feat: add comprehensive testing infrastructure and security hardening

- Enhanced CI/CD pipeline with coverage reporting, benchmarks, and artifact uploads - Implemented rate limiter IP validation with proxy support and spoofing protection - Added extensive Makefile test targets for coverage, benchmarks, and continuous testing - Expanded middleware chain with request validation, size limits, and suspicious activity logging
2025-11-11 21:43:12 +00:00
parent 1f5aeb1c4c
commit 92dffe8c60
41 changed files with 8077 additions and 523 deletions
@@ -27,15 +27,64 @@ jobs:
      - name: Install dependencies
        run: go mod download

+      - name: Verify dependencies
+        run: go mod verify
+
      - name: Run linter
        uses: golangci/golangci-lint-action@v7
        with:
          version: v2.6.0

-      - name: Run tests
+      - name: Run tests with coverage
        run: |
-          go test -v -race -coverprofile=coverage.txt ./...
+          go test -v -race -coverprofile=coverage.txt -covermode=atomic ./...

-      - name: Build
+      - name: Generate coverage report
        run: |
-          go build -v .
+          go tool cover -func=coverage.txt | tee coverage-report.txt
+
+      - name: Check coverage threshold
+        run: |
+          coverage=$(go tool cover -func=coverage.txt | grep total | awk '{print $3}' | sed 's/%//')
+          echo "Total coverage: ${coverage}%"
+          echo "COVERAGE=${coverage}" >> $GITHUB_ENV
+          if (( $(echo "$coverage < 70" | bc -l) )); then
+            echo "⚠️  Coverage ${coverage}% is below target of 70%"
+            echo "This is a warning, not a failure (building towards 70% coverage)"
+          else
+            echo "✅ Coverage ${coverage}% meets or exceeds target"
+          fi
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          files: ./coverage.txt
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: false
+
+      - name: Run benchmarks
+        run: |
+          go test -bench=. -benchmem ./... | tee benchmark.txt
+
+      - name: Build binary
+        run: |
+          go build -v -o cv-server .
+
+      - name: Upload test artifacts
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-results-go-${{ matrix.go-version }}
+          path: |
+            coverage.txt
+            coverage-report.txt
+            benchmark.txt
+          retention-days: 30
+
+      - name: Upload binary artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: cv-server-binary
+          path: cv-server
+          retention-days: 7