Ensure container zombie processes are reaped

[nscuro]

Description

Ensures container zombie processes are reaped.

Adds tini as init process to ensure that zombie processes (as possibly caused by health checks) to not pile up over time.

Also extends the health check's timeout by a few seconds such that the curl command (with a lower timeout) is guaranteed to complete.

Addressed Issue

Fixes #3243

Additional Details

N/A

Checklist

• I have read and understand the contributing guidelines
• This PR fixes a defect, and I have provided tests to verify that the fix is effective
• This PR implements an enhancement, and I have provided tests to verify that it works as intended
• This PR introduces changes to the database model, and I have added corresponding update logic
• This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

[owasp-dt-bot]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Copilot]

Pull request overview

This PR updates the Docker images so container zombie processes are properly reaped and the health check timeout is aligned with the curl invocation timing.

Changes:

• Add tini as the init process in both the Debian- and Alpine-based Docker images and wire it up via ENTRYPOINT.
• Adjust the Docker healthcheck timeout from 3 to 5 seconds while keeping curl’s internal --max-time 3 to ensure the check can complete reliably.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
src/main/docker/Dockerfile	Installs tini, configures it as the container ENTRYPOINT, and increases the healthcheck timeout to better accommodate curl’s max-time.
src/main/docker/Dockerfile.alpine	Installs tini on Alpine, configures it as the ENTRYPOINT, and increases the healthcheck timeout consistently with the Debian-based image.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
Report missing for 721b34a1	✅ ∅ (target: 70.00%)

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (721b34a)	Report Missing	Report Missing	Report Missing
Head commit (ba370ce)	24524	19953	81.36%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#5758)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Footnotes

1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct. ↩

[kutzi]

As far as I know, tini has been bundled with docker for a long time and you should use docker run --init to use it.
Or for docker-compose: specify 'init: true' https://docs.docker.com/reference/compose-file/services/#init

[nscuro]

@kutzi Thanks, I saw that. But unfortunately we cannot rely on all users setting that flag. I decided to err on the side of caution and just bake it into the image itself.