Conversation
- Remove unused imports (Download, formatDistanceToNow, Plus, Edit, CheckCircle, XCircle, useState, format) - Fix api import in Storage.tsx (named -> default import) - Fix NodeJS.Timeout type to ReturnType<typeof setTimeout> - Fix Zustand set callback type issue in websocket.ts - Remove unused variables (showAddTarget, queryClient)
- Fix command injection in _run_hook by using subprocess_exec with shlex.split - Fix unsafe tar extraction with path traversal validation (CVE-2007-4559) - Fix SSH command injection by sanitizing paths with shlex.quote - Add path validation to restore endpoint to prevent directory traversal - Add cron expression validation using croniter in targets API - Add withCredentials to frontend axios client for proper cookie handling - Add SECRET_KEY validation with warning for insecure defaults
…ovements Backend improvements: - Add BackupMetrics class for tracking backup performance - Add pre-backup validation with validate_backup_prerequisites() - Add concurrency control with semaphore (MAX_CONCURRENT_BACKUPS) - Add API pagination for backups endpoint - Add metrics summary and validation API endpoints - Fix metadata column name conflict (metadata -> backup_metadata) Testing infrastructure: - Add pytest configuration and fixtures (conftest.py) - Add comprehensive unit tests for backup engine (752 lines) - Add database model tests - Add Docker client wrapper tests - Add scheduler tests - Add integration test script (integration_test.sh) - Add test runner script (test.sh) Frontend testing: - Add vitest configuration with coverage thresholds - Add MSW mock server and handlers - Add API layer tests - Add Backups page tests - Add Dashboard page tests - Add WebSocket store tests Documentation: - Add TESTING_GUIDE.md with comprehensive testing checklist - Add TESTING.md quick reference - Add GitHub Copilot instructions for code review, security, etc. - Add GitHub Actions test workflow All 19+ unit tests passing, integration tests verified working.
- Replace non-existent RemoteStorageConfig with RemoteStorage - Replace non-existent TargetType enum with string literals - Replace non-existent StorageType enum with string literals - Replace non-existent ScheduleType enum with actual schema - Use volume_name instead of source_path for volume targets - Match actual BackupSchedule fields (remove non-existent name, schedule_type, backup_type, retention_days columns)
- Add package-lock.json for npm ci to work - Update @testing-library/react to v16 for React 19 compatibility - Update GitHub Actions to latest versions - Fix integration tests to use root Dockerfile (not docker-compose) - Add security-events permission for security-scan job - Make security scans non-blocking
- Change proxy_pass from backend:8000 to 127.0.0.1:8000 - Add retry loop for integration tests health check - Add container logs output for debugging
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
- Remove trailing whitespace from all Python files - Remove unused imports - Fix bare except clauses to use Exception - Fix True comparison using is_(True) - Fix unused variable assignments
- Run black to fix line length issues (max 88 chars) - Run isort with black profile for consistent import ordering - Break long strings across multiple lines - Update copilot-setup-steps.yml to use isort --profile black - Make mypy non-blocking (|| true)
- Rewrite conftest.py to patch async_session in all modules - Use in-memory SQLite database for tests - Separate test_engine and test_db fixtures - Format test files with black and isort
- test_docker_client.py: Rewrite tests with correct method names (list_containers vs get_containers, etc.) - test_scheduler.py: Update to match BackupScheduler API, add proper async markers - test_backup_engine.py: Add proper async_session mocking, fix tar security test regex - test_api_backups.py: Fix mock return values, expected status codes, and request bodies - test_database.py: Fix FK constraint test for SQLite behavior All 99 tests now passing.
- Create eslint.config.js with flat config format (required by ESLint 9.x) - Update package.json with new ESLint dependencies (@eslint/js, globals, typescript-eslint) - Simplify lint script - Fix lint errors in test files (unused imports, unused vars, any type)
Vitest doesn't support --watchAll flag. Use the existing test:coverage npm script.
