Docker workflow

WinterWollf · WinterWollf · commit 223f9d8ace0f · 2025-10-29T22:59:16.000+01:00
diff --git a/.github/workflows/docker-quality.yml b/.github/workflows/docker-quality.yml
@@ -1,4 +1,4 @@
-name: Dockerfiles CI
+name: Dockerfiles Quality Check
 
 on:
   push:
@@ -35,77 +35,27 @@ jobs:
       - name: Validate docker-compose.yml
         run: docker compose -f docker-compose.yml config -q
 
-  build-and-test:
-    name: Build & smoke tests
+  build-and-sequential-smoke:
+    name: Build & sequential smoke
     runs-on: self-hosted # ubuntu-latest
     needs: lint-dockerfiles
-    strategy:
-      matrix:
-        include:
-          - name: api
-            dockerfile: Dockerfile.api
-            context: .
-          - name: nginx
-            dockerfile: Dockerfile.nginx
-            context: .
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Build image (${{ matrix.name }})
+      - name: Build API image
         uses: docker/build-push-action@v6
         with:
-          context: ${{ matrix.context }}
-          file: ${{ matrix.dockerfile }}
-          tags: local/${{ matrix.name }}:ci-${{ github.sha }}
+          context: .
+          file: Dockerfile.api
+          tags: local/api:ci-${{ github.sha }}
           load: true
           push: false
           provenance: false
           sbom: false
-          cache-from: type=registry,ref=local/${{ matrix.name }}:buildcache
-          cache-to: type=inline
-
-      - name: Run NGINX container (smoke test)
-        if: matrix.name == 'nginx'
-        run: |
-          set -euo pipefail
-          CONTAINER_NAME=nginx-smoke-${GITHUB_RUN_ID}
-          docker run -d --rm --name "$CONTAINER_NAME" -p 8080:80 local/nginx:ci-${GITHUB_SHA}
-
-          for i in {1..30}; do
-            STATUS=$(docker inspect --format='{{json .State.Health.Status}}' "$CONTAINER_NAME" | tr -d '"')
-            if [ "$STATUS" = "healthy" ]; then
-              echo "Container is healthy."
-              break
-            fi
-            sleep 2
-          done
-
-          STATUS=$(docker inspect --format='{{json .State.Health.Status}}' "$CONTAINER_NAME" | tr -d '"')
-          if [ "$STATUS" != "healthy" ]; then
-            echo "::error::Container did not become healthy. Status=$STATUS"
-            docker logs "$CONTAINER_NAME" || true
-            docker inspect "$CONTAINER_NAME" || true
-            exit 1
-          fi
-
-          curl -fsS http://localhost:8080/ >/dev/null
-
-          docker kill "$CONTAINER_NAME" >/dev/null
-
-      - name: Run API container (smoke run)
-        if: matrix.name == 'api'
-        run: |
-          set -euo pipefail
-          CONTAINER_NAME=api-smoke-${GITHUB_RUN_ID}
-          docker run -d --rm --name "$CONTAINER_NAME" local/api:ci-${GITHUB_SHA} || (echo "::warning::API container failed to start"; exit 1)
-          sleep 5
-          if ! docker ps --filter "name=$CONTAINER_NAME" --format '{{.Names}}' | grep -q "$CONTAINER_NAME"; then
-            echo "::error::API container is not running after 5s."
-            docker logs "$CONTAINER_NAME" || true
-            exit 1
-          fi
-          docker kill "$CONTAINER_NAME" >/dev/null
+          cache-from: type=gha,scope=api
+          cache-to: type=gha,mode=max,scope=api
diff --git a/Dockerfile.api b/Dockerfile.api
@@ -1,22 +1,32 @@
 FROM python:3.12-slim-bookworm AS base
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    ca-certificates \
-    build-essential \
-    libpq-dev \
-    gcc \
-    curl \
-    && rm -rf /var/lib/apt/lists/*
+ARG DEBIAN_FRONTEND=noninteractive
+ARG APT_CA_CERTS_VER=20230311+deb12u1
+ARG APT_BUILD_ESSENTIAL_VER=12.9
+ARG APT_LIBPQ_DEV_VER=15.14-0+deb12u1
+ARG APT_GCC_VER=4:12.2.0-3
+ARG APT_CURL_VER=7.88.1-10+deb12u14
+
+ARG PIP_VERSION=25.0.1
 
 ENV PYTHONDONTWRITEBYTECODE=1 \
     PYTHONUNBUFFERED=1 \
-    PIP_NO_CACHE_DIR=1 \
-    DEBIAN_FRONTEND=noninteractive
+    PIP_NO_CACHE_DIR=1 
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates=${APT_CA_CERTS_VER} \
+    build-essential=${APT_BUILD_ESSENTIAL_VER} \
+    libpq-dev=${APT_LIBPQ_DEV_VER} \
+    gcc=${APT_GCC_VER} \
+    curl=${APT_CURL_VER} \
+ && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
 
 COPY requirements.txt /app/requirements.txt
-RUN pip install --upgrade pip && pip install -r /app/requirements.txt
+
+RUN python -m pip install --upgrade "pip==${PIP_VERSION}" \
+ && pip install --no-cache-dir --requirement /app/requirements.txt
 
 COPY . /app
 
diff --git a/requirements.txt b/requirements.txt
@@ -1,9 +1,9 @@
-pandas
-openpyxl
-numpy
-pymoo
-pydantic-settings
-psycopg
-flask
-flask-cors
-gunicorn
+pandas==2.2.3
+openpyxl==3.1.5
+numpy==1.26.4
+pymoo==0.6.1.5
+pydantic-settings==2.10.1
+psycopg==3.2.9
+flask==3.1.2
+flask-cors==6.0.1
+gunicorn==23.0.0
diff --git a/tests/requirements-dev.txt b/tests/requirements-dev.txt
@@ -1,15 +1,15 @@
-pytest
-hypothesis
-pytest-cov
-pytest-html
-pylint
+pytest==8.3.5
+hypothesis==6.138.3
+pytest-cov==7.0.0
+pytest-html==4.1.1
+pylint==3.3.8
 
-pandas
-openpyxl
-numpy
-pymoo
-pydantic-settings
-psycopg
-flask
-flask-cors
-gunicorn
+pandas==2.2.3
+openpyxl==3.1.5
+numpy==1.26.4
+pymoo==0.6.1.5
+pydantic-settings==2.10.1
+psycopg==3.2.9
+flask==3.1.2
+flask-cors==6.0.1
+gunicorn==23.0.0
diff --git a/web/api/routes/health_routes.py b/web/api/routes/health_routes.py
@@ -8,9 +8,14 @@
 health_bp = Blueprint('health', __name__, url_prefix='/api')
 
 
+@health_bp.route('/ready', methods=['GET'])
+def ready_check():
+    return jsonify(status="ok"), 200
+
+
 @health_bp.route('/health', methods=['GET'])
 def health_check():
-    """Health check endpoint."""
+    """Health deep endpoint check."""
     try:
         staff_service.get_all_staff()
         return jsonify({
