d-bis/CurrenciCombo
4
0
Fork 0
Code Issues Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
ebd0ebf1f02bd012e1d14bb6188151ed7a410b05
CurrenciCombo/orchestrator/Dockerfile
Devin AI ebd0ebf1f0
Some checks failed
CI / Frontend Lint (pull_request) Failing after 7s
Details
CI / Frontend Type Check (pull_request) Failing after 8s
Details
CI / Frontend Build (pull_request) Failing after 5s
Details
CI / Frontend E2E Tests (pull_request) Failing after 8s
Details
CI / Orchestrator Build (pull_request) Failing after 5s
Details
CI / Orchestrator Unit Tests (pull_request) Failing after 6s
Details
CI / Orchestrator E2E (Testcontainers) (pull_request) Has been skipped
Details
CI / Contracts Compile (pull_request) Failing after 7s
Details
CI / Contracts Test (pull_request) Failing after 5s
Details
Code Quality / SonarQube Analysis (pull_request) Failing after 19s
Details
Code Quality / Code Quality Checks (pull_request) Failing after 7s
Details
Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 3s
Details
Security Scan / OWASP ZAP Scan (pull_request) Failing after 3s
Details
PR Z: sandbox deployment scaffolding (deploy script + Dockerfiles + compose) 
- contracts/scripts/deploy-notary-registry.ts: self-compiling ethers v6
  deploy for NotaryRegistry.sol (solc-js in-process — avoids hardhat's
  HH1006 on contracts/node_modules), with NOTARY_DRY_RUN mode and a
  machine-readable JSON envelope as last stdout line.
- contracts/hardhat.config.ts: chain138 network (RPC defaults to the
  public endpoint that resolves EXT-CHAIN138-CI-RPC).
- orchestrator/Dockerfile: multi-stage node:20-alpine build, non-root
  user, dumb-init, /health HEALTHCHECK on :8080.
- Dockerfile (root, portal): multi-stage vite build → nginx:1.27-alpine,
  VITE_ORCHESTRATOR_URL baked at build time.
- nginx.conf: SPA fallback + long-cache /assets, sourcemaps denied.
- docker-compose.yml: full sandbox stack (postgres 15 + redis 7 +
  orchestrator + portal), all secrets parameterised via env_file.
- .env.sandbox.example: template with EXT-* blocker env vars documented
  and CHAIN_138_RPC_URL defaulting to the resolved public endpoint.
- .dockerignore: excludes node_modules, artifacts, cache, terraform, k8s.
- orchestrator/src/config/env.ts: emptyToUndefined() preprocess so zod
  optional regex fields validate empty-string identically to unset
  (fixes docker-compose NOTARY_REGISTRY_ADDRESS= sandbox booting).

Headless smoke test on this box:
- docker compose --env-file .env.sandbox up -d → all 4 containers
  reported Healthy.
- curl /ready → {"ready":true}
- curl portal / → HTTP 200 with correct <title>.
- orchestrator boot log prints all 7 EXT-* IDs (6 active, 1 resolved).
- /health returns 503 on this particular builder because memory is
  'critical' — DB + Redis both 'up'; this is environment-specific and
  not caused by PR Z.

Unit: 13 suites / 167 tests still pass after env.ts preprocess change.
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
2026-04-22 22:18:20 +00:00

55 lines
1.8 KiB
Docker
Raw Blame History

# Multi-stage build for the CurrenciCombo orchestrator.
#
# Context MUST be the orchestrator/ directory so the build does not
# need to traverse the whole repo. Build from repo root with:
#
# docker build -t currencicombo/orchestrator:local -f orchestrator/Dockerfile orchestrator/
#
# or via docker-compose (see docker-compose.yml at repo root).
# ------- deps stage -------
FROM node:20-alpine AS deps
WORKDIR /app
COPY package.json package-lock.json ./
# `fsevents` is a darwin-only optional dep pulled in transitively via
# ganache + jest; npm 10's `ci` still validates the darwin-pinned
# entries on linux builders and fails with EBADPLATFORM. Use
# `npm install --omit=optional` to sidestep the strict check; we do
# not need reproducible nested optional resolutions for a runtime-only
# image (the tsc build only touches first-party deps).
RUN npm install --omit=optional --no-audit --no-fund --ignore-scripts
# ------- build stage -------
FROM node:20-alpine AS build
WORKDIR /app
COPY package.json package-lock.json ./
COPY --from=deps /app/node_modules ./node_modules
COPY tsconfig.json ./
COPY src ./src
RUN npm run build
# ------- runtime stage -------
FROM node:20-alpine AS runtime
WORKDIR /app
ENV NODE_ENV=production
ENV PORT=8080
RUN apk add --no-cache dumb-init \
&& addgroup -S orchestrator \
&& adduser -S -G orchestrator orchestrator
COPY package.json package-lock.json ./
RUN npm install --omit=dev --omit=optional --no-audit --no-fund --ignore-scripts \
&& npm cache clean --force
COPY --from=build /app/dist ./dist
USER orchestrator
EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD node -e "require('http').get('http://127.0.0.1:8080/health', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))"
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["node", "dist/index.js"]
Reference in New Issue View Git Blame Copy Permalink