Merged
Conversation
- Rewrite validateComposeConfiguration to parse YAML in-process instead of spawning docker compose config - Rewrite updateContainerWithCompose to use Docker Engine API (pullImage + stopAndRemoveContainer + recreateContainer) instead of docker compose pull/up - Delegate executeSelfUpdate to parent orchestrator for health gate and rollback safety - Log deprecation for composeFileOnce batch mode (unavailable without CLI) - Remove dead code: updateComposeServicesWithCompose, runComposeCommand, executeCommand, getContainerRunningState, execFile import, and COMPOSE_COMMAND_* constants - Remove 18 dead tests and clean up spy references to removed methods
The updateContainer endpoint only searched for type 'docker' triggers, missing dockercompose triggers entirely. Add triggerTypes option to match the preview endpoint behavior.
retry_on was set to "error" which only retries on non-zero exit codes, not on timeouts. Changed to "any" so the 5-minute timeout actually triggers a retry. Also bumped timeout from 5 to 8 minutes since qlty regularly takes longer in CI.
s-b-e-n-s-o-n
requested review from
ALARGECOMPANY and
biggest-littlest
as code owners
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
…mposeFileOnce - Extract refreshComposeServiceWithDockerApi() as shared private helper called by both updateContainerWithCompose() and recreateContainer(), eliminating the recursive call chain - Add ensureComposeRuntimeState() guard that throws when inspect data is missing State.Running - Re-enable composeFileOnce batch mode: first container per service gets a full runtime refresh, subsequent containers for the same service skip the refresh via composeFileOnceApplied flag - Add error-path tests for pullImage, stopAndRemoveContainer, recreateContainer failures, and malformed inspect data
…se trigger support to actions
Confirm dialog now awaits the async accept callback before closing, showing a spinner and disabling all dismiss interactions while the action runs. Previously the dialog closed immediately on confirm, making the UI appear unresponsive during container actions.
…s actions - Wire actionInProgress into disabled state for all container action buttons across full-page detail, side panel, and grouped views (table/card/list) - Add aria-label attributes to full-page detail action buttons - Show spinner icon replacing normal icon on active action button - Add opacity-50 + cursor-not-allowed styling when disabled - Add tests for disabled state and aria-labels
applyFilterSearchFromQuery already cleared dropdown filters (status, registry, bouncer, server) but missed filterKind. When a user clicked "Updates Available" on the dashboard (setting filterKind=any) then used Ctrl+K to search for a container without updates, the persisted filterKind filter hid the target container.
Dialog no longer blocks the UI while the action runs. The actionInProgress disabled state on buttons provides visual feedback instead.
Since the dialog now closes immediately on accept, the loading ref and all loading-conditional template code are unreachable dead code.
- Rewrite confirm dialog changelog entry to reflect final behavior (dialog closes immediately, action buttons show spinner/disabled) - Add missing changelog entry for Ctrl+K filter state fix - Update README compose feature to say "Docker Engine API" not "docker-compose"
Remove getContainerIcon, getServerIcon, getLogIcon, getRegistryIcon, getTriggerIcon, getWatcherIcon, getAgentIcon, getAuditIcon, getAuthenticationIcon, and bouncerColor — all exported but never imported anywhere in the codebase.
- Delete ui/babel.config.js — Babel is not a dependency (Vite handles builds) - Remove "doc" script from app/package.json — references non-existent .docsify - Remove "!website" from biome.json includes — no website/ directory exists
The compose trigger was refactored to use the Docker Engine API directly. The CLI environment sanitizer and its allowlists are no longer needed.
AggregatedSecurityImage, AggregatedSecuritySummary, AggregatedSecurityVulnerability, and SecurityVulnerabilityOverview are used internally but never imported by other files.
Normalize sh:, hl:, and si: colon prefixes to dash format (sh-, hl-, si-) so both separator styles work in Docker labels. Users naturally use colon notation since it's the common convention in icon systems like Iconify. Fixes: #127
Change DEFAULT_TRIGGER_TYPES from ['docker'] to ['docker', 'dockercompose'] so rollbackContainer and webhook update endpoints find compose triggers. The updateContainer and previewContainer endpoints already had this fix.
The si: prefix was leaking into API requests as si-si:nextcloud causing slug validation failures. Extract normalizeIconPrefix to image-icon service with recursive unwrapping of nested prefixes.
When a container is recreated externally (Portainer, docker compose up), the old store entry becomes stale. Add name refresh during watch cycles, stale same-name entry cleanup on new container discovery, and debounced watch on rename events for race condition handling.
Implement native include/exclude filtering for MQTT payloads operating on flattened keys. Include mode keeps only listed keys; exclude mode removes them. Both take precedence over legacy EXCLUDE and HASS_ATTRIBUTES preset. Also fix handleContainerEvent bypassing mustTrigger() check.
Use openid-client customFetch with undici.Agent to inject TLS settings per-provider. CAFILE loads a PEM CA certificate for private/self-signed CAs. INSECURE disables certificate verification (dev only, warns).
Document CAFILE/INSECURE options for OIDC auth and HASS_FILTER_INCLUDE/ HASS_FILTER_EXCLUDE options for MQTT trigger with precedence order and examples.
Add tests for MQTT default attributes fallback, filterContainerInclude symbol key preservation, pruneOldContainers missing watcher key, custom displayName preservation on name change, and hook env allowlisted prefixes parameter.
Snyk deps and code scans consume the 200/month org quota on every push. Move to CI-only (release workflow) where they gate the actual release.
- Add eclipse-mosquitto:2 service with anonymous access for MQTT E2E testing - Configure DD_TRIGGER_MQTT_QA with HASS mode and FILTER_INCLUDE - Add dd.display.icon labels: si:si:nginx (nested), si:redis (colon), si-traefikproxy (dash) - Drydock depends_on mosquitto healthcheck before starting
Detail views (full-page, side panel, tab content) were missing bouncer awareness — clicking Update on a security-blocked container silently failed with a 500 error. Now blocked containers show a red "Blocked" button with lock icon that opens the force-update confirmation dialog. Also adds an error banner to full-page detail for action failures.
Allows update flow testing without requiring signed images.
Rejects pushes when the working tree has untracked files, uncommitted changes, or stashed changes. Runs at priority 0 before all other checks. Prevents qlty from hanging on interactive "Format these files?" prompts when untracked files are present, and catches the common case where local tests pass against uncommitted changes that CI will never see.
biggest-littlest
approved these changes
Mar 10, 2026
ALARGECOMPANY
approved these changes
Mar 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docker compose/docker-compose) with direct Docker Engine API calls for container updates. Eliminatesspawn docker ENOENTerrors in environments without Docker CLI.dockeranddockercomposetrigger types, fixing "No docker trigger found" for compose-only users.retry_onfromerrortoanyand increased timeout from 5 to 8 minutes.Test plan
🤖 Generated with Claude Code