Fix Cloud Run build and stunnel startup support

- Downgrade Go version from 1.25.1 to 1.24.0 in go.mod and Dockerfile to resolve build failure (Go 1.25 is not yet released).
- Add `netcat-openbsd` to Dockerfile runtime image to ensure `nc` command is available for health checks.
- Update `entrypoint.sh` to robustly wait for `stunnel` to start using `nc` loop, preventing app startup failure when DB TLS is enabled.
- Add explicit error handling in `entrypoint.sh` if `stunnel` fails to start within timeout.

Dockerfile

@@ -1,7 +1,7 @@
 # ------------------------------
 # Stage 1 — Build
 # ------------------------------
-FROM golang:1.25 AS builder
+FROM golang:1.24 AS builder
 
 WORKDIR /src
 
@@ -23,7 +23,7 @@ FROM ubuntu:24.04
 WORKDIR /app
 
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends ca-certificates stunnel4 gettext-base \
+    && apt-get install -y --no-install-recommends ca-certificates stunnel4 gettext-base netcat-openbsd \
     && rm -rf /var/lib/apt/lists/* \
     && mkdir -p /var/run/stunnel \
     && chown -R nobody:nogroup /var/run/stunnel

entrypoint.sh

@@ -50,14 +50,27 @@ EOF
   stunnel "${STUNNEL_CONF}"
   
   # Wait for stunnel to be up (simple check)
-  for i in {1..10}; do
+  STUNNEL_UP=0
+  for i in {1..30}; do
     if nc -z 127.0.0.1 5432; then
       echo "Stunnel is up!"
+      STUNNEL_UP=1
       break
     fi
-    echo "Waiting for Stunnel..."
+    echo "Waiting for Stunnel... ($i/30)"
     sleep 1
   done
+
+  if [ "${STUNNEL_UP}" -eq 0 ]; then
+    echo "Error: Stunnel failed to start or is not reachable on port 5432."
+    echo "Stunnel logs:"
+    if [ -f "/var/log/stunnel.log" ]; then
+      cat /var/log/stunnel.log
+    else
+      echo "No stunnel log found."
+    fi
+    exit 1
+  fi
 fi
 
 # -----------------------------------------------------------------------------

go.mod

@@ -1,6 +1,6 @@
 module account
 
-go 1.25.1
+go 1.24.0
 
 require (
 	github.com/gin-contrib/cors v1.7.6