Enhance development environment and database setup

- Updated Dockerfile to include pgTAP and sqlfluff installation, along with necessary build tools.
- Modified devcontainer.json to configure run arguments and post-create commands for database initialization.
- Expanded .dockerignore and .gitignore to exclude unnecessary files and directories.
- Added SQL connection settings in VS Code settings.
- Introduced new tasks in tasks.json for database management and SQL linting.
- Updated README.md with production deployment instructions and security guidelines.
- Created flatten-sql.sh and rebuild-db.sh scripts for SQL file management and database rebuilding.
- Added initial SQL setup script for creating products table and enabling UUID extension.

Author: Vianpyro

.devcontainer/Dockerfile

@@ -1,15 +1,44 @@
-FROM alpine:latest
+FROM postgres:16.11-alpine3.23
 
-# Install common tools
-RUN apk add --no-cache bash git
+# Install common tools and build tools for pgTAP
+RUN apk add --no-cache bash git su-exec tini \
+    make gcc musl-dev postgresql-dev perl patch \
+    build-base perl-dev openssl-dev python3 py3-pip sudo \
+    && cpan TAP::Parser::SourceHandler::pgTAP
+
+# Clone pgTAP
+RUN git clone --depth 1 https://github.com/theory/pgtap
+
+# Build and install pgTAP
+WORKDIR /pgtap
+RUN make && make install
+
+# Cleanup
+WORKDIR /
+RUN rm -rf /pgtap
+
+# Install sqlfluff for SQL linting
+RUN ["/bin/bash", "-c", "pip3 --disable-pip-version-check --no-cache-dir install sqlfluff --break-system-packages"]
 
 # Setup default user
 ARG USERNAME=vscode
 ARG USER_UID=1000
 ARG USER_GID=$USER_UID
 
+# Create vscode user and add to postgres group for database access
 RUN addgroup -g $USER_GID -S $USERNAME && \
-    adduser -u $USER_UID -S -G $USERNAME -s /bin/bash $USERNAME
+    adduser -u $USER_UID -S -G $USERNAME -s /bin/bash $USERNAME && \
+    adduser $USERNAME postgres && \
+    echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME && \
+    chmod 0440 /etc/sudoers.d/$USERNAME && \
+    mkdir -p /var/lib/postgresql/data /run/postgresql && \
+    chown -R postgres:postgres /var/lib/postgresql /run/postgresql && \
+    chmod 755 /run/postgresql
+
+# Set environment variables for PostgreSQL
+ENV PGDATA=/var/lib/postgresql/data
+
+WORKDIR /workspace
 
 # Switch to the default user
 USER $USERNAME

.devcontainer/devcontainer.json

@@ -1,13 +1,30 @@
 {
-    "name": "Template Development Container",
-    "dockerFile": "Dockerfile",
+    "name": "ChocoMax Database",
+    "image": "ghcr.io/themaximousse/database-devcontainer:latest",
+    "runArgs": [
+        "--cap-add=CHOWN",
+        "--cap-add=SETGID",
+        "--cap-add=SETUID",
+        "--cap-drop=ALL",
+        "--security-opt=no-new-privileges:true"
+    ],
     "customizations": {
         "settings": {
             "terminal.integrated.shell.linux": "/bin/bash"
         },
         "vscode": {
-            "extensions": ["esbenp.prettier-vscode"]
+            "extensions": [
+                "gruntfuggly.triggertaskonsave",
+                "mtxr.sqltools",
+                "mtxr.sqltools-driver-pg"
+            ]
         }
     },
+    "otherPortsAttributes": {
+        "onAutoForward": "ignore"
+    },
+    "postCreateCommand": "initdb -D $PGDATA && pg_ctl -D $PGDATA -o '-k /run/postgresql' -l /tmp/pg.log start && createdb chocomax && pg_ctl -D $PGDATA stop",
+    "postStartCommand": "pg_ctl -D $PGDATA -o '-k /run/postgresql' -l /tmp/pg.log start",
+    "postAttachCommand": "sqlfluff fix database/ -v",
     "remoteUser": "vscode"
 }

.dockerignore

@@ -10,3 +10,14 @@ LICENSE
 # Version control
 .git
 .gitignore
+.github/
+.gitattributes
+
+# Development container
+.devcontainer/
+
+# Test files
+database/tests/
+
+# Scripts not needed in production
+scripts/

.gitignore

@@ -1,3 +1,6 @@
+# Database session files
+*.session.sql
+
 # Environments
 .env
 

.sqlfluff

@@ -0,0 +1,7 @@
+[sqlfluff]
+dialect = postgres
+max_line_length = 200
+
+[sqlfluff:layout:type:comment]
+spacing_before = single
+spacing_after = single

.vscode/settings.json

@@ -7,5 +7,23 @@
     "files.trimTrailingWhitespace": true,
     "[yaml]": {
         "editor.tabSize": 2
+    },
+    "sqltools.connections": [
+        {
+            "name": "ChocoMax",
+            "server": "localhost",
+            "driver": "PostgreSQL",
+            "port": 5432,
+            "database": "chocomax",
+            "username": "vscode",
+            "askForPassword": false,
+            "password": "postgres"
+        }
+    ],
+    "sqltools.useNodeRuntime": false,
+    "triggerTaskOnSave.tasks": {
+        "Lint SQL File": [
+            "database/**/*.sql"
+        ]
     }
 }

