From 4884908c2b20ae8a33ac73497410d954bae94c61 Mon Sep 17 00:00:00 2001
From: Antony Messerli <antony@mes.ser.li>
Date: Sat, 6 Dec 2025 12:58:49 -0600
Subject: [PATCH] CI Improvements for testing images

* Drop forced chown during copy
* Adding PR Template
---
 .github/pull_request_template.md | 58 ++++++++++++++++++++
 .github/workflows/build.yml      | 94 +++++++++++++++++++++++++++++---
 Dockerfile                       |  3 +-
 3 files changed, 145 insertions(+), 10 deletions(-)
 create mode 100644 .github/pull_request_template.md

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000..f42dee0
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,58 @@
+## Description
+<!-- Describe your changes in detail -->
+
+## Type of Change
+<!-- Mark the relevant option with an 'x' -->
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Documentation update
+- [ ] Dependency update
+
+## Related Issues
+<!-- Link to related issues, e.g., "Fixes #123" or "Relates to #456" -->
+
+## Testing
+<!-- Describe how you tested your changes -->
+
+### Test Environment
+- [ ] Docker
+- [ ] Podman (rootless)
+- [ ] Docker Compose
+- [ ] Other: ___________
+
+### Platforms Tested
+- [ ] linux/amd64
+- [ ] linux/arm64
+
+### Test Scenarios
+- [ ] Standard volume mount
+- [ ] NFS volume mount
+- [ ] Custom PUID/PGID
+- [ ] SELinux enabled
+- [ ] Other: ___________
+
+### Test Results
+```
+# Paste relevant test output or logs
+```
+
+## Test Images
+<!-- Automated test images will be built and commented on this PR -->
+Once the build completes, test images will be available:
+- `netbootxyz/netbootxyz:pr-{number}`
+- `ghcr.io/netbootxyz/netbootxyz:pr-{number}`
+
+See the auto-generated comment below for pull and test commands.
+
+## Checklist
+- [ ] My code follows the style of this project
+- [ ] I have tested my changes locally
+- [ ] I have tested the automated PR build image
+- [ ] I have updated documentation (if applicable)
+- [ ] My changes generate no new errors or warnings
+- [ ] I have added comments to complex code sections
+
+## Additional Notes
+<!-- Any additional information that reviewers should know -->
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index cd17a4f..f5e142a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -4,6 +4,11 @@ on:
     branches:
       - master
   workflow_dispatch:
+    inputs:
+      tag_suffix:
+        description: 'Optional tag suffix (e.g., "test-feature")'
+        required: false
+        default: ''
     
 jobs:
   build:
@@ -39,6 +44,21 @@ jobs:
         WEBAPP_RELEASE=$(curl -sX GET "https://api.github.com/repos/netbootxyz/webapp/releases/latest" | jq -r '. | .tag_name')
         echo "WEBAPP_RELEASE=${WEBAPP_RELEASE}" >> $GITHUB_ENV
 
