Workflow was incorrectly placed under .github/workflows/. Moved to the
correct Gitea location at .gitea/workflows/.
- .github/workflows/build.yml: deleted
- .gitea/workflows/build.yml: moved from .github/workflows/build.yml
.gitea/workflows/build.yml
.github/workflows/build.yml
Builds linux/amd64 + linux/arm64 in a single pass and pushes to all
configured registries simultaneously:
- Always pushes to the Gitea built-in registry using the auto-provided
GITEA_TOKEN — no secrets setup required
- Optionally pushes to Docker Hub when vars.DOCKER_USERNAME is set;
image namespace uses vars.DOCKER_ORG when set, falls back to
vars.DOCKER_USERNAME; secrets.DOCKER_PASSWORD never touches a shell
- IMAGE_TAG env var overrides the named tag, defaults to latest
- Date tag (YYMM) pushed first, named tag pushed last so latest is the
displayed pull suggestion
- All OCI annotations declared explicitly in the workflow (multi-arch
manifest lists do not carry Dockerfile LABEL values)
- All third-party Actions pinned to full commit SHAs
- .github/workflows/build.yml: new — multi-platform build and push workflow
.github/
Pre-set service-discovery vars in a Docker env file so the entrypoint's
${VAR:-$(function)} expansions skip all seven __find_* subprocess forks on
every container start. Also suppress the startup banner and health loop
since this image has no long-running daemon.
Fix overly-broad `env/` gitignore pattern that silently swallowed
rootfs/…/docker/env/ and any other env directory in the tree. Replace with
the root-anchored `/env/` and `src/env/` which only match the Python venv
paths originally intended.
- rootfs/usr/local/etc/docker/env/go.sh: new — pre-sets PHP_INI_DIR,
PHP_BIN_DIR, HTTPD_CONFIG_FILE, NGINX_CONFIG_FILE, MYSQL_CONFIG_FILE,
PGSQL_CONFIG_FILE, MONGODB_CONFIG_FILE to "none"; sets
ENTRYPOINT_MESSAGE=no and HEALTH_ENABLED=no
- .gitignore: replace bare `env/` with `/env/` and `src/env/` to avoid
matching Docker env config directories inside rootfs
.gitignore
rootfs/usr/local/etc/docker/env/
Synced from casjay-dotfiles templates. Updated functions now check
for existence before copying template-files directories, skipping
gracefully when they are absent.
- rootfs/usr/local/etc/docker/functions/entrypoint.sh: updated to latest
rootfs/usr/local/etc/docker/functions/entrypoint.sh
This is a toolchain image with no daemon or service — the generic
service env examples (mariadb, redis, certbot, etc.) and placeholder
gitkeeps have no purpose here.
- rootfs/usr/local/share/template-files/: removed entirely (24 files)
rootfs/usr/local/share/template-files/config/env/default.sample
rootfs/usr/local/share/template-files/config/env/examples/00-directory.sh
rootfs/usr/local/share/template-files/config/env/examples/addresses.sh
rootfs/usr/local/share/template-files/config/env/examples/certbot.sh
rootfs/usr/local/share/template-files/config/env/examples/couchdb.sh
rootfs/usr/local/share/template-files/config/env/examples/dockerd.sh
rootfs/usr/local/share/template-files/config/env/examples/global.sh
rootfs/usr/local/share/template-files/config/env/examples/healthcheck.sh
rootfs/usr/local/share/template-files/config/env/examples/mariadb.sh
rootfs/usr/local/share/template-files/config/env/examples/mongodb.sh
rootfs/usr/local/share/template-files/config/env/examples/networking.sh
rootfs/usr/local/share/template-files/config/env/examples/other.sh
rootfs/usr/local/share/template-files/config/env/examples/php.sh
rootfs/usr/local/share/template-files/config/env/examples/postgres.sh
rootfs/usr/local/share/template-files/config/env/examples/redis.sh
rootfs/usr/local/share/template-files/config/env/examples/services.sh
rootfs/usr/local/share/template-files/config/env/examples/ssl.sh
rootfs/usr/local/share/template-files/config/env/examples/supabase.sh
rootfs/usr/local/share/template-files/config/env/examples/webservers.sh
rootfs/usr/local/share/template-files/config/env/examples/zz-entrypoint.sh
rootfs/usr/local/share/template-files/config/.gitkeep
rootfs/usr/local/share/template-files/data/.gitkeep
rootfs/usr/local/share/template-files/defaults/.gitkeep
- .claude/settings.json: permission allowlist for docker buildx/ps/run/pull,
make check/test/build, curl fetches, and the project gitcommit invocation;
reduces per-command permission prompts during development
- .gitignore: expand Claude Code ignore patterns to cover all runtime and
personal files (backups/, cache/, file-history/, history.jsonl, projects/,
statsFile, *.lock) per project_files.md rules; settings.json is a
committable project config and remains tracked
.claude/
.gitignore
Four asset naming bugs found and fixed; gopls and govulncheck moved back
to go install (neither publishes binary release assets).
