Skip to content

chore: promote docker optimization, ci job conditions, and deployment docs to main#10

Merged
kenneth-loto merged 2 commits into
mainfrom
develop
Jul 1, 2026
Merged

chore: promote docker optimization, ci job conditions, and deployment docs to main#10
kenneth-loto merged 2 commits into
mainfrom
develop

Conversation

@kenneth-loto

Copy link
Copy Markdown
Owner

Summary

Promotes the Alpine Docker image, job-level CI conditions, and deployment documentation from develop into main.

What's Changed

  • Alpine-based Dockerfile with peer dep pruning and WASM pruning now in main
  • Job-level CI change conditions now in main
  • DEPLOYMENT.md and README deployment section now in main
  • .env.example now in main

Why

The optimized Docker image and deployment docs should be on the stable branch before the first production deployment is run.

kenneth-loto and others added 2 commits July 1, 2026 11:45
…and add deployment docs

- switch Dockerfile base from node:22-slim to node:22-alpine reducing image size from 907mb to
406mb
- add --omit=peer to npm install preventing @prisma/client from pulling prisma cli and typescript
into the production image
- prune wasm query compiler files keeping only postgresql and dropping the other four database
engines
- move 14 step-level if conditions in ci.yml to job-level so skipped jobs do not provision runners
at all
- create DEPLOYMENT.md with full deploy guide
- add deployment section to README.md
- create .env.example with all env var names and empty values
…and add deployment docs

Switches the Dockerfile base to node:22-alpine, adds --omit=peer to prevent transitive Prisma CLI and TypeScript peer dep bloat, prunes all WASM query compiler files except postgresql, moves 14 CI step-level change detection conditions to job level so skipped jobs never provision runners, creates DEPLOYMENT.md, adds a README deployment section, and adds a .env.example listing all required env var names.
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/ci.yml

PackageVersionLicenseIssue Type
docker/build-push-action6.*.*NullUnknown License
docker/login-action3.*.*NullUnknown License
docker/setup-buildx-action3.*.*NullUnknown License
Allowed Licenses: MIT, Apache-2.0, ISC, BSD-2-Clause, BSD-3-Clause

OpenSSF Scorecard

PackageVersionScoreDetails
actions/docker/build-push-action 6.*.* 🟢 7.5
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 9security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits
actions/docker/login-action 3.*.* 🟢 8.5
Details
CheckScoreReason
Security-Policy🟢 9security policy file detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 9SAST tool detected but not run on all commits
actions/docker/setup-buildx-action 3.*.* 🟢 8.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 9security policy file detected
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 9SAST tool detected but not run on all commits

Scanned Files

  • .github/workflows/ci.yml

@kenneth-loto kenneth-loto merged commit 3dda5fd into main Jul 1, 2026
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant