feat: add Dockerfile and docker-compose configuration for standalone wallets service

[thierrycoopman]

Standalone Docker file in the same way we have a ledger standalone file and a payments standalone setup

@BrieucCaillot @reslene Not sure if we need to add a console aspect to this too ?

[coderabbitai]

Walkthrough

Adds containerization and a reverse-proxy: a multi-stage Dockerfile to build/package a Go binary, a Caddyfile routing API and health/info endpoints, bumps flake goVersion to 24, and suppresses staticcheck lint warnings in a test import.

Changes

Cohort / File(s)	Summary
Container Build Dockerfile	New multi-stage Dockerfile: golang:1.24-alpine builder caches modules, builds a statically linked binary; final alpine:3.19 runtime installs ca-certificates, copies binary, sets OTEL_SERVICE_NAME=wallets, entrypoint /usr/bin/wallets, default command serve.
Reverse Proxy deployments/docker-compose/Caddyfile	New Caddy configuration: HTTP port 80, admin & auto HTTPS disabled. Routes /api/wallets/* → wallets:8081, /api/ledger/* → ledger:3068 (both strip_prefix). Adds /_healthcheck → 200 OK, /_info → JSON 200, /api/* fallback → 502, default → 404.
Dev Tooling flake.nix	Bumps goVersion from 23 → 24.
Tests / Lint pkg/testserver/testserver.go	Added //nolint:staticcheck to suppress lint warnings on two dot-import lines (no behavior change).

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant Caddy
  participant Wallets
  participant Ledger

  Client->>Caddy: GET /api/wallets/...
  alt /api/wallets/*
    Caddy->>Wallets: strip_prefix /api/wallets and proxy request
    Wallets-->>Caddy: response
    Caddy-->>Client: response
  end

  Client->>Caddy: GET /api/ledger/...
  alt /api/ledger/*
    Caddy->>Ledger: strip_prefix /api/ledger and proxy request
    Ledger-->>Caddy: response
    Caddy-->>Client: response
  end

  Client->>Caddy: GET /_healthcheck
  Caddy-->>Client: 200 OK

  Client->>Caddy: GET /_info
  Caddy-->>Client: 200 JSON {"services":...}

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I baked a tiny image in a multi-stage den,

Caddy clears the path for wallets and the ledger then,
Health hops back OK, info sings its name,
Go bumped up, lint hushed—everything in frame,
I nibble on bits and watch the services friend.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes: adding a Dockerfile and docker-compose configuration for a standalone wallets service, which aligns with the actual file additions.
Description check	✅ Passed	The description is relevant to the changeset, explaining that it adds a standalone Docker setup for the wallets service modeled after existing setups for ledger and payments.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/standalone-docker

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@deployments/docker-compose/Caddyfile`:
- Around line 8-17: The Caddy handle blocks for "/api/ledger/*" and
"/api/wallets/*" only match subpaths and miss the base paths "/api/ledger" and
"/api/wallets", causing those requests to fall through; update the two handle
directives (the blocks currently starting with handle /api/ledger/* and handle
/api/wallets/*) to match both the base path and subpaths (e.g., include both
"/api/ledger" and "/api/ledger/*" in the handle matcher, and likewise for
wallets) and keep the existing uri strip_prefix and reverse_proxy settings so
requests to both the base path and any subpaths are proxied correctly.

In `@Dockerfile`:
- Line 1: The Dockerfile uses an unsupported Alpine base tag; update the FROM
image tag (currently "golang:1.24-alpine") to an Alpine 3.20+ variant (for
example "golang:1.24-alpine3.20" or another official golang:1.24 image that
embeds Alpine 3.20 or newer) by replacing the FROM line so the build uses a
supported Alpine release; ensure any alpine-specific package commands still work
after the change and adjust package names if needed.

