Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ on:
env:
REGISTRY: docker.io
IMAGE_NAME: opencodehub/opencodehub
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Suppressing deprecated Node.js version warning rather than fixing it

ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true" silences the GitHub Actions error that fires when a referenced action ships with a deprecated (EOL) Node.js runtime. The correct fix is to upgrade whichever action(s) still use Node 16 or earlier to a version that targets Node 20. Suppressing the warning with this flag means the workflow continues relying on runtimes that no longer receive security patches.

Prompt To Fix With AI
This is a comment left during a code review.
Path: .github/workflows/docker-publish.yml
Line: 12

Comment:
**Suppressing deprecated Node.js version warning rather than fixing it**

`ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: "true"` silences the GitHub Actions error that fires when a referenced action ships with a deprecated (EOL) Node.js runtime. The correct fix is to upgrade whichever action(s) still use Node 16 or earlier to a version that targets Node 20. Suppressing the warning with this flag means the workflow continues relying on runtimes that no longer receive security patches.

How can I resolve this? If you propose a fix, please make it concise.


jobs:
build-and-push:
Expand Down Expand Up @@ -84,5 +85,5 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
repository: ${{ env.IMAGE_NAME }}
readme-filepath: ./README.md
short-description: "A modern, self-hosted Git platform with stacked PRs, merge queue, CI/CD, and AI review."
readme-filepath: ./DOCKERHUB.md
short-description: "Self-hosted Git platform with stacked PRs, merge queue, CI/CD, and AI code review"
2 changes: 1 addition & 1 deletion .mimocode/.cron-lock
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"pid":4029,"startedAt":1784090173838}
{"pid":5727,"startedAt":1784185065125}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win

Do not commit lock or PID files to source control.

This file appears to be an auto-generated runtime lock/PID file. Committing such files causes unnecessary repository changes, leads to merge conflicts, and pollutes git history.

Consider removing it from the repository and adding .mimocode/.cron-lock (or the entire .mimocode/ directory if it only contains ephemeral runtime data) to your .gitignore.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.mimocode/.cron-lock at line 1, Remove the tracked auto-generated
.mimocode/.cron-lock PID file from the repository and add .mimocode/.cron-lock
to .gitignore, or ignore the entire .mimocode directory if it contains only
ephemeral runtime data.

81 changes: 81 additions & 0 deletions DOCKERHUB.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# OpenCodeHub

![OpenCodeHub](https://raw.githubusercontent.com/swadhinbiswas/OpencodeHub/main/public/logo-light.png)

**The self-hosted Git platform that doesn't compromise.**

OpenCodeHub is a self-hosted Git platform with stacked PRs, merge queue, CI/CD pipelines, and AI code review. One platform for everything your team needs — no vendor lock-in, no per-seat pricing.

---

## Features

- **Stacked PRs** — Graphite-style stacked branches for incremental review
- **Merge Queue** — Stack-aware merge ordering with speculative CI builds
- **CI/CD Pipelines** — GitHub Actions-compatible workflows with Docker runners
- **AI Code Review** — 10+ providers: GPT-4, Claude, Gemini, Groq, Ollama
- **Git Hosting** — HTTP smart protocol + SSH push/pull, forks, mirroring, LFS
- **Issues & Projects** — Labels, milestones, custom fields, kanban boards
- **175+ API Endpoints** — REST + GraphQL for full programmatic access
- **CLI** — `och` command line tool for stack workflows and repository management

---

## Quick Start

```bash
# Pull and run
docker run -d \
--name opencodehub \
-p 4321:4321 \
-v opencodehub-data:/data \
-e JWT_SECRET=$(openssl rand -hex 32) \
-e SESSION_SECRET=$(openssl rand -hex 32) \
-e DATABASE_URL=postgresql://user:pass@db:5432/opencodehub \
opencodehub/opencodehub:latest
```
Comment on lines +26 to +36

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Include all required environment variables in the Quick Start command.

The Environment Variables section below lists REDIS_URL and SITE_URL as required, but they are missing from this docker run command. Providing a command that fails due to missing variables will cause friction for users.

Include placeholder values for the missing required variables so the example runs successfully.

