Add Docker support for building and running the CLI tool
- Add DOCKER_HOST export to Makefile for remote Docker daemon - Create multi-stage Dockerfile: - Build stage: golang:1.24-alpine with gcc, make, git - Runtime stage: alpine with ca-certificates, gnupg - Runs as non-root 'secret' user - Add Makefile targets: - docker: build container as sneak/secret - docker-run: run container interactively - Add .dockerignore to exclude build artifacts but keep .git for potential linker flags Container includes GPG support for PGP unlockers and runs on Linux, making it suitable for cross-platform testing and deployment.
This commit is contained in:
parent
a09fa89f30
commit
377b51f2db
21
.dockerignore
Normal file
21
.dockerignore
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# Build artifacts
|
||||||
|
secret
|
||||||
|
coverage.out
|
||||||
|
*.test
|
||||||
|
|
||||||
|
# IDE and editor files
|
||||||
|
.vscode
|
||||||
|
.idea
|
||||||
|
*.swp
|
||||||
|
*.swo
|
||||||
|
*~
|
||||||
|
|
||||||
|
# macOS
|
||||||
|
.DS_Store
|
||||||
|
|
||||||
|
# Claude files
|
||||||
|
.claude/
|
||||||
|
|
||||||
|
# Local settings
|
||||||
|
.golangci.yml
|
||||||
|
.claude/settings.local.json
|
||||||
50
Dockerfile
Normal file
50
Dockerfile
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
# Build stage
|
||||||
|
FROM golang:1.24-alpine AS builder
|
||||||
|
|
||||||
|
# Install build dependencies
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
gcc \
|
||||||
|
musl-dev \
|
||||||
|
make \
|
||||||
|
git
|
||||||
|
|
||||||
|
# Set working directory
|
||||||
|
WORKDIR /build
|
||||||
|
|
||||||
|
# Copy go mod files
|
||||||
|
COPY go.mod go.sum ./
|
||||||
|
|
||||||
|
# Download dependencies
|
||||||
|
RUN go mod download
|
||||||
|
|
||||||
|
# Copy source code
|
||||||
|
COPY . .
|
||||||
|
|
||||||
|
# Build the binary
|
||||||
|
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
|
||||||
|
|
||||||
|
# Runtime stage
|
||||||
|
FROM alpine:latest
|
||||||
|
|
||||||
|
# Install runtime dependencies
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
ca-certificates \
|
||||||
|
gnupg
|
||||||
|
|
||||||
|
# Create non-root user
|
||||||
|
RUN adduser -D -s /bin/sh secret
|
||||||
|
|
||||||
|
# Copy binary from builder
|
||||||
|
COPY --from=builder /build/secret /usr/local/bin/secret
|
||||||
|
|
||||||
|
# Ensure binary is executable
|
||||||
|
RUN chmod +x /usr/local/bin/secret
|
||||||
|
|
||||||
|
# Switch to non-root user
|
||||||
|
USER secret
|
||||||
|
|
||||||
|
# Set working directory
|
||||||
|
WORKDIR /home/secret
|
||||||
|
|
||||||
|
# Set entrypoint
|
||||||
|
ENTRYPOINT ["secret"]
|
||||||
9
Makefile
9
Makefile
@ -1,4 +1,5 @@
|
|||||||
export CGO_ENABLED=1
|
export CGO_ENABLED=1
|
||||||
|
export DOCKER_HOST := ssh://root@ber1app1.local
|
||||||
|
|
||||||
default: check
|
default: check
|
||||||
|
|
||||||
@ -23,6 +24,14 @@ lint:
|
|||||||
# Check all code quality (build + vet + lint + unit tests)
|
# Check all code quality (build + vet + lint + unit tests)
|
||||||
check: ./secret vet lint test
|
check: ./secret vet lint test
|
||||||
|
|
||||||
|
# Build Docker container
|
||||||
|
docker:
|
||||||
|
docker build -t sneak/secret .
|
||||||
|
|
||||||
|
# Run Docker container interactively
|
||||||
|
docker-run:
|
||||||
|
docker run --rm -it sneak/secret
|
||||||
|
|
||||||
# Clean build artifacts
|
# Clean build artifacts
|
||||||
clean:
|
clean:
|
||||||
rm -f ./secret
|
rm -f ./secret
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user