feat: bring repo up to REPO_POLICIES standards
All checks were successful
check / check (push) Successful in 2m19s
All checks were successful
check / check (push) Successful in 2m19s
- Create cmd/webhooker/main.go with fx dependency injection wiring - Add REPO_POLICIES.md, .editorconfig, .dockerignore - Add .gitea/workflows/check.yml for CI (docker build on push) - Rewrite Makefile with all required targets (test, lint, fmt, fmt-check, check, build, hooks, docker, clean, dev, run, deps) - Rewrite Dockerfile with sha256-pinned base images, golangci-lint installed from verified release archive, make check as build step - Fix README.md: add required sections (description, getting started, rationale, design, TODO, license, author) - Integrate TODO.md content into README.md and remove TODO.md - Move config.yaml to configs/config.yaml.example - Fix .gitignore pattern for webhooker binary - Fix static/static.go embed directive (remove empty vendor dir) - Fix database test to use in-memory config (no filesystem dependency) closes #1 closes #2
This commit is contained in:
clawbot
65
Dockerfile
65
Dockerfile
@@ -1,58 +1,69 @@
|
||||
## lint image
|
||||
FROM golangci/golangci-lint:latest
|
||||
# golang:1.24 (bookworm) — 2026-03-01
|
||||
# Using Debian-based image because gorm.io/driver/sqlite pulls in
|
||||
# mattn/go-sqlite3 (CGO), which does not compile on Alpine musl.
|
||||
FROM golang@sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804 AS builder
|
||||
|
||||
RUN mkdir -p /build
|
||||
WORKDIR /build
|
||||
COPY ./ ./
|
||||
RUN golangci-lint run
|
||||
# gcc is pre-installed in the Debian-based golang image
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends make && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
## build image:
|
||||
FROM golang:1.22-alpine AS builder
|
||||
|
||||
# Install build dependencies including gcc for CGO
|
||||
RUN apk add --no-cache git make gcc musl-dev sqlite-dev
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /build
|
||||
|
||||
# Copy go mod files
|
||||
# Install golangci-lint v1.64.8 — 2026-03-01
|
||||
# Using v1.x because the repo's .golangci.yml uses v1 config format.
|
||||
RUN set -eux; \
|
||||
GOLANGCI_VERSION="1.64.8"; \
|
||||
ARCH="$(uname -m)"; \
|
||||
case "${ARCH}" in \
|
||||
x86_64) \
|
||||
GOARCH="amd64"; \
|
||||
GOLANGCI_SHA256="b6270687afb143d019f387c791cd2a6f1cb383be9b3124d241ca11bd3ce2e54e"; \
|
||||
;; \
|
||||
aarch64) \
|
||||
GOARCH="arm64"; \
|
||||
GOLANGCI_SHA256="a6ab58ebcb1c48572622146cdaec2956f56871038a54ed1149f1386e287789a5"; \
|
||||
;; \
|
||||
*) echo "unsupported architecture: ${ARCH}" && exit 1 ;; \
|
||||
esac; \
|
||||
wget -q "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_VERSION}/golangci-lint-${GOLANGCI_VERSION}-linux-${GOARCH}.tar.gz" \
|
||||
-O /tmp/golangci-lint.tar.gz; \
|
||||
echo "${GOLANGCI_SHA256} /tmp/golangci-lint.tar.gz" | sha256sum -c -; \
|
||||
tar -xzf /tmp/golangci-lint.tar.gz -C /tmp; \
|
||||
mv "/tmp/golangci-lint-${GOLANGCI_VERSION}-linux-${GOARCH}/golangci-lint" /usr/local/bin/; \
|
||||
rm -rf /tmp/golangci-lint*; \
|
||||
golangci-lint --version
|
||||
|
||||
# Copy go module files and download dependencies
|
||||
COPY go.mod go.sum ./
|
||||
COPY pkg/config/go.mod pkg/config/go.sum ./pkg/config/
|
||||
RUN go mod download
|
||||
|
||||
# Copy source code
|
||||
COPY . .
|
||||
|
||||
# Build the application with CGO enabled for SQLite
|
||||
RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -o webhooker cmd/webhooker/main.go
|
||||
# Run all checks (fmt-check, lint, test, build)
|
||||
RUN make check
|
||||
|
||||
## output image:
|
||||
FROM alpine:latest
|
||||
# alpine:3.21 — 2026-03-01
|
||||
FROM alpine@sha256:c3f8e73fdb79deaebaa2037150150191b9dcbfba68b4a46d70103204c53f4709
|
||||
|
||||
# Install ca-certificates for HTTPS and sqlite libs
|
||||
RUN apk --no-cache add ca-certificates sqlite-libs
|
||||
RUN apk --no-cache add ca-certificates
|
||||
|
||||
# Create non-root user
|
||||
RUN addgroup -g 1000 -S webhooker && \
|
||||
adduser -u 1000 -S webhooker -G webhooker
|
||||
|
||||
# Set working directory
|
||||
WORKDIR /app
|
||||
|
||||
# Copy binary from builder
|
||||
COPY --from=builder /build/webhooker .
|
||||
COPY --from=builder /build/bin/webhooker .
|
||||
|
||||
# Change ownership
|
||||
RUN chown -R webhooker:webhooker /app
|
||||
|
||||
# Switch to non-root user
|
||||
USER webhooker
|
||||
|
||||
# Expose port
|
||||
EXPOSE 8080
|
||||
|
||||
# Health check
|
||||
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
||||
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/.well-known/healthcheck.json || exit 1
|
||||
|
||||
# Run the application
|
||||
CMD ["./webhooker"]
|
||||
|
||||
Reference in New Issue
Block a user