Add Dockerfile and Compose Setup for Helios

[Utkarsh9571]

This PR adds a multi-stage Dockerfile and docker-compose.yml to run Helios with 3 backend services (nginx:alpine). It mounts helios.yaml, exposes ports 8080, 9090, and 9091, and uses Docker service names for backend routing.

✅ Proxy works with ip_hash load balancing

✅ Plugin headers (X-App, X-Request-ID, X-Trace-ID) confirmed

✅ Metrics and admin API exposed

Resolves #27

[gemini-code-assist]

Summary of Changes

Hello @Utkarsh9571, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the deployability and ease of use for the Helios application by introducing comprehensive Docker support. It provides a multi-stage Dockerfile for efficient image creation and a docker-compose.yaml setup that orchestrates Helios with multiple Nginx backend services. This change allows developers to quickly spin up a complete, functional environment, streamlining testing and development workflows while ensuring the load balancer's core features operate correctly within a containerized context.

Highlights

• Dockerization: Introduced a multi-stage Dockerfile for building and packaging the Helios application, ensuring a lean runtime image suitable for containerized environments.
• Container Orchestration: Added a docker-compose.yaml file to easily set up and run Helios alongside three Nginx backend services, facilitating local development and testing of the load balancer's functionality.
• Configuration Update: Modified helios.yaml to reference backend services by their Docker Compose service names (e.g., http://backend1:80) instead of localhost addresses, aligning with the new containerized setup.
• Functional Verification: Confirmed that the proxy functions correctly with ip_hash load balancing, plugin headers (X-App, X-Request-ID, X-Trace-ID) are properly handled, and the metrics and admin APIs are exposed as expected within the Docker environment.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces Dockerization for the Helios project, including a multi-stage Dockerfile and a docker-compose.yaml file. It also updates the helios.yaml configuration to use Docker service names for backend routing. The changes are well-structured and address the stated goals of the PR. The Dockerfile uses a multi-stage build for efficiency, and the docker-compose.yaml sets up Helios with three Nginx backend services, which is a good starting point for local development and testing. The helios.yaml updates correctly reflect the new service-based addressing. Overall, the changes are good, but there are a few areas for improvement regarding Docker best practices and configuration clarity.

[gemini-code-assist]

Copying the entire current directory (COPY . .) in the build stage can lead to larger-than-necessary build contexts and images, especially if there are many unrelated files in the root directory. It's better to explicitly copy only the necessary files and directories.

COPY cmd/helios/ ./cmd/helios/
COPY internal/ ./internal/
COPY go.mod go.sum ./

[gemini-code-assist]

Using alpine:latest for the runtime image is generally acceptable for small images, but it's often better to pin to a specific version (e.g., alpine:3.18) to ensure reproducibility and prevent unexpected changes when the latest tag is updated.

FROM alpine:3.18

[gemini-code-assist]

Mounting the certs/ directory directly from the host into the container is convenient for development but might not be ideal for production environments. For production, consider using Docker secrets or a more secure method for managing TLS certificates.

      - ./certs:/app/certs:ro

[gemini-code-assist]

The depends_on directive in Docker Compose only ensures the startup order of services, but it does not wait for the services to be 'ready' (e.g., Nginx fully started and listening). For more robust dependency management, consider using wait-for-it.sh or a similar health-check based approach within your helios service's command or entrypoint.

[Utkarsh9571]

✅ Security hotspots resolved

Both SonarCloud hotspots have been addressed:

Replaced recursive COPY . . with explicit paths to avoid leaking sensitive files

Added a non-root user in the runtime stage for safer container execution

Proxy, metrics, and admin API are working as expected. The Docker setup is now secure, reproducible, and ready for team use.

[Utkarsh9571]

@0xReLogic ✅ Docker setup and security patches are complete. The failed CI checks are caused by missing go.sum during cache restore, which is unrelated to this PR’s scope. Let me know if you'd like me to patch the workflow or add a dummy file.

[0xReLogic]

Review Feedback

Thanks for working on this @Utkarsh9571. The Docker implementation is a good start, but there are several issues that need to be addressed before we can merge this PR.

Missing Requirements from Issue #27

1. .dockerignore file is missing

   • This is required to optimize the build context
   • Should exclude .git/, *.md, *.bat, test files, etc.

