chore: maintenance of january 2024

* bump dependency version * use opentelemetry for enabling tracing * update codeowners file * bump github actions workflows
teknologi-umum · Jan 6, 2024 · 0d7bbc7 · 0d7bbc7
1 parent ee8a607
commit 0d7bbc7
Show file tree

Hide file tree

Showing 15 changed files with 263 additions and 819 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1 +1,2 @@
-* @aldy505 @elianiva @kokizzu
+* @teknologi-umum/backend-go
+.github/ @teknologi-umum/infrastructure
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: "11 18 * * 6"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ go ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -10,25 +10,33 @@ env:
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
-  ci:
-    name: CI
+  scan:
+    name: Secret scan
     runs-on: ubuntu-latest
-    timeout-minutes: 15
-    container: golang:1.20-bookworm
+    timeout-minutes: 10
     steps:
+      - name: Setup jq
+        uses: dcarbone/[email protected]
+
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: TruffleHog OSS
         uses: trufflesecurity/trufflehog@main
         with:
-          path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
           extra_args: --debug --only-verified
 
+  ci:
+    name: CI
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    container: golang:1.21
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
       - name: Build
         run: go build -buildvcs=false .
 
@@ -39,14 +47,6 @@ jobs:
           PORT: 3000
           TZ: UTC
 
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
-        with:
-          languages: go
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
-
       - uses: codecov/codecov-action@v3
 
   release:
@@ -62,16 +62,19 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Log in to the Container registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           flavor: |
@@ -85,55 +88,9 @@ jobs:
             org.opencontainers.image.authors=Teknologi Umum
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-
-  cd:
-    name: CD
-    needs:
-      - release
-    runs-on: ubuntu-latest
-    container: debian:bookworm
-    timeout-minutes: 120
-    steps:
-      - name: Install required packages
-        run: apt-get update && apt-get upgrade -y && apt-get install -y git tar gzip curl ssh
-
-      - name: Checkout code
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Register SSH key
-        uses: shimataro/ssh-key-action@v2
-        with:
-          key: ${{ secrets.SSH_KEY }}
-          name: id_ed25519
-          known_hosts: ${{ secrets.SSH_IP }}
-          if_key_exists: replace
-
-      - name: SSH Keyscan
-        run: ssh-keyscan -p ${{ secrets.SSH_PORT }} -H ${{ secrets.SSH_IP }} >> /root/.ssh/known_hosts
-
-      - name: Pull latest code
-        run: >
-          ssh
-          -i /root/.ssh/id_ed25519
-          -p ${{ secrets.SSH_PORT }}
-          -t ${{ secrets.SSH_USER }}@${{ secrets.SSH_IP }}
-          'ssh polarite "cd ${{ secrets.SSH_WORKDIR }}/polarite && git pull" '
-
-      - name: Create Sentry release
-        uses: getsentry/action-release@v1
-        env:
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
-        with:
-          environment: production
-          set_commits: skip
-          version: ${{ github.sha }}
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -4,25 +4,33 @@ on:
   pull_request:
 
 jobs:
-  ci:
-    name: CI
+  scan:
+    name: Secret scan
     runs-on: ubuntu-latest
-    timeout-minutes: 15
-    container: golang:1.20-bookworm
+    timeout-minutes: 10
     steps:
+      - name: Setup jq
+        uses: dcarbone/[email protected]
+
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: TruffleHog OSS
         uses: trufflesecurity/trufflehog@main
         with:
-          path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
           extra_args: --debug --only-verified
 
+  ci:
+    name: CI
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    container: golang:1.21
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
       - name: Build
         run: go build -buildvcs=false .
 

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,18 +18,21 @@ jobs:
       packages: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Log in to the Container registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           flavor: |
@@ -42,7 +45,7 @@ jobs:
             org.opencontainers.image.authors=Teknologi Umum
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: true

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.20-bookworm AS builder
+FROM golang:1.21-bookworm AS builder
 
 ENV ENVIRONMENT=production
 
@@ -8,11 +8,11 @@ COPY . .
 
 RUN go build .
 
-FROM debian:bookworm AS runtime
+FROM debian:bookworm-slim AS runtime
 
 WORKDIR /app
 
-RUN apt-get update && apt-get upgrade -y && apt-get install -y ca-certificates openssl curl
+RUN apt-get update && apt-get install -y ca-certificates openssl curl
 
 COPY --from=builder /usr/app/* .
 

diff --git a/controllers/add.go b/controllers/add.go
@@ -14,6 +14,9 @@ import (
 // If the submitted paste is a duplicate, it will quickly return
 // a generated ID based on the SHA224 hash.
 func (d *Dependency) AddPaste(c *fiber.Ctx) error {
+	ctx, span := tracer.Start(c.Context(), "Get")
+	defer span.End()
+
 	body := c.Body()
 
 	// Check duplicates
@@ -22,7 +25,7 @@ func (d *Dependency) AddPaste(c *fiber.Ctx) error {
 		return err
 	}
 
-	exists, existingId, err := d.Paste.ReadHash(c.Context(), hash)
+	exists, existingId, err := d.Paste.ReadHash(ctx, hash)
 	if err != nil {
 		return err
 	}
@@ -43,7 +46,7 @@ func (d *Dependency) AddPaste(c *fiber.Ctx) error {
 		Hash:  hash,
 	}
 
-	data, err := d.Paste.InsertPaste(c.Context(), item)
+	data, err := d.Paste.InsertPaste(ctx, item)
 	if err != nil {
 		return err
 	}

diff --git a/controllers/dependency.go b/controllers/dependency.go
@@ -1,9 +1,15 @@
 package controllers
 
-import "polarite/repository"
+import (
+	"polarite/repository"
+
+	"go.opentelemetry.io/otel"
+)
 
 // Dependency injection struct.
 // Initialize once, use it everywhere.
 type Dependency struct {
 	repository.Paste
 }
+
+var tracer = otel.Tracer("polarite")
diff --git a/controllers/get.go b/controllers/get.go
@@ -3,10 +3,11 @@ package controllers
 import (
 	"errors"
 	"net/http"
+	"strings"
+
 	h "polarite/platform/highlight"
 	"polarite/repository"
 	"polarite/resources"
-	"strings"
 
 	"github.com/gofiber/fiber/v2"
 )
@@ -27,6 +28,9 @@ type QueryString struct {
 
 // Get route to find a paste by given ID (on path parameters).
 func (d *Dependency) Get(c *fiber.Ctx) error {
+	ctx, span := tracer.Start(c.Context(), "Get")
+	defer span.End()
+
 	// Parse the URL param first
 	id := c.Params("id")
 	if id == "" {
@@ -40,7 +44,7 @@ func (d *Dependency) Get(c *fiber.Ctx) error {
 	}
 
 	// Validate if the ID exists or not
-	i, err := d.Paste.GetItemById(c.Context(), id)
+	i, err := d.Paste.GetItemById(ctx, id)
 	if err != nil && !errors.Is(err, repository.ErrNotFound) {
 		return err
 	}