From e67fb069bfa48ca7074036affad72b8bf0365ad6 Mon Sep 17 00:00:00 2001
From: sakshi-gupta-0809 <sakshi.gupta@neutrinotechlabs.com>
Date: Tue, 9 Dec 2025 13:01:45 +0530
Subject: [PATCH] added sonarqube file and docker file

---
 frontend/.github/workflows/build.yaml | 27 ++++++++++++++++++++++++
 frontend/Dockerfile                   | 30 +++++++++++++++++++++++++++
 frontend/nginx.conf                   | 26 +++++++++++++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 frontend/.github/workflows/build.yaml
 create mode 100644 frontend/Dockerfile
 create mode 100644 frontend/nginx.conf

diff --git a/frontend/.github/workflows/build.yaml b/frontend/.github/workflows/build.yaml
new file mode 100644
index 00000000..d46ca6f3
--- /dev/null
+++ b/frontend/.github/workflows/build.yaml
@@ -0,0 +1,27 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - main
+
+
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: ubuntu-latest
+    
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      # If you wish to fail your job when the Quality Gate is red, uncomment the
+      # following lines. This would typically be used to fail a deployment.
+      # - uses: SonarSource/sonarqube-quality-gate-action@v1
+      #   timeout-minutes: 5
+      #   env:
+      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
\ No newline at end of file
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
new file mode 100644
index 00000000..e762c901
--- /dev/null
+++ b/frontend/Dockerfile
@@ -0,0 +1,30 @@
+# Build stage
+FROM node:18-alpine as build
+WORKDIR /app
+
+# Copy package files
+COPY package*.json ./
+
+# Install dependencies
+RUN npm ci
+
+# Copy source code
+COPY . .
+
+# Build the app
+RUN npm run build
+
+# Production stage
+FROM nginx:stable-alpine
+
+# Copy nginx config
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+# Copy built assets from build stage
+COPY --from=build /app/build /usr/share/nginx/html
+
+# Expose port
+EXPOSE 80
+
+# Start Nginx
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/frontend/nginx.conf b/frontend/nginx.conf
new file mode 100644
index 00000000..ec422036
--- /dev/null
+++ b/frontend/nginx.conf
@@ -0,0 +1,26 @@
+server {
+    listen 80;
+    
+    location / {
+        root /usr/share/nginx/html;
+        index index.html index.htm;
+        try_files $uri $uri/ /index.html;
+    }
+
+    # Handle API requests (proxy to backend)
+    location /api/ {
+        proxy_pass http://backend:5000/;  # Assuming backend service is named 'backend' in docker-compose
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "no-referrer-when-downgrade" always;
+    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'" always;
+}