docker updates, missing wait-for-pid #2325

Merged

mfreeman451 merged 2 commits from refs/pull/2325/head into main

2025-10-16 03:25:36 +00:00

mfreeman451 commented

2025-10-16 03:04:23 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #1781
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/1781
Original created: 2025-10-16T03:04:23Z
Original updated: 2025-10-16T03:25:42Z
Original head: carverauto/serviceradar:bug/docker_nginx_not_starting
Original base: main
Original merged: 2025-10-16T03:25:36Z by @mfreeman451

PR Type

Bug fix, Enhancement

Description

Updated nginx service to use custom Docker image with wait-for-port tool
Added multi-stage build to compile wait-for-port utility from Go source
Integrated common tools layer into nginx image build configuration
Fixed nginx container startup issues by including missing dependencies

Diagram Walkthrough

flowchart LR
  A["Go Builder Stage"] --> B["wait-for-port Binary"]
  B --> C["Custom Nginx Image"]
  C --> D["docker-compose.yml"]
  E["Bazel Build Config"] --> C

File Walkthrough

Relevant files

Configuration changes

docker-compose.yml `Switch to custom nginx Docker image` docker-compose.yml Changed nginx service to use custom image `ghcr.io/carverauto/serviceradar-nginx:latest` Replaced official `nginx:alpine` image with custom-built version	+1/-1
BUILD.bazel `Include common tools in nginx Bazel build` docker/images/BUILD.bazel Added `common_tools_amd64` layer to nginx image tars list Integrated shared tools layer into nginx image build	+4/-1

Bug fix

Dockerfile.nginx

Add wait-for-port tool via multi-stage build

docker/compose/Dockerfile.nginx

Added multi-stage build with Go builder to compile wait-for-port tool
Copied wait-for-port binary from builder stage to nginx image
Set executable permissions on wait-for-port utility
Added Go module dependencies download step

+16/-1

Imported from GitHub pull request. Original GitHub pull request: #1781 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/1781 Original created: 2025-10-16T03:04:23Z Original updated: 2025-10-16T03:25:42Z Original head: carverauto/serviceradar:bug/docker_nginx_not_starting Original base: main Original merged: 2025-10-16T03:25:36Z by @mfreeman451 --- ### **PR Type** Bug fix, Enhancement ___ ### **Description** - Updated nginx service to use custom Docker image with `wait-for-port` tool - Added multi-stage build to compile `wait-for-port` utility from Go source - Integrated common tools layer into nginx image build configuration - Fixed nginx container startup issues by including missing dependencies ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Go Builder Stage"] --> B["wait-for-port Binary"] B --> C["Custom Nginx Image"] C --> D["docker-compose.yml"] E["Bazel Build Config"] --> C ``` <details> <summary><h3> File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Configuration changes</strong></td><td><table> <tr> <td> <details> <summary><strong>docker-compose.yml</strong><dd><code>Switch to custom nginx Docker image</code>                                            </dd></summary> <hr> docker-compose.yml <ul><li>Changed nginx service to use custom image <br><code>ghcr.io/carverauto/serviceradar-nginx:latest</code><br> <li> Replaced official <code>nginx:alpine</code> image with custom-built version</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1781/files#diff-e45e45baeda1c1e73482975a664062aa56f20c03dd9d64a827aba57775bed0d3">+1/-1</a>      </td> </tr> <tr> <td> <details> <summary><strong>BUILD.bazel</strong><dd><code>Include common tools in nginx Bazel build</code>                                </dd></summary> <hr> docker/images/BUILD.bazel <ul><li>Added <code>common_tools_amd64</code> layer to nginx image tars list<br> <li> Integrated shared tools layer into nginx image build</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1781/files#diff-0e4db31c224a8f72ae8e870a849e38a59d74a2c7f7b04347b0b3eb07e20c5a80">+4/-1</a>      </td> </tr> </table></td></tr><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>Dockerfile.nginx</strong><dd><code>Add wait-for-port tool via multi-stage build</code>                          </dd></summary> <hr> docker/compose/Dockerfile.nginx <ul><li>Added multi-stage build with Go builder to compile <code>wait-for-port</code> tool<br> <li> Copied <code>wait-for-port</code> binary from builder stage to nginx image<br> <li> Set executable permissions on <code>wait-for-port</code> utility<br> <li> Added Go module dependencies download step</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/1781/files#diff-e4647863b77b9774e2ccb621fb089d29fd802bb16ee2a0f28e82d4f4e54b0981">+16/-1</a>    </td> </tr> </table></td></tr></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2025-10-16 03:04:48 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1781#issuecomment-3408989208
Original created: 2025-10-16T03:04:48Z

You are nearing your monthly Qodo Merge usage quota. For more information, please visit here.

