This PR primarily updates the code to use golang 1.23.
Previously in #15 I pinned the docker images, but my security advice has changed on this topic in the last 2 years. Pinning base images is only good for repos that are automatically updated with something like Dependabot or Renovate. For a repo like this, I think it makes more sense to use floating tags like latest so you get the latest patches every time you rebuild.
Migrated away from ioutil which was deprecated in golang 1.16.
Ran the tests inside the docker build. They run super quickly, so it doesn't really slow the build down, but it does avoid accidentally skipping the tests when deploying new versions (since there's no CI/CD).
This PR primarily updates the code to use golang 1.23.
Previously in #15 I pinned the docker images, but my security advice has changed on this topic in the last 2 years. Pinning base images is only good for repos that are automatically updated with something like Dependabot or Renovate. For a repo like this, I think it makes more sense to use floating tags like
latestso you get the latest patches every time you rebuild.Besides, if I pinned the golang image today, we'd be pinning some known CVEs already: https://hub.docker.com/layers/library/golang/latest/images/sha256-d0aac08f954c29a6c42b8fa15f590467343aa44322b5fa059227d554b07d6e99?context=explore
Other changes:
ioutilwhich was deprecated in golang 1.16.