mirror of
https://github.com/tiennm99/miti99bot.git
synced 2026-06-09 02:14:56 +00:00
tiennm99
f3b9891a54
Rename: - Go module github.com/tiennm99/miti99bot-go → github.com/tiennm99/miti99bot - CloudFormation stack miti99bot-aws-port → miti99bot - Drop "port", "Cloud Run", "GCP", "cutover", "Phase NN" framing from active code and docs — project reads as canonical AWS-Lambda from now on. AWS deploy guide + flow fix: - New docs/deploy-aws-free-tier-guide.md — Ubuntu 24.04 ARM64 onboarding with project-local venv (pip awscli + sam-cli), SSM secrets via read -s, idempotent OIDC provider + role creation, $1 budget alarm. - Drop sam build from the pipeline — provided.al2023 + makefile builder expects a Makefile in CodeUri (build/lambda/, the output dir), so the step always fails. sam deploy --template-file template.yaml now reads the raw template and zips build/lambda/ directly. - Rollback section rewritten — use continue-update-rollback / cancel-update-stack / git-SHA redeploy. Drop the broken --use-previous-template recipe. - DynamoDB free-tier row corrected (on-demand is 2.5M read / 1M write request units, not 25 RCU/WCU). Updated: - README.md fully rewritten (drops port/legacy framing, lists modules, points new users at the free-tier guide). - aws/README.md retitled "AWS account setup", phase numbers stripped. - Makefile / .github/workflows/deploy.yml — sam deploy flow. - samconfig.toml — stack_name = "miti99bot". - Go comments — Cloud Run → Lambda, Cloud Scheduler → EventBridge Scheduler, Cloud Logging → CloudWatch Logs. - Struct field GCPProject → FirestoreProject (env GOOGLE_CLOUD_PROJECT unchanged). Plus advisory reports under plans/reports/ from the code-reviewer + researcher passes that informed the fixes. Verified: go vet ./..., go build ./..., go test ./... all green.
78 lines
2.2 KiB
YAML
78 lines
2.2 KiB
YAML
name: ci
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
go:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
go: ['1.25']
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ matrix.go }}
|
|
cache: true
|
|
|
|
- name: go vet
|
|
run: go vet ./...
|
|
|
|
# golangci-lint-action v7 is required for golangci-lint v2.x.
|
|
# Pinning to v2.12.x because our .golangci.yml targets Go 1.25 and
|
|
# earlier v2.x releases were built against go1.24, which the lint
|
|
# config rejects with "Go language version used to build golangci-lint
|
|
# is lower than the targeted Go version".
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@v7
|
|
with:
|
|
version: v2.12.2
|
|
|
|
# govulncheck is informational — failures don't block the build because
|
|
# stdlib CVEs surface routinely until the runner image catches up to
|
|
# the latest go-patch release. The signal we care about is dependency
|
|
# vulns, which we react to via go.mod bumps.
|
|
- name: govulncheck
|
|
continue-on-error: true
|
|
run: |
|
|
go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
govulncheck ./...
|
|
|
|
# Firestore emulator step removed: storage_test.go skips gracefully
|
|
# when FIRESTORE_EMULATOR_HOST is unset, and the emulator install
|
|
# adds 30-60s of CI time for tests not yet on the merge-gating path.
|
|
# Re-add when storage-layer changes need emulator coverage in CI.
|
|
- name: go test
|
|
env:
|
|
# Quiet test logs so real failures stand out.
|
|
LOG_LEVEL: error
|
|
run: go test -race -count=1 -coverprofile=cov.out ./...
|
|
|
|
- name: coverage summary
|
|
run: go tool cover -func=cov.out | tail -1
|
|
|
|
- name: go build
|
|
run: go build ./...
|
|
|
|
- name: docker build
|
|
run: docker build -t miti99bot .
|
|
|
|
iac:
|
|
name: SAM template validate
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: aws-actions/setup-sam@v2
|
|
with:
|
|
use-installer: true
|
|
- name: sam validate (offline)
|
|
run: sam validate --lint --region ap-southeast-1
|