From bacd43617ec88850e52ec06780751c965f70c6c8 Mon Sep 17 00:00:00 2001
From: douxu <douxu@clea.com.cn>
Date: Fri, 29 May 2026 10:56:17 +0800
Subject: [PATCH] chore: bind sensitive config to env vars and bump Go image to
 1.25   - bind postgres.password to POSTGRES_PASSWORD env var via viper
 BindEnv   - bind service.secret_key to SERVICE_SECRET_KEY env var via viper
 BindEnv   - upgrade builder base image from golang:1.24-alpine to
 golang:1.25-alpine

---
 config/config.go                     | 3 +++
 deploy/dockerfile/modelrt.Dockerfile | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/config.go b/config/config.go
index 5a87f34..a0ddc7f 100644
--- a/config/config.go
+++ b/config/config.go
@@ -145,6 +145,9 @@ func ReadAndInitConfig(configDir, configName, configType string) (modelRTConfig
 		panic(err)
 	}
 
+	config.BindEnv("postgres.password", "POSTGRES_PASSWORD")
+	config.BindEnv("service.secret_key", "SERVICE_SECRET_KEY")
+
 	if err := config.Unmarshal(&modelRTConfig); err != nil {
 		panic(fmt.Sprintf("unmarshal modelRT config failed:%s\n", err.Error()))
 	}
diff --git a/deploy/dockerfile/modelrt.Dockerfile b/deploy/dockerfile/modelrt.Dockerfile
index c091aae..4f83bb4 100644
--- a/deploy/dockerfile/modelrt.Dockerfile
+++ b/deploy/dockerfile/modelrt.Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.24-alpine AS builder
+FROM golang:1.25-alpine AS builder
 RUN apk --no-cache upgrade
 
 WORKDIR /app