frckbrice · frckbrice · Feb 9, 2026 · Feb 9, 2026 · Feb 9, 2026 · cursor
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,34 @@
+# Dependencies (reinstalled in container)
+node_modules/
+
+# Build output (rebuilt in container)
+dist/
+
+# Environment and secrets (never bake into image)
+.env
+.env.*
+!.env.example
+
+# Git and IDE
+.git/
+.gitignore
+.vscode/
+.idea/
+
+# Tests and coverage (not needed in image)
+tests/
+coverage/
+*.test.ts
+vitest.config.ts
+
+# Docs and misc
+*.md
+!public/**/README.md
+docs/
+.eslintrc.json
+eslint.config.mjs
+.husky/
+
+# Logs and local
+*.log
+*.local
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -51,7 +51,7 @@ jobs:
 
       - name: Extract repo name
         id: repo
-        run: echo "REPO_NAME=$(echo ${{ github.repository }} | awk -F'/' '{print $2}')" >> $GITHUB_ENV
+        run: echo "REPO_NAME=$(echo ${{ github.repository }} | awk -F'/' '{print tolower($2)}')" >> $GITHUB_ENV
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v5

diff --git a/.gitignore b/.gitignore
@@ -17,4 +17,10 @@ dist/
 .idea/
 
 # Local files
-*.local 
+*.local 
+
+farming-product-REST-api/docs/
+docs/
+
+
+
diff --git a/.husky/pre-push b/.husky/pre-push
@@ -1,4 +1,4 @@
 #!/bin/sh
 . "$(dirname "$0")/_/husky.sh"
 
-yarn format 
+yarn format  && yarn lint && yarn test && yarn build
diff --git a/Dockerfile b/Dockerfile
@@ -1,33 +1,44 @@
-# Use official Node.js 20 image
+# ============== Stage 1: Build ==============
 FROM node:20-alpine AS builder
 
 WORKDIR /app
 
-# Copy package files first
+# Install deps (devDependencies needed for TypeScript build)
 COPY package.json yarn.lock ./
 RUN yarn install --frozen-lockfile
 
-# Copy source files and configs
 COPY . .
-
-# Verify files exist
-RUN ls -la && \
-    echo "Contents of tsconfig.json:" && \
-    cat tsconfig.json
-
-# Build the app
 RUN yarn build
 
-# Production image
+# ============== Stage 2: Production (minimal, non-root) ==============
 FROM node:20-alpine AS prod
+
+# Non-root user (UID/GID 1001 to avoid conflict with node:20-alpine's default 1000)
+RUN addgroup -g 1001 appgroup && \
+    adduser -u 1001 -G appgroup -s /bin/sh -D appuser
+
 WORKDIR /app
 
-# Copy only the necessary files
-COPY --from=builder /app/package.json ./
-COPY --from=builder /app/yarn.lock ./
-COPY --from=builder /app/node_modules ./node_modules
+ENV NODE_ENV=production
+ENV PORT=5003
+# DATABASE_URL is not set in the image (secrets stay out of the build).
+# Pass it at runtime: docker run -e DATABASE_URL="postgresql://..." or use --env-file .env
+
+# Production deps only; clean cache in same layer to avoid bloating image
+COPY package.json yarn.lock ./
+RUN yarn install --frozen-lockfile --production --ignore-optional && \
+    yarn cache clean
+
+# Copy built artifacts from builder
 COPY --from=builder /app/dist ./dist
 COPY --from=builder /app/migrations ./migrations
+COPY --from=builder /app/public ./public
+
+# Own all app files as non-root user
+RUN chown -R appuser:appgroup /app
+
+USER appuser
+
+EXPOSE 5003
 
-EXPOSE 3000
-CMD ["node", "dist/app.js"] 
+CMD ["node", "dist/app.js"]
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,4 +17,10 @@ dist/ @@
     .idea/
     # Local files
-    *.local
+    *.local
+    farming-product-REST-api/docs/
+    docs/