Skip to content

feat: add Bun support #1531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sujitaw wants to merge 16 commits into
base: main
Choose a base branch
from
Open

feat: add Bun support #1531

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
29e4b04
feat/update package for bun
sujitaw Dec 4, 2025
5e6a2c3
feat/add bun files
sujitaw Dec 4, 2025
89b5d55
feat/resolve code rabbit comments
sujitaw Dec 4, 2025
fc884d2
feat: implement bun
KambleSahil3 Dec 18, 2025
c3a662c
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
764a872
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
79fd9ce
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
3f50e23
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
34de9a1
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
a696931
fix/type errors for bun buld in docker
sujitaw Dec 19, 2025
dcae694
feat: update dockerfiles to use bun instead of pnpm
KambleSahil3 Dec 19, 2025
7f15b01
feat: update dockerfiles to use bun instead of pnpm
KambleSahil3 Dec 19, 2025
3fc3c78
fix: agent-service dockerfile to run bun
KambleSahil3 Dec 19, 2025
dfa8b5e
merge of main
sujitaw Dec 31, 2025
6cb498a
fix:fixing minor issues
shitrerohit Jan 15, 2026
29780a0
merge of main branch
sujitaw May 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 21 additions & 26 deletions Dockerfiles/Dockerfile.agent-provisioning
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,57 +1,52 @@
# Stage 1: Build the application
FROM node:24-alpine3.21 AS build
FROM oven/bun:1.3-alpine AS build
# Install OpenSSL
RUN apk update && apk upgrade
RUN apk add --no-cache openssl
RUN set -eux \
&& apk --no-cache add \
openssh-client \
aws-cli \
docker \
docker-compose \
jq \
&& npm install -g pnpm --ignore-scripts \
&& export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
&& rm -rf /var/cache/apk/*
RUN apk update && apk upgrade && apk add --no-cache \
openssl \
openssh-client \
aws-cli \
docker \
docker-compose \
jq
Comment on lines 4 to +12
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Remove redundant apk commands.

Lines 4-5 are redundant since lines 6-12 perform another apk update && apk upgrade and also install openssl. This creates unnecessary image layers and duplicates the openssl installation.

🔎 Apply this diff to consolidate: 
 # Stage 1: Build the application
 FROM oven/bun:1.1-alpine AS build
-# Install OpenSSL
-RUN apk update && apk upgrade
-RUN apk add --no-cache openssl
+# Install required packages
 RUN apk update && apk upgrade && apk add --no-cache \
     openssl \
     openssh-client \
     aws-cli \
     docker \
     docker-compose \
     jq

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-provisioning around lines 4 to 12, the first two
RUN lines are redundant because the subsequent RUN repeats apk update && apk
upgrade and installs openssl again; remove the initial two RUN lines and
consolidate into the single RUN that performs apk update && apk upgrade && apk
add --no-cache with the full package list (openssl, openssh-client, aws-cli,
docker, docker-compose, jq) to eliminate duplicate layers and duplicate openssl
installation.


# Set the working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN pnpm i --ignore-scripts
RUN bun install

# Copy the rest of the application code
COPY . .

# Generate Prisma client
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Verify Node.js availability in the Dockerfile build environment.

Prisma works out of the box with Bun, and Node.js must be installed in the environment where you're running bunx prisma commands. While bunx prisma generate is the official approach, Docker builds with Bun have reported compatibility issues. Ensure your build image includes Node.js, or consider pre-generating the Prisma client locally and shipping it with the image. If using a Bun-only base image (e.g., oven/bun), Node.js installation may be necessary for bunx prisma generate to succeed.

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-provisioning around line 32, the RUN command
calls "bunx prisma generate" but the build image may not have Node.js available
(Bun-only bases can fail), so either ensure Node.js is installed in the image
before this step (install Node runtime + npm/node binaries or use a base image
that includes Node), or avoid running prisma generation in the container by
pre-generating the Prisma client locally and copying the generated client into
the image (or switch the build stage to a Node-based stage to run prisma
generate). Make the change by adding a step to install Node.js (or changing the
base stage) before RUN cd libs/prisma-service && bunx prisma generate, or remove
that RUN and COPY the pre-generated client into the image.

