- Updated database models and repositories to replace uint IDs with UUIDs.
- Modified test fixtures to generate and use UUIDs for authors, translations, users, and works.
- Adjusted mock implementations to align with the new UUID structure.
- Ensured all relevant functions and methods are updated to handle UUIDs correctly.
- Added necessary imports for UUID handling in various files.
* Fix workflow triggers to use 'main' branch instead of 'master'
* Switch to semantic version tags for GitHub Actions instead of SHAs for better maintainability
* Fix golangci-lint by adding go mod tidy and specifying paths ./... for linting
* feat: Restructure workflows following Single Responsibility Principle
- Remove old monolithic workflows (ci.yml, ci-cd.yml, cd.yml)
- Add focused workflows: lint.yml, test.yml, build.yml, security.yml, docker-build.yml, deploy.yml
- Each workflow has a single, clear responsibility
- Follow 2025 best practices with semantic versioning, OIDC auth, build attestations
- Add comprehensive README.md with workflow documentation
- Configure Dependabot for automated dependency updates
Workflows now run independently and can be triggered separately for better CI/CD control.
* fix: Resolve CI/CD workflow failures and GraphQL integration test issues
- Fix Application struct mismatch in application_builder.go
- Add global config.Cfg variable and BleveIndexPath field
- Regenerate GraphQL code to fix ProcessArgField errors
- Add search.InitBleve() call in main.go
- Fix all errcheck issues (12 total) in main.go files and test files
- Fix staticcheck issues (deprecated handler.NewDefaultServer, tagged switch)
- Remove all unused code (50 unused items including mock implementations)
- Fix GraphQL 'transport not supported' error in integration tests
- Add comprehensive database cleanup for integration tests
- Update GraphQL server setup with proper error presenter
* feat: Complete backend CI/CD workflow setup
- Add comprehensive GitHub Actions workflows for Go backend
- Build workflow with binary compilation and attestation
- Test workflow with coverage reporting and race detection
- Lint workflow with golangci-lint and security scanning
- Docker build workflow with multi-architecture support
- Deploy workflow for production deployment
- Security workflow with vulnerability scanning
- All workflows follow Single Responsibility Principle
- Use semantic versioning and latest action versions
- Enable security features: OIDC auth, attestations, minimal permissions
* fix: correct Go build path to ./cmd/api
- Fix build workflow to target ./cmd/api instead of ./cmd
- The main.go file is located in cmd/api/ subdirectory
* fix: correct Dockerfile build path to ./cmd/api
- Fix Docker build to target ./cmd/api instead of root directory
- The main.go file is located in cmd/api/ subdirectory
This commit significantly increases the test coverage across the application and fixes several underlying bugs that were discovered while writing the new tests.
The key changes include:
- **New Tests:** Added extensive integration and unit tests for GraphQL resolvers, application services, and data repositories, substantially increasing the test coverage for packages like `graphql`, `user`, `translation`, and `analytics`.
- **Authorization Bug Fixes:**
- Fixed a critical bug where a user creating a `Work` was not correctly associated as its author, causing subsequent permission failures.
- Corrected the authorization logic in `authz.Service` to properly check for entity ownership by non-admin users.
- **Test Refactoring:**
- Refactored numerous test suites to use `testify/mock` instead of manual mocks, improving test clarity and maintainability.
- Isolated integration tests by creating a fresh admin user and token for each test run, eliminating test pollution.
- Centralized domain errors into `internal/domain/errors.go` and updated repositories to use them, making error handling more consistent.
- **Code Quality Improvements:**
- Replaced manual mock implementations with `testify/mock` for better consistency.
- Cleaned up redundant and outdated test files.
These changes stabilize the test suite, improve the overall quality of the codebase, and move the project closer to the goal of 80% test coverage.
This commit marks the completion of a major refactoring effort to stabilize the codebase, improve its structure, and prepare it for production.
The key changes include:
- **Domain Layer Consolidation:** The `Work` entity and its related types, along with all other domain entities and repository interfaces, have been consolidated into the main `internal/domain` package. This eliminates import cycles and provides a single, coherent source of truth for the domain model.
- **Data Access Layer Refactoring:** The repository implementations in `internal/data/sql` have been updated to align with the new domain layer. The `BaseRepositoryImpl` has been corrected to use pointer receivers, and all concrete repositories now correctly embed it, ensuring consistent and correct behavior.
- **Application Layer Stabilization:** All application services in `internal/app` have been updated to use the new domain types and repository interfaces. Dependency injection has been corrected throughout the application, ensuring that all services are initialized with the correct dependencies.
- **GraphQL Adapter Fixes:** The GraphQL resolver implementation in `internal/adapters/graphql` has been updated to correctly handle the new domain types and service methods. The auto-generated GraphQL code has been regenerated to ensure it is in sync with the schema and runtime.
- **Test Suite Overhaul:** All test suites have been fixed to correctly implement their respective interfaces and use the updated domain model. Mock repositories and test suites have been corrected to properly embed the `testify` base types, resolving numerous build and linter errors.
- **Dependency Management:** The Go modules have been tidied, and the module cache has been cleaned to ensure a consistent and correct dependency graph.
- **Code Quality and Verification:** The entire codebase now passes all builds, tests, and linter checks, ensuring a high level of quality and stability.
