From 86173b61eb429a2ebede71a93c5685ec6751f02b Mon Sep 17 00:00:00 2001
From: agent-company <agent@leeworks.dev>
Date: Thu, 26 Mar 2026 04:10:59 +0000
Subject: [PATCH] feat: add Dockerfile and CI workflow

Add multi-stage Dockerfile producing a minimal distroless image and
Gitea Actions CI workflow for automated testing and image publishing.

- Dockerfile: multi-stage build (golang:1.22-alpine -> distroless/static)
  with stripped binary (~15-20MB image), runs as nonroot user
- .dockerignore: excludes .git, docs, nix files from build context
- .gitea/workflows/build.yaml: CI pipeline that runs tests, builds
  Docker image, and pushes to Gitea registry with timestamp+SHA tags
  for Flux image automation

Closes leeworks-agents/gitea-mobile#7

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .dockerignore               |  8 +++++++
 .gitea/workflows/build.yaml | 48 +++++++++++++++++++++++++++++++++++++
 Dockerfile                  | 16 +++++++++++++
 3 files changed, 72 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 .gitea/workflows/build.yaml
 create mode 100644 Dockerfile

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..00476df
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,8 @@
+.git
+.gitignore
+*.md
+flake.nix
+flake.lock
+.envrc
+.direnv
+.claude
diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
new file mode 100644
index 0000000..f588f8f
--- /dev/null
+++ b/.gitea/workflows/build.yaml
@@ -0,0 +1,48 @@
+name: Build and Push
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.22'
+
+      - name: Run tests
+        run: go test ./...
+
+  build:
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set image tag
+        id: tag
+        run: |
+          TIMESTAMP=$(date +%Y%m%d%H%M%S)
+          SHA=$(echo ${{ github.sha }} | cut -c1-7)
+          echo "tag=${TIMESTAMP}-${SHA}" >> $GITHUB_OUTPUT
+
+      - name: Build Docker image
+        run: |
+          docker build -t gitea.leeworks.dev/0xwheatyz/gitea-mobile:${{ steps.tag.outputs.tag }} .
+          docker tag gitea.leeworks.dev/0xwheatyz/gitea-mobile:${{ steps.tag.outputs.tag }} \
+            gitea.leeworks.dev/0xwheatyz/gitea-mobile:latest
+
+      - name: Login to Gitea registry
+        run: |
+          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login gitea.leeworks.dev \
+            -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
+
+      - name: Push image
+        run: |
+          docker push gitea.leeworks.dev/0xwheatyz/gitea-mobile:${{ steps.tag.outputs.tag }}
+          docker push gitea.leeworks.dev/0xwheatyz/gitea-mobile:latest
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..029e1ca
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+# Stage 1: Build
+FROM golang:1.22-alpine AS builder
+WORKDIR /app
+COPY go.mod go.sum ./
+RUN go mod download
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /gitea-mobile ./cmd/server
+
+# Stage 2: Runtime
+FROM gcr.io/distroless/static:nonroot
+COPY --from=builder /gitea-mobile /gitea-mobile
+COPY static/ /static/
+COPY internal/templates/ /templates/
+EXPOSE 8080
+USER nonroot:nonroot
+ENTRYPOINT ["/gitea-mobile"]
-- 
2.52.0