chore: 使用预构建镜像替代本地构建

[lostiv]

前端使用 lost4/gitstars:latest，后端使用 lost4/gitstars:backend

Summary by CodeRabbit

Release Notes

• Chores
  • Updated Docker configuration to use prebuilt container images, improving deployment consistency and reliability.

[coderabbitai]

📝 Walkthrough

Walkthrough

The docker-compose.yml configuration is updated to use prebuilt Docker images for both services. The frontend service now points to lost4/gitstars:latest and the backend service to lost4/gitstars:backend, replacing local build contexts while preserving port mappings, dependencies, environment variables, and restart policies.

Changes

Prebuilt Images Configuration

Layer / File(s)	Summary
Service Image References docker-compose.yml	frontend switches from local build to lost4/gitstars:latest image; backend switches from build: ./server to lost4/gitstars:backend image. Container port mappings, restart policies, environment variables, and volume configurations are preserved.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• lostiv/GithubStarsManager#1: Adds GitHub Actions workflow to build and push the lost4/gitstars:latest and lost4/gitstars:backend images that this PR now references in docker-compose.yml.

Poem

🐰 Images built and ready now,
No more waiting for the local pow,
Docker pulls the prebuilt dreams,
Faster flows, efficient streams—
Rabbit hops through docker-compose with glee!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The pull request title '@' is a single character that provides no meaningful information about the changes.	Replace the title with a clear, descriptive single sentence that summarizes the main change, such as 'Use prebuilt Docker images for frontend and backend services'.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/webdv

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docker-compose.yml`:
- Line 5: Replace mutable image tags with immutable digests: locate the image
entries using the tags "lost4/gitstars:latest" and the other
"lost4/gitstars:backend" in the compose file and replace each tag with the
corresponding image@sha256:<digest> value you obtain from Docker Hub (or your
registry) for the exact build you want; fetch the digests (e.g., via `docker
pull`/`docker inspect --format='{{index .RepoDigests 0}}'` or the registry API),
verify they reference the correct version, and update the docker-compose image
lines to use the pinned sha256 digests.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: cdc9f206-6d34-47e9-8ffd-e982b5657643

📥 Commits

Reviewing files that changed from the base of the PR and between e6e2c3a and b0ed119.

📒 Files selected for processing (1)

• docker-compose.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "frontend latest digest(s):"
curl -s https://hub.docker.com/v2/namespaces/lost4/repositories/gitstars/tags/latest \
  | jq -r '.images[] | "\(.os)/\(.architecture) \(.digest)"'

echo
echo "backend tag digest(s):"
curl -s https://hub.docker.com/v2/namespaces/lost4/repositories/gitstars/tags/backend \
  | jq -r '.images[] | "\(.os)/\(.architecture) \(.digest)"'

Repository: lostiv/GithubStarsManager

Length of output: 288

---

🏁 Script executed:

#!/bin/bash
# Check if docker-compose.yml exists and display lines around 5 and 13
if [ -f "docker-compose.yml" ]; then
  echo "=== File exists ==="
  wc -l docker-compose.yml
  echo
  echo "=== Lines 1-15 ==="
  head -n 15 docker-compose.yml | cat -n
  echo
  echo "=== Checking image declarations ==="
  grep -n "image:" docker-compose.yml
else
  echo "docker-compose.yml not found"
  # Try to find it
  find . -name "docker-compose.yml" -type f 2>/dev/null | head -20
fi

Repository: lostiv/GithubStarsManager

Length of output: 578

---

Pin container images by digest to avoid mutable-tag drift.

Lines 5 and 13 use mutable tags (latest and backend), making deploys non-reproducible and vulnerable to silent changes. Pin both images with the concrete digests retrieved from Docker Hub:

Suggested change

 services:
   frontend:
-    image: lost4/gitstars:latest
+    image: lost4/gitstars:latest@sha256:a1995307eb23bc1b995fbc307530fefb5ced745b2e2172b90a8d225a10be13bd
   backend:
-    image: lost4/gitstars:backend
+    image: lost4/gitstars:backend@sha256:e1c8776749bee5d4697294c0c2c642c2bc87e235e0367fc75696531df1a5ee3e

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker-compose.yml` at line 5, Replace mutable image tags with immutable
digests: locate the image entries using the tags "lost4/gitstars:latest" and the
other "lost4/gitstars:backend" in the compose file and replace each tag with the
corresponding image@sha256:<digest> value you obtain from Docker Hub (or your
registry) for the exact build you want; fetch the digests (e.g., via `docker
pull`/`docker inspect --format='{{index .RepoDigests 0}}'` or the registry API),
verify they reference the correct version, and update the docker-compose image
lines to use the pinned sha256 digests.