simplify CI to docker build, pin all image refs by SHA
Some checks failed
check / check (push) Failing after 1m23s
Some checks failed
check / check (push) Failing after 1m23s
- Replace convoluted CI workflow (setup-go, install golangci-lint, install goimports, make check) with simple 'docker build .' per repo policy - Pin Docker base images by SHA256 hash instead of mutable tags - Pin golangci-lint and goimports by commit hash instead of @latest - Add binutils-gold for linker compatibility on alpine - Run on all pushes, not just main/PR branches
This commit is contained in:
clawbot
@@ -1,26 +1,9 @@
|
||||
name: Check
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
name: check
|
||||
on: [push]
|
||||
jobs:
|
||||
check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
||||
|
||||
- uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
|
||||
with:
|
||||
go-version-file: go.mod
|
||||
|
||||
- name: Install golangci-lint
|
||||
run: go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@5d1e709b7be35cb2025444e19de266b056b7b7ee # v2.10.1
|
||||
|
||||
- name: Install goimports
|
||||
run: go install golang.org/x/tools/cmd/goimports@009367f5c17a8d4c45a961a3a509277190a9a6f0 # v0.42.0
|
||||
|
||||
- name: Run make check
|
||||
run: make check
|
||||
check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
# actions/checkout v4.2.2, 2026-02-28
|
||||
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
|
||||
- run: docker build .
|
||||
|
||||
15
Dockerfile
15
Dockerfile
@@ -1,11 +1,13 @@
|
||||
# Build stage
|
||||
FROM golang:1.25-alpine AS builder
|
||||
# golang 1.25-alpine, 2026-02-28
|
||||
FROM golang@sha256:f6751d823c26342f9506c03797d2527668d095b0a15f1862cddb4d927a7a4ced AS builder
|
||||
|
||||
RUN apk add --no-cache git make gcc musl-dev
|
||||
RUN apk add --no-cache git make gcc musl-dev binutils-gold
|
||||
|
||||
# Install golangci-lint v2
|
||||
RUN go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest
|
||||
RUN go install golang.org/x/tools/cmd/goimports@latest
|
||||
# golangci-lint v2.10.1
|
||||
RUN go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@5d1e709b7be35cb2025444e19de266b056b7b7ee
|
||||
# goimports v0.42.0
|
||||
RUN go install golang.org/x/tools/cmd/goimports@009367f5c17a8d4c45a961a3a509277190a9a6f0
|
||||
|
||||
WORKDIR /src
|
||||
COPY go.mod go.sum ./
|
||||
@@ -20,7 +22,8 @@ RUN make check
|
||||
RUN make build
|
||||
|
||||
# Runtime stage
|
||||
FROM alpine:3.21
|
||||
# alpine 3.21, 2026-02-28
|
||||
FROM alpine@sha256:c3f8e73fdb79deaebaa2037150150191b9dcbfba68b4a46d70103204c53f4709
|
||||
|
||||
RUN apk add --no-cache ca-certificates tzdata
|
||||
|
||||
|
||||
Reference in New Issue
Block a user