sneak/pixa
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Split Dockerfile: pre-built golangci-lint stage for faster CI #23

Merged
sneak merged 1 commits from fix/issue-18-dockerfile-split into main 2026-03-02 21:09:52 +01:00
Conversation 3 Commits 1 Files Changed 1 +25 -21
clawbot commented 2026-03-02 11:15:18 +01:00
Collaborator
Copy Link

Summary

Splits the Dockerfile into a dedicated lint stage using the pre-built golangci/golangci-lint:v2.10.1-alpine Docker image, replacing the manual binary download with curl/sha256 verification.

Changes

  • Lint stage (AS lint): Uses golangci/golangci-lint:v2.10.1-alpine pinned by sha256. Runs make fmt-check + make lint. Includes CGO deps (build-base, vips-dev, libheif-dev, pkgconfig) needed for type-checking govips imports.
  • Build stage (AS builder): Depends on lint stage via COPY --from=lint /src/go.sum /dev/null. Runs make test + builds the binary. Removes curl (no longer needed) and the manual golangci-lint download block.
  • Runtime stage: Unchanged.

Benefits

  • Eliminates slow multi-arch binary download + sha256 verification step
  • Lint and build stages can potentially run in parallel with BuildKit
  • Better Docker layer caching — lint deps cached separately from build deps
  • All images remain pinned by sha256 with version+date comments

Verification

  • docker build . passes: fmt-check , lint (0 issues) , all tests pass , binary builds

Closes #18

## Summary Splits the Dockerfile into a dedicated lint stage using the pre-built `golangci/golangci-lint:v2.10.1-alpine` Docker image, replacing the manual binary download with curl/sha256 verification. ## Changes - **Lint stage** (`AS lint`): Uses `golangci/golangci-lint:v2.10.1-alpine` pinned by sha256. Runs `make fmt-check` + `make lint`. Includes CGO deps (`build-base`, `vips-dev`, `libheif-dev`, `pkgconfig`) needed for type-checking govips imports. - **Build stage** (`AS builder`): Depends on lint stage via `COPY --from=lint /src/go.sum /dev/null`. Runs `make test` + builds the binary. Removes `curl` (no longer needed) and the manual golangci-lint download block. - **Runtime stage**: Unchanged. ## Benefits - Eliminates slow multi-arch binary download + sha256 verification step - Lint and build stages can potentially run in parallel with BuildKit - Better Docker layer caching — lint deps cached separately from build deps - All images remain pinned by sha256 with version+date comments ## Verification - `docker build .` passes: fmt-check ✅, lint (0 issues) ✅, all tests pass ✅, binary builds ✅ Closes [#18](https://git.eeqj.de/sneak/pixa/issues/18) <!-- session: agent:sdlc-manager:subagent:7aac9c54-81c8-4494-94ab-0843f97a1e62 -->
clawbot added 1 commit 2026-03-02 11:15:19 +01:00
Split Dockerfile: pre-built golangci-lint stage for faster CI
All checks were successful
check / check (push) Successful in 4s
Details
7e89ec3bea 
Extract lint into a dedicated stage using the pre-built
golangci/golangci-lint:v2.10.1-alpine image instead of downloading
the binary manually with curl/sha256. This eliminates the slow
multi-arch download+verify step and leverages Docker layer caching.

Structure:
- Lint stage: runs make fmt-check + make lint (with CGO deps for
  type-checking govips imports)
- Build stage: depends on lint via COPY --from=lint, runs make test +
  builds the binary
- Runtime stage: unchanged

All images pinned by sha256 with version+date comments.

Closes #18
clawbot added the
bot
needs-review
 labels 2026-03-02 11:15:36 +01:00
clawbot commented 2026-03-02 11:15:44 +01:00
Author
Collaborator
Copy Link

Closing — split Dockerfile work was cancelled. All related issues are closed.

Closing — split Dockerfile work was cancelled. All related issues are closed.
clawbot closed this pull request 2026-03-02 11:15:44 +01:00
clawbot reopened this pull request 2026-03-02 11:16:24 +01:00
clawbot commented 2026-03-02 11:16:31 +01:00
Author
Collaborator
Copy Link

Reopening — this PR was dispatched by the SDLC manager to implement #18. The previous closure appears to have been from a stale agent run.

docker build . passes: fmt-check , lint (0 issues) , all tests pass , binary builds

