ci: 1. added Dockerfile 2. added a workflow on PR

.dockerignore

@@ -0,0 +1,65 @@
+# Dependencies
+node_modules
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Optional npm cache directory
+.npm
+
+# Output of 'npm pack'
+*.tgz
+
+# dotenv environment variables file
+.env
+.env.test
+.env.local
+.env.production
+
+# Git
+.git
+.gitignore
+
+# Docker
+Dockerfile*
+.dockerignore
+
+# Documentation
+README.md
+*.md
+
+# IDE
+.vscode/
+.idea/
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Test files
+**/*.test.*
+**/*.spec.*
+test/
+tests/
+__tests__/
+
+# Development only files
+.eslintrc*
+.prettierrc*
+vitest.config.*
+
+# CI/CD
+.github/
+
+# Build artifacts
+build/
+dist/
+
+# Logs
+logs
+*.log

.github/workflows/ci-pr.yml

@@ -0,0 +1,57 @@
+name: CI for Pull Requests
+
+on:
+  pull_request:
+    branches:
+      - main
+    types:
+      - opened
+      - synchronize
+      - reopened
+
+# Restrict permissions to minimum required
+permissions:
+  contents: read
+  packages: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # build:
+  build-image:
+    name: Build Image
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+    - name: set up QEMU
+      uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+      with:
+        platforms: linux/amd64,linux/arm64
+
+    - name: Login Container Registry
+      uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+    - name: Build image
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64
+        push: false
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        build-args: |
+          VERSION=XXX
+          COMMIT_ID=${{ github.sha }}
+        secrets: |
+          NPM_TOKEN=${{ secrets.NPM_TOKEN }}

Dockerfile

@@ -0,0 +1,53 @@
+# syntax=docker/dockerfile:1
+
+##################
+# Stage 1: Base image with system dependencies
+##################
+FROM node:22-slim AS base
+
+# Set working directory
+WORKDIR /app
+
+# # Install build dependencies for native modules if needed
+# RUN apt-get update && apt-get install -y \
+#     python3 \
+#     make \
+#     g++ \
+#     && rm -rf /var/lib/apt/lists/*
+
+##################
+# Stage 2: Dependencies installation
+##################
+FROM base AS build
+
+# Copy package files for dependency installation
+COPY package.json package-lock.json ./
+
+# Install all dependencies
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci --ignore-scripts
+
+# Copy source code
+COPY . .
+
+# Build the application
+RUN npm run build
+
+##################
+# Stage 3: Production stage with distroless
+##################
+FROM gcr.io/distroless/nodejs22-debian12:nonroot AS production
+
+# Set working directory
+WORKDIR /app
+
+# Copy only the production dependencies
+COPY --from=build /app/dist /app/dist
+COPY --from=build /app/package.json /app/package.json
+COPY --from=build /app/package-lock.json /app/package-lock.json
+
+# Set environment variables
+ENV NODE_ENV=production
+
+# Default command for production
+CMD ["/nodejs/bin/node", "/app/dist/app.js"]