RUN ls -R /app/apps/agent-provisioning/AFJ/

# Build the user service
RUN pnpm run build agent-provisioning
RUN bun --bun run build agent-provisioning
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check packageManager configuration
echo "=== Package Manager Configuration ==="
head -20 package.json | grep -A2 '"packageManager"'
echo ""

# Check build-related scripts in package.json
echo "=== Build Scripts ==="
grep -A30 '"scripts"' package.json | grep -i build
echo ""

# Look for Dockerfile and related build context
echo "=== Checking Dockerfile structure ==="
head -50 Dockerfiles/Dockerfile.agent-provisioning
echo ""

# Search for agent-provisioning build configuration
echo "=== Looking for agent-provisioning build config ==="
find . -path ./node_modules -prune -o -name "tsconfig.json" -o -name "nx.json" -o -name "project.json" 2>/dev/null | head -20
echo ""

# Check if there are any build or monorepo configuration files
ls -la | grep -E 'nx\.json|turbo\.json|lerna\.json|pnpm-workspace|workspace' 2>/dev/null
echo ""

# Search for Node-specific APIs in agent-provisioning
echo "=== Searching for Node.js-specific patterns ==="
rg 'process\.(binding|_rawDebug|_tickCallback|env|argv|versions\[|_eval)|require\.extensions|module\._compile|Buffer\.|stream\.|crypto\.|fs\.|path\.|url\.' apps/agent-provisioning --type ts --type js -c 2>/dev/null | head -20

Repository: credebl/platform

Length of output: 1948

🏁 Script executed:

#!/bin/bash
# Get more details about the Node-specific API usage
echo "=== Checking actual imports in agent-provisioning ==="
head -20 apps/agent-provisioning/src/agent-provisioning.service.ts
head -20 apps/agent-provisioning/src/main.ts
head -20 apps/agent-provisioning/src/agent-provisioning.module.ts
echo ""

# Check the actual build script definition
echo "=== Complete package.json scripts section ==="
sed -n '/"scripts"/,/^[[:space:]]*}/p' package.json | grep -E '(build|test)' | head -30
echo ""

# Check if there's a nest config or build config for agent-provisioning
echo "=== NestJS configuration files ==="
find apps/agent-provisioning -maxdepth 2 -name "*.json" -o -name "*.config.*" 2>/dev/null | head -20
echo ""

# Check package.json for agent-provisioning workspace
echo "=== Package.json structure ==="
grep -n '"name"' package.json | head -5
echo ""

# Check if there's a workspace for agent-provisioning
cat pnpm-workspace.yaml

Repository: credebl/platform

Length of output: 4147

🏁 Script executed:

#!/bin/bash
# Check if there's a specific build script for agent-provisioning in its own package.json
echo "=== Checking agent-provisioning package.json if exists ==="
if [ -f "apps/agent-provisioning/package.json" ]; then
  cat apps/agent-provisioning/package.json | grep -A50 '"scripts"' | head -60
else
  echo "No separate package.json in agent-provisioning"
fi
echo ""

# Check the complete tsconfig for agent-provisioning
echo "=== agent-provisioning tsconfig ==="
cat apps/agent-provisioning/tsconfig.app.json
echo ""

# Verify what "build agent-provisioning" command refers to in root package.json
echo "=== Root package.json complete content (around build scripts) ==="
sed -n '1,100p' package.json | grep -A2 '"build"'
echo ""

# Check if there are any Bun-specific configurations
echo "=== Checking for bunfig.toml or bun config ==="
ls -la bunfig.toml bun.config.* 2>/dev/null || echo "No bun config files found"
echo ""

# Check if the Dockerfile.agent-provisioning is the only one or if there's a pattern
echo "=== Checking all Dockerfiles ==="
ls -la Dockerfiles/

Repository: credebl/platform

Length of output: 2038

🏁 Script executed:

#!/bin/bash
# Check if "build agent-provisioning" is a NestJS CLI command or if it's supposed to be "nest build agent-provisioning"
echo "=== Checking NestJS nest-cli.json for project config ==="
if [ -f "nest-cli.json" ]; then
  cat nest-cli.json
else
  echo "No nest-cli.json found"
fi
echo ""

# Check all Dockerfiles to see how other services handle build
echo "=== Comparing build commands across Dockerfiles ==="
grep -h "RUN.*run build\|RUN.*run nest build" Dockerfiles/* 2>/dev/null || echo "No matching build commands found in other Dockerfiles"
echo ""

# Check if there's a workspace or projects configuration
echo "=== Checking tsconfig root ==="
cat tsconfig.json | head -50
echo ""

# Verify the exact bun command syntax - does "bun --bun run build agent-provisioning" work?
echo "=== Checking Bun documentation reference in comments ==="
head -100 Dockerfiles/Dockerfile.agent-provisioning | grep -i "bun\|run\|build"

Repository: credebl/platform

Length of output: 11697

Remove --bun flag from build command to ensure Node.js API compatibility.

