From e4947f9c31e22b8120ad573086fb64a6638fd891 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 12:05:59 +0100 Subject: [PATCH 01/10] README modification --- .idea/.gitignore | 8 ++++++++ .idea/learn-cicd-starter.iml | 12 ++++++++++++ .idea/material_theme_project_new.xml | 12 ++++++++++++ .idea/modules.xml | 8 ++++++++ .idea/vcs.xml | 6 ++++++ README.md | 2 ++ 6 files changed, 48 insertions(+) create mode 100644 .idea/.gitignore create mode 100644 .idea/learn-cicd-starter.iml create mode 100644 .idea/material_theme_project_new.xml create mode 100644 .idea/modules.xml create mode 100644 .idea/vcs.xml diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000000..13566b81b0 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/learn-cicd-starter.iml b/.idea/learn-cicd-starter.iml new file mode 100644 index 0000000000..24643cc374 --- /dev/null +++ b/.idea/learn-cicd-starter.iml @@ -0,0 +1,12 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/.idea/material_theme_project_new.xml b/.idea/material_theme_project_new.xml new file mode 100644 index 0000000000..c833fad5ec --- /dev/null +++ b/.idea/material_theme_project_new.xml @@ -0,0 +1,12 @@ + + + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 0000000000..d0adac68cd --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000000..35eb1ddfbb --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/README.md b/README.md index c2bec0368b..1f8f18f9da 100644 --- a/README.md +++ b/README.md @@ -21,3 +21,5 @@ go build -o notely && ./notely *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`. You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course! + +Mario's version of Boot.dev's Notely app. \ No newline at end of file From 18ad8c95971ac4f6485ce2c97c1d422efe8eaa05 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 12:21:35 +0100 Subject: [PATCH 02/10] github workflows yml file --- .github/workflows/ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..f48b49e05b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,22 @@ +name: ci + +on: + pull_request: + branches: [main] + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.23.0" + + - name: Force Failure + run: (exit 1) \ No newline at end of file From 1beedd1a12de8e26d747d1f9966a95a75f9805cd Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 12:26:29 +0100 Subject: [PATCH 03/10] github workflows yml file fix --- .github/workflows/ci.yml | 4 +-- internal/auth/auth_test.go | 73 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 2 deletions(-) create mode 100644 internal/auth/auth_test.go diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f48b49e05b..4cfe3cc593 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,5 +18,5 @@ jobs: with: go-version: "1.23.0" - - name: Force Failure - run: (exit 1) \ No newline at end of file + - name: GO Tests + run: go test ./... \ No newline at end of file diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go new file mode 100644 index 0000000000..1209b43747 --- /dev/null +++ b/internal/auth/auth_test.go @@ -0,0 +1,73 @@ +package auth + +import ( + "errors" + "net/http" + "testing" +) + +func TestGetAPIKey(t *testing.T) { + tests := []struct { + name string + headers http.Header + expectedKey string + expectedError error + }{ + { + name: "valid API key", + headers: http.Header{ + "Authorization": []string{"ApiKey test-api-key-123"}, + }, + expectedKey: "test-api-key-123", + expectedError: nil, + }, + { + name: "missing authorization header", + headers: http.Header{}, + expectedKey: "", + expectedError: ErrNoAuthHeaderIncluded, + }, + { + name: "malformed authorization header - wrong format", + headers: http.Header{ + "Authorization": []string{"Bearer test-api-key-123"}, + }, + expectedKey: "", + expectedError: errors.New("malformed authorization header"), + }, + { + name: "malformed authorization header - missing key", + headers: http.Header{ + "Authorization": []string{"ApiKey"}, + }, + expectedKey: "", + expectedError: errors.New("malformed authorization header"), + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + key, err := GetAPIKey(tt.headers) + + // Check error + if tt.expectedError != nil { + if err == nil { + t.Errorf("expected error %v, got nil", tt.expectedError) + return + } + if err.Error() != tt.expectedError.Error() { + t.Errorf("expected error %v, got %v", tt.expectedError, err) + return + } + } else if err != nil { + t.Errorf("expected no error, got %v", err) + return + } + + // Check key + if key != tt.expectedKey { + t.Errorf("expected key %q, got %q", tt.expectedKey, key) + } + }) + } +} \ No newline at end of file From d621f1d5aeff08e8cd85f69573afae1cbc066eaa Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 