-
Notifications
You must be signed in to change notification settings - Fork 1
feat: comprehensive UI overhaul, security hardening, docs, and deployment #71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
d5f7967
cafe93a
588337a
6b35cc5
cc17f31
36b85b1
020b5d3
d6fc78d
20833f5
b6ccd26
121ebd9
38dfc53
21ee8c1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"pid":4029,"startedAt":1784090173838} | ||
| {"pid":5727,"startedAt":1784185065125} | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win Do not commit lock or PID files to source control. This file appears to be an auto-generated runtime lock/PID file. Committing such files causes unnecessary repository changes, leads to merge conflicts, and pollutes git history. Consider removing it from the repository and adding 🤖 Prompt for AI Agents |
||
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,81 @@ | ||||||||||||||||||||||||
| # OpenCodeHub | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
|  | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| **The self-hosted Git platform that doesn't compromise.** | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| OpenCodeHub is a self-hosted Git platform with stacked PRs, merge queue, CI/CD pipelines, and AI code review. One platform for everything your team needs — no vendor lock-in, no per-seat pricing. | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| --- | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| ## Features | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| - **Stacked PRs** — Graphite-style stacked branches for incremental review | ||||||||||||||||||||||||
| - **Merge Queue** — Stack-aware merge ordering with speculative CI builds | ||||||||||||||||||||||||
| - **CI/CD Pipelines** — GitHub Actions-compatible workflows with Docker runners | ||||||||||||||||||||||||
| - **AI Code Review** — 10+ providers: GPT-4, Claude, Gemini, Groq, Ollama | ||||||||||||||||||||||||
| - **Git Hosting** — HTTP smart protocol + SSH push/pull, forks, mirroring, LFS | ||||||||||||||||||||||||
| - **Issues & Projects** — Labels, milestones, custom fields, kanban boards | ||||||||||||||||||||||||
| - **175+ API Endpoints** — REST + GraphQL for full programmatic access | ||||||||||||||||||||||||
| - **CLI** — `och` command line tool for stack workflows and repository management | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| --- | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| ## Quick Start | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| ```bash | ||||||||||||||||||||||||
| # Pull and run | ||||||||||||||||||||||||
| docker run -d \ | ||||||||||||||||||||||||
| --name opencodehub \ | ||||||||||||||||||||||||
| -p 4321:4321 \ | ||||||||||||||||||||||||
| -v opencodehub-data:/data \ | ||||||||||||||||||||||||
| -e JWT_SECRET=$(openssl rand -hex 32) \ | ||||||||||||||||||||||||
| -e SESSION_SECRET=$(openssl rand -hex 32) \ | ||||||||||||||||||||||||
| -e DATABASE_URL=postgresql://user:pass@db:5432/opencodehub \ | ||||||||||||||||||||||||
| opencodehub/opencodehub:latest | ||||||||||||||||||||||||
| ``` | ||||||||||||||||||||||||
|
Comment on lines
+26
to
+36
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win Include all required environment variables in the Quick Start command. The Include placeholder values for the missing required variables so the example runs successfully. 💡 Proposed fix # Pull and run
docker run -d \
--name opencodehub \
-p 4321:4321 \
-v opencodehub-data:/data \
-e JWT_SECRET=$(openssl rand -hex 32) \
-e SESSION_SECRET=$(openssl rand -hex 32) \
-e DATABASE_URL=postgresql://user:pass@db:5432/opencodehub \
+ -e REDIS_URL=redis://redis:6379 \
+ -e SITE_URL=http://localhost:4321 \
opencodehub/opencodehub:latest📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| Or with Docker Compose: | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| ```bash | ||||||||||||||||||||||||
| git clone https://github.com/swadhinbiswas/OpencodeHub.git | ||||||||||||||||||||||||
| cd OpenCodeHub | ||||||||||||||||||||||||
| cp .env.example .env | ||||||||||||||||||||||||
| docker compose up -d | ||||||||||||||||||||||||
| docker compose exec app bun run scripts/seed-admin.ts | ||||||||||||||||||||||||
| ``` | ||||||||||||||||||||||||
|
Comment on lines
+40
to
+46
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win Fix casing for the cloned directory name. By default, Git clones the repository into a directory that matches the repository name casing exactly ( 💡 Proposed fix git clone https://github.com/swadhinbiswas/OpencodeHub.git
-cd OpenCodeHub
+cd OpencodeHub
cp .env.example .env
docker compose up -d
docker compose exec app bun run scripts/seed-admin.ts📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| Open **http://localhost:4321** and create your admin account. | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| --- | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| ## Environment Variables | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| | Variable | Required | Description | | ||||||||||||||||||||||||
| |----------|----------|-------------| | ||||||||||||||||||||||||
| | `DATABASE_URL` | Yes | PostgreSQL connection string | | ||||||||||||||||||||||||
| | `JWT_SECRET` | Yes | Random 32+ char string for JWT signing | | ||||||||||||||||||||||||
| | `SESSION_SECRET` | Yes | Random 32+ char string for session encryption | | ||||||||||||||||||||||||
| | `REDIS_URL` | Yes | Redis connection string | | ||||||||||||||||||||||||
| | `SITE_URL` | Yes | Your public URL (e.g., `https://git.example.com`) | | ||||||||||||||||||||||||
| | `STORAGE_TYPE` | No | `local` (default) or `s3` | | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| --- | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| ## Documentation | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| Full documentation: **[docs.opencodehub.space](https://docs.opencodehub.space)** | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| - [Installation Guide](https://docs.opencodehub.space/getting-started/installation/) | ||||||||||||||||||||||||
| - [Configuration Reference](https://docs.opencodehub.space/administration/configuration/) | ||||||||||||||||||||||||
| - [Deployment Options](https://docs.opencodehub.space/administration/deployment/) | ||||||||||||||||||||||||
| - [CLI Reference](https://docs.opencodehub.space/reference/cli-commands/) | ||||||||||||||||||||||||
| - [API Reference](https://docs.opencodehub.space/api/rest-api/) | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| --- | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| ## Links | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| - **GitHub**: [github.com/swadhinbiswas/OpencodeHub](https://github.com/swadhinbiswas/OpencodeHub) | ||||||||||||||||||||||||
| - **Documentation**: [docs.opencodehub.space](https://docs.opencodehub.space) | ||||||||||||||||||||||||
| - **License**: MIT | ||||||||||||||||||||||||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,7 @@ RUN apt-get update && apt-get install -y python3 make g++ gcc libc6-dev && rm -r | |
| COPY package.json bun.lock ./ | ||
| COPY cli/package.json ./cli/package.json | ||
| RUN for i in 1 2 3; do \ | ||
| bun install --frozen-lockfile && break || \ | ||
| bun install --frozen-lockfile --production && break || \ | ||
| (echo "bun install attempt $i failed, retrying in 10s..." && sleep 10); \ | ||
| done | ||
|
Comment on lines
14
to
17
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Prompt To Fix With AIThis is a comment left during a code review.