+    - name: Determine tag strategy
+      id: tags
+      run: |
+        if [ "${{ github.event_name }}" == "pull_request" ]; then
+          echo "TAG_SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
+          echo "IS_PR=true" >> $GITHUB_ENV
+        elif [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
+          if [ -n "${{ github.event.inputs.tag_suffix }}" ]; then
+            echo "TAG_SUFFIX=test-${{ github.event.inputs.tag_suffix }}" >> $GITHUB_ENV
+          else
+            echo "TAG_SUFFIX=test-$(date +'%Y%m%d-%H%M%S')" >> $GITHUB_ENV
+          fi
+          echo "IS_PR=false" >> $GITHUB_ENV
+        fi
+
     - name: Build and push PR test image
       uses: docker/build-push-action@v6
       with:
@@ -48,26 +68,82 @@ jobs:
         platforms: linux/amd64,linux/arm64
         build-args: |
           WEBAPP_VERSION=${{ env.WEBAPP_RELEASE }}
-          VERSION=pr-${{ github.event.number }}
+          VERSION=${{ env.TAG_SUFFIX }}
           BUILD_DATE=$(date +'%Y-%m-%dT%H:%M:%S')
         tags: |
-          netbootxyz/netbootxyz:pr-${{ github.event.number }}
-          netbootxyz/netbootxyz:pr-${{ github.event.number }}-${{ github.sha }}
-          ghcr.io/netbootxyz/netbootxyz:pr-${{ github.event.number }}
-          ghcr.io/netbootxyz/netbootxyz:pr-${{ github.event.number }}-${{ github.sha }}
+          netbootxyz/netbootxyz:${{ env.TAG_SUFFIX }}
+          netbootxyz/netbootxyz:${{ env.TAG_SUFFIX }}-${{ github.sha }}
+          ghcr.io/netbootxyz/netbootxyz:${{ env.TAG_SUFFIX }}
+          ghcr.io/netbootxyz/netbootxyz:${{ env.TAG_SUFFIX }}-${{ github.sha }}
         labels: |
           org.opencontainers.image.title=netbootxyz
-          org.opencontainers.image.description=netboot.xyz PR test image
-          org.opencontainers.image.version=pr-${{ github.event.number }}
+          org.opencontainers.image.description=netboot.xyz test image
+          org.opencontainers.image.version=${{ env.TAG_SUFFIX }}
           org.opencontainers.image.revision=${{ github.sha }}
           org.opencontainers.image.source=https://github.com/netbootxyz/docker-netbootxyz
 
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@0.33.1
       with:
-        image-ref: 'ghcr.io/netbootxyz/netbootxyz:pr-${{ github.event.number }}'
+        image-ref: 'ghcr.io/netbootxyz/netbootxyz:${{ env.TAG_SUFFIX }}'
         format: 'table'
-        exit-code: '1'
+        exit-code: '0'
         ignore-unfixed: true
         vuln-type: 'os,library'
         severity: 'CRITICAL,HIGH'
+
+    - name: Comment on PR with test instructions
+      if: github.event_name == 'pull_request'
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const comment = `## 🚀 Test Image Built Successfully!
+
+          Your PR test images have been published and are ready for testing:
+
+          ### Docker Hub
+          \`\`\`bash
+          docker pull netbootxyz/netbootxyz:pr-${{ github.event.number }}
+          \`\`\`
+
+          ### GitHub Container Registry
+          \`\`\`bash
+          docker pull ghcr.io/netbootxyz/netbootxyz:pr-${{ github.event.number }}
+          \`\`\`
+
+          ### Quick Test Commands
+
+          **Standard Docker:**
+          \`\`\`bash
+          docker run -d \\
+            --name netbootxyz-test \\
+            -e PUID=1000 \\
+            -e PGID=1000 \\
+            -p 3000:3000 \\
+            -p 69:69/udp \\
+            -p 8080:80 \\
+            -v /local/path/config:/config \\
+            netbootxyz/netbootxyz:pr-${{ github.event.number }}
+          \`\`\`
+
+          ### Platforms
+          - ✅ linux/amd64
+          - ✅ linux/arm64
+
+          ### Check Logs
+          \`\`\`bash
+          docker logs -f netbootxyz-test
+          \`\`\`
+
+          ---
+          📦 **SHA:** \`${{ github.sha }}\`
+          🏷️ **Webapp Version:** \`${{ env.WEBAPP_RELEASE }}\`
+          `;
+
+          github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: comment
+          });
+
diff --git a/Dockerfile b/Dockerfile
index 4219def..62268b4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -50,6 +50,7 @@ LABEL org.opencontainers.image.title="netboot.xyz" \
       maintainer="antonym"
 
 # Install runtime dependencies and configure system in a single layer
+RUN apk --initdb add --no-cache alpine-baselayout busybox
 RUN apk add --no-cache \
     # Core utilities
     bash \
@@ -91,7 +92,7 @@ EXPOSE 80
 EXPOSE 3000
 
 # Copy configuration files and scripts
-COPY --chown=root:root root/ /
+COPY root/ /
 
 # Make scripts executable
 RUN chmod +x /start.sh /init.sh /healthcheck.sh /usr/local/bin/dnsmasq-wrapper.sh