Files
ccs/.dockerignore
T
kaitrannttandopastorello b38641002f fix(docker): address security and reproducibility issues
Fixes from maintainer review:

.dockerignore:
- Add .env* files to prevent secret leakage (CRITICAL)
- Add tests/, docs/, IDE files to reduce build context
- Add organized comments for maintainability

Dockerfile:
- Pin bun version (ARG BUN_VERSION=1.2.2) for reproducible builds
- Add build artifact validation step
- Add npm cache clean to reduce image size
- Add section comments for readability

docker-compose.yml:
- Add grok_home volume for grok-cli persistence
- Add start_period to healthcheck for slow starts
- Add resource limits (1G RAM, 2 CPUs) with reservations
- Add documentation comments

entrypoint.sh:
- Improve chown error handling with warning message
- Add usage help when no command provided

README.md:
- Add Resource Limits section with examples
- Add Graceful Shutdown documentation
- Add Troubleshooting section (permissions, ports, restart loops)
- Add Security Notes section
- Update persistence docs to include grok-cli

Co-authored-by: opastorello <nicolas@pastorello-lab.com.br>
2026-01-18 08:10:44 -05:00

48 lines
503 B
Plaintext

# Git and GitHub
.git
.github
.husky
# Dependencies
node_modules
ui/node_modules
# Build outputs (rebuilt in container)
dist
ui/dist
ui/.vite
# Test and coverage
coverage
ui/coverage
tests
**/__tests__
# Environment files (SECURITY: prevent secret leakage)
.env
.env.*
.env.local
.env.production
.env.development
# Documentation (not needed for runtime)
docs
*.md
!README.md
!LICENSE
# Logs and OS files
*.log
.DS_Store
Thumbs.db
# IDE and editor
.vscode
.idea
*.swp
*.swo
# Misc
*.tgz
*.tar.gz