max06 · max06 · Mar 14, 2026 · Mar 1, 2026 · Mar 1, 2026 · Mar 1, 2026
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -2,15 +2,8 @@
 // README at: https://github.com/devcontainers/templates/tree/main/src/docker-existing-dockerfile
 {
 	"name": "Base Gui",
-	"build": {
-		// Sets the run context to one level up instead of the .devcontainer folder.
-		"context": "..",
-		// Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
-		"dockerfile": "../Dockerfile",
-		"args": {
-			"OS": "debian:bookworm"
-		}
-	},
+	// Build using `docker buildx build dev` if image can't be found.
+	"image": "local/base-gui:dev",
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	"features": {
 		"ghcr.io/devcontainers/features/git:1": {},
@@ -19,11 +12,29 @@
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	"forwardPorts": [
 		4000
-	]
+	],
 	// Uncomment the next line to run commands after the container is created.
 	// "postCreateCommand": "cat /etc/os-release",
 	// Configure tool-specific properties.
-	// "customizations": {},
+    "mounts": [
+        {
+            "source": "${localEnv:HOME}${localEnv:USERPROFILE}/.claude.json",
+            "target": "/home/vscode/.claude.json",
+            "type": "bind"
+        },
+        {
+            "source": "${localEnv:HOME}${localEnv:USERPROFILE}/.claude",
+            "target": "/home/vscode/.claude",
+            "type": "bind"
+        }
+    ],
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "Anthropic.claude-code"
+            ]
+        }
+    }
 	// Uncomment to connect as an existing user other than the container default. More info: https://aka.ms/dev-containers-non-root.
 	// "remoteUser": "devcontainer"
 }
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -3,85 +3,133 @@ name: Docker
 on:
   push:
     branches:
-      - master    # Will be `dev`
+      - master
     tags:
-      - v*        # Publish `v1.2.3` tags as releases.
-
-  pull_request:   # Run tests for any PRs.
-
+      - v*
 
 jobs:
-  test:           # See also https://docs.docker.com/docker-hub/builds/automated-testing/
+  prepare:
     runs-on: ubuntu-latest
-
+    outputs:
+      matrix: ${{ steps.filter.outputs.matrix }}
+      targets: ${{ steps.targets.outputs.targets }}
     steps:
-      - uses: actions/checkout@v2
-
-      - name: Run tests
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Generate matrix
+        id: generate
+        uses: docker/bake-action/subaction/matrix@v6
+        with:
+          fields: target,platforms
+      -
+        name: Filter matrix
+        id: filter
+        run: |
+          matrix=$(echo '${{ steps.generate.outputs.matrix }}' | \
+            jq -c '[.[] | select(.target | IN("novnc", "websockify", "dev") | not)]')
+          echo "matrix=$matrix" >> $GITHUB_OUTPUT
+      -
+        name: Extract unique targets
+        id: targets
         run: |
-          if [ -f docker-compose.test.yml ]; then
-            docker-compose --file docker-compose.test.yml build
-            docker-compose --file docker-compose.test.yml run sut
-          else
-            docker build --build-arg OS="debian:trixie-slim" --file Dockerfile .
-          fi
+          targets=$(echo '${{ steps.filter.outputs.matrix }}' | \
+            jq -c '[.[].target] | unique')
+          echo "targets=$targets" >> $GITHUB_OUTPUT
 
   build:
-    runs-on: ubuntu-latest
-
-    needs: test   # Ensure test job passes before pushing image.
-    if: github.event_name == 'push'
-    permissions:
-      contents: read
-      packages: write
-
+    runs-on: ${{ startsWith(matrix.platforms, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    needs:
+      - prepare
     strategy:
+      fail-fast: false
       matrix:
-        os: [bookworm-slim, bookworm, trixie, trixie-slim]
-        include:
-        - os: bookworm-slim
-          image: debian:bookworm-slim
-        - os: bookworm
-          image: debian:bookworm
-        - os: trixie-slim
-          image: debian:trixie-slim
-        - os: trixie
-          image: debian:trixie
-
+        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
     steps:
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Dockerhub Login
-        uses: docker/login-action@v1.10.0
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Dockerhub Login
+        uses: docker/login-action@v3
         with:
           username: max06net
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Build and push by digest
+        id: build
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}
+          set: |
+            ${{ matrix.target }}.platform=${{ matrix.platforms }}
+            ${{ matrix.target }}.tags=docker.io/max06net/base-gui
+            ${{ matrix.target }}.output=type=image,push-by-digest=true,name-canonical=true,push=true
+          provenance: false
+      -
+        name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest=$(echo '${{ steps.build.outputs.metadata }}' | jq -r '."${{ matrix.target }}"."containerimage.digest"')
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+      -
+        name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ matrix.target }}-${{ startsWith(matrix.platforms, 'linux/arm') && 'arm64' || 'amd64' }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
 
-      - name: Docker meta
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+      - build
+    strategy:
+      fail-fast: false
+      matrix:
+        target: ${{ fromJson(needs.prepare.outputs.targets) }}
+    steps:
+      -
+        name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-${{ matrix.target }}-*
+          merge-multiple: true
+      -
+        name: Dockerhub Login
+        uses: docker/login-action@v3
+        with:
+          username: max06net
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      -
+        name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v5
         with:
-          images: max06net/base-gui
+          images: docker.io/max06net/base-gui
           tags: |
-            type=semver,pattern={{version}}-${{ matrix.os }}
-            type=semver,pattern={{major}}.{{minor}}-${{ matrix.os }}
-            type=semver,pattern={{major}}-${{ matrix.os }}
-            type=edge,branch=master,suffix=-${{ matrix.os }}
-
-      - name: Build and push Docker images
-        uses: docker/build-push-action@v4
-        with:
-          build-args: |
-            OS=${{ !matrix.image && matrix.os || matrix.image }}
-          # platforms: # optional
-          pull: true
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
-        # env:
-        #   OS: ${{ matrix.os }}
+            type=semver,pattern={{version}},suffix=-${{ matrix.target }}
+            type=semver,pattern={{major}}.{{minor}},suffix=-${{ matrix.target }}
+            type=semver,pattern={{major}},suffix=-${{ matrix.target }}
+            type=edge,branch=master,suffix=-${{ matrix.target }}
+      -
+        name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create \
+            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'docker.io/max06net/base-gui@sha256:%s ' *)
+      -
+        name: Inspect image
+        run: |
+          docker buildx imagetools inspect docker.io/max06net/base-gui:${{ steps.meta.outputs.version }}
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -0,0 +1,144 @@
+name: PR
+
+on:
+  pull_request:
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.filter.outputs.matrix }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Generate matrix
+        id: generate
+        uses: docker/bake-action/subaction/matrix@v6
+        with:
+          fields: target,platforms
+      -
+        name: Filter matrix
+        id: filter
+        run: |
+          matrix=$(echo '${{ steps.generate.outputs.matrix }}' | \
+            jq -c '[.[] | select(.target | IN("novnc", "websockify", "dev") | not)]')
+          echo "matrix=$matrix" >> $GITHUB_OUTPUT
+
+  validate:
+    runs-on: ${{ startsWith(matrix.platforms, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    needs:
+      - prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{ fromJson(needs.prepare.outputs.matrix) }}
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      -
+        name: Dockerhub Login
+        uses: docker/login-action@v3
+        with:
+          username: max06net
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      -
+        name: Build and push by digest
+        id: build
+        if: endsWith(matrix.target, 'trixie-slim')
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}
+          set: |
+            ${{ matrix.target }}.platform=${{ matrix.platforms }}
+            ${{ matrix.target }}.tags=docker.io/max06net/base-gui
+            ${{ matrix.target }}.output=type=image,push-by-digest=true,name-canonical=true,push=true
+          provenance: false
+
+      -
+        name: Build (cache only)
+        if: "!endsWith(matrix.target, 'trixie-slim')"
+        uses: docker/bake-action@v6
+        with:
+          targets: ${{ matrix.target }}
+          set: |
+            ${{ matrix.target }}.platform=${{ matrix.platforms }}
+            ${{ matrix.target }}.output=type=cacheonly
+
+      -
+        name: Export digest
+        if: endsWith(matrix.target, 'trixie-slim')
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest=$(echo '${{ steps.build.outputs.metadata }}' | jq -r '."${{ matrix.target }}"."containerimage.digest"')
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      -
+        name: Upload digest
+        if: endsWith(matrix.target, 'trixie-slim')
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ matrix.target }}-${{ startsWith(matrix.platforms, 'linux/arm') && 'arm64' || 'amd64' }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - prepare
+      - validate
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - trixie-slim
+    steps:
+      -
+        name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-${{ matrix.target }}-*
+          merge-multiple: true
+
+      -
+        name: Dockerhub Login
+        uses: docker/login-action@v3
+        with:
+          username: max06net
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      -
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: docker.io/max06net/base-gui
+          tags: |
+            type=ref,prefix=pr-,suffix=-${{ matrix.target }},event=pr
+
+      -
+        name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create \
+            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'docker.io/max06net/base-gui@sha256:%s ' *)
+
+      -
+        name: Inspect image
+        run: |
+          docker buildx imagetools inspect docker.io/max06net/base-gui:${{ steps.meta.outputs.version }}