diff --git a/.github/workflows/build-go-peer.yaml b/.github/workflows/build-go-peer-docker.yaml similarity index 100% rename from .github/workflows/build-go-peer.yaml rename to .github/workflows/build-go-peer-docker.yaml diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml index fbbe5e7..4a4f6a6 100644 --- a/.github/workflows/go-ci.yml +++ b/.github/workflows/go-ci.yml @@ -13,8 +13,8 @@ jobs: go-check: uses: libp2p/uci/.github/workflows/go-check.yml@v0.0 with: - go-version: '1.22.x' + go-version: '1.23.x' go-test: uses: libp2p/uci/.github/workflows/go-test.yml@v0.0 with: - go-versions: '["1.22.x"]' + go-versions: '["1.23.x"]' diff --git a/go-peer/Dockerfile b/go-peer/Dockerfile index b22eb5b..71e7038 100644 --- a/go-peer/Dockerfile +++ b/go-peer/Dockerfile @@ -1,12 +1,41 @@ -FROM golang:1.20-alpine +# Use a specific version of golang alpine for better reproducibility +FROM golang:1.23-alpine AS builder WORKDIR /usr/src/app -# pre-copy/cache go.mod for pre-downloading dependencies and only redownloading them in subsequent builds if they change +# Copy only the dependency files first COPY go.mod go.sum ./ RUN go mod download && go mod verify -COPY . . -RUN go build -v -o /usr/local/bin/universal-chat-go ./... +# Copy source code, excluding unnecessary files +COPY *.go ./ +COPY internal/ ./internal/ +COPY pkg/ ./pkg/ -CMD ["universal-chat-go"] +# Build the application with security flags +RUN CGO_ENABLED=0 go build -ldflags="-w -s" -v -o /usr/local/bin/universal-chat-go ./... + +# Create a minimal production image +FROM alpine:latest + +# Add CA certificates for HTTPS and create non-root user +RUN apk --no-cache add ca-certificates && \ + adduser -D appuser + +# Create a directory for the application and set proper permissions +RUN mkdir -p /app/data && \ + chown -R appuser:appuser /app + +# Copy the binary from builder +COPY --from=builder /usr/local/bin/universal-chat-go /usr/local/bin/universal-chat-go + +# Set working directory +WORKDIR /app/data + +# Use non-root user +USER appuser + +# Expose port if your application needs it (uncomment and adjust if needed) +EXPOSE 9050 + +CMD ["universal-chat-go", "--headless"]