chore: update Docker configuration and improve health check functionality

- Added Docker health check endpoint to the FastAPI application, returning a 200 status when the app is running.
- Updated Dockerfile to include curl for health checks and modified entrypoint script to exit on errors.
- Enhanced .dockerignore and .gitignore files to exclude coverage and test artifacts.
- Updated docker-compose.prod.yml to specify version.
- Added pytest-cov as a development dependency to improve test coverage reporting.

.dockerignore

@@ -9,7 +9,6 @@ __pycache__/
 .cursor/
 *.plan.md
 data/
-.curosr/
 # Tests and dev artifacts (not needed in image)
 tests/
 .pytest_cache/

.gitignore

@@ -7,3 +7,9 @@ venv/
 data/
 *.db
 .cursor/
+# Test and coverage artifacts
+.coverage
+htmlcov/
+.pytest_cache/
+*.cover
+*.plan.md

Dockerfile

@@ -4,16 +4,17 @@
 # --- Stage 1: builder (dependencies only) ---
 FROM python:3.12-slim AS builder
 WORKDIR /app
-COPY requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
+COPY pyproject.toml ./
+COPY duty_teller/ ./duty_teller/
+RUN pip install --no-cache-dir .
 
 # --- Stage 2: runtime (minimal final image) ---
 FROM python:3.12-slim
 
 WORKDIR /app
 
-# Install gosu (drop privileges in entrypoint)
-RUN apt-get update && apt-get install -y --no-install-recommends gosu \
+# Install gosu (drop privileges in entrypoint) and curl (for HEALTHCHECK)
+RUN apt-get update && apt-get install -y --no-install-recommends gosu curl \
     && rm -rf /var/lib/apt/lists/*
 
 # Copy installed packages and console scripts from builder (no requirements.txt, no pip layer)
@@ -23,6 +24,7 @@ COPY --from=builder /usr/local/bin /usr/local/bin
 # Application code (duty_teller package + entrypoint, migrations, webapp)
 ENV PYTHONPATH=/app
 COPY main.py pyproject.toml entrypoint.sh ./
+RUN chmod +x entrypoint.sh
 COPY duty_teller/ ./duty_teller/
 COPY alembic/ ./alembic/
 COPY webapp/ ./webapp/
@@ -34,3 +36,6 @@ RUN adduser --disabled-password --gecos "" botuser \
 # Entrypoint runs as root: fix /app/data ownership (for volume mount), run migrations, then exec as botuser
 ENTRYPOINT ["/bin/sh", "./entrypoint.sh"]
 CMD ["python", "main.py"]
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD curl -f http://localhost:8080/health || exit 1

docker-compose.prod.yml

@@ -1,3 +1,5 @@
+version: "3.8"
+
 services:
   bot:
     build:

duty_teller/api/app.py

@@ -35,6 +35,14 @@ def _is_valid_calendar_token(token: str) -> bool:
 
 
 app = FastAPI(title="Duty Teller API")
+
+
+@app.get("/health", summary="Health check")
+def health() -> dict:
+    """Return 200 when the app is up. Used by Docker HEALTHCHECK."""
+    return {"status": "ok"}
+
+
 app.add_middleware(
     CORSMiddleware,
     allow_origins=config.CORS_ORIGINS,

entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
-set -e
+set -eu
 # Ensure data dir exists and is writable by botuser (volume may be root-owned)
 mkdir -p /app/data
 chown botuser:botuser /app/data

requirements-dev.txt

@@ -1,4 +1,5 @@
 -r requirements.txt
 pytest>=8.0,<9.0
 pytest-asyncio>=1.0,<2.0
+pytest-cov>=6.0,<7.0
 httpx>=0.27,<1.0

tests/test_app.py

@@ -16,6 +16,13 @@ def client():
     return TestClient(app)
 
 
+def test_health(client):
+    """Health endpoint returns 200 and status ok for Docker HEALTHCHECK."""
+    r = client.get("/health")
+    assert r.status_code == 200
+    assert r.json() == {"status": "ok"}
+
+
 def test_duties_invalid_date_format(client):
     r = client.get("/api/duties", params={"from": "2025-01-01", "to": "invalid"})
     assert r.status_code == 400