Feature: Enable Docker image creation

[gowthamkishore3799]

Description

Enables automatic creation and publishing of a Docker image whenever a push is made to the main branch.

Solution

• Updates docker-compose.yml to explicitly configure image pulling.
• Adds a build_apps.yml GitHub Actions workflow to build and tag Docker images for every release.
• Pushes built images to GitHub Container Registry (GHCR) under ghcr.io.
• Docker setup now correctly uses only the apps/web/.env file for configuration through the env_file directive.

Note for Maintainers

After merging this PR, the repository owner must add a PASSWORD secret in the repository settings to allow pushing images to GHCR:

1. Go to Profile → Settings → Developer Settings → Personal Access Tokens (Classic).
2. Create a token with the write:packages permission.
3. Add the token as a secret named PASSWORD in the repository.

Without this, the image push will fail.

• Users can pull the latest image using:

docker pull ghcr.io/elie222/inbox-zero:latest

Summary by CodeRabbit

• Chores
  • Added an automated workflow to build and publish Docker images for the app on updates to the main branch.
  • Updated the test workflow to display a custom name in the GitHub Actions UI.
  • Modified Docker Compose to always pull the latest web image from the GitHub Container Registry.

[vercel]

@gowthamkishore3799 is attempting to deploy a commit to the Inbox Zero Team on Vercel.

A member of the Team first needs to authorize it.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ gowthamkishore3799
❌ github-actions[bot]
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Walkthrough

A new GitHub Actions workflow was introduced to automate version tagging and multi-architecture Docker image building and publishing for the project when changes are pushed to the main branch. The workflow consists of two jobs: one for setting and incrementing the version tag, and another for building and pushing the Docker image to GitHub Container Registry. Additionally, the test workflow was updated to include a custom run name, and the Docker Compose configuration for the web service was modified to specify the image source and pull policy.

Changes

File(s)	Change Summary
.github/workflows/build_apps.yml	Added a new workflow to automate version tagging and Docker image building/publishing on main branch pushes.
.github/workflows/test.yml	Added a run-name attribute to set the workflow display name to "Run Tests".
docker-compose.yml	Updated web service to specify the image as ghcr.io/elie222/inbox-zero:latest and set pull_policy to always.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub as GitHub Actions
    participant Repo as Repository
    participant GHCR as GitHub Container Registry

    GitHub->>Repo: On push to main
    GitHub->>GitHub: set-version job
    GitHub->>Repo: Checkout code
    GitHub->>Repo: Get latest tag
    GitHub->>Repo: Create/increment version tag
    GitHub->>Repo: Push new tag
    GitHub->>GitHub: build-frontend job (after set-version)
    GitHub->>Repo: Checkout code
    GitHub->>GHCR: Login to registry
    GitHub->>GitHub: Setup Docker Buildx
    GitHub->>GHCR: Build and push multi-arch Docker image (latest & version tag)

Loading

Poem

A workflow hops in, swift and bright,
Tagging versions, setting them right.
Docker images built with care,
For every branch push, they're always there.
Compose now pulls from the registry's den—
Hooray for automation, again and again!
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/build_apps.yml (1)

34-34: Remove trailing whitespace
The blank line after echo "tag=$TAG" >> $GITHUB_OUTPUT contains trailing spaces; trimming them will satisfy YAML linting.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 34-34: trailing spaces

(trailing-spaces)

docker-compose.yml (1)

41-45: Reevaluate image + build combination
When both image and build are specified, Compose will build the local image (tagged as ghcr.io/...:latest) and skip pulling, rendering pull_policy ineffective. If the goal is to always pull the published image, consider removing the build block or moving it into a separate docker-compose.override.yml. For example:

 web:
-    image: ghcr.io/elie222/inbox-zero:latest
-    pull_policy: always
-    build:
-      context: .
-      dockerfile: ./docker/Dockerfile.web
+    image: ghcr.io/elie222/inbox-zero:latest
+    pull_policy: always
#    build:
#      context: .
#      dockerfile: ./docker/Dockerfile.web

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b17a22e and 812b6c9.

