feat: add version check system with update notifications (#195) (#195)

xTITUSMAXIMUSX · web-flow · commit 9bed5225c62f · 2026-03-19T16:29:06.000-05:00
Add a versioning system so users running Docker images can see their
  current version and be notified when updates are available.

  - Add VERSION file as single source of truth (1.0.0-beta.1)
  - Add backend /vyos/version/check endpoint that compares local version
    against latest GitHub release (1-hour cache, no auth required)
  - Add frontend version service and display version/update info in the
    dashboard beta banner
  - Inject VYMANAGER_VERSION and VYMANAGER_ENV into Docker images via
    build args in both Dockerfiles and CI workflows
  - Add GitHub Release workflow that triggers on version tags
  - Support ALLOWED_DEV_ORIGINS env var in next.config.ts for dev HMR
    through reverse proxies
  - Sync package.json versions to 1.0.0-beta.1
diff --git a/.github/workflows/docker-publish-backend.yml b/.github/workflows/docker-publish-backend.yml
@@ -69,6 +69,10 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
+      - name: Read VERSION file
+        id: version
+        run: echo "version=$(cat VERSION)" >> "$GITHUB_OUTPUT"
+
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
@@ -82,6 +86,8 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          build-args: |
+            VYMANAGER_VERSION=${{ steps.version.outputs.version }}
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
diff --git a/.github/workflows/docker-publish-frontend.yml b/.github/workflows/docker-publish-frontend.yml
@@ -69,6 +69,10 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
+      - name: Read VERSION file
+        id: version
+        run: echo "version=$(cat VERSION)" >> "$GITHUB_OUTPUT"
+
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
@@ -82,6 +86,8 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          build-args: |
+            VYMANAGER_VERSION=${{ steps.version.outputs.version }}
 
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,34 @@
+name: Create GitHub Release
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check if prerelease
+        id: prerelease
+        run: |
+          TAG="${GITHUB_REF#refs/tags/}"
+          if echo "$TAG" | grep -qi "beta\|alpha\|rc"; then
+            echo "is_prerelease=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "is_prerelease=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true
+          prerelease: ${{ steps.prerelease.outputs.is_prerelease == 'true' }}
diff --git a/Dockerfile.backend b/Dockerfile.backend
@@ -4,6 +4,11 @@
 
 FROM python:3.11-slim
 
+ARG VYMANAGER_VERSION=dev
+ARG VYMANAGER_ENV=production
+ENV VYMANAGER_VERSION=${VYMANAGER_VERSION}
+ENV VYMANAGER_ENV=${VYMANAGER_ENV}
+
 # Set working directory
 WORKDIR /app
 
diff --git a/Dockerfile.frontend b/Dockerfile.frontend
@@ -5,6 +5,11 @@
 # ---- Build Stage ----
 FROM node:24-alpine AS builder
 
+ARG VYMANAGER_VERSION=dev
+ARG VYMANAGER_ENV=production
+ENV NEXT_PUBLIC_VYMANAGER_VERSION=${VYMANAGER_VERSION}
+ENV NEXT_PUBLIC_VYMANAGER_ENV=${VYMANAGER_ENV}
+
 WORKDIR /app
 
 # Install required system packages
diff --git a/VERSION b/VERSION
@@ -0,0 +1 @@
+1.0.0-beta.1
diff --git a/backend/app.py b/backend/app.py
@@ -55,6 +55,7 @@
 from routers.load_balancing import load_balancing as load_balancing_router
 from routers.isis import isis as isis_router
 from routers.mpls import mpls as mpls_router
+from routers import version as version_router
 
 # Global variables
 db_pool: Optional[asyncpg.Pool] = None
@@ -205,7 +206,7 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(
     title="VyOS Management API",
-    version="1.0.0",
+    version=os.environ.get("VYMANAGER_VERSION", "dev"),
     description="FastAPI backend for managing VyOS devices with version-aware commands",
     lifespan=lifespan,
 )
@@ -297,6 +298,7 @@ async def get_permissions(request: Request) -> dict:
 app.include_router(load_balancing_router.router)
 app.include_router(isis_router.router)
 app.include_router(mpls_router.router)
+app.include_router(version_router.router)
 
 
 # ============================================================================
diff --git a/backend/middleware/auth.py b/backend/middleware/auth.py
@@ -38,6 +38,7 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
         "/api/auth/session",
         "/session/onboarding-status",  # Must be public to check if first-time setup is needed
         "/vyos/monitoring/ws/monitor",  # WebSocket auth handled inside handler
+        "/vyos/version/check",  # Version check is public
     }
 
