Skip to content

fix: Ensure api-runner image includes build tools #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Oct 14, 2025
Merged

fix: Ensure api-runner image includes build tools #135

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
880c37d
Ensure api-runner supports cgo builds
gocanto Oct 14, 2025
c95d9fd
Use api Dockerfile for runner image
gocanto Oct 14, 2025
5443ade
Improve run-cli defaults and error handling
gocanto Oct 14, 2025
885f6a3
chore: scope cli secrets with app makefile
gocanto Oct 14, 2025
cc4f737
Allow run-cli secrets to be overridden dynamically
gocanto Oct 14, 2025
63f1e6e
Fix run-cli secret defaults handling
gocanto Oct 14, 2025
d34a645
Ignore Go cache directories
gocanto Oct 14, 2025
e84ef80
Fix run-cli for POSIX shell
gocanto Oct 14, 2025
53f5a95
Normalize run-cli indentation
gocanto Oct 14, 2025
091933c
Ensure run-cli exports secret overrides
gocanto Oct 14, 2025
fe0af6c
Mask password in run-cli output
gocanto Oct 14, 2025
aa8708c
Redact CLI secret identifiers
gocanto Oct 14, 2025
7fada94
Remove local run-cli fallback
gocanto Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ storage/sql/*.*
*.dylib
*.test
*.out
.gocache
.gopath
go.work
go.work.sum

6 changes: 5 additions & 1 deletion docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,11 @@ services:
restart: no
env_file:
- ./.env
image: golang:1.25.1-alpine@sha256:b6ed3fd0452c0e9bcdef5597f29cc1418f61672e9d3a2f55bf02e7222c014abd
build:
context: .
dockerfile: ./docker/dockerfile-api
target: builder
image: api-api-runner
volumes:
- .:/app
- go_mod_cache:/go/pkg/mod
Expand Down
87 changes: 69 additions & 18 deletions metal/makefile/app.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
.PHONY: fresh destroy audit watch format run-cli test-all run-cli-docker run-metal

DB_SECRET_USERNAME ?= ./database/infra/secrets/pg_username
DB_SECRET_PASSWORD ?= ./database/infra/secrets/pg_password
DB_SECRET_DBNAME ?= ./database/infra/secrets/pg_dbname

format:
gofmt -w -s .

Expand Down Expand Up @@ -36,25 +40,72 @@ install-air:
@go install github.com/air-verse/air@latest

run-cli:
@if [ -z "$(DB_SECRET_USERNAME)" ] || [ -z "$(DB_SECRET_PASSWORD)" ] || [ -z "$(DB_SECRET_DBNAME)" ]; then \
printf "\n$(RED)⚠️ Usage: make run-cli \n$(NC)"; \
printf " DB_SECRET_USERNAME=/path/to/pg_username\n"; \
printf " DB_SECRET_PASSWORD=/path/to/pg_password\n"; \
printf " DB_SECRET_DBNAME=/path/to/pg_dbname\n\n"; \
printf "\n------------------------------------------------------\n\n"; \
exit 1; \
fi; \
printf "\n$(GREEN)🔒 Running CLI with secrets from:$(NC)\n"; \
printf " DB_SECRET_USERNAME=$(DB_SECRET_USERNAME)\n"; \
printf " DB_SECRET_PASSWORD=$(DB_SECRET_PASSWORD)\n"; \
printf " DB_SECRET_DBNAME=$(DB_SECRET_DBNAME)\n\n"; \
DB_SECRET_USERNAME="$(DB_SECRET_USERNAME)" \
DB_SECRET_PASSWORD="$(DB_SECRET_PASSWORD)" \
DB_SECRET_DBNAME="$(DB_SECRET_DBNAME)" \
docker compose run --rm api-runner go run ./metal/cli/main.go

