feat: add Dockerfile for heidi-cli

[heidi-dang]

Summary

• Adds Dockerfile for heidi-cli to run in Docker
• Uses Python 3.11 slim base
• Installs heidi-cli via pip install -e .
• Runs heidi serve --host 0.0.0.0 --port 7777
• Skips setup wizard with HEIDI_NO_WIZARD=1

Files

• Dockerfile - Multi-stage Docker build
• docs/DOCKER_HEIDI_CLI.md - Documentation

How Tested

• docker build -t heididang/heidi-cli:dev .
• docker run -d -p 7777:7777 heididang/heidi-cli:dev
• curl http://localhost:7777/health → {"status":"healthy"}
• curl http://localhost:7777/ui/ → 200 (returns "UI Not Built" message)

Notes

• UI is not built in the basic image (requires npm). Add npm to Dockerfile for full UI support.
• Runs as root (can be made non-root in follow-up)
• No secrets baked into image

Acceptance

• ✅ docker build .
• ✅ docker run -p 7777:7777
• ✅ curl returns 200 for /ui/
• ✅ No secrets in image

[gemini-code-assist]

Summary of Changes

Hello @heidi-dang, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the deployability of the heidi-cli application by introducing official Docker support. It provides a streamlined method for users to run the application within a containerized environment, complete with clear instructions and configuration options. This change simplifies the setup process and promotes consistency across different development and production setups.

Highlights

• Dockerization: Introduced a new Dockerfile to containerize the heidi-cli application, enabling easier deployment and consistent environments.
• Base Image: Utilized a python:3.11-slim-bookworm base image for a lightweight and efficient Docker build.
• Application Setup: Configured the Docker image to install heidi-cli in editable mode and run the heidi serve command on port 7777, skipping the setup wizard by default.
• Documentation: Added comprehensive documentation in docs/DOCKER_HEIDI_CLI.md detailing how to build and run the Docker image, including environment variables, ports, and an example for building with UI support.
• Health Check: Implemented a Docker HEALTHCHECK to ensure the container is running and responsive by checking the /health endpoint.

Changelog

• Dockerfile
  • Added a new Dockerfile for heidi-cli.
  • Configured Python 3.11 slim as the base image.
  • Included curl for health checks.
  • Set up pip install -e . for application installation.
  • Exposed port 7777 and defined environment variables for wizard and UI distribution.
  • Added a health check command and the default heidi serve command.
• docs/DOCKER_HEIDI_CLI.md
  • Added new documentation for running Heidi CLI in Docker.
  • Provided quick start instructions for building and running the Docker image.
  • Detailed environment variables, exposed ports, and security considerations.
  • Included an example Dockerfile snippet for building with UI support.
  • Added an optional GitHub Actions workflow for automated Docker image builds and pushes.

Activity

• No human activity (comments, reviews) has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a Dockerfile for heidi-cli, enhancing portability and ease of use. A critical security concern is that the container currently runs as the root user, posing a significant risk. Additionally, the Dockerfile can be improved by adopting multi-stage builds for smaller and more secure images, and some inconsistencies in the documentation need addressing for clarity.

[gemini-code-assist]

The Docker container currently runs as the root user by default, which is a significant security risk. Running with root privileges allows an attacker to perform malicious actions and potentially escalate privileges. To mitigate this, a non-root user should be created and used. Additionally, this Dockerfile can be further improved by adopting a multi-stage build approach. This practice leads to smaller final images, better caching during builds, and enhanced security by reducing the attack surface, as build-time dependencies are excluded from the final image.

FROM python:3.11-slim-bookworm

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Create a non-root user and switch to it
RUN useradd --create-home appuser
USER appuser

COPY . .

RUN pip install --no-cache-dir -e .

EXPOSE 7777

ENV HEIDI_NO_WIZARD=1
ENV HEIDI_UI_DIST=/app/heidi_cli/ui_dist

HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD curl -f http://localhost:7777/health || exit 1

CMD ["heidi", "serve", "--host", "0.0.0.0", "--port", "7777"]

[gemini-code-assist]

The default value for HEIDI_NO_WIZARD is documented as "Not set", but the Dockerfile explicitly sets it to 1 using ENV HEIDI_NO_WIZARD=1. The documentation should be updated to reflect that the setup wizard is disabled by default when running the Docker image.

Suggested change

	| `HEIDI_NO_WIZARD` | Skip setup wizard | Not set |
	| `HEIDI_NO_WIZARD` | Skip setup wizard | `1` |

[gemini-code-assist]

The example Dockerfile for building with the UI can be significantly improved by using a proper multi-stage build. This will create a smaller, more secure, and more efficiently built image by separating the UI build, Python package build, and final runtime environment. The current example also contains incorrect paths for the UI assets.

Here is a revised, more idiomatic multi-stage Dockerfile example that demonstrates this best practice:

FROM node:20-slim as ui-builder
WORKDIR /app
COPY ui/package.json ui/package-lock.json* ./
RUN npm ci
COPY ui/ ./
RUN npm run build -- --base=/ui/

# Stage 2: Build Python wheel with UI assets
FROM python:3.11-slim-bookworm as py-builder
WORKDIR /app
RUN pip install build
COPY pyproject.toml ./
COPY src ./src
# Copy built UI into the source tree before building the wheel
COPY --from=ui-builder /app/dist ./src/heidi_cli/ui_dist
RUN python -m build

# Stage 3: Final image
FROM python:3.11-slim-bookworm
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
    curl \
    && rm -rf /var/lib/apt/lists/*

COPY --from=py-builder /app/dist/*.whl /tmp/
RUN pip install --no-cache-dir /tmp/*.whl && rm -rf /tmp/*.whl

EXPOSE 7777
ENV HEIDI_NO_WIZARD=1
CMD ["heidi", "serve", "--host", "0.0.0.0", "--port", "7777"]