Add Docker support and CI/CD pipeline for development stack

[Harish-Naruto]

Summary by CodeRabbit

• New Features

  • Added Docker Compose setup for streamlined local development with automatic service health checks and live reload capabilities.
  • Introduced automated GitHub Actions workflow for publishing Docker images to Docker Hub on pushes to main.

• Documentation

  • Enhanced README with Docker-based getting started guide.
  • Added comprehensive DOCKER.md guide covering local development setup, environment configuration, troubleshooting, and CI/CD deployment.

• Chores

  • Updated Dockerfile configurations and base images for improved compatibility.
  • Added development watch mode for backend service.

[coderabbitai]

Warning

Review limit reached

@Harish-Naruto, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 44 minutes and 2 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses rolling per-developer review limits. Reviews become available again as older review attempts age out of the rolling limit window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7c156f3c-f378-40b5-b361-273c8e501a64

📥 Commits

Reviewing files that changed from the base of the PR and between 97ad725 and e808ce4.

📒 Files selected for processing (1)

• docker/.env.local.backend

📝 Walkthrough

Walkthrough

Introduces a complete Docker-based local development setup for the COC-Admin monorepo. Changes include updated multi-stage Dockerfiles using oven/bun:1-alpine, a reworked docker-compose.yml adding a coc-api service with health-check-ordered startup, live-reload watch rules, new environment files, a /health endpoint in frontend/serve.ts, a GitHub Actions CI/CD workflow for image publishing, and a new DOCKER.md guide.

Changes

Docker Development Environment

Layer / File(s)	Summary
Multi-stage Dockerfile updates docker/Dockerfile.backend, docker/Dockerfile.frontend	Base images updated to oven/bun:1-alpine. Dedicated development stages added for backend (port 8000, bun dev) and frontend (port 5173, bun run dev --host). Production stages switch to addgroup/adduser and COPY --chown instead of recursive chown.
Docker Compose service orchestration docker-compose.yml	Adds coc-api service (external image, /health healthcheck). Updates server and web to development build targets with service_healthy dependency ordering, wget-based healthchecks, public port bindings, API_URL wiring to coc-api, and develop.watch sync/rebuild rules.
Frontend /health endpoint and backend watch mode frontend/serve.ts, backend/package.json	Adds /health route returning 200 { status: "ok" } in serve.ts before static/SPA routing. Updates dev script to bun --watch src/server.ts for hot-reload support in containers.
Environment files and configuration docker/.env.example.coc-api, docker/.env.local.backend, docker/.env.local.frontend, backend/.env.example, frontend/.env.example, .gitignore	Adds env templates and local env files for all three services. Updates VITE_API_URL to port 8000, adds NODE_ENV comment in backend example, and ignores .env.local.coc-api.
GitHub Actions CI/CD workflow .github/workflows/docker-image.yml	Adds Docker Image CI workflow triggered on main push/PR. Conditionally logs into Docker Hub and builds/pushes callofcode07/coc-admin-backend:latest and callofcode07/coc-admin-frontend:latest with development targets.
Documentation DOCKER.md, README.md	Adds DOCKER.md covering architecture, prerequisites, env setup, startup commands, watch behavior, workflows, CI/CD details, and troubleshooting. Updates README.md with Docker directory in architecture diagram, a Docker getting-started section, and an expanded backend .env template.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• call-0f-code/COC-Admin#19: Directly overlaps on frontend/.env.example — both modify the VITE_API_URL example value (previously removed, now changed to port 8000).
• call-0f-code/COC-Admin#54: Directly extends the containerization work from that PR, modifying the same frontend/serve.ts, docker-compose.yml, and Dockerfile infrastructure.

Suggested reviewers

• i-am-that-guy
• samrth07

Poem

🐇 Three containers rise at dawn,
coc-api healthy, server drawn,
The frontend watches, port five-one-seven,
Alpine-light images float to heaven.
bun --watch hops without a pause —
Docker stacks built for the cause! 🐳

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main changes: adding Docker support (docker-compose.yml, Dockerfiles, .env files) and CI/CD pipeline (GitHub Actions workflow) for a development stack.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fuck/local-dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.github/workflows/docker-image.yml (1)

34-34: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Publish immutable tags alongside latest for traceability.

