GoComply · yflop · Jul 9, 2025 · Jul 9, 2025 · Jul 9, 2025 · Jul 9, 2025
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,13 +11,13 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        go-version: [1.13.x, 1.14.x]
+        go-version: [1.19.x, 1.20.x]
 
     runs-on: ${{ matrix.os }}
     steps:
 
     - name: Set up Go ${{ matrix.go-version }}
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v4
       with:
         go-version: ${{ matrix.go-version }}
       id: go

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -16,9 +16,9 @@ jobs:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
-          go-version: 1.14
+          go-version: 1.19
       -
         name: Install dependencies
         uses: mstksg/get-package@master

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,61 @@
+# Build stage
+FROM golang:1.19-alpine AS builder
+
+# Install build dependencies
+RUN apk add --no-cache git make gcc musl-dev
+
+# Set working directory
+WORKDIR /app
+
+# Copy go mod files
+COPY go.mod go.sum ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the applications
+RUN go build -o fedramp-server cmd/server/main.go
+RUN go build -o gocomply_fedramp cli/gocomply_fedramp/main.go
+
+# Runtime stage
+FROM alpine:latest
+
+# Install runtime dependencies
+RUN apk add --no-cache ca-certificates tzdata
+
+# Create non-root user
+RUN addgroup -g 1000 fedramp && \
+    adduser -D -u 1000 -G fedramp fedramp
+
+# Set working directory
+WORKDIR /app
+
+# Copy binaries from builder
+COPY --from=builder /app/fedramp-server /app/
+COPY --from=builder /app/gocomply_fedramp /app/
+
+# Copy web assets
+COPY --from=builder /app/web /app/web
+
+# Copy bundled resources
+COPY --from=builder /app/bundled /app/bundled
+
+# Create directories for data
+RUN mkdir -p /app/data /app/logs && \
+    chown -R fedramp:fedramp /app
+
+# Switch to non-root user
+USER fedramp
+
+# Expose port
+EXPOSE 8080
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/api/v1/health || exit 1
+
+# Default command
+CMD ["/app/fedramp-server"] 
diff --git a/Dockerfile.prod b/Dockerfile.prod
@@ -0,0 +1,81 @@
+# Production Dockerfile for FedRAMP R5 Balance & 20x Server
+
+# Build stage
+FROM golang:1.21-alpine AS builder
+
+# Install build dependencies
+RUN apk add --no-cache git make gcc musl-dev
+
+# Set working directory
+WORKDIR /build
+
+# Copy go mod files
+COPY go.mod go.sum ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the binary with optimizations
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags="-w -s -X main.Version=$(git describe --tags --always) -X main.BuildTime=$(date -u +%Y%m%d.%H%M%S)" \
+    -a -installsuffix cgo \
+    -o fedramp-server \
+    cmd/server/main.go
+
+# Runtime stage
+FROM alpine:3.19
+
+# Install runtime dependencies
+RUN apk --no-cache add ca-certificates tzdata curl
+
+# Create non-root user
+RUN addgroup -g 1000 -S fedramp && \
+    adduser -u 1000 -S fedramp -G fedramp
+
+# Set working directory
+WORKDIR /app
+
+# Copy binary from builder
+COPY --from=builder /build/fedramp-server /app/
+COPY --from=builder /build/web /app/web
+COPY --from=builder /build/bundled /app/bundled
+
+# Create necessary directories
+RUN mkdir -p /app/logs /app/uploads /app/temp && \
+    chown -R fedramp:fedramp /app
+
+# Security: Set file permissions
+RUN chmod 755 /app/fedramp-server && \
+    chmod -R 644 /app/web/* && \
+    find /app/web -type d -exec chmod 755 {} \;
+
+# Switch to non-root user
+USER fedramp
+
+# Expose ports
+EXPOSE 8080 9090
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8080/api/v1/health || exit 1
+
+# Set environment defaults
+ENV SERVER_PORT=8080 \
+    SERVER_HOST=0.0.0.0 \
+    LOG_LEVEL=info \
+    LOG_FORMAT=json \
+    ENABLE_METRICS=true \
+    METRICS_PORT=9090
+
+# Add labels for metadata
+LABEL maintainer="your-email@domain.com" \
+      version="1.0.0" \
+      description="FedRAMP R5 Balance & 20x API Server" \
+      org.opencontainers.image.source="https://github.com/yflop/fedramp"
+
+# Run the server
+ENTRYPOINT ["/app/fedramp-server"]
+CMD ["serve"] 
diff --git a/GO_VERSION_REQUIREMENT.md b/GO_VERSION_REQUIREMENT.md
@@ -0,0 +1,38 @@
+# Go Version Requirement
+
+## Minimum Required Version: Go 1.19
+
+This project requires **Go 1.19 or higher** due to dependencies that use features introduced in newer Go versions.
+
+## CI Configuration Update Required
+
+The current CI pipeline is using Go 1.14.15, which causes build failures with the error:
+```
+io/fs: package io/fs is not in GOROOT
+```
+
+This is because the `io/fs` package was introduced in Go 1.16, and our dependencies (particularly `fsnotify`) require it.
+
+## Fix for GitHub Actions
+
+The GitHub Actions workflow needs to be updated to use Go 1.19 or higher. Update the workflow file with:
+
+```yaml
+- name: Set up Go
+  uses: actions/setup-go@v4
+  with:
+    go-version: '1.19'
+```
+
+## Build Error Resolution
+
+If you encounter the build error locally, ensure you have Go 1.19+ installed:
+```bash
+go version  # Should show go1.19 or higher
+```
+
+## Dependencies Requiring Newer Go
+
+The following dependencies require Go 1.16+:
+- `github.com/fsnotify/fsnotify` (requires `io/fs`)
+- Various server implementation dependencies added for R5 Balance features