feat(ci): Publish UI as lightweight container image#59
Merged
Conversation
The dashboard UI is now shipped as a public container image on GHCR in addition to the existing dist archive. Pushes to main publish an image tagged with the short commit SHA; published releases publish versioned tags plus latest for non-prereleases. Images carry standard OCI metadata (title, description, vendor, licenses, source, documentation, revision, version, created) so the image is self-describing when inspected or browsed on GHCR.
Code Review SummaryThe PR successfully introduces a robust containerization strategy for the UI component. It leverages GitHub Actions for automated publishing to GHCR with proper versioning and OCI metadata. 🚀 Key Improvements
💡 Minor Suggestions
|
![sourceant[bot]](https://avatars.githubusercontent.com/in/1161781?s=60&v=4){kind=small}
Deploying flatrun-ui with
|
| Latest commit: |
e6f0ebf
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://add4748d.flatrun-ui.pages.dev |
| Branch Preview URL: | https://ci-docker-image.flatrun-ui.pages.dev |
Package visibility is set once in the GHCR package settings and persists across pushes, matching how the webservice image is handled. The extra API call added noise and required elevated token scopes that the default workflow token does not carry.
Index now allows conditional revalidation so returning visitors reuse the cached shell on 304s instead of re-downloading it every load. Static assets cache for thirty days instead of a year, giving a sane recovery window if a mishashed asset ever slips into a release.
| @@ -0,0 +1,22 @@ | |||
| # syntax=docker/dockerfile:1 | |||
|
|
|||
| FROM node:22-alpine AS build | |||
There was a problem hiding this comment.
It is recommended to use a specific SHA or a more granular version tag for the build stage to ensure build reproducibility over time. While 22-alpine is relatively stable, it can still receive updates that might break builds.
Suggested change
| FROM node:22-alpine AS build | |
| FROM node:22.11.0-alpine AS build |
|
|
||
| location /assets/ { | ||
| expires 30d; | ||
| add_header Cache-Control "public"; |
There was a problem hiding this comment.
When using add_header, Nginx inherits headers from the outer scope only if no headers are defined in the current scope. Adding Cache-Control here might suppress other security headers if they were defined at the server level later. It's best to be explicit with the full policy.
Suggested change
| add_header Cache-Control "public"; | |
| add_header Cache-Control "public, max-age=2592000, immutable"; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The dashboard UI is now shipped as a public container image on GHCR in addition to the existing dist archive. Pushes to main publish an image tagged with the short commit SHA; published releases publish versioned tags plus latest for non-prereleases.
Images carry standard OCI metadata (title, description, vendor, licenses, source, documentation, revision, version, created) so the image is self-describing when inspected or browsed on GHCR.