From 35ef8bb3918926e9aa110875b761695f8d929493 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Wed, 22 Apr 2026 15:57:29 -0400 Subject: [PATCH 01/18] name add --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c2bec0368b7..2ce283a5d49 100644 --- a/README.md +++ b/README.md @@ -21,3 +21,5 @@ go build -o notely && ./notely *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`. You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course! + +Beto's version of Boot.dev's Notely app. From 0cdfd6fa5e6fd88b304bf51787d0f8ab6566ff6e Mon Sep 17 00:00:00 2001 From: NorMeni Date: Thu, 23 Apr 2026 12:37:28 -0400 Subject: [PATCH 02/18] yaml file --- .github/workflows/ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000000..c3db7596c77 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,22 @@ +name: ci + +on: + pull_request: + branches: [main] + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.26.0" + + - name: Force Failure + run: (exit 1) From 53403664275712a1e6e49a4b05d14953aabce36b Mon Sep 17 00:00:00 2001 From: NorMeni Date: Thu, 23 Apr 2026 12:45:48 -0400 Subject: [PATCH 03/18] yaml update --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3db7596c77..5852b6ba493 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,5 +18,5 @@ jobs: with: go-version: "1.26.0" - - name: Force Failure - run: (exit 1) + - name: Show Go version + run: go version From 2b5053a970bfe48364766dc793d000d980eb0fae Mon Sep 17 00:00:00 2001 From: NorMeni Date: Thu, 23 Apr 2026 13:52:56 -0400 Subject: [PATCH 04/18] break code temp --- .github/workflows/ci.yml | 4 +-- internal/auth/get_api_key_test.go | 52 +++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 internal/auth/get_api_key_test.go diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5852b6ba493..a9093606a81 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,5 +18,5 @@ jobs: with: go-version: "1.26.0" - - name: Show Go version - run: go version + - name: Run tests + run: go test ./... diff --git a/internal/auth/get_api_key_test.go b/internal/auth/get_api_key_test.go new file mode 100644 index 00000000000..e165599a5d2 --- /dev/null +++ b/internal/auth/get_api_key_test.go @@ -0,0 +1,52 @@ +package auth + +import ( + "testing" + "net/http" + "errors" +) +d +func TestGetAPIKey(t *testing.T) { + type test struct { + name string + input http.Header + want string + wantErr error + } + + tests := []test{ + { + name: "valid header", input: http.Header{ + "Authorization": []string{"ApiKey 1234567890abcdef"}, + }, + want: "1234567890abcdef", + wantErr: nil, + }, + { + name: "invalid header", input: http.Header{ + "Authorization": []string{"ApiKey"}, + }, + want: "", + wantErr: errors.New("malformed authorization header"), + }, + { + name: "no header", input: http.Header{}, + want: "", + wantErr: ErrNoAuthHeaderIncluded, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + key, err := GetAPIKey(tc.input) + if key != tc.want { + t.Errorf("expected: %s, got: %s", tc.want, key) + } + if (err == nil) != (tc.wantErr == nil) { + t.Errorf("expected: %v, got: %v", tc.wantErr, err) + } else if err != nil && tc.wantErr != nil && err.Error() != tc.wantErr.Error() { + t.Errorf("expected error message: %v, got: %v", tc.wantErr.Error(), err.Error()) + } + }) + } +} From 560adf1a8832f2674a8776af88be86df2036e4dc Mon Sep 17 00:00:00 2001 From: NorMeni Date: Thu, 23 Apr 2026 13:54:06 -0400 Subject: [PATCH 05/18] add unit tests --- internal/auth/get_api_key_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/auth/get_api_key_test.go b/internal/auth/get_api_key_test.go index e165599a5d2..92e81ea2f98 100644 --- a/internal/auth/get_api_key_test.go +++ b/internal/auth/get_api_key_test.go @@ -5,7 +5,7 @@ import ( "net/http" "errors" ) -d + func TestGetAPIKey(t *testing.T) { type test struct { name string From 261ed86ae618b7d0b7badc2993f3f19c0e090635 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Thu, 23 Apr 2026 13:57:57 -0400 Subject: [PATCH 06/18] cover flag --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a9093606a81..0547b3fe81e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,4 +19,4 @@ jobs: go-version: "1.26.0" - name: Run tests - run: go test ./... + run: go test -cover ./... From 5da915f782ba58f0eea536ed0b889cc3fe2416f4 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Fri, 24 Apr 2026 13:42:16 -0400 Subject: [PATCH 07/18] new badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 2ce283a5d49..d97b4275eb4 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +![Tests](https://github.com///actions/workflows//badge.svg) + # learn-cicd-starter (Notely) This repo contains the starter code for the "Notely" application for the "Learn CICD" course on [Boot.dev](https://boot.dev). From 7618e7b1efc848c5291c8ab59eb893ebd03b5d7a Mon Sep 17 00:00:00 2001 From: NorMeni Date: Fri, 24 Apr 2026 13:48:10 -0400 Subject: [PATCH 08/18] badge updated --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d97b4275eb4..2ad26520017 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Tests](https://github.com///actions/workflows//badge.svg) +![Tests](https://github.com/BetoDev25/learn-cicd-starter/actions/workflows/ci.yml/badge.svg) # learn-cicd-starter (Notely) From 6a393a1c594ed48658d9f2f8ca7cfcddff11ffc0 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sat, 25 Apr 2026 08:35:36 -0400 Subject: [PATCH 09/18] new job --- .github/workflows/ci.yml | 16 ++++++++++++++++ internal/auth/get_api_key_test.go | 10 +++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0547b3fe81e..8b6935d4190 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,3 +20,19 @@ jobs: - name: Run tests run: go test -cover ./... + + style: + name: Style + runs-on: ubuntu-latest + + steps: + - name: Check out codde + uses: actions/checkout@v4 + + - name: Set up Go + - uses: actions/setup-go@v5 + with: + go-version: "1.26.0" + + - name: Formatting check + run: test -z $(go fmt ./...) diff --git a/internal/auth/get_api_key_test.go b/internal/auth/get_api_key_test.go index 92e81ea2f98..f3f791faf73 100644 --- a/internal/auth/get_api_key_test.go +++ b/internal/auth/get_api_key_test.go @@ -1,9 +1,9 @@ package auth import ( - "testing" - "net/http" "errors" + "net/http" + "testing" ) func TestGetAPIKey(t *testing.T) { @@ -19,19 +19,19 @@ func TestGetAPIKey(t *testing.T) { name: "valid header", input: http.Header{ "Authorization": []string{"ApiKey 1234567890abcdef"}, }, - want: "1234567890abcdef", + want: "1234567890abcdef", wantErr: nil, }, { name: "invalid header", input: http.Header{ "Authorization": []string{"ApiKey"}, }, - want: "", + want: "", wantErr: errors.New("malformed authorization header"), }, { name: "no header", input: http.Header{}, - want: "", + want: "", wantErr: ErrNoAuthHeaderIncluded, }, } From 735c9ad8f07722ef0f3c2ca814179a79306b2e90 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sat, 25 Apr 2026 08:37:46 -0400 Subject: [PATCH 10/18] job edit --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8b6935d4190..aa4315ffc8b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,5 +34,5 @@ jobs: with: go-version: "1.26.0" - - name: Formatting check + - name: Format check run: test -z $(go fmt ./...) From 1822fd6d5e106120dffa2960d9204e05aebd94db Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sat, 25 Apr 2026 08:41:17 -0400 Subject: [PATCH 11/18] job edit 2 --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aa4315ffc8b..876b0994de7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,11 +26,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: Check out codde + - name: Check out code uses: actions/checkout@v4 - name: Set up Go - - uses: actions/setup-go@v5 + uses: actions/setup-go@v5 with: go-version: "1.26.0" From e32ddbc36a209ba1e7416319325f3fac51acf685 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sat, 25 Apr 2026 08:51:40 -0400 Subject: [PATCH 12/18] lint job --- .github/workflows/ci.yml | 6 ++++++ main.go | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 876b0994de7..89f3d00ca10 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,3 +36,9 @@ jobs: - name: Format