At Line 34 and Line 44, pushing only :latest makes rollback and provenance harder. Add commit-SHA tags in addition to latest.

Suggested tagging improvement

       - name: Build and push backend image
         uses: docker/build-push-action@v6
         with:
@@
-          tags: callofcode07/coc-admin-backend:latest
+          tags: |
+            callofcode07/coc-admin-backend:latest
+            callofcode07/coc-admin-backend:sha-${{ github.sha }}

@@
       - name: Build and push frontend image
         uses: docker/build-push-action@v6
         with:
@@
-          tags: callofcode07/coc-admin-frontend:latest
+          tags: |
+            callofcode07/coc-admin-frontend:latest
+            callofcode07/coc-admin-frontend:sha-${{ github.sha }}

Also applies to: 44-44

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker-image.yml at line 34, The Docker image tagging
strategy at lines 34 and 44 uses only the `:latest` tag, which lacks
traceability and makes rollback difficult. Modify the tags field to include both
the `:latest` tag and an immutable commit-SHA-based tag (such as using
github.sha or a short commit hash) to ensure each build produces a traceable,
immutable artifact while maintaining the latest pointer. This allows you to
reference and rollback to specific builds by their commit SHA.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/docker-image.yml:
- Line 15: The GitHub Actions workflow file uses mutable version tags
(actions/checkout@v4, and similar `@v3` and `@v6` tags on lines 21, 28, and 38)
which creates a supply-chain security risk. Replace all mutable tag references
with their full commit SHAs. For each action that uses a mutable tag like `@v4`,
`@v3`, or `@v6`, replace it with the corresponding full commit SHA (for example,
actions/checkout@<full-40-character-sha>). This applies to all GitHub Actions
throughout the workflow file on the lines mentioned.

In `@backend/.env.example`:
- Line 14: The NODE_ENV variable in backend/.env.example is left blank, but the
setRefreshCookie function only enables secure cookies when NODE_ENV is
explicitly set to 'production'. Update the NODE_ENV variable in the example file
from being empty to NODE_ENV=production to ensure that users who copy this
example file or follow the Docker setup docs will have the correct configuration
for the refresh token functionality to work properly.

In `@docker/.env.local.backend`:
- Line 2: The API_URL variable in the .env.local.backend file has an incorrect
port number that is missing a trailing zero. Update the API_URL value to change
the port from 300 to 3000, so the endpoint reads http://coc-api:3000 instead of
http://coc-api:300. This ensures the default configuration matches the actual
backend API endpoint that consumers will use.

---

Nitpick comments:
In @.github/workflows/docker-image.yml:
- Line 34: The Docker image tagging strategy at lines 34 and 44 uses only the
`:latest` tag, which lacks traceability and makes rollback difficult. Modify the
tags field to include both the `:latest` tag and an immutable commit-SHA-based
tag (such as using github.sha or a short commit hash) to ensure each build
produces a traceable, immutable artifact while maintaining the latest pointer.
This allows you to reference and rollback to specific builds by their commit
SHA.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9c8f6e99-c663-4d65-b93d-2e75f0d0af52

📥 Commits

Reviewing files that changed from the base of the PR and between 4de4cd3 and 97ad725.

📒 Files selected for processing (14)

• .github/workflows/docker-image.yml
• .gitignore
• DOCKER.md
• README.md
• backend/.env.example
• backend/package.json
• docker-compose.yml
• docker/.env.example.coc-api
• docker/.env.local.backend
• docker/.env.local.frontend
• docker/Dockerfile.backend
• docker/Dockerfile.frontend
• frontend/.env.example
• frontend/serve.ts

[cloudflare-workers-and-pages]

Deploying coc-admin with    Cloudflare Pages

Latest commit:	e808ce4
Status:	✅  Deploy successful!
Preview URL:	https://c4d86a39.coc-admin.pages.dev
Branch Preview URL:	https://fuck-local-dev.coc-admin.pages.dev

View logs