evolution-foundation · andersonlemesc · May 9, 2026
diff --git a/.env.example b/.env.example
@@ -36,6 +36,11 @@ REDIS_URL=redis://localhost:6379/1
 # SIDEKIQ CONFIGURATION (Required for background jobs)
 # =============================================================================
 SIDEKIQ_CONCURRENCY=10
+# Set to sidekiq for worker containers so Docker healthcheck validates the
+# Sidekiq process instead of probing the web /health endpoint.
+SERVICE_ROLE=web
+# Set to true to make the image healthcheck exit successfully without probing.
+DISABLE_HEALTHCHECK=false
 
 # =============================================================================
 # APPLICATION URLS (Required)

diff --git a/Dockerfile b/Dockerfile
@@ -37,6 +37,10 @@ COPY --chown=1000:1000 . .
 # Remove production-specific files that might cause issues
 RUN rm -f bin/thrust bin/docker-entrypoint
 
+# Install role-aware healthcheck before switching to the non-root user.
+COPY --chown=1000:1000 bin/healthcheck /usr/local/bin/evo-auth-healthcheck
+RUN chmod +x /usr/local/bin/evo-auth-healthcheck
+
 # Create non-root user for security
 RUN groupadd --system --gid 1000 rails && \
     useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
@@ -48,6 +52,5 @@ USER rails:rails
 # Expose port
 EXPOSE 3001
 
-# Health check
 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
-    CMD curl -f http://localhost:3001/health || exit 1
+    CMD ["/usr/local/bin/evo-auth-healthcheck"]
diff --git a/bin/healthcheck b/bin/healthcheck
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -eu
+
+if [ "${DISABLE_HEALTHCHECK:-false}" = "true" ]; then
+  exit 0
+fi
+
+if [ "${SERVICE_ROLE:-web}" = "sidekiq" ]; then
+  for cmdline in /proc/[0-9]*/cmdline; do
+    tr '\0' ' ' < "$cmdline" 2>/dev/null | grep "[s]idekiq" >/dev/null && exit 0
+  done
+
+  exit 1
+fi
+
+curl -fsS "http://127.0.0.1:${PORT:-3001}/health" >/dev/null || exit 1