afa4f799da
- Install golangci-lint v2 via binary download instead of go install (avoids Go 1.25 requirement of golangci-lint v2.10+) - Add darwin build tags to tests that depend on macOS keychain: derivation_index_test.go, pgpunlock_test.go, validation (keychain tests) - Move generateRandomString to helpers_darwin.go (only called from darwin-only keychainunlocker.go) - Fix unchecked error returns flagged by errcheck linter - Add gnupg to builder stage for PGP-related tests - Use --ulimit memlock=-1:-1 in CI for memguard large secret tests - Add //nolint:unused for intentionally kept but currently unused test helpers
57 lines
1.1 KiB
Docker
57 lines
1.1 KiB
Docker
# Build stage
|
|
FROM golang:1.24-alpine AS builder
|
|
|
|
# Install build dependencies
|
|
RUN apk add --no-cache \
|
|
gcc \
|
|
musl-dev \
|
|
make \
|
|
git \
|
|
gnupg
|
|
|
|
# Set working directory
|
|
WORKDIR /build
|
|
|
|
# Copy go mod files
|
|
COPY go.mod go.sum ./
|
|
|
|
# Download dependencies
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Install golangci-lint for checks (binary install to avoid Go version constraints)
|
|
RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.6
|
|
|
|
# Run all checks (lint, vet, test, build)
|
|
RUN make check
|
|
|
|
# Build the final binary with version info
|
|
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
|
|
|
|
# Runtime stage
|
|
FROM alpine:latest
|
|
|
|
# Install runtime dependencies
|
|
RUN apk add --no-cache \
|
|
ca-certificates \
|
|
gnupg
|
|
|
|
# Create non-root user
|
|
RUN adduser -D -s /bin/sh secret
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /build/secret /usr/local/bin/secret
|
|
|
|
# Ensure binary is executable
|
|
RUN chmod +x /usr/local/bin/secret
|
|
|
|
# Switch to non-root user
|
|
USER secret
|
|
|
|
# Set working directory
|
|
WORKDIR /home/secret
|
|
|
|
# Set entrypoint
|
|
ENTRYPOINT ["secret"] |