- rootfs/root/docker/setup/05-custom.sh:
- gofumpt: asset includes version tag (gofumpt_v0.x.y_linux_amd64)
- gotestsum: uses amd64/arm64 convention, not x86_64
- air: asset includes version without v prefix (air_1.x.y_linux_amd64)
- gopls: no binary release assets → go install golang.org/x/tools/gopls@latest
- govulncheck: no binary release assets → go install golang.org/x/vuln/cmd/govulncheck@latest
- _gh_latest: add null/empty guard; print per-tool progress; auth header
when GITHUB_TOKEN is set
rootfs/root/docker/setup/05-custom.sh
Replaces go install for 11 tools with direct binary/tarball downloads
from GitHub releases. Build time drops from 2+ hours to ~10 minutes
and arm64 QEMU segfaults are eliminated (no Go compilation for goreleaser).
- rootfs/root/docker/setup/05-custom.sh: add _gh_latest/_install_tar/_install_bin
helpers; download goreleaser, golangci-lint, staticcheck, gofumpt,
gotestsum, ko, air, buf, goose, gopls, govulncheck from release artifacts;
keep go install only for goimports, stringer, dlv, gops, benchstat,
wire, mockgen, protoc-gen-go, protoc-gen-go-grpc; remove -p=1 arm64
workaround (no longer needed)
rootfs/root/docker/setup/05-custom.sh
- docker-compose: add `command: tail null` so the container stays alive
instead of running go-workflow and immediately exiting
- Persistence: remove stale symlinks table — those were created by the
old 00-go.sh which has been stripped; symlinks no longer exist
- Cross-compile: wrap bare `go build` examples in `docker run` so they
are valid as written, not ambiguous host-vs-container commands
- Development: fix clone URLs from casjaysdev/go to dockersrc/go
README.md
The arm64 build was failing with:
github.com/caarlos0/go-version: .../linux_arm64/compile: signal: segmentation fault
Under QEMU emulation, parallel Go package compilation creates memory
pressure that causes the compiler to crash. Setting GOFLAGS=-p=1 on
aarch64 serialises compilation, eliminating the segfault. amd64 builds
are unaffected (no flag set on x86_64).
- rootfs/root/docker/setup/05-custom.sh: detect aarch64 via uname -m
and export GOFLAGS=-p=1 before all go install calls
rootfs/root/docker/setup/05-custom.sh
Replace the service-lifecycle init script with a lean Go-native
default workflow. Running the container with no arguments now
automatically formats, vets, tests, and builds the mounted project.
- rootfs/usr/local/etc/docker/init.d/00-go.sh: stripped from 979
lines of daemon-lifecycle boilerplate to 3 lines that export
CONTAINER_INIT=yes and SERVICE_USES_PID=no, telling the init
framework this is a configuration-only container (no daemon, no
keep-alive loop)
- rootfs/usr/local/bin/go-workflow: new script — runs the canonical
Go workflow in order: go mod tidy → gofmt -w . → go vet ./... →
go test ./... → go build ./...; exits 1 with a clear usage message
if no go.mod is found in /app
- rootfs/usr/local/bin/entrypoint.sh: no-args path in both the init
block and the * case now exec go-workflow instead of __no_exit;
verified: default workflow, explicit commands, sh -c passthrough,
and missing go.mod error all behave correctly
- README.md: document the default workflow prominently; update
one-shot examples; add golangci-lint --timeout note; add tail null
long-running pattern
README.md
rootfs/usr/local/bin/entrypoint.sh
rootfs/usr/local/bin/go-workflow
rootfs/usr/local/etc/docker/init.d/00-go.sh
Root cause: entrypoint.sh unconditionally called `__no_exit` (an
`exec bash -c` monitoring loop) even when the user passed a command
to `docker run`, replacing the shell before the command could execute.
Secondary bug in `__exec_command`: used `bash --login -c "$cmdExec"`
which only captured the first word of the command and spawned a slow
login shell on every invocation.
