aaitplus · aaitplus · Feb 4, 2026
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -1,4 +1,3 @@
-# .github/workflows/ci-cd.yml
 name: QuantumGuard CI/CD
 
 on:
@@ -11,7 +10,7 @@ on:
 
 env:
   REGISTRY: ghcr.io
-  IMAGE_NAME: quantumguard # must be lowercase
+  IMAGE_NAME: quantumguard # lowercase repo name
 
 jobs:
 
@@ -44,8 +43,8 @@ jobs:
       - name: Build Docker image
         uses: docker/build-push-action@v5
         with:
-          context: ./docker
-          file: ./docker/Dockerfile
+          context: .
+          file: ./Dockerfile
           push: false
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/app:latest
 
@@ -57,18 +56,16 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: build-context
-          path: docker/
+          path: docker/dashboard/
 
   # =========================
   # Security Scanning
   # =========================
   security-scan:
     needs: build
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v4
-
       - uses: actions/setup-python@v5
         with:
           python-version: '3.11'
@@ -121,27 +118,21 @@ jobs:
     needs: security-scan
     runs-on: ubuntu-latest
     if: github.event_name == 'push'
-
     steps:
       - uses: actions/checkout@v4
-
       - uses: actions/setup-python@v5
         with:
           python-version: '3.11'
-
       - name: Install dependencies
         run: pip install -r requirements.txt
-
       - name: Download security reports
         uses: actions/download-artifact@v4
         with:
           name: security-reports
           path: reports/
-
       - name: Run auto-remediation
         run: python hardening/auto_remediate.py
         continue-on-error: true
-
       - name: Commit remediation changes
         run: |
           git config user.name "github-actions"
@@ -159,21 +150,18 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/develop'
     environment: staging
-
     steps:
       - uses: actions/checkout@v4
-
       - uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Build & Push Staging Docker Image
         uses: docker/build-push-action@v5
         with:
-          context: ./docker
-          file: ./docker/Dockerfile
+          context: .
+          file: ./Dockerfile
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/app:staging
 
@@ -185,20 +173,17 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'
     environment: production
-
     steps:
       - uses: actions/checkout@v4
-
       - uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Build & Push Production Docker Image
         uses: docker/build-push-action@v5
         with:
-          context: ./docker
-          file: ./docker/Dockerfile
+          context: .
+          file: ./Dockerfile
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/app:latest
diff --git a/Dockerfile b/Dockerfile
@@ -1,69 +1,55 @@
-# ------------------------------
-# QuantumGuard Production Dockerfile
-# ------------------------------
-
-# ------------------------------
-# Stage 1: Build Python dependencies
-# ------------------------------
+# =========================
+# Stage 1: Build Python Environment
+# =========================
 FROM python:3.11-slim AS build
 
-# Set working directory
-WORKDIR /app
-
 # Install build dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential git libffi-dev libssl-dev pkg-config && \
-    rm -rf /var/lib/apt/lists/*
+    build-essential \
+    git \
+    libffi-dev \
+    libssl-dev \
+    pkg-config \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set workdir for build stage
+WORKDIR /app
 
-# Copy requirements file
+# Copy requirements first for caching
 COPY requirements.txt .
-
-# Create virtual environment and install Python dependencies
 RUN python -m venv /opt/venv
-ENV PATH="/opt/venv/bin:$PATH"
-RUN pip install --upgrade pip
-RUN pip install --no-cache-dir -r requirements.txt
+RUN /opt/venv/bin/pip install --upgrade pip
+RUN /opt/venv/bin/pip install --no-cache-dir -r requirements.txt
 
-# ------------------------------
-# Stage 2: Runtime image
-# ------------------------------
+# =========================
+# Stage 2: Runtime Image
+# =========================
 FROM python:3.11-slim AS runtime
 
-# Set working directory
+# Set workdir for runtime
 WORKDIR /app
 
-# Copy installed packages from build stage
+# Copy Python venv from build
 COPY --from=build /opt/venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
 
 # Copy application code
+COPY quantumguard.py .
+COPY self_learning.py .
+COPY utils.py .
+
+# Copy directories
 COPY app/ ./app/
-COPY simulator/ ./simulator/
+COPY docker/dashboard/ ./dashboard/
+COPY hardening/ ./hardening/
+COPY k8s/ ./k8s/
 COPY scanner/ ./scanner/
+COPY simulator/ ./simulator/
 COPY scripts/ ./scripts/
-COPY hardening/ ./hardening/
 COPY terraform/ ./terraform/
-COPY k8s/ ./k8s/
-COPY utils.py ./
-COPY self_learning.py ./
-COPY quantumguard.py ./
 
-# Copy the dashboard folder (make sure this exists in repo root!)
-COPY dashboard/ ./dashboard/
-
-# Expose Flask port
+# Expose Flask port for dashboard if needed
 EXPOSE 5000
 
-# Create a non-root user for security
-RUN useradd -m quantumguard
-USER quantumguard
-
-# Install Gunicorn for production Flask server
-RUN pip install gunicorn
-
-# Set Flask app environment variables
-ENV FLASK_APP=dashboard/app.py
-ENV FLASK_ENV=production
-
-# Start Flask app with Gunicorn
-CMD ["gunicorn", "--workers", "3", "--bind", "0.0.0.0:5000", "dashboard.app:app"]
+# Default command
+CMD ["python", "quantumguard.py"]
diff --git a/docker/Dockerfile b/docker/Dockerfile