📒 Files selected for processing (4)

• .github/workflows/build_apps.yml (1 hunks)
• .github/workflows/test.yml (1 hunks)
• docker-compose.yml (1 hunks)
• package.json (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/build_apps.yml

85-85: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

88-88: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 YAMLlint (1.35.1)

.github/workflows/build_apps.yml

[error] 34-34: trailing spaces

(trailing-spaces)

🔇 Additional comments (4)

.github/workflows/test.yml (1)

2-2: Approve explicit run-name addition
Setting run-name: "Run Tests" provides a clear display name for each workflow run in the UI.

package.json (1)

28-30: Confirm lint-staged configuration changes
The previous formatting commands for *.{ts,tsx,md} were removed and replaced with an empty array for *.js. Ensure that TypeScript and Markdown files are still formatted/linted via your other scripts (format-and-lint, format-and-lint:fix), and update the lint-staged section or scripts if any file types are now unprotected.

.github/workflows/build_apps.yml (1)

1-2: LGTM: workflow name and run-name
The workflow’s name and run-name are clear and descriptive for Docker image builds.

docker-compose.yml (1)

41-42: Verify Compose spec support for pull_policy
The pull_policy key under a service was introduced in newer Compose versions. Double-check that your Docker Compose CLI and file version support pull_policy: always, or else this field may be ignored or error out.

[elie222]

Thanks so much for this! If you could sign the CLA please!

I will be looking at this PR later this week. There was also this PR, any overlap?
#418

[gowthamkishore3799]

I have signed the CLA. I only added github-actions[bot] to run GitHub Actions, which I believe doesn’t require a CLA.

There was also some overlap with PR #418. I’ve been waiting for the contributor’s response in the issue discussion to figure out how we can move forward.

To verify that the workflow is running, you can check:

Container Package

Workflow Run

Whenever I push a change to the trial branch, an image is automatically created.
Similarly, when a PR is merged into main, a new image will be built.

Users just need to set the required environment variables and run docker-compose up to get started.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

.github/workflows/build_apps.yml (3)

4-7: Manage concurrent builds to avoid redundant runs

Consider adding concurrency control at the workflow root to cancel in-progress builds on the same ref and avoid resource waste. For example:

 on:
   push:
     branches: [ "main" ]

+concurrency:
+  group: build-image-${{ github.ref }}
+  cancel-in-progress: true

---

31-33: Remove trailing whitespace

Line 32 contains trailing spaces on an otherwise empty line. Removing them improves maintainability and prevents linter errors.

-            echo "tag=$TAG" >> $GITHUB_OUTPUT  
-  

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 32-32: trailing spaces

(trailing-spaces)

---

85-95: Consider adding build caching to speed up Docker builds

To improve build times and reuse layers between runs, configure cache-from and cache-to:

-    - uses: docker/build-push-action@v4
-      with:
-        context: .
-        file: docker/Dockerfile.web
-        platforms: linux/amd64,linux/arm64
-        push: true
-        tags: |
-          ghcr.io/${{ env.DOCKER_USERNAME }}/inbox-zero:latest
-          ghcr.io/${{ env.DOCKER_USERNAME }}/inbox-zero:${{ needs.set-version.outputs.version }}
+    - uses: docker/build-push-action@v4
+      with:
+        context: .
+        file: docker/Dockerfile.web
+        platforms: linux/amd64,linux/arm64
+        push: true
+        tags: |
+          ghcr.io/${{ env.DOCKER_USERNAME }}/inbox-zero:latest
+          ghcr.io/${{ env.DOCKER_USERNAME }}/inbox-zero:${{ needs.set-version.outputs.version }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

🧰 Tools

🪛 actionlint (1.7.4)

86-86: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 812b6c9 and 0624092.

