b80936cade
Some checks failed
Check / check (pull_request) Failing after 12s
Per new policy: CI actions simply run 'docker build .'. The Dockerfile now installs golangci-lint and runs 'make check' early in the build process, so a successful docker build implies all checks pass. - Dockerfile: add golangci-lint install and 'make check' before final build - CI workflow: simplify to just 'docker build .' (no Go setup needed) - Makefile targets unchanged
56 lines
1.0 KiB
Docker
56 lines
1.0 KiB
Docker
# Build stage
|
|
FROM golang:1.24-alpine AS builder
|
|
|
|
# Install build dependencies
|
|
RUN apk add --no-cache \
|
|
gcc \
|
|
musl-dev \
|
|
make \
|
|
git
|
|
|
|
# Set working directory
|
|
WORKDIR /build
|
|
|
|
# Copy go mod files
|
|
COPY go.mod go.sum ./
|
|
|
|
# Download dependencies
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Install golangci-lint for checks
|
|
RUN go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@5d1e709b7be35cb2025444e19de266b056b7b7ee
|
|
|
|
# Run all checks (lint, vet, test, build)
|
|
RUN make check
|
|
|
|
# Build the final binary with version info
|
|
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
|
|
|
|
# Runtime stage
|
|
FROM alpine:latest
|
|
|
|
# Install runtime dependencies
|
|
RUN apk add --no-cache \
|
|
ca-certificates \
|
|
gnupg
|
|
|
|
# Create non-root user
|
|
RUN adduser -D -s /bin/sh secret
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /build/secret /usr/local/bin/secret
|
|
|
|
# Ensure binary is executable
|
|
RUN chmod +x /usr/local/bin/secret
|
|
|
|
# Switch to non-root user
|
|
USER secret
|
|
|
|
# Set working directory
|
|
WORKDIR /home/secret
|
|
|
|
# Set entrypoint
|
|
ENTRYPOINT ["secret"] |