From 7b84aa345ff2d8ff996663df00cf748fcc260c01 Mon Sep 17 00:00:00 2001 From: clawbot Date: Tue, 10 Mar 2026 12:36:19 -0700 Subject: [PATCH] refactor: use official golangci-lint image for lint stage Restructure Dockerfile to match upaas/dnswatcher pattern: - Separate lint stage using golangci/golangci-lint:v2.1.6 image - Builder stage for tests and compilation (no lint dependency) - Add fmt-check Makefile target - Decouple test from lint in Makefile (lint runs in its own stage) - Run gofmt on all files - docker build verified passing locally --- Dockerfile | 59 ++++++++++++------------------ Makefile | 7 +++- internal/cli/integration_test.go | 1 + internal/secret/validation_test.go | 1 - 4 files changed, 29 insertions(+), 39 deletions(-) diff --git a/Dockerfile b/Dockerfile index 63a0210..799774e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,57 +1,44 @@ -# Build stage -FROM golang:1.24-alpine AS builder +# Lint stage — fast feedback on formatting and lint issues +# golangci/golangci-lint:v2.1.6 +FROM golangci/golangci-lint:v2.1.6 AS lint -# Install build dependencies -RUN apk add --no-cache \ - gcc \ - musl-dev \ - make \ - git \ - gnupg - -# Set working directory -WORKDIR /build - -# Copy go mod files +WORKDIR /src COPY go.mod go.sum ./ - -# Download dependencies RUN go mod download -# Copy source code COPY . . -# Install golangci-lint for checks (binary install to avoid Go version constraints) -RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.6 +RUN make fmt-check +RUN make lint -# Run all checks (lint, vet, test, build) -RUN make check +# Build stage — tests and compilation +FROM golang:1.24-alpine AS builder -# Build the final binary with version info -RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go +# Force BuildKit to run the lint stage +COPY --from=lint /src/go.sum /dev/null + +RUN apk add --no-cache gcc musl-dev make git gnupg + +WORKDIR /build +COPY go.mod go.sum ./ +RUN go mod download + +COPY . . + +RUN make test +RUN CGO_ENABLED=1 go build -v -ldflags "-X 'git.eeqj.de/sneak/secret/internal/cli.Version=0.1.0' -X 'git.eeqj.de/sneak/secret/internal/cli.GitCommit=$(git rev-parse HEAD)'" -o secret cmd/secret/main.go # Runtime stage FROM alpine:latest -# Install runtime dependencies -RUN apk add --no-cache \ - ca-certificates \ - gnupg +RUN apk add --no-cache ca-certificates gnupg -# Create non-root user RUN adduser -D -s /bin/sh secret -# Copy binary from builder COPY --from=builder /build/secret /usr/local/bin/secret - -# Ensure binary is executable RUN chmod +x /usr/local/bin/secret -# Switch to non-root user USER secret - -# Set working directory WORKDIR /home/secret -# Set entrypoint -ENTRYPOINT ["secret"] \ No newline at end of file +ENTRYPOINT ["secret"] diff --git a/Makefile b/Makefile index 87eecc0..1c5e4d3 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ build: ./secret vet: go vet ./... -test: lint vet +test: vet go test ./... || go test -v ./... fmt: @@ -26,7 +26,7 @@ fmt: lint: golangci-lint run --timeout 5m -check: build test +check: build lint test # Build Docker container docker: @@ -42,3 +42,6 @@ clean: install: ./secret cp ./secret $(HOME)/bin/secret + +fmt-check: + @test -z "$$(gofmt -l .)" || (echo "Files need formatting:" && gofmt -l . && exit 1) diff --git a/internal/cli/integration_test.go b/internal/cli/integration_test.go index 16e634c..814ef25 100644 --- a/internal/cli/integration_test.go +++ b/internal/cli/integration_test.go @@ -2285,6 +2285,7 @@ func verifyFileExists(t *testing.T, path string) { } // verifyFileNotExists checks if a file does not exist at the given path +// //nolint:unused // kept for future use func verifyFileNotExists(t *testing.T, path string) { t.Helper() diff --git a/internal/secret/validation_test.go b/internal/secret/validation_test.go index 4a4c301..9ab1909 100644 --- a/internal/secret/validation_test.go +++ b/internal/secret/validation_test.go @@ -154,4 +154,3 @@ func TestValidateGPGKeyID(t *testing.T) { }) } } -