Pre-release features: private registry auth, health-check + rollback, more notifiers, subpath + polish#18
Merged
Conversation
Read static auths from $DOCKER_CONFIG/config.json (or ~/.docker/config.json) and authenticate registry requests: send Basic on the token request for the standard Bearer flow (GHCR, Docker Hub) and fall back to direct HTTP Basic for registries that want it. Previously private images were skipped and anonymous Docker Hub pulls could hit the rate limit. No secrets are stored by the app — credentials live only in the mounted Docker config. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
After an update DockPull now verifies the container actually comes up: it polls state/health for ~30s and, if it crash-loops or stays unhealthy, reports an actionable failure instead of a false green. Every update that changes the image records a rollback point (the previous local image ID). A new POST /api/update/:name/revert recreates the container from that image and starts it, streaming over the same SSE channel; the dashboard shows a Revert button (with a confirm) whenever a rollback point exists. Works for compose- and standalone-managed containers. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
Generalize notifications beyond Discord. A notifyType setting (discord | ntfy | gotify | webhook) selects the format; notify.js dispatches to the right payload (Discord JSON, ntfy text + Title/Tags headers, Gotify JSON, or a generic JSON webhook with a structured containers list). Settings gains a 'Notify via' dropdown with per-type URL hints, and the scheduled-check + test paths use it. Because self-hosted ntfy/Gotify usually live on a LAN, the notification URL is now validated as any well-formed http(s) URL (internal hosts allowed) rather than https-public-only — it's an admin-only, deliberately-configured target. SECURITY.md updated accordingly. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
- BASE_PATH subpath support: Vite base + router basename + relative API base + manifest scope on the client; a server prefix-strip middleware + subpath cookie path, so it runs under e.g. /dockpull/ behind a non-stripping proxy. - Persist a last-check summary (time, counts, per-container errors) and expose GET /api/status (app version + lastCheck). Dashboard shows 'Last checked … ago'; cards that couldn't be checked (private registry / rate limit) show a warning; Settings → About shows the running DockPull version. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Four pre-release features, one commit each.
1. Private registry auth
Read static
authsfrom$DOCKER_CONFIG/config.json(or~/.docker/config.json) and authenticate registry requests — Basic on the token request for the Bearer flow (GHCR/Docker Hub), or direct HTTP Basic. Private images are no longer skipped, and authenticated Docker Hub pulls dodge the anonymous rate limit. No secrets stored by the app.2. Post-update health check + one-click revert
After
up -d, poll the container ~30s and report an actionable failure if it crash-loops / stays unhealthy instead of a false green. Every image-changing update records a rollback point (previous local image ID);POST /api/update/:name/revertrecreates the container from it (streamed over the same SSE channel). Dashboard shows a Revert button (with confirm) when available.3. More notifiers
Generalized notifications beyond Discord: ntfy, Gotify, and a generic JSON webhook, selected by a
notifyTypesetting with a "Notify via" dropdown. The notification URL is validated as a well-formedhttp(s)URL and allows internal/LAN hosts (self-hosted ntfy/Gotify), since it's an admin-only target.4. Subpath support + polish
BASE_PATHsubpath support (Vite base + router basename + relative API base + manifest scope; server prefix-strip middleware + subpath cookie path).GET /api/status(app version + last check summary). Dashboard shows "Last checked … ago"; cards that couldn't be checked (private/rate-limited) show a warning; Settings → About shows the running version.Verification
isValidNotifyUrl, rollback/meta smoke).BASE_PATH=/dockpull: prefixed routes resolve,/api/*stays auth-gated, cookie scoped to/dockpull.Note: README screenshots weren't added (can't capture a live dashboard here) — worth adding a real screenshot/GIF before the post.
🤖 Generated with Claude Code
Generated by Claude Code