From 64933b84ed8bf05782f7858fb34a468afbf63966 Mon Sep 17 00:00:00 2001
From: file-diff-agent <file-diff-agent@users.noreply.github.com>
Date: Wed, 29 Apr 2026 21:52:35 +0000
Subject: [PATCH 1/2] Initialize agent task: Finish docker-compose actions by
 creating and pushing docker. Check to u

Finish docker-compose actions by creating and pushing docker.

Check to use the newest versions of the actions.

I want commit number as a tag. If pushed to main mark as latest.

Add also proper docker actions to release on tag, then use tags for docker that you push.

Use name arkiv-node for production builds
Use name arkiv-node-int for integration test fast builds

Use ubuntu 26.04 as a base. Update ca-cerificates in dockerbuild. Use user docker for better security.

From 04387f60a1d12699b9233e7397a4070cc15bb1b7 Mon Sep 17 00:00:00 2001
From: file-diff-agent <file-diff-agent@users.noreply.github.com>
Date: Wed, 29 Apr 2026 21:57:49 +0000
Subject: [PATCH 2/2] Add Docker image build and publish workflow

---
 .dockerignore                | 10 +++++
 .github/workflows/ci.yml     |  6 +--
 .github/workflows/docker.yml | 69 ++++++++++++++++++++++++++++
 Dockerfile                   | 87 ++++++++++++++++++++++++++++++++++++
 4 files changed, 169 insertions(+), 3 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/docker.yml
 create mode 100644 Dockerfile

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..98b19bb
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,10 @@
+.git
+.github
+bin
+arkiv-storaged
+Dockerfile
+README.md
+architecture.md
+*.md
+tmp
+vendor
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e9a5e96..e93b386 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,14 +10,14 @@ jobs:
   ci:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6.0.2
 
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6.4.0
         with:
           go-version: '1.26.0'
           cache: true
 
-      - uses: golangci/golangci-lint-action@v9
+      - uses: golangci/golangci-lint-action@v9.2.0
         with:
           version: latest
 
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
new file mode 100644
index 0000000..0d48828
--- /dev/null
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,69 @@
+name: Docker
+
+on:
+  push:
+    branches: [main]
+    tags: ['*']
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  packages: write
+
+concurrency:
+  group: docker-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image: arkiv-node
+            target: production
+          - image: arkiv-node-int
+            target: integration
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+
+      - name: Normalize image owner
+        id: image-owner
+        run: echo "owner=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4.0.0
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v6.0.0
+        with:
+          images: ghcr.io/${{ steps.image-owner.outputs.owner }}/${{ matrix.image }}
+          tags: |
+            type=raw,value=${{ github.sha }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=ref,event=tag
+
+      - name: Login to GHCR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v4.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v7.1.0
+        with:
+          context: .
+          file: Dockerfile
+          target: ${{ matrix.target }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=${{ matrix.image }}
+          cache-to: type=gha,scope=${{ matrix.image }},mode=max
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..4330e43
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,87 @@
+# syntax=docker/dockerfile:1.7
+
+ARG UBUNTU_VERSION=26.04
+ARG GO_VERSION=1.26.0
+
+FROM ubuntu:${UBUNTU_VERSION} AS go-toolchain
+
+ARG GO_VERSION
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+ENV CGO_ENABLED=0 \
+    GOPATH=/go \
+    PATH=/usr/local/go/bin:/go/bin:$PATH
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends ca-certificates curl gzip tar \
+    && update-ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN set -eux; \
+    case "${TARGETARCH}" in \
+      amd64) go_arch="amd64" ;; \
+      arm64) go_arch="arm64" ;; \
+      arm) go_arch="armv6l" ;; \
+      *) echo "unsupported TARGETARCH: ${TARGETARCH}" >&2; exit 1 ;; \
+    esac; \
+    curl -fsSL "https://go.dev/dl/go${GO_VERSION}.${TARGETOS}-${go_arch}.tar.gz" -o /tmp/go.tgz; \
+    tar -C /usr/local -xzf /tmp/go.tgz; \
+    rm /tmp/go.tgz; \
+    go version
+
+WORKDIR /src
+
+FROM go-toolchain AS deps
+
+COPY go.mod go.sum ./
+RUN --mount=type=cache,target=/go/pkg/mod go mod download
+
+FROM deps AS production-build
+
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+COPY . .
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    mkdir -p /out && \
+    GOOS="${TARGETOS}" GOARCH="${TARGETARCH}" \
+    go build -trimpath -ldflags="-s -w" -o /out/arkiv-storaged ./cmd/arkiv-storaged
+
+FROM deps AS integration-build
+
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+COPY . .
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    mkdir -p /out && \
+    GOOS="${TARGETOS}" GOARCH="${TARGETARCH}" \
+    go build -o /out/arkiv-storaged ./cmd/arkiv-storaged
+
+FROM ubuntu:${UBUNTU_VERSION} AS runtime-base
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends ca-certificates \
+    && update-ca-certificates \
+    && groupadd --system docker \
+    && useradd --system --create-home --gid docker --home-dir /home/docker --shell /usr/sbin/nologin docker \
+    && mkdir -p /var/lib/arkiv-storaged \
+    && chown -R docker:docker /var/lib/arkiv-storaged /home/docker \
+    && rm -rf /var/lib/apt/lists/*
+
+EXPOSE 2704 2705
+USER docker
+
+ENTRYPOINT ["arkiv-storaged"]
+CMD ["-data-dir", "/var/lib/arkiv-storaged"]
+
+FROM runtime-base AS production
+
+COPY --from=production-build /out/arkiv-storaged /usr/local/bin/arkiv-storaged
+
+FROM runtime-base AS integration
+
+COPY --from=integration-build /out/arkiv-storaged /usr/local/bin/arkiv-storaged