Dockerfile

@@ -1,57 +1,44 @@
-# Build stage
-FROM golang:1.24-alpine AS builder
+# Lint stage — fast feedback on formatting and lint issues
+# golangci/golangci-lint:v2.1.6
+FROM golangci/golangci-lint:v2.1.6 AS lint
 
-# Install build dependencies
-RUN apk add --no-cache \
-    gcc \
-    musl-dev \
-    make \
-    git \
-    gnupg
-
-# Set working directory
-WORKDIR /build
-
-# Copy go mod files
+WORKDIR /src
 COPY go.mod go.sum ./
-
-# Download dependencies
 RUN go mod download
 
-# Copy source code
 COPY . .
 
-# Install golangci-lint for checks (binary install to avoid Go version constraints)
-RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.6
+RUN make fmt-check
+RUN make lint
 
-# Run all checks (lint, vet, test, build)
-RUN make check
+# Build stage — tests and compilation
+FROM golang:1.24-alpine AS builder
 
-# Build the final binary with version info
-RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
+# Force BuildKit to run the lint stage
+COPY --from=lint /src/go.sum /dev/null
+
+RUN apk add --no-cache gcc musl-dev make git gnupg
+
+WORKDIR /build
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . .
+
+RUN make test
+RUN CGO_ENABLED=1 go build -v -ldflags "-X 'git.eeqj.de/sneak/secret/internal/cli.Version=0.1.0' -X 'git.eeqj.de/sneak/secret/internal/cli.GitCommit=$(git rev-parse HEAD)'" -o secret cmd/secret/main.go
 
 # Runtime stage
 FROM alpine:latest
 
-# Install runtime dependencies
-RUN apk add --no-cache \
-    ca-certificates \
-    gnupg
+RUN apk add --no-cache ca-certificates gnupg
 
-# Create non-root user
 RUN adduser -D -s /bin/sh secret
 
-# Copy binary from builder
 COPY --from=builder /build/secret /usr/local/bin/secret
-
-# Ensure binary is executable
 RUN chmod +x /usr/local/bin/secret
 
-# Switch to non-root user
 USER secret
-
-# Set working directory
 WORKDIR /home/secret
 
-# Set entrypoint
 ENTRYPOINT ["secret"]

Makefile

@@ -17,7 +17,7 @@ build: ./secret
 vet:
 	go vet ./...
 
-test: lint vet
+test: vet
 	go test ./... || go test -v ./...
 
 fmt:
@@ -26,7 +26,7 @@ fmt:
 lint:
 	golangci-lint run --timeout 5m
 
-check: build test
+check: build lint test
 
 # Build Docker container
 docker:
@@ -42,3 +42,6 @@ clean:
 
 install: ./secret
 	cp ./secret $(HOME)/bin/secret
+
+fmt-check:
+	@test -z "$$(gofmt -l .)" || (echo "Files need formatting:" && gofmt -l . && exit 1)

internal/cli/integration_test.go

@@ -2285,6 +2285,7 @@ func verifyFileExists(t *testing.T, path string) {
 }
 
 // verifyFileNotExists checks if a file does not exist at the given path
+//
 //nolint:unused // kept for future use
 func verifyFileNotExists(t *testing.T, path string) {
 	t.Helper()

internal/secret/validation_test.go

@@ -154,4 +154,3 @@ func TestValidateGPGKeyID(t *testing.T) {
 		})
 	}
 }
-