feat: dockerize goscribe for homelab deployment#3
Conversation
Code reviewFound 6 issues:
goscribe/internal/api/handler.go Lines 60 to 62 in f8df8ba goscribe/internal/worker/processor.go Lines 202 to 208 in f8df8ba
Lines 86 to 103 in f8df8ba
Lines 1 to 27 in f8df8ba
Lines 124 to 127 in f8df8ba
goscribe/internal/worker/processor.go Lines 198 to 208 in f8df8ba
Lines 174 to 181 in f8df8ba 🤖 Generated with Claude Code - If this code review was useful, please react with 👍. Otherwise, react with 👎. |
- Add SSRF protection for webhook URLs (validate against private IPs) - Fix graceful shutdown: log.Printf instead of log.Fatalf - Add shared volume for uploads in docker-compose for split-mode deployment - Fix REDIS_URL parsing using url.Parse for proper host extraction - Add 10s timeout to webhook HTTP client - Add ReadTimeout, WriteTimeout, and IdleTimeout to HTTP server
- Use custom http.Transport with DialContext that validates resolved IPs at connection time to prevent DNS rebinding attacks - Fix IPv4-mapped IPv6 address handling (::ffff:10.x.x.x etc) - Validate scheme (http/https) in isAllowedWebhookURL, actual IP validation happens during dial to prevent rebinding
- Add profiles: [split] to goscribe-api and goscribe-worker - Default: docker compose up starts goscribe (MODE=all) + redis - Split mode: docker compose --profile split up starts api + worker
|
/gemini review |
There was a problem hiding this comment.
Code Review
The pull request successfully dockerizes goscribe, introducing an HTTP REST API, a Redis-backed async job queue, and a worker processor. The Docker setup uses a multi-stage build, and docker-compose.yml is provided for easy deployment. New Makefile targets simplify Docker operations. Overall, the changes are well-structured and introduce significant new functionality. However, there are some areas for improvement regarding error handling and security hardening, particularly around configuration parsing and webhook validation.
- Add error checking for RESULT_TTL_HOURS, MAX_UPLOAD_MB, SHUTDOWN_TIMEOUT_SECONDS env vars - Add error checking for json.Marshal in handler - Add logging for webhook delivery attempts and non-2xx responses - Fix parseRedisAddr to log warning on parse failure
- Add OpenAPI/Swagger endpoints to router - Generate openapi.yaml spec - Add swagger.go for embedded Swagger UI - Update README with CLI and Docker/Server features - Update ARCHITECTURE.md with server mode documentation - Update docker-compose.portainer.yml with ghcr.io image
- Builds cross-platform binaries (linux/darwin/windows, amd64/arm64) - Pushes multi-arch Docker images to GHCR and Docker Hub - Creates GitHub releases with auto-generated release notes - Supports manual trigger via workflow_dispatch
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
- Add TestParseRedisAddr, TestLoadConfig, TestLoadConfigDefaults, TestLoadConfigWithAllVars - Replace real Redis with miniredis for worker tests - Add test for SSRF webhook blocking (localhost blocked) - All tests now run without requiring Redis
Summary
Transform goscribe from a local CLI tool into a homelab-deployable HTTP service with Redis-backed async job queue. Adds a new server binary (
cmd/server) while keeping the existing CLI untouched.Why
Enable goscribe to be consumed by other homelab services via HTTP API. The async job queue allows long-running transcription tasks to be processed in the background with webhook notifications on completion.
How
Changes
cmd/server- HTTP server with mode switching and graceful shutdowninternal/api/handler.go- HTTP handlers for all endpointsinternal/api/router.go- chi router configurationinternal/worker/processor.go- asynq task processorinternal/worker/tasks.go- task types and result structsDockerfile- multi-stage build (golang:1.24-alpine → alpine:3.19)docker-compose.yml- goscribe + redis services with profiles for split-mode.env.example- environment variable documentationpkg/config- add DefaultPostActions() for server useSecurity Fixes (Post-Initial Review)
Split-Mode Deployment
docker compose up→ starts goscribe (MODE=all) + redisdocker compose --profile split up→ starts goscribe-api + goscribe-worker + redisTesting
Checklist
Impact