m/projax
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dfa81fd58e19020a14f81549eb5dcd8bad052004
projax/Dockerfile
mAi dfa81fd58e feat(phase 3p): bake git SHA into binary + surface on /healthz 
Closes the silent-deploy-rot gap caught by Phase 3n's triage. The
problem: a missing Gitea webhook left 11 commits stuck on an old
container while /healthz kept reporting 200 from the stale binary. With
no commit-level evidence on the wire, "deploy rolled" was unverifiable.

Mechanism:
- Dockerfile installs git, reads `git rev-parse --short HEAD` at build
  time, injects via `-ldflags="-X main.gitCommit=<sha>"`. Works under
  Dokploy's `git clone --depth 1` flow (the .git/ folder is in the
  build context) and under plain `docker build .` (same). Local
  `go run` falls back to "unknown".
- main.gitCommit assigns to web.Server.Version in main().
- /healthz now emits two lines: "ok" and "version: <sha>". Endpoint
  remains unauthenticated so any worker / monitor can verify "deploy
  rolled" without a session.

CLAUDE.md gets a mandatory "Post-deploy verification" section: after
every push, compare `git rev-parse --short HEAD` against
`curl /healthz | tail -1`. Mismatch = webhook broken; inspect Gitea
hook 172 (URL pattern `http://mlake.horse-ayu.ts.net:3000/api/deploy/
<refreshToken>` per the working webhooks on m/msbls.de + m/flexsiebels.de).

TestHealthzSurfacesVersion regression-guards the new line. Existing
TestHealthz updated to accept the multi-line body.
2026-05-16 15:35:28 +02:00

25 lines
873 B
Docker
Raw Blame History

# syntax=docker/dockerfile:1.6
FROM golang:1.25-alpine AS build
# git is needed at build time to read the commit SHA. Dokploy clones the
# source with --depth 1 so .git/ is present inside the build context after
# the COPY below — `git rev-parse` resolves the actual commit being built.
# No build-arg orchestration needed; any environment that ships .git/
# alongside source gets the right value.
RUN apk add --no-cache git
WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN GIT_COMMIT="$(git rev-parse --short HEAD 2>/dev/null || echo unknown)" && \
CGO_ENABLED=0 go build -trimpath \
-ldflags="-s -w -X main.gitCommit=${GIT_COMMIT}" \
-o /out/projax ./cmd/projax
FROM gcr.io/distroless/static-debian12:nonroot
COPY --from=build /out/projax /projax
ENV PROJAX_LISTEN_ADDR=:8080
EXPOSE 8080
USER nonroot:nonroot
ENTRYPOINT ["/projax"]
Reference in New Issue View Git Blame Copy Permalink