.vscode/tasks.json

@@ -17,6 +17,187 @@
             "runOptions": {
                 "runOn": "folderOpen"
             }
+        },
+        {
+            "label": "Start Database",
+            "type": "shell",
+            "command": "[ -S /run/postgresql/.s.PGSQL.5432 ] || pg_ctl -D $PGDATA -o '-k /run/postgresql' -l /tmp/pg.log start",
+            "problemMatcher": [],
+            "isBackground": false,
+            "presentation": {
+                "echo": true,
+                "reveal": "always",
+                "focus": false,
+                "panel": "shared"
+            }
+        },
+        {
+            "label": "Flatten SQL Files",
+            "type": "shell",
+            "command": "./scripts/flatten-sql.sh",
+            "dependsOn": [
+                "Start Database"
+            ],
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Rebuild Database",
+            "type": "shell",
+            "command": "./scripts/rebuild-db.sh",
+            "args": [
+                "${input:db_username}",
+                "${input:db_name}"
+            ],
+            "dependsOn": [
+                "Flatten SQL Files"
+            ],
+            "options": {
+                "cwd": "${workspaceFolder}"
+            },
+            "problemMatcher": [],
+            "group": {
+                "kind": "build",
+                "isDefault": false
+            }
+        },
+        {
+            "label": "Stop Database",
+            "type": "shell",
+            "command": "pg_ctl -D $PGDATA stop || true",
+            "problemMatcher": []
+        },
+        {
+            "label": "Connect to Database",
+            "type": "shell",
+            "command": "psql -h /run/postgresql -U ${input:db_username} -d ${input:db_name}",
+            "problemMatcher": [],
+            "presentation": {
+                "close": true
+            }
+        },
+        {
+            "label": "Full Database Rebuild",
+            "dependsOn": [
+                "Start Database",
+                "Flatten SQL Files",
+                "Rebuild Database"
+            ],
+            "dependsOrder": "sequence",
+            "problemMatcher": [],
+            "group": {
+                "kind": "build",
+                "isDefault": true
+            }
+        },
+        {
+            "label": "Run Unit Tests",
+            "type": "shell",
+            "command": "pg_prove -Q -d ${input:db_name} -U ${input:db_username} database/tests/*.test.sql",
+            "dependsOn": [
+                "Full Database Rebuild"
+            ],
+            "problemMatcher": [],
+            "group": {
+                "kind": "test",
+                "isDefault": true
+            }
+        },
+        {
+            "label": "Lint SQL File",
+            "type": "shell",
+            "command": "sqlfluff fix '${file}' -v",
+            "problemMatcher": [],
+            "group": {
+                "kind": "none",
+                "isDefault": true
+            },
+            "presentation": {
+                "close": true
+            }
+        },
+        {
+            "label": "Build Docker Image",
+            "type": "shell",
+            "command": "docker build -t ${input:docker_image_name} .",
+            "group": {
+                "kind": "build",
+                "isDefault": false
+            },
+            "presentation": {
+                "panel": "shared",
+                "close": true
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Run Docker Container",
+            "type": "shell",
+            "command": "docker run -d -p 5432:5432 --name ${input:docker_container_name} --env-file .env --security-opt no-new-privileges:true --cap-drop=ALL --cap-add=NET_BIND_SERVICE ${input:docker_image_name}",
+            "presentation": {
+                "panel": "shared",
+                "close": true
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Remove Docker Container",
+            "type": "shell",
+            "command": "docker stop ${input:docker_container_name} ; docker rm ${input:docker_container_name}",
+            "presentation": {
+                "panel": "shared",
+                "close": true
+            },
+            "problemMatcher": []
+        },
+        {
+            "label": "Reset Docker Container",
+            "type": "shell",
+            "dependsOn": [
+                "Remove Docker Container",
+                "Build Docker Image",
+                "Run Docker Container"
+            ],
+            "presentation": {
+                "panel": "shared",
+                "close": true
+            },
+            "dependsOrder": "sequence",
+            "problemMatcher": []
+        }
+    ],
+    "inputs": [
+        {
+            "id": "db_username",
+            "type": "promptString",
+            "description": "Enter the database username",
+            "default": "vscode"
+        },
+        {
+            "id": "db_name",
+            "type": "promptString",
+            "description": "Enter the database name",
+            "default": "chocomax"
+        },
+        {
+            "id": "docker_image_name",
+            "type": "promptString",
+            "description": "Enter the Docker image name",
+            "default": "chocomax-database-image"
+        },
+        {
+            "id": "docker_container_name",
+            "type": "promptString",
+            "description": "Enter the Docker container name",
+            "default": "chocomax-database-container"
         }
-    ]
+    ],
+    "options": {
+        "env": {
+            "FLATTEN_SQL_DIR": "${workspaceFolder}/.tmp/flattened-sql"
+        },
+        "cwd": "${workspaceFolder}"
+    }
 }

Dockerfile

@@ -0,0 +1,32 @@
+FROM postgres:16.11-alpine3.23
+
+# Remove unnecessary packages and clean up to minimize attack surface
+RUN rm -rf /var/cache/apk/*
+
+# Create necessary directories with proper permissions
+RUN mkdir -p /var/lib/postgresql/data /run/postgresql \
+    && chown -R postgres:postgres /var/lib/postgresql /run/postgresql \
+    && chmod 700 /var/lib/postgresql/data \
+    && chmod 755 /run/postgresql
+
+# Copy database files
+COPY --chown=postgres:postgres database/ /docker-entrypoint-initdb.d/
+
+# Set environment variables
+ENV PGDATA=/var/lib/postgresql/data
+
+# Security hardening
+# Drop all capabilities and add only what's needed
+# Run as non-root postgres user
+# Disable privilege escalation
+USER postgres
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
+    CMD pg_isready -U postgres || exit 1
+
+# Expose PostgreSQL port
+EXPOSE 5432
+
+# Use default postgres entrypoint (handles signals properly)
+CMD ["postgres"]