fix(docker): exclude .venv and dev artifacts from Docker build context

[latenighthackathon]

Summary

Adds six ignore patterns to .dockerignore to exclude local development artifacts from direct docker build usage, preventing build context bloat and accidental secret inclusion.

Scope note: This covers the direct docker build path only. The staged onboarding path (scripts/setup.sh → cp -r) does not honour .dockerignore — extending scripts/clean-staged-tree.sh to cover these patterns is a separate follow-up.

Related Issue

Related to #774 (partial fix — direct Docker build path only)

Changes

• Added .venv, .ruff_cache, .mypy_cache, .env, *.egg-info, .DS_Store to .dockerignore.

Testing

• Verified .dockerignore patterns match the artifacts present in a local dev checkout.

Checklist

• Follows Conventional Commits
• Commits are signed

Summary by CodeRabbit

• Chores
  • Optimized Docker build context by excluding additional local development artifacts and environment configuration files.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: c4ef689e-2c96-4a7d-9bac-9f88bb082248

📥 Commits

Reviewing files that changed from the base of the PR and between 54a105f and 68daac3.

📒 Files selected for processing (1)

• .dockerignore

✅ Files skipped from review due to trivial changes (1)

• .dockerignore

---

📝 Walkthrough

Walkthrough

The pull request adds six ignore patterns to .dockerignore to exclude local development artifacts and environment files: .venv, .ruff_cache, .mypy_cache, .env, *.egg-info, and .DS_Store.

Changes

Cohort / File(s)	Summary
Docker Build Context Configuration .dockerignore	Added ignore patterns: .venv, .ruff_cache, .mypy_cache, .env, *.egg-info, and .DS_Store to keep these local artifacts out of the Docker build context.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐇 I nibble bytes and hop with glee,
Quietly hiding .venv from sea,
Cache and eggs left far behind,
.env tucked safe for peace of mind,
Clean docker dreams — a rabbit's find.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(docker): exclude .venv and dev artifacts from Docker build context' accurately summarizes the main change—updating .dockerignore to exclude development artifacts. It is concise, specific, and directly related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[KimBioInfoStudio]

LGTM

[kjw3]

Thanks for taking this on. I agree the .dockerignore additions are sensible for direct docker build usage, but I don’t think this closes the actual bug path behind #774.

The main problem is that the staged onboarding/setup path does not rely on .dockerignore:

• scripts/setup.sh explicitly says the staged build path does not honor .dockerignore and uses cp -r
• bin/lib/onboard.js already filters out most of the important dev-artifact directories in the active onboarding path
• the remaining live gap is in the staged-copy / cleanup path, where scripts/clean-staged-tree.sh still only removes .venv and .pytest_cache

So this helps a secondary direct-Docker-build path, but it does not fix the main staged local-tree path described in the issue.

If you want to revive this, I’d narrow the fix to the staged build context itself:

• either extend the staged copy filtering/cleanup to cover .env, *.egg-info, .ruff_cache, .mypy_cache, .DS_Store, etc.
• or otherwise make the staged path honor the same exclusions as the active onboarding filter

One separate blocker from our side: the branch tip also needs fully verified signed commits before it would be merge-ready.

[latenighthackathon]

Thanks for the detailed breakdown — you're right that the staged build path via scripts/setup.sh and scripts/clean-staged-tree.sh is the main gap behind #774, and .dockerignore alone doesn't cover it.

Updated the PR description to scope this as a partial fix for the direct docker build path only, without claiming it closes #774. Extending clean-staged-tree.sh to cover .env, *.egg-info, .ruff_cache, .mypy_cache, .DS_Store would be the proper follow-up for the staged path.

I'll also rebase to get verified signatures on all commits. Ready for re-review once that's done.