The --bun flag forces Bun's native runtime, bypassing Node.js compatibility. The agent-provisioning service uses Node.js-specific APIs (fs, child_process, process.env) and should use Bun's compatibility mode instead. Additionally, this is the only service in the repository using --bun—all others use pnpm run build (the primary package manager per the team's configuration). Change to RUN bun run build agent-provisioning to maintain consistency and compatibility.

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-provisioning around line 36, the build uses "RUN
bun --bun run build agent-provisioning" which forces Bun's native runtime and
breaks Node.js API compatibility; replace the command with "RUN bun run build
agent-provisioning" (or align with other services using "pnpm run build
agent-provisioning" if preferred) so the build runs in Bun's Node-compatibility
mode and matches repository conventions.


# Stage 2: Create the final image
FROM node:24-alpine3.21
FROM oven/bun:1.3-alpine AS prod
# Install OpenSSL
RUN apk update && apk upgrade
RUN apk add --no-cache openssl
RUN set -eux \
&& apk --no-cache add \
openssh-client \
aws-cli \
docker \
docker-compose \
jq \
&& npm install -g pnpm --ignore-scripts \
&& export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
&& rm -rf /var/cache/apk/*
RUN apk update && apk upgrade && apk add --no-cache \
openssl \
openssh-client \
aws-cli \
docker \
docker-compose \
jq
Comment on lines 41 to +49
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Remove redundant apk commands in prod stage.

Same issue as the build stage: lines 41-42 are redundant since lines 43-49 perform another apk update && apk upgrade and also install openssl.

🔎 Apply this diff to consolidate: 
 # Stage 2: Create the final image
 FROM oven/bun:1.1-alpine AS prod
-# Install OpenSSL
-RUN apk update && apk upgrade
-RUN apk add --no-cache openssl
+# Install required packages
 RUN apk update && apk upgrade && apk add --no-cache \
     openssl \
     openssh-client \
     aws-cli \
     docker \
     docker-compose \
     jq

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-provisioning around lines 41 to 49, the
Dockerfile runs redundant APK commands: lines 41-42 perform "apk update && apk
upgrade" and install openssl, but lines 43-49 repeat "apk update && apk upgrade"
and reinstall openssl along with other packages. Remove the duplicate RUN lines
(41-42) and keep a single consolidated RUN that performs update/upgrade and
installs the full set of packages (openssl, openssh-client, aws-cli, docker,
docker-compose, jq) to avoid extra layers and duplication.


WORKDIR /app

Expand Down Expand Up @@ -80,4 +75,4 @@ RUN chmod 777 /app/agent-provisioning/AFJ/token
COPY libs/ ./libs/

# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/agent-provisioning/main.js"]
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-provisioning/main.js"]
42 changes: 30 additions & 12 deletions Dockerfiles/Dockerfile.agent-service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,37 @@
# Stage 1: Build the application
FROM node:24-alpine3.21 AS build
FROM oven/bun:1.3-alpine AS build
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat Dockerfiles/Dockerfile.agent-service

Repository: credebl/platform

Length of output: 1694

🏁 Script executed:

cat Dockerfiles/Dockerfile.agent-service

Repository: credebl/platform

Length of output: 1694

🏁 Script executed:

find . -name "Dockerfile.agent-service" -type f

Repository: credebl/platform

Length of output: 98

Consolidate Bun version and remove pnpm from final stage.

Bun 1.3 is current (latest 1.3.5), but address two critical issues:

  1. Pin Bun version to 1.3.5-alpine in both stages (lines 2, 33) instead of unpinned 1.3-alpine for reproducible builds
  2. Remove pnpm installation from final stage (lines 36-41): The application runs with Bun (see CMD), not pnpm. Installing pnpm contradicts the Bun migration and unnecessarily increases image size
  3. Consolidate redundant openssl in build stage: Lines 4 and 5-9 both install openssl—merge into a single apk add command
🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-service around lines 2 to 41, pin both FROM
lines to oven/bun:1.3.5-alpine (replace unpinned 1.3-alpine at line 2 and the
second stage at line 33) to ensure reproducible builds; remove the pnpm
installation commands in the final stage (lines ~36-41) since the container runs
with Bun and pnpm is unnecessary and inflates image size; and consolidate
duplicate openssl APK installs in the build stage by merging the separate apk
add calls (lines ~4 and ~5-9) into a single apk add that installs all required
packages including openssl.

# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache \
openssl \
openssh-client \
aws-cli \
docker \
docker-compose \
&& rm -rf /var/cache/apk/*
RUN npm install -g pnpm@9.15.3 --ignore-scripts
docker-compose

# Set the working directory
WORKDIR /app
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install

# Copy the rest of the application code
COPY . .
RUN cd libs/prisma-service && npx prisma generate
RUN pnpm run build agent-service
RUN pnpm prune --prod
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the user service
RUN bun --bun run build agent-service

# Stage 2: Create the final image
FROM node:24-alpine3.21
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache \
openssl \
openssh-client \
Expand All @@ -28,9 +41,14 @@ RUN apk update && apk upgrade && apk add --no-cache \
&& rm -rf /var/cache/apk/* \
&& addgroup -g 1001 -S nodejs \
&& adduser -S nextjs -u 1001
# RUN npm install -g pnpm
# Set the working directory
WORKDIR /app
COPY --from=build /app/dist/apps/agent-service/ ./dist/apps/agent-service/
COPY --from=build /app/libs/ ./libs/
COPY --from=build /app/node_modules ./node_modules
#COPY --from=build /app/package.json ./
COPY --from=build /app/node_modules ./node_modules
USER nextjs
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deployy && cd ../.. && node dist/apps/agent-service/main.js"]

# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-service/main.js"]
38 changes: 28 additions & 10 deletions Dockerfiles/Dockerfile.api-gateway
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,44 @@
# Stage 1: Build the application
FROM node:24-alpine3.21 AS build
FROM oven/bun:1.3-alpine as build

Check warning on line 2 in Dockerfiles/Dockerfile.api-gateway

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Replace "as" with upper case format "AS". 


See more on https://sonarcloud.io/project/issues?id=credebl_platform&issues=AZ370S41X2zOM1zCwg-l&open=AZ370S41X2zOM1zCwg-l&pullRequest=1531
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use uppercase AS for the build stage alias.

-FROM oven/bun:1.3-alpine as build
+FROM oven/bun:1.3-alpine AS build
🧰 Tools
🪛 GitHub Check: SonarCloud Code Analysis

[warning] 2-2: Replace "as" with upper case format "AS".

See more on https://sonarcloud.io/project/issues?id=credebl_platform&issues=AZ370S41X2zOM1zCwg-l&open=AZ370S41X2zOM1zCwg-l&pullRequest=1531

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.api-gateway` at line 2, Update the Dockerfile FROM
line to use an uppercase stage alias: change the build stage alias from the
lowercase "as build" to use "AS build" so the stage identifier (build) is
defined with the canonical uppercase AS token in the FROM instruction.

# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache openssl \
&& rm -rf /var/cache/apk/*
RUN npm install -g pnpm@9.15.3 --ignore-scripts
# Set the working directory
WORKDIR /app
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
# COPY package-lock.json ./

ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install
Comment on lines +9 to +18
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop pnpm-workspace.yaml.

Consistent with the other Dockerfiles: pin install to the lockfile and remove the now-redundant pnpm workspace file (workspaces moved to root package.json).

🔧 Proposed fix 
 COPY package.json ./
 COPY bun.lock ./
-COPY pnpm-workspace.yaml ./
-# COPY package-lock.json ./
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 
-RUN bun install
+RUN bun install --frozen-lockfile
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
# COPY package-lock.json ./
ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts
# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install
# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
ENV PUPPETEER_SKIP_DOWNLOAD=true
# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install --frozen-lockfile
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.api-gateway` around lines 9 - 18, Remove the
now-redundant COPY pnpm-workspace.yaml ./ line and pin installs to the lockfile
by changing the install command from RUN bun install to RUN bun install
--frozen-lockfile; specifically, delete the COPY pnpm-workspace.yaml ./ entry
and update the RUN bun install invocation so the build uses the lockfile
consistently.


# Copy the rest of the application code
COPY . .
RUN cd libs/prisma-service && npx prisma generate
RUN pnpm run build api-gateway
RUN pnpm prune --prod
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the api-gateway service
RUN bun --bun run build api-gateway

# Stage 2: Create the final image
FROM node:24-alpine3.21
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache openssl \
&& rm -rf /var/cache/apk/* \
&& addgroup -g 1001 -S nodejs \
&& adduser -S nextjs -u 1001
# Set the working directory
WORKDIR /app
COPY --from=build /app/dist/apps/api-gateway/ ./dist/apps/api-gateway/
COPY --from=build /app/libs/ ./libs/
COPY --from=build /app/node_modules ./node_modules
COPY --from=build /app/node_modules ./node_modules
# COPY --from=build /app/uploadedFiles ./uploadedFiles
USER nextjs
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && cd ../.. && node dist/apps/api-gateway/main.js"]

# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/api-gateway/main.js"]
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

Is NestJS officially supported on the Bun runtime in 2025, including @nestjs/microservicesNATS transport,@nestjs/platform-socket.io, and @nestjs/bull? Any known incompatibilities?

💡 Result:

No, NestJS is not officially supported on the Bun runtime in 2025 or as of 2026-05-06. NestJS maintainers have explicitly stated they focus on Node.js and will not tweak the framework specifically for Bun, though it may work due to Bun's Node.js compatibility claims [1]. Bun maintainers confirm NestJS "works in Bun" for core functionality but advise filing issues for specific library incompatibilities [2]. For the specified packages: - @nestjs/microservices NATS transport: Potential issues with NATS client connections on Bun, including flaky or failed connects reported in open issues [3]. No official compatibility confirmation. - @nestjs/platform-socket.io: Socket.IO requires a Bun-specific engine (@socket.io/bun-engine) for optimal performance with Bun's native HTTP server; standard Node polyfill may cause disconnections [4][5][6]. - @nestjs/bull: No direct incompatibilities found; uses BullMQ which is Node-compatible, but untested specifically on Bun [7][8]. Known incompatibilities include build issues with optional requires (e.g., microservices/websockets) during bundling [9][10], reflector/DI resolution problems [11], dev mode flakiness [12], and runtime differences in crypto/TLS affecting related libs [13][3]. Community reports successful production use with workarounds, but expect testing and potential fixes [14][15]. Official NestJS docs specify Node.js [16][17].

Citations:

Switch to Node runtime or comprehensively test Bun support before shipping.

Using bun --bun to run NestJS is not recommended: NestJS is not officially supported on Bun as of 2026, and its maintainers will not optimize for it. Known incompatibilities include:

  • @nestjs/microservices NATS transport: Flaky or failed connections reported on Bun; no official compatibility.
  • @nestjs/platform-socket.io: Requires Bun-specific @socket.io/bun-engine for stability; standard Node polyfill may cause disconnections.
  • @nestjs/bull: Untested on Bun.

If Bun runtime is intentional, verify the API gateway end-to-end (HTTP + WebSocket, microservice NATS transport, Bull jobs, persistence with PostgreSQL). Otherwise, use node dist/apps/api-gateway/main.js and keep Bun only for build and install steps.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.api-gateway` at line 44, The Docker CMD currently
launches the NestJS API gateway with Bun ("bun --bun
dist/apps/api-gateway/main.js"), which is unsupported; update the Docker CMD so
the runtime uses Node (e.g., replace "bun --bun dist/apps/api-gateway/main.js"
with "node dist/apps/api-gateway/main.js") and keep Bun only for build/install
steps (the earlier bunx prisma commands are fine), or if you intentionally want
Bun, run a comprehensive end-to-end test matrix (HTTP, WebSocket,
`@nestjs/microservices` NATS transport, `@nestjs/platform-socket.io`, `@nestjs/bull`,
Postgres persistence) before shipping and document that decision.

37 changes: 27 additions & 10 deletions Dockerfiles/Dockerfile.cloud-wallet
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,43 @@
# Stage 1: Build the application
FROM node:24-alpine3.21 AS build
FROM oven/bun:1.3-alpine AS build
# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache openssl \
&& rm -rf /var/cache/apk/*
RUN npm install -g pnpm@9.15.3 --ignore-scripts
# Set the working directory
WORKDIR /app
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install
Comment on lines +9 to +17
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop the obsolete pnpm-workspace.yaml copy.

Same concerns as Dockerfile.connection: bun install should run with --frozen-lockfile for reproducible images, and pnpm-workspace.yaml is redundant now that the root package.json declares "workspaces".

🔧 Proposed fix 
 # Copy package.json and package-lock.json
 COPY package.json ./
 COPY bun.lock ./
-COPY pnpm-workspace.yaml ./
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 
 # Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN bun install
+RUN bun install --frozen-lockfile
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.cloud-wallet` around lines 9 - 17, The Dockerfile
currently copies pnpm-workspace.yaml unnecessarily and runs "bun install"
without locking; remove the "COPY pnpm-workspace.yaml ./" step and change the
"RUN bun install" invocation to use the frozen lock option (i.e., run bun
install --frozen-lockfile) so image builds are reproducible; keep the existing
ENV PUPPETEER_SKIP_DOWNLOAD setting and ensure bun.lock and package.json remain
copied as shown.


# Copy the rest of the application code
COPY . .
RUN cd libs/prisma-service && npx prisma generate
RUN pnpm run build cloud-wallet
RUN pnpm prune --prod
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the user service
RUN bun --bun run build cloud-wallet

# Stage 2: Create the final image
FROM node:24-alpine3.21
FROM oven/bun:1.3-alpine

RUN apk update && apk upgrade && apk add --no-cache openssl \
&& rm -rf /var/cache/apk/* \
&& addgroup -g 1001 -S nodejs \
&& adduser -S nextjs -u 1001
# Set the working directory
WORKDIR /app
COPY --from=build /app/dist/apps/cloud-wallet/ ./dist/apps/cloud-wallet/
COPY --from=build /app/libs/ ./libs/
COPY --from=build /app/node_modules ./node_modules
#COPY --from=build /app/package.json ./
COPY --from=build /app/node_modules ./node_modules

USER nextjs
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && cd ../.. && node dist/apps/cloud-wallet/main.js"]
# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/cloud-wallet/main.js"]
41 changes: 31 additions & 10 deletions Dockerfiles/Dockerfile.connection
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,47 @@
# Stage 1: Build the application
FROM node:24-alpine3.21 AS build
FROM oven/bun:1.3-alpine as build

Check warning on line 2 in Dockerfiles/Dockerfile.connection

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Replace "as" with upper case format "AS". 


See more on https://sonarcloud.io/project/issues?id=credebl_platform&issues=AZ370S72X2zOM1zCwg-p&open=AZ370S72X2zOM1zCwg-p&pullRequest=1531
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use uppercase AS for the build stage alias.

SonarCloud flagged this; per Dockerfile best practices and consistency with Dockerfile.webhook / Dockerfile.cloud-wallet in this same PR, use uppercase.

-FROM oven/bun:1.3-alpine as build
+FROM oven/bun:1.3-alpine AS build
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM oven/bun:1.3-alpine as build
FROM oven/bun:1.3-alpine AS build
🧰 Tools
🪛 GitHub Check: SonarCloud Code Analysis

[warning] 2-2: Replace "as" with upper case format "AS".

See more on https://sonarcloud.io/project/issues?id=credebl_platform&issues=AZ370S72X2zOM1zCwg-p&open=AZ370S72X2zOM1zCwg-p&pullRequest=1531

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.connection` at line 2, Replace the lowercase stage
alias keyword in the Docker FROM line: change "FROM oven/bun:1.3-alpine as
build" to use uppercase "AS" so it reads "FROM oven/bun:1.3-alpine AS build";
update the stage alias usage (the "build" stage reference) consistently if
referenced elsewhere in the same Dockerfile to match the uppercase convention.

# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache openssl \
&& rm -rf /var/cache/apk/*
RUN npm install -g pnpm@9.15.3 --ignore-scripts
# Set the working directory
WORKDIR /app
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
#COPY package-lock.json ./

ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install
Comment on lines +9 to +18
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify workspaces are declared in root package.json and pnpm-workspace.yaml is no longer authoritative
rg -nP '"workspaces"' package.json -C2
fd -HI -t f -d 2 '^pnpm-workspace\.yaml$'

Repository: credebl/platform

Length of output: 176

🏁 Script executed:

# Search for references to pnpm-workspace.yaml in the codebase
rg 'pnpm-workspace' --type-list | head -5
rg 'pnpm-workspace' -g '!node_modules' -g '!.git'

# Check the Dockerfile context - look for other Dockerfiles and build configuration
fd -HI -t f -name 'Dockerfile*' | head -20

# Check if --frozen-lockfile is referenced in relation to bun in the repo
rg 'frozen-lockfile|frozen.lock' -t dockerfile

Repository: credebl/platform

Length of output: 2000

🏁 Script executed:

# Get full content of Dockerfile.connection to understand the build context
cat Dockerfiles/Dockerfile.connection

# Check if there's any pnpm reference in Dockerfile.connection
rg 'pnpm' Dockerfiles/Dockerfile.connection

# Verify bun install --frozen-lockfile is correct syntax by checking if it's used elsewhere
rg 'frozen-lockfile' 
rg 'bun install' Dockerfiles/ -A1 -B1

# Check what pnpm-workspace.yaml contains
head -30 pnpm-workspace.yaml

Repository: credebl/platform

Length of output: 5519

🏁 Script executed:

# Verify bun install --frozen-lockfile syntax - check Bun documentation or existing usage
web_search "bun install --frozen-lockfile"

# Also check if there's a bun.lock pattern in any documentation or CI files
rg 'bun.lock' --type-list 2>/dev/null || rg 'bun.lock' -g '*.md' -g '*.yml' -g '*.yaml' -g '*.json'

# Check if there are any CI/build scripts that reference bun with frozen-lockfile
fd -HI -t f \( -name '*.yml' -o -name '*.yaml' -o -name '*.sh' \) | head -20

Repository: credebl/platform

Length of output: 340

🌐 Web query:

bun install --frozen-lockfile syntax and usage

💡 Result:

The syntax for using the --frozen-lockfile flag with bun install is: bun install --frozen-lockfile[1][2] This flag ensures reproducible installs by installing the exact versions of each package specified in the bun.lock lockfile. If the package.json disagrees with the lockfile (e.g., due to version range changes or other mismatches), Bun will exit with an error like "error: lockfile had changes, but lockfile is frozen" and will not update the lockfile[1][3][4]. It is particularly useful in CI/CD environments to verify that the lockfile is up-to-date and committed to version control. The bun.lock must be present and committed for this to work reliably[1]. Equivalent configuration in bunfig.toml: [install] frozenLockfile = true[1] Note: Some past bugs in monorepos or with pruned workspaces could cause false "changes" errors even when the lockfile was unchanged, but official docs confirm the intended behavior[1][3][4][5]. For lockfile-only generation with frozen check during migration: bun install --save-text-lockfile --frozen-lockfile --lockfile-only[6].

Citations:

Add --frozen-lockfile to bun install and remove pnpm-workspace.yaml copy from this Dockerfile.

Two issues in the dependency-install layer:

  1. bun install without --frozen-lockfile may regenerate bun.lock during the image build, breaking reproducibility for CI/CD. The flag ensures the exact versions in the lockfile are installed without modification.
  2. Workspaces are declared in package.json (via the "workspaces" field), making pnpm-workspace.yaml unnecessary for Bun. Copying it creates a misleading dependency on a pnpm-specific file.
🔧 Proposed fix 
 # Copy package.json and package-lock.json
 COPY package.json ./
 COPY bun.lock ./
-COPY pnpm-workspace.yaml ./
-#COPY package-lock.json ./
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 
 # Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN bun install
+RUN bun install --frozen-lockfile
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.connection` around lines 9 - 18, Remove the line that
copies pnpm-workspace.yaml (do not copy pnpm-workspace.yaml into the image) and
modify the dependency install invocation so the RUN bun install command uses the
--frozen-lockfile flag to prevent lockfile regeneration; locate the COPY
pnpm-workspace.yaml statement and the RUN bun install statement in the
Dockerfile (near the PUPPETEER_SKIP_DOWNLOAD ENV) and update accordingly.


