mirror of
https://github.com/tiennm99/miti99bot.git
synced 2026-06-09 18:14:46 +00:00
tiennm99
84f660d9d9
Phase 6 of the 2026-05-09 review remediation plan. Bundle of small
hygiene fixes — none individually urgent but better folded together
than scattered across follow-ups.
- .golangci.yml: enable errcheck/govet/gosec/staticcheck/unused/
ineffassign/gocyclo/misspell/revive. Tuned to the codebase style
(no universal exported-doc requirement, gocyclo cap at 20 to
accommodate handler dispatch). 0 issues across the tree.
- ci.yml: add golangci-lint job + govulncheck (informational).
- Defensive guards:
- registry.go: Module.Name mismatch now errors at Build instead of
silently overwriting (TestBuild_RejectsFactoryNameMismatch).
- cmd/server/main.go: PORT env validated numerically + 0..65535.
- firestore_provider.go: For() re-validates module name; invalid
names return an invalidStore whose every op errors with
ErrInvalidModuleName.
- Dead code removal:
- wordle: gameTTLSeconds const + pickDaily/hashDJB2/todayUTC
helpers + their tests deleted (pickDaily was unused;
daily.go renamed pick_random.go).
- Dependency: golang.org/x/net v0.52.0 -> v0.54.0 (resolves
GO-2026-4918 HTTP/2 infinite-loop CVE).
- Deferred from the original phase plan: Docker digest pinning
(Dependabot handles), per-handler file splits (largest file 279 LOC;
splits would churn for marginal gain).
go test -race -count=1 ./... clean (15 packages); golangci-lint run
clean (0 issues).
82 lines
2.3 KiB
YAML
82 lines
2.3 KiB
YAML
name: ci
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
go:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
go: ['1.25']
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ matrix.go }}
|
|
cache: true
|
|
|
|
- name: go vet
|
|
run: go vet ./...
|
|
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@v6
|
|
with:
|
|
version: v2.2.2
|
|
|
|
# govulncheck is informational — failures don't block the build because
|
|
# stdlib CVEs surface routinely until the runner image catches up to
|
|
# the latest go-patch release. The signal we care about is dependency
|
|
# vulns, which we react to via go.mod bumps.
|
|
- name: govulncheck
|
|
continue-on-error: true
|
|
run: |
|
|
go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
govulncheck ./...
|
|
|
|
# Start the Firestore emulator before tests so the storage package's
|
|
# FIRESTORE_EMULATOR_HOST-gated tests run instead of t.Skip-ing.
|
|
# gcloud is pre-installed on ubuntu-latest runners; the emulator is
|
|
# an optional component fetched on first start.
|
|
- name: start firestore emulator
|
|
run: |
|
|
gcloud --quiet components install beta cloud-firestore-emulator || true
|
|
nohup gcloud beta emulators firestore start \
|
|
--host-port=localhost:8090 \
|
|
--quiet > /tmp/firestore.log 2>&1 &
|
|
# Wait up to 60s for the emulator to bind.
|
|
for i in $(seq 1 60); do
|
|
if nc -z localhost 8090; then
|
|
echo "firestore emulator ready"
|
|
exit 0
|
|
fi
|
|
sleep 1
|
|
done
|
|
echo "firestore emulator failed to start"
|
|
cat /tmp/firestore.log
|
|
exit 1
|
|
|
|
- name: go test
|
|
env:
|
|
FIRESTORE_EMULATOR_HOST: localhost:8090
|
|
GOOGLE_CLOUD_PROJECT: ci-test-project
|
|
# Keep test logs out of stdout to avoid drowning real failures.
|
|
LOG_LEVEL: error
|
|
run: go test -race -count=1 -coverprofile=cov.out ./...
|
|
|
|
- name: coverage summary
|
|
run: go tool cover -func=cov.out | tail -1
|
|
|
|
- name: go build
|
|
run: go build ./...
|
|
|
|
- name: docker build
|
|
run: docker build -t miti99bot-go .
|