From f7f266b994a1b7d0e3b54e49e640be35b8078bf0 Mon Sep 17 00:00:00 2001
From: Astounds <kirito@disroot.org>
Date: Fri, 29 May 2026 21:28:22 -0500
Subject: Add hardened Docker support and multi-arch CI

Multi-stage Dockerfile (non-root, Tor-ready), compose file, and
entrypoints. Forgejo CI builds linux/amd64+arm64, scans with
checksum-verified Grype, and pins all actions to commit SHA.
Makefile gains venv bootstrap and docker targets; server.py gains
a --bind flag.
---
 .dockerignore | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 .dockerignore

(limited to '.dockerignore')

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..52e3395
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,54 @@
+# Git
+.git/
+.gitignore
+.gitattributes
+.gitea/
+
+# Python artifacts
+__pycache__/
+*.py[cod]
+*.so
+venv/
+.venv/
+*.egg-info/
+
+# Release / build artifacts
+yt-local/
+python/
+get-pip.py
+*.7z
+*.zip
+build/
+dist/
+
+# IDE / editors
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Testing / coverage
+.pytest_cache/
+.coverage
+htmlcov/
+tests/
+
+# Data / user config
+data/
+debug/
+settings.txt
+
+# Docs
+docs/
+*.md
+LICENSE
+
+# AI tools
+.kiro/
+.claude/
+.cursor/
+
+# Docker itself
+Dockerfile
+docker-compose*.yml
-- 
cgit v1.2.3