ci: improve reproducibility and add dependency audit gate

Use lockfile-driven installs in Docker paths and add high-severity npm audit checks in CI while documenting local CORS policy for compose-based development. Made-with: Cursor
2026-04-17 08:23:34 -06:00
parent 6a4380bf42
commit 92a417c102
5 changed files with 62 additions and 4 deletions
--- a/4
+++ b/4
@@ -1,12 +1,12 @@
 FROM node:20-alpine AS api-deps
 WORKDIR /app/solver-api
 COPY solver-api/package.json solver-api/package-lock.json* ./
-RUN npm install
+RUN npm ci

 FROM node:20-alpine AS gui-deps
 WORKDIR /app/gui-ts
 COPY gui-ts/package.json gui-ts/package-lock.json* ./
-RUN npm install
+RUN npm ci

 FROM alpine:3.20 AS solver-build
 RUN apk add --no-cache build-base