feat(p83): wire BUILD_SHA through all Dockerfiles + compose + CI check

check-rebuild-needed.sh war seit Mai funktionsfähig nur fuer 3 von 10 Containern. Die anderen 7 Dockerfiles hatten kein ARG/ENV BUILD_SHA und docker-compose.yml hat fuer KEINEN Service den Wert durchgereicht — daher defaultete BUILD_SHA ueberall auf "unknown" und die Drift-Check war zahnlos. - ARG BUILD_SHA + ENV BUILD_SHA in 8 zusaetzlichen Dockerfiles (ai-compliance-sdk, developer-portal, document-crawler, dsms-gateway, compliance-tts-service, docs-src, docs-site, dsms-node) - docker-compose.yml: BUILD_SHA: \${BUILD_SHA:-unknown} in jedem build: Block (10 Services) - .gitea/workflows/ci.yaml: neuer Job build-sha-integrity validiert dass jedes Dockerfile ARG+ENV hat und jeder compose-build den Arg durchreicht. Faellt bei jedem PR/Push gegen master, der einen neuen Service oder Dockerfile ohne BUILD_SHA einfuehrt. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 18:29:03 +02:00
parent 4087bb5f18
commit 60b86be706
10 changed files with 135 additions and 0 deletions
@@ -0,0 +1,51 @@
+# ============================================
+# BreakPilot Compliance Dokumentation - MkDocs Build
+# Multi-stage build fuer minimale Image-Groesse
+# ============================================
+
+# Stage 1: Build MkDocs Site
+FROM python:3.11-slim AS builder
+
+WORKDIR /docs
+
+RUN pip install --no-cache-dir \
+    mkdocs==1.6.1 \
+    mkdocs-material==9.5.47 \
+    pymdown-extensions==10.12
+
+COPY mkdocs.yml /docs/
+COPY docs-src/ /docs/docs-src/
+
+RUN mkdocs build
+
+# Stage 2: Serve with Nginx
+FROM nginx:alpine
+
+COPY --from=builder /docs/docs-site /usr/share/nginx/html
+
+RUN echo 'server { \
+    listen 80; \
+    server_name localhost; \
+    root /usr/share/nginx/html; \
+    index index.html; \
+    location / { \
+        try_files $uri $uri/ /index.html; \
+    } \
+    gzip on; \
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml; \
+    gzip_min_length 1000; \
+    location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2)$ { \
+        expires 1y; \
+        add_header Cache-Control "public, immutable"; \
+    } \
+}' > /etc/nginx/conf.d/default.conf
+
+ARG BUILD_SHA="unknown"
+ENV BUILD_SHA=${BUILD_SHA}
+
+EXPOSE 80
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://localhost/ || exit 1
+
+CMD ["nginx", "-g", "daemon off;"]