Add Docker support for building and running the CLI tool
- Add DOCKER_HOST export to Makefile for remote Docker daemon - Create multi-stage Dockerfile: - Build stage: golang:1.24-alpine with gcc, make, git - Runtime stage: alpine with ca-certificates, gnupg - Runs as non-root 'secret' user - Add Makefile targets: - docker: build container as sneak/secret - docker-run: run container interactively - Add .dockerignore to exclude build artifacts but keep .git for potential linker flags Container includes GPG support for PGP unlockers and runs on Linux, making it suitable for cross-platform testing and deployment.
This commit is contained in:
parent
a09fa89f30
commit
377b51f2db
21
.dockerignore
Normal file
21
.dockerignore
Normal file
@ -0,0 +1,21 @@
|
||||
# Build artifacts
|
||||
secret
|
||||
coverage.out
|
||||
*.test
|
||||
|
||||
# IDE and editor files
|
||||
.vscode
|
||||
.idea
|
||||
*.swp
|
||||
*.swo
|
||||
*~
|
||||
|
||||
# macOS
|
||||
.DS_Store
|
||||
|
||||
# Claude files
|
||||
.claude/
|
||||
|
||||
# Local settings
|
||||
.golangci.yml
|
||||
.claude/settings.local.json
|
||||
50
Dockerfile
Normal file
50
Dockerfile
Normal file
@ -0,0 +1,50 @@
|
||||
# Build stage
|
||||
FROM golang:1.24-alpine AS builder
|
||||
|
||||
# Install build dependencies
|
||||
RUN apk add --no-cache \
|
||||
gcc \
|
||||
musl-dev \
|
||||
make \
|
||||
git
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /build
|
||||
|
||||
# Copy go mod files
|
||||
COPY go.mod go.sum ./
|
||||
|
||||
# Download dependencies
|
||||
RUN go mod download
|
||||
|
||||
# Copy source code
|
||||
COPY . .
|
||||
|
||||
# Build the binary
|
||||
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
|
||||
|
||||
# Runtime stage
|
||||
FROM alpine:latest
|
||||
|
||||
# Install runtime dependencies
|
||||
RUN apk add --no-cache \
|
||||
ca-certificates \
|
||||
gnupg
|
||||
|
||||
# Create non-root user
|
||||
RUN adduser -D -s /bin/sh secret
|
||||
|
||||
# Copy binary from builder
|
||||
COPY --from=builder /build/secret /usr/local/bin/secret
|
||||
|
||||
# Ensure binary is executable
|
||||
RUN chmod +x /usr/local/bin/secret
|
||||
|
||||
# Switch to non-root user
|
||||
USER secret
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /home/secret
|
||||
|
||||
# Set entrypoint
|
||||
ENTRYPOINT ["secret"]
|
||||
9
Makefile
9
Makefile
@ -1,4 +1,5 @@
|
||||
export CGO_ENABLED=1
|
||||
export DOCKER_HOST := ssh://root@ber1app1.local
|
||||
|
||||
default: check
|
||||
|
||||
@ -23,6 +24,14 @@ lint:
|
||||
# Check all code quality (build + vet + lint + unit tests)
|
||||
check: ./secret vet lint test
|
||||
|
||||
# Build Docker container
|
||||
docker:
|
||||
docker build -t sneak/secret .
|
||||
|
||||
# Run Docker container interactively
|
||||
docker-run:
|
||||
docker run --rm -it sneak/secret
|
||||
|
||||
# Clean build artifacts
|
||||
clean:
|
||||
rm -f ./secret
|
||||
|
||||
Loading…
Reference in New Issue
Block a user