Path: Dockerfile
Line: 14-17
Comment:
**Production-only install breaks the build stage**
`bun install --production` in the `deps` stage excludes all `devDependencies`. The `builder` stage copies `node_modules` directly from `deps` and then runs `bun run build`. For an Astro project the build toolchain (Astro itself, TypeScript compiler, Vite, etc.) lives in `devDependencies`, so the `bun run build` step will fail with missing module errors at compile time. The `--production` flag is appropriate for the final `runner` image, but the `deps` stage that feeds the builder needs the full dependency tree.
How can I resolve this? If you propose a fix, please make it concise. |
||
|
|
||
|
|
@@ -24,19 +24,20 @@ ENV SKIP_REDIS_CHECK=1 | |
| RUN bun run build | ||
|
|
||
| # Production image | ||
| FROM oven/bun:1 AS runner | ||
| FROM oven/bun:1-slim AS runner | ||
| WORKDIR /app | ||
|
|
||
| # Install git, ssh, and bash (needed for git operations and entrypoint) | ||
| RUN apt-get update && apt-get install -y git openssh-client bash && rm -rf /var/lib/apt/lists/* | ||
| RUN apt-get update && apt-get install -y --no-install-recommends git openssh-client bash && \ | ||
| rm -rf /var/lib/apt/lists/* | ||
|
|
||
| # Create data directories | ||
| RUN mkdir -p /data/repos /data/storage /data/cache /data/ssh && \ | ||
| RUN mkdir -p /data/repositories /data/storage /data/cache /data/ssh && \ | ||
| chown -R bun:bun /data | ||
|
|
||
| # Copy built application | ||
| # Copy only what's needed for runtime | ||
| COPY --from=builder --chown=bun:bun /app/dist ./dist | ||
| COPY --from=builder --chown=bun:bun /app/node_modules ./node_modules | ||
| COPY --from=deps --chown=bun:bun /app/node_modules ./node_modules | ||
| COPY --from=builder --chown=bun:bun /app/package.json ./ | ||
|
|
||
| # Copy drizzle config and schema for migrations | ||
|
|
@@ -51,7 +52,7 @@ COPY --chown=bun:bun docker-entrypoint.sh ./ | |
| ENV HOST=0.0.0.0 | ||
| ENV PORT=4321 | ||
| ENV DATA_DIR=/data | ||
| ENV REPOS_PATH=/data/repos | ||
| ENV GIT_REPOS_PATH=/data/repositories | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
The old Dockerfile set Additionally, Prompt To Fix With AIThis is a comment left during a code review.
Path: Dockerfile
Line: 55
Comment:
**`REPOS_PATH` dropped from container environment breaks three runtime modules**
The old Dockerfile set `ENV REPOS_PATH=/data/repos`; this PR replaces it with `ENV GIT_REPOS_PATH=/data/repositories`. However, three source files still read `process.env.REPOS_PATH`: `src/lib/suggested-changes.ts`, `src/lib/mirror-sync.ts`, and `src/lib/cron/cleanup-branches.ts`. With `REPOS_PATH` no longer set in the container environment, each falls back to its local default of `path.join(process.cwd(), "data", "repos")` (i.e., `/app/data/repos`), a path that does not exist and is not mounted — so mirror-sync writes, suggested-change diffing, and scheduled branch cleanup will silently operate on the wrong (absent) directory.
Additionally, `docker-entrypoint.sh` line 41 still uses `${REPOS_PATH:-/data/repos}`, which means the entrypoint creates `/data/repos` at startup rather than `/data/repositories`, leaving the newly configured `GIT_REPOS_PATH` directory unguarded by the entrypoint.
How can I resolve this? If you propose a fix, please make it concise. |
||
| ENV STORAGE_PATH=/data/storage | ||
| ENV CACHE_PATH=/data/cache | ||
| ENV SSH_PATH=/data/ssh | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"silences the GitHub Actions error that fires when a referenced action ships with a deprecated (EOL) Node.js runtime. The correct fix is to upgrade whichever action(s) still use Node 16 or earlier to a version that targets Node 20. Suppressing the warning with this flag means the workflow continues relying on runtimes that no longer receive security patches.Prompt To Fix With AI