fix: dashboard build in docker

[chronark]

What does this PR do?

• Updated Dockerfile for dashboard to reflect package reorganization (moved from packages to internal)
• Removed unused @unkey/proto dependency from dashboard

Fixes # (issue)

Type of change

• Bug fix (non-breaking change which fixes an issue)
• Chore (refactoring code, technical debt, workflow improvements)
• Enhancement (small improvements)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How should this be tested?

• Verify ACME challenges work correctly with the renamed column
• Check that gateway health status is properly displayed with the new non-nullable field
• Ensure dashboard builds and runs correctly with the updated Dockerfile

Checklist

Required

• Filled out the "How to test" section in this PR
• Read Contributing Guide
• Self-reviewed my own code
• Commented on my code in hard-to-understand areas
• Ran pnpm build
• Ran pnpm fmt
• Ran make fmt on /go directory
• Checked for warnings, there are none
• Removed all console.logs
• Merged the latest changes from main onto my branch with git pull origin main
• My changes don't cause any responsiveness issues

Appreciated

• If a UI change was made: Added a screen recording or screenshots to this PR
• Updated the Unkey Docs if changes were necessary

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
dashboard	Ready	Preview	Comment	Nov 28, 2025 9:47am

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
engineering	Ignored	Preview		Nov 28, 2025 9:47am

[changeset-bot]

⚠️ No Changeset found

Latest commit: 785d927

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request refactors the database schema and Go type system for ACME challenges and gateways. The changes rename the ACME challenge "type" column to "challenge_type", swap the semantic roles of related enums (Status ↔ Type), make gateway health non-nullable with a new "unknown" state, and update all generated code and call sites accordingly. TypeScript schema definitions and Docker configuration are also updated.

Changes

Cohort / File(s)	Summary
Database schema migration go/pkg/db/schema.sql, internal/db/src/schema/acme_challenges.ts, internal/db/src/schema/custom_domains.ts, internal/db/src/schema/gateways.ts	Renamed acme_challenges.type → acme_challenges.challenge_type; updated custom_domains.challenge_type enum values from lowercase to HTTP-01/DNS-01 format and removed default; expanded gateways.health enum to include "unknown" state with NOT NULL constraint and default value.
Go generated database code (ACME challenges) go/pkg/db/acme_challenge_find_by_token.sql_generated.go, go/pkg/db/acme_challenge_insert.sql_generated.go, go/pkg/db/acme_challenge_list_executable.sql_generated.go, go/pkg/db/bulk_acme_challenge_insert.sql_generated.go, go/pkg/db/queries/acme_challenge_insert.sql, go/pkg/db/queries/acme_challenge_list_executable.sql	Updated SQL queries and struct fields to use challenge_type column; renamed AcmeChallenge.Type → AcmeChallenge.ChallengeType and corresponding parameter types in insert/query operations.
Go generated database code (core models) go/pkg/db/models_generated.go, go/pkg/db/querier_generated.go, go/pkg/db/gateway_insert.sql_generated.go	Swapped type semantics: AcmeChallengesStatus ↔ AcmeChallengesType with updated enum constants; renamed AcmeChallengesStatus → AcmeChallengesChallengeType; updated Gateway.Health from NullGatewaysHealth to GatewaysHealth; added GatewaysHealthUnknown state; updated Scan/Value methods and struct field tags across affected types.
Go application code go/apps/ingress/services/router/service.go, go/cmd/dev/seed/ingress.go	Simplified gateway health check logic in SelectGateway to use direct equality comparison; changed InsertGatewayParams.Health from NullGatewaysHealth wrapper to direct GatewaysHealth type in seed initialization.
Configuration apps/dashboard/Dockerfile, apps/dashboard/package.json	Removed @unkey/proto dependency; updated Docker build to copy internal/error and internal/rbac package.json files; added environment variables (HOSTNAME, PORT) and CMD configuration.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Areas requiring extra attention:

• models_generated.go: High-density type/enum swapping logic with multiple interconnected Scan/Value method changes; careful verification needed that all enum mappings and constant values are correct post-swap
• Gateway health enum changes: Verify that the new "unknown" state is properly handled in SelectGateway logic and all downstream consumers; confirm NullGatewaysHealth removal doesn't break uninitialized gateway creation paths
• ACME challenge column/type alignment: Ensure all generated code changes (find_by_token, insert, list_executable, bulk_insert) consistently use challenge_type column and ChallengeType struct field across SQL queries and Go code
• Schema consistency: Validate custom_domains.ts and gateways.ts schema definitions align with schema.sql changes, particularly enum value casing and default/nullability constraints

Possibly related PRs

• refactor: make gateway health non-nullable and unify challenge types #4428: Implements the same code-level refactoring as this PR—renaming ACME challenge "type" → "challenge_type", converting gateway health from nullable to non-nullable with unknown state, and updating all affected generated DB code and call sites.

