fix(docker): remediate all DockerSpec violations for field trial
- Replace docker-compose.yml → compose.yaml (modern Compose Spec, no version header) - Replace docker-compose.monitoring.yml → compose.monitoring.yaml - Remove deprecated version: '3.x' headers from both compose files - Add dedicated app-tier bridge network (no default bridge) - Add restart: unless-stopped to all services - Add deploy.resources.limits (memory + cpu) to all services - Add healthcheck to app service (curl /health) - Add healthchecks to prometheus and grafana in monitoring overlay - Externalize postgres credentials to env vars (POSTGRES_USER/PASSWORD/DB) - Externalize grafana admin password to GF_ADMIN_PASSWORD env var - Make env_file optional (required: false) for CI/field-trial environments - Update Dockerfile: node:18-alpine → node:20.11-bookworm-slim (pinned version) - Add explicit non-root system user/group (nodejs:1001/nodeapp:1001) - Add curl install to final stage for healthcheck probe - Copy src/db/migrations from build stage (not host bind) - Expand .dockerignore: tmp/, temp/, *.env.*, compose files, Dockerfiles - Add .env.example to git (was ignored by .env.* rule — add !.env.example exception) - Add POSTGRES_USER/PASSWORD/DB and GF_ADMIN_PASSWORD to .env.example All compose files pass: docker compose config --quiet ✅ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
SentryAgent.ai Developer
@@ -1,7 +1,7 @@
|
||||
# Dependencies
|
||||
# Dependencies — never bake into image
|
||||
node_modules/
|
||||
|
||||
# Compiled output (built inside Docker)
|
||||
# Compiled output — built inside Docker
|
||||
dist/
|
||||
|
||||
# Test artifacts
|
||||
@@ -10,7 +10,18 @@ tests/
|
||||
|
||||
# Environment and secrets — never bake into image
|
||||
.env
|
||||
.env.*
|
||||
*.pem
|
||||
*.key
|
||||
*.cert
|
||||
|
||||
# Docker files — not needed inside the image
|
||||
compose.yaml
|
||||
compose.*.yaml
|
||||
docker-compose.yml
|
||||
docker-compose*.yml
|
||||
Dockerfile*
|
||||
.dockerignore
|
||||
|
||||
# Development workspace
|
||||
.cto-workspace/
|
||||
@@ -21,11 +32,23 @@ next_steps.md
|
||||
# Git
|
||||
.git/
|
||||
.gitignore
|
||||
.gitattributes
|
||||
|
||||
# Editor
|
||||
.vscode/
|
||||
.idea/
|
||||
*.swp
|
||||
*.swo
|
||||
|
||||
# OS artifacts
|
||||
.DS_Store
|
||||
Thumbs.db
|
||||
|
||||
# Logs
|
||||
*.log
|
||||
npm-debug.log*
|
||||
logs/
|
||||
|
||||
# Temporary directories
|
||||
tmp/
|
||||
temp/
|
||||
|
||||
Reference in New Issue
Block a user