From 377b51f2db87c1b7c50a0266bcc4f082b568a6d2 Mon Sep 17 00:00:00 2001 From: sneak Date: Mon, 21 Jul 2025 22:13:19 +0200 Subject: [PATCH] Add Docker support for building and running the CLI tool - Add DOCKER_HOST export to Makefile for remote Docker daemon - Create multi-stage Dockerfile: - Build stage: golang:1.24-alpine with gcc, make, git - Runtime stage: alpine with ca-certificates, gnupg - Runs as non-root 'secret' user - Add Makefile targets: - docker: build container as sneak/secret - docker-run: run container interactively - Add .dockerignore to exclude build artifacts but keep .git for potential linker flags Container includes GPG support for PGP unlockers and runs on Linux, making it suitable for cross-platform testing and deployment. --- .dockerignore | 21 +++++++++++++++++++++ Dockerfile | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ Makefile | 9 +++++++++ 3 files changed, 80 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..f4ebfab --- /dev/null +++ b/.dockerignore @@ -0,0 +1,21 @@ +# Build artifacts +secret +coverage.out +*.test + +# IDE and editor files +.vscode +.idea +*.swp +*.swo +*~ + +# macOS +.DS_Store + +# Claude files +.claude/ + +# Local settings +.golangci.yml +.claude/settings.local.json \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c16f021 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,50 @@ +# Build stage +FROM golang:1.24-alpine AS builder + +# Install build dependencies +RUN apk add --no-cache \ + gcc \ + musl-dev \ + make \ + git + +# Set working directory +WORKDIR /build + +# Copy go mod files +COPY go.mod go.sum ./ + +# Download dependencies +RUN go mod download + +# Copy source code +COPY . . + +# Build the binary +RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go + +# Runtime stage +FROM alpine:latest + +# Install runtime dependencies +RUN apk add --no-cache \ + ca-certificates \ + gnupg + +# Create non-root user +RUN adduser -D -s /bin/sh secret + +# Copy binary from builder +COPY --from=builder /build/secret /usr/local/bin/secret + +# Ensure binary is executable +RUN chmod +x /usr/local/bin/secret + +# Switch to non-root user +USER secret + +# Set working directory +WORKDIR /home/secret + +# Set entrypoint +ENTRYPOINT ["secret"] \ No newline at end of file diff --git a/Makefile b/Makefile index b6dc7c0..6c55c0e 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ export CGO_ENABLED=1 +export DOCKER_HOST := ssh://root@ber1app1.local default: check @@ -23,6 +24,14 @@ lint: # Check all code quality (build + vet + lint + unit tests) check: ./secret vet lint test +# Build Docker container +docker: + docker build -t sneak/secret . + +# Run Docker container interactively +docker-run: + docker run --rm -it sneak/secret + # Clean build artifacts clean: rm -f ./secret