     # Endpoints that should NOT update activity timestamp
diff --git a/backend/routers/version.py b/backend/routers/version.py
@@ -0,0 +1,135 @@
+"""
+Version Check Endpoint
+
+Provides current version info and checks GitHub for available updates.
+No authentication required — version info is not sensitive.
+"""
+
+import logging
+import os
+import time
+from typing import Optional
+
+import httpx
+from fastapi import APIRouter
+from pydantic import BaseModel
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/vyos/version", tags=["version"])
+
+GITHUB_REPO = "Community-VyProjects/VyManager"
+CACHE_TTL_SECONDS = 3600  # 1 hour
+
+
+class VersionCheckResponse(BaseModel):
+    current_version: str
+    latest_version: Optional[str] = None
+    update_available: bool = False
+    release_url: Optional[str] = None
+    published_at: Optional[str] = None
+    environment: str
+
+
+# Simple in-memory cache
+_cache: dict[str, object] = {}
+_cache_time: float = 0.0
+
+
+async def _fetch_latest_release() -> Optional[dict[str, str]]:
+    """Fetch the latest release from GitHub API with 1-hour caching."""
+    global _cache, _cache_time
+
+    now = time.time()
+    if _cache and (now - _cache_time) < CACHE_TTL_SECONDS:
+        return _cache  # type: ignore[return-value]
+
+    try:
+        async with httpx.AsyncClient(timeout=10.0) as client:
+            resp = await client.get(
+                f"https://api.github.com/repos/{GITHUB_REPO}/releases/latest",
+                headers={"Accept": "application/vnd.github+json"},
+            )
+            if resp.status_code == 200:
+                data = resp.json()
+                result = {
+                    "tag_name": data.get("tag_name", ""),
+                    "html_url": data.get("html_url", ""),
+                    "published_at": data.get("published_at", ""),
+                }
+                _cache = result
+                _cache_time = now
+                return result
+            logger.warning("GitHub API returned status %d", resp.status_code)
+            return None
+    except Exception:
+        logger.exception("Failed to fetch latest release from GitHub")
+        return None
+
+
+def _parse_version(version_str: str) -> Optional[tuple[int, ...]]:
+    """Parse a version string like '1.0.0-beta.1' into comparable tuples.
+
+    Returns a tuple suitable for comparison. Beta versions sort below their
+    release counterpart (e.g. 1.0.0-beta.1 < 1.0.0).
+    """
+    clean = version_str.lstrip("v")
+    try:
+        # Split on hyphen: "1.0.0-beta.1" -> ["1.0.0", "beta.1"]
+        parts = clean.split("-", 1)
+        core = tuple(int(x) for x in parts[0].split("."))
+
+        if len(parts) == 1:
+            # Release version: use a high pre-release marker so it sorts above betas
+            return core + (1, 0)
+
+        # Pre-release: extract the numeric suffix
+        pre = parts[1]  # e.g. "beta.1"
+        pre_parts = pre.split(".")
+        pre_num = int(pre_parts[-1]) if pre_parts[-1].isdigit() else 0
+        # 0 in the fourth position means pre-release (sorts below release's 1)
+        return core + (0, pre_num)
+    except (ValueError, IndexError):
+        return None
+
+
+def _is_update_available(current: str, latest: str) -> bool:
+    """Compare version strings. Returns True if latest > current."""
+    if current == "dev":
+        return False
+
+    current_tuple = _parse_version(current)
+    latest_tuple = _parse_version(latest)
+
+    if current_tuple is None or latest_tuple is None:
+        return False
+
+    return latest_tuple > current_tuple
+
+
+@router.get("/check", response_model=VersionCheckResponse)
+async def check_version() -> VersionCheckResponse:
+    """Check for available updates against the latest GitHub release."""
+    current_version = os.environ.get("VYMANAGER_VERSION", "dev")
+    environment = os.environ.get("VYMANAGER_ENV", "dev")
+
+    release = await _fetch_latest_release()
+
+    if not release:
+        return VersionCheckResponse(
+            current_version=current_version,
+            update_available=False,
+            environment=environment,
+        )
+
+    tag = release["tag_name"]
+    latest_version = tag.lstrip("v")
+
+    return VersionCheckResponse(
+        current_version=current_version,
+        latest_version=latest_version,
+        update_available=_is_update_available(current_version, latest_version),
+        release_url=release["html_url"],
+        published_at=release["published_at"],
+        environment=environment,
+    )
diff --git a/frontend/next.config.ts b/frontend/next.config.ts
@@ -7,6 +7,13 @@ const nextConfig: NextConfig = {
   //
   // This allows users to set BACKEND_URL=http://some-host:8000 in their .env
   // without needing to rebuild the Docker image.
+
+  // Allow dev HMR from custom origins (for reverse proxy / custom domain access).
+  // Set ALLOWED_DEV_ORIGINS as a comma-separated list in .env, e.g.:
+  //   ALLOWED_DEV_ORIGINS=mysite.example.com,other.example.com
+  ...(process.env.ALLOWED_DEV_ORIGINS
+    ? { allowedDevOrigins: process.env.ALLOWED_DEV_ORIGINS.split(",").map(s => s.trim()) }
+    : {}),
 };
 
