From 2f15340f263d9cf3f0b12f91617fa56694b7ae39 Mon Sep 17 00:00:00 2001 From: clawbot Date: Mon, 2 Mar 2026 21:09:51 +0100 Subject: [PATCH] Split Dockerfile: pre-built golangci-lint stage for faster CI (#23) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary Splits the Dockerfile into a dedicated lint stage using the pre-built `golangci/golangci-lint:v2.10.1-alpine` Docker image, replacing the manual binary download with curl/sha256 verification. ## Changes - **Lint stage** (`AS lint`): Uses `golangci/golangci-lint:v2.10.1-alpine` pinned by sha256. Runs `make fmt-check` + `make lint`. Includes CGO deps (`build-base`, `vips-dev`, `libheif-dev`, `pkgconfig`) needed for type-checking govips imports. - **Build stage** (`AS builder`): Depends on lint stage via `COPY --from=lint /src/go.sum /dev/null`. Runs `make test` + builds the binary. Removes `curl` (no longer needed) and the manual golangci-lint download block. - **Runtime stage**: Unchanged. ## Benefits - Eliminates slow multi-arch binary download + sha256 verification step - Lint and build stages can potentially run in parallel with BuildKit - Better Docker layer caching — lint deps cached separately from build deps - All images remain pinned by sha256 with version+date comments ## Verification - `docker build .` passes: fmt-check ✅, lint (0 issues) ✅, all tests pass ✅, binary builds ✅ Closes [#18](https://git.eeqj.de/sneak/pixa/issues/18) Co-authored-by: clawbot Reviewed-on: https://git.eeqj.de/sneak/pixa/pulls/23 Co-authored-by: clawbot Co-committed-by: clawbot --- Dockerfile | 46 +++++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/Dockerfile b/Dockerfile index 48fd5ca..8609f76 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,29 @@ +# Lint stage +# golangci/golangci-lint:v2.10.1-alpine, 2026-02-17 +FROM golangci/golangci-lint:v2.10.1-alpine@sha256:33bc6b6156d4c7da87175f187090019769903d04dd408833b83083ed214b0ddf AS lint + +RUN apk add --no-cache make build-base vips-dev libheif-dev pkgconfig + +WORKDIR /src + +# Copy go mod files first for better layer caching +COPY go.mod go.sum ./ +RUN go mod download + +# Copy source code +COPY . . + +# Run formatting check and linter +RUN make fmt-check +RUN make lint + # Build stage # golang:1.25.4-alpine, 2026-02-25 FROM golang:1.25.4-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb AS builder +# Depend on lint stage passing +COPY --from=lint /src/go.sum /dev/null + ARG VERSION=dev # Install build dependencies for CGO image libraries @@ -9,25 +31,7 @@ RUN apk add --no-cache \ build-base \ vips-dev \ libheif-dev \ - pkgconfig \ - curl - -# golangci-lint v2.10.1, 2026-02-25 -# SHA-256 checksums per architecture (amd64 / arm64) -RUN set -e; \ - ARCH="$(uname -m)"; \ - if [ "$ARCH" = "aarch64" ] || [ "$ARCH" = "arm64" ]; then \ - GOARCH="arm64"; \ - HASH="6652b42ae02915eb2f9cb2a2e0cac99514c8eded8388d88ae3e06e1a52c00de8"; \ - else \ - GOARCH="amd64"; \ - HASH="dfa775874cf0561b404a02a8f4481fc69b28091da95aa697259820d429b09c99"; \ - fi; \ - curl -sSfL "https://github.com/golangci/golangci-lint/releases/download/v2.10.1/golangci-lint-2.10.1-linux-${GOARCH}.tar.gz" -o /tmp/golangci-lint.tar.gz && \ - echo "${HASH} /tmp/golangci-lint.tar.gz" | sha256sum -c - && \ - tar -xzf /tmp/golangci-lint.tar.gz -C /tmp && \ - mv "/tmp/golangci-lint-2.10.1-linux-${GOARCH}/golangci-lint" /usr/local/bin/ && \ - rm -rf /tmp/golangci-lint* + pkgconfig WORKDIR /src @@ -38,8 +42,8 @@ RUN GOTOOLCHAIN=auto go mod download # Copy source code COPY . . -# Run all checks (fmt-check, lint, test) -RUN make check +# Run tests +RUN make test # Build with CGO enabled RUN CGO_ENABLED=1 GOTOOLCHAIN=auto go build -ldflags "-X main.Version=${VERSION}" -o /pixad ./cmd/pixad