💡 Proposed fix
 # Pull and run
 docker run -d \
   --name opencodehub \
   -p 4321:4321 \
   -v opencodehub-data:/data \
   -e JWT_SECRET=$(openssl rand -hex 32) \
   -e SESSION_SECRET=$(openssl rand -hex 32) \
   -e DATABASE_URL=postgresql://user:pass@db:5432/opencodehub \
+  -e REDIS_URL=redis://redis:6379 \
+  -e SITE_URL=http://localhost:4321 \
   opencodehub/opencodehub:latest
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
```bash
# Pull and run
docker run -d \
--name opencodehub \
-p 4321:4321 \
-v opencodehub-data:/data \
-e JWT_SECRET=$(openssl rand -hex 32) \
-e SESSION_SECRET=$(openssl rand -hex 32) \
-e DATABASE_URL=postgresql://user:pass@db:5432/opencodehub \
opencodehub/opencodehub:latest
```
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@DOCKERHUB.md` around lines 26 - 36, Update the Quick Start docker run command
in the documentation to include placeholder REDIS_URL and SITE_URL environment
variables alongside the existing configuration, matching the required variables
listed in the Environment Variables section.


Or with Docker Compose:

```bash
git clone https://github.com/swadhinbiswas/OpencodeHub.git
cd OpenCodeHub
cp .env.example .env
docker compose up -d
docker compose exec app bun run scripts/seed-admin.ts
```
Comment on lines +40 to +46

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Fix casing for the cloned directory name.

By default, Git clones the repository into a directory that matches the repository name casing exactly (OpencodeHub). Running cd OpenCodeHub (with a capital 'C') will fail on case-sensitive file systems like Linux.

💡 Proposed fix
 git clone https://github.com/swadhinbiswas/OpencodeHub.git
-cd OpenCodeHub
+cd OpencodeHub
 cp .env.example .env
 docker compose up -d
 docker compose exec app bun run scripts/seed-admin.ts
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
```bash
git clone https://github.com/swadhinbiswas/OpencodeHub.git
cd OpenCodeHub
cp .env.example .env
docker compose up -d
docker compose exec app bun run scripts/seed-admin.ts
```
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@DOCKERHUB.md` around lines 40 - 46, Update the setup command sequence in
DOCKERHUB.md to use the exact directory name Git creates when cloning the
repository, changing the cd target from OpenCodeHub to OpencodeHub while leaving
the remaining commands unchanged.


Open **http://localhost:4321** and create your admin account.

---

## Environment Variables

| Variable | Required | Description |
|----------|----------|-------------|
| `DATABASE_URL` | Yes | PostgreSQL connection string |
| `JWT_SECRET` | Yes | Random 32+ char string for JWT signing |
| `SESSION_SECRET` | Yes | Random 32+ char string for session encryption |
| `REDIS_URL` | Yes | Redis connection string |
| `SITE_URL` | Yes | Your public URL (e.g., `https://git.example.com`) |
| `STORAGE_TYPE` | No | `local` (default) or `s3` |

---

## Documentation

Full documentation: **[docs.opencodehub.space](https://docs.opencodehub.space)**

- [Installation Guide](https://docs.opencodehub.space/getting-started/installation/)
- [Configuration Reference](https://docs.opencodehub.space/administration/configuration/)
- [Deployment Options](https://docs.opencodehub.space/administration/deployment/)
- [CLI Reference](https://docs.opencodehub.space/reference/cli-commands/)
- [API Reference](https://docs.opencodehub.space/api/rest-api/)

---

## Links

- **GitHub**: [github.com/swadhinbiswas/OpencodeHub](https://github.com/swadhinbiswas/OpencodeHub)
- **Documentation**: [docs.opencodehub.space](https://docs.opencodehub.space)
- **License**: MIT
15 changes: 8 additions & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ RUN apt-get update && apt-get install -y python3 make g++ gcc libc6-dev && rm -r
COPY package.json bun.lock ./
COPY cli/package.json ./cli/package.json
RUN for i in 1 2 3; do \
bun install --frozen-lockfile && break || \
bun install --frozen-lockfile --production && break || \
(echo "bun install attempt $i failed, retrying in 10s..." && sleep 10); \
done
Comment on lines 14 to 17

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Production-only install breaks the build stage

bun install --production in the deps stage excludes all devDependencies. The builder stage copies node_modules directly from deps and then runs bun run build. For an Astro project the build toolchain (Astro itself, TypeScript compiler, Vite, etc.) lives in devDependencies, so the bun run build step will fail with missing module errors at compile time. The --production flag is appropriate for the final runner image, but the deps stage that feeds the builder needs the full dependency tree.