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description significantly understates the scope of changes. It mentions only Dockerfile and dependency removal, but the actual changeset includes major database schema updates, type reorganizations, and Go code changes that are not documented.	Update the description to comprehensively document all changes: database schema modifications (acme_challenges type→challenge_type rename, custom_domains enum changes, gateways health column update), type system reorganizations, and all affected files and modules.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'fix: dashboard build in docker' is vague and doesn't clearly convey the main changes in the PR, which include schema modifications, package reorganization, and database column renames across multiple files.	Revise the title to more accurately reflect the primary changes, e.g., 'fix: reorganize packages and update schema for ACME challenges and gateway health' or provide a more specific focus.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 11-28-fix_dashboard_build_in_docker

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 986afff and 6d1b04c.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (17)

• apps/dashboard/Dockerfile (1 hunks)
• apps/dashboard/package.json (0 hunks)
• go/apps/ingress/services/router/service.go (1 hunks)
• go/cmd/dev/seed/ingress.go (1 hunks)
• go/pkg/db/acme_challenge_find_by_token.sql_generated.go (2 hunks)
• go/pkg/db/acme_challenge_insert.sql_generated.go (4 hunks)
• go/pkg/db/acme_challenge_list_executable.sql_generated.go (2 hunks)
• go/pkg/db/bulk_acme_challenge_insert.sql_generated.go (2 hunks)
• go/pkg/db/gateway_insert.sql_generated.go (1 hunks)
• go/pkg/db/models_generated.go (5 hunks)
• go/pkg/db/querier_generated.go (3 hunks)
• go/pkg/db/queries/acme_challenge_insert.sql (1 hunks)
• go/pkg/db/queries/acme_challenge_list_executable.sql (1 hunks)
• go/pkg/db/schema.sql (3 hunks)
• internal/db/src/schema/acme_challenges.ts (1 hunks)
• internal/db/src/schema/custom_domains.ts (2 hunks)
• internal/db/src/schema/gateways.ts (1 hunks)

💤 Files with no reviewable changes (1)

• apps/dashboard/package.json

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: imeyer
Repo: unkeyed/unkey PR: 3755
File: .github/workflows/job_detect_changes.yaml:111-114
Timestamp: 2025-08-08T16:10:00.224Z
Learning: Repo: unkeyed/unkey — When imeyer writes “make me an issue” on a PR thread, automatically open a thorough GitHub issue (Summary, Impact, Where, Repro, Observed vs Expected, Acceptance Criteria, Validation Plan, Out of Scope, References), include backlinks to the PR and comment, and assign to imeyer.

Learnt from: imeyer
Repo: unkeyed/unkey PR: 3755
File: .github/workflows/runbook-freshness-check.yaml:157-173
Timestamp: 2025-08-08T14:59:52.283Z
Learning: Repo unkeyed/unkey: When a CI/workflow fix is deferred, imeyer prefers a thorough GitHub issue be opened with sections (Summary, Impact, Where, Repro, Observed vs Expected, Acceptance Criteria, Validation Plan, Out of Scope, References) and assigned to imeyer, including backlinks to the originating PR and comment.

Learnt from: imeyer
Repo: unkeyed/unkey PR: 3755
File: .github/actions/setup-node/action.yaml:0-0
Timestamp: 2025-08-08T15:10:46.436Z
Learning: Repo: unkeyed/unkey — Preference: If imeyer comments “issue” on a PR thread, automatically open a thorough GitHub issue (Summary, Impact, Where, Observed vs Expected, Acceptance Criteria, Validation Plan, Out of Scope, References), include backlinks to the PR and comment, and assign to imeyer.

