Hartmut
0e119cfe73
#19 MFA QR code: render locally via qrcode package, remove external qrserver.com request #20 Webhook SSRF: add ssrf-guard.ts with DNS-verified IP blocklist; enforce on create/update/test/dispatch #21 /api/perf: fail-closed when CRON_SECRET missing; remove query-string token auth #22 CSP: remove unsafe-eval and unsafe-inline from script-src in production builds #23 Active session registry: forward jti into session object; validate against ActiveSession on every tRPC request #24 Docker: add missing packages/application to Dockerfile.dev; fix pnpm-lock.yaml glob; run db:migrate:deploy on container start so a fresh checkout boots without manual steps Also: fix pre-existing TS error in e2e/allocations.spec.ts (args.length literal type overlap) Co-Authored-By: claude-flow <ruv@ruv.net>
35 lines
978 B
Docker
35 lines
978 B
Docker
FROM node:20-bookworm-slim AS base
|
|
|
|
# Prisma needs OpenSSL available during install/generate/runtime.
|
|
RUN apt-get update -y && apt-get install -y openssl && rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install pnpm
|
|
RUN npm install -g pnpm@9.14.2
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy workspace manifests
|
|
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./
|
|
COPY tooling/ ./tooling/
|
|
COPY packages/shared/package.json ./packages/shared/
|
|
COPY packages/db/package.json ./packages/db/
|
|
COPY packages/engine/package.json ./packages/engine/
|
|
COPY packages/staffing/package.json ./packages/staffing/
|
|
COPY packages/application/package.json ./packages/application/
|
|
COPY packages/api/package.json ./packages/api/
|
|
COPY packages/ui/package.json ./packages/ui/
|
|
COPY apps/web/package.json ./apps/web/
|
|
|
|
# Install dependencies
|
|
RUN pnpm install --frozen-lockfile
|
|
|
|
# Copy all sources
|
|
COPY . .
|
|
|
|
# Generate Prisma client
|
|
RUN pnpm --filter @capakraken/db db:generate
|
|
|
|
EXPOSE 3100
|
|
|
|
CMD ["sh", "./tooling/docker/app-dev-start.sh"]
|