Reopening — this PR was dispatched by the SDLC manager to implement [#18](https://git.eeqj.de/sneak/pixa/issues/18). The previous closure appears to have been from a stale agent run. `docker build .` passes: fmt-check ✅, lint (0 issues) ✅, all tests pass ✅, binary builds ✅ <!-- session: agent:sdlc-manager:subagent:7aac9c54-81c8-4494-94ab-0843f97a1e62 -->
clawbot closed this pull request 2026-03-02 11:16:31 +01:00
clawbot reopened this pull request 2026-03-02 11:16:54 +01:00
clawbot commented 2026-03-02 11:20:42 +01:00
Author
Collaborator
Copy Link

Review PASSED — sneak/pixa PR #23

PR: Split Dockerfile: pre-built golangci-lint stage for faster CI
Issue: #18 — Split Dockerfile: pre-built golangci-lint stage for faster CI

Checks

Check Result
Only Dockerfile modified Single file, single commit
Makefile NOT modified Unchanged
.golangci.yml NOT modified Unchanged
No test files modified/weakened No test changes
All images sha256-pinned All 3 stages pinned
CGO deps in lint stage build-base vips-dev libheif-dev pkgconfig
CGO deps in build stage Same deps present
COPY --from=lint stage dependency COPY --from=lint /src/go.sum /dev/null
Lint stage runs fmt-check + lint make fmt-check + make lint
Build stage runs tests make test
Full coverage: fmt-check + lint + test = check Equivalent to make check
curl removed from builder (no longer needed) Clean
Runtime stage unchanged No modifications
docker build . passes All stages pass
Rebase on main clean Already up to date

Summary

Clean, correct split. The lint stage uses the prebuilt golangci/golangci-lint:v2.10.1-alpine image pinned by sha256, includes CGO dependencies for type-checking govips imports, and runs make fmt-check + make lint. The build stage depends on the lint stage via COPY --from=lint, runs make test, and builds the binary. Together the two stages cover the full make check equivalent. The old manual binary download with curl/sha256 verification is cleanly replaced.

Rebased on main, docker build . passes. Marking merge-ready.

## ✅ Review PASSED — sneak/pixa PR #23 **PR:** [Split Dockerfile: pre-built golangci-lint stage for faster CI](https://git.eeqj.de/sneak/pixa/pulls/23) **Issue:** [#18 — Split Dockerfile: pre-built golangci-lint stage for faster CI](https://git.eeqj.de/sneak/pixa/issues/18) ### Checks | Check | Result | |-------|--------| | Only Dockerfile modified | ✅ Single file, single commit | | Makefile NOT modified | ✅ Unchanged | | .golangci.yml NOT modified | ✅ Unchanged | | No test files modified/weakened | ✅ No test changes | | All images sha256-pinned | ✅ All 3 stages pinned | | CGO deps in lint stage | ✅ `build-base vips-dev libheif-dev pkgconfig` | | CGO deps in build stage | ✅ Same deps present | | `COPY --from=lint` stage dependency | ✅ `COPY --from=lint /src/go.sum /dev/null` | | Lint stage runs fmt-check + lint | ✅ `make fmt-check` + `make lint` | | Build stage runs tests | ✅ `make test` | | Full coverage: fmt-check + lint + test = check | ✅ Equivalent to `make check` | | `curl` removed from builder (no longer needed) | ✅ Clean | | Runtime stage unchanged | ✅ No modifications | | `docker build .` passes | ✅ All stages pass | | Rebase on main clean | ✅ Already up to date | ### Summary Clean, correct split. The lint stage uses the prebuilt `golangci/golangci-lint:v2.10.1-alpine` image pinned by sha256, includes CGO dependencies for type-checking govips imports, and runs `make fmt-check` + `make lint`. The build stage depends on the lint stage via `COPY --from=lint`, runs `make test`, and builds the binary. Together the two stages cover the full `make check` equivalent. The old manual binary download with curl/sha256 verification is cleanly replaced. Rebased on `main`, `docker build .` passes. Marking `merge-ready`. <!-- session: agent:sdlc-manager:subagent:edd0e880-675e-4adc-9361-a5c070021ca7 -->
clawbot added
merge-ready
 and removed
needs-review
bot
 labels 2026-03-02 11:20:55 +01:00
sneak was assigned by clawbot 2026-03-02 11:20:56 +01:00
clawbot closed this pull request 2026-03-02 11:24:14 +01:00
sneak reopened this pull request 2026-03-02 21:09:31 +01:00
sneak merged commit 2f15340f26 into main 2026-03-02 21:09:52 +01:00
sneak deleted branch fix/issue-18-dockerfile-split 2026-03-02 21:09:52 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bot

Agent's turn to work

  
merge-ready

   
needs-checks

   
needs-rebase

   
needs-review

   
needs-rework
No Label
bot
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
sneak
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/pixa#23
No description provided.
Delete Branch "fix/issue-18-dockerfile-split"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?