feat: UI vue Review + backend sert le SPA, fin Phase 4 v1 (v0.24.0)

Vue Review (liste assets, approuver/refuser + confirm, refresh, 401→logout). Backend sert le SPA same-origin (@fastify/static + fallback) si CHLOVA_WEB_ROOT. Dockerfile multi-stage build web+API (contexte racine), image embarque /app/web. Compose contexte .., image chlova/backend:0.2.0. 65 tests, 0 vuln, compose OK. Palier de risque : privilégié (surface exposée complète) — non déployée ; auth + CHLOVA_PHASE requis pour activer. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-23 05:56:01 +02:00
parent aee86b811e
commit e6edf1a8bc
9 changed files with 324 additions and 14 deletions
@@ -1,21 +1,35 @@
 # CHLOVA backend — image multi-stage, base épinglée (jamais :latest).
+# Contexte de build = RACINE du dépôt (voir infra/docker-compose.yml) : l'image
+# embarque l'API ET le SPA web (servi same-origin).
 # TODO épingler le digest (node:24.13-bookworm-slim@sha256:...) avant déploiement réel.

-FROM node:24.13-bookworm-slim AS build
-WORKDIR /app
-COPY package.json package-lock.json* ./
+# ── Build du SPA (web/) ─────────────────────────────────────────────────
+FROM node:24.13-bookworm-slim AS web-build
+WORKDIR /web
+COPY web/package.json web/package-lock.json* ./
 RUN npm ci
-COPY tsconfig.json tsconfig.build.json ./
-COPY src ./src
+COPY web/ ./
 RUN npm run build

+# ── Build de l'API (orchestrator/) ──────────────────────────────────────
+FROM node:24.13-bookworm-slim AS api-build
+WORKDIR /app
+COPY orchestrator/package.json orchestrator/package-lock.json* ./
+RUN npm ci
+COPY orchestrator/tsconfig.json orchestrator/tsconfig.build.json ./
+COPY orchestrator/src ./src
+RUN npm run build
+
+# ── Runtime ─────────────────────────────────────────────────────────────
 FROM node:24.13-bookworm-slim AS runtime
 ENV NODE_ENV=production
+ENV CHLOVA_WEB_ROOT=/app/web
 WORKDIR /app
-COPY package.json package-lock.json* ./
+COPY orchestrator/package.json orchestrator/package-lock.json* ./
 RUN npm ci --omit=dev && npm cache clean --force
-COPY --from=build /app/dist ./dist
-# Données runtime (SQLite, P2+). L'utilisateur node ne tourne pas en root.
+COPY --from=api-build /app/dist ./dist
+COPY --from=web-build /web/dist ./web
+# Données runtime (SQLite). L'utilisateur node ne tourne pas en root.
 RUN mkdir -p /app/data && chown -R node:node /app
 USER node
 HEALTHCHECK --interval=30s --timeout=3s --retries=3 \