rework: multi-stage Dockerfile lint/build/runtime pattern · 528ed5bd74 - vaultik

rework: multi-stage Dockerfile lint/build/runtime pattern

All checks were successful

check / check (pull_request) Successful in 5m22s

Details

Rewrites CI to use a multi-stage Dockerfile per REPO_POLICIES:

- Lint stage: golangci/golangci-lint:v2.1.6-alpine runs make fmt-check
  and make lint
- Build stage: golang:1.24.4-alpine runs make test, then builds binary
  with CGO enabled (required for mattn/go-sqlite3)
- Runtime stage: alpine:3.21 copies binary, runs as non-root user

All base images pinned by @sha256 hash.

CI workflow simplified to just 'docker build .' since the Dockerfile
already runs make check (fmt-check + lint + test).

Makefile aligned with REPO_POLICIES:
- check target uses prereqs (fmt-check lint test)
- fmt-check is read-only (gofmt -l, not go fmt)
- Added docker and hooks targets
- test uses -race -timeout 30s

Added .dockerignore for efficient build context.

This commit is contained in:

clawbot

2026-03-17 01:58:41 -07:00

parent 0355dedab7

commit 528ed5bd74

4 changed files with 91 additions and 39 deletions

8

.dockerignore Normal file

View File

@@ -0,0 +1,8 @@
 .git
 .gitea
 *.md
 LICENSE
 vaultik
 coverage.out
 coverage.html
 .DS_Store

rework: multi-stage Dockerfile lint/build/runtime pattern All checks were successful check / check (pull_request) Successful in 5m22s Details

8 .dockerignore Normal file Unescape Escape View File

rework: multi-stage Dockerfile lint/build/runtime pattern

All checks were successful

check / check (pull_request) Successful in 5m22s

Details

8

.dockerignore Normal file

View File