refactor: use official golangci-lint image for lint stage
Restructure Dockerfile to match upaas/dnswatcher pattern: - Separate lint stage using golangci/golangci-lint:v2.1.6 image - Builder stage for tests and compilation (no lint dependency) - Add fmt-check Makefile target - Decouple test from lint in Makefile (lint runs in its own stage) - Run gofmt on all files - docker build verified passing locally
This commit is contained in:
clawbot
59
Dockerfile
59
Dockerfile
@@ -1,57 +1,44 @@
|
||||
# Build stage
|
||||
FROM golang:1.24-alpine AS builder
|
||||
# Lint stage — fast feedback on formatting and lint issues
|
||||
# golangci/golangci-lint:v2.1.6
|
||||
FROM golangci/golangci-lint:v2.1.6 AS lint
|
||||
|
||||
# Install build dependencies
|
||||
RUN apk add --no-cache \
|
||||
gcc \
|
||||
musl-dev \
|
||||
make \
|
||||
git \
|
||||
gnupg
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /build
|
||||
|
||||
# Copy go mod files
|
||||
WORKDIR /src
|
||||
COPY go.mod go.sum ./
|
||||
|
||||
# Download dependencies
|
||||
RUN go mod download
|
||||
|
||||
# Copy source code
|
||||
COPY . .
|
||||
|
||||
# Install golangci-lint for checks (binary install to avoid Go version constraints)
|
||||
RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.6
|
||||
RUN make fmt-check
|
||||
RUN make lint
|
||||
|
||||
# Run all checks (lint, vet, test, build)
|
||||
RUN make check
|
||||
# Build stage — tests and compilation
|
||||
FROM golang:1.24-alpine AS builder
|
||||
|
||||
# Build the final binary with version info
|
||||
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
|
||||
# Force BuildKit to run the lint stage
|
||||
COPY --from=lint /src/go.sum /dev/null
|
||||
|
||||
RUN apk add --no-cache gcc musl-dev make git gnupg
|
||||
|
||||
WORKDIR /build
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
|
||||
COPY . .
|
||||
|
||||
RUN make test
|
||||
RUN CGO_ENABLED=1 go build -v -ldflags "-X 'git.eeqj.de/sneak/secret/internal/cli.Version=0.1.0' -X 'git.eeqj.de/sneak/secret/internal/cli.GitCommit=$(git rev-parse HEAD)'" -o secret cmd/secret/main.go
|
||||
|
||||
# Runtime stage
|
||||
FROM alpine:latest
|
||||
|
||||
# Install runtime dependencies
|
||||
RUN apk add --no-cache \
|
||||
ca-certificates \
|
||||
gnupg
|
||||
RUN apk add --no-cache ca-certificates gnupg
|
||||
|
||||
# Create non-root user
|
||||
RUN adduser -D -s /bin/sh secret
|
||||
|
||||
# Copy binary from builder
|
||||
COPY --from=builder /build/secret /usr/local/bin/secret
|
||||
|
||||
# Ensure binary is executable
|
||||
RUN chmod +x /usr/local/bin/secret
|
||||
|
||||
# Switch to non-root user
|
||||
USER secret
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /home/secret
|
||||
|
||||
# Set entrypoint
|
||||
ENTRYPOINT ["secret"]
|
||||
ENTRYPOINT ["secret"]
|
||||
|
||||
Reference in New Issue
Block a user