From a23b7867972f6c498e62b1e1611c0ad694caa259 Mon Sep 17 00:00:00 2001 From: Developer Date: Tue, 2 Dec 2025 03:44:11 -0800 Subject: [PATCH] fix(identity-service): fix Dockerfile build and add .dockerignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add .dockerignore to exclude unnecessary files from Docker context - Explicitly copy tsconfig, nest-cli.json, and src directory - Add build verification step (test -f dist/main.js) - Change CMD from npm run to direct node command - Add health check and non-root user for security 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .../services/identity-service/.dockerignore | 50 +++++++++++++++++++ backend/services/identity-service/Dockerfile | 42 ++++++++++++++-- 2 files changed, 87 insertions(+), 5 deletions(-) create mode 100644 backend/services/identity-service/.dockerignore diff --git a/backend/services/identity-service/.dockerignore b/backend/services/identity-service/.dockerignore new file mode 100644 index 00000000..3fef35dd --- /dev/null +++ b/backend/services/identity-service/.dockerignore @@ -0,0 +1,50 @@ +# Dependencies (will be installed fresh in container) +node_modules/ + +# Build output (will be built in container) +dist/ + +# Environment files (will be provided at runtime) +.env +.env.local +.env.development +.env.development.local +.env.test +.env.test.local +.env.production +.env.production.local + +# Git +.git/ +.gitignore + +# IDE +.idea/ +.vscode/ +*.swp +*.swo + +# OS +.DS_Store +Thumbs.db + +# Test +coverage/ +.nyc_output + +# Logs +logs/ +*.log + +# Docker +Dockerfile +docker-compose.yml +.dockerignore + +# Documentation +*.md +*.png +docs/ + +# Claude +.claude/ diff --git a/backend/services/identity-service/Dockerfile b/backend/services/identity-service/Dockerfile index 0c0ca7fa..b355df3b 100644 --- a/backend/services/identity-service/Dockerfile +++ b/backend/services/identity-service/Dockerfile @@ -1,34 +1,66 @@ +# ============================================================================= +# Identity Service Dockerfile +# ============================================================================= + # Build stage FROM node:20-alpine AS builder WORKDIR /app +# Copy package files COPY package*.json ./ +COPY tsconfig*.json ./ +COPY nest-cli.json ./ + +# Copy Prisma schema COPY prisma ./prisma/ +# Install dependencies RUN npm ci # Generate Prisma client (dummy DATABASE_URL for build time only) RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate # Copy source code -COPY . . +COPY src ./src # Build TypeScript RUN npm run build +# Verify build output exists +RUN ls -la dist/ && test -f dist/main.js + # Production stage FROM node:20-alpine WORKDIR /app -COPY --from=builder /app/node_modules ./node_modules +# Install production dependencies only +COPY package*.json ./ +RUN npm ci --only=production + +# Copy Prisma schema and generate client +COPY prisma ./prisma/ +RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate + +# Copy built files COPY --from=builder /app/dist ./dist -COPY --from=builder /app/prisma ./prisma -COPY --from=builder /app/package*.json ./ + +# Create non-root user +RUN addgroup -g 1001 -S nodejs && \ + adduser -S nestjs -u 1001 + +# Switch to non-root user +USER nestjs ENV NODE_ENV=production +# Expose port EXPOSE 3000 -CMD ["npm", "run", "start:prod"] +# Health check +HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \ + CMD wget -q --spider http://localhost:3000/health || exit 1 + +# Start service +CMD ["node", "dist/main.js"]