Commit Graph
3 Commits
Author SHA1 Message Date
Kai (Tam Nhu) TranandGitHub 857dac8751 fix(docker): harden integrated service exposure
Squash merge PR #1291 into dev.
2026-05-19 07:45:20 -04:00
kaitrannttandopastorello b38641002f fix(docker): address security and reproducibility issues
Fixes from maintainer review:

.dockerignore:
- Add .env* files to prevent secret leakage (CRITICAL)
- Add tests/, docs/, IDE files to reduce build context
- Add organized comments for maintainability

Dockerfile:
- Pin bun version (ARG BUN_VERSION=1.2.2) for reproducible builds
- Add build artifact validation step
- Add npm cache clean to reduce image size
- Add section comments for readability

docker-compose.yml:
- Add grok_home volume for grok-cli persistence
- Add start_period to healthcheck for slow starts
- Add resource limits (1G RAM, 2 CPUs) with reservations
- Add documentation comments

entrypoint.sh:
- Improve chown error handling with warning message
- Add usage help when no command provided

README.md:
- Add Resource Limits section with examples
- Add Graceful Shutdown documentation
- Add Troubleshooting section (permissions, ports, restart loops)
- Add Security Notes section
- Update persistence docs to include grok-cli

Co-authored-by: opastorello <nicolas@pastorello-lab.com.br>
2026-01-18 08:10:44 -05:00
opastorello a14c7f3f6b feat(docker): add Docker/Compose setup for CCS dashboard 2026-01-17 00:19:53 -03:00