From cdae10020e6cf197ecdafd1833c5e4134730f18b Mon Sep 17 00:00:00 2001 From: bentu578 Date: Fri, 3 Oct 2025 18:13:14 -0400 Subject: [PATCH 01/16] added description to readme --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index c2bec0368b..9bc230b0a3 100644 --- a/README.md +++ b/README.md @@ -21,3 +21,6 @@ go build -o notely && ./notely *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`. You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course! + + +bentu578's version of Boot.dev's Notely app. \ No newline at end of file From c04b2942bde01a4f5e6558ceee672d4ce95d83ee Mon Sep 17 00:00:00 2001 From: bentu578 Date: Fri, 3 Oct 2025 18:30:53 -0400 Subject: [PATCH 02/16] Add failing CI workflow --- .github/workflows/ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000000..249cc5258a --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,22 @@ +name: ci + +on: + pull_request: + branches: [main] + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.25.1" + + - name: Force Failure + run: (exit 1) From 62194d8aed96ec037f553ce7068a66f9f6982256 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Fri, 3 Oct 2025 18:34:03 -0400 Subject: [PATCH 03/16] CI: replace forced failure with go version --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 249cc5258a..8cdc641b14 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,5 +18,5 @@ jobs: with: go-version: "1.25.1" - - name: Force Failure - run: (exit 1) + - name: Show Go version + run: go version \ No newline at end of file From a278e7a6bec0d8ee2cf9c0f282d185e59f4c3a80 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sat, 4 Oct 2025 12:23:00 -0400 Subject: [PATCH 04/16] test(auth): table-driven tests for GetAPIKey --- internal/auth/auth_test.go | 76 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 internal/auth/auth_test.go diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go new file mode 100644 index 0000000000..8fd86f3c52 --- /dev/null +++ b/internal/auth/auth_test.go @@ -0,0 +1,76 @@ +package auth + +import ( + "errors" + "net/http" + "testing" +) + +func TestGetAPIKey_TableDriven(t *testing.T) { + makeHdr := func(v string) http.Header { + h := http.Header{} + if v != "" { + h.Set("Authorization", v) + } + return h + } + + tests := []struct { + name string + header string + wantKey string + wantErr bool + wantNoHdr bool // specifically expect ErrNoAuthHeaderIncluded + }{ + { + name: "success", + header: "ApiKey abc123", + wantKey: "abc123", + }, + { + name: "missing header", + header: "", + wantErr: true, + wantNoHdr: true, + }, + { + name: "wrong scheme", + header: "Bearer abc123", + wantErr: true, + }, + { + name: "empty key allowed by implementation", + header: "ApiKey ", + wantKey: "", + }, + { + name: "key with spaces returns first token only", + header: "ApiKey too many parts", + wantKey: "too", + }, + } + + for _, tc := range tests { + tc := tc + t.Run(tc.name, func(t *testing.T) { + key, err := GetAPIKey(makeHdr(tc.header)) + + if tc.wantErr { + if err == nil { + t.Fatalf("expected error, got nil (key=%q)", key) + } + if tc.wantNoHdr && !errors.Is(err, ErrNoAuthHeaderIncluded) { + t.Fatalf("expected ErrNoAuthHeaderIncluded, got %v", err) + } + return + } + + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if key != tc.wantKey { + t.Fatalf("want key %q, got %q", tc.wantKey, key) + } + }) + } +} From ed96fcbbdfb3d9d854404a7d82652024ba303269 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sat, 4 Oct 2025 12:27:12 -0400 Subject: [PATCH 05/16] test: intentional failing test to verify CI --- .github/workflows/ci.yml | 4 ++-- internal/auth/break_test.go | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 internal/auth/break_test.go diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8cdc641b14..763af7b1f6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,5 +18,5 @@ jobs: with: go-version: "1.25.1" - - name: Show Go version - run: go version \ No newline at end of file + - name: Run unit tests + run: go test ./... diff --git a/internal/auth/break_test.go b/internal/auth/break_test.go new file mode 100644 index 0000000000..ff6f34b6de --- /dev/null +++ b/internal/auth/break_test.go @@ -0,0 +1,7 @@ +package auth + +import "testing" + +func TestTemporaryBreak(t *testing.T) { + t.Fatal("intentional CI failure") +} From 