📚 Learning: 2025-06-02T11:08:56.397Z

Learnt from: ogzhanolguncu
Repo: unkeyed/unkey PR: 3292
File: apps/dashboard/lib/vault.ts:80-97
Timestamp: 2025-06-02T11:08:56.397Z
Learning: The vault.ts file in apps/dashboard/lib/vault.ts is a duplicate of the vault package from the `api` directory and should be kept consistent with that original implementation.

Applied to files:

• apps/dashboard/Dockerfile

📚 Learning: 2025-06-02T11:09:05.843Z

Learnt from: ogzhanolguncu
Repo: unkeyed/unkey PR: 3292
File: apps/dashboard/lib/vault.ts:60-78
Timestamp: 2025-06-02T11:09:05.843Z
Learning: The vault implementation in `apps/dashboard/lib/vault.ts` is a duplicate of the vault package from `api` and should be kept consistent with the original implementation.

Applied to files:

• apps/dashboard/Dockerfile

📚 Learning: 2025-07-17T14:24:20.403Z

Learnt from: Flo4604
Repo: unkeyed/unkey PR: 3631
File: go/pkg/db/bulk_keyring_insert.sql.go:23-25
Timestamp: 2025-07-17T14:24:20.403Z
Learning: In go/pkg/db/bulk_keyring_insert.sql.go and similar bulk insert generated files, hardcoded zero values for fields like size_approx and size_last_updated_at are intentional and reflect the original SQL query structure, not missing parameters.

Applied to files:

• go/pkg/db/bulk_acme_challenge_insert.sql_generated.go
• go/pkg/db/gateway_insert.sql_generated.go

📚 Learning: 2025-09-12T08:01:20.792Z

Learnt from: Flo4604
Repo: unkeyed/unkey PR: 3944
File: go/pkg/db/acme_challenge_update_verified_with_expiry.sql_generated.go:31-39
Timestamp: 2025-09-12T08:01:20.792Z
Learning: Do not review or suggest changes to files with sql_generated.go suffix or other files marked as auto-generated (containing "Code generated by" comments), as these are generated by tools like sqlc and changes would be overwritten on regeneration.

Applied to files:

• go/pkg/db/acme_challenge_insert.sql_generated.go

🧬 Code graph analysis (8)

go/pkg/db/acme_challenge_find_by_token.sql_generated.go (3)

go/pkg/db/queries.go (1)

• Queries (3-3)

go/pkg/db/interface.go (1)

• DBTX (29-34)

go/pkg/db/models_generated.go (1)

• AcmeChallenge (627-637)

go/pkg/db/gateway_insert.sql_generated.go (1)

go/pkg/db/models_generated.go (1)

• GatewaysHealth (281-281)

go/pkg/db/acme_challenge_list_executable.sql_generated.go (1)

go/pkg/db/models_generated.go (1)

• AcmeChallengesChallengeType (16-16)

go/apps/ingress/services/router/service.go (1)

go/pkg/db/models_generated.go (1)

• GatewaysHealthHealthy (286-286)

go/pkg/db/querier_generated.go (3)

go/pkg/db/interface.go (1)

• DBTX (29-34)

go/pkg/db/models_generated.go (1)

• AcmeChallengesChallengeType (16-16)

go/pkg/db/acme_challenge_list_executable.sql_generated.go (1)

• ListExecutableChallengesRow (21-25)

internal/db/src/schema/custom_domains.ts (1)

internal/db/src/schema/acme_challenges.ts (1)

• challengeType (7-7)

go/cmd/dev/seed/ingress.go (1)

go/pkg/db/models_generated.go (1)

• GatewaysHealthHealthy (286-286)

go/pkg/db/acme_challenge_insert.sql_generated.go (1)

go/pkg/db/models_generated.go (2)

• AcmeChallengesStatus (58-58)
• AcmeChallengesChallengeType (16-16)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Test Go API Local / Test
• GitHub Check: Test Dashboard / Test Dashboard
• GitHub Check: Test API / API Test Local
• GitHub Check: Build / Build
• GitHub Check: Test Packages / Test

🔇 Additional comments (24)

apps/dashboard/Dockerfile (2)

45-51: Environment and CMD configuration looks appropriate.

