Merge with upstream

[ma-04]

Putting it in Draft Mode due to upstream build failure

Summary by CodeRabbit

• Documentation

  • Added Docker host configuration guidance with environment variable examples, socket-proxy and TLS usage; updated release badges.

• Chores

  • Bumped Go toolchain to 1.26 and updated dependencies.
  • Updated build image and test base image tags.

• Refactor

  • Switched logging implementation to a new structured logger, standardizing log levels and output format across the app.

[coderabbitai]

Walkthrough

Updated Go/tooling and container base images, added a Docker host configuration section to the README, and replaced the logging implementation and API across the codebase (new SlogLogger, changed Logger interface and Context logging), with corresponding test updates and minor Docker image tag bump.

Changes

Cohort / File(s)	Summary
Build & Modules Dockerfile, go.mod	Bumped builder base image to golang:1.26-alpine; updated go directive and toolchain to go1.25/ go1.26.x; upgraded/added several direct and indirect dependencies (fsouza/go-dockerclient, mapstructure/v2, moby/*, logrus, testify, golang.org/x/sys, mage deps, etc.).
CI / Integration Images integration/test-run-exec/docker-compose.yml	Updated alpine test image tag from alpine:3.23.2 to alpine:3.23.3.
Documentation README.md	Added "Docker host configuration" section and examples; replaced top release badge with two img.shields.io GitHub release badges; kept existing workflow badge.
Logging API & Implementation core/common.go, core/logger.go, ofelia.go	Replaced old logging API (Criticalf/Debugf/Errorf/Noticef/Warningf) with new structured methods (Debug, Info, Warning, Error); added core/SlogLogger and NewSlogLogger; updated buildLogger to use new logger; removed old logPrefix constant.
Core runtime behavior (logging calls only) core/runjob.go, core/runservice.go, core/scheduler.go, core/cron_utils.go	Converted many formatted log calls to structured key/value style or context-based variadic args; adjusted small helper signatures (CronUtils.Info args type). Control flow unchanged.
CLI & Docker handling (logging only) cli/config.go, cli/daemon.go, cli/docker_handler.go, cli/validate.go	Replaced formatted logger calls with structured/field-style logging calls; no behavior changes beyond logging.
Middlewares & Handlers (logging only) middlewares/save.go, middlewares/mail.go, middlewares/slack.go	Switched error/formatted logs to structured key/value logging; no other logic changes.
Tests / Test loggers core/*_test.go, cli/config_test.go, middlewares/common_test.go, core/runjob_test.go, core/runservice_test.go	Updated test logger stubs and test setups to match new Logger interface and to use NewSlogLogger(io.Discard) where applicable; removed old op/go-logging setup.
Top-level ofelia.go	Replaced old op/go-logging initialization with core.NewSlogLogger(os.Stdout); signature of buildLogger unchanged.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• tareq1988
• itsrafsanjani

Poem

🐰 A rabbit nibbling on logs and streams,
Switched the colors, tidied the themes,
Go bumped up, images refreshed,
Docker docs added, tests re-fleshed —
Hooray for builds and structured dreams!

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Merge with upstream' is vague and generic, using non-descriptive language that fails to convey the actual substantial changes in the PR.	Consider a more descriptive title that reflects the main changes, such as 'Replace go-logging with slog-based logger and update dependencies' or 'Refactor logging to use slog and update Go/dependencies'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ma-04]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

14-24: ⚠️ Potential issue | 🟠 Major

Run the final image as non-root user.

The runtime stage has no USER, so ofelia runs as root. That is a security hardening gap and is also flagged by static analysis.

