🚀 feat(zitare): add Docker deployment infrastructure

- Add Dockerfile for zitare-backend (multi-stage build, port 3007)
- Add docker-entrypoint.sh for database setup
- Add zitare-backend service to docker-compose.macmini.yml
- Update matrix-zitare-bot to depend on zitare-backend
- Add zitare-backend to CI workflow (change detection + build job)

apps/zitare/apps/backend/Dockerfile

@@ -0,0 +1,84 @@
+# Build stage
+FROM node:20-alpine AS builder
+
+# Install pnpm
+RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
+
+WORKDIR /app
+
+# Copy root workspace files
+COPY pnpm-workspace.yaml ./
+COPY package.json ./
+COPY pnpm-lock.yaml ./
+
+# Copy shared packages (required dependencies)
+COPY packages/shared-drizzle-config ./packages/shared-drizzle-config
+COPY packages/shared-errors ./packages/shared-errors
+COPY packages/shared-nestjs-auth ./packages/shared-nestjs-auth
+COPY packages/shared-nestjs-health ./packages/shared-nestjs-health
+COPY packages/shared-nestjs-setup ./packages/shared-nestjs-setup
+COPY packages/shared-tsconfig ./packages/shared-tsconfig
+
+# Copy zitare content package
+COPY apps/zitare/packages/content ./apps/zitare/packages/content
+
+# Copy zitare backend
+COPY apps/zitare/apps/backend ./apps/zitare/apps/backend
+
+# Install dependencies (ignore scripts since generate-env.mjs isn't in Docker context)
+RUN pnpm install --frozen-lockfile --ignore-scripts
+
+# Build shared packages first (in dependency order)
+WORKDIR /app/packages/shared-errors
+RUN pnpm build
+
+WORKDIR /app/packages/shared-nestjs-auth
+RUN pnpm build
+
+WORKDIR /app/packages/shared-nestjs-health
+RUN pnpm build
+
+WORKDIR /app/packages/shared-nestjs-setup
+RUN pnpm build
+
+# Build zitare content package
+WORKDIR /app/apps/zitare/packages/content
+RUN pnpm build
+
+# Build the backend
+WORKDIR /app/apps/zitare/apps/backend
+RUN pnpm build
+
+# Production stage
+FROM node:20-alpine AS production
+
+# Install pnpm and postgresql-client for health checks
+RUN corepack enable && corepack prepare pnpm@9.15.0 --activate \
+    && apk add --no-cache postgresql-client
+
+WORKDIR /app
+
+# Copy everything from builder (including node_modules)
+COPY --from=builder /app/pnpm-workspace.yaml ./
+COPY --from=builder /app/package.json ./
+COPY --from=builder /app/pnpm-lock.yaml ./
+COPY --from=builder /app/node_modules ./node_modules
+COPY --from=builder /app/packages ./packages
+COPY --from=builder /app/apps/zitare ./apps/zitare
+
+# Copy entrypoint script
+COPY apps/zitare/apps/backend/docker-entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+WORKDIR /app/apps/zitare/apps/backend
+
+# Expose port
+EXPOSE 3007
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:3007/api/health || exit 1
+
+# Run entrypoint script
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["node", "dist/main.js"]

apps/zitare/apps/backend/docker-entrypoint.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+set -e
+
+echo "=== Zitare Backend Entrypoint ==="
+
+# Wait for PostgreSQL to be ready
+echo "Waiting for PostgreSQL..."
+until pg_isready -h ${DB_HOST:-postgres} -p ${DB_PORT:-5432} -U ${DB_USER:-zitare} 2>/dev/null; do
+  echo "PostgreSQL is unavailable - sleeping"
+  sleep 2
+done
+echo "PostgreSQL is up!"
+
+cd /app/apps/zitare/apps/backend
+
+# Run schema push (for development) or migrations (for production)
+if [ "$NODE_ENV" = "production" ] && [ -d "src/db/migrations/meta" ]; then
+  echo "Running database migrations..."
+  npx tsx src/db/migrate.ts
+  echo "Migrations completed!"
+else
+  echo "Pushing database schema (development mode)..."
+  npx drizzle-kit push --force
+  echo "Schema push completed!"
+fi
+
+# Run seed if seed file exists
+if [ -f "src/db/seed.ts" ]; then
+  echo "Running database seed..."
+  npx tsx src/db/seed.ts
+  echo "Seed completed!"
+fi
+
+# Execute the main command
+echo "Starting application..."
+exec "$@"