A FastAPI application containerized with Docker and PostgreSQL, with CI checks, image scanning, and operational documentation.
This project is a small API service packaged for local development and CI validation.
It includes:
- a multi-stage Docker build
- a local Docker Compose stack
- health, readiness, info, and metrics endpoints
- smoke tests
- GitHub Actions CI
- Trivy image scanning
- supporting operational documentation
The project runs a FastAPI application and PostgreSQL using Docker Compose.
appruns the API containerdbruns PostgreSQL on an internal Docker network- only the API is exposed on port
8000 - health, readiness, and metrics endpoints support validation and monitoring
- GitHub Actions builds, scans, and pushes the image to GHCR
For more details, see docs/architecture.md.
containerize-app/
├── app/ # FastAPI application
├── docs/ # Architecture, operations, runbook, security, testing
├── scripts/ # Setup and cleanup helpers
├── tests/smoke/ # Smoke tests
├── .github/workflows/ # CI pipeline
├── Dockerfile
├── docker-compose.yml
├── Makefile
├── pytest.ini
├── LICENSE
└── README.md
- Docker
- Docker Compose plugin
- Python 3.14+ if you want to run tests outside the container
- Trivy if you want to run the vulnerability scan locally
Start the local stack:
docker compose up -dCheck running containers:
docker compose psStop the stack:
docker compose downRun these commands after the stack is up:
curl http://localhost:8000/health
curl http://localhost:8000/ready
curl http://localhost:8000/info
curl http://localhost:8000/metrics | headLocal stack startup:
docker compose up -dRunning containers:
docker compose psHealth, readiness, and runtime info:
curl http://localhost:8000/health
curl http://localhost:8000/ready
curl http://localhost:8000/infoMetrics output:
curl http://localhost:8000/metrics | headSmoke tests:
python3 -m pip install -r app/requirements.txt pytest httpx
python3 -m pytest tests/smoke -vBuild the image:
docker build --target runtime -t containerize-app:local .Run the image scan:
trivy image --exit-code 1 --severity HIGH,CRITICAL containerize-app:localdocker compose up -d
docker compose ps
docker compose logs -f app
docker compose down
docker compose down -v
docker build --target runtime -t containerize-app:local .
python3 -m pytest tests/smoke -v
trivy image --exit-code 1 --severity HIGH,CRITICAL containerize-app:local| Endpoint | Purpose |
|---|---|
/ |
Basic app info |
/health |
Liveness check |
/ready |
Readiness check with database connectivity |
/info |
Runtime information |
/metrics |
Prometheus metrics |
The GitHub Actions workflow does the following:
- run lint and smoke tests
- build the runtime image
- scan the image with Trivy
- push the image to GHCR from
master
Workflow file: .github/workflows/ci.yml
CI pipeline result:
Published package:
- docs/architecture.md
- docs/operations.md
- docs/runbook.md
- docs/security.md
- docs/testing.md
- docs/scaling.md
- docs/cost.md
- docs/decisions.md
- The local stack uses PostgreSQL on an internal Docker network.
- The application container runs as a non-root user.
- The Compose setup uses a read-only filesystem for the app container.
- The readiness endpoint checks database connectivity, not just environment variables.
- A
Makefileis included as an optional shortcut, but the commands above are the primary documented workflow.