fix(docker): filter nested node_modules/dist in .dockerignore

[aspiers]

Summary

• .dockerignore patterns node_modules and dist only matched the build-context root, so any host-side packages/*/node_modules or packages/*/dist leaked into the Docker build context.
• When present, those nested node_modules dirs were copied into the image by COPY packages/ packages/, overwriting the pnpm symlink tree the deps stage had just created. The host symlinks pointed to host paths that don't exist inside the image, so pnpm run build failed with e.g. Cannot find module '/app/packages/demo/node_modules/next/dist/bin/next'.
• Using **/ globs makes the filters match at any depth, which is what was originally intended.

Why this only bites some users

If you've ever run pnpm install (or next dev) locally inside packages/demo/ — easy to do when iterating on the demo app — you end up with a populated packages/demo/node_modules/ on disk. Clean CI environments and fresh clones don't have that, so they never hit the bug. That's why docker build works on CI but fails on dev laptops that have also been used to run the app locally.

Verification

Built all three images from scratch with --no-cache in a working tree that had a populated packages/demo/node_modules/ (reproducing the original failure), applied this one-line fix, and reran:

Image	Before	After
Dockerfile.demo	Cannot find module '/app/packages/demo/node_modules/next/dist/bin/next'	✅ builds
Dockerfile.pds	✅ (did not break in my env)	✅ builds
Dockerfile.auth	✅ (did not break in my env)	✅ builds

Also confirmed via an inspection image (alpine + COPY . /ctx/ + find /ctx -name node_modules) that after the fix, zero nested node_modules directories leak into the build context (before: every packages/*/node_modules plus any .claude/worktrees/*/node_modules was leaking).

Test plan

• Run docker build -f Dockerfile.demo . on a machine that has packages/demo/node_modules/ populated locally — should succeed.
• Run docker build -f Dockerfile.auth . and docker build -f Dockerfile.pds . — should still succeed (they never broke, just verifying no regression).
• CI image builds continue to pass.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Optimized Docker build context to more efficiently exclude build artifacts and dependencies across nested directories, reducing build times and image size.

[railway-app]

🚅 Deployed to the ePDS-pr-54 environment in ePDS

Service	Status	Web	Updated (UTC)
@certified-app/demo untrusted	✅ Success (View Logs)	Web	Apr 8, 2026 at 3:05 pm
@certified-app/demo	✅ Success (View Logs)	Web	Apr 8, 2026 at 3:05 pm
@certified-app/pds-core	✅ Success (View Logs)	Web	Apr 8, 2026 at 3:05 pm
@certified-app/auth-service	✅ Success (View Logs)	Web	Apr 8, 2026 at 3:05 pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 67c3776a-7dc9-48e6-9b6d-bd49b7e9775a

📥 Commits

Reviewing files that changed from the base of the PR and between 698a458 and 4b27e72.

📒 Files selected for processing (1)

• .dockerignore

---

📝 Walkthrough

Walkthrough

The .dockerignore file patterns for node_modules and dist are updated to use recursive glob matching (**/node_modules and **/dist) instead of top-level-only patterns, ensuring these directories are excluded from the Docker build context across all nested directory levels.

Changes

Cohort / File(s)	Summary
Docker Configuration .dockerignore	Updated patterns from top-level matches to recursive globs for node_modules and dist directories to exclude them at all nesting levels.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A glob that multiplies, **/ spreads wide,
No node_modules shall hide deep inside,
dist folders tucked in folders galore,
Docker builds lighter than ever before! 📦✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating .dockerignore patterns from top-level-only entries to recursive globs to filter nested node_modules and dist directories.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/docker-build-nested-node-modules

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
epds-demo	Ready	Preview, Comment	Apr 8, 2026 3:04pm

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coveralls-official]

Coverage Report for CI Build 24142550619

Coverage remained the same at 29.583%

Details

• Coverage remained the same as the base build.
• Patch coverage: No coverable lines changed in this PR.
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	1638
Covered Lines:	517
Line Coverage:	31.56%
Relevant Branches:	931
Covered Branches:	243
Branch Coverage:	26.1%
Branches in Coverage %:	Yes
Coverage Strength:	2.6 hits per line

---

💛 - Coveralls