chore: bump to 0.1.1, switch Docker to Go binary (ossguard-go)

kirankotari · kirankotari · commit 4bb3ae87a9b8 · 2026-05-09T01:20:08.000-04:00
- Version 0.1.1
- Dockerfile: replace Python image with Go multi-stage build (~15MB vs ~200MB)
- docker.yml: pass version build-arg to clone correct ossguard-go tag
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -47,5 +47,7 @@ jobs:
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            OSSGUARD_VERSION=${{ github.ref_name }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
@@ -1,27 +1,25 @@
-FROM python:3.12-slim@sha256:46cb7cc2877e60fbd5e21a9ae6115c30ace7a077b9f8772da879e4590c18c2e3 AS builder
+FROM golang:1.22-alpine AS builder
 
-WORKDIR /app
-COPY pyproject.toml README.md LICENSE ./
-COPY src/ src/
+WORKDIR /build
 
-RUN pip install --no-cache-dir build==1.2.2.post1 && \
-    python -m build --wheel && \
-    pip install --no-cache-dir dist/*.whl
+# Clone ossguard-go and build static binary
+ARG OSSGUARD_VERSION=main
+RUN apk add --no-cache git && \
+    git clone --depth 1 --branch ${OSSGUARD_VERSION} \
+      https://github.com/kirankotari/ossguard-go.git . && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o ossguard ./cmd/ossguard
 
-FROM python:3.12-slim@sha256:46cb7cc2877e60fbd5e21a9ae6115c30ace7a077b9f8772da879e4590c18c2e3
+FROM alpine:3.20
 
 LABEL org.opencontainers.image.source="https://github.com/kirankotari/ossguard"
 LABEL org.opencontainers.image.description="One CLI to guard any OSS project with OpenSSF security best practices"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends git && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache git && \
+    adduser -D -h /home/ossguard ossguard
 
-COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
-COPY --from=builder /usr/local/bin/ossguard /usr/local/bin/ossguard
+COPY --from=builder /build/ossguard /usr/local/bin/ossguard
 
-RUN useradd --create-home ossguard
 USER ossguard
 WORKDIR /project
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ossguard"
-version = "0.1.0"
+version = "0.1.1"
 description = "One-command CLI to guard any OSS project with OpenSSF security best practices — bootstrap, scan, and monitor."
 readme = "README.md"
 license = {text = "Apache-2.0"}
