Skip to content

Pre-release features: private registry auth, health-check + rollback, more notifiers, subpath + polish#18

Merged
StrandedTurtle merged 4 commits into
mainfrom
claude/youthful-pasteur-2f6s72
Jul 1, 2026
Merged

Pre-release features: private registry auth, health-check + rollback, more notifiers, subpath + polish#18
StrandedTurtle merged 4 commits into
mainfrom
claude/youthful-pasteur-2f6s72

Conversation

@StrandedTurtle

Copy link
Copy Markdown
Owner

Four pre-release features, one commit each.

1. Private registry auth

Read static auths from $DOCKER_CONFIG/config.json (or ~/.docker/config.json) and authenticate registry requests — Basic on the token request for the Bearer flow (GHCR/Docker Hub), or direct HTTP Basic. Private images are no longer skipped, and authenticated Docker Hub pulls dodge the anonymous rate limit. No secrets stored by the app.

2. Post-update health check + one-click revert

After up -d, poll the container ~30s and report an actionable failure if it crash-loops / stays unhealthy instead of a false green. Every image-changing update records a rollback point (previous local image ID); POST /api/update/:name/revert recreates the container from it (streamed over the same SSE channel). Dashboard shows a Revert button (with confirm) when available.

3. More notifiers

Generalized notifications beyond Discord: ntfy, Gotify, and a generic JSON webhook, selected by a notifyType setting with a "Notify via" dropdown. The notification URL is validated as a well-formed http(s) URL and allows internal/LAN hosts (self-hosted ntfy/Gotify), since it's an admin-only target.

4. Subpath support + polish

  • BASE_PATH subpath support (Vite base + router basename + relative API base + manifest scope; server prefix-strip middleware + subpath cookie path).
  • Persist last-check status → GET /api/status (app version + last check summary). Dashboard shows "Last checked … ago"; cards that couldn't be checked (private/rate-limited) show a warning; Settings → About shows the running version.

Verification

  • Server tests 111/111 (added registry-auth, notifier builders, isValidNotifyUrl, rollback/meta smoke).
  • Client build clean.
  • Booted with BASE_PATH=/dockpull: prefixed routes resolve, /api/* stays auth-gated, cookie scoped to /dockpull.

Note: README screenshots weren't added (can't capture a live dashboard here) — worth adding a real screenshot/GIF before the post.

🤖 Generated with Claude Code


Generated by Claude Code

strandedturtle and others added 4 commits June 30, 2026 14:14
Read static auths from $DOCKER_CONFIG/config.json (or ~/.docker/config.json)
and authenticate registry requests: send Basic on the token request for the
standard Bearer flow (GHCR, Docker Hub) and fall back to direct HTTP Basic for
registries that want it. Previously private images were skipped and anonymous
Docker Hub pulls could hit the rate limit. No secrets are stored by the app —
credentials live only in the mounted Docker config.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
After an update DockPull now verifies the container actually comes up: it polls
state/health for ~30s and, if it crash-loops or stays unhealthy, reports an
actionable failure instead of a false green.

Every update that changes the image records a rollback point (the previous local
image ID). A new POST /api/update/:name/revert recreates the container from that
image and starts it, streaming over the same SSE channel; the dashboard shows a
Revert button (with a confirm) whenever a rollback point exists. Works for
compose- and standalone-managed containers.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
Generalize notifications beyond Discord. A notifyType setting (discord | ntfy |
gotify | webhook) selects the format; notify.js dispatches to the right payload
(Discord JSON, ntfy text + Title/Tags headers, Gotify JSON, or a generic JSON
webhook with a structured containers list). Settings gains a 'Notify via'
dropdown with per-type URL hints, and the scheduled-check + test paths use it.

Because self-hosted ntfy/Gotify usually live on a LAN, the notification URL is
now validated as any well-formed http(s) URL (internal hosts allowed) rather
than https-public-only — it's an admin-only, deliberately-configured target.
SECURITY.md updated accordingly.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
- BASE_PATH subpath support: Vite base + router basename + relative API base +
  manifest scope on the client; a server prefix-strip middleware + subpath cookie
  path, so it runs under e.g. /dockpull/ behind a non-stripping proxy.
- Persist a last-check summary (time, counts, per-container errors) and expose
  GET /api/status (app version + lastCheck). Dashboard shows 'Last checked … ago';
  cards that couldn't be checked (private registry / rate limit) show a warning;
  Settings → About shows the running DockPull version.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_013Lj6nYJQDtLaZFvvEQJGM4
@StrandedTurtle StrandedTurtle merged commit 1393b23 into main Jul 1, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant