From 2a13a19536a5620ffc097a0c3de49ce418b89db4 Mon Sep 17 00:00:00 2001
From: Ronni Skansing <rskansing@gmail.com>
Date: Wed, 3 Jun 2026 17:33:37 +0200
Subject: [PATCH 1/5] test no glib

Signed-off-by: Ronni Skansing <rskansing@gmail.com>
---
 .github/workflows/test-build.yml | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml
index 4b1434c..c11e456 100644
--- a/.github/workflows/test-build.yml
+++ b/.github/workflows/test-build.yml
@@ -56,28 +56,24 @@ jobs:
         run: |
           mkdir -p build/amd64 build/arm64
 
-          # build amd64 binary
+          # build amd64 binary — static musl so no glibc floor on target systems
           sudo docker run --rm \
           -v "$(pwd)":/app \
           -w /app/backend \
-          -e CGO_ENABLED=1 \
-          -e GOOS=linux \
-          -e GOARCH=amd64 \
-          golang:1.25.10 \
-          go build -trimpath \
-          -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }}' \
-          -tags production -o ../build/amd64/phishingclub main.go
+          golang:1.25.10-alpine \
+          sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
+          -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
+          -tags production -o ../build/amd64/phishingclub main.go"
 
-          # build arm64 binary
+          # build arm64 binary — run natively under QEMU (already set up above)
           sudo docker run --rm \
+          --platform linux/arm64 \
           -v "$(pwd)":/app \
           -w /app/backend \
-          -e CGO_ENABLED=1 \
-          -e GOOS=linux \
-          -e GOARCH=arm64 \
-          -e CC=aarch64-linux-gnu-gcc \
-          golang:1.25.10 \
-          bash -c "apt-get update && apt-get install -y gcc-aarch64-linux-gnu && go build -trimpath -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }}' -tags production -o ../build/arm64/phishingclub main.go"
+          golang:1.25.10-alpine \
+          sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
+          -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
+          -tags production -o ../build/arm64/phishingclub main.go"
 
       - name: Fix build directory permissions
         run: |

From 72679fb51f951d17775f53068b920a42dd7abf76 Mon Sep 17 00:00:00 2001
From: Ronni Skansing <rskansing@gmail.com>
Date: Wed, 3 Jun 2026 18:03:31 +0200
Subject: [PATCH 2/5] improve ARM build time

Signed-off-by: Ronni Skansing <rskansing@gmail.com>
---
 .github/workflows/test-build.yml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml
index c11e456..8834247 100644
--- a/.github/workflows/test-build.yml
+++ b/.github/workflows/test-build.yml
@@ -65,15 +65,19 @@ jobs:
           -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
           -tags production -o ../build/amd64/phishingclub main.go"
 
-          # build arm64 binary — run natively under QEMU (already set up above)
+          # build arm64 binary — cross-compile with musl.cc toolchain, pinned by SHA512
           sudo docker run --rm \
-          --platform linux/arm64 \
           -v "$(pwd)":/app \
           -w /app/backend \
-          golang:1.25.10-alpine \
-          sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
-          -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
-          -tags production -o ../build/arm64/phishingclub main.go"
+          golang:1.25.10 \
+          bash -c "set -e && \
+            curl -fsSL https://musl.cc/aarch64-linux-musl-cross.tgz -o /tmp/cross.tgz && \
+            echo '8695ff86979cdf30fbbcd33061711f5b1ebc3c48a87822b9ca56cde6d3a22abd4dab30fdcd1789ac27c6febbaeb9e5bde59d79d66552fae53d54cc1377a19272  /tmp/cross.tgz' | sha512sum -c && \
+            tar -xzf /tmp/cross.tgz -C /tmp && \
+            CGO_ENABLED=1 GOOS=linux GOARCH=arm64 CC=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc \
+            go build -trimpath \
+            -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
+            -tags production -o ../build/arm64/phishingclub main.go"
 
       - name: Fix build directory permissions
         run: |

From 51d1f4edb3320118a5c91613ef1eb764f24a520a Mon Sep 17 00:00:00 2001
From: Ronni Skansing <rskansing@gmail.com>
Date: Wed, 3 Jun 2026 18:18:00 +0200
Subject: [PATCH 3/5] Revert "improve ARM build time"

This reverts commit 72679fb51f951d17775f53068b920a42dd7abf76.
---
 .github/workflows/test-build.yml | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml
index 8834247..c11e456 100644
--- a/.github/workflows/test-build.yml
+++ b/.github/workflows/test-build.yml
@@ -65,19 +65,15 @@ jobs:
           -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
           -tags production -o ../build/amd64/phishingclub main.go"
 
-          # build arm64 binary — cross-compile with musl.cc toolchain, pinned by SHA512
+          # build arm64 binary — run natively under QEMU (already set up above)
           sudo docker run --rm \
+          --platform linux/arm64 \
           -v "$(pwd)":/app \
           -w /app/backend \
-          golang:1.25.10 \
-          bash -c "set -e && \
-            curl -fsSL https://musl.cc/aarch64-linux-musl-cross.tgz -o /tmp/cross.tgz && \
-            echo '8695ff86979cdf30fbbcd33061711f5b1ebc3c48a87822b9ca56cde6d3a22abd4dab30fdcd1789ac27c6febbaeb9e5bde59d79d66552fae53d54cc1377a19272  /tmp/cross.tgz' | sha512sum -c && \
-            tar -xzf /tmp/cross.tgz -C /tmp && \
-            CGO_ENABLED=1 GOOS=linux GOARCH=arm64 CC=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc \
-            go build -trimpath \
-            -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
-            -tags production -o ../build/arm64/phishingclub main.go"
+          golang:1.25.10-alpine \
+          sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
+          -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
+          -tags production -o ../build/arm64/phishingclub main.go"
 
       - name: Fix build directory permissions
         run: |

From 5c29249b82f329b2600be0cd58cd276eba7d0690 Mon Sep 17 00:00:00 2001
From: Ronni Skansing <rskansing@gmail.com>
Date: Wed, 3 Jun 2026 18:25:11 +0200
Subject: [PATCH 4/5] cache compiled deps

Signed-off-by: Ronni Skansing <rskansing@gmail.com>
---
 .github/workflows/test-build.yml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml
index c11e456..8ac2100 100644
--- a/.github/workflows/test-build.yml
+++ b/.github/workflows/test-build.yml
@@ -52,13 +52,21 @@ jobs:
           mkdir -p backend/frontend/build
           cp -r frontend/build/* backend/frontend/build/
 
+      - name: Cache Go build cache
+        uses: actions/cache@v4
+        with:
+          path: /tmp/go-build-cache
+          key: go-build-${{ runner.os }}-${{ hashFiles('backend/go.sum') }}
+          restore-keys: go-build-${{ runner.os }}-
+
       - name: Build binaries for multiple architectures
         run: |
-          mkdir -p build/amd64 build/arm64
+          mkdir -p build/amd64 build/arm64 /tmp/go-build-cache
 
           # build amd64 binary — static musl so no glibc floor on target systems
           sudo docker run --rm \
           -v "$(pwd)":/app \
+          -v /tmp/go-build-cache:/root/.cache/go-build \
           -w /app/backend \
           golang:1.25.10-alpine \
           sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
@@ -69,6 +77,7 @@ jobs:
           sudo docker run --rm \
           --platform linux/arm64 \
           -v "$(pwd)":/app \
+          -v /tmp/go-build-cache:/root/.cache/go-build \
           -w /app/backend \
           golang:1.25.10-alpine \
           sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \

From a0bbf1b6c95dc84b613d90e6f76fc0b9f51d4f73 Mon Sep 17 00:00:00 2001
From: Ronni Skansing <rskansing@gmail.com>
Date: Thu, 4 Jun 2026 09:07:03 +0200
Subject: [PATCH 5/5] add musl to prod build

Signed-off-by: Ronni Skansing <rskansing@gmail.com>
---
 .github/workflows/release.yml | 37 ++++++++++++++++++++---------------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9bc27a6..2eb4ed6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,32 +54,37 @@ jobs:
           mkdir -p backend/frontend/build
           cp -r frontend/build/* backend/frontend/build/
 
+      - name: Cache Go build cache
+        uses: actions/cache@v4
+        with:
+          path: /tmp/go-build-cache
+          key: go-build-${{ runner.os }}-${{ hashFiles('backend/go.sum') }}
+          restore-keys: go-build-${{ runner.os }}-
+
       - name: Build binaries for multiple architectures
         run: |
-          mkdir -p build/amd64 build/arm64
+          mkdir -p build/amd64 build/arm64 /tmp/go-build-cache
 
-          # build amd64 binary
+          # build amd64 binary — static musl so no glibc floor on target systems
           sudo docker run --rm \
           -v "$(pwd)":/app \
+          -v /tmp/go-build-cache:/root/.cache/go-build \
           -w /app/backend \
-          -e CGO_ENABLED=1 \
-          -e GOOS=linux \
-          -e GOARCH=amd64 \
-          golang:1.25.10 \
-          go build -trimpath \
-          -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }}' \
-          -tags production -o ../build/amd64/phishingclub main.go
+          golang:1.25.10-alpine \
+          sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
+          -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
+          -tags production -o ../build/amd64/phishingclub main.go"
 
-          # build arm64 binary
+          # build arm64 binary — run natively under QEMU (already set up above)
           sudo docker run --rm \
+          --platform linux/arm64 \
           -v "$(pwd)":/app \
+          -v /tmp/go-build-cache:/root/.cache/go-build \
           -w /app/backend \
-          -e CGO_ENABLED=1 \
-          -e GOOS=linux \
-          -e GOARCH=arm64 \
-          -e CC=aarch64-linux-gnu-gcc \
-          golang:1.25.10 \
-          bash -c "apt-get update && apt-get install -y gcc-aarch64-linux-gnu && go build -trimpath -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }}' -tags production -o ../build/arm64/phishingclub main.go"
+          golang:1.25.10-alpine \
+          sh -c "apk add --no-cache gcc musl-dev && go build -trimpath \
+          -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }} -linkmode=external -extldflags=-static' \
+          -tags production -o ../build/arm64/phishingclub main.go"
 
       - name: Fix build directory permissions
         run: |