fix: bump go version and improve docker image (#213)

* ci: bump go version for build

* go-peer: improve docker file and bump go version

* fix: docker image

---------

Co-authored-by: Daniel N <2color@users.noreply.github.com>

.github/workflows/go-ci.yml

@@ -13,8 +13,8 @@ jobs:
   go-check:
     uses: libp2p/uci/.github/workflows/go-check.yml@v0.0
     with:
-      go-version: '1.22.x'
+      go-version: '1.23.x'
   go-test:
     uses: libp2p/uci/.github/workflows/go-test.yml@v0.0
     with:
-      go-versions: '["1.22.x"]'
+      go-versions: '["1.23.x"]'

go-peer/Dockerfile

@@ -1,12 +1,41 @@
-FROM golang:1.20-alpine
+# Use a specific version of golang alpine for better reproducibility
+FROM golang:1.23-alpine AS builder
 
 WORKDIR /usr/src/app
 
-# pre-copy/cache go.mod for pre-downloading dependencies and only redownloading them in subsequent builds if they change
+# Copy only the dependency files first
 COPY go.mod go.sum ./
 RUN go mod download && go mod verify
 
-COPY . .
-RUN go build -v -o /usr/local/bin/universal-chat-go ./...
+# Copy source code, excluding unnecessary files
+COPY *.go ./
+COPY internal/ ./internal/
+COPY pkg/ ./pkg/
 
-CMD ["universal-chat-go"]
+# Build the application with security flags
+RUN CGO_ENABLED=0 go build -ldflags="-w -s" -v -o /usr/local/bin/universal-chat-go ./...
+
+# Create a minimal production image
+FROM alpine:latest
+
+# Add CA certificates for HTTPS and create non-root user
+RUN apk --no-cache add ca-certificates && \
+    adduser -D appuser
+
+# Create a directory for the application and set proper permissions
+RUN mkdir -p /app/data && \
+    chown -R appuser:appuser /app
+
+# Copy the binary from builder
+COPY --from=builder /usr/local/bin/universal-chat-go /usr/local/bin/universal-chat-go
+
+# Set working directory
+WORKDIR /app/data
+
+# Use non-root user
+USER appuser
+
+# Expose port if your application needs it (uncomment and adjust if needed)
+EXPOSE 9050
+
+CMD ["universal-chat-go", "--headless"]