Kyle Pope
dbad9c69b3
- Add .dockerignore for backend and frontend (DC-1: eliminates node_modules/ and .env from build context) - Delete start.sh with --reload flag (DC-2: superseded by Dockerfile CMD) - Create entrypoint.sh with exec uvicorn (DW-5: proper PID 1 signal handling) - Pin base images to patch-level tags (DW-1: reproducible builds) - Reorder Dockerfile: create appuser before COPY, use --chown (DW-2) - Switch to npm ci for lockfile-enforced installs (DW-3) - Add network segmentation: backend_net + frontend_net (DW-4: db unreachable from frontend container) - Add deploy.resources limits to all services (DW-6: OOM protection) - Refactor proxy-params.conf to include security headers, deduplicate from nginx.conf location blocks (DW-7) - Add image/svg+xml to gzip_types (DS-1) - Add wget healthcheck for frontend service (DS-2) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
26 lines
296 B
Plaintext
26 lines
296 B
Plaintext
# Dependencies — rebuilt inside the container from lockfile
|
|
node_modules
|
|
|
|
# Build output — rebuilt inside the container
|
|
dist
|
|
|
|
# Version control
|
|
.git
|
|
.gitignore
|
|
|
|
# Environment files
|
|
.env
|
|
.env.*
|
|
|
|
# IDE
|
|
.vscode
|
|
.idea
|
|
|
|
# Documentation
|
|
*.md
|
|
LICENSE
|
|
|
|
# Docker files
|
|
Dockerfile
|
|
docker-compose*.yaml
|