🔒 Suggested hardening patch

 FROM alpine:3.23
 
 # this label is required to identify container with ofelia running
 LABEL ofelia.service=true
 LABEL ofelia.enabled=true
 
-RUN apk --no-cache add ca-certificates tini tzdata
+RUN apk --no-cache add ca-certificates tini tzdata \
+    && addgroup -S ofelia \
+    && adduser -S -G ofelia ofelia
 
 COPY --from=builder /go/bin/ofelia /usr/bin/ofelia
 
+USER ofelia
 ENTRYPOINT ["/sbin/tini", "/usr/bin/ofelia"]

If you mount /var/run/docker.sock, ensure runtime group permissions are handled (for example via group_add matching socket GID).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 14 - 24, The image launches ofelia as root; add a
non-root runtime user and set USER before ENTRYPOINT so ofelia runs
unprivileged—create a minimal user/group (e.g. ofelia user), ensure binary
ownership and any required runtime dirs are chowned to that user (refer to the
copied binary /usr/bin/ofelia and ENTRYPOINT), and document/handle socket access
by allowing group membership or advising group_add for the Docker socket GID
when mounting /var/run/docker.sock.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@Dockerfile`:
- Around line 14-24: The image launches ofelia as root; add a non-root runtime
user and set USER before ENTRYPOINT so ofelia runs unprivileged—create a minimal
user/group (e.g. ofelia user), ensure binary ownership and any required runtime
dirs are chowned to that user (refer to the copied binary /usr/bin/ofelia and
ENTRYPOINT), and document/handle socket access by allowing group membership or
advising group_add for the Docker socket GID when mounting /var/run/docker.sock.

---

ℹ️ Review info

Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3fc9fff3-224f-4b7b-9e21-248acb876272

📥 Commits

Reviewing files that changed from the base of the PR and between c82c63e and ebd2b12.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (4)

• Dockerfile
• README.md
• go.mod
• integration/test-run-exec/docker-compose.yml

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

cli/docker_handler.go (1)

118-118: Keep the original error in fallback log context.

Line 118 logs the fallback action but omits err, which makes root-cause diagnosis harder.

🛠️ Suggested tweak

-		c.logger.Debug("Failed to extract ofelia's container ID. Trying with container hostname instead...")
+		c.logger.Debug("Failed to extract ofelia's container ID. Trying with container hostname instead...", "error", err)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cli/docker_handler.go` at line 118, The fallback debug log "Failed to extract
ofelia's container ID. Trying with container hostname instead..." omits the
original error; update the logging call in the Docker handler (the method in
cli/docker_handler.go where c.logger.Debug is invoked) to include the original
error variable (err) in the log context/message so the fallback log contains the
root-cause error information (e.g., include err as a field or append err.Error()
to the message).

middlewares/common_test.go (1)

67-70: Consider aligning parameter names and types with the Logger interface.

The TestLogger methods use (format string, args ...interface{}) but the Logger interface in core/common.go:226-231 defines (str string, args ...any). While interface{} and any are type aliases and this compiles correctly, matching the interface signature exactly improves consistency.

♻️ Suggested alignment with interface

-func (*TestLogger) Debug(format string, args ...interface{})   {}
-func (*TestLogger) Error(format string, args ...interface{})   {}
-func (*TestLogger) Info(format string, args ...interface{})    {}
-func (*TestLogger) Warning(format string, args ...interface{}) {}
+func (*TestLogger) Debug(str string, args ...any)   {}
+func (*TestLogger) Error(str string, args ...any)   {}
+func (*TestLogger) Info(str string, args ...any)    {}
+func (*TestLogger) Warning(str string, args ...any) {}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@middlewares/common_test.go` around lines 67 - 70, Update the TestLogger
method signatures to exactly match the Logger interface by changing each method
(Debug, Error, Info, Warning) to accept parameters named "str string, args
...any" instead of "format string, args ...interface{}"; this aligns parameter
names and uses the same type alias (any) as in core/common.go's Logger interface
for consistency.

cli/config_test.go (1)

22-25: Consider renaming format parameter to msg or str for clarity.

The parameter is named format but the new logging API uses structured key-value pairs rather than printf-style formatting. Renaming to msg or str (matching the Logger interface in core/common.go) would better reflect the actual usage pattern.

