fix: migrate Dockerfile from Docker to UBI image

[mprpic]

Replace golang:1.24-alpine and alpine:3.19 with
registry.access.redhat.com/ubi9/go-toolset:1.24 and ubi9/ubi-minimal:latest for consistency with other components.

[coderabbitai]

Walkthrough

Switched the components/public-api/Dockerfile from Alpine-based images to Red Hat UBI9 images, adjusted build steps (go mod download, source copy), removed git/ca-certificates installs, changed build/runtime user handling and file permissions, and replaced the healthcheck from wget to curl.

Changes

Cohort / File(s)

Summary

Dockerfile Base Image & Build Changes components/public-api/Dockerfile

Builder image changed to registry.access.redhat.com/ubi9/go-toolset:1.24; runtime changed to registry.access.redhat.com/ubi9/ubi-minimal:9.7. Added USER 0 during build, added go mod download and source copy before build, removed git and ca-certificates installs. Adjusted permissions (chmod +x public-api, chmod 775 /app), removed non-root user creation and set runtime USER 1001. Healthcheck switched from wget to curl.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: migrating the Dockerfile from Alpine to UBI base images, which is the primary objective of the PR.
Description check	✅ Passed	The description is directly related to the changeset, explaining the migration from Alpine to UBI images for consistency with other components.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch migrate-public-api-dockerfile-to-ubi

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@components/public-api/Dockerfile`:
- Around line 35-36: The HEALTHCHECK line uses curl but the base image
ubi-minimal does not include curl; either install curl in the image before the
HEALTHCHECK or replace the check with a built-in alternative. Fix option A: add
a step early in the Dockerfile to install curl via the image package manager
(e.g., microdnf/microdnf install -y curl and clean cache) so the existing
HEALTHCHECK CMD curl -sf http://localhost:8081/health || exit 1 will succeed.
Fix option B: remove curl from the HEALTHCHECK and switch to a non-curl health
probe (for example use a simple TCP probe or your Go binary’s internal /health
readiness flag) so the HEALTHCHECK line itself no longer depends on curl.
- Line 19: Replace the unpinned base image FROM
registry.access.redhat.com/ubi9/ubi-minimal:latest with a pinned UBI version
(e.g., registry.access.redhat.com/ubi9/ubi-minimal:9.7) and ensure the image
installs curl-minimal so the existing health check can run; update the
Dockerfile to add installation of curl-minimal (or, if you prefer not to add
packages, replace the curl-based health probe with a bash /dev/tcp check) so the
health probe no longer fails at runtime.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5d14ad28-6a0f-4dd0-9e2a-d03483db4cb2

📥 Commits

Reviewing files that changed from the base of the PR and between f6a5543 and 3d1a52c.

📒 Files selected for processing (1)

• components/public-api/Dockerfile

[coderabbitai]

♻️ Duplicate comments (1)

components/public-api/Dockerfile (1)

35-36: ⚠️ Potential issue | 🔴 Critical

curl is not available in ubi-minimal by default — healthcheck will fail at runtime.

The ubi9/ubi-minimal image does not include curl. Install it or use an alternative.

🐛 Option 1: Install curl-minimal

 WORKDIR /app

+# Install curl for healthcheck
+RUN microdnf install -y curl-minimal && microdnf clean all
+
 # Copy binary from builder
 COPY --from=builder /app/public-api .

🐛 Option 2: Use /dev/tcp (no extra packages)

 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-    CMD curl -sf http://localhost:8081/health || exit 1
+    CMD sh -c 'exec 3<>/dev/tcp/127.0.0.1/8081 && echo -e "GET /health HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" >&3 && grep -q "200" <&3'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@components/public-api/Dockerfile` around lines 35 - 36, The HEALTHCHECK using
"CMD curl -sf http://localhost:8081/health || exit 1" will fail on
ubi9/ubi-minimal because curl is not present; either install a minimal curl
package in the Dockerfile (e.g., add a microdnf/yum install step for
curl-minimal and clean caches) so the existing HEALTHCHECK works, or replace the
HEALTHCHECK command with a no-deps TCP check using the shell's /dev/tcp (modify
the HEALTHCHECK/CMD invocation to use a shell -c that opens /dev/tcp localhost
8081 and checks the connection/HTTP response) and ensure the command returns
proper exit codes; update the HEALTHCHECK line accordingly (reference: the
HEALTHCHECK/CMD curl -sf ... entry).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@components/public-api/Dockerfile`:
- Around line 35-36: The HEALTHCHECK using "CMD curl -sf
http://localhost:8081/health || exit 1" will fail on ubi9/ubi-minimal because
curl is not present; either install a minimal curl package in the Dockerfile
(e.g., add a microdnf/yum install step for curl-minimal and clean caches) so the
existing HEALTHCHECK works, or replace the HEALTHCHECK command with a no-deps
TCP check using the shell's /dev/tcp (modify the HEALTHCHECK/CMD invocation to
use a shell -c that opens /dev/tcp localhost 8081 and checks the connection/HTTP
response) and ensure the command returns proper exit codes; update the
HEALTHCHECK line accordingly (reference: the HEALTHCHECK/CMD curl -sf ...
entry).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 37b2fb6c-ce36-449c-a829-1a0f8da5df96

📥 Commits

Reviewing files that changed from the base of the PR and between 3d1a52c and f87c841.

📒 Files selected for processing (1)

• components/public-api/Dockerfile

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-03-18 18:40 UTC · Rule: default
• ✅ Checks passed · on draft merge queue: embarking main (b714979) and #923 together #953
• ✅ Merged — 2026-03-18 18:40 UTC · at f87c841ea8148b00ae96ecb2943490b57e0c4f60

This pull request spent 17 seconds in the queue, including 1 second running CI.

Required conditions to merge

• #approved-reviews-by >= 1 [🛡 GitHub repository ruleset rule protect-main]
  • fix: migrate Dockerfile from Docker to UBI image #923
• #changes-requested-reviews-by = 0 [🛡 GitHub repository ruleset rule protect-main]
  • fix: migrate Dockerfile from Docker to UBI image #923