 export default nextConfig;
diff --git a/frontend/package.json b/frontend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "vymanager-temp",
-  "version": "0.1.0",
+  "version": "1.0.0-beta.1",
   "private": true,
   "scripts": {
     "dev": "next dev",
diff --git a/frontend/src/app/page.tsx b/frontend/src/app/page.tsx
@@ -5,10 +5,11 @@ import { useRouter } from "next/navigation";
 import { Loader2, Plus, Save, Edit3, X } from "lucide-react";
 import { AppLayout } from "@/components/layout/AppLayout";
 import { Button } from "@/components/ui/button";
-import { Github, Globe, MessageCircle, Sparkles } from "lucide-react";
+import { Github, Globe, MessageCircle, Sparkles, ArrowUpCircle, Tag } from "lucide-react";
 import { useSession } from "@/lib/auth-client";
 import { useSessionStore } from "@/store/session-store";
 import { dashboardService, DashboardCard, DashboardLayout } from "@/lib/api/dashboard";
+import { versionService, VersionCheckResponse } from "@/lib/api/version";
 import { InterfaceStatisticsCard } from "@/components/dashboard/InterfaceStatisticsCard";
 import { SystemInfoCard } from "@/components/dashboard/SystemInfoCard";
 import { WireGuardPeersCard } from "@/components/dashboard/WireGuardPeersCard";
@@ -119,6 +120,7 @@ export default function Home() {
   const [saving, setSaving] = useState(false);
   const [activeId, setActiveId] = useState<string | null>(null);
   const [canEditDashboard, setCanEditDashboard] = useState(false);
+  const [versionInfo, setVersionInfo] = useState<VersionCheckResponse | null>(null);
 
   const sensors = useSensors(
     useSensor(PointerSensor, {
@@ -193,6 +195,9 @@ export default function Home() {
       // Always try to load dashboard - the API will return empty if no layout exists
       await loadDashboard();
 
+      // Check for version updates
+      versionService.checkVersion().then(setVersionInfo).catch(() => {});
+
       // Check if user has permission to edit the dashboard layout
       try {
         const perms = await fetch("/api/vyos/permissions", { credentials: "include" });
@@ -562,6 +567,32 @@ export default function Home() {
               </div>
 
               <div className="flex flex-wrap gap-4 text-sm">
+                {versionInfo && (
+                  <div className="flex items-center gap-2">
+                    <Tag className="h-4 w-4 text-muted-foreground" />
+                    <span className="text-muted-foreground">
+                      v{versionInfo.current_version}
+                    </span>
+                    {versionInfo.environment === "dev" && (
+                      <span className="px-1.5 py-0.5 rounded text-[10px] font-semibold uppercase bg-yellow-500/20 text-yellow-600 dark:text-yellow-400">
+                        dev
+                      </span>
+                    )}
+                  </div>
+                )}
+
+                {versionInfo?.update_available && (
+                  <a
+                    href={versionInfo.release_url ?? "#"}
+                    target="_blank"
+                    rel="noopener noreferrer"
+                    className="flex items-center gap-1.5 text-emerald-600 dark:text-emerald-400 hover:text-emerald-500 font-medium transition-colors"
+                  >
+                    <ArrowUpCircle className="h-4 w-4" />
+                    v{versionInfo.latest_version} available
+                  </a>
+                )}
+
                 <div className="flex items-center gap-2">
                   <Github className="h-4 w-4 text-muted-foreground" />
                   <span className="text-muted-foreground">Development by</span>
diff --git a/frontend/src/lib/api/version.ts b/frontend/src/lib/api/version.ts
@@ -0,0 +1,23 @@
+/**
+ * Version Check API Service
+ * Checks for available VyManager updates against GitHub releases.
+ */
+
+import { apiClient } from "./client";
+
+export interface VersionCheckResponse {
+  current_version: string;
+  latest_version: string | null;
+  update_available: boolean;
+  release_url: string | null;
+  published_at: string | null;
+  environment: string;
+}
+
+class VersionService {
+  async checkVersion(): Promise<VersionCheckResponse> {
+    return apiClient.get<VersionCheckResponse>("/vyos/version/check");
+  }
+}
+
+export const versionService = new VersionService();
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "vymanager-open-beta",
-  "version": "1.0.0",
+  "version": "1.0.0-beta.1",
   "description": "VyManager Open Beta Community Release - Monorepo for Frontend and Backend for VyOS Management",
   "private": true,
   "scripts": {

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):`
`38`	`38`	`"/api/auth/session",`
`39`	`39`	`"/session/onboarding-status", # Must be public to check if first-time setup is needed`
`40`	`40`	`"/vyos/monitoring/ws/monitor", # WebSocket auth handled inside handler`
	`41`	`+ "/vyos/version/check", # Version check is public`
`41`	`42`	`}`
`42`	`43`
`43`	`44`	`# Endpoints that should NOT update activity timestamp`