Make the deployed images actually run
CI / test (push) Successful in 25s
CI / lint (push) Successful in 27s
CI / secrets-scan (push) Successful in 5s
CI / vuln-scan (push) Successful in 13s
CI / sast (push) Successful in 11s
CI / build-images (push) Successful in 1m47s
CI / push (push) Successful in 30s
CI / image-scan (push) Successful in 43s
CI / test (push) Successful in 25s
CI / lint (push) Successful in 27s
CI / secrets-scan (push) Successful in 5s
CI / vuln-scan (push) Successful in 13s
CI / sast (push) Successful in 11s
CI / build-images (push) Successful in 1m47s
CI / push (push) Successful in 30s
CI / image-scan (push) Successful in 43s
Two production-only failures the CI scan didn't catch: Backend: the running container was crashing with `Cannot find module '/app/dist/main'`. nest build was emitting `dist/src/main.js` instead of `dist/main.js` because tsconfig.json had no rootDir, so tsc inferred it as `.` and preserved the src/ subdirectory in the output. Set `rootDir: "./src"` to flatten the output. Also exclude prisma/ from tsconfig.build.json so prisma/seed.ts (a ts-node script that lives outside src/) doesn't trip the rootDir check during builds. Frontend: containers came up but were marked unhealthy because the deployment's healthcheck targeted port 80 — which nginx-unprivileged can't bind. Add a HEALTHCHECK directive to the image pointing at 8080 so any orchestrator inherits a working default. Compose-level overrides still need to be updated independently. Also clean up build-artifact gitignore patterns: *.tsbuildinfo and compiled prisma/seed.* (a stale tsc invocation against the old build config emitted them locally; they shouldn't ever be committed). Bump backend and frontend to 0.1.3 — the broken 0.1.2 images are now occupying those tags in Harbor. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -4,6 +4,12 @@ node_modules/
|
||||
# Build output
|
||||
dist/
|
||||
build/
|
||||
**/*.tsbuildinfo
|
||||
|
||||
# Compiled Prisma seed (seed.ts is run via ts-node, not compiled)
|
||||
**/prisma/seed.js
|
||||
**/prisma/seed.js.map
|
||||
**/prisma/seed.d.ts
|
||||
|
||||
# Environment variables (all paths)
|
||||
**/.env
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "tehriehlbudget-backend",
|
||||
"version": "0.1.2",
|
||||
"version": "0.1.3",
|
||||
"description": "",
|
||||
"author": "",
|
||||
"private": true,
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{
|
||||
"extends": "./tsconfig.json",
|
||||
"exclude": ["node_modules", "test", "dist", "**/*spec.ts"]
|
||||
"exclude": ["node_modules", "test", "dist", "prisma", "**/*spec.ts"]
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
"target": "ES2023",
|
||||
"sourceMap": true,
|
||||
"outDir": "./dist",
|
||||
"rootDir": "./src",
|
||||
"baseUrl": "./",
|
||||
"incremental": true,
|
||||
"skipLibCheck": true,
|
||||
|
||||
@@ -31,3 +31,8 @@ COPY --chown=nginx:nginx tehriehlbudget-frontend/docker-entrypoint.sh /docker-e
|
||||
RUN chmod +x /docker-entrypoint.d/40-render-config.sh
|
||||
USER nginx
|
||||
EXPOSE 8080
|
||||
# nginx-unprivileged can't bind privileged ports; the image listens on 8080,
|
||||
# so a healthcheck targeting :80 will always fail. Bake in a sensible default
|
||||
# that any orchestrator (compose, k8s, Portainer) inherits unless overridden.
|
||||
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
||||
CMD wget -qO /dev/null http://127.0.0.1:8080/ || exit 1
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "tehriehlbudget-frontend",
|
||||
"private": true,
|
||||
"version": "0.1.2",
|
||||
"version": "0.1.3",
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
"dev": "vite",
|
||||
|
||||
Reference in New Issue
Block a user