Skip to content

feat: add version tags to Docker images #3060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SoulSniper1212 wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

feat: add version tags to Docker images #3060

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8ebbc04
feat: add version tags to Docker images
Nov 9, 2025
00d7ffd
Update .github/workflows/deploy-images.yml
SoulSniper1212 Nov 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 18 additions & 8 deletions .github/workflows/deploy-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ jobs:
run: |
docker build \
-t ghcr.io/bluewave-labs/checkmate-client:latest \
-t ghcr.io/bluewave-labs/checkmate-client:${{ env.VERSION }} \
-f ./docker/dist/client.Dockerfile \
--label org.opencontainers.image.source=https://github.com/bluewave-labs/checkmate \
--build-arg VITE_APP_VERSION=${{ env.VERSION }} \
Expand All @@ -35,13 +36,16 @@ jobs:
- name: Push Client Docker image
run: |
docker push ghcr.io/bluewave-labs/checkmate-client:latest
docker push ghcr.io/bluewave-labs/checkmate-client:${{ env.VERSION }}

docker-build-and-push-server:
needs: docker-build-and-push-client
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
Expand All @@ -50,29 +54,31 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build Server Docker image
run: |
docker build \
-t ghcr.io/bluewave-labs/checkmate-backend:latest \
-f ./docker/dist/server.Dockerfile \
--label org.opencontainers.image.source=https://github.com/bluewave-labs/checkmate \
.
- name: Get version
id: vars
run: echo "VERSION=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV
Comment on lines +57 to +59
Copy link

@llamapreview llamapreview bot Nov 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 | Confidence: Medium

The version extraction uses git describe --tags --abbrev=0 which fetches the latest tag. This approach may not work correctly in shallow clones or when building from non-tagged commits. The related_context shows other workflows use similar version extraction, suggesting this pattern is established but potentially fragile across different CI scenarios.

Code Suggestion:

- name: Get version
        id: vars
        run: |
          VERSION=$(git describe --tags --abbrev=0 2>/dev/null || git rev-parse --short HEAD)
          echo "VERSION=$VERSION" >> $GITHUB_ENV


Remove `--build-arg VITE_APP_VERSION` from server image builds unless server code actually consumes this variable.

- name: Push Server Docker image
run: |
docker push ghcr.io/bluewave-labs/checkmate-backend:latest
docker push ghcr.io/bluewave-labs/checkmate-backend:${{ env.VERSION }}
Comment on lines 61 to +66
Copy link

@llamapreview llamapreview bot Nov 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 | Confidence: Medium

Speculative: The version tagging implementation lacks validation that versioned images are functionally equivalent to latest. The related_context shows compose files use specific image tags (frontend-demo, frontend-staging), suggesting the project has multiple deployment environments. Without automated verification, versioned images might contain undetected regressions.

Code Suggestion:

Add a smoke test step that deploys and validates the versioned image in an isolated environment before promoting it.

Evidence: path:docker/prod/docker-compose.yaml, path:docker/staging/docker-compose.yaml


- name: Build Mongo Docker image
run: |
docker build \
-t ghcr.io/bluewave-labs/checkmate-mongo:latest \
-t ghcr.io/bluewave-labs/checkmate-mongo:${{ env.VERSION }} \
-f ./docker/dist/mongoDB.Dockerfile \
--label org.opencontainers.image.source=https://github.com/bluewave-labs/checkmate \
--build-arg VITE_APP_VERSION=${{ env.VERSION }} \
.

- name: Push MongoDB Docker image
run: |
docker push ghcr.io/bluewave-labs/checkmate-mongo:latest
docker push ghcr.io/bluewave-labs/checkmate-mongo:${{ env.VERSION }}

docker-build-and-push-server-mono-multiarch:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -104,6 +110,7 @@ jobs:
push: true
Copy link

@llamapreview llamapreview bot Nov 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Contextual Comment]
This comment refers to code near real line 113. Anchored to nearest_changed(118) line 118.

P2 | Confidence: High

The multi-arch image naming (checkmate-backend-mono-multiarch) differs from other server images (checkmate-backend, checkmate-backend-mono). The related_context shows docker/dist-arm/docker-compose.yaml uses checkmate-backend-mono-multiarch:latest, confirming this is a production dependency. This naming inconsistency could cause confusion in deployment tooling and documentation.

tags: |
ghcr.io/bluewave-labs/checkmate-backend-mono-multiarch:latest
ghcr.io/bluewave-labs/checkmate-backend-mono-multiarch:${{ env.VERSION }}
platforms: linux/amd64,linux/arm64
labels: |
org.opencontainers.image.source=https://github.com/bluewave-labs/checkmate
Expand Down Expand Up @@ -133,10 +140,13 @@ jobs:
run: |
docker build \
-t ghcr.io/bluewave-labs/checkmate-backend-mono:latest \
-t ghcr.io/bluewave-labs/checkmate-backend-mono:${{ env.VERSION }} \
-f ./docker/dist-mono/server.Dockerfile \
--label org.opencontainers.image.source=https://github.com/bluewave-labs/checkmate \
--build-arg VITE_APP_VERSION=${{ env.VERSION }} \
.

- name: Push Server Docker image
run: docker push ghcr.io/bluewave-labs/checkmate-backend-mono:latest
run: |
docker push ghcr.io/bluewave-labs/checkmate-backend-mono:latest
docker push ghcr.io/bluewave-labs/checkmate-backend-mono:${{ env.VERSION }}
1 change: 1 addition & 0 deletions docker/dist-arm/server.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
# ---------------------
FROM node:24-slim AS frontend-build

ARG VITE_APP_VERSION
Copy link

@coderabbitai coderabbitai bot Nov 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

ARG VITE_APP_VERSION is declared but never used.