♻️ Suggested rename

-func (*TestLogger) Debug(format string, args ...interface{})   {}
-func (*TestLogger) Error(format string, args ...interface{})   {}
-func (*TestLogger) Info(format string, args ...interface{})    {}
-func (*TestLogger) Warning(format string, args ...interface{}) {}
+func (*TestLogger) Debug(msg string, args ...interface{})   {}
+func (*TestLogger) Error(msg string, args ...interface{})   {}
+func (*TestLogger) Info(msg string, args ...interface{})    {}
+func (*TestLogger) Warning(msg string, args ...interface{}) {}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cli/config_test.go` around lines 22 - 25, Rename the parameter named `format`
to `msg` (or `str`) in the TestLogger methods to match the structured logging
API and the `Logger` interface in core/common.go: update the method signatures
for Debug, Error, Info, and Warning on type `*TestLogger` so they accept `msg
string, args ...interface{}` (or `str string, ...`) instead of `format string,
...`, and adjust any internal references to this parameter accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@core/cron_utils.go`:
- Around line 12-18: The Info method signature uses variadic ...any which breaks
implementation of robfig/cron v3 Logger; update CronUtils.Info to use the same
variadic type as CronUtils.Error (i.e., ...interface{}) so both Info and Error
match the cron.Logger interface expected by cron.WithLogger; modify the function
signature for CronUtils.Info accordingly while keeping its body unchanged.

In `@middlewares/slack.go`:
- Around line 64-67: The logs are currently emitting the sensitive Slack webhook
(m.SlackWebhook) via ctx.Logger.Error in the error paths; remove the webhook
from the log payload or replace it with a redacted/masked value before logging
to avoid secret exposure. Update the calls in the error handling branches (the
ctx.Logger.Error usages that reference m.SlackWebhook and r.Status/r.StatusCode)
to omit the "webhook" key or substitute a safe string like "<redacted webhook>"
or a masked snippet, ensuring no raw webhook URL appears in logs.
- Around line 62-67: The HTTP response from http.PostForm in
middlewares/slack.go is never closed which leaks connections; update the block
where r, err := http.PostForm(m.SlackWebhook, values) is handled so that when
err == nil you immediately ensure the body is closed (e.g., defer r.Body.Close()
or read io.Copy(io.Discard, r.Body) and then r.Body.Close()) before any returns
or logging; modify the handler around the PostForm call (referencing variables
r, err, m.SlackWebhook and ctx.Logger) to always close r.Body in both the 200
and non-200 response paths.

---

Nitpick comments:
In `@cli/config_test.go`:
- Around line 22-25: Rename the parameter named `format` to `msg` (or `str`) in
the TestLogger methods to match the structured logging API and the `Logger`
interface in core/common.go: update the method signatures for Debug, Error,
Info, and Warning on type `*TestLogger` so they accept `msg string, args
...interface{}` (or `str string, ...`) instead of `format string, ...`, and
adjust any internal references to this parameter accordingly.

In `@cli/docker_handler.go`:
- Line 118: The fallback debug log "Failed to extract ofelia's container ID.
Trying with container hostname instead..." omits the original error; update the
logging call in the Docker handler (the method in cli/docker_handler.go where
c.logger.Debug is invoked) to include the original error variable (err) in the
log context/message so the fallback log contains the root-cause error
information (e.g., include err as a field or append err.Error() to the message).

In `@middlewares/common_test.go`:
- Around line 67-70: Update the TestLogger method signatures to exactly match
the Logger interface by changing each method (Debug, Error, Info, Warning) to
accept parameters named "str string, args ...any" instead of "format string,
args ...interface{}"; this aligns parameter names and uses the same type alias
(any) as in core/common.go's Logger interface for consistency.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d96bfc98-709f-4838-b39d-236e71ee3781

📥 Commits

Reviewing files that changed from the base of the PR and between ebd2b12 and e454ef1.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (21)

• README.md
• cli/config.go
• cli/config_test.go
• cli/daemon.go
• cli/docker_handler.go
• cli/validate.go
• core/common.go
• core/common_test.go
• core/cron_utils.go
• core/logger.go
• core/runjob.go
• core/runjob_test.go
• core/runservice.go
• core/runservice_test.go
• core/scheduler.go
• go.mod
• middlewares/common_test.go
• middlewares/mail.go
• middlewares/save.go
• middlewares/slack.go
• ofelia.go

✅ Files skipped from review due to trivial changes (3)

• middlewares/save.go
• README.md
• go.mod