check run: test -z $(go fmt ./...) + + - name: Install staticcshock + run: go install honnef.co/go/tools/cmd/staticcheck@latest + + - name: Run staticcshock + run: staticcheck ./... diff --git a/main.go b/main.go index 19d7366c5f7..38538004ee2 100644 --- a/main.go +++ b/main.go @@ -21,6 +21,10 @@ type apiConfig struct { DB *database.Queries } +func unused() { + //nothing +} + //go:embed static/* var staticFiles embed.FS From f36348f959b3b1dfcdacc0bb66d7b319be6a068c Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sat, 25 Apr 2026 08:53:12 -0400 Subject: [PATCH 13/18] removed unused func --- main.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/main.go b/main.go index 38538004ee2..19d7366c5f7 100644 --- a/main.go +++ b/main.go @@ -21,10 +21,6 @@ type apiConfig struct { DB *database.Queries } -func unused() { - //nothing -} - //go:embed static/* var staticFiles embed.FS From 8512a576177f843d2cd11f69d82a94a6160666d4 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sun, 26 Apr 2026 12:39:53 -0400 Subject: [PATCH 14/18] gosec add --- .github/workflows/ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 89f3d00ca10..2c5810ddfe0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,6 +21,12 @@ jobs: - name: Run tests run: go test -cover ./... + - name: Install gosec + run: go install github.com/securego/gosec/v2/cmd/gosec@latest + + - name: Gosec check + run: gosec ./... + style: name: Style runs-on: ubuntu-latest From 37668d5cb2b1c81dfffdfc821ec03b0e66e2fc2c Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sun, 26 Apr 2026 12:57:39 -0400 Subject: [PATCH 15/18] fixed security issues --- json.go | 7 ++++++- main.go | 14 ++++++++++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/json.go b/json.go index 1e6e7985e18..3c5ad221259 100644 --- a/json.go +++ b/json.go @@ -30,5 +30,10 @@ func respondWithJSON(w http.ResponseWriter, code int, payload interface{}) { return } w.WriteHeader(code) - w.Write(dat) + _, err = w.Write(dat) + if err != nil { + log.Printf("Error writing to header: %s", err) + w.WriteHeader(500) + return + } } diff --git a/main.go b/main.go index 19d7366c5f7..023fd113537 100644 --- a/main.go +++ b/main.go @@ -7,6 +7,8 @@ import ( "log" "net/http" "os" + "time" + "strconv" "github.com/go-chi/chi" "github.com/go-chi/cors" @@ -89,10 +91,14 @@ func main() { router.Mount("/v1", v1Router) srv := &http.Server{ - Addr: ":" + port, - Handler: router, + Addr: ":" + port, + Handler: router, + ReadHeaderTimeout: time.Second * 10, } - - log.Printf("Serving on port: %s\n", port) + n, err := strconv.Atoi(port) + if err != nil { + log.Fatal(err) + } + log.Printf("Serving on port: %d\n", n) log.Fatal(srv.ListenAndServe()) } From 33510abdcd724b7cce3acb8ba5fba7426923d4d6 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sun, 26 Apr 2026 13:01:36 -0400 Subject: [PATCH 16/18] edit --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.go b/main.go index 023fd113537..97e88e4ebc4 100644 --- a/main.go +++ b/main.go @@ -7,8 +7,8 @@ import ( "log" "net/http" "os" - "time" "strconv" + "time" "github.com/go-chi/chi" "github.com/go-chi/cors" From 55fb8858fcebf641a63d0f053f133d64a8ddd1d5 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sun, 26 Apr 2026 13:48:23 -0400 Subject: [PATCH 17/18] cd workflow --- .github/workflows/cd.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/cd.yml diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000000..75a3031fe9e --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,20 @@ +on: + push: + branches: [main] + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.26.0" + + - name: Run app + run: ./scripts/buildprod.sh From fd1d1b5dc6e2f6318c0c81c448680a4b4713b9c4 Mon Sep 17 00:00:00 2001 From: NorMeni Date: Sun, 26 Apr 2026 13:53:24 -0400 Subject: [PATCH 18/18] edit --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 75a3031fe9e..31d873e2a9f 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -16,5 +16,5 @@ jobs: with: go-version: "1.26.0" - - name: Run app + - name: Build app run: ./scripts/buildprod.sh