Prompt To Fix With AI
This is a comment left during a code review.
Path: Dockerfile
Line: 14-17

Comment:
**Production-only install breaks the build stage**

`bun install --production` in the `deps` stage excludes all `devDependencies`. The `builder` stage copies `node_modules` directly from `deps` and then runs `bun run build`. For an Astro project the build toolchain (Astro itself, TypeScript compiler, Vite, etc.) lives in `devDependencies`, so the `bun run build` step will fail with missing module errors at compile time. The `--production` flag is appropriate for the final `runner` image, but the `deps` stage that feeds the builder needs the full dependency tree.

How can I resolve this? If you propose a fix, please make it concise.


Expand All @@ -24,19 +24,20 @@ ENV SKIP_REDIS_CHECK=1
RUN bun run build

# Production image
FROM oven/bun:1 AS runner
FROM oven/bun:1-slim AS runner
WORKDIR /app

# Install git, ssh, and bash (needed for git operations and entrypoint)
RUN apt-get update && apt-get install -y git openssh-client bash && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y --no-install-recommends git openssh-client bash && \
rm -rf /var/lib/apt/lists/*

# Create data directories
RUN mkdir -p /data/repos /data/storage /data/cache /data/ssh && \
RUN mkdir -p /data/repositories /data/storage /data/cache /data/ssh && \
chown -R bun:bun /data

# Copy built application
# Copy only what's needed for runtime
COPY --from=builder --chown=bun:bun /app/dist ./dist
COPY --from=builder --chown=bun:bun /app/node_modules ./node_modules
COPY --from=deps --chown=bun:bun /app/node_modules ./node_modules
COPY --from=builder --chown=bun:bun /app/package.json ./

# Copy drizzle config and schema for migrations
Expand All @@ -51,7 +52,7 @@ COPY --chown=bun:bun docker-entrypoint.sh ./
ENV HOST=0.0.0.0
ENV PORT=4321
ENV DATA_DIR=/data
ENV REPOS_PATH=/data/repos
ENV GIT_REPOS_PATH=/data/repositories

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 REPOS_PATH dropped from container environment breaks three runtime modules

The old Dockerfile set ENV REPOS_PATH=/data/repos; this PR replaces it with ENV GIT_REPOS_PATH=/data/repositories. However, three source files still read process.env.REPOS_PATH: src/lib/suggested-changes.ts, src/lib/mirror-sync.ts, and src/lib/cron/cleanup-branches.ts. With REPOS_PATH no longer set in the container environment, each falls back to its local default of path.join(process.cwd(), "data", "repos") (i.e., /app/data/repos), a path that does not exist and is not mounted — so mirror-sync writes, suggested-change diffing, and scheduled branch cleanup will silently operate on the wrong (absent) directory.

Additionally, docker-entrypoint.sh line 41 still uses ${REPOS_PATH:-/data/repos}, which means the entrypoint creates /data/repos at startup rather than /data/repositories, leaving the newly configured GIT_REPOS_PATH directory unguarded by the entrypoint.

Prompt To Fix With AI
This is a comment left during a code review.
Path: Dockerfile
Line: 55

Comment:
**`REPOS_PATH` dropped from container environment breaks three runtime modules**

The old Dockerfile set `ENV REPOS_PATH=/data/repos`; this PR replaces it with `ENV GIT_REPOS_PATH=/data/repositories`. However, three source files still read `process.env.REPOS_PATH`: `src/lib/suggested-changes.ts`, `src/lib/mirror-sync.ts`, and `src/lib/cron/cleanup-branches.ts`. With `REPOS_PATH` no longer set in the container environment, each falls back to its local default of `path.join(process.cwd(), "data", "repos")` (i.e., `/app/data/repos`), a path that does not exist and is not mounted — so mirror-sync writes, suggested-change diffing, and scheduled branch cleanup will silently operate on the wrong (absent) directory.

Additionally, `docker-entrypoint.sh` line 41 still uses `${REPOS_PATH:-/data/repos}`, which means the entrypoint creates `/data/repos` at startup rather than `/data/repositories`, leaving the newly configured `GIT_REPOS_PATH` directory unguarded by the entrypoint.

How can I resolve this? If you propose a fix, please make it concise.

ENV STORAGE_PATH=/data/storage
ENV CACHE_PATH=/data/cache
ENV SSH_PATH=/data/ssh
Expand Down
Loading
Loading