# Copy the rest of the application code
COPY . .
RUN cd libs/prisma-service && npx prisma generate
RUN pnpm run build connection
RUN pnpm prune --prod
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the connection service
RUN bun --bun run build connection

# Stage 2: Create the final image
FROM node:24-alpine3.21
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache openssl \
&& rm -rf /var/cache/apk/* \
&& addgroup -g 1001 -S nodejs \
&& adduser -S nextjs -u 1001
# RUN npm install -g pnpm
# Set the working directory
WORKDIR /app
COPY --from=build /app/dist/apps/connection/ ./dist/apps/connection/
COPY --from=build /app/libs/ ./libs/
COPY --from=build /app/node_modules ./node_modules
#COPY --from=build /app/package.json ./
COPY --from=build /app/node_modules ./node_modules

# Install production dependencies for the final image
#RUN npm i --only=production
USER nextjs
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && cd ../.. && node dist/apps/connection/main.js"]
# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/connection/main.js"]
41 changes: 31 additions & 10 deletions Dockerfiles/Dockerfile.geolocation
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,47 @@
# Stage 1: Build the application
FROM node:24-alpine3.21 AS build
FROM oven/bun:1.3-alpine as build

Check warning on line 2 in Dockerfiles/Dockerfile.geolocation

View check run for this annotation

SonarQubeCloud / SonarCloud Code Analysis

Replace "as" with upper case format "AS". 


See more on https://sonarcloud.io/project/issues?id=credebl_platform&issues=AZ370S0fX2zOM1zCwg-i&open=AZ370S0fX2zOM1zCwg-i&pullRequest=1531
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use uppercase AS for the build stage alias.

-FROM oven/bun:1.3-alpine as build
+FROM oven/bun:1.3-alpine AS build
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM oven/bun:1.3-alpine as build
FROM oven/bun:1.3-alpine AS build
🧰 Tools
🪛 GitHub Check: SonarCloud Code Analysis

[warning] 2-2: Replace "as" with upper case format "AS".

See more on https://sonarcloud.io/project/issues?id=credebl_platform&issues=AZ370S0fX2zOM1zCwg-i&open=AZ370S0fX2zOM1zCwg-i&pullRequest=1531

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.geolocation` at line 2, Change the build stage alias
to use uppercase AS: locate the Dockerfile line that reads "FROM
oven/bun:1.3-alpine as build" and update the stage declaration to "AS build" so
the FROM instruction uses the canonical uppercase alias keyword (i.e., replace
the lowercase "as" with "AS").

# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache openssl \
&& rm -rf /var/cache/apk/*
RUN npm install -g pnpm@9.15.3 --ignore-scripts
# Set the working directory
WORKDIR /app
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
#COPY package-lock.json ./

ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install
Comment on lines +9 to +18
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop the obsolete pnpm-workspace.yaml copy.

Same as the other service Dockerfiles in this PR. Pin the install to the lockfile and remove the now-redundant pnpm-workspace.yaml (workspaces are in root package.json).

🔧 Proposed fix 
 # Copy package.json and package-lock.json
 COPY package.json ./
 COPY bun.lock ./
-COPY pnpm-workspace.yaml ./
-#COPY package-lock.json ./
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 
 # Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN bun install
+RUN bun install --frozen-lockfile
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
#COPY package-lock.json ./
ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts
# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install
# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
ENV PUPPETEER_SKIP_DOWNLOAD=true
# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install --frozen-lockfile
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.geolocation` around lines 9 - 18, Remove the obsolete
workspace copy and pin installs to the lockfile: delete the COPY
pnpm-workspace.yaml ./ line and update the RUN bun install invocation (the RUN
bun install statement) to use the frozen-lockfile flag (e.g., RUN bun install
--frozen-lockfile) so installs are locked to bun.lock; keep ENV
PUPPETEER_SKIP_DOWNLOAD as-is.


# Copy the rest of the application code
COPY . .
RUN cd libs/prisma-service && npx prisma generate
RUN pnpm run build geo-location
RUN pnpm prune --prod
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the geo-location service
RUN bun --bun run build geo-location

# Stage 2: Create the final image
FROM node:24-alpine3.21
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk update && apk upgrade && apk add --no-cache openssl \
&& rm -rf /var/cache/apk/* \
&& addgroup -g 1001 -S nodejs \
&& adduser -S nextjs -u 1001
# RUN npm install -g pnpm
# Set the working directory
WORKDIR /app
COPY --from=build /app/dist/apps/geo-location/ ./dist/apps/geo-location/
COPY --from=build /app/libs/ ./libs/
COPY --from=build /app/node_modules ./node_modules
#COPY --from=build /app/package.json ./
COPY --from=build /app/node_modules ./node_modules

# Install production dependencies for the final image
#RUN npm i --only=production
USER nextjs
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && cd ../.. && node dist/apps/geo-location/main.js"]
# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/geo-location/main.js"]
Loading
Loading