🧹 Nitpick comments (1)

Dockerfile (1)

18-26: Run the runtime container as non‑root for defense‑in‑depth.
This image currently runs as root. Consider adding an unprivileged user and switching to it before the entrypoint.

♻️ Suggested change

 FROM alpine:3.19
 
 RUN apk add --no-cache ca-certificates curl
 
 COPY --from=builder /wallets /usr/bin/wallets
+RUN addgroup -S wallets && adduser -S -G wallets wallets \
+  && chown wallets:wallets /usr/bin/wallets
 
 ENV OTEL_SERVICE_NAME=wallets
 
+USER wallets
 ENTRYPOINT ["/usr/bin/wallets"]
 CMD ["serve"]

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Match base paths without trailing slash (avoid 502 on /api/ledger and /api/wallets).
With the current /* matchers, /api/ledger and /api/wallets fall through to the /api/* handler and return 502. Consider matching both the base path and subpaths.

🐛 One way to cover both base and subpaths

-	handle /api/ledger/* {
-		uri strip_prefix /api/ledger
-		reverse_proxy ledger:3068
-	}
+	handle_path /api/ledger* {
+		reverse_proxy ledger:3068
+	}
 
-	handle /api/wallets/* {
-		uri strip_prefix /api/wallets
-		reverse_proxy wallets:8081
-	}
+	handle_path /api/wallets* {
+		reverse_proxy wallets:8081
+	}

Also applies to: 31-33

🤖 Prompt for AI Agents

In `@deployments/docker-compose/Caddyfile` around lines 8 - 17, The Caddy handle
blocks for "/api/ledger/*" and "/api/wallets/*" only match subpaths and miss the
base paths "/api/ledger" and "/api/wallets", causing those requests to fall
through; update the two handle directives (the blocks currently starting with
handle /api/ledger/* and handle /api/wallets/*) to match both the base path and
subpaths (e.g., include both "/api/ledger" and "/api/ledger/*" in the handle
matcher, and likewise for wallets) and keep the existing uri strip_prefix and
reverse_proxy settings so requests to both the base path and any subpaths are
proxied correctly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Go 1.24 release date golang Docker image tags 2024 2025

💡 Result:

• Go 1.24 release date: February 11, 2025. [1][2]

• Official golang Docker image tags (examples for the 1.24 series you can pull): 1.24, 1.24.12 (point releases), 1.24-alpine / 1.24-alpine3.22 / 1.24-alpine3.23, 1.24-bookworm, 1.24-trixie, and Windows variants like 1.24-windowsservercore-ltsc2022, 1.24-nanoserver-ltsc2025, etc. (official Docker Hub tag listing). [3]

Sources:

1. Go 1.24 release notes (golang.org).
2. Secondary release listings confirming Feb 11, 2025 (version/chocolatey summaries).
3. Official golang image tags on Docker Hub.

---

🌐 Web query:

Alpine Linux 3.19 support status end of life

💡 Result:

Alpine Linux 3.19 reached end-of-life (EOL) on November 1, 2025 — it is no longer receiving security updates. [1][2]

Sources:
[1] endoflife.date — Alpine Linux (EOL listing for 3.19).
[2] Alpine Linux release announcements (3.19.x series; latest updates prior to EOL).

---

Consider upgrading Alpine Linux to a supported version.

Alpine Linux 3.19 reached end-of-life on November 1, 2025 and no longer receives security updates. Upgrade the base image on line 18 to Alpine 3.20 or later. The golang:1.24-alpine tag is valid and officially supported.

🤖 Prompt for AI Agents

In `@Dockerfile` at line 1, The Dockerfile uses an unsupported Alpine base tag;
update the FROM image tag (currently "golang:1.24-alpine") to an Alpine 3.20+
variant (for example "golang:1.24-alpine3.20" or another official golang:1.24
image that embeds Alpine 3.20 or newer) by replacing the FROM line so the build
uses a supported Alpine release; ensure any alpine-specific package commands
still work after the change and adjust package names if needed.