The HOSTNAME, PORT, EXPOSE, and CMD settings properly configure the container to run the dashboard on port 3000 and allow external connections. The pnpm filter approach is correct for the monorepo structure.

---

32-33: Perfect. The verification is complete. Let me analyze the findings:

Verification Summary:

✅ pnpm-lock.yaml was regenerated correctly:

• Contains references to internal/error
• Contains references to internal/rbac

✅ Dashboard package.json has correct workspace dependencies:

• "@unkey/error": "workspace:^"
• "@unkey/rbac": "workspace:^"

✅ Directory structure is correct:

• internal/error/package.json exists
• internal/rbac/package.json exists
• pnpm-workspace.yaml includes "internal/*"

✅ No blocking issues for dashboard:

• Dashboard does NOT depend on @unkey/cache
• The stale packages/cache reference in lockfile is unrelated (cache wasn't moved, only error and rbac)
• Dockerfile COPY commands at lines 32-33 are proper and will work

The original review comment's verification requests have all been satisfied. The Dockerfile changes are sound and properly supported by the package reorganization and lockfile updates.

---

Dockerfile COPY commands for internal packages are correct and will resolve successfully.

The pnpm-lock.yaml has been properly regenerated with internal/error and internal/rbac references, and apps/dashboard/package.json has correct workspace dependencies. The pnpm install -r during the Docker build will succeed.

internal/db/src/schema/acme_challenges.ts (2)

7-7: Good refactoring to extract shared enum type.

Extracting challengeType as a shared constant promotes reusability and maintains a single source of truth for the enum definition.

---

22-26: Constraint definition format updated.

The change from object-based to array-based constraint definition is a valid drizzle-orm syntax variation. Both formats work identically.

internal/db/src/schema/custom_domains.ts (2)

1-2: Correctly imports and uses shared challenge type.

The import of challengeType from acme_challenges eliminates duplication and ensures consistency across tables.

---

12-12: LGTM - proper usage of imported type.

go/pkg/db/queries/acme_challenge_list_executable.sql (1)

2-5: Column rename correctly applied in query.

The query correctly references the renamed challenge_type column, consistent with the schema changes.

go/pkg/db/queries/acme_challenge_insert.sql (1)

8-8: Column rename correctly applied in INSERT statement.

The INSERT statement correctly uses challenge_type, aligning with the schema changes.

go/apps/ingress/services/router/service.go (1)

103-103: Correct simplification given non-nullable health field.

The health field is now non-nullable with a default value, so removing the Valid flag check is appropriate. The logic correctly filters to only healthy gateways, excluding the new "unknown" state as well as "paused" and "unhealthy".

go/pkg/db/schema.sql (3)

407-407: Column rename applied correctly in schema.

The rename from type to challenge_type in the acme_challenges table is correctly reflected in the generated schema.

---

423-423: Gateway health schema updated with new enum value and default.

The addition of "unknown" state with a NOT NULL constraint and default value is correctly reflected in the SQL schema. This matches the TypeScript schema definition.

---

396-396: No INSERT operations for custom_domains currently exist in this codebase.

The table is defined in schema.sql with challenge_type as a NOT NULL column without a default value, and only two SELECT query files exist (custom_domain_find_by_id.sql and custom_domain_find_by_domain.sql). Despite comprehensive searching across 166 query files (29 of which are INSERT operations for other tables), there is no INSERT query file or any code path that creates records in the custom_domains table. The concern about ensuring challenge_type is provided would be valid once INSERT operations are implemented, but currently has no practical application in this codebase.

go/cmd/dev/seed/ingress.go (1)

130-130: Correctly updated to use non-nullable gateway health type.

The change from NullGatewaysHealth wrapper to direct GatewaysHealthHealthy value is correct, reflecting the schema change that makes health non-nullable.

internal/db/src/schema/gateways.ts (1)

22-24: Based on my verification, I found that:

1. Schema is well-formed: The health field in gateways.ts is properly defined as non-nullable with a default "unknown" value and includes all enum states (unknown, paused, healthy, unhealthy).

2. Go code is complete: The generated Go models (models_generated.go) include all four enum constants: GatewaysHealthUnknown, GatewaysHealthPaused, GatewaysHealthHealthy, and GatewaysHealthUnhealthy.