12:59:03 +0100 Subject: [PATCH 04/10] coverage flag --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4cfe3cc593..c1164c27dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,4 +19,4 @@ jobs: go-version: "1.23.0" - name: GO Tests - run: go test ./... \ No newline at end of file + run: go test ./... -cover \ No newline at end of file From 17825216e05635b561092f24d2c94b5cd601c716 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 13:03:41 +0100 Subject: [PATCH 05/10] badge added to readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 1f8f18f9da..14d8bdcaa2 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +![test coverage badge](https://github.com/mogresta/learn-cicd-starter/actions/workflows/ci.yml/badge.svg) + # learn-cicd-starter (Notely) This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev). From caf118d6f99718787b2a0dcec1600466dc0c9a25 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 13:15:06 +0100 Subject: [PATCH 06/10] styling fix --- .github/workflows/ci.yml | 18 +++++++++++++++++- internal/auth/auth_test.go | 2 +- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c1164c27dd..3d05dcee4d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,4 +19,20 @@ jobs: go-version: "1.23.0" - name: GO Tests - run: go test ./... -cover \ No newline at end of file + run: go test ./... -cover + + styles: + name: Style + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.23.0" + + - name: Indentation + run: test -z $(go fmt ./...) diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 1209b43747..b17f367552 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go @@ -70,4 +70,4 @@ func TestGetAPIKey(t *testing.T) { } }) } -} \ No newline at end of file +} From e4e08c76b220ece46f56dfb748dda153a8316ef7 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 13:26:20 +0100 Subject: [PATCH 07/10] added staticcheck --- .github/workflows/ci.yml | 8 +++++++- main.go | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3d05dcee4d..3a2ca56427 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,4 +35,10 @@ jobs: go-version: "1.23.0" - name: Indentation - run: test -z $(go fmt ./...) + run: go fmt ./... + + - name: Install staticcheck + run: go install honnef.co/go/tools/cmd/staticcheck@latest + + - name: Run staticcheck + run: staticcheck ./... diff --git a/main.go b/main.go index 19d7366c5f..dd9f84f90e 100644 --- a/main.go +++ b/main.go @@ -95,4 +95,4 @@ func main() { log.Printf("Serving on port: %s\n", port) log.Fatal(srv.ListenAndServe()) -} +} \ No newline at end of file From 425952aabcbd6453e9fa1dc6e5a7890fd692db54 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 13:40:10 +0100 Subject: [PATCH 08/10] added gosec --- .github/workflows/ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3a2ca56427..3b1fd88eb0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,9 +18,15 @@ jobs: with: go-version: "1.23.0" + - name: Install gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + - name: GO Tests run: go test ./... -cover + - name: Run Gosec + run: gosec ./... + styles: name: Style runs-on: ubuntu-latest From 3537b485c0b376424ef12bdd813921d067a5b87e Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 14:04:25 +0100 Subject: [PATCH 09/10] security fix --- json.go | 5 ++++- main.go | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/json.go b/json.go index e346ef4093..27f996cf87 100644 --- a/json.go +++ b/json.go @@ -27,5 +27,8 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) { return } w.WriteHeader(code) - w.Write(dat) + _, err = w.Write(dat) + if err != nil { + log.Printf("Error responding: %s", err) + } } diff --git a/main.go b/main.go index dd9f84f90e..dcf63482b0 100644 --- a/main.go +++ b/main.go @@ -7,6 +7,7 @@ import ( "log" "net/http" "os" + "time" "github.com/go-chi/chi" "github.com/go-chi/cors" @@ -89,8 +90,9 @@ func main() { router.Mount("/v1", v1Router) srv := &http.Server{ - Addr: ":" + port, - Handler: router, + Addr: ":" + port, + Handler: router, + ReadHeaderTimeout: time.Second * 10, } log.Printf("Serving on port: %s\n", port) From ef7f8d17f707f994f0e6298ce487f1d74204f8dd Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 29 Jan 2025 14:53:57 +0100 Subject: [PATCH 10/10] CI yaml --- .github/workflows/cd.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/cd.yml diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 0000000000..137db6d743 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,23 @@ +name: ci + +on: + push: + branches: [main] + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + timeout-minutes: 30 + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.23.0" + + - name: Build prod + run: buildprod.sh \ No newline at end of file