- rootfs/usr/local/bin/entrypoint.sh: only call `__no_exit` when no
user command was given (`$# -eq 0`); otherwise fall through to the
case dispatch so `docker run ... go version` works correctly
- rootfs/usr/local/etc/docker/functions/entrypoint.sh: rewrite
`__exec_command` to use `exec "$@"` directly instead of wrapping
in `bash --login -c "$cmdExec"`; both files kept in sync
rootfs/usr/local/bin/entrypoint.sh
rootfs/usr/local/etc/docker/functions/entrypoint.sh
Add buf (modern protobuf toolchain) and goose (Go-native DB migration
runner) to complete the Go dev toolchain. Fix PATH order so baked image
tools in /usr/local/bin always take precedence over anything installed
at runtime into $GOPATH/bin. Full README rewrite following canonical
section order.
- Dockerfile: insert /usr/local/bin between /usr/local/go/bin and
/usr/local/share/go/bin in both build and final stage ENV PATH
- rootfs/etc/profile.d/go.sh: same PATH fix; explicit /usr/local/bin
guard added; $GOPATH/bin appended last
- rootfs/root/docker/setup/05-custom.sh: add buf@latest and
goose/v3@latest installs with descriptive comments
- README.md: full rewrite — H1 title, canonical section order (Pull,
Docker, Tools table, Env vars, PATH order, Persistence, Cross-compile,
Development, License); accurate tool list matching actual image content
Dockerfile
README.md
rootfs/etc/profile.d/go.sh
rootfs/root/docker/setup/05-custom.sh
Add two debug/profiling tools to 05-custom.sh:
- gops: live process diagnostics (list Go processes, dump stacks, force GC)
- benchstat: statistically sound benchmark comparison via pprof
Both tools baked into /usr/local/bin at build time.
Build verified: go1.26.3, all 19 tools confirmed on PATH.
- rootfs/root/docker/setup/05-custom.sh: add gops and benchstat installs
rootfs/root/docker/setup/05-custom.sh
Go is now downloaded from go.dev/dl at build time (always latest stable,
never pinned). All tools are baked into /usr/local/bin so they are on
PATH out of the box. Module cache and build cache live in the volumed
GOPATH (/usr/local/share/go) so they persist across container restarts
without re-downloading.
- Dockerfile: add /usr/local/go/bin to PATH in both build and final stage
- rootfs/root/docker/setup/05-custom.sh: full Go install + tool install
- detects arch (amd64/arm64/armv6l/386) via uname -m
- fetches latest stable version from go.dev/dl?mode=json via jq
- extracts to /usr/local/go; symlinks go+gofmt to /usr/local/bin
- installs with GOBIN=/usr/local/bin (baked into image, not in volume):
gopls, goimports, gofumpt, stringer, golangci-lint, staticcheck,
govulncheck, gotestsum, dlv, air, goreleaser, wire, mockgen (uber),
ko, protoc-gen-go, protoc-gen-go-grpc
- cleans modcache and build cache after install to keep layer lean
- rootfs/etc/profile.d/go.sh: add /usr/local/go/bin prepend so
interactive shells always find the Go distribution binaries first
Volume strategy:
/usr/local/share/go → GOPATH (module cache + build cache + user bins)
Mount a named volume or bind-mount here to avoid re-downloading modules:
docker run -v go-cache:/usr/local/share/go casjaysdevdocker/go
Dockerfile
rootfs/etc/profile.d/go.sh
rootfs/root/docker/setup/05-custom.sh
Sync project with updated upstream template files while preserving all
Go-specific customizations (EXEC_CMD_BIN='', DATA_DIR='', Go env vars,
/data/go symlink, Go-named dirs, etc.).
- .env.scripts: bump version stamp to 202605292219-git
- .gitattributes: update date stamp from template
- .gitea/workflows/docker.yaml: replace bare echo with printf %q for
GITHUB_OUTPUT assignments; use local var assignments for docker org/tag
- .gitignore: expand with editor configs (VSCode/JetBrains/Vim), AI tool
configs (Claude/.cursor/Copilot), env/secrets, build artifacts,
dependency dirs, logs, test/coverage dirs from updated template
- Dockerfile: bump BUILD_DATE to 202605292219; fix PHP_FPM detection from
ls subshell to set -- glob pattern; fix systemd cleanup to use for loop
instead of rm -f $(ls | grep -v ...)
- rootfs/root/docker/setup/00-init.sh through 07-cleanup.sh: update
version/date stamps to 202605292220-git template versions
- rootfs/usr/local/bin/entrypoint.sh: update stamp; fix echo quoting to
use double quotes for CONTAINER_NAME expansion
- rootfs/usr/local/etc/docker/init.d/00-go.sh: apply template improvements:
split SIGPWR trap onto separate line with 2>/dev/null || true; expand
debugger setup to multi-line if/else; use $(<file) instead of cat for
old_pid; apply _script_hash invalidation (W14) before START_SCRIPT
generation; replace heredoc/eval approach with printf %q for safe
quoting; launch START_SCRIPT with bash not eval sh -c (W15); add null
guard on chown in __run_secure_function; use _resolved temp var pattern
for type -P resolution (remove SERVICE_PID_NUMBER); explicit
[ "$1" = "check" ] guard on __check_service; errorCode=${PIPESTATUS[0]};
fix command -v pre check; add grep -- separator; fix ps|awk|grep chain
to pure awk; remove duplicate mkdir block
- rootfs/usr/local/share/template-files/config/env/default.sample:
ENTRYPOINT_PID_FILE path /run/.entrypoint.pid → /run/init.d/entrypoint.pid
- rootfs/usr/local/share/template-files/config/env/examples/zz-entrypoint.sh:
same ENTRYPOINT_PID_FILE path fix
Dockerfile
.env.scripts
.gitattributes
.gitea/workflows/docker.yaml
.gitignore
rootfs/root/docker/setup/00-init.sh
rootfs/root/docker/setup/01-system.sh
rootfs/root/docker/setup/02-packages.sh
rootfs/root/docker/setup/03-files.sh
rootfs/root/docker/setup/04-users.sh
rootfs/root/docker/setup/05-custom.sh
rootfs/root/docker/setup/06-post.sh
rootfs/root/docker/setup/07-cleanup.sh
rootfs/usr/local/bin/entrypoint.sh
rootfs/usr/local/etc/docker/init.d/00-go.sh
rootfs/usr/local/share/template-files/config/env/default.sample
rootfs/usr/local/share/template-files/config/env/examples/zz-entrypoint.sh
Update the embedded entrypoint copies in rootfs/ to match the
upstream template change. Internal state files renamed to dotfiles
so they're not matched by `/run/*.pid` cleanup globs:
- /run/init.d/entrypoint.pid -> /run/.entrypoint.pid
- /run/no_exit.pid -> /run/.no_exit.pid
- /run/backup.pid -> /run/.backup.pid
- /run/__start_init_scripts.pid -> /run/.start_init_scripts.pid
Per-service PIDs in /run/init.d/ are unchanged.
Dockerfile
.env.scripts
rootfs/usr/local/bin/copy
rootfs/usr/local/bin/entrypoint.sh
rootfs/usr/local/bin/healthcheck
rootfs/usr/local/bin/symlink
rootfs/usr/local/etc/docker/functions/entrypoint.sh
rootfs/usr/local/etc/docker/init.d/00-go.sh
rootfs/usr/local/share/template-files/config/env/default.sample
rootfs/usr/local/share/template-files/config/env/examples/zz-entrypoint.sh
Aligns README install/run snippets with the new convention split:
rootfs/ for Dockerfile-build content (image filesystem), volumes/
for docker-compose host bind-mounts. Compose mounts, host bind
paths, and runtime data dirs are renamed; Dockerfile COPY/ADD
sources (where present) are preserved.
README.md
- Rename ENV_IMAGE_NAME to ENV_REGISTRY_REPO and ENV_ORG_NAME to ENV_REGISTRY_ORG for consistent naming
- Clarify ENV_REGISTRY_URL to be the provider base URL and rename ENV_IMAGE_PUSH to ENV_REGISTRY_PUSH
- Extract install_go_tool helper to handle best-effort installs with periodic cache flushing every 5 tools
- Add GOMAXPROCS, GOMEMLIMIT, and GOFLAGS env vars for controlled Go build resource usage
- Clear test cache before module cache cleanup to reduce peak disk usage during image builds
.env.scripts
rootfs/root/docker/setup/05-custom.sh
- Replace casjaysdevdocker org references with casjaysdev across env config
- Update git repo URL to point to dockersrc/go
- Update registry and push destination URLs to casjaysdev/go
- Remove stale scheduled tasks lock file
.claude/scheduled_tasks.lock
.env.scripts
jason
