Skip to content

feat: Add Docker support for NAS deployment#9

Closed
EconoBen wants to merge 3 commits into
kenn-io:mainfrom
EconoBen:feat/docker-foundation
Closed

feat: Add Docker support for NAS deployment#9
EconoBen wants to merge 3 commits into
kenn-io:mainfrom
EconoBen:feat/docker-foundation

Conversation

@EconoBen
Copy link
Copy Markdown
Contributor

@EconoBen EconoBen commented Feb 2, 2026

Summary

Adds Docker-based deployment infrastructure for running msgvault on Synology NAS and similar devices.

  • Dockerfile: Multi-stage build (golang builder + debian-slim runtime) with CGO support for DuckDB/SQLite
  • .dockerignore: Clean build context excluding test files, .git, build artifacts
  • docker-compose.yml: Template for NAS deployment with volume mounts and environment variables
  • GitHub Actions: Multi-arch builds (linux/amd64, linux/arm64) pushing to ghcr.io
  • Makefile: Added docker-build, docker-build-multi, docker-run, docker-clean targets

Test plan

  • Docker image builds successfully
  • msgvault version works in container
  • Container runs as non-root user (UID 1000)
  • Volume persistence works (tested with init-db)
  • Image size under 500MB target (actual: 212MB)
  • All existing tests pass (make test)
  • GitHub Actions workflow runs on merge

Notes

This is Phase 1 of the NAS deployment feature. Future phases will add:

  • Phase 2: Daemon mode with scheduled sync
  • Phase 3: HTTP API for remote access
  • Phase 4: Web UI
  • Phase 5: OAuth workflow improvements
  • Phase 6: MCP HTTP bridge

🤖 Generated with Claude Code

@EconoBen @claude
feat: Add Docker support for NAS deployment
1c43ecf 
- Add multi-stage Dockerfile (golang builder + debian-slim runtime)
- Add .dockerignore to reduce build context
- Add docker-compose.yml template for easy deployment
- Add GitHub Actions workflow for multi-arch builds (amd64/arm64)
- Add Makefile docker-* targets for local development

Tested:
- Docker build succeeds
- Container runs as non-root user (UID 1000)
- Volume persistence works
- Image size: 212MB

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@omarish
Copy link
Copy Markdown

omarish commented Feb 3, 2026

I was about to do this but you got to it already. 🙏

EconoBen and others added 2 commits February 3, 2026 10:36
@EconoBen @claude
fix: Address roborev review findings
f1d5714 
- Add trailing newline to .dockerignore
- Require MSGVAULT_API_KEY env var (no insecure default)
- Update .roborev.toml with beads integration and guidelines

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@EconoBen
style: Add trailing newline to .roborev.toml
67a09c7
@wesm
Copy link
Copy Markdown
Member

wesm commented Feb 4, 2026

Thank you for working on this, definitely something that has been on my wishlist! I'm backlogged because of the flurry of contributions and activity so once I get out of triage mode to help users onboarding into msgvault I will take a closer look at this, but it may be several days yet

twigley
twigley reviewed Feb 4, 2026
View reviewed changes
Comment thread docker-compose.yml

services:
msgvault:
image: ghcr.io/econoben/msgvault:latest
Copy link
Copy Markdown

@twigley twigley Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
image: ghcr.io/econoben/msgvault:latest
image: ghcr.io/wesm/msgvault:latest

@wesm
Copy link
Copy Markdown
Member

wesm commented Feb 6, 2026

superseded by #77

@wesm wesm closed this Feb 6, 2026
webgress added a commit to webgress/msgvault that referenced this pull request May 22, 2026
@webgress
store, cmd: surface PG verify skip; harden legacy SearchMessages; doc…
b2217ed 
… fixes

External review batch.

BLOCKER kenn-io#9 — verify silently skipped its integrity check on PG.
- Updated cmd/msgvault/cmd/verify.go to print "Skipping database
  integrity check (PostgreSQL — use pg_amcheck out-of-band)." instead
  of silently swallowing the step. Rewrote the cobra Long description
  so both the SQLite branch ("runs PRAGMA integrity_check") and the
  PG branch ("prints a notice…") are visible to --help readers. Kept
  the IsPostgreSQL() guard inside runIntegrityCheck as belt-and-braces
  for any future caller.

IMPORTANT kenn-io#4 — legacy SearchMessages bypassed BuildFTSArg.
- internal/store/api.go SearchMessages bound the raw user query string
  straight into FTSSearchClause's placeholder. On PG that fed
  to_tsquery un-escaped input; multi-word or punctuated queries (the
  norm) errored at the parser. On SQLite raw FTS5 metacharacters in
  user input would reach MATCH the same way. Now SearchMessages
  splits on whitespace and delegates to SearchMessagesQuery so the
  dialect's BuildFTSArg sanitizes per backend and the just-landed
  FALSE-fallback handles tokenless inputs uniformly. Whitespace-only
  input short-circuits to zero hits before invoking the FTS pipeline.

NIT kenn-io#1, kenn-io#14 — dialect comments drifted from current behavior.
- internal/store/dialect.go BuildFTSArg interface comment now
  describes the actual prefix-match output shape on both backends and
  the empty-fallback contract.
- internal/store/dialect_pg.go BuildFTSArg comment trimmed of the
  past-tense plainto_tsquery history; now describes only the current
  to_tsquery shape and the empty-fallback rule.

Tests
- TestSearchMessages_LegacyRawString covers multi-word, single-word,
  pure punctuation, pure dashes, whitespace-only, and mixed
  punctuation inputs to the legacy entrypoint. Runs on both SQLite
  and PostgreSQL via storetest.New / testutil.NewTestStore.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@twigley twigley twigley left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@EconoBen @omarish @wesm @twigley