build: Consolidate dependencies and optimize Dockerfile

Consolidate server dependencies into root package.json.

Refactor Dockerfile to use multi-stage build, build CSS,

run as non-root user, and install production dependencies only.

Update .gitignore and docker-compose.yml build context.

Author: rcourtman

.gitignore

@@ -13,6 +13,34 @@ yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
 # Build outputs
 build/
 dist/
@@ -49,4 +77,10 @@ jspm_packages/
 /coverage/ 
 
 # Local configuration files
-RELEASE_CHECKLIST.md 
+RELEASE_CHECKLIST.md
+
+# Lockfiles
+# package-lock.json # Usually committed, but ignore if specified elsewhere
+server/package-lock.json
+yarn.lock
+pnpm-lock.yaml 

Dockerfile

@@ -1,31 +1,57 @@
-# Use an official Node runtime as a parent image
-# Choose a version compatible with your application (e.g., LTS version like 18 or 20)
-FROM node:18-alpine
+# ---- Builder Stage ----
+FROM node:18-alpine AS builder
 
-# Set the working directory in the container
 WORKDIR /usr/src/app
 
-# Copy package.json and package-lock.json for root dependencies
+# Install necessary build tools (if any, e.g., python, make for some native deps)
+# RUN apk add --no-cache ...
+
+# Copy only necessary package files first
 COPY package*.json ./
 
-# Install root dependencies
-RUN npm install
+# Install ALL dependencies (including dev needed for build)
+# Using npm ci for faster, more reliable builds in CI/CD
+RUN npm ci
 
-# Copy server package.json and package-lock.json
-COPY server/package*.json ./server/
+# Copy the rest of the application code
+# Important: Copy . before running build commands
+COPY . .
 
-# Install server dependencies
-RUN cd server && npm install
+# Build the production CSS
+RUN npm run build:css
 
-# Copy the rest of the application code
-# Copy server code first
-COPY server/ ./server/
-# Copy public directory into src/public to match server path expectations
-COPY src/public/ ./src/public/
+# Prune devDependencies after build
+RUN npm prune --production
+
+# ---- Runner Stage ----
+FROM node:18-alpine
+
+WORKDIR /usr/src/app
 
-# Application listens on port 7655 by default (as per .env.example)
+# Create a non-root user and group
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+
+# Copy necessary files from builder stage
+# Copy node_modules first (can be large)
+COPY --from=builder /usr/src/app/node_modules ./node_modules
+# Copy built assets
+COPY --from=builder /usr/src/app/src/public ./src/public
+# Copy server code
+COPY --from=builder /usr/src/app/server ./server
+# Copy root package.json needed for npm start and potentially other metadata
+COPY --from=builder /usr/src/app/package.json ./
+# Optionally copy other root files if needed by the application (e.g., .env.example, README)
+# COPY --from=builder /usr/src/app/.env.example ./
+
+# Ensure correct ownership of application files
+# Use /usr/src/app to cover everything copied
+RUN chown -R appuser:appgroup /usr/src/app
+
+# Switch to non-root user
+USER appuser
+
+# Expose port
 EXPOSE 7655
 
-# Define the command to run the app using the start script from root package.json
-# This script should handle changing into the server directory
+# Run the application using the start script
 CMD [ "npm", "run", "start" ]

docker-compose.yml

@@ -1,10 +1,10 @@
 services:
   pulse-server:
     # Build context commented out - using pre-built image from Docker Hub
-    # build:
-    #   context: .
-    #   dockerfile: Dockerfile
-    image: rcourtman/pulse:latest # Use the pre-built image from Docker Hub
+    build:
+      context: .
+      dockerfile: Dockerfile
+    # image: rcourtman/pulse:latest # Use the pre-built image from Docker Hub
     container_name: pulse
     restart: unless-stopped
     ports: