diff --git a/.dockerignore b/.dockerignore index 4bf437a..d3cdf73 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,14 +1,9 @@ -.dockerignore -Dockerfile -.github -.git -.gitignore -.editorconfig -.idea -.vscode -test -temp -tmp -LICENSE -Makefile -error-pages +## Ignore everything +* + +## Except the following files and directories +!/cmd +!/internal +!/templates +!/error-pages.yml +!/go.* diff --git a/.editorconfig b/.editorconfig index 136701f..34a56c7 100644 --- a/.editorconfig +++ b/.editorconfig @@ -7,11 +7,8 @@ charset = utf-8 end_of_line = lf insert_final_newline = true indent_style = space -indent_size = 4 -trim_trailing_whitespace = true - -[*.{yml, yaml, sh, conf, json}] indent_size = 2 +trim_trailing_whitespace = true [{Makefile, go.mod, *.go}] indent_style = tab diff --git a/Makefile b/Makefile index e8aab2e..00fea39 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # Makefile readme (en): SHELL = /bin/sh -LDFLAGS = "-s -w -X github.com/tarampampam/error-pages/internal/version.version=$(shell git rev-parse HEAD)" +LDFLAGS = "-s -w -X gh.tarampamp.am/error-pages/internal/version.version=$(shell git rev-parse HEAD)" DC_RUN_ARGS = --rm --user "$(shell id -u):$(shell id -g)" APP_NAME = $(notdir $(CURDIR)) diff --git a/cmd/error-pages/main.go b/cmd/error-pages/main.go index 0daddc3..443d332 100644 --- a/cmd/error-pages/main.go +++ b/cmd/error-pages/main.go @@ -1,17 +1,13 @@ package main import ( - crypto "crypto/rand" - "encoding/binary" - "math/rand" "os" "path/filepath" - "time" "github.com/fatih/color" "go.uber.org/automaxprocs/maxprocs" - "github.com/tarampampam/error-pages/internal/cli" + "gh.tarampamp.am/error-pages/internal/cli" ) // set GOMAXPROCS to match Linux container CPU quota. @@ -26,15 +22,6 @@ func main() { exitFn(run()) } // run this CLI application. // Exit codes documentation: func run() int { - var b [8]byte - - // seed random number generator - if _, err := crypto.Read(b[:]); err == nil { - rand.Seed(int64(binary.LittleEndian.Uint64(b[:]))) // https://stackoverflow.com/a/54491783/2252921 - } else { - rand.Seed(time.Now().UnixNano()) // fallback - } - if err := (cli.NewApp(filepath.Base(os.Args[0]))).Run(os.Args); err != nil { _, _ = color.New(color.FgHiRed, color.Bold).Fprintln(os.Stderr, err.Error()) diff --git a/docker-compose.yml b/docker-compose.yml index ffee6ea..76a79ac 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,7 @@ version: '3.8' volumes: tmp-data: {} + golint-go: {} golint-cache: {} services: @@ -18,27 +19,29 @@ services: - /etc/group:/etc/group:ro - .:/src:rw - tmp-data:/tmp:rw + security_opt: [no-new-privileges:true] web: <<: *app-service ports: - "8080:8080/tcp" # Open - command: sh -c "go build -buildvcs=false -o /tmp/app ./cmd/error-pages && /tmp/app serve" + command: sh -c "go build -buildvcs=false -o /tmp/app ./cmd/error-pages && /tmp/app serve --show-details --proxy-headers=X-Foo,Bar,Baz_blah" healthcheck: test: ['CMD', '/tmp/app', '--log-json', 'healthcheck'] interval: 4s - timeout: 1s start_period: 5s + retries: 5 golint: image: golangci/golangci-lint:v1.51-alpine # Image page: environment: GOLANGCI_LINT_CACHE: /tmp/golint # volumes: - - .:/src:ro + - golint-go:/go:rw # go dependencies will be downloaded on each run without this - golint-cache:/tmp/golint:rw + - .:/src:ro working_dir: /src - command: /bin/true + security_opt: [no-new-privileges:true] hurl: image: orangeopensource/hurl:1.8.0 @@ -47,3 +50,4 @@ services: working_dir: /src depends_on: web: {condition: service_healthy} + security_opt: [no-new-privileges:true]