- Use glob patterns with ** for ignore paths - Limit files to src/** only - Explicitly ignore config files
- eslint-plugin-react-hooks: 5.0.0 → 7.0.1 - tailwindcss: 3.4.1 → 4.1.18 - tailwind-merge: 2.2.0 → 3.4.0 - @vitejs/plugin-react: 4.2.1 → 5.1.2 - recharts: 2.10.4 → 3.7.0 - axios: 1.6.5 → 1.13.3 - vitest: 1.2.0 → 4.0.18 - @vitest/coverage-v8: 1.2.0 → 4.0.18 - date-fns: 3.2.0 → 4.1.0 - jsdom: 23.0.0 → 27.4.0 - globals: 16.2.0 → 17.1.0 Breaking changes addressed: - Added @tailwindcss/postcss for TailwindCSS 4.x - Updated postcss.config.js for new TailwindCSS plugin - Fixed tests for vitest 4.x WebSocket mocking - Updated test assertions for German UI labels
- Translate all page components (Dashboard, Backups, Containers, Volumes, Stacks, Schedules, Targets, Settings, Retention, Storage) - Remove German date-fns locale imports - Update test files to expect English labels - All 67 tests passing
- Remove DATABASE_URL, DOCKER_SOCKET, BACKUP_BASE_PATH from env (fixed container paths) - Remove retention defaults from docker-compose (use code defaults, configurable in UI) - Remove CORS_ORIGINS, SECRET_KEY, COMPRESSION_LEVEL, MAX_CONCURRENT_BACKUPS from env - Use TZ instead of SCHEDULER_TIMEZONE - Hardcode sensible defaults for compression (level 6) and concurrency (2) - Simplify .env.example to only essential config: PORT, TZ, BACKUP_PATH, DOCKER_GID, Komodo
… Dockerfile - Combine frontend and backend into single container 'dockervault' - Use root Dockerfile with multi-stage build (frontend + backend + nginx + supervisor) - Remove separate service definitions
- Add entrypoint.sh that reads Docker socket GID and adds dockervault user to docker group - Remove DOCKER_GID from docker-compose.yml and .env.example (no longer needed) - Remove :ro from docker.sock mount (need write for some operations) - Backend runs as dockervault user which now properly gets docker group membership
- Add standalone Schedule model with CRUD API - Create 7-step BackupWizard component for target creation - Implement wizard steps: Target, Dependencies, Schedule, Storage, Retention, Options, Summary - Update Targets page with 'New Target' button - Add schedule dropdown to target cards - Maintain backwards compatibility with legacy schedule_cron
- Replace target_name with name property - Add target_count display for schedules
- Add keep_last to RetentionPolicy response/request models - Add RetentionPolicyInfo embedded model for target responses - Include retention_policy in BackupTarget API responses - Display retention policy badge in Targets page - Show keep_last in backup wizard retention and summary steps
- Add run_migrations() function to handle schema updates - Add encrypted and encryption_key_path columns if missing - Fixes 'table backups has no column named encrypted' error
- Fix E501 errors in schedules.py, targets.py, scheduler.py - Remove unused Schedule import from scheduler.py (F401)
Mock targets need schedule = None so _get_target_cron falls back to schedule_cron field for legacy compatibility
…ep_last - Add schedule_id column to backup_targets if missing - Add retention_policy_id column to backup_targets if missing - Add keep_last column to retention_policies if missing - Fixes 'no such column: backup_targets.schedule_id' error
- Update Dashboard test to use name instead of target_name - Fix schedulesApi.trigger test path (/schedules/target/:id/trigger) - Update handlers.ts mock to return ScheduleEntity format
- Add stack target type handling in _create_backup_archive - Collect all volumes from stack containers for backup - Add stack validation in _validate_target - Use multi-source tar for stack backups (like container backups) Fixes 'Unknown target type: stack' error
…ckups page - Remove Containers, Volumes, Stacks pages - Create unified Backups page with 3 tabs (Containers, Volumes, Stacks) - Add search, filter, and sort functionality - Show backup status badges and history per item - Remove container start/stop functionality from frontend - Update navigation and routes - Update all related tests
Docker volumes are owned by root, so the container needs root access to read them for backup. The docker socket access already provides near-root privileges, so this doesn't significantly change the security posture.
- Remove user=dockervault from supervisord.conf to allow root access - Update README.md security section to reflect root requirement - Merge TESTING.md and TESTING_GUIDE.md into single comprehensive guide - Update FEATURES_TODO.md with completed Stack-Backup and UI restructuring - Delete redundant TESTING.md from root directory
- Parse com.docker.compose.depends_on labels from containers
- Implement topological sort (Kahn's algorithm) for stop/start order
- BackupEngine now uses correct dependency order for stack backups
- Add GET /stacks/{name}/dependencies API endpoint
- ContainerInfo/StackInfo extended with dependency fields
Closes: Feature 6 - Automatische Dependency-Erkennung bei Stacks
…& backup browser
- Add selected_volumes field to backup targets for selective volume backup
- Add include_paths/exclude_paths for path filtering with fnmatch patterns
- Redesign Backups page to show only configured targets (not all containers/volumes)
- Add 'New Backup' button with wizard flow
- Create BackupBrowser component to browse files inside backup archives
- Add GET /backups/{id}/files endpoint to list archive contents
- Add GET /backups/{id}/files/{path} endpoint to download individual files
- Add StepVolumeConfig wizard step for volume selection and path configuration
- Enable/disable toggle for backup targets
… columns Existing SQLite databases don't have the new backup_targets columns. This adds migration logic to create them on startup.
- Remove Targets page from navigation and routing (backups managed from Backups page only) - Add informative warning message when browsing encrypted backups - Add encrypted field to Backup TypeScript interface
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces comprehensive development, review, and operational guidelines for the DockerVault project by adding several instruction files to the
.github/instructionsdirectory. These documents establish standards and best practices for code quality, documentation, performance, Python development, Docker usage, and code review processes, ensuring consistency and maintainability across the project.Project-wide Development Standards and Guidelines:
.github/copilot-instructions.mdto provide an overview of DockerVault's architecture and detailed development standards covering code quality, architecture, security, testing, documentation, and feature-specific guidelines..github/instructions/python.instructions.mdto define Python backend development standards, including code style, FastAPI usage, database practices, Docker SDK integration, error handling, async programming, testing, security, performance, and code organization..github/instructions/docker.instructions.mdto outline Docker containerization best practices, such as multi-stage builds, base image selection, security, configuration, health checks, volume management, networking, resource limits, and DockerVault-specific requirements.Process and Quality Assurance:
.github/instructions/code-review.instructions.mdto establish code review standards and GitHub review workflows, detailing what to look for in reviews, language-specific review points, review process steps, DockerVault-specific review areas, common issues, and a review checklist..github/instructions/performance.instructions.mdwith performance optimization guidelines for backend, frontend, Docker, system, backup, and remote storage, as well as monitoring, scalability, and development performance.Documentation Standards:
.github/instructions/documentation.instructions.mdto define documentation requirements for all project areas, including README, API, code, user, technical, Docker/deployment, development, change documentation, maintenance, formatting, and DockerVault-specific documentation.