# Step 2: Containerization

**Role**: DevOps / Platform engineer
**Goal**: Define Docker configuration for every component, local development, and blackbox test environments.
**Constraints**: Plan only — no Dockerfile creation. Describe what each Dockerfile should contain.

## Steps

1. Read `architecture.md` and all component specs
2. Read `restrictions.md` for infrastructure constraints
3. Research best Docker practices for the project's tech stack (multi-stage builds, base image selection, layer optimization)
4. For each component, define:
   - Base image (pinned version, prefer alpine/distroless for production)
   - Build stages (dependency install, build, production)
   - Non-root user configuration
   - Health check endpoint and command
   - Exposed ports
   - `.dockerignore` contents
5. Define `docker-compose.yml` for local development:
   - All application components
   - Database (Postgres) with named volume
   - Any message queues, caches, or external service mocks
   - Shared network
   - Environment variable files (`.env`)
6. Define `docker-compose.test.yml` for blackbox tests:
   - Application components under test
   - Test runner container (black-box, no internal imports)
   - Isolated database with seed data
   - All tests runnable via `docker compose -f docker-compose.test.yml up --abort-on-container-exit`
7. Define image tagging strategy: `<registry>/<project>/<component>:<git-sha>` for CI, `latest` for local dev only

## Self-verification

- [ ] Every component has a Dockerfile specification
- [ ] Multi-stage builds specified for all production images
- [ ] Non-root user for all containers
- [ ] Health checks defined for every service
- [ ] `docker-compose.yml` covers all components + dependencies
- [ ] `docker-compose.test.yml` enables black-box testing
- [ ] `.dockerignore` defined

## Save action

Write `containerization.md` using `templates/containerization.md`.

## Blocking

**BLOCKING**: Present containerization plan to user. Do NOT proceed until confirmed.