@missing_values=""; \
missing_files=""; \
check_secret() { \
secret_name="$$1"; \
secret_value="$$2"; \
if [ -z "$$secret_value" ]; then \
if [ -z "$$missing_values" ]; then \
missing_values=" - $$secret_name"; \
else \
missing_values="$$missing_values\n - $$secret_name"; \
fi; \
else \
case "$$secret_value" in \
/*|./*|../*) \
if [ ! -f "$$secret_value" ]; then \
if [ -z "$$missing_files" ]; then \
missing_files=" - $$secret_name ($$secret_value)"; \
else \
missing_files="$$missing_files\n - $$secret_name ($$secret_value)"; \
fi; \
fi; \
;; \
esac; \
fi; \
}; \
check_secret DB_SECRET_USERNAME "$(DB_SECRET_USERNAME)"; \
check_secret DB_SECRET_PASSWORD "$(DB_SECRET_PASSWORD)"; \
check_secret DB_SECRET_DBNAME "$(DB_SECRET_DBNAME)"; \
if [ -n "$$missing_values" ]; then \
printf "\n$(RED)❌ Missing secret values:$(NC)\n"; \
printf '%b\n' "$$missing_values"; \
printf " Provide them via environment variables or override them when invoking $(BOLD)make run-cli$(NC).\n\n"; \
exit 1; \
fi; \
if [ -n "$$missing_files" ]; then \
printf "\n$(RED)❌ Secret file paths not found:$(NC)\n"; \
printf '%b\n' "$$missing_files"; \
printf " Ensure the files exist or adjust the overrides before running $(BOLD)make run-cli$(NC).\n\n"; \
exit 1; \
fi
@printf "\n$(GREEN)🔒 Running CLI with secrets from:$(NC)\n"
@DB_SECRET_USERNAME_DISPLAY=`case "$(DB_SECRET_USERNAME)" in \
/*|./*|../*) printf '%s' "$(DB_SECRET_USERNAME)";; \
"") printf '<unset>';; \
*) printf '<redacted>';; \
esac`; \
printf " DB_SECRET_USERNAME=%s\n" "$$DB_SECRET_USERNAME_DISPLAY"
@DB_SECRET_PASSWORD_DISPLAY=`case "$(DB_SECRET_PASSWORD)" in \
/*|./*|../*) printf '%s' "$(DB_SECRET_PASSWORD)";; \
"") printf '<unset>';; \
*) printf '<redacted>';; \
esac`; \
printf " DB_SECRET_PASSWORD=%s\n" "$$DB_SECRET_PASSWORD_DISPLAY"
@DB_SECRET_DBNAME_DISPLAY=`case "$(DB_SECRET_DBNAME)" in \
/*|./*|../*) printf '%s' "$(DB_SECRET_DBNAME)";; \
"") printf '<unset>';; \
*) printf '<redacted>';; \
esac`; \
printf " DB_SECRET_DBNAME=%s\n\n" "$$DB_SECRET_DBNAME_DISPLAY"
@DB_SECRET_USERNAME="$(DB_SECRET_USERNAME)" DB_SECRET_PASSWORD="$(DB_SECRET_PASSWORD)" DB_SECRET_DBNAME="$(DB_SECRET_DBNAME)" docker compose run --rm api-runner go run ./metal/cli/main.go || { \
status=$$?; \
printf "\n$(RED)❌ CLI exited with status $$status.$(NC)\n"; \
exit $$status; \
}
Comment on lines +102 to +106
Copy link

@coderabbitai coderabbitai bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Critical: Recipe lines must use tabs, not spaces.

Lines 102-106 appear to have leading spaces instead of tab characters. Makefile recipes must begin with a tab (not spaces), or Make will reject the file with "missing separator" errors. Please replace the leading whitespace on these lines with a single tab character.

Apply this fix to correct the indentation:

-        @DB_SECRET_USERNAME="$(DB_SECRET_USERNAME)" DB_SECRET_PASSWORD="$(DB_SECRET_PASSWORD)" DB_SECRET_DBNAME="$(DB_SECRET_DBNAME)" docker compose run --rm api-runner go run ./metal/cli/main.go || { \
-                status=$$?; \
-                printf "\n$(RED)❌ CLI exited with status $$status.$(NC)\n"; \
-                exit $$status; \
-        }
+	@DB_SECRET_USERNAME="$(DB_SECRET_USERNAME)" DB_SECRET_PASSWORD="$(DB_SECRET_PASSWORD)" DB_SECRET_DBNAME="$(DB_SECRET_DBNAME)" docker compose run --rm api-runner go run ./metal/cli/main.go || { \
+		status=$$?; \
+		printf "\n$(RED)❌ CLI exited with status $$status.$(NC)\n"; \
+		exit $$status; \
+	}

Note: The inline environment variable assignment (VAR=value command) correctly exports values to the child process, resolving the previous concern about variable export.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@DB_SECRET_USERNAME="$(DB_SECRET_USERNAME)" DB_SECRET_PASSWORD="$(DB_SECRET_PASSWORD)" DB_SECRET_DBNAME="$(DB_SECRET_DBNAME)" docker compose run --rm api-runner go run ./metal/cli/main.go || { \
status=$$?; \
printf "\n$(RED)❌ CLI exited with status $$status.$(NC)\n"; \
exit $$status; \
}
@DB_SECRET_USERNAME="$(DB_SECRET_USERNAME)" DB_SECRET_PASSWORD="$(DB_SECRET_PASSWORD)" DB_SECRET_DBNAME="$(DB_SECRET_DBNAME)" docker compose run --rm api-runner go run ./metal/cli/main.go || { \
status=$$?; \
printf "\n$(RED)❌ CLI exited with status $$status.$(NC)\n"; \
exit $$status; \
}
🤖 Prompt for AI Agents 
In metal/makefile/app.mk around lines 102 to 106 the recipe lines currently
start with spaces which causes Make to error with "missing separator"; replace
the leading spaces on each of these recipe lines with a single tab character so
the command lines are valid Makefile recipe entries (preserve the rest of the
line exactly, only change the indentation to a tab).

run-cli-docker:
make run-cli DB_SECRET_USERNAME=./database/infra/secrets/pg_username DB_SECRET_PASSWORD=./database/infra/secrets/pg_password DB_SECRET_DBNAME=./database/infra/secrets/pg_dbname
make run-cli DB_SECRET_USERNAME=$(DB_SECRET_USERNAME) DB_SECRET_PASSWORD=$(DB_SECRET_PASSWORD) DB_SECRET_DBNAME=$(DB_SECRET_DBNAME)

test-all:
go test ./...
Expand Down
Loading