Add docker deployment

.dockerignore

@@ -0,0 +1,38 @@
+# Version control
+.git
+.gitignore
+.gitattributes
+
+# Dependencies
+node_modules
+npm-debug.log
+yarn-debug.log
+yarn-error.log
+
+# Build output
+dist
+build
+coverage
+
+# Development
+.env
+.env.*
+*.log
+.DS_Store
+.vscode
+.idea
+
+# Tests
+test
+coverage
+*.spec.ts
+*.test.ts
+
+# Documentation
+README.md
+docs
+*.md
+
+# Docker
+Dockerfile
+.dockerignore

.github/workflows/deploy.yml

@@ -0,0 +1,31 @@
+name: Deploy Docker Image
+
+on:
+  push:
+    branches:
+      - "**"
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Lowercase repository name
+        id: repo
+        run: echo "name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: ${{ github.ref == 'refs/heads/main' }}
+          tags: ghcr.io/${{ steps.repo.outputs.name }}:latest

Dockerfile

@@ -0,0 +1,70 @@
+# Use Node.js LTS version
+FROM node:22-alpine AS base
+
+# Install security updates and dumb-init for proper signal handling
+RUN apk add --no-cache dumb-init && \
+    apk upgrade
+
+# Enable corepack and set Yarn version
+RUN corepack enable && corepack prepare yarn@4.4.0 --activate
+
+# Create non-root user early for security
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nestjs -u 1001 -G nodejs
+
+# Set working directory
+WORKDIR /app
+
+# Change ownership of working directory
+RUN chown -R nestjs:nodejs /app
+
+# Switch to non-root user for dependency installation
+USER nestjs
+
+# Copy package files with proper ownership
+COPY --chown=nestjs:nodejs package.json yarn.lock .yarnrc.yml ./
+
+# Install dependencies with cache optimization
+RUN yarn install --immutable --check-cache
+
+# === Build stage ===
+FROM base AS builder
+
+# Copy source code
+COPY --chown=nestjs:nodejs . .
+
+# Build the application
+RUN yarn build
+
+# Remove development dependencies to reduce image size
+RUN yarn workspaces focus --production
+
+# === Production stage ===
+FROM base AS production
+
+# Copy built application and production dependencies from builder stage
+COPY --from=builder --chown=nestjs:nodejs /app/dist ./dist
+COPY --from=builder --chown=nestjs:nodejs /app/node_modules ./node_modules
+COPY --from=builder --chown=nestjs:nodejs /app/package.json ./
+
+# Create logs directory with proper permissions
+RUN mkdir -p logs && chown -R nestjs:nodejs logs
+
+# Create additional directories that the app might need
+RUN mkdir -p tmp uploads && chown -R nestjs:nodejs tmp uploads
+
+# Switch to non-root user
+USER nestjs
+
+# Set environment variables
+ENV NODE_ENV=production
+ENV PORT=3001
+
+# Expose port (will use PORT env var, defaulting to 3001)
+EXPOSE $PORT
+
+# Use dumb-init to handle signals properly
+ENTRYPOINT ["dumb-init", "--"]
+
+# Start the application
+CMD ["node", "dist/main"]

docker-compose.yml

@@ -0,0 +1,8 @@
+services:
+  api:
+    build: .
+    restart: unless-stopped
+    ports:
+      - '${PORT:-3001}:${PORT:-3001}'
+    env_file:
+      - .env

package.json

@@ -19,7 +19,7 @@
     "test:cov": "jest --coverage",
     "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
     "test:e2e": "jest --config ./test/jest-e2e.json",
-    "prepare": "husky"
+    "prepare": "husky || true"
   },
   "dependencies": {
     "@nestjs/axios": "^3.1.3",
@@ -60,7 +60,6 @@
     "ts-jest": "29.2.5",
     "ts-loader": "^9.5.1",
     "ts-node": "^10.9.2",
-    "tsconfig-paths": "4.2.0",
     "typescript": "^5.7.2"
   },
   "jest": {