fix(docker): add HEALTHCHECK instruction to Dockerfile#1485
fix(docker): add HEALTHCHECK instruction to Dockerfile#1485dknos wants to merge 4 commits intoNVIDIA:mainfrom
Conversation
Enables Docker and orchestrators to detect unhealthy containers and trigger automatic restarts. Also adds hadolint ignore comments for pre-existing warnings (DL3006, SC2015). Fixes NVIDIA#1430 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdded HEALTHCHECK instructions to three Dockerfiles: runtime image probes the gateway at Changes
Sequence Diagram(s)sequenceDiagram
participant DockerEngine as Docker Engine
participant Container as App Container
participant HealthProbe as HEALTHCHECK Probe
DockerEngine->>Container: start container
DockerEngine-)HealthProbe: schedule probe (interval/retries)
HealthProbe->>Container: execute probe (HTTP curl or node)
alt probe success
Container-->>HealthProbe: 2xx / exit 0
HealthProbe-->>DockerEngine: report healthy
else probe failure
Container-->>HealthProbe: non-2xx / non-zero exit
HealthProbe-->>DockerEngine: report unhealthy
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
Dockerfile (1)
177-178: Consider adding a startup grace period to reduce cold-start false negatives.A short
--start-periodtypically improves reliability when services take time to bootstrap.Proposed tweak
-HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ - CMD curl -sf http://127.0.0.1:18789/health || exit 1 +HEALTHCHECK --interval=30s --timeout=5s --start-period=45s --retries=3 \ + CMD curl -fsS http://127.0.0.1:18789/health || exit 1🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@Dockerfile` around lines 177 - 178, The Dockerfile's HEALTHCHECK currently lacks a startup grace period, causing cold-starts to be reported as failures; update the HEALTHCHECK directive that uses "HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD curl -sf http://127.0.0.1:18789/health || exit 1" to include a suitable --start-period (for example --start-period=60s or another value appropriate for your service) so Docker will wait before beginning health probes, keeping the rest of the flags intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@Dockerfile`:
- Around line 174-179: The Dockerfile change added a HEALTHCHECK block
(HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ CMD curl -sf
http://127.0.0.1:18789/health || exit 1) but the same directive must also be
added to Dockerfile.base; open Dockerfile.base and add an identical HEALTHCHECK
directive (same interval, timeout, retries and CMD curl -sf
http://127.0.0.1:18789/health || exit 1) at the analogous location where health
checks are defined in Dockerfile (near the end or after the service start/EXPOSE
steps) so both images include the same container health probe.
---
Nitpick comments:
In `@Dockerfile`:
- Around line 177-178: The Dockerfile's HEALTHCHECK currently lacks a startup
grace period, causing cold-starts to be reported as failures; update the
HEALTHCHECK directive that uses "HEALTHCHECK --interval=30s --timeout=5s
--retries=3 CMD curl -sf http://127.0.0.1:18789/health || exit 1" to include a
suitable --start-period (for example --start-period=60s or another value
appropriate for your service) so Docker will wait before beginning health
probes, keeping the rest of the flags intact.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
| # Health check: poll the gateway's /health endpoint so Docker (and Compose) | ||
| # can detect and restart unhealthy containers in standalone deployments. | ||
| # Ref: https://github.com/NVIDIA/NemoClaw/issues/1430 | ||
| HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ | ||
| CMD curl -sf http://127.0.0.1:18789/health || exit 1 | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "Dockerfiles present:"
fd -i '^Dockerfile(\.base)?$' | sort
echo
echo "HEALTHCHECK declarations by file:"
fd -i '^Dockerfile(\.base)?$' --exec rg -n '^\s*HEALTHCHECK\b' {}Repository: NVIDIA/NemoClaw
Length of output: 199
Add HEALTHCHECK to Dockerfile.base as well.
