feat: add Docker support with pre-built image instructions and CI workflow

[JoachimLK]

Summary

• What does this PR change?
• Why is this needed?

Type of change

• Bug fix
• Feature
• Refactor
• Docs
• Chore

Validation

• I tested locally
• I added/updated relevant documentation
• I verified multi-tenant scoping and auth behavior for affected API paths

DCO

• All commits in this PR are signed off (Signed-off-by) via git commit -s

Summary by CodeRabbit

• New Features

  • Introduced pre-built Docker image installation option for faster deployment

• Documentation

  • Restructured Quick Start guide with two clear installation paths: pre-built images and build-from-source
  • Reorganized self-hosting documentation with separate setup and update instructions for each deployment method
  • Added Docker image availability badge

• Chores

  • Added automated Docker image publishing workflow

[railway-app]

🚅 Deployed to the reqcore-pr-143 environment in applirank

Service	Status	Web	Updated (UTC)
applirank	✅ Success (View Logs)		Apr 16, 2026 at 7:06 am

[coderabbitai]

Warning

Rate limit exceeded

@JoachimLK has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 47 minutes and 20 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 47 minutes and 20 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: fa407618-a993-4264-8fca-d99be9c2cda6

📥 Commits

Reviewing files that changed from the base of the PR and between 6f9223d and 29775cb.

📒 Files selected for processing (1)

• .github/workflows/docker-publish.yml

📝 Walkthrough

Walkthrough

This PR introduces automated Docker image publishing via GitHub Actions, adding production deployment documentation and configuration. Users now have two installation paths: using pre-built Docker images from GHCR or building from source. A new production Docker Compose stack is provided alongside updated documentation.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/docker-publish.yml	New workflow triggered on pushes to main and version tags (v*) that builds and publishes multi-architecture Docker images (linux/amd64, linux/arm64) to GHCR and optionally Docker Hub using Docker Buildx, with metadata generation and SBOM/provenance support.
Production Deployment Configuration docker-compose.production.yml	New production-ready Docker Compose stack defining four services: PostgreSQL 16, MinIO S3 storage, pre-built application image from GHCR, and optional Adminer database browser, with health checks and persistent volumes.
User Documentation README.md, SELF-HOSTING.md	Updated installation and update guides introducing two paths: Option A for pre-built images (using docker-compose.production.yml) and Option B for building from source, with corresponding deployment commands for each approach.

Sequence Diagram(s)

sequenceDiagram
    participant GH as GitHub
    participant GHA as GitHub Actions
    participant QEMU as QEMU/Buildx
    participant GHCR as GHCR Registry
    participant DHR as Docker Hub<br/>(optional)
    
    GH->>GHA: push to main or tag v*
    activate GHA
    GHA->>GHA: checkout repo
    GHA->>QEMU: setup QEMU & Buildx
    QEMU->>QEMU: configure multi-arch (amd64, arm64)
    GHA->>GHCR: authenticate
    GHA->>DHR: authenticate (if configured)
    GHA->>GHA: generate image tags & labels<br/>(edge, semver, SHA)
    GHA->>QEMU: build multi-architecture image<br/>with cache & provenance
    QEMU->>GHCR: push image tags
    QEMU->>DHR: push image tags (if enabled)
    GHA->>GHA: attach SBOM & attestation
    deactivate GHA
    GHA->>GH: workflow complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~28 minutes

Poem

🐰 Docker dreams now automated flow,
Two paths for users, swift and slow,
From GHCR's vault to your server's keep,
Multi-arch magic builds run deep!
Production-ready in a compose,
Where reliable containers arose. 🐳✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is a blank template with unchecked boxes and no actual content filled in; it lacks the required summary, change type selection, and validation details.	Complete the description by filling in the summary section explaining what changed and why, selecting the appropriate change type, and confirming validation steps were completed.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main changes: adding Docker support with pre-built image instructions and a CI workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/docker-image

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

docker-compose.production.yml (1)

31-48: Consider pinning the MinIO image version.

Using minio/minio without a tag defaults to latest, which could introduce breaking changes during routine docker compose pull operations. Consider pinning to a specific release (e.g., minio/minio:RELEASE.2024-01-01T00-00-00Z) for production stability.

♻️ Suggested change

  minio:
-   image: minio/minio
+   image: minio/minio:RELEASE.2024-04-06T05-26-02Z
    container_name: reqcore_minio

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docker-compose.production.yml` around lines 31 - 48, The docker-compose
service "minio" uses an unpinned image ("image: minio/minio") which pulls latest
and can introduce breaking changes; update the image field in the minio service
to a specific released tag (e.g., replace "minio/minio" with a pinned tag like
"minio/minio:RELEASE.xxx" or your chosen stable version) so production runs use
a fixed MinIO release and avoid unexpected upgrades.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@docker-compose.production.yml`:
- Around line 31-48: The docker-compose service "minio" uses an unpinned image
("image: minio/minio") which pulls latest and can introduce breaking changes;
update the image field in the minio service to a specific released tag (e.g.,
replace "minio/minio" with a pinned tag like "minio/minio:RELEASE.xxx" or your
chosen stable version) so production runs use a fixed MinIO release and avoid
unexpected upgrades.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 93de2275-216f-4e45-983a-b200b466eddd

📥 Commits

Reviewing files that changed from the base of the PR and between d4ceaf8 and 6f9223d.

📒 Files selected for processing (4)

• .github/workflows/docker-publish.yml
• README.md
• SELF-HOSTING.md
• docker-compose.production.yml