Skip to content

infra: create backend Dockerfile with multi-stage build targets #6

Description

@snowrugar-beep

Problem Statement

The CI pipeline docker-build-pipeline.yml references a Dockerfile at docker/backend.Dockerfile with three build targets (build, test, production), but this file does not exist on disk. The entire Docker image pipeline is broken.

Evidence

  • infrastructure/ci/docker-build-pipeline.yml — References docker/backend.Dockerfile
  • docker/backend.Dockerfile — FILE_DOES_NOT_EXIST
  • docker/frontend.Dockerfile — FILE_DOES_NOT_EXIST
  • docker/docker-compose.yml — FILE_DOES_NOT_EXIST

Impact

CI/CD pipeline is broken — Docker images cannot be built or deployed. The build, test, security-scan, and push jobs all fail.

Proposed Solution

Create a multi-stage Dockerfile at docker/backend.Dockerfile with:

  • build stage: install deps, run nest build
  • test stage: install dev deps, run tests with coverage
  • production stage: copy compiled output, install production deps only, run with node user

Technical Requirements

  • Must use Node.js 20 as base image
  • Must use distroless or alpine for production stage
  • Must not run as root in production
  • Must support the target names used by CI: build, test, production
  • Must include healthcheck instruction

Acceptance Criteria

  1. docker build --target build -f docker/backend.Dockerfile . succeeds
  2. docker build --target test -f docker/backend.Dockerfile . succeeds and runs tests
  3. docker build --target production -f docker/backend.Dockerfile . produces <200MB image
  4. Production container starts and responds on port 3000
  5. Production container runs as non-root user
  6. CI docker-build-pipeline.yml passes with the new Dockerfile

File Inventory

  • docker/backend.Dockerfile (new)
  • docker/.dockerignore (new, recommended)

Dependencies

None.

Testing Strategy

  • CI build job should succeed
  • Security scan should pass with no critical/high vulnerabilities
  • Manual verification that production container starts and responds

Security Considerations

  • Use non-root user in production
  • Minimal base image to reduce attack surface
  • Do not include dev dependencies or source code in production image

Definition of Done

  • Dockerfile created
  • All CI build targets work
  • Production image under 200MB
  • Non-root user in production
  • Security considerations addressed

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions