feat(container): add Docker Compose support with persistent SQLite volume

[nanotaboada]

Summary by CodeRabbit

• New Features

  • Added Docker Compose support for simplified multi-container management and persistent storage.
  • Introduced health check endpoint and health monitoring for the application.
  • Added initialization and health check scripts for containerized environments.

• Improvements

  • Enhanced Docker image security and maintainability by running as a non-root user and adopting a multi-stage build.
  • Included metadata and documentation files in the Docker image.
  • Updated application and documentation to reflect new containerization workflows.

• Bug Fixes

  • Updated database file paths to ensure correct operation in containerized environments.

• Chores

  • Updated package dependencies to the latest patch versions.
  • Simplified and minimized the .gitignore file.

[coderabbitai]

Walkthrough

This update introduces a comprehensive overhaul of the containerization workflow for the ASP.NET Core Web API project. It adds a multi-stage Dockerfile with health checks, non-root execution, and persistent volume management. Docker Compose is now the recommended orchestration method, and supporting scripts and documentation have been updated to reflect these changes. Minor dependency and configuration updates are also included.

Changes

File(s)	Change Summary
.gitignore	Replaced the extensive ignore list with only logs/, bin/, and obj/ directory ignores.
Dockerfile	Completely restructured: adopts multi-stage build, adds health checks, OCI metadata, non-root user, volume setup, and copies scripts/assets.
README.md	Revised "Container" section: replaces Docker build/run instructions with detailed Docker Compose workflow, persistent storage guidance, and database initialization explanation.
docker-compose.yml	New file: Defines api service with build context, persistent volume for storage, environment variable for DB path, port mapping, and restart policy.
scripts/entrypoint.sh	New file: Entrypoint script to initialize/copy the SQLite database into the persistent volume if missing, then execs the main app command.
scripts/healthcheck.sh	New file: Simple shell script using curl to check the /health endpoint on port 9000 for container health checks.
src/Dotnet.Samples.AspNetCore.WebApi/Dotnet.Samples.AspNetCore.WebApi.csproj	Updates database file path from Data/players-sqlite3.db to storage/players-sqlite3.db and removes conditional inclusion.
src/Dotnet.Samples.AspNetCore.WebApi/Program.cs	Changes SQLite DB path to storage directory, adds health checks via AddHealthChecks(), and maps /health endpoint.
test/Dotnet.Samples.AspNetCore.WebApi.Tests/packages.lock.json	Updates multiple package dependencies to newer patch versions (e.g., Entity Framework Core from 9.0.4 to 9.0.5), with corresponding content hash updates.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Docker Compose
    participant Container (api)
    participant Entrypoint Script
    participant ASP.NET Core App

    User->>Docker Compose: docker compose up
    Docker Compose->>Container (api): Start container
    Container (api)->>Entrypoint Script: Run entrypoint.sh
    Entrypoint Script->>Entrypoint Script: Check for DB in volume
    alt DB not found in volume
        Entrypoint Script->>Entrypoint Script: Copy DB from image to volume
    else DB exists
        Entrypoint Script->>Entrypoint Script: Skip copy
    end
    Entrypoint Script->>ASP.NET Core App: Exec app command
    ASP.NET Core App->>ASP.NET Core App: Start, expose /health
    Docker Compose->>Container (api): Healthcheck via healthcheck.sh
    Container (api)->>ASP.NET Core App: curl /health

Loading

Possibly related PRs

• feat: add multi-stage Dockerfile for building and running app #230: The main PR significantly refines and extends the multi-stage Dockerfile introduced in the retrieved PR feat: add multi-stage Dockerfile for building and running app #230 by adding health checks, metadata labels, non-root user setup, volume management, and entrypoint scripting, indicating a direct and strong enhancement of the same Dockerfile and containerization approach.

Suggested labels

dependencies, .NET

Note

⚡️ AI Code Reviews for VS Code, Cursor, Windsurf

CodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback.
Learn more here.

---

Note

⚡️ Faster reviews with caching

CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.
Enjoy the performance boost—your workflow just got faster.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate Unit Tests

• Create PR with Unit Tests
• Commit Unit Tests in branch feature/docker-compose
• Post Copyable Unit Tests in Comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ -0.07%	✅ 0.00%

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (985fb5b)	1068	196	18.35%
Head commit (d6e7995)	1072 (+4)	196 (+0)	18.28% (-0.07%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#240)	5	0	0.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (13)

.gitignore (1)

1-3: Consider being more comprehensive with ignored patterns.

While the simplified .gitignore aligns with containerization where build outputs are managed within Docker, it removes many standard ignore patterns that could be useful even in a containerized development workflow.

Consider preserving additional patterns for IDE-specific files and other common temporary files to prevent accidental commits:

logs/
bin/
obj/
+.vs/
+.vscode/
+*.user
+*.suo
+.DS_Store

README.md (4)

45-47: Verify build command syntax
The docker compose build command is correct. Consider adding the --pull flag if you want to always fetch the latest base images during builds.

---

52-52: Confirm run command
Using docker compose up is appropriate. Optionally, suggest adding -d (detached mode) for production scenarios to free up the terminal.

---

55-56: Refine blockquote language
Add the article “the” for clarity:

- > On first run, the container copies...
+ > On the first run, the container copies...

- > On subsequent runs, that volume is reused...
+ > On subsequent runs, the volume is reused...

🧰 Tools

🪛 LanguageTool

[uncategorized] ~55-~55: You might be missing the article “the” here.
Context: ...pp bash docker compose up > On first run, the container copies a pre-seeded ...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

64-68: Optional database reset step
The docker compose down -v command correctly removes the volume to reset the database on next startup. Consider adding a warning about permanent data loss when running this.

docker-compose.yml (2)

5-7: Build context specification
The build.context: . and dockerfile: Dockerfile settings are correct. If you ever need to pass build-time variables, you can add an args: block here.

---

8-11: Ports and volume mount
The port mapping and storage:/storage/ volume mount look good. For consistency, you could remove the trailing slash on the container path (/storage)—though functionally it’s equivalent.

scripts/entrypoint.sh (1)

1-2: Initialize shell script with strict mode
Using #!/bin/sh and set -e ensures the script exits on any command failure. You might also add set -u and set -o pipefail for stricter error handling.

Dockerfile (5)

13-20: Source copy and publish
Including the pre-seeded database under storage/players-sqlite3.db in the builder context is appropriate. To reduce context size, consider a .dockerignore for unnecessary files.

---

25-31: Install curl for health checks
Combining apt-get update with install -y --no-install-recommends curl and cleanup is best practice. For fully reproducible builds, you could pin the curl version.

🧰 Tools

🪛 GitHub Check: Codacy Static Code Analysis

[warning] 30-30: Dockerfile#L30
Pin versions in apt get install. Instead of apt-get install <package> use apt-get install <package>=<version>

---

33-38: Metadata labels
The OCI labels improve image metadata. You might also add org.opencontainers.image.version or org.opencontainers.image.created for completeness.

---

43-49: Copy published artifacts and docs
Copying the application, README, and assets adds documentation to the image. If the assets folder is not required at runtime, consider omitting it to slim the image.

---

67-68: Healthcheck configuration
The HEALTHCHECK invocation of ./healthcheck.sh is correctly configured. Ensure your app’s /health endpoint returns appropriate exit codes.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 985fb5b and d6e7995.

⛔ Files ignored due to path filters (1)

• src/Dotnet.Samples.AspNetCore.WebApi/storage/players-sqlite3.db is excluded by !**/*.db

📒 Files selected for processing (9)

• .gitignore (1 hunks)
• Dockerfile (1 hunks)
• README.md (1 hunks)
• docker-compose.yml (1 hunks)
• scripts/entrypoint.sh (1 hunks)
• scripts/healthcheck.sh (1 hunks)
• src/Dotnet.Samples.AspNetCore.WebApi/Dotnet.Samples.AspNetCore.WebApi.csproj (1 hunks)
• src/Dotnet.Samples.AspNetCore.WebApi/Program.cs (3 hunks)
• test/Dotnet.Samples.AspNetCore.WebApi.Tests/packages.lock.json (12 hunks)

🧰 Additional context used

🪛 LanguageTool

README.md

[uncategorized] ~55-~55: You might be missing the article “the” here.
Context: ...pp bash docker compose up > On first run, the container copies a pre-seeded ...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

🪛 GitHub Check: Codacy Static Code Analysis

Dockerfile

[warning] 30-30: Dockerfile#L30
Pin versions in apt get install. Instead of apt-get install <package> use apt-get install <package>=<version>

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (21)

test/Dotnet.Samples.AspNetCore.WebApi.Tests/packages.lock.json (1)

549-550: Package version updates look good.

The package updates from 9.0.4 to 9.0.5 and 8.0.15 to 8.0.16 (for Microsoft.AspNetCore.OpenApi) are minor version updates that likely include security patches or bug fixes, supporting the containerization changes.

Also applies to: 729-730, 763-764, 774-775, 779-780, 784-785, 794-795, 805-806, 820-821, 835-836

src/Dotnet.Samples.AspNetCore.WebApi/Dotnet.Samples.AspNetCore.WebApi.csproj (1)

31-31: Database path change aligns with Docker volume strategy.

Changing the database path from "Data" to "storage" supports the containerization workflow with a persistent SQLite volume as introduced in the Docker-related files.

scripts/healthcheck.sh (1)

1-5: Well-structured health check script.

This script provides a simple and effective health check mechanism for Docker container monitoring, following best practices with proper error handling.

src/Dotnet.Samples.AspNetCore.WebApi/Program.cs (3)

39-42: Good database path update for containerization.

The path change from "Data" to "storage" is consistent with the project file changes and Docker volume strategy.

---

53-53: Health checks integration supports container monitoring.

Adding health checks is a best practice for containerized applications, enabling Docker to properly monitor application health.

---

97-98: Properly mapped health endpoint.

The health check endpoint is mapped correctly and documented with a reference link, providing the endpoint that will be used by the Docker health check script.

README.md (2)

39-43: Added Docker Compose instructions with persistent volume
The new section clearly introduces Docker Compose for building and running the app with a persistent SQLite volume. This aligns perfectly with the PR objectives.

---

58-61: Stop command section is clear
The docker compose down instruction cleanly stops and removes containers as expected.

docker-compose.yml (3)

1-4: Define service and image
The api service is correctly defined with both image and container_name. Including the image name alongside build tags the built image appropriately.

---

12-14: Environment and restart policy
Setting STORAGE_PATH ensures the application picks up the correct SQLite file. The restart: unless-stopped policy is appropriate for resilience.

---

16-17: Persisted named volume
Declaring the storage volume without driver details uses the default local driver, which is sufficient for SQLite persistence.

scripts/entrypoint.sh (4)

4-6: Define database paths
IMAGE_STORAGE_PATH and VOLUME_STORAGE_PATH correctly map the seed file and the persistent volume location.

---

9-17: Database initialization logic
The conditional block to seed the DB on first run is sound. Ensure /storage is writable (it’s created in the Dockerfile).

---

20-21: Skip seed copy on existing database
The else branch cleanly skips copying when the database file is already present.

---

23-25: Entrypoint execution
Logging readiness messages before exec "$@" improves observability, and exec correctly replaces the shell with the application process.

Dockerfile (6)

5-11: Builder stage setup
The multi-stage build leveraging mcr.microsoft.com/dotnet/sdk:8.0 is correct. Restoring before copying full source optimizes cache layers.

---

39-42: Runtime environment variables
ASPNETCORE_URLS and ASPNETCORE_ENVIRONMENT are correctly set for production use.

---

53-55: Include entrypoint and healthcheck scripts
Using --chmod=555 ensures executability. Confirm that healthcheck.sh logic matches the health endpoint configured in your app.

---

57-59: Pre-seeded database for runtime
The COPY --from=builder ...storage/players-sqlite3.db ./docker-compose/ command places the seed DB bundle where the entrypoint expects it.

---

61-64: Non-root user and storage directory
Adding aspnetcore user and owning /storage ensures the container doesn’t run as root, improving security.

---

70-73: Entrypoint and default command
Splitting ENTRYPOINT and CMD allows override flexibility while running your custom entrypoint logic by default.