create-interview-cockpit 0.17.3 → 0.18.0

package/template/client/src/infraLab.ts

@@ -1,4 +1,5 @@
 import type { InfraLabWorkspace } from "./types";
+import { ENTERPRISE_LOCAL_AUTH_LAB } from "./enterpriseLocalLab";
 
 const DEFAULT_INFRA_FILES: Record<string, string> = {
   "provider.tf": `terraform {
@@ -39,15 +40,370 @@ export const DEFAULT_INFRA_LAB: InfraLabWorkspace = {
   files: DEFAULT_INFRA_FILES,
 };
 
+export const DOCKER_DEEP_DIVE_LAB: InfraLabWorkspace = {
+  version: 1,
+  label: "Docker Deep Dive Lab",
+  provider: "docker",
+  executionMode: "docker",
+  activeFile: "compose.yaml",
+  files: {
+    "README.md": `# Docker Deep Dive Lab
+
+This lab is a small production-shaped Docker system:
+
+- **api** is a Node/Express service built from the local Dockerfile.
+- **redis** is an off-the-shelf image with a named volume.
+- **worker** reuses the same image as the api but runs a different command.
+- **labnet** demonstrates Compose service discovery: the api connects to Redis at \`redis:6379\`.
+- **port 4288** publishes the api from the container to your host browser.
+
+## First run
+
+Run these in the Console tab, one command at a time:
+
+1. \`docker version\` — confirm the Docker client and engine can talk.
+2. \`docker compose up -d --build\` — build the api image and start all services.
+3. \`docker compose ps\` — compare services, containers, health, and published ports.
+4. \`curl -s http://localhost:4288/api/ping\` — hit the container through the host port.
+5. \`docker images\` — find the image Compose built from this Dockerfile.
+6. \`docker logs docker-deep-dive-api\` — read stdout/stderr from the api container.
+7. \`docker compose exec -T api node -e "console.log(process.env.REDIS_URL)"\` — run a process inside the container.
+8. \`docker volume ls\` — notice the Redis data volume.
+9. \`docker compose down\` — stop/remove containers and the lab network.
+10. \`docker compose down -v\` — also remove the Redis volume when you want a clean slate.
+
+The console intentionally disables shell pipes/operators. Use direct commands instead of chaining.
+
+## Experiments that teach the deep parts
+
+- Change \`LAB_MESSAGE\` in compose.yaml, run \`docker compose up -d --build\`, then hit \`/api/ping\`.
+- Change the Dockerfile order and rebuild to see which layers are cached.
+- Add an environment variable to the worker only, then compare \`docker inspect docker-deep-dive-api\` and \`docker inspect docker-deep-dive-worker\`.
+- Change the host port from \`4288:3000\` to another port and observe how host networking differs from container networking.
+- Run \`docker compose down\`, start again, and verify Redis data survives because the named volume remains.
+- Run \`docker compose down -v\`, start again, and verify the Redis data resets.
+`,
+    ".dockerignore": `node_modules
+npm-debug.log
+.git
+.env
+coverage
+dist
+`,
+    Dockerfile: `# syntax=docker/dockerfile:1.7
+
+# Senior/interview insight: copy dependency manifests before source files so
+# Docker can reuse the dependency layer when only application code changes.
+FROM node:20-alpine AS deps
+WORKDIR /app
+COPY package*.json ./
+RUN npm install --omit=dev
+
+# Senior/interview insight: keep runtime images small and run as a non-root
+# user so a compromised app has less power inside the container.
