feat: harden containers and ci

2025-10-16 22:56:33 -05:00
parent c51604fdb7
commit 8ca2756d7b
14 changed files with 293 additions and 17 deletions
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,15 +1,29 @@
-FROM node:18-alpine
+# syntax=docker/dockerfile:1.4

+FROM node:18-alpine AS base
 WORKDIR /app
-
 COPY package*.json ./
+
+FROM base AS dev
+ENV NODE_ENV=development
 RUN npm ci
-
 COPY . .
-
-ENV HOST=0.0.0.0 \
-    PORT=3001
-
-EXPOSE 3001
-
+RUN chmod +x docker-entrypoint.sh scripts/wait-for-db.js
+ENTRYPOINT ["./docker-entrypoint.sh"]
 CMD ["npm", "run", "dev"]
+
+FROM base AS prod-deps
+ENV NODE_ENV=production
+RUN npm ci --omit=dev
+
+FROM node:18-alpine AS prod
+WORKDIR /app
+ENV NODE_ENV=production \
+    HOST=0.0.0.0 \
+    PORT=3001
+COPY --from=prod-deps /app/node_modules ./node_modules
+COPY . .
+RUN chmod +x docker-entrypoint.sh scripts/wait-for-db.js
+EXPOSE 3001
+ENTRYPOINT ["./docker-entrypoint.sh"]
+CMD ["node", "src/index.js"]
--- a/backend/docker-entrypoint.sh
+++ b/backend/docker-entrypoint.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env sh
+set -euo pipefail
+
+RUN_MIGRATIONS="${RUN_MIGRATIONS:-true}"
+RUN_SEED="${RUN_SEED:-false}"
+
+if [ "${SKIP_DB_WAIT:-false}" != "true" ]; then
+  node ./scripts/wait-for-db.js
+fi
+
+if [ "${RUN_MIGRATIONS}" = "true" ]; then
+  echo ">> Running database migrations"
+  npm run migrate
+fi
+
+if [ "${RUN_SEED}" = "true" ]; then
+  echo ">> Seeding database"
+  npm run seed || true
+fi
+
+exec "$@"
--- a/backend/scripts/wait-for-db.js
+++ b/backend/scripts/wait-for-db.js
@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+const { Client } = require('pg');
+
+const SECOND = 1000;
+const DEFAULT_TIMEOUT = Number.parseInt(process.env.DB_WAIT_TIMEOUT_MS || `${60 * SECOND}`, 10);
+const RETRY_INTERVAL = Number.parseInt(process.env.DB_WAIT_RETRY_MS || '2000', 10);
+
+function deriveConnectionString() {
+  if (process.env.DATABASE_URL) {
+    return process.env.DATABASE_URL;
+  }
+
+  const {
+    POSTGRES_USER = 'merchantsofhope_user',
+    POSTGRES_PASSWORD,
+    POSTGRES_DB = 'merchantsofhope_supplyanddemandportal',
+    POSTGRES_HOST = 'merchantsofhope-supplyanddemandportal-database',
+    POSTGRES_PORT = '5432'
+  } = process.env;
+
+  if (!POSTGRES_PASSWORD) {
+    return null;
+  }
+
+  return `postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}`;
+}
+
+const connectionString = deriveConnectionString();
+
+if (!connectionString) {
+  console.error('[wait-for-db] DATABASE_URL or POSTGRES_PASSWORD must be provided.');
+  process.exit(1);
+}
+
+const startTime = Date.now();
+
+async function waitForDatabase() {
+  const client = new Client({
+    connectionString,
+    connectionTimeoutMillis: Math.min(RETRY_INTERVAL, DEFAULT_TIMEOUT)
+  });
+
+  try {
+    await client.connect();
+  } catch (error) {
+    const elapsed = Date.now() - startTime;
+    if (elapsed >= DEFAULT_TIMEOUT) {
+      console.error('[wait-for-db] Timed out waiting for database connection.');
+      console.error(error);
+      process.exit(1);
+    }
+
+    const remaining = DEFAULT_TIMEOUT - elapsed;
+    const delay = Math.min(RETRY_INTERVAL, remaining);
+    console.info(`[wait-for-db] Database not ready yet. Retrying in ${delay}ms...`);
+    await new Promise((resolve) => setTimeout(resolve, delay));
+    return waitForDatabase();
+  } finally {
+    await client.end().catch(() => {});
+  }
+
+  console.info('[wait-for-db] Database connection established.');
+}
+
+waitForDatabase().then(() => process.exit(0));
--- a/backend/src/config/index.js
+++ b/backend/src/config/index.js
@@ -39,6 +39,11 @@ const config = {
  rateLimit: {
    windowMs: optionalNumber(process.env.RATE_LIMIT_WINDOW_MS, 15 * 60 * 1000),
    max: optionalNumber(process.env.RATE_LIMIT_MAX, 100)
+  },
+  db: {
+    max: optionalNumber(process.env.DB_POOL_MAX, 10),
+    idleTimeoutMillis: optionalNumber(process.env.DB_POOL_IDLE_MS, 30000),
+    connectionTimeoutMillis: optionalNumber(process.env.DB_POOL_CONNECTION_TIMEOUT_MS, 5000)
  }
 };

--- a/backend/src/database/connection.js
+++ b/backend/src/database/connection.js
@@ -3,7 +3,10 @@ const config = require('../config');

 const pool = new Pool({
  connectionString: config.databaseUrl,
-  ssl: config.env === 'production' ? { rejectUnauthorized: false } : false
+  ssl: config.env === 'production' ? { rejectUnauthorized: false } : false,
+  max: config.db.max,
+  idleTimeoutMillis: config.db.idleTimeoutMillis,
+  connectionTimeoutMillis: config.db.connectionTimeoutMillis
 });

 // Test database connection
--- a/backend/src/index.js
+++ b/backend/src/index.js
@@ -1,6 +1,45 @@
 const app = require('./server');
 const config = require('./config');
+const pool = require('./database/connection');

-app.listen(config.port, config.host, () => {
+const server = app.listen(config.port, config.host, () => {
  console.info(`MerchantsOfHope-SupplyANdDemandPortal backend server running on ${config.host}:${config.port}`);
 });
+
+let terminating = false;
+
+async function shutdown(reason, exitCode = 0) {
+  if (terminating) {
+    return;
+  }
+
+  terminating = true;
+  console.info(`Shutting down server (${reason})`);
+
+  try {
+    await new Promise((resolve) => {
+      server.close(resolve);
+    });
+    await pool.end();
+    console.info('Server shutdown complete.');
+  } catch (error) {
+    console.error('Error during shutdown:', error);
+    exitCode = exitCode || 1;
+  } finally {
+    process.exit(exitCode);
+  }
+}
+
+['SIGTERM', 'SIGINT'].forEach((signal) => {
+  process.on(signal, () => shutdown(signal));
+});
+
+process.on('unhandledRejection', (reason) => {
+  console.error('Unhandled promise rejection:', reason);
+  shutdown('unhandledRejection', 1);
+});
+
+process.on('uncaughtException', (error) => {
+  console.error('Uncaught exception:', error);
+  shutdown('uncaughtException', 1);
+});