diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 963c4e1..a58c218 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,242 +11,24 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -# Default to least privilege; Codecov only needs these for OIDC upload & (optionally) PR comments -permissions: - contents: read - id-token: write - pull-requests: write - attestations: write - -env: - GOFLAGS: -mod=readonly - jobs: - commitlint: - name: Commit message lint (conventional commits) - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version: lts/* - - name: Install commitlint dependencies - run: npm i --no-save --no-package-lock @commitlint/cli @commitlint/config-conventional - - - name: Validate current commit (last commit) with commitlint - if: github.event_name == 'push' - run: npx commitlint --last --verbose - - - name: Validate PR commits with commitlint - if: github.event_name == 'pull_request' - run: npx commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose - - lint: - name: Lint (fmt + vet [+ staticcheck]) - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: ">=1.24.0" - cache: true - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - - name: Install dependencies - run: | - pip install yamllint - - - name: go mod tidy check - run: | - cp go.mod go.mod.prev - cp go.sum go.sum.prev - go mod tidy - diff -u go.mod.prev go.mod || (echo "::error file=go.mod::Run 'go mod tidy' and commit changes."; exit 1) - diff -u go.sum.prev go.sum || (echo "::error file=go.sum::Run 'go mod tidy' and commit changes."; exit 1) - - - name: go fmt (no diffs allowed) - run: | - # Lists files that would change if formatted; fail if any are returned - CHANGED=$(gofmt -s -l . || true) - if [ -n "$CHANGED" ]; then - echo "::error ::Run 'gofmt -s -w .' to format:" - echo "$CHANGED" - exit 1 - fi - - - name: go vet - run: go vet ./... - - - name: Install staticcheck - run: go install honnef.co/go/tools/cmd/staticcheck@latest - - - name: staticcheck - run: $(go env GOPATH)/bin/staticcheck ./... - - - name: golangci-lint - uses: golangci/golangci-lint-action@v8 - with: - version: v2.1 - - - name: Run JSON tags camelCase check - run: make check-json-tags - - - name: Check Prometheus metrics - run: make check-metrics - - - name: Run yamllint - run: yamllint . - - detect-secrets: - name: Detect secrets (baseline check) - needs: lint - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - - name: Install detect-secrets - run: | - pip install detect-secrets - - - name: Detect secrets - run: | - echo "🔍 Scanning for secrets..." - if command -v detect-secrets >/dev/null 2>&1; then - detect-secrets scan --baseline .secrets.baseline --all-files || echo "Secret detection completed with findings" - if [ -f ".secrets.baseline" ]; then - detect-secrets audit .secrets.baseline --statistics || echo "Baseline audit completed" - fi - else - echo "detect-secrets not available, skipping secret scan (basic validation will still run)" - fi - - test: - name: Test (matrix) - needs: lint - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest] - go: ["1.24.x", "1.25.x"] - include: - # Run race+coverage once on Linux with the newest Go - - os: ubuntu-latest - go: "1.24.x" - coverage: true - runs-on: ${{ matrix.os }} - env: - ENV: test - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: ${{ matrix.go }} - cache: true - - - name: Verify modules - run: | - go mod verify - - - name: Build - run: go build ./... - - # Regular tests (fast) on all OS/Go combos without race/coverage to keep CI time down - - name: Test (no race/coverage) - if: ${{ !matrix.coverage }} - run: go test ./... - - # Single canonical run with race + coverage profile (Linux, newest Go) - - name: Test (race + coverage) - if: ${{ matrix.coverage }} - run: | - # Use atomic mode for consistent results under -race - go test -race -covermode=atomic -coverpkg=./... -coverprofile=cover.out ./... - - - name: Upload coverage artifact - if: ${{ matrix.coverage }} - uses: actions/upload-artifact@v4 - with: - name: coverage - path: cover.out - retention-days: 7 - - codecov: - name: Upload coverage to Codecov - needs: test - - # still attempt upload even if some matrix legs fail - if: ${{ always() }} - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Download coverage artifact - uses: actions/download-artifact@v5 - with: - name: coverage - path: . - - - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v5 - with: - token: ${{ secrets.CODECOV_TOKEN }} - - goreleaser-snapshot: - name: GoReleaser (snapshot check) - needs: test - if: ${{ github.event_name == 'pull_request' || github.ref == 'refs/heads/main' }} - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: ">=1.24.0" - cache: true - - - uses: docker/setup-buildx-action@v3 - with: - install: true - - - name: GoReleaser (snapshot) - uses: goreleaser/goreleaser-action@v6 - with: - version: "~> v2" - args: release --snapshot --skip=publish --clean - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + quality: + name: Quality gates + uses: truvami/ci-templates/.github/workflows/quality-gates.yml@v1 + with: + # Exclude gitignored build/coverage artifacts (absent in CI, but keeps the + # detect-secrets baseline reproducible when regenerated locally). + detect-secrets-exclude-files: '^(dist/|\.git/|.*\.(out|exe)$)' + + go-ci: + name: Go CI + uses: truvami/ci-templates/.github/workflows/go-ci.yml@v1 + with: + # No `make generate` target / no go:generate directives in this repo. + code-generation: false + # Off (matches truvami/gateway#96): the snapshot job isn't provisioned with + # the syft/cosign that the dockers_v2 SBOM + keyless signing config needs — + # the Release workflow (go-release.yml) is. PR correctness is covered by + # lint + test, and `make check-json-tags` / `make check-metrics` run in lint. + goreleaser-snapshot: false + secrets: inherit diff --git a/.github/workflows/release-candidate.yml b/.github/workflows/release-candidate.yml deleted file mode 100644 index 7fadce2..0000000 --- a/.github/workflows/release-candidate.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: Release Candidate - -on: - push: - tags: - - 'v*.*.*-rc*' - workflow_dispatch: - -permissions: - contents: write - packages: write - id-token: write - attestations: write - -concurrency: - group: rc-${{ github.ref }} - cancel-in-progress: false - -jobs: - goreleaser-rc: - name: GoReleaser (RC publish) - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: '1.24.x' - cache: true - - - name: Install git-cliff - uses: taiki-e/install-action@v2 - with: - tool: git-cliff - - - name: Compute last stable tag (exclude RCs) - id: base - shell: bash - run: | - BASE_TAG=$(git tag --list 'v*' --sort=-v:refname | grep -v -- '-rc' | head -n1 || true) - if [ -z "$BASE_TAG" ]; then - echo "tag=" >> $GITHUB_OUTPUT - else - echo "tag=$BASE_TAG" >> $GITHUB_OUTPUT - fi - - - name: Generate release notes (temp file to keep repo clean) - id: notes - shell: bash - run: | - NOTES_FILE="${RUNNER_TEMP}/RELEASE_NOTES.md" - TARGET_TAG="${GITHUB_REF_NAME}" - BASE_TAG="${{ steps.base.outputs.tag }}" - if [ -n "$BASE_TAG" ]; then - git-cliff $BASE_TAG..$TARGET_TAG > "$NOTES_FILE" - else - git-cliff --tag "$TARGET_TAG" > "$NOTES_FILE" - fi - echo "file=$NOTES_FILE" >> "$GITHUB_OUTPUT" - echo "==== RELEASE NOTES PREVIEW ====" - head -n 60 "$NOTES_FILE" || true - - - name: Ensure go.mod/go.sum are tidy - shell: bash - run: | - go mod tidy - if ! git diff --quiet -- go.mod go.sum; then - echo "::error ::go.mod/go.sum changed after 'go mod tidy'. Commit these changes." - git --no-pager diff -- go.mod go.sum - exit 1 - fi - - - name: Fail if git tree is dirty (pre-release) - shell: bash - run: | - if [ -n "$(git status --porcelain)" ]; then - echo "::error ::Working tree is dirty just before GoReleaser:" - git status --porcelain - exit 1 - fi - - - uses: docker/setup-buildx-action@v3 - with: - install: true - - - name: Log into GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: GoReleaser (publish RC) - uses: goreleaser/goreleaser-action@v6 - with: - version: "~> v2" - args: release --clean --release-notes="${{ steps.notes.outputs.file }}" - env: - # Prevent Go from modifying go.mod/go.sum during the build - GOFLAGS: -mod=readonly - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 260b39b..ee46181 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,8 +3,7 @@ name: Release on: push: tags: - - 'v*.*.*' - - '!**-rc*' # exclude pre-releases + - 'v*.*.*' # matches both stable (v1.2.3) and RC (v1.2.3-rc1) tags workflow_dispatch: permissions: @@ -13,97 +12,13 @@ permissions: id-token: write attestations: write -concurrency: - group: release-${{ github.ref }} - cancel-in-progress: false - jobs: - goreleaser: - name: GoReleaser (final publish) - runs-on: ubuntu-latest - if: contains(github.ref_name, '-') == false - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: '1.24.x' - cache: true - - - name: Install git-cliff - uses: taiki-e/install-action@v2 - with: - tool: git-cliff - - - name: Compute previous stable (exclude RCs) - id: base - shell: bash - run: | - # Current tag is the newest stable that triggered this workflow. - # Get the previous stable (no "-rc") by taking the 2nd most recent stable tag. - PREV_STABLE=$(git tag --list 'v*' --sort=-v:refname | grep -v -- '-rc' | sed -n '2p' || true) - if [ -z "$PREV_STABLE" ]; then - echo "tag=" >> $GITHUB_OUTPUT - else - echo "tag=$PREV_STABLE" >> $GITHUB_OUTPUT - fi - - - name: Generate release notes (since previous stable) to temp - id: notes - shell: bash - run: | - NOTES_FILE="${RUNNER_TEMP}/RELEASE_NOTES.md" - TARGET_TAG="${GITHUB_REF_NAME}" - BASE_TAG="${{ steps.base.outputs.tag }}" - if [ -n "$BASE_TAG" ]; then - git-cliff $BASE_TAG..$TARGET_TAG > "$NOTES_FILE" - else - git-cliff --tag "$TARGET_TAG" > "$NOTES_FILE" - fi - echo "file=$NOTES_FILE" >> "$GITHUB_OUTPUT" - echo "==== RELEASE NOTES PREVIEW ====" - head -n 60 "$NOTES_FILE" || true - - - name: Ensure go.mod/go.sum are tidy - shell: bash - run: | - go mod tidy - if ! git diff --quiet -- go.mod go.sum; then - echo "::error ::go.mod/go.sum changed after 'go mod tidy'. Commit these changes." - git --no-pager diff -- go.mod go.sum - exit 1 - fi - - - name: Fail if git tree is dirty (pre-release) - shell: bash - run: | - if [ -n "$(git status --porcelain)" ]; then - echo "::error ::Working tree is dirty just before GoReleaser:" - git status --porcelain - exit 1 - fi - - - uses: docker/setup-buildx-action@v3 - with: - install: true - - - name: Log into GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: GoReleaser (publish) - uses: goreleaser/goreleaser-action@v6 - with: - version: "~> v2" - args: release --clean --release-notes="${{ steps.notes.outputs.file }}" - env: - GOFLAGS: -mod=readonly - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + release: + name: GoReleaser + # Single workflow auto-detects RC vs stable from the tag, installs + # cosign + syft (for dockers_v2 signing/SBOM) and publishes to GHCR. + uses: truvami/ci-templates/.github/workflows/go-release.yml@v1 + with: + go-version: '1.26' + private-modules: false + secrets: inherit diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 81be202..b403fe9 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -12,9 +12,12 @@ before: - go generate ./... builds: - - binary: decoder + - id: decoder + binary: decoder env: - CGO_ENABLED=0 + flags: + - -trimpath ldflags: - -s -w - -X github.com/truvami/decoder/cmd.Version={{.Version}} @@ -34,11 +37,11 @@ checksum: name_template: "{{ .ProjectName }}-{{ .Version }}-checksums.txt" archives: - - format: tar.gz + - formats: [tar.gz] wrap_in_directory: true format_overrides: - goos: windows - format: zip + formats: [zip] name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" files: - LICENSE @@ -89,68 +92,61 @@ archives: # skip_publish: false # goamd64: v1 -dockers: - # Standard Linux (Debian/Ubuntu-like base) images - - use: buildx - goos: linux - goarch: amd64 - dockerfile: build/buildx.Dockerfile - image_templates: - - "ghcr.io/truvami/decoder:latest" # primary tag - - "ghcr.io/truvami/decoder:{{ .Tag }}" - - "ghcr.io/truvami/decoder:{{ .Major }}" - - "ghcr.io/truvami/decoder:{{ .Major }}.{{ .Minor }}" - build_flag_templates: - - "--pull" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - - "--platform=linux/amd64" - - use: buildx - goos: linux - goarch: arm64 - dockerfile: build/buildx.Dockerfile - image_templates: - - "ghcr.io/truvami/decoder:latest-arm64" - - "ghcr.io/truvami/decoder:{{ .Tag }}-arm64" - build_flag_templates: - - "--pull" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - - "--platform=linux/arm64" - - # Alpine-based images (smaller size) - - use: buildx - goos: linux - goarch: amd64 - dockerfile: build/buildx-alpine.Dockerfile - image_templates: - - "ghcr.io/truvami/decoder:alpine" # primary tag - - "ghcr.io/truvami/decoder:latest-alpine" - - "ghcr.io/truvami/decoder:{{ .Tag }}-alpine" - - "ghcr.io/truvami/decoder:{{ .Major }}-alpine" - - "ghcr.io/truvami/decoder:{{ .Major }}.{{ .Minor }}-alpine" - build_flag_templates: - - "--pull" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - - "--platform=linux/amd64" - - use: buildx - goos: linux - goarch: arm64 - dockerfile: build/buildx-alpine.Dockerfile - image_templates: - - "ghcr.io/truvami/decoder:alpine-arm64" - - "ghcr.io/truvami/decoder:latest-alpine-arm64" - - "ghcr.io/truvami/decoder:{{ .Tag }}-alpine-arm64" - build_flag_templates: - - "--pull" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - - "--platform=linux/arm64" +# Build & push a single multi-arch OCI image from the prebuilt binaries above +# (no compile in the Dockerfile). https://goreleaser.com/customization/package/dockers_v2/ +dockers_v2: + - id: decoder + ids: + - decoder + dockerfile: Dockerfile + # Attach an SBOM to the image (syft). Default is true; set explicitly. + sbom: "true" + platforms: + - linux/amd64 + - linux/arm64 + images: + - ghcr.io/truvami/decoder + tags: + # Moving tags (latest/major/minor) only for stable releases — never let an + # RC/prerelease move them. The immutable {{ .Tag }}/{{ .Version }} always apply. + - "{{ if not .Prerelease }}latest{{ end }}" + - "{{ .Tag }}" + - "{{ .Version }}" + - "{{ if not .Prerelease }}{{ .Major }}{{ end }}" + - "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}{{ end }}" + labels: + org.opencontainers.image.created: "{{ .Date }}" + org.opencontainers.image.revision: "{{ .FullCommit }}" + org.opencontainers.image.version: "{{ .Version }}" + annotations: + org.opencontainers.image.created: "{{ .Date }}" + org.opencontainers.image.revision: "{{ .FullCommit }}" + org.opencontainers.image.version: "{{ .Version }}" + +# Write a digests file with the digests of all published images/manifests. +# https://goreleaser.com/customization/package/docker_digests/ +docker_digest: + name_template: "{{ .ProjectName }}-{{ .Version }}-digests.txt" + +# Keyless (OIDC) signing of the dockers_v2 images with cosign. Requires +# `id-token: write` in the workflow and cosign installed on the runner (the +# ci-templates go-release workflow installs it). An empty `artifacts` targets +# images built by dockers_v2. https://goreleaser.com/customization/sign/docker_sign/ +docker_signs: + - id: decoder-keyless + artifacts: "" + cmd: cosign + args: + - "sign" + - "--yes" + - "${artifact}@${digest}" + output: true + +# Generate an SBOM artifact for the built binaries (syft is installed by the +# ci-templates go-release workflow). https://goreleaser.com/customization/sbom/ +sboms: + - id: binary + artifacts: binary changelog: sort: asc diff --git a/.secrets.baseline b/.secrets.baseline index 42f6749..29338d1 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -124,9 +124,33 @@ }, { "path": "detect_secrets.filters.heuristic.is_templated_secret" + }, + { + "path": "detect_secrets.filters.regex.should_exclude_file", + "pattern": [ + "^(dist/|\\.git/|.*\\.(out|exe)$)" + ] } ], "results": { + ".github/workflows/ci.yml": [ + { + "type": "Secret Keyword", + "filename": ".github/workflows/ci.yml", + "hashed_secret": "3e26d6750975d678acb8fa35a0f69237881576b0", + "is_verified": false, + "line_number": 34 + } + ], + ".github/workflows/release.yml": [ + { + "type": "Secret Keyword", + "filename": ".github/workflows/release.yml", + "hashed_secret": "3e26d6750975d678acb8fa35a0f69237881576b0", + "is_verified": false, + "line_number": 24 + } + ], "README.md": [ { "type": "Hex High Entropy String", @@ -2235,5 +2259,5 @@ } ] }, - "generated_at": "2026-04-28T18:24:36Z" + "generated_at": "2026-05-26T21:34:00Z" } diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..248b005 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,52 @@ +# syntax=docker/dockerfile:1 + +############################################################################### +# certs stage +# +# This Dockerfile is built by GoReleaser's `dockers_v2`, which supplies the +# prebuilt binary in the build context (per target platform). We intentionally +# do NOT compile here: GoReleaser builds the binaries on CI. +# See https://goreleaser.com/customization/package/dockers_v2/ +# +# This Alpine stage exists only to source the handful of files a `scratch` image +# lacks: CA certificates, tzdata, and a passwd/group entry for the non-root user. +############################################################################### +FROM alpine:3.21 AS certs + +RUN apk add --no-cache ca-certificates tzdata && \ + update-ca-certificates && \ + addgroup -g 65532 -S nonroot && \ + adduser -u 65532 -S -G nonroot -H -h /nonexistent -s /sbin/nologin nonroot + +############################################################################### +# final stage — scratch (truly empty, smallest possible runtime) +############################################################################### +FROM scratch + +# Metadata as defined in OCI image spec annotations +LABEL org.opencontainers.image.vendor="truvami" +LABEL org.opencontainers.image.title="decoder" +LABEL org.opencontainers.image.authors="hey@truvami.com" + +# Files a networked, time-aware, non-root CLI needs (scratch ships none): +# - CA certificates: outbound TLS (AWS IoT Wireless, LoRa Cloud, self-update, ...) +# - tzdata: timezone-aware time handling +# - passwd/group: so USER nonroot resolves to a real uid/gid +COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=certs /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=certs /etc/passwd /etc/passwd +COPY --from=certs /etc/group /etc/group + +# Prebuilt binary supplied by GoReleaser dockers_v2 (CGO_ENABLED=0, statically +# linked). The context places artifacts under a per-platform path (e.g. +# linux/amd64/) so the same Dockerfile produces every architecture. +ARG TARGETPLATFORM +COPY ${TARGETPLATFORM}/decoder /usr/bin/decoder + +USER nonroot:nonroot + +# HTTP server (`decoder http`), also serves Prometheus metrics on /metrics. +EXPOSE 8080 + +# Absolute path: scratch has no PATH, which is unreliable under containerd/k8s. +ENTRYPOINT ["/usr/bin/decoder"] diff --git a/README.md b/README.md index 6c6ac00..e0ec3c8 100644 --- a/README.md +++ b/README.md @@ -44,11 +44,11 @@ You can also run the truvami Decoder using Docker: # Pull the latest Docker image docker pull ghcr.io/truvami/decoder -# Run the Docker container -docker run -it ghcr.io/truvami/decoder decoder --help +# Run the Docker container (the image ENTRYPOINT is `decoder`) +docker run -it ghcr.io/truvami/decoder --help # Run the Docker container to start the HTTP server -docker run -p 8080:8080 ghcr.io/truvami/decoder decoder http --port 8080 --host 0.0.0.0 +docker run -p 8080:8080 ghcr.io/truvami/decoder http --port 8080 --host 0.0.0.0 ``` ## 🛠️ Usage diff --git a/build/buildx-alpine.Dockerfile b/build/buildx-alpine.Dockerfile deleted file mode 100644 index 73870e2..0000000 --- a/build/buildx-alpine.Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# syntax=docker/dockerfile:1.4 -FROM golang:1.23-alpine - -# Metadata as defined in OCI image spec annotations -LABEL org.opencontainers.image.vendor="truvami" -LABEL org.opencontainers.image.title="decoder" -LABEL org.opencontainers.image.authors="hey@truvami.com" - -ENV GOROOT /usr/local/go - -# Allow to download a more recent version of Go. -# https://go.dev/doc/toolchain -# GOTOOLCHAIN=auto is shorthand for GOTOOLCHAIN=local+auto -ENV GOTOOLCHAIN auto - -COPY decoder /usr/bin/ -CMD ["decoder"] diff --git a/build/buildx.Dockerfile b/build/buildx.Dockerfile deleted file mode 100644 index 0ea445b..0000000 --- a/build/buildx.Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -# syntax=docker/dockerfile:1.4 -FROM golang:1.23 - -# Metadata as defined in OCI image spec annotations -LABEL org.opencontainers.image.vendor="truvami" -LABEL org.opencontainers.image.title="decoder" -LABEL org.opencontainers.image.authors="hey@truvami.com" - -ENV GOROOT /usr/local/go - -# Allow to download a more recent version of Go. -# https://go.dev/doc/toolchain -# GOTOOLCHAIN=auto is shorthand for GOTOOLCHAIN=local+auto -ENV GOTOOLCHAIN auto - -COPY decoder /usr/bin/ -CMD ["decoder"] diff --git a/codecov.yml b/codecov.yml deleted file mode 100644 index 5cd8c39..0000000 --- a/codecov.yml +++ /dev/null @@ -1,8 +0,0 @@ -ignore: - - ^cmd/ - - ^examples/ - - ^pkg/logger$ - - # This solver will be deprecated after 31.07.2025 - # https://www.semtech.com/loracloud-shutdown - - ^pkg/solver/loracloud/ diff --git a/go.mod b/go.mod index ef20c91..f89aa11 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/truvami/decoder -go 1.24.0 +go 1.26.0 require ( github.com/aws/aws-sdk-go-v2 v1.41.1