fix: use type=raw for Docker tags to preserve v prefix

docker/metadata-action type=semver strips the v prefix, causing
tag mismatch between git tags (v0.1.3) and Docker tags (0.1.3).
Switch to type=raw to pass through the version as-is.

.gitea/workflows/build-push.yaml

@@ -121,42 +121,19 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Set up Docker Buildx
+      - name: Configure insecure registry
-        uses: docker/setup-buildx-action@v3
-        with:
-          buildkitd-config-inline: |
-            [registry."gitea-http.gitea.svc.cluster.local:3000"]
-              http = true
-              insecure = true
-
-      - name: Login to Docker Hub
-        if: vars.DOCKERHUB_USERNAME != ''
-        uses: docker/login-action@v3
-        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Configure Docker for insecure registry
         run: |
           sudo mkdir -p /etc/docker
           echo '{"insecure-registries": ["${{ env.REGISTRY_HOST }}"]}' | sudo tee /etc/docker/daemon.json
-          sudo systemctl restart docker || sudo service docker restart || true
+          sudo kill -SIGHUP "$(pidof dockerd)" || true
-          sleep 2
+          sleep 3
 
       - name: Login to Gitea Registry
-        run: |
+        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login "${{ env.REGISTRY_HOST }}" -u "${{ secrets.REGISTRY_USER }}" --password-stdin
-          AUTH=$(echo -n "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_TOKEN }}" | base64 -w0)
+
-          mkdir -p ~/.docker
+      - name: Login to Docker Hub
-          cat > ~/.docker/config.json << EOF
+        if: vars.DOCKERHUB_USERNAME != ''
-          {
+        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ vars.DOCKERHUB_USERNAME }}" --password-stdin
-            "auths": {
-              "${{ env.REGISTRY_HOST }}": {
-                "auth": "$AUTH"
-              }
-            }
-          }
-          EOF
-          echo "Auth configured for ${{ env.REGISTRY_HOST }}"
 
       - name: Extract metadata
         id: meta
@@ -164,19 +141,25 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
-            type=semver,pattern={{version}},value=${{ needs.release.outputs.version }}
+            type=raw,value=${{ needs.release.outputs.version }}
-            type=semver,pattern={{major}}.{{minor}},value=${{ needs.release.outputs.version }}
             type=raw,value=latest,enable={{is_default_branch}}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        run: |
-        with:
+          # Build with all tags
-          context: .
+          TAGS=""
-          push: true
+          while IFS= read -r tag; do
-          tags: ${{ steps.meta.outputs.tags }}
+            [ -n "$tag" ] && TAGS="$TAGS -t $tag"
-          labels: ${{ steps.meta.outputs.labels }}
+          done <<< "${{ steps.meta.outputs.tags }}"
-          cache-from: type=gha
+          docker build $TAGS \
-          cache-to: type=gha,mode=max
+            --label "org.opencontainers.image.source=${{ gitea.server_url }}/${{ gitea.repository }}" \
+            --label "org.opencontainers.image.revision=${{ gitea.sha }}" \
+            .
+          # Push each tag
+          while IFS= read -r tag; do
+            [ -n "$tag" ] && docker push "$tag"
+          done <<< "${{ steps.meta.outputs.tags }}"
+
 
   notify:
     name: Notify

Dockerfile

@@ -3,10 +3,13 @@ FROM golang:1.25-alpine AS builder
 
 WORKDIR /app
 
-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache ca-certificates git
+
+ENV GOPRIVATE=git.daviestechlabs.io
+ENV GONOSUMCHECK=git.daviestechlabs.io
 
 COPY go.mod go.sum ./
-RUN go mod download
+RUN --mount=type=secret,id=netrc,target=/root/.netrc go mod download
 
 COPY . .
 

go.mod

@@ -3,9 +3,9 @@ module git.daviestechlabs.io/daviestechlabs/stt-module
 go 1.25.1
 
 require (
-	git.daviestechlabs.io/daviestechlabs/handler-base v0.1.3
+	git.daviestechlabs.io/daviestechlabs/handler-base v1.0.0
 	github.com/nats-io/nats.go v1.48.0
-	github.com/vmihailenco/msgpack/v5 v5.4.1
+	google.golang.org/protobuf v1.36.11
 )
 
 require (
@@ -19,7 +19,6 @@ require (
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/nats-io/nkeys v0.4.11 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
-	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/otel v1.40.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.40.0 // indirect
@@ -37,5 +36,4 @@ require (
 	google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
 	google.golang.org/grpc v1.78.0 // indirect
-	google.golang.org/protobuf v1.36.11 // indirect
 )

go.sum

@@ -1,5 +1,5 @@
-git.daviestechlabs.io/daviestechlabs/handler-base v0.1.3 h1:uYog8B839ulqrWoht3qqCvT7CnR3e2skpaLZc2Pg3GI=
+git.daviestechlabs.io/daviestechlabs/handler-base v1.0.0 h1:pB3ehOKaDYQfbyRBKQXrB9curqSFteLrDveoElRKnBY=
-git.daviestechlabs.io/daviestechlabs/handler-base v0.1.3/go.mod h1:M3HgvUDWnRn7cX3BE8l+HvoCUYtmRr5OoumB+hnRHoE=
+git.daviestechlabs.io/daviestechlabs/handler-base v1.0.0/go.mod h1:zocOHFt8yY3cW4+Xi37sNr5Tw7KcjGFSZqgWYxPWyqA=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
@@ -33,10 +33,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
-github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
-github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
-github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=

main.go

@@ -20,7 +20,7 @@ import (
 	"time"
 
 	"github.com/nats-io/nats.go"
-	"github.com/vmihailenco/msgpack/v5"
+	"google.golang.org/protobuf/proto"
 
 	"git.daviestechlabs.io/daviestechlabs/handler-base/config"
 	"git.daviestechlabs.io/daviestechlabs/handler-base/health"
@@ -324,17 +324,17 @@ func main() {
 
 		if transcript != "" {
 			result := &messages.STTTranscription{
-				SessionID:        sessionID,
+				SessionId:        sessionID,
 				Transcript:       transcript,
-				Sequence:         seq,
+				Sequence:         int32(seq),
 				IsPartial:        !complete,
 				IsFinal:          complete,
 				Timestamp:        time.Now().Unix(),
-				SpeakerID:        speakerID,
+				SpeakerId:        speakerID,
 				HasVoiceActivity: hasVoice,
 				State:            state,
 			}
-			packed, _ := msgpack.Marshal(result)
+			packed, _ := proto.Marshal(result)
 			_ = nc.Conn().Publish(fmt.Sprintf("%s.%s", transcriptionSubjectPrefix, sessionID), packed)
 			slog.Info("published transcription", "session", sessionID, "seq", seq)
 		}
@@ -378,8 +378,8 @@ func main() {
 		}
 		sessionID := parts[3]
 
-		streamMsg, err := natsutil.Decode[messages.STTStreamMessage](natMsg.Data)
+		var streamMsg messages.STTStreamMessage
-		if err != nil {
+		if err := natsutil.Decode(natMsg.Data, &streamMsg); err != nil {
 			slog.Error("decode error", "error", err)
 			return
 		}
@@ -391,8 +391,8 @@ func main() {
 			if streamMsg.State != "" {
 				buf.setState(streamMsg.State)
 			}
-			if streamMsg.SpeakerID != "" {
+			if streamMsg.SpeakerId != "" {
-				buf.speakerID = streamMsg.SpeakerID
+				buf.speakerID = streamMsg.SpeakerId
 			}
 			sessionsMu.Lock()
 			sessions[sessionID] = buf
@@ -442,12 +442,12 @@ func main() {
 			// Check for interrupt
 			if buffer.checkInterrupt(streamMsg.Audio, enableInterrupt, audioLevelThreshold, interruptDuration) {
 				interruptMsg := &messages.STTInterrupt{
-					SessionID: sessionID,
+					SessionId: sessionID,
 					Type:      "interrupt",
 					Timestamp: time.Now().Unix(),
-					SpeakerID: buffer.speakerID,
+					SpeakerId: buffer.speakerID,
 				}
-				packed, _ := msgpack.Marshal(interruptMsg)
+				packed, _ := proto.Marshal(interruptMsg)
 				_ = nc.Conn().Publish(fmt.Sprintf("%s.%s", transcriptionSubjectPrefix, sessionID), packed)
 				slog.Info("published interrupt", "session", sessionID)
 				buffer.setState(stateListening)