7b84aa345f
Restructure Dockerfile to match upaas/dnswatcher pattern: - Separate lint stage using golangci/golangci-lint:v2.1.6 image - Builder stage for tests and compilation (no lint dependency) - Add fmt-check Makefile target - Decouple test from lint in Makefile (lint runs in its own stage) - Run gofmt on all files - docker build verified passing locally
45 lines
993 B
Docker
45 lines
993 B
Docker
# Lint stage — fast feedback on formatting and lint issues
|
|
# golangci/golangci-lint:v2.1.6
|
|
FROM golangci/golangci-lint:v2.1.6 AS lint
|
|
|
|
WORKDIR /src
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
|
|
RUN make fmt-check
|
|
RUN make lint
|
|
|
|
# Build stage — tests and compilation
|
|
FROM golang:1.24-alpine AS builder
|
|
|
|
# Force BuildKit to run the lint stage
|
|
COPY --from=lint /src/go.sum /dev/null
|
|
|
|
RUN apk add --no-cache gcc musl-dev make git gnupg
|
|
|
|
WORKDIR /build
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
|
|
RUN make test
|
|
RUN CGO_ENABLED=1 go build -v -ldflags "-X 'git.eeqj.de/sneak/secret/internal/cli.Version=0.1.0' -X 'git.eeqj.de/sneak/secret/internal/cli.GitCommit=$(git rev-parse HEAD)'" -o secret cmd/secret/main.go
|
|
|
|
# Runtime stage
|
|
FROM alpine:latest
|
|
|
|
RUN apk add --no-cache ca-certificates gnupg
|
|
|
|
RUN adduser -D -s /bin/sh secret
|
|
|
|
COPY --from=builder /build/secret /usr/local/bin/secret
|
|
RUN chmod +x /usr/local/bin/secret
|
|
|
|
USER secret
|
|
WORKDIR /home/secret
|
|
|
|
ENTRYPOINT ["secret"]
|