The build argument is not passed to the frontend build process. To propagate the version to the npm build, convert the ARG to an environment variable before the npm run build command:

 ARG VITE_APP_VERSION
 
 WORKDIR /app/client
 
 COPY client/package.json ./
 
 RUN npm install
 
 RUN npm install [email protected] --build-from-source
 
 COPY client ./
 
+ENV VITE_APP_VERSION=$VITE_APP_VERSION
 RUN npm run build

I'll verify the review comment by examining the Dockerfile and checking how VITE_APP_VERSION is actually used.


---

🏁 Script executed:

```shell
#!/bin/bash
# Read the entire Dockerfile to understand the build context
cat docker/dist-arm/server.Dockerfile

Length of output: 769

🏁 Script executed:

#!/bin/bash
# Search for all references to VITE_APP_VERSION in the Dockerfile
rg -n "VITE_APP_VERSION" docker/dist-arm/server.Dockerfile

Length of output: 22

🏁 Script executed:

#!/bin/bash
# Check if there's a vite config or build script that references this variable
fd -e "vite.config" -e "vite.config.js" -e "vite.config.ts" -e ".env" -e "package.json" client/ 2>/dev/null | head -20

Length of output: 0


---

🏁 Script executed:

```shell
#!/bin/bash
# Search for vite config files more broadly
find client -name "*vite*" -type f 2>/dev/null

Length of output: 56

🏁 Script executed:

#!/bin/bash
# Find and read client package.json to see build script
find client -name "package.json" -type f -exec cat {} \;

Length of output: 1720

🏁 Script executed:

#!/bin/bash
# Search for any references to VITE_APP_VERSION throughout the client directory
rg -r "VITE_APP_VERSION" client/

Length of output: 60430

🏁 Script executed:

#!/bin/bash
# Check for environment variable patterns in the build or client setup
rg -n "process.env" client/ --type=ts --type=js | head -20

Length of output: 0


---

🏁 Script executed:

```shell
#!/bin/bash
# Read the Vite config to see how environment variables are used
cat client/vite.config.ts

Length of output: 617

🏁 Script executed:

#!/bin/bash
# Search for VITE_ prefix usage in client source code to understand Vite env pattern
rg "import\.meta\.env" client/src --type=ts --type=js -C 2

Length of output: 1637

ARG VITE_APP_VERSION is declared but never used.

The build argument is not passed to the frontend build process. Docker's ARG is only available during build time; it must be converted to an environment variable to be accessible to npm. To propagate the version to the npm build, add an ENV directive before npm run build:

 ARG VITE_APP_VERSION
 
 WORKDIR /app/client
 
 COPY client/package.json ./
 
 RUN npm install
 
 RUN npm install [email protected] --build-from-source
 
 COPY client ./
 
+ENV VITE_APP_VERSION=$VITE_APP_VERSION
 RUN npm run build

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In docker/dist-arm/server.Dockerfile around line 6, ARG VITE_APP_VERSION is
declared but never passed into the frontend build; convert the build ARG into an
environment variable before invoking npm run build so the frontend can read
VITE_APP_VERSION (e.g., add an ENV VITE_APP_VERSION=${VITE_APP_VERSION} prior to
the build step or set it in the same RUN that executes npm run build), ensuring
the variable is available at build time for Vite/npm.



WORKDIR /app/client
Expand Down
4 changes: 4 additions & 0 deletions docker/dist-mono/server.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
FROM node:20-slim AS frontend-build

ARG VITE_APP_VERSION
Copy link

@coderabbitai coderabbitai bot Nov 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

ARG in frontend-build stage not propagated to npm build.

The version argument must be converted to an environment variable before the npm build runs:

 ARG VITE_APP_VERSION
 
 WORKDIR /app/client
 
 COPY client/package*.json ./
 RUN npm install
 
 COPY client ./
+ENV VITE_APP_VERSION=$VITE_APP_VERSION
 RUN npm run build

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In docker/dist-mono/server.Dockerfile around line 3, the ARG VITE_APP_VERSION
declared in the frontend-build stage is not exported to the environment so npm
build cannot access it; change the Dockerfile to convert the ARG into an ENV
(e.g., add a line after the ARG like ENV VITE_APP_VERSION=${VITE_APP_VERSION})
before running npm install/npm run build so the build tooling can read
process.env.VITE_APP_VERSION (or VITE_APP_VERSION) during the frontend build.


WORKDIR /app/client

COPY client/package*.json ./
Expand All @@ -10,6 +12,8 @@ RUN npm run build

FROM node:20-slim AS app

ARG VITE_APP_VERSION

# Install ping
RUN apt-get update \
&& apt-get install -y iputils-ping \
Expand Down
2 changes: 2 additions & 0 deletions docker/dist/server.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
FROM node:20-slim
Copy link

@llamapreview llamapreview bot Nov 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 | Confidence: High

The Dockerfile declares ARG VITE_APP_VERSION but never uses it in any RUN, CMD, or ENV instructions. This unused variable adds noise without providing functional value. Since server code doesn't use Vite (a frontend build tool), this argument serves no purpose in this context.

Suggested change
FROM node:20-slim
Remove the unused `ARG` declaration unless there are plans to incorporate version metadata into server runtime.


ARG VITE_APP_VERSION

# Install ping
RUN apt-get update \
&& apt-get install -y iputils-ping \
Expand Down