Add Dockerfile for Node.js application setup

[shhhaddd]

Summary by CodeRabbit

• Chores
  • Added Docker containerization support for simplified application deployment and consistent environment configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new Dockerfile was introduced to containerize a Node.js application. It uses node:20-slim as the base image, installs Python 3 and build tools, configures the working directory, installs dependencies via npm ci, builds the project, and runs the server on port 3001.

Changes

Cohort / File(s)	Summary
Docker Configuration Dockerfile	New Dockerfile that builds a containerized Node.js application with node:20-slim base image, Python 3 and build tooling installation, multi-stage workflow including dependency installation via npm ci and project build, server execution on port 3001.

Poem

🐰 A container so fine, with Node in its core,
Python and build tools installed with great cheer!
Port 3001 awakens, dependencies pure,
Docker's cozy burrow makes deployments secure! 🐳

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main change: introducing a new Dockerfile for Node.js application setup, which aligns with the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

Dockerfile (1)

3-5: Add --no-install-recommends to reduce image size.

The apt-get install command should include --no-install-recommends to avoid installing unnecessary recommended packages, reducing the final image size.

♻️ Proposed fix

-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     python3 make g++ \
     && rm -rf /var/lib/apt/lists/*

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 3 - 5, The apt-get install invocation in the
Dockerfile should be changed to include --no-install-recommends to avoid pulling
recommended packages and reduce image size; update the RUN line that currently
executes "apt-get update && apt-get install -y python3 make g++" to add
--no-install-recommends immediately after install (and keep the existing cleanup
of /var/lib/apt/lists/*), ensuring the rest of the RUN chain (apt-get update,
install, and rm -rf) remains intact.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@Dockerfile`:
- Line 1: The Dockerfile currently runs as root (base image FROM node:20-slim);
add a non-root user and switch to it before the CMD to avoid running the Node
process as root. Create a dedicated user/group (e.g., "app" or "nodeuser"),
ensure application directories (build output, node_modules, and any runtime
writable dirs) are chowned to that user, and add a USER instruction to switch to
that non-root user prior to the final CMD; adjust any file permissions or
ownership in the Dockerfile steps that create files (e.g., after npm install or
copying files) so the non-root user can read/write them.
- Around line 13-14: The Dockerfile sets ENV PORT=3001 but the server reads
process.env.SERVER_PORT (default 3001), so update the Dockerfile to set ENV
SERVER_PORT=3001 (and keep EXPOSE 3001) so the container env matches the server;
locate the ENV line that sets PORT and replace or add SERVER_PORT to ensure the
server picks up the configured port.

---

Nitpick comments:
In `@Dockerfile`:
- Around line 3-5: The apt-get install invocation in the Dockerfile should be
changed to include --no-install-recommends to avoid pulling recommended packages
and reduce image size; update the RUN line that currently executes "apt-get
update && apt-get install -y python3 make g++" to add --no-install-recommends
immediately after install (and keep the existing cleanup of
/var/lib/apt/lists/*), ensuring the rest of the RUN chain (apt-get update,
install, and rm -rf) remains intact.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 06c348f0-b12b-4208-ab6a-098a7744378b

📥 Commits

Reviewing files that changed from the base of the PR and between 051a6b1 and 81e09f9.

📒 Files selected for processing (1)

• Dockerfile

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Container runs as root, which is a security risk.

The container runs the Node.js server as the root user. This increases the attack surface if the application is compromised. Add a non-root user before the CMD instruction.

🔒 Proposed fix

 FROM node:20-slim

 RUN apt-get update && apt-get install -y --no-install-recommends \
     python3 make g++ \
     && rm -rf /var/lib/apt/lists/*

 WORKDIR /app
 COPY package*.json ./
 RUN npm ci
 COPY . .
 RUN npm run build

+# Run as non-root user for security
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 --ingroup nodejs nodeuser && \
+    chown -R nodeuser:nodejs /app
+USER nodeuser
+
 ENV SERVER_PORT=3001
 EXPOSE 3001
 CMD ["node", "server/index.js"]

Also applies to: 15-15

🧰 Tools

🪛 Trivy (0.69.3)

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` at line 1, The Dockerfile currently runs as root (base image FROM
node:20-slim); add a non-root user and switch to it before the CMD to avoid
running the Node process as root. Create a dedicated user/group (e.g., "app" or
"nodeuser"), ensure application directories (build output, node_modules, and any
runtime writable dirs) are chowned to that user, and add a USER instruction to
switch to that non-root user prior to the final CMD; adjust any file permissions
or ownership in the Dockerfile steps that create files (e.g., after npm install
or copying files) so the non-root user can read/write them.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Environment variable name mismatch: PORT vs SERVER_PORT.

The server reads process.env.SERVER_PORT (with fallback to 3001), not process.env.PORT. Setting ENV PORT=3001 has no effect on the server's port binding.

🐛 Proposed fix

-ENV PORT=3001
+ENV SERVER_PORT=3001
 EXPOSE 3001

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ENV PORT=3001
	EXPOSE 3001
	ENV SERVER_PORT=3001
	EXPOSE 3001

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 13 - 14, The Dockerfile sets ENV PORT=3001 but the
server reads process.env.SERVER_PORT (default 3001), so update the Dockerfile to
set ENV SERVER_PORT=3001 (and keep EXPOSE 3001) so the container env matches the
server; locate the ENV line that sets PORT and replace or add SERVER_PORT to
ensure the server picks up the configured port.