📒 Files selected for processing (1)

• .github/workflows/build_apps.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/build_apps.yml

83-83: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

86-86: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 YAMLlint (1.35.1)

.github/workflows/build_apps.yml

[error] 32-32: trailing spaces

(trailing-spaces)

[coderabbitai]

⚠️ Potential issue

Add explicit permissions for tag creation

Without explicit permissions in the workflow, the default GITHUB_TOKEN may lack content write access, causing the git push step in Push Git Tag to fail. Add a top-level permissions block:

 env:
   DOCKER_IMAGE_REGISTRY: "ghcr.io"
   DOCKER_USERNAME: "elie222"
+permissions:
+  contents: write

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	env:
	DOCKER_IMAGE_REGISTRY: "ghcr.io"
	DOCKER_USERNAME: "elie222"
	env:
	DOCKER_IMAGE_REGISTRY: "ghcr.io"
	DOCKER_USERNAME: "elie222"
	permissions:
	contents: write

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify action versions for Docker Buildx

actionlint flagged docker/setup-buildx-action@v2 as potentially outdated. Please confirm you’re using the latest major version (e.g., v3) if available to ensure compatibility:

---

🌐 Web query:

What is the latest released version of `docker/setup-buildx-action` on GitHub Marketplace?

💡 Result:

Based on the search results, the latest released version of docker/setup-buildx-action on GitHub Marketplace is v3.10.0, which was released on February 26, 2025[6].

This action is designed to set up Docker Buildx in your GitHub Actions workflows. It creates and boots a builder that can be used in subsequent workflow steps when you're using Buildx or the build-push action[1][9].

The release history shows a progression of versions with v3.10.0 being the most recent, followed by previous versions including v3.9.0, v3.8.0, and v3.7.1[6]. The latest version includes updates to dependencies, specifically bumping @docker/actions-toolkit from version 0.54.0 to 0.56.0[6].

If you want to use the latest version in your workflow, you can reference it with:

- name: Set up Docker Buildx
  uses: docker/setup-buildx-action@v3

This will use the latest v3.x.x release. If you need to pin to the specific latest version, you could use:

- name: Set up Docker Buildx
  uses: docker/[email protected]

Citations:

• 1: https://github.com/marketplace/actions/docker-setup-buildx
• 2: https://docs.docker.com/build/ci/github-actions/configure-builder/
• 3: https://raw.githubusercontent.com/docker/setup-buildx-action/master/README.md
• 4: https://docs.docker.com/build/ci/github-actions/multi-platform/
• 5: https://git.bellacocool.com/actions/setup-buildx-action/src/commit/d0d9a7219538b0a2f1444e8ac32682583ce7ebce
• 6: https://github.com/docker/setup-buildx-action/releases
• 7: https://github.com/orgs/docker/packages/container/setup-buildx-action/295162373?tag=1.3.0
• 8: https://git.bellacocool.com/actions/setup-buildx-action/src/commit/bd58e36ac7a172323768a1c788e8987e4fd91f9c
• 9: https://github.com/docker/setup-buildx-action
• 10: https://docs.docker.com/build/ci/github-actions/cache/

---

Update Docker Buildx Action to v3

The workflow is currently pinning docker/setup-buildx-action@v2, but the latest v3.x release is v3.10.0 (Feb 26, 2025). Please update to the v3 major version for compatibility:

• File: .github/workflows/build_apps.yml
Lines: ~82–84

Suggested diff:

- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
+ name: Set up Docker Buildx
+ # use the latest v3 release; pin to v3.10.0 for reproducibility
+ uses: docker/setup-buildx-action@v3       # or @v3.10.0

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	- name: Set up Docker Buildx
	# use the latest v3 release; pin to v3.10.0 for reproducibility
	uses: docker/setup-buildx-action@v3 # or @v3.10.0

🧰 Tools

🪛 actionlint (1.7.4)

83-83: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)