This comprehensive effort has resulted in a more robust, maintainable, and production-ready application.
This commit addresses all the high-priority tasks outlined in the TASKS.md file, significantly improving the application's observability, completing key features, and refactoring critical parts of the codebase.
### Observability
- **Centralized Logging:** Implemented a new structured, context-aware logging system using `zerolog`. A new logging middleware injects request-specific information (request ID, user ID, trace ID) into the logger, and all application logging has been refactored to use this new system.
- **Prometheus Metrics:** Added Prometheus metrics for database query performance by creating a GORM plugin that automatically records query latency and totals.
- **OpenTelemetry Tracing:** Fully instrumented all application services in `internal/app` and data repositories in `internal/data/sql` with OpenTelemetry tracing, providing deep visibility into application performance.
### Features
- **Analytics:** Implemented like, comment, and bookmark counting. The respective command handlers now call the analytics service to increment counters when these actions are performed.
- **Enrichment Tool:** Built a new, extensible `enrich` command-line tool to fetch data from external sources. The initial implementation enriches author data using the Open Library API.
### Refactoring & Fixes
- **Decoupled Testing:** Refactored the testing utilities in `internal/testutil` to be database-agnostic, promoting the use of mock-based unit tests and improving test speed and reliability.
- **Build Fixes:** Resolved numerous build errors, including a critical import cycle between the logging, observability, and authentication packages.
- **Search Service:** Fixed the search service integration by implementing the `GetWorkContent` method in the localization service, allowing the search indexer to correctly fetch and index work content.
This commit introduces the `MergeWork` command, a new feature to merge two `Work` entities, their associations, and their statistics. The entire operation is performed atomically within a database transaction to ensure data integrity.
Key changes include:
- A new `MergeWork` method in `internal/app/work/commands.go`.
- An `Add` method on the `WorkStats` entity for combining statistics.
- A new `GetWithAssociationsInTx` method on the `WorkRepository` to fetch entities within a transaction.
- A comprehensive integration test using an in-memory SQLite database to validate the merge logic.
This commit also consolidates all scattered TODOs and build issues from `TODO.md` and `BUILD_ISSUES.md` into a single, actionable `TASKS.md` file. The legacy documentation files have been removed to create a single source of truth for pending work.
The integration tests for admin-only mutations were failing due to an authorization issue. The root cause was that the JWT token used in the tests did not reflect the user's admin role, which was being set directly in the database.
This commit fixes the issue by:
1. Updating the `CreateAuthenticatedUser` test helper to generate a new JWT token after a user's role is changed. This ensures the token contains the correct, up-to-date role.
2. Removing all uses of `auth.ContextWithAdminUser` from the integration tests, making the JWT token the single source of truth for authorization.
This change also removes unused imports and variables that were causing build failures after the refactoring. All integration tests now pass.
This commit introduces a comprehensive set of foundational improvements to make the API more robust, secure, and observable.
The following features have been implemented:
- **Observability Stack:** A new `internal/observability` package has been added, providing structured logging with `zerolog`, Prometheus metrics, and OpenTelemetry tracing. This stack is fully integrated into the application's request pipeline.
- **Centralized Authorization:** A new `internal/app/authz` service has been created to centralize authorization logic. This service is now used by the `user`, `work`, and `comment` services to protect all Create, Update, and Delete operations.
- **Standardized Input Validation:** The previous ad-hoc validation has been replaced with a more robust, struct-tag-based system using the `go-playground/validator` library. This has been applied to all GraphQL input models.
- **Structured Error Handling:** A new set of custom error types has been introduced in the `internal/domain` package. A custom `gqlgen` error presenter has been implemented to map these domain errors to structured GraphQL error responses with specific error codes.
- **`updateUser` Endpoint:** The `updateUser` mutation has been fully implemented as a proof of concept for the new patterns, including support for partial updates and comprehensive authorization checks.
- **Test Refactoring:** The test suite has been significantly improved by decoupling mock repositories from the shared `testutil` package, resolving circular dependency issues and making the tests more maintainable.
This change introduces a service layer to encapsulate the business logic
for each domain aggregate. This will make the code more modular,
testable, and easier to maintain.
The following services have been created:
- author
- bookmark
- category
- collection
- comment
- like
- tag
- translation
- user
The main Application struct has been updated to use these new services.
The integration test suite has also been updated to use the new
Application struct and services.
This is a work in progress. The next step is to fix the compilation
errors and then refactor the resolvers to use the new services.
This commit introduces a new application layer to the codebase, which decouples the GraphQL resolvers from the data layer. The resolvers now call application services, which in turn call the repositories. This change improves the separation of concerns and makes the code more testable and maintainable.
Additionally, this commit introduces dataloaders to solve the N+1 problem in the GraphQL resolvers. The dataloaders are used to batch and cache database queries, which significantly improves the performance of the API.
The following changes were made:
- Created application services for most of the domains.
- Refactored the GraphQL resolvers to use the new application services.
- Implemented dataloaders for the `Author` aggregate.
- Updated the `app.Application` struct to hold the application services instead of the repositories.
- Fixed a large number of compilation errors in the test files that arose from these changes.
There are still some compilation errors in the `internal/adapters/graphql/integration_test.go` file. These errors are due to the test files still trying to access the repositories directly from the `app.Application` struct. The remaining work is to update these tests to use the new application services.