3. No active usages found: I could not find any TypeScript or Go code currently reading/writing the gateway health field, suggesting this is a new feature in development.

4. Migration status unclear: The gateways table doesn't appear in the initial migration file, and I couldn't locate a specific migration file for this change. The schema exists in both the Drizzle schema definition and go/pkg/db/schema.sql, but the migration file that created/modified this table isn't visible.

5. Technical debt acknowledged: The inline comment "needs better status types" indicates awareness of the need for improvement.

The original review's concern about handling existing null values and ensuring proper "unknown" state handling is reasonable, but since no code currently uses this field and the enum is properly defined in both TypeScript and Go layers, the actual risk depends on whether this is a new table or an existing table being modified.

---

Verify: Does the gateways table currently exist in the production database, or is this a new table? If existing rows need the health column added, provide migration proof that handles null→"unknown" conversion.

Since this cannot be definitively verified without understanding the migration strategy (the schema change exists but the migration that applies it is not clearly identifiable in the visible migration files), manual verification of the actual database migration is needed.

go/pkg/db/gateway_insert.sql_generated.go (1)

36-45: LGTM - Auto-generated code reflects schema changes correctly.

The Health field type change from NullGatewaysHealth to GatewaysHealth aligns with the new non-nullable health column with the "unknown" default state added in the schema.

go/pkg/db/acme_challenge_find_by_token.sql_generated.go (1)

12-14: LGTM - Auto-generated code correctly reflects the column rename.

The query now selects challenge_type and properly maps to i.ChallengeType during scanning, consistent with the updated AcmeChallenge struct.

Also applies to: 28-37

go/pkg/db/bulk_acme_challenge_insert.sql_generated.go (1)

11-12: LGTM - Auto-generated bulk insert code correctly reflects the column rename.

The SQL column list and argument assembly are properly updated to use challenge_type and arg.ChallengeType.

Also applies to: 31-40

go/pkg/db/acme_challenge_insert.sql_generated.go (1)

37-47: LGTM - Auto-generated insert code correctly reflects schema changes.

The InsertAcmeChallengeParams struct and InsertAcmeChallenge function properly use ChallengeType with the db:"challenge_type" tag, consistent with the database column rename.

Also applies to: 72-84

go/pkg/db/acme_challenge_list_executable.sql_generated.go (1)

13-25: LGTM - Auto-generated list query code correctly reflects schema changes.

The query, result struct, function signature, and scan operation are all consistently updated to use ChallengeType with type AcmeChallengesChallengeType.

Also applies to: 34-34, 51-54

go/pkg/db/querier_generated.go (1)

132-135: LGTM - Auto-generated interface correctly reflects the schema and query changes.

The Querier interface properly documents the updated SQL queries with challenge_type and updated method signatures including ListExecutableChallenges with []AcmeChallengesChallengeType parameter.

Also applies to: 936-959, 1560-1567

go/pkg/db/models_generated.go (4)

16-21: LGTM - Enum definitions correctly reflect the schema changes.

The new AcmeChallengesChallengeType (HTTP-01, DNS-01) and AcmeChallengesStatus (waiting, pending, verified, failed) types properly separate the challenge type from the challenge status, improving type safety.

Also applies to: 58-65

---

147-148: LGTM - CustomDomainsChallengeType values updated consistently.

Values changed from lowercase (dns01/http01) to standardized format (DNS-01/HTTP-01), matching AcmeChallengesChallengeType.

---

281-288: LGTM - GatewaysHealth enum now includes "unknown" state.

The addition of GatewaysHealthUnknown enables the Health field to be non-nullable with a sensible default for newly created gateways where health status hasn't been determined yet.

---

627-637: LGTM - Struct definitions correctly reflect schema changes.

• AcmeChallenge.ChallengeType is properly typed as AcmeChallengesChallengeType with the db:"challenge_type" tag
• Gateway.Health is now GatewaysHealth (non-nullable), consistent with the schema making health non-nullable with the "unknown" default

Also applies to: 785-794

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chronark]

• fix: use a new k8s_namespace column and use label based lookups #4436
• fix: dashboard build in docker #4435 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[graphite-app]

[graphite-app]

Graphite Automations

"Post a GIF when PR approved" took an action on this PR • (11/28/25)

1 gif was posted to this PR based on Andreas Thomas's automation.