2. README documentation not updated

   • The issue specifically asks for a Docker deployment section in README
   • Please add documentation explaining how to use the Docker setup

3. Health checks in docker-compose.yaml

   • The issue requirements mention health checks in Docker Compose
   • Currently only using depends_on which doesn't wait for services to be healthy

Issues in Dockerfile

Line 5-6 has duplicate COPY:

COPY go.mod go.sum ./
RUN go mod download
COPY go.mod go.sum ./  # <- This is duplicated

Remove the duplicate line.

Inefficient layer caching:
The current order doesn't optimize Docker layer caching. It should be:

# Copy dependency files first
COPY go.mod go.sum ./
RUN go mod download

# Then copy source code
COPY cmd/helios ./cmd/helios
COPY internal/ ./internal

Issues in docker-compose.yaml

1. Missing health checks - Required by issue #27
2. No restart policy - Should add restart: unless-stopped
3. Backend services are empty - The nginx containers have no custom content to serve

Consider adding health checks like:

helios:
  healthcheck:
    test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/health"]
    interval: 10s
    timeout: 5s
    retries: 3

Issues in helios.yaml

The changes to helios.yaml break the existing non-Docker setup:

• Changing backend addresses from localhost:808x to backend1:80 means the config only works in Docker
• The whitespace-only changes (removing trailing spaces after comments) are unnecessary noise

My mistake in the issue template - I should have been clearer about this. Here are two options:

Option 1 (Recommended): Create helios.docker.yaml as a separate file

• Keep original helios.yaml unchanged for local development
• Create helios.docker.yaml with Docker service names
• Update Dockerfile CMD to: ["./helios", "--config", "helios.docker.yaml"]
• Update docker-compose.yaml volume to mount helios.docker.yaml

Option 2: Make helios.yaml work for both scenarios

• Use environment variable substitution in docker-compose.yaml
• But this is more complex and not recommended

I prefer Option 1 as it's cleaner and doesn't break existing workflows.

Required Changes

Before this can be merged, please:

1. Add .dockerignore file
2. Update README.md with Docker deployment instructions
3. Add health checks to docker-compose.yaml
4. Fix the duplicate COPY in Dockerfile
5. Revert changes to helios.yaml and create helios.docker.yaml instead
6. Update Dockerfile and docker-compose.yaml to use helios.docker.yaml

Let me know if you need clarification on any of these points.

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

[codescene-delta-analysis]

Gates Failed
Enforce advisory code health rules (1 file with Complex Method)

Gates Passed
5 Quality Gates Passed

See analysis details in CodeScene

Reason for failure

Enforce advisory code health rules	Violations	Code Health Impact
main.go	1 advisory rule	9.03 → 9.02	Suppress

Absence of Expected Change Pattern

• Helios/cmd/helios/main.go is usually changed with: Helios/internal/config/config.go

Quality Gate Profile: Pay Down Tech Debt
Want more control? Customize Code Health rules or catch issues early with our IDE extension and CLI tool.

[codescene-delta-analysis]

❌ Getting worse: Complex Method
main already has high cyclomatic complexity, and now it increases in Lines of Code from 125 to 127

_Suppress

[Utkarsh9571]

✅ All requested changes applied:

Docker Compose setup added with health checks and plugin routing

helios.docker.yaml created for safe config loading

Dockerfile patched with explicit COPY and non-root runtime

.dockerignore added to reduce build context and avoid secrets

🔍 Regarding CodeScene:

main.go was updated to support --config flag

This change calls config.LoadConfig, but config.go itself didn’t need modification

LOC increase is minimal and scoped to CLI flag parsing

Let me know if you'd prefer this split into smaller commits or if you'd like a refactor to reduce complexity.

[0xReLogic]

Excellent work addressing all the feedback @Utkarsh9571.

All requested changes have been implemented:

• .dockerignore added with appropriate exclusions
• README updated with comprehensive Docker deployment section
• Health checks added to docker-compose.yaml
• Dockerfile duplicate COPY fixed and layer caching optimized
• helios.docker.yaml created as separate config file
• --config flag support added to main.go
• Restart policy and proper backend configuration included

The implementation goes beyond the requirements with custom nginx configuration and detailed documentation. The whitespace changes in helios.yaml are just formatting cleanup and don't affect functionality.

Merging this PR.

[Utkarsh9571]

@0xReLogic thank you man.