feat: Docker containerization with multi-stage builds and security scanning

[devin-ai-integration]

feat: Docker containerization with multi-stage builds and security scanning

Summary

This PR implements comprehensive Docker containerization for the banking application with the following key components:

• Multi-stage Dockerfiles for both bank-server (NestJS) and bank-client (React) with optimized production builds
• Docker Compose configurations for local development and production deployment
• Security scanning integration using Trivy with GitHub Actions workflows
• Environment variable configuration for secure production deployments
• Comprehensive documentation with setup guides and troubleshooting

Key Changes:

• Bank server runs on Node.js 16-alpine with non-root user security
• Bank client uses nginx-alpine for efficient static file serving with security headers
• PostgreSQL database service with health checks and volume persistence
• Updated API configuration to use environment variables instead of hardcoded localhost URLs
• Fixed nginx configuration issues that were causing container startup failures

Review & Testing Checklist for Human

• Test full application end-to-end: Run docker-compose up -d and verify all 3 containers start successfully and the login page loads at http://localhost:3000
• Verify API connectivity: Check that the React client can successfully communicate with the NestJS server API through the containerized network
• Test database functionality: Confirm PostgreSQL container initializes properly and the server can connect to create/migrate tables
• Review security configuration: Ensure no hardcoded secrets remain in docker-compose.prod.yml and verify environment variable usage
• Validate production deployment: Test docker-compose -f docker-compose.prod.yml up -d with proper environment variables set

Recommended Test Plan:

1. Stop any running local services (PostgreSQL, Node.js servers)
2. Run docker-compose up -d in bank-server directory
3. Wait for all containers to reach healthy status (docker-compose ps)
4. Access http://localhost:3000 and verify login page loads correctly
5. Test basic application functionality (login, navigation)
6. Run security scans: ./security-scan.sh in both directories
7. Test production configuration with environment variables

---

Diagram

%%{ init : { "theme" : "default" }}%%
graph TB
    subgraph "Bank Server"
        dockerfile1["Dockerfile<br/>(bank-server)"]:::major-edit
        compose["docker-compose.yml"]:::major-edit
        composeprod["docker-compose.prod.yml"]:::major-edit
        initdb["init-db.sql"]:::major-edit
    end
    
    subgraph "Bank Client" 
        dockerfile2["Dockerfile<br/>(bank-client)"]:::major-edit
        nginx["nginx.conf"]:::major-edit
        apiconfig["app/utils/api.js"]:::minor-edit
    end
    
    subgraph "Security & CI"
        security1[".github/workflows/<br/>security-scan.yml"]:::major-edit
        security2["security-scan.sh"]:::major-edit
    end
    
    subgraph "Documentation"
        readme["README-Docker.md"]:::major-edit
    end
    
    dockerfile1 --> compose
    dockerfile2 --> compose
    compose --> initdb
    nginx --> dockerfile2
    apiconfig --> dockerfile2
    
    subgraph Legend
        L1[Major Edit]:::major-edit
        L2[Minor Edit]:::minor-edit  
        L3[Context/No Edit]:::context
    end
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#87CEEB
    classDef context fill:#FFFFFF

Loading

Notes

• Security Alert: Trivy scan detected 66 HIGH/CRITICAL vulnerabilities in the server image, primarily from outdated Node.js dependencies. Consider updating package versions.
• Network Configuration: Changed client API URL from hardcoded localhost:4000 to use REACT_APP_API_URL environment variable for proper container networking
• Build Issues Resolved: Fixed missing image optimization dependencies in React build that were causing Docker build failures
• Health Check Update: Server health check endpoint changed from /health to /bank to match actual API routes

Session Details: Requested by Arthur Poon (@akkp-windsurf)
Link to Devin run: https://app.devin.ai/sessions/e5c0e3b5804c496d9d03175180fb810b

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring