sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
9be6e2a4eb6aa923433e57ef4e9adee0f8854f62
secret/Dockerfile
user 1109fa6ed9
Some checks failed
Check / check (pull_request) Failing after 15s
Details
fix: resolve CI failures in docker build 
- Install golangci-lint v2 via binary download instead of go install
  (avoids Go 1.25 requirement of golangci-lint v2.10+)
- Add darwin build tags to tests that depend on macOS keychain:
  derivation_index_test.go, pgpunlock_test.go, validation (keychain tests)
- Move generateRandomString to helpers_darwin.go (only called from
  darwin-only keychainunlocker.go)
- Fix unchecked error returns flagged by errcheck linter
- Add gnupg to builder stage for PGP-related tests
- Use --ulimit memlock=-1:-1 in CI for memguard large secret tests
- Add //nolint:unused for intentionally kept but currently unused test helpers
2026-03-10 12:25:48 -07:00

57 lines
1.1 KiB
Docker
Raw Blame History

# Build stage
FROM golang:1.24-alpine AS builder
# Install build dependencies
RUN apk add --no-cache \
gcc \
musl-dev \
make \
git \
gnupg
# Set working directory
WORKDIR /build
# Copy go mod files
COPY go.mod go.sum ./
# Download dependencies
RUN go mod download
# Copy source code
COPY . .
# Install golangci-lint for checks (binary install to avoid Go version constraints)
RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.6
# Run all checks (lint, vet, test, build)
RUN make check
# Build the final binary with version info
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
# Runtime stage
FROM alpine:latest
# Install runtime dependencies
RUN apk add --no-cache \
ca-certificates \
gnupg
# Create non-root user
RUN adduser -D -s /bin/sh secret
# Copy binary from builder
COPY --from=builder /build/secret /usr/local/bin/secret
# Ensure binary is executable
RUN chmod +x /usr/local/bin/secret
# Switch to non-root user
USER secret
# Set working directory
WORKDIR /home/secret
# Set entrypoint
ENTRYPOINT ["secret"]
Reference in New Issue View Git Blame Copy Permalink