chore: hardening docker image (#76)

fracasula · web-flow · commit 4cacfb61cde7 · 2025-10-15T09:15:16.000+02:00
Signed-off-by: Francesco Casula &lt;fra.casula@gmail.com&gt;
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -59,5 +59,5 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v8
         with:
-          version: v2.3.1
+          version: v2.5.0
           args: -v
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,9 @@
 # Define build arguments
 # GO_VERSION is updated automatically to match go.mod, see Makefile
-ARG GO_VERSION=1.24.6
-ARG ALPINE_VERSION=3.22
 ARG PKG_NAME=github.com/rudderlabs/keydb
 
 # Build stage
-FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
+FROM golang:1.25.3-alpine3.22@sha256:20ee0b674f987514ae3afb295b6a2a4e5fa11de8cc53a289343bbdab59b0df59 AS builder
 
 # Install necessary dependencies (zstd-dev used with cgo)
 RUN apk --no-cache add --update make tzdata ca-certificates gcc musl-dev zstd-dev
@@ -38,7 +36,7 @@ RUN go build \
     -o ./keydb ./cmd/node
 
 # Final stage
-FROM alpine:${ALPINE_VERSION}
+FROM alpine:3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412
 
 # Update and install additional packages (zstd-libs used with cgo)
 RUN apk --no-cache upgrade && \
diff --git a/Dockerfile-scaler b/Dockerfile-scaler
@@ -1,11 +1,9 @@
 # Define build arguments
 # GO_VERSION is updated automatically to match go.mod, see Makefile
-ARG GO_VERSION=1.24.6
-ARG ALPINE_VERSION=3.22
 ARG PKG_NAME=github.com/rudderlabs/keydb
 
 # Build stage
-FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
+FROM golang:1.25.3-alpine3.22@sha256:20ee0b674f987514ae3afb295b6a2a4e5fa11de8cc53a289343bbdab59b0df59 AS builder
 
 # Install necessary dependencies
 RUN apk --no-cache add --update make tzdata ca-certificates gcc musl-dev
@@ -35,7 +33,7 @@ RUN go build \
     -o ./keydb-scaler ./cmd/scaler
 
 # Final stage
-FROM alpine:${ALPINE_VERSION}
+FROM alpine:3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412
 
 # Update and install additional packages
 RUN apk --no-cache upgrade && \
diff --git a/Makefile b/Makefile
@@ -2,12 +2,12 @@ GO := go
 TESTFILE    := _testok
 DOCKER_USER :=
 
-GOLANG_CI				:= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.3.1
+GOLANG_CI				:= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.5.0
 GOFUMPT					:= mvdan.cc/gofumpt@latest
 GOVULNCHECK				:= golang.org/x/vuln/cmd/govulncheck@latest
 GOIMPORTS 				:= golang.org/x/tools/cmd/goimports@latest
-MOCKGEN 				:= github.com/golang/mock/mockgen@v1.6.0
-GOTESTSUM				:= gotest.tools/gotestsum@v1.11.0
+MOCKGEN 				:= go.uber.org/mock/mockgen@v0.6.0
+GOTESTSUM				:= gotest.tools/gotestsum@v1.13.0
 
 # go tools versions
 protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.6
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/rudderlabs/keydb
 
-go 1.24.6
+go 1.25.3
 
 require (
 	github.com/DataDog/zstd v1.5.7
