feat: implement AWS Lightsail deployment stack and add API health che…

[BeforeLights]

Summary by CodeRabbit

• New Features

  • Added API health check endpoint.
  • Added API Dockerfile and Docker Compose setup for Lightsail with reverse proxy routing.

• Documentation

  • Added comprehensive Lightsail deployment guide and example env templates.

• Configuration

  • Populated .dockerignore and updated .gitignore; added example env files and Caddy configuration.

• Tests

  • Added tests covering health endpoint and database startup sync behavior.

• Chores

  • Added npm script to build the API Docker image.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 6c81ced0-30e0-4857-9e1f-e88b629c44a5

📥 Commits

Reviewing files that changed from the base of the PR and between 20062af and 8bc5fdd.

📒 Files selected for processing (1)

• apps/api/Dockerfile

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/api/Dockerfile

---

📝 Walkthrough

Walkthrough

Adds API containerization, a Lightsail deployment stack (Caddy reverse proxy + Compose), a health endpoint, controlled database sync helpers/tests, deployment docs, and related env/example/config files.

Changes

API Containerization + Lightsail Deployment

Layer / File(s)	Summary
Data Shape / Env Templates deploy/lightsail/api.env.example, deploy/lightsail/.env.example, .gitignore, .dockerignore	Adds example env files for Lightsail and API, updates ignore rules to exclude env files/logs/deps while keeping !.env.example.
Build / Image Definition apps/api/Dockerfile, package.json	Adds a multi-stage Dockerfile for apps/api (build then runtime on node:20-alpine) and npm script docker:api to build/tag the image.
Runtime Routes & Healthcheck apps/api/src/routes/health.routes.ts	New Express router exposing GET /healthz returning { status: "ok" }.
DB Startup Logic (Core) apps/api/src/config/database-startup.ts	New getDatabaseSyncOptions(env) and syncDatabaseForStartup(sequelize, env) to centralize Sequelize sync behavior based on NODE_ENV, DB_SYNC, and DB_SYNC_ALTER.
Server Integration apps/api/src/server.ts	Mounts healthRoutes and replaces previous inline sync calls with await syncDatabaseForStartup(sequelize).
Deployment Orchestration deploy/lightsail/compose.yml, deploy/lightsail/Caddyfile	Adds Docker Compose with api (healthcheck) and caddy services; Caddy reverse-proxies /api/* (strip /api) and /healthz to api:8080, serves SPA static assets.
Tests apps/api/src/routes/_tests_/health.routes.test.ts, apps/api/src/config/_tests_/database-startup.test.ts	Adds tests for /healthz endpoint and database sync option behaviors under different env settings.
Documentation docs/deploy-lightsail.md	New Lightsail deployment guide: architecture, DNS, first-deploy, update workflow, production DB sync policy, and backup recommendations.

Sequence Diagram(s)

sequenceDiagram
    participant C as Client
    participant Caddy as Caddy (reverse proxy)
    participant API as API Container
    participant DB as Managed Postgres

    C->>Caddy: HTTP request /api/...
    Caddy->>API: reverse-proxy to api:8080 (strip /api)
    API->>DB: connect / (startup) syncDatabaseForStartup decides whether to call sequelize.sync
    API->>Caddy: HTTP response
    Caddy->>C: response

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Poem

🐰 In a burrow of code I neatly compile,
Docker layers stacked in a tidy pile.
Health checks hum, Caddy sings on the wire,
DB syncs politely when you tell it to hire.
Hop—deploy to Lightsail, and watch it smile.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat: implement AWS Lightsail deployment stack and add API health che…' accurately describes the main changes: it adds Docker/Docker Compose configuration for AWS Lightsail deployment and introduces a health check endpoint (/healthz) in the API.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex-lightsail-deploy

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[BeforeLights]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/api/Dockerfile`:
- Around line 16-30: The runtime Dockerfile runs the API as root; create or
reuse a non-root user and switch to it before CMD to harden the container:
ensure the application files under /app are owned by that non-root user (chown
/app and copied contents from the build stage), add or reuse a dedicated
user/group (e.g., addgroup/adduser or the existing "node" user in the base
image), set USER to that account, and then keep CMD ["node",
"apps/api/dist/server.js"] so the process runs unprivileged; update any RUN
steps in the Dockerfile to perform the chown prior to USER to avoid permission
issues.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ba7a3926-b1f6-46e1-a319-79e8e99bc562

📥 Commits

Reviewing files that changed from the base of the PR and between f9f17d7 and 20062af.

📒 Files selected for processing (14)

• .dockerignore
• .gitignore
• apps/api/Dockerfile
• apps/api/src/config/_tests_/database-startup.test.ts
• apps/api/src/config/database-startup.ts
• apps/api/src/routes/_tests_/health.routes.test.ts
• apps/api/src/routes/health.routes.ts
• apps/api/src/server.ts
• deploy/lightsail/.env.example
• deploy/lightsail/Caddyfile
• deploy/lightsail/api.env.example
• deploy/lightsail/compose.yml
• docs/deploy-lightsail.md
• package.json

[BeforeLights]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.