Issue #1430 requires HEALTHCHECK in both Dockerfile and Dockerfile.base. The change currently only addresses Dockerfile. Add the same HEALTHCHECK directive to Dockerfile.base at the appropriate location.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@Dockerfile` around lines 174 - 179, The Dockerfile change added a HEALTHCHECK
block (HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ CMD curl -sf
http://127.0.0.1:18789/health || exit 1) but the same directive must also be
added to Dockerfile.base; open Dockerfile.base and add an identical HEALTHCHECK
directive (same interval, timeout, retries and CMD curl -sf
http://127.0.0.1:18789/health || exit 1) at the analogous location where health
checks are defined in Dockerfile (near the end or after the service start/EXPOSE
steps) so both images include the same container health probe.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
🧹 Nitpick comments (1)
Dockerfile.base (1)
128-129: Derived test image inherits insufficient base HEALTHCHECKThe base HEALTHCHECK (lines 128-129) only validates that
nodecan execute, not that the actual service is running. The verification confirms thattest/Dockerfile.sandbox(line 8 of provided context) inherits from${BASE_IMAGE}but does not define its own HEALTHCHECK override, leaving it vulnerable to false-positive health reports.To mitigate this, either require all child images to define a service-level HEALTHCHECK probe, or parameterize the base command so inheritors can inject a meaningful healthcheck (e.g., a startup script or port check).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@Dockerfile.base` around lines 128 - 129, The base HEALTHCHECK is too superficial (only running node) and causes child images like test/Dockerfile.sandbox to inherit a false-positive probe; add a build-time argument (e.g., ARG HEALTHCHECK_CMD) and use it in the HEALTHCHECK instruction so inheritors can supply a meaningful check, or alternatively remove the base HEALTHCHECK and document that every child image must define its own HEALTHCHECK; update the HEALTHCHECK line to reference HEALTHCHECK_CMD and ensure test/Dockerfile.sandbox sets HEALTHCHECK_CMD (or defines its own HEALTHCHECK) so the probe actually validates the service.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@Dockerfile.base`:
- Around line 128-129: The base HEALTHCHECK is too superficial (only running
node) and causes child images like test/Dockerfile.sandbox to inherit a
false-positive probe; add a build-time argument (e.g., ARG HEALTHCHECK_CMD) and
use it in the HEALTHCHECK instruction so inheritors can supply a meaningful
check, or alternatively remove the base HEALTHCHECK and document that every
child image must define its own HEALTHCHECK; update the HEALTHCHECK line to
reference HEALTHCHECK_CMD and ensure test/Dockerfile.sandbox sets
HEALTHCHECK_CMD (or defines its own HEALTHCHECK) so the probe actually validates
the service.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: ee49aa74-0422-41e5-815b-0ce53bf2d577
📒 Files selected for processing (2)
DockerfileDockerfile.base
🚧 Files skipped from review as they are similar to previous changes (1)
- Dockerfile
…est image Address CodeRabbit feedback: expand the Dockerfile.base HEALTHCHECK comment to explicitly document that child images exposing services MUST override the baseline probe, and add an explicit HEALTHCHECK to test/Dockerfile.sandbox so it does not inherit a potentially service-oriented check that would produce false positives. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
🧹 Nitpick comments (1)
test/Dockerfile.sandbox (1)
89-92: Remove the redundant|| exit 1suffix.The
node -e "process.exit(0)"command already returns non-zero on failure, which Docker HEALTHCHECK treats as unhealthy. The|| exit 1adds no functional value.♻️ Suggested simplification
# Test image: no long-running service, so just verify the runtime works. # Overrides any inherited HEALTHCHECK to avoid false-positive probes. HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ - CMD node -e "process.exit(0)" || exit 1 + CMD node -e "process.exit(0)"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@test/Dockerfile.sandbox` around lines 89 - 92, The HEALTHCHECK line includes a redundant shell suffix "|| exit 1" after the command `node -e "process.exit(0)"`; remove the `|| exit 1` so the HEALTHCHECK simply runs `node -e "process.exit(0)"` (Docker already treats a non-zero exit from that command as unhealthy). Update the HEALTHCHECK invocation (the line containing HEALTHCHECK --interval=30s ... CMD node -e "process.exit(0)" || exit 1) to drop the `|| exit 1` fragment.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@test/Dockerfile.sandbox`:
- Around line 89-92: The HEALTHCHECK line includes a redundant shell suffix "||
exit 1" after the command `node -e "process.exit(0)"`; remove the `|| exit 1` so
the HEALTHCHECK simply runs `node -e "process.exit(0)"` (Docker already treats a
non-zero exit from that command as unhealthy). Update the HEALTHCHECK invocation
(the line containing HEALTHCHECK --interval=30s ... CMD node -e
"process.exit(0)" || exit 1) to drop the `|| exit 1` fragment.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 76cfeeb0-cab5-4ba0-b302-e04a4fbc653f
📒 Files selected for processing (2)
Dockerfile.basetest/Dockerfile.sandbox
✅ Files skipped from review due to trivial changes (1)
- Dockerfile.base
wscurran
added
observability
|
✨ Thanks for submitting this fix, which proposes a way to add a HEALTHCHECK instruction to the Dockerfile. This enables better container health monitoring and improves reliability in standalone deployments. Possibly related open issues: |
node -e "process.exit(0)" already returns non-zero on failure; the || exit 1 suffix adds no functional value and was flagged by CodeRabbit. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
dknos
left a comment
dknos
left a comment
There was a problem hiding this comment.
Addressed: removed the redundant || exit 1 suffix from the HEALTHCHECK in test/Dockerfile.sandbox — node -e "process.exit(0)" already returns non-zero on failure, so the extra suffix was dead code. The base image (Dockerfile.base) and main Dockerfile HEALTHCHECK instructions were added in earlier commits on this branch and remain unchanged.
3 participants
Summary
HEALTHCHECKinstruction toDockerfilefor container health monitoringTest plan
HEALTHCHECKrunsdocker inspectFixes #1430
🤖 Generated with Claude Code
Summary by CodeRabbit