ci: add Gitea Actions workflow for make check (#21)
All checks were successful
check / check (push) Successful in 26s
All checks were successful
check / check (push) Successful in 26s
Adds CI workflow that runs `make check` on push/PR to main. Co-authored-by: user <user@Mac.lan guest wan> Co-authored-by: clawbot <clawbot@eeqj.de> Reviewed-on: #21 Co-authored-by: clawbot <sneak+clawbot@sneak.cloud> Co-committed-by: clawbot <sneak+clawbot@sneak.cloud>
This commit was merged in pull request #21.
This commit is contained in:
60
Dockerfile
60
Dockerfile
@@ -1,50 +1,46 @@
|
||||
# Build stage
|
||||
FROM golang:1.24-alpine AS builder
|
||||
# Lint stage — fast feedback on formatting and lint issues
|
||||
# golangci/golangci-lint v2.1.6 (2026-03-10)
|
||||
FROM golangci/golangci-lint@sha256:568ee1c1c53493575fa9494e280e579ac9ca865787bafe4df3023ae59ecf299b AS lint
|
||||
|
||||
# Install build dependencies
|
||||
RUN apk add --no-cache \
|
||||
gcc \
|
||||
musl-dev \
|
||||
make \
|
||||
git
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /build
|
||||
|
||||
# Copy go mod files
|
||||
WORKDIR /src
|
||||
COPY go.mod go.sum ./
|
||||
|
||||
# Download dependencies
|
||||
RUN go mod download
|
||||
|
||||
# Copy source code
|
||||
COPY . .
|
||||
|
||||
# Build the binary
|
||||
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
|
||||
RUN make fmt-check
|
||||
RUN make lint
|
||||
|
||||
# Build stage — tests and compilation
|
||||
# golang 1.24.13-alpine (2026-03-10)
|
||||
FROM golang@sha256:8bee1901f1e530bfb4a7850aa7a479d17ae3a18beb6e09064ed54cfd245b7191 AS builder
|
||||
|
||||
# Force BuildKit to run the lint stage
|
||||
COPY --from=lint /src/go.sum /dev/null
|
||||
|
||||
RUN apk add --no-cache gcc musl-dev make git gnupg
|
||||
|
||||
WORKDIR /build
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
|
||||
COPY . .
|
||||
|
||||
RUN make test
|
||||
RUN make build
|
||||
|
||||
# Runtime stage
|
||||
FROM alpine:latest
|
||||
# alpine 3.23 (2026-03-10)
|
||||
FROM alpine@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
|
||||
|
||||
# Install runtime dependencies
|
||||
RUN apk add --no-cache \
|
||||
ca-certificates \
|
||||
gnupg
|
||||
RUN apk add --no-cache ca-certificates gnupg
|
||||
|
||||
# Create non-root user
|
||||
RUN adduser -D -s /bin/sh secret
|
||||
|
||||
# Copy binary from builder
|
||||
COPY --from=builder /build/secret /usr/local/bin/secret
|
||||
|
||||
# Ensure binary is executable
|
||||
RUN chmod +x /usr/local/bin/secret
|
||||
|
||||
# Switch to non-root user
|
||||
USER secret
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /home/secret
|
||||
|
||||
# Set entrypoint
|
||||
ENTRYPOINT ["secret"]
|
||||
ENTRYPOINT ["secret"]
|
||||
|
||||
Reference in New Issue
Block a user