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Healthcheck exposure Description: The HEALTHCHECK uses wget against http://localhost without pinning package versions or TLS, which could be acceptable but may leak internal service availability if the container network is exposed; verify that health endpoint does not expose sensitive info and wget is available in final image. Dockerfile.nginx [46-47] Referred Code `HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD wget --no-verbose --tries=1 --spider http://localhost/ \|\| exit 1`
Ticket Compliance
⚪	🎫 No ticket provided `- [ ] Create ticket/issue <!-- /create_ticket --create_ticket=true --> </details></td></tr>`
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
⚪	No custom compliance provided Follow the guide to enable custom compliance check.
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1781#issuecomment-3408989208 Original created: 2025-10-16T03:04:48Z --- _You are nearing your monthly Qodo Merge usage quota. For more information, please visit [here](https://qodo-merge-docs.qodo.ai/installation/qodo_merge/#cloud-users)._ ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td rowspan=1>⚪</td> <td><details><summary><strong>Healthcheck exposure </strong></summary><br> <b>Description:</b> The HEALTHCHECK uses wget against http://localhost without pinning package versions or <br>TLS, which could be acceptable but may leak internal service availability if the container <br>network is exposed; verify that health endpoint does not expose sensitive info and wget is <br>available in final image.<br> <strong><a href='https://github.com/carverauto/serviceradar/pull/1781/files#diff-e4647863b77b9774e2ccb621fb089d29fd802bb16ee2a0f28e82d4f4e54b0981R46-R47'>Dockerfile.nginx [46-47]</a></strong><br> <details open><summary>Referred Code</summary> ```txt HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD wget --no-verbose --tries=1 --spider http://localhost/ || exit 1 ``` </details></details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary>🎫 <strong>No ticket provided </summary></strong> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>No custom compliance provided</strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/'>guide</a> to enable custom compliance check. </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2025-10-16 03:05:51 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/1781#issuecomment-3408990760
Original created: 2025-10-16T03:05:51Z

You are nearing your monthly Qodo Merge usage quota. For more information, please visit here.

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Execute the newly added utility The `wait-for-port` utility is not being used. Add an `ENTRYPOINT` to the Dockerfile to execute the `docker/compose/entrypoint-nginx.sh` script, which should run the utility before starting nginx. docker/compose/Dockerfile.nginx [32-36] `COPY --from=waitforport-builder /wait-for-port /usr/local/bin/wait-for-port -RUN chmod +x /usr/local/bin/wait-for-port # Copy nginx configuration template COPY docker/compose/nginx.conf.template /etc/nginx/templates/default.conf.template +# Copy and set the entrypoint +COPY docker/compose/entrypoint-nginx.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["nginx", "-g", "daemon off;"] +` Apply / Chat Suggestion importance[1-10]: 9 __ Why: This suggestion correctly points out a critical functional omission where the `wait-for-port` utility is added to the image but never executed, defeating its purpose.	High
Possible issue	Copy all source code for build To prevent potential build failures from missing local dependencies, copy the entire `cmd` directory and other relevant source directories, not just the specific `waitforport` tool directory. docker/compose/Dockerfile.nginx [24-25] `-COPY cmd/tools/waitforport ./cmd/tools/waitforport +COPY cmd ./cmd +# If you have other local packages, copy them as well. For example: +# COPY pkg ./pkg +# COPY internal ./internal RUN CGO_ENABLED=0 GOOS=linux go build -o /wait-for-port ./cmd/tools/waitforport` Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies a potential build failure if the `waitforport` tool has local dependencies, improving the build's robustness by copying more source code.	Low
High-level	Consider using a standard utility Replace the custom-built Go `wait-for-port` utility with a standard, pre-existing tool like `wait-for-it.sh` or `dockerize`. This change would simplify the Docker build process and reduce maintenance overhead. Examples: docker/compose/Dockerfile.nginx [15-33] `FROM golang:1.22-alpine AS waitforport-builder RUN apk add --no-cache git WORKDIR /src COPY go.mod go.sum ./ RUN go mod download COPY cmd/tools/waitforport ./cmd/tools/waitforport ... (clipped 9 lines)` Solution Walkthrough: Before: `# docker/compose/Dockerfile.nginx FROM golang:1.22-alpine AS waitforport-builder WORKDIR /src COPY go.mod go.sum ./ RUN go mod download COPY cmd/tools/waitforport ./cmd/tools/waitforport RUN CGO_ENABLED=0 GOOS=linux go build -o /wait-for-port ./cmd/tools/waitforport FROM nginx:alpine COPY --from=waitforport-builder /wait-for-port /usr/local/bin/wait-for-port RUN chmod +x /usr/local/bin/wait-for-port ...` After: `# docker/compose/Dockerfile.nginx FROM nginx:alpine # Add a standard wait utility RUN apk add --no-cache curl ADD https://github.com/vishnubob/wait-for-it/raw/master/wait-for-it.sh /usr/local/bin/wait-for-it.sh RUN chmod +x /usr/local/bin/wait-for-it.sh # Remove default nginx config RUN rm /etc/nginx/conf.d/default.conf # Copy nginx configuration template COPY docker/compose/nginx.conf.template /etc/nginx/templates/default.conf.template ...` Suggestion importance[1-10]: 8 __ Why: This is a strong architectural suggestion that correctly identifies the unnecessary complexity and maintenance overhead of building a custom tool for a common problem, proposing a simpler, standard alternative.	Medium
Update

