 kaitrannttandopastorello
|
b38641002f
|
fix(docker): address security and reproducibility issues
Fixes from maintainer review:
.dockerignore:
- Add .env* files to prevent secret leakage (CRITICAL)
- Add tests/, docs/, IDE files to reduce build context
- Add organized comments for maintainability
Dockerfile:
- Pin bun version (ARG BUN_VERSION=1.2.2) for reproducible builds
- Add build artifact validation step
- Add npm cache clean to reduce image size
- Add section comments for readability
docker-compose.yml:
- Add grok_home volume for grok-cli persistence
- Add start_period to healthcheck for slow starts
- Add resource limits (1G RAM, 2 CPUs) with reservations
- Add documentation comments
entrypoint.sh:
- Improve chown error handling with warning message
- Add usage help when no command provided
README.md:
- Add Resource Limits section with examples
- Add Graceful Shutdown documentation
- Add Troubleshooting section (permissions, ports, restart loops)
- Add Security Notes section
- Update persistence docs to include grok-cli
Co-authored-by: opastorello <nicolas@pastorello-lab.com.br>
|
2026-01-18 08:10:44 -05:00 |
|