+FROM node:20-alpine AS runtime
+ENV NODE_ENV=production
+ENV PORT=3000
+WORKDIR /app
+RUN addgroup -S nodeapp && adduser -S nodeapp -G nodeapp
+COPY --from=deps /app/node_modules ./node_modules
+COPY package*.json ./
+COPY src ./src
+USER nodeapp
+EXPOSE 3000
+HEALTHCHECK --interval=10s --timeout=3s --start-period=5s --retries=3 CMD node -e "fetch('http://127.0.0.1:' + (process.env.PORT || 3000) + '/api/ping').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"
+CMD ["node", "src/server.js"]
+`,
+    "compose.yaml": `name: interview-cockpit-docker-lab
+
+services:
+  api:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: interview-cockpit/docker-deep-dive-api:local
+    container_name: docker-deep-dive-api
+    ports:
+      - "4288:3000"
+    environment:
+      PORT: "3000"
+      REDIS_URL: redis://redis:6379
+      LAB_MESSAGE: "Edit me in compose.yaml, rebuild, then hit /api/ping"
+    depends_on:
+      redis:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:3000/api/ping').then(r => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))"]
+      interval: 10s
+      timeout: 3s
+      retries: 5
+    networks:
+      - labnet
+
+  worker:
+    image: interview-cockpit/docker-deep-dive-api:local
+    container_name: docker-deep-dive-worker
+    command: ["node", "src/worker.js"]
+    environment:
+      REDIS_URL: redis://redis:6379
+      WORKER_NAME: compose-worker
+    depends_on:
+      redis:
+        condition: service_healthy
+      api:
+        condition: service_started
+    networks:
+      - labnet
+
+  redis:
+    image: redis:7-alpine
+    container_name: docker-deep-dive-redis
+    command: ["redis-server", "--appendonly", "yes"]
+    volumes:
+      - redis-data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 5s
+      timeout: 3s
+      retries: 10
+    networks:
+      - labnet
+
+volumes:
+  redis-data:
+
+networks:
+  labnet:
+`,
+    "package.json": `{
+  "name": "docker-deep-dive-api",
+  "version": "1.0.0",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "start": "node src/server.js",
+    "worker": "node src/worker.js"
+  },
+  "dependencies": {
+    "@redis/client": "^1.6.1",
+    "cors": "^2.8.5",
+    "express": "^4.18.3"
+  }
+}
+`,
+    "src/server.js": `import os from "node:os";
+import express from "express";
+import cors from "cors";
+import { createClient } from "@redis/client";
+
+const app = express();
+const port = Number(process.env.PORT || 3000);
+const startedAt = new Date();
+let redis;
+let redisReady = false;
+
+app.use(cors());
+app.use(express.json());
+
+async function getRedis() {
+  if (redisReady) return redis;
+  if (!redis) {
+    redis = createClient({ url: process.env.REDIS_URL });
+    redis.on("error", (error) => {
+      redisReady = false;
+      console.error("redis error", error.message);
+    });
+  }
+  if (!redis.isOpen) await redis.connect();
+  redisReady = true;
+  return redis;
+}
+
+async function readRedis(key) {
+  try {
+    const client = await getRedis();
+    return { ok: true, value: await client.get(key) };
+  } catch (error) {
+    return { ok: false, error: error.message };
+  }
+}
+
+app.get("/", (_req, res) => {
+  res.type("html").send(\`<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <title>Docker Deep Dive API</title>
+    <style>
+      body { margin: 0; font-family: ui-sans-serif, system-ui; background: #020617; color: #dbeafe; }
+      main { max-width: 860px; margin: 0 auto; padding: 40px 24px; }
+      button, a { border: 1px solid #155e75; border-radius: 999px; background: #083344; color: #a5f3fc; padding: 10px 14px; text-decoration: none; cursor: pointer; }
+      pre { background: #0f172a; border: 1px solid #1e293b; border-radius: 16px; padding: 16px; overflow: auto; }
+      .grid { display: flex; flex-wrap: wrap; gap: 10px; margin: 20px 0; }
+      .muted { color: #94a3b8; }
+    </style>
+  </head>
+  <body>
+    <main>
+      <p class="muted">Container hostname: \${os.hostname()}</p>
+      <h1>Docker Deep Dive API</h1>
+      <p>This page is served from inside the api container and published to your host on port 4288.</p>
+      <div class="grid">
+        <button onclick="hit('/api/ping')">GET /api/ping</button>
+        <button onclick="hit('/api/redis/increment/browser')">Increment Redis counter</button>
+        <button onclick="setCache()">Set cache value</button>
+        <button onclick="hit('/api/cache/browser-demo')">Read cache value</button>
+      </div>
+      <pre id="out">Click a button to call the API.</pre>
+    </main>
+    <script>
+      async function hit(path, init) {
+        const res = await fetch(path, init);
+        document.querySelector('#out').textContent = JSON.stringify(await res.json(), null, 2);
+      }
+      function setCache() {
+        return hit('/api/cache/browser-demo', {
+          method: 'POST',
+          headers: { 'content-type': 'application/json' },
+          body: JSON.stringify({ value: 'saved from the browser at ' + new Date().toISOString() })
+        });
+      }
+    </script>
+  </body>
+</html>\`);
+});
+
+app.get("/api/ping", async (_req, res) => {
+  let hits = null;
+  let redisError = null;
+  try {
+    const client = await getRedis();
+    hits = await client.incr("api:pings");
+  } catch (error) {
+    redisError = error.message;
+  }
+
+  res.json({
+    ok: true,
+    message: process.env.LAB_MESSAGE || "hello from inside the container",
+    container: {
+      hostname: os.hostname(),
+      pid: process.pid,
+      uptimeSeconds: Math.round(process.uptime()),
+      startedAt: startedAt.toISOString(),
+    },
+    environment: {
+      NODE_ENV: process.env.NODE_ENV,
+      PORT: process.env.PORT,
+      REDIS_URL: process.env.REDIS_URL,
+    },
+    redis: {
+      connected: redisReady,
+      pingCount: hits,
+      error: redisError,
+    },
+  });
+});
+
+app.get("/api/cache/:key", async (req, res) => {
+  const result = await readRedis(\`cache:\${req.params.key}\`);
+  res.status(result.ok ? 200 : 503).json(result);
+});
+
+app.post("/api/cache/:key", async (req, res) => {
+  try {
+    const client = await getRedis();
+    const value = req.body?.value ?? \`stored at \${new Date().toISOString()}\`;
+    await client.set(\`cache:\${req.params.key}\`, String(value));
+    res.json({ ok: true, key: req.params.key, value });
+  } catch (error) {
+    res.status(503).json({ ok: false, error: error.message });
+  }
+});
+
+app.delete("/api/cache/:key", async (req, res) => {
+  try {
+    const client = await getRedis();
+    const deleted = await client.del(\`cache:\${req.params.key}\`);
+    res.json({ ok: true, key: req.params.key, deleted });
+  } catch (error) {
+    res.status(503).json({ ok: false, error: error.message });
+  }
+});
+
+app.get("/api/redis/increment/:key", async (req, res) => {
+  try {
+    const client = await getRedis();
+    const value = await client.incr(\`counter:\${req.params.key}\`);
+    res.json({ ok: true, key: req.params.key, value });
+  } catch (error) {
+    res.status(503).json({ ok: false, error: error.message });
+  }
+});
+
+app.get("/api/headers", (req, res) => {
+  res.json({ ok: true, headers: req.headers });
+});
+
+app.listen(port, "0.0.0.0", () => {
+  console.log(\`api listening on 0.0.0.0:\${port}\`);
+});
+`,
+    "src/worker.js": `import { createClient } from "@redis/client";
+
+const redisUrl = process.env.REDIS_URL;
+const workerName = process.env.WORKER_NAME || "worker";
+const client = createClient({ url: redisUrl });
+
+client.on("error", (error) => {
+  console.error(\`[\${workerName}] redis error\`, error.message);
+});
+
+await client.connect();
+console.log(\`[\${workerName}] connected to \${redisUrl}\`);
+
+setInterval(async () => {
+  const ticks = await client.incr("worker:ticks");
+  console.log(\`[\${workerName}] tick \${ticks}\`);
+}, 5000);
+`,
+  },
+};
+
+function refreshLegacyEnterpriseAuthFiles(
+  source: InfraLabWorkspace,
+  files: Record<string, string>,
+): Record<string, string> {
+  const main = files["main.tf"] ?? "";
+  const isLegacyDockerProviderBuild =
+    source.label === ENTERPRISE_LOCAL_AUTH_LAB.label &&
+    source.provider === "docker" &&
+    main.includes('resource "docker_image" "claims_api"') &&
+    main.includes('resource "docker_image" "bff"') &&
+    main.includes("docker_image.bff.image_id");
+
+  if (!isLegacyDockerProviderBuild) return files;
+
+  return {
+    ...files,
+    "README.md":
+      ENTERPRISE_LOCAL_AUTH_LAB.files["README.md"] ?? files["README.md"],
+    "variables.tf":
+      ENTERPRISE_LOCAL_AUTH_LAB.files["variables.tf"] ?? files["variables.tf"],
+    "main.tf": ENTERPRISE_LOCAL_AUTH_LAB.files["main.tf"] ?? files["main.tf"],
+  };
+}
+
 export function cloneInfraLabWorkspace(
   workspace?: InfraLabWorkspace | null,
 ): InfraLabWorkspace {
   const source = workspace ?? DEFAULT_INFRA_LAB;
   // Only seed defaults when the source has no files of its own
-  const files =
+  const sourceFiles =
     source.files && Object.keys(source.files).length > 0
       ? { ...source.files }
       : { ...DEFAULT_INFRA_FILES };
+  const files = refreshLegacyEnterpriseAuthFiles(source, sourceFiles);
   const activeFile = files[source.activeFile]
     ? source.activeFile
     : (Object.keys(files)[0] ?? "main.tf");
@@ -55,9 +411,13 @@ export function cloneInfraLabWorkspace(
   return {
     version: 1,
     label: source.label || DEFAULT_INFRA_LAB.label,
-    provider: "aws",
+    provider: source.provider === "docker" ? "docker" : "aws",
     executionMode:
-      source.executionMode === "plan-only" ? "plan-only" : "localstack",
+      source.executionMode === "docker"
+        ? "docker"
+        : source.executionMode === "plan-only"
+          ? "plan-only"
+          : "localstack",
     activeFile,
     files,
   };
@@ -65,13 +425,21 @@ export function cloneInfraLabWorkspace(
 
 export function getInfraLabFileOrder(workspace: InfraLabWorkspace): string[] {
   const preferred = [
+    "README.md",
+    "compose.yaml",
+    "docker-compose.yml",
+    "docker-compose.yaml",
+    "Dockerfile",
+    ".dockerignore",
+    "package.json",
+    "src/server.js",
+    "src/worker.js",
     "main.tf",
     "provider.tf",
     "variables.tf",
     "terraform.tfvars",
     "outputs.tf",
     "locals.tf",
-    "README.md",
   ];
   const extras = Object.keys(workspace.files)
     .filter((name) => !preferred.includes(name))
@@ -109,9 +477,13 @@ export function parseInfraLabWorkspace(raw: string): InfraLabWorkspace | null {
         typeof parsed.label === "string" && parsed.label.trim()
           ? parsed.label.trim()
           : DEFAULT_INFRA_LAB.label,
-      provider: "aws",
+      provider: parsed.provider === "docker" ? "docker" : "aws",
       executionMode:
-        parsed.executionMode === "plan-only" ? "plan-only" : "localstack",
+        parsed.executionMode === "docker"
+          ? "docker"
+          : parsed.executionMode === "plan-only"
+            ? "plan-only"
+            : "localstack",
       activeFile:
         typeof parsed.activeFile === "string"
           ? parsed.activeFile