| ENV API_TOKEN="example" | ||
|
|
||
| # Reinstall build-time tools (eslint/typescript/prisma) via devDeps | ||
| ENV NODE_ENV=production |
There was a problem hiding this comment.
The NODE_ENV variable is redundantly set twice. Line 34 sets it to production, and then line 51 sets it again to the same value. The duplicate on line 51 should be removed as it serves no purpose and creates confusion.
| ENV NODE_ENV=production |
| - AUTH_SECRET=secret | ||
| - AUTH_GOOGLE_ID=googid | ||
| - AUTH_GOOGLE_SECRET=googsecret | ||
| - AUTH_TRUST_HOST=http://localhost:3000 | ||
| - AUTH_RESEND_KEY="secret" | ||
| # MINIO | ||
| - MINIO_URL=url | ||
| - MINIO_BUCKET=bubblymaps | ||
| - MINIO_USER=user | ||
| - MINIO_PASS=pass | ||
| # BUBBLY MAPS API | ||
| - APP_URL=http://localhost:3000 | ||
| - API_TOKEN="secret" | ||
| # LOGGING | ||
| - DISCORD_WEBHOOK_URL=url | ||
| # DEBUG | ||
| - APP_VERSION=v5.0.0 | ||
| - API_VERSION=v5 No newline at end of file |
There was a problem hiding this comment.
Inconsistent quoting of environment variable values. Some values use quotes (e.g., "secret" on lines 13, 17, 25) while others don't (e.g., url, user, pass on lines 19, 21, 22). For consistency and to avoid potential parsing issues, either quote all string values or remove quotes from all non-whitespace values.
| ENV APP_URL="http://localhost:3000" | ||
| ENV API_TOKEN="example" | ||
|
|
||
| # Reinstall build-time tools (eslint/typescript/prisma) via devDeps |
There was a problem hiding this comment.
The comment on line 50 mentions "Reinstall build-time tools (eslint/typescript/prisma) via devDeps" but the following commands only install system packages (openssl, ca-certificates) and don't actually reinstall any Node.js devDependencies. This comment is misleading and should be updated to accurately describe what the commands do, such as "Install required system dependencies for build".
| # Reinstall build-time tools (eslint/typescript/prisma) via devDeps | |
| # Install required system dependencies for build (e.g., OpenSSL for Prisma) |
| docker compose up -d | ||
| ``` | ||
|
|
||
| Access your instance at ``http://localhost:3000``. |
There was a problem hiding this comment.
Double backticks are used around the URL instead of a single pair. The correct markdown syntax should be a single backtick on each side: http://localhost:3000.
| Access your instance at ``http://localhost:3000``. | |
| Access your instance at `http://localhost:3000`. |
| # INITIAL ENV | ||
| ENV NODE_ENV=production | ||
| ENV AUTH_RESEND_KEY="example" | ||
| ENV DATABASE_URL="postgresql://user:pass@host:5432/database?schema=public" | ||
| ENV AUTH_SECRET="example" | ||
| ENV AUTH_GOOGLE_ID="example" | ||
| ENV AUTH_GOOGLE_SECRET="example" | ||
| ENV AUTH_TRUST_HOST="http://localhost:3000" | ||
| ENV MINIO_URL="http://localhost:9000" | ||
| ENV MINIO_BUCKET="bubblymaps" | ||
| ENV MINIO_USER="minioadmin" | ||
| ENV MINIO_PASS="minioadmin" | ||
| ENV APP_VERSION="v5.0.0" | ||
| ENV API_VERSION="v5" | ||
| ENV APP_URL="http://localhost:3000" | ||
| ENV API_TOKEN="example" |
There was a problem hiding this comment.
Hardcoded placeholder credentials like "minioadmin"/"minioadmin" (lines 43-44) and "example" values are present in the builder stage. While these are only used at build time for validation and not in the runtime image, consider documenting that these are dummy values required for the build process to pass environment variable validation, to avoid confusion about whether these credentials could pose a security risk.
|
|
||
| - name: Scan image for vulnerabilities | ||
| if: github.event_name != 'pull_request' | ||
| uses: aquasecurity/trivy-action@master |
There was a problem hiding this comment.
Using @master for the trivy-action is not a best practice as it references a branch instead of a specific version tag. This can lead to unexpected breaking changes when the master branch is updated. Consider using a specific version tag like @0.28.0 or a commit SHA to ensure reproducible builds.
| uses: aquasecurity/trivy-action@master | |
| uses: aquasecurity/trivy-action@0.28.0 |
This pull request introduces comprehensive improvements for Docker-based deployment, environment configuration, and CI/CD automation. It adds Docker support with production-ready configuration, provides example environment variables, implements automated GitHub workflows for PR labeling and Docker builds, and enhances documentation for self-hosting. These changes streamline deployment, improve developer experience, and enforce best practices for environment and code management.
Overall platform enhancements
Docker and Deployment Enhancements:
Dockerfilewith multi-stage builds for efficient, secure, and reproducible Docker images..dockerignorefile to exclude unnecessary files from Docker build context, reducing image size and build time.docker-compose.ymlfile for easy local orchestration and configuration of environment variables.Environment and Configuration Management:
.env.examplefile listing all required environment variables for authentication, database, S3 storage, API, and logging.CI/CD and Automation:
.github/workflows/deploy-docker.yml)..github/workflows/prs.yml)..github/labler.ymlto configure labeler actions based on file changes, enabling better PR categorization.Documentation Improvements:
README.mdwith clearer instructions for self-hosting, access URL, and links to official documentation. [1] [2]Build and Dependency Updates:
sharpas a new dependency inpackage.jsonfor image processing.prisma/schema.prismato support additional binary targets for compatibility in Docker environments.