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/1781#issuecomment-3408990760 Original created: 2025-10-16T03:05:51Z --- _You are nearing your monthly Qodo Merge usage quota. For more information, please visit [here](https://qodo-merge-docs.qodo.ai/installation/qodo_merge/#cloud-users)._ ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=2>Possible issue</td> <td> <details><summary>Execute the newly added utility</summary> ___ **The <code>wait-for-port</code> utility is not being used. Add an <code>ENTRYPOINT</code> to the Dockerfile <br>to execute the <code>docker/compose/entrypoint-nginx.sh</code> script, which should run the <br>utility before starting nginx.** [docker/compose/Dockerfile.nginx [32-36]](https://github.com/carverauto/serviceradar/pull/1781/files#diff-e4647863b77b9774e2ccb621fb089d29fd802bb16ee2a0f28e82d4f4e54b0981R32-R36) ```diff COPY --from=waitforport-builder /wait-for-port /usr/local/bin/wait-for-port -RUN chmod +x /usr/local/bin/wait-for-port # Copy nginx configuration template COPY docker/compose/nginx.conf.template /etc/nginx/templates/default.conf.template +# Copy and set the entrypoint +COPY docker/compose/entrypoint-nginx.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["nginx", "-g", "daemon off;"] + ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 9</summary> __ Why: This suggestion correctly points out a critical functional omission where the `wait-for-port` utility is added to the image but never executed, defeating its purpose. </details></details></td><td align=center>High </td></tr><tr><td> <details><summary>Copy all source code for build</summary> ___ **To prevent potential build failures from missing local dependencies, copy the <br>entire <code>cmd</code> directory and other relevant source directories, not just the <br>specific <code>waitforport</code> tool directory.** [docker/compose/Dockerfile.nginx [24-25]](https://github.com/carverauto/serviceradar/pull/1781/files#diff-e4647863b77b9774e2ccb621fb089d29fd802bb16ee2a0f28e82d4f4e54b0981R24-R25) ```diff -COPY cmd/tools/waitforport ./cmd/tools/waitforport +COPY cmd ./cmd +# If you have other local packages, copy them as well. For example: +# COPY pkg ./pkg +# COPY internal ./internal RUN CGO_ENABLED=0 GOOS=linux go build -o /wait-for-port ./cmd/tools/waitforport ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 6</summary> __ Why: The suggestion correctly identifies a potential build failure if the `waitforport` tool has local dependencies, improving the build's robustness by copying more source code. </details></details></td><td align=center>Low </td></tr><tr><td rowspan=1>High-level</td> <td> <details><summary>Consider using a standard utility</summary> ___ **Replace the custom-built Go <code>wait-for-port</code> utility with a standard, pre-existing <br>tool like <code>wait-for-it.sh</code> or <code>dockerize</code>. This change would simplify the Docker <br>build process and reduce maintenance overhead.** ### Examples: <details> <summary> <a href="https://github.com/carverauto/serviceradar/pull/1781/files#diff-e4647863b77b9774e2ccb621fb089d29fd802bb16ee2a0f28e82d4f4e54b0981R15-R33">docker/compose/Dockerfile.nginx [15-33]</a> </summary> ```dockerfile FROM golang:1.22-alpine AS waitforport-builder RUN apk add --no-cache git WORKDIR /src COPY go.mod go.sum ./ RUN go mod download COPY cmd/tools/waitforport ./cmd/tools/waitforport ... (clipped 9 lines) ``` </details> ### Solution Walkthrough: #### Before: ```dockerfile # docker/compose/Dockerfile.nginx FROM golang:1.22-alpine AS waitforport-builder WORKDIR /src COPY go.mod go.sum ./ RUN go mod download COPY cmd/tools/waitforport ./cmd/tools/waitforport RUN CGO_ENABLED=0 GOOS=linux go build -o /wait-for-port ./cmd/tools/waitforport FROM nginx:alpine COPY --from=waitforport-builder /wait-for-port /usr/local/bin/wait-for-port RUN chmod +x /usr/local/bin/wait-for-port ... ``` #### After: ```dockerfile # docker/compose/Dockerfile.nginx FROM nginx:alpine # Add a standard wait utility RUN apk add --no-cache curl ADD https://github.com/vishnubob/wait-for-it/raw/master/wait-for-it.sh /usr/local/bin/wait-for-it.sh RUN chmod +x /usr/local/bin/wait-for-it.sh # Remove default nginx config RUN rm /etc/nginx/conf.d/default.conf # Copy nginx configuration template COPY docker/compose/nginx.conf.template /etc/nginx/templates/default.conf.template ... ``` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: This is a strong architectural suggestion that correctly identifies the unnecessary complexity and maintenance overhead of building a custom tool for a common problem, proposing a simpler, standard alternative. </details></details></td><td align=center>Medium </td></tr> <tr><td align="center" colspan="2"> - [ ] Update  </td><td></td></tr></tbody></table>