66a390d685
Pin all three FROM lines with SHA256 digests per REPO_POLICIES.md: - golangci/golangci-lint:v2.1.6@sha256:568ee1c1... - golang:1.24-alpine@sha256:8bee1901... - alpine:3.23@sha256:25109184... (was alpine:latest) Also replaced mutable 'alpine:latest' tag with 'alpine:3.23'.
47 lines
1.3 KiB
Docker
47 lines
1.3 KiB
Docker
# Lint stage — fast feedback on formatting and lint issues
|
|
# golangci/golangci-lint v2.1.6 (2026-03-10)
|
|
FROM golangci/golangci-lint:v2.1.6@sha256:568ee1c1c53493575fa9494e280e579ac9ca865787bafe4df3023ae59ecf299b AS lint
|
|
|
|
WORKDIR /src
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
|
|
RUN make fmt-check
|
|
RUN make lint
|
|
|
|
# Build stage — tests and compilation
|
|
# golang 1.24.13-alpine (2026-03-10)
|
|
FROM golang:1.24-alpine@sha256:8bee1901f1e530bfb4a7850aa7a479d17ae3a18beb6e09064ed54cfd245b7191 AS builder
|
|
|
|
# Force BuildKit to run the lint stage
|
|
COPY --from=lint /src/go.sum /dev/null
|
|
|
|
RUN apk add --no-cache gcc musl-dev make git gnupg
|
|
|
|
WORKDIR /build
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
|
|
RUN make test
|
|
RUN CGO_ENABLED=1 go build -v -ldflags "-X 'git.eeqj.de/sneak/secret/internal/cli.Version=0.1.0' -X 'git.eeqj.de/sneak/secret/internal/cli.GitCommit=$(git rev-parse HEAD)'" -o secret cmd/secret/main.go
|
|
|
|
# Runtime stage
|
|
# alpine 3.23 (2026-03-10)
|
|
FROM alpine:3.23@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
|
|
|
|
RUN apk add --no-cache ca-certificates gnupg
|
|
|
|
RUN adduser -D -s /bin/sh secret
|
|
|
|
COPY --from=builder /build/secret /usr/local/bin/secret
|
|
RUN chmod +x /usr/local/bin/secret
|
|
|
|
USER secret
|
|
WORKDIR /home/secret
|
|
|
|
ENTRYPOINT ["secret"]
|