diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000000..2c78ab1a9b0 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,22 @@ +name: cd + +on: + push: + branches: [main] + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.22' + + - name: Build the app + run: ./scripts/buildprod.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000000..ce697b92fc4 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,49 @@ +name: ci + +on: + pull_request: + branches: [main] + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.23.0" + + - name: Check Tests + run: go test -cover ./... + + - name: Install gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + + - name: Run gosec + run: gosec ./... + + style: + name: Style + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: '1.22' + + - name: Run formatting check + run: test -z $(go fmt ./...) + + - name: Install staticcheck + run: go install honnef.co/go/tools/cmd/staticcheck@latest + + - name: Run staticcheck + run: staticcheck ./... diff --git a/README.md b/README.md index c2bec0368b7..cec5d8f6fb1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +![Test Status](https://github.com/yasarremre/learn-cicd-starter/actions/workflows/ci.yml/badge.svg) + # learn-cicd-starter (Notely) This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev). @@ -21,3 +23,5 @@ go build -o notely && ./notely *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`. You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course! + +EMRE's version of Boot.dev's Notely app. diff --git a/internal/auth/auth.go b/internal/auth/auth.go index f969aacf638..743ef0cdca5 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -8,7 +8,8 @@ import ( var ErrNoAuthHeaderIncluded = errors.New("no authorization header included") -// GetAPIKey - +// GetAPIKey extracts an API Key from +// the HTTP request headers func GetAPIKey(headers http.Header) (string, error) { authHeader := headers.Get("Authorization") if authHeader == "" { diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go new file mode 100644 index 00000000000..20f10fa8046 --- /dev/null +++ b/internal/auth/auth_test.go @@ -0,0 +1,72 @@ +package auth + +import ( + "net/http" + "testing" +) + +func TestGetAPIKey(t *testing.T) { + tests := []struct { + name string + headers http.Header + wantKey string + wantErrString string + }{ + { + name: "Success: Valid ApiKey header", + headers: http.Header{ + "Authorization": []string{"ApiKey secret-token-123"}, + }, + wantKey: "secret-token-123", + }, + { + name: "Error: No Authorization header", + headers: http.Header{}, + wantErrString: ErrNoAuthHeaderIncluded.Error(), + }, + { + name: "Error: Malformed header (missing prefix)", + headers: http.Header{ + "Authorization": []string{"secret-token-123"}, + }, + wantErrString: "malformed authorization header", + }, + { + name: "Error: Malformed header (wrong prefix)", + headers: http.Header{ + "Authorization": []string{"Bearer some-token"}, + }, + wantErrString: "malformed authorization header", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotKey, err := GetAPIKey(tt.headers) + + // Check for expected error + if tt.wantErrString != "" { + if err == nil { + t.Errorf("GetAPIKey() error = nil, wantErr %v", tt.wantErrString) + return + } + if err.Error() != tt.wantErrString { + t.Errorf("GetAPIKey() error = %v, wantErr %v", err.Error(), tt.wantErrString) + return + } + return + } + + // Check for unexpected error + if err != nil { + t.Errorf("GetAPIKey() unexpected error: %v", err) + return + } + + // Check returned key + if gotKey != tt.wantKey { + t.Errorf("GetAPIKey() = %v, want %v", gotKey, tt.wantKey) + } + }) + } +} diff --git a/json.go b/json.go index 1e6e7985e18..3da30750895 100644 --- a/json.go +++ b/json.go @@ -30,5 +30,5 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) { return } w.WriteHeader(code) - w.Write(dat) + _, _ = w.Write(dat) } diff --git a/main.go b/main.go index 19d7366c5f7..f0efff20b59 100644 --- a/main.go +++ b/main.go @@ -7,6 +7,7 @@ import ( "log" "net/http" "os" + "time" "github.com/go-chi/chi" "github.com/go-chi/cors" @@ -89,10 +90,11 @@ func main() { router.Mount("/v1", v1Router) srv := &http.Server{ - Addr: ":" + port, - Handler: router, + Addr: ":" + port, + Handler: router, + ReadHeaderTimeout: 10 * time.Second, } - log.Printf("Serving on port: %s\n", port) + log.Printf("Serving on port: %s\n", port) // #nosec G706 log.Fatal(srv.ListenAndServe()) }