feat: Docker containerization with multi-stage builds and security scanning

[devin-ai-integration]

feat: Docker containerization with multi-stage builds and security scanning

Summary

This PR implements comprehensive Docker containerization for the banking application with the following key changes:

🐳 Containerization:

• Multi-stage Dockerfiles for both NestJS server and React client
• Optimized builds with Alpine Linux base images and non-root users
• Production-ready nginx configuration for serving React static files

🔧 Development Environment:

• Docker Compose setup with PostgreSQL, server, and client services
• Health checks and proper container networking
• Volume mounts for development workflow

🔒 Production & Security:

• Production docker-compose with environment variable configuration
• Trivy security scanning via GitHub Actions workflows
• Comprehensive documentation for setup and deployment

⚙️ Configuration Changes:

• Updated client API configuration to use environment variables
• Database initialization script for PostgreSQL setup
• Proper .dockerignore files to optimize build contexts

Review & Testing Checklist for Human

• Test full application functionality - Login with test credentials, create transactions, verify database operations work correctly in containerized environment
• Review security scan results - Address the 66 HIGH/CRITICAL vulnerabilities found in server image, particularly CVE-2022-33171 (TypeORM SQL injection) and CVE-2020-7769 (Nodemailer)
• Verify production deployment - Set all required environment variables and test production docker-compose configuration
• Performance testing - Compare application performance before/after containerization to ensure no significant degradation
• CI/CD workflow validation - Confirm security scanning workflows execute properly and integrate with existing CI processes

Recommended End-to-End Test Plan:

1. Run docker-compose up -d and verify all services start healthy
2. Access client at http://localhost:3000 and test user registration/login
3. Perform banking operations (account creation, money transfers, transaction history)
4. Check database connectivity and data persistence
5. Test production setup with environment variables
6. Run security scans and review vulnerability reports

---

Diagram

%%{ init : { "theme" : "default" }}%%
graph TB
    subgraph "Bank Server"
        ServerDockerfile["Dockerfile<br/>(Multi-stage NestJS build)"]:::major-edit
        ServerCompose["docker-compose.yml<br/>(Development setup)"]:::major-edit
        ServerProdCompose["docker-compose.prod.yml<br/>(Production config)"]:::major-edit
        ServerSecurity[".github/workflows/<br/>security-scan.yml"]:::major-edit
    end
    
    subgraph "Bank Client"  
        ClientDockerfile["Dockerfile<br/>(Multi-stage React build)"]:::major-edit
        ClientNginx["nginx.conf<br/>(Static file serving)"]:::major-edit
        ClientAPI["app/utils/api.js<br/>(Environment variables)"]:::minor-edit
        ClientSecurity[".github/workflows/<br/>security-scan.yml"]:::major-edit
    end
    
    subgraph "Infrastructure"
        PostgresDB["PostgreSQL Database<br/>(Container)"]:::context
        InitDB["init-db.sql<br/>(Database setup)"]:::major-edit
    end
    
    ServerCompose -->|"Orchestrates"| PostgresDB
    ServerCompose -->|"Builds & runs"| ServerDockerfile  
    ServerCompose -->|"Builds & runs"| ClientDockerfile
    ClientAPI -->|"Connects to"| ServerDockerfile
    InitDB -->|"Initializes"| PostgresDB
    
    subgraph Legend
        L1[Major Edit]:::major-edit
        L2[Minor Edit]:::minor-edit  
        L3[Context/No Edit]:::context
    end
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#87CEEB  
    classDef context fill:#FFFFFF

Loading

Notes

Security Concerns:

• Server image contains 66 HIGH/CRITICAL vulnerabilities that require immediate attention
• Production secrets are properly externalized to environment variables
• Containers run as non-root users for enhanced security

Architecture Changes:

• Client now communicates with server via container networking instead of localhost
• Multi-stage builds significantly reduce final image sizes
• Health checks ensure proper service startup ordering

Testing Coverage:

• Basic container startup and networking verified
• Client UI loads correctly in browser
• Security scanning implemented and functional
• Full banking workflow testing still required

---

Session Details:

• Requested by: Arthur Poon (@akkp-windsurf)
• Session URL: https://app.devin.ai/sessions/e5c0e3b5804c496d9d03175180fb810b

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring