- Replace pip with uv for 10-25x faster dependency installation
- Add BuildKit cache mounts for apt and uv caches across builds
- Add non-root appuser for improved container security
- Add HEALTHCHECK directive for container orchestration
- Add curl to runtime for healthcheck support
- Remove libgl1 (unused), add syntax directive for BuildKit
- Frontend Dockerfile: split into deps/test/builder/nginx stages so npm ci
runs once (cached when package-lock.json unchanged), tests run in build
- Backend Dockerfile: add test stage that runs pytest inside the build,
eliminating separate test image build
- .drone.yml: remove separate test steps (now inside Dockerfile builds),
point cache_from/cache_repo at local registry (10.0.20.10:5000) instead
of Docker Hub for faster layer cache pulls
Add a 'test' stage to Dockerfile that extends runtime-base with the
venv and test dependencies (pytest, fakeredis, etc.) pre-installed.
Drone CI now builds and caches this image as :test, then uses it
directly for running tests — eliminating apt-get and pip install
on every build.
- Disable OpenAPI docs/redoc/openapi.json when APP_ENV=production
- Strip uvicorn Server header with --no-server-header in Dockerfile and docker-compose.yml
- Add OriginValidatorMiddleware to reject state-changing requests from disallowed origins
- Add global exception handler to prevent stack trace leakage on unhandled errors
- Add tests for all new security features (OpenAPI, origin validation, exception handler, server header)
The crawler subdirectory was the only active project. Moving it to the
repo root simplifies paths and removes the unnecessary nesting. The
vqa/ and immoweb/ directories were legacy/unused and have been removed.
Updated .drone.yml, .gitignore, .claude/ docs, and skills to reflect
the new flat structure.