13ecec913965014d1cf4912654e994261b0a740d Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sat, 4 Oct 2025 12:29:51 -0400 Subject: [PATCH 06/16] test: remove intentional failing test --- internal/auth/break_test.go | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 internal/auth/break_test.go diff --git a/internal/auth/break_test.go b/internal/auth/break_test.go deleted file mode 100644 index ff6f34b6de..0000000000 --- a/internal/auth/break_test.go +++ /dev/null @@ -1,7 +0,0 @@ -package auth - -import "testing" - -func TestTemporaryBreak(t *testing.T) { - t.Fatal("intentional CI failure") -} From b4acddde5f886bd6ad6cc44e5b8747c1ac7eac92 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sat, 4 Oct 2025 12:32:35 -0400 Subject: [PATCH 07/16] ci: run go tests with coverage --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 763af7b1f6..be7dccff72 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,5 +18,5 @@ jobs: with: go-version: "1.25.1" - - name: Run unit tests - run: go test ./... + - name: Run unit tests with coverage + run: go test -cover ./... From 28326f73619c8abbb5161a77e49b635722d2d758 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sat, 4 Oct 2025 12:37:00 -0400 Subject: [PATCH 08/16] docs: add CI status badge to README --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 9bc230b0a3..dcb6586933 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ +[![CI](https://github.com/bentu578/learn-cicd-starter/actions/workflows/ci.yml/badge.svg)](https://github.com/bentu578/learn-cicd-starter/actions/workflows/ci.yml) + + # learn-cicd-starter (Notely) This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev). From ef8807805a9bd182446bae6ec10942b9a42e7a2e Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sat, 4 Oct 2025 13:29:24 -0400 Subject: [PATCH 09/16] ci: add parallel Style job to check formatting --- .github/workflows/ci.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be7dccff72..d7cdf71b1b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,6 @@ jobs: tests: name: Tests runs-on: ubuntu-latest - steps: - name: Check out code uses: actions/checkout@v4 @@ -20,3 +19,19 @@ jobs: - name: Run unit tests with coverage run: go test -cover ./... + + style: + name: Style + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.25.1" + + - name: Check formatting + # test returns 0 only if go fmt prints nothing (already formatted) + run: test -z "$(go fmt ./...)" From 3babc93bdf6274911710f9713f179bce458404ef Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sat, 4 Oct 2025 13:36:29 -0400 Subject: [PATCH 10/16] saving with formatting needing to be changed --- main.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index 19d7366c5f..e113f5e315 100644 --- a/main.go +++ b/main.go @@ -17,14 +17,14 @@ import ( _ "github.com/tursodatabase/libsql-client-go/libsql" ) -type apiConfig struct { +type apiConfig struct{ DB *database.Queries } //go:embed static/* var staticFiles embed.FS -func main() { +func main(){ err := godotenv.Load(".env") if err != nil { log.Printf("warning: assuming default configuration. .env unreadable: %v", err) @@ -74,6 +74,7 @@ func main() { if _, err := io.Copy(w, f); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) } + }) v1Router := chi.NewRouter() From 99117e7c2f5fddf07661815e507414f563fdf76c Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sat, 4 Oct 2025 13:58:20 -0400 Subject: [PATCH 11/16] style: run go fmt to fix formatting issues --- main.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index e113f5e315..ca768be68e 100644 --- a/main.go +++ b/main.go @@ -17,14 +17,14 @@ import ( _ "github.com/tursodatabase/libsql-client-go/libsql" ) -type apiConfig struct{ +type apiConfig struct { DB *database.Queries } //go:embed static/* var staticFiles embed.FS -func main(){ +func main() { err := godotenv.Load(".env") if err != nil { log.Printf("warning: assuming default configuration. .env unreadable: %v", err) From 11b407a608cc94b3bbb263d42e33f5ff355fda96 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sun, 5 Oct 2025 11:24:59 -0400 Subject: [PATCH 12/16] ci(style): add staticcheck; introduce unused function to verify failure --- .github/workflows/ci.yml | 11 +++++++---- main.go | 5 +++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d7cdf71b1b..4864d47528 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,12 +11,10 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - - name: Set up Go uses: actions/setup-go@v5 with: go-version: "1.25.1" - - name: Run unit tests with coverage run: go test -cover ./... @@ -26,12 +24,17 @@ jobs: steps: - name: Check out code uses: actions/checkout@v4 - - name: Set up Go uses: actions/setup-go@v5 with: go-version: "1.25.1" + # Fail if any files need formatting - name: Check formatting - # test returns 0 only if go fmt prints nothing (already formatted) run: test -z "$(go fmt ./...)" + + # Install and run staticcheck + - name: Install staticcheck + run: go install honnef.co/go/tools/cmd/staticcheck@latest + - name: Lint with staticcheck + run: staticcheck ./... diff --git a/main.go b/main.go index ca768be68e..6281ba0b57 100644 --- a/main.go +++ b/main.go @@ -97,3 +97,8 @@ func main() { log.Printf("Serving on port: %s\n", port) log.Fatal(srv.ListenAndServe()) } + +func unused() { + // this function does nothing + // and is called nowhere +} From 8c6e4cd39df583b59282149c378edde16e1f5a72 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Sun, 5 Oct 2025 11:27:17 -0400 Subject: [PATCH 13/16] remove unused function --- main.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/main.go b/main.go index 6281ba0b57..ca768be68e 100644 --- a/main.go +++ b/main.go @@ -97,8 +97,3 @@ func main() { log.Printf("Serving on port: %s\n", port) log.Fatal(srv.ListenAndServe()) } - -func unused() { - // this function does nothing - // and is called nowhere -} From a4738d6cec86ecd2f39e8f0a16793e82c8192dc3 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Mon, 6 Oct 2025 20:55:05 -0400 Subject: [PATCH 14/16] ci: add gosec security scan to Tests job --- .github/workflows/ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4864d47528..b7dff875c8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,3 +38,10 @@ jobs: run: go install honnef.co/go/tools/cmd/staticcheck@latest - name: Lint with staticcheck run: staticcheck ./... + + # --- Security scan (intentionally fail first run) --- + - name: Install gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + + - name: Run gosec + run: gosec ./... \ No newline at end of file From e5e33cb8de4f894eb5c18bfbc5ee87155cabee22 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Mon, 6 Oct 2025 20:56:41 -0400 Subject: [PATCH 15/16] ci: add gosec security scan to Tests job --- .github/workflows/ci.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b7dff875c8..f8192fc72b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,6 +17,13 @@ jobs: go-version: "1.25.1" - name: Run unit tests with coverage run: go test -cover ./... + + # --- Security scan (intentionally fail first run) --- + - name: Install gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + + - name: Run gosec + run: gosec ./... style: name: Style @@ -39,9 +46,3 @@ jobs: - name: Lint with staticcheck run: staticcheck ./... - # --- Security scan (intentionally fail first run) --- - - name: Install gosec - run: go install github.com/securego/gosec/v2/cmd/gosec@latest - - - name: Run gosec - run: gosec ./... \ No newline at end of file From fda3c54c4b0189b50dffc867a093f407c54bdcf0 Mon Sep 17 00:00:00 2001 From: bentu578 Date: Mon, 6 Oct 2025 21:09:36 -0400 Subject: [PATCH 16/16] security: add HTTP server timeouts and handle write error --- json.go | 7 ++++++- main.go | 9 +++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/json.go b/json.go index 1e6e7985e1..ee92a78a23 100644 --- a/json.go +++ b/json.go @@ -29,6 +29,11 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) { w.WriteHeader(500) return } + w.WriteHeader(code) - w.Write(dat) + if _, err := w.Write(dat); err != nil { + // just log a warning — no need to panic + log.Printf("warning: failed to write response: %v", err) + } + } diff --git a/main.go b/main.go index ca768be68e..92c8f1540b 100644 --- a/main.go +++ b/main.go @@ -7,6 +7,7 @@ import ( "log" "net/http" "os" + "time" "github.com/go-chi/chi" "github.com/go-chi/cors" @@ -90,8 +91,12 @@ func main() { router.Mount("/v1", v1Router) srv := &http.Server{ - Addr: ":" + port, - Handler: router, + Addr: ":" + port, + Handler: router, + ReadHeaderTimeout: 5 * time.Second, + ReadTimeout: 10 * time.Second, + WriteTimeout: 15 * time.Second, + IdleTimeout: 60 * time.Second, } log.Printf("Serving on port: %s\n", port)