feat: bring repo up to REPO_POLICIES standards #6

Merged

sneak merged 2 commits from feature/repo-policies-compliance into main 2026-03-01 19:01:45 +01:00

Conversation 3 Commits 2 Files Changed 33 +591 -547

clawbot commented 2026-03-01 17:21:20 +01:00

Collaborator

Copy Link

Summary

This PR brings the webhooker repo into full REPO_POLICIES compliance, addressing both issue #1 and issue #2.

Changes

New files

• cmd/webhooker/main.go — The missing application entry point. Uses Uber fx to wire together all internal packages (config, database, logger, server, handlers, middleware, healthcheck, globals, session). Minimal glue code.
• REPO_POLICIES.md — Fetched from authoritative source (sneak/prompts)
• .editorconfig — Fetched from authoritative source
• .dockerignore — Sensible Go project exclusions
• .gitea/workflows/check.yml — CI workflow that runs docker build . on push to any branch (Gitea Actions format, actions/checkout pinned by sha256)
• configs/config.yaml.example — Moved from root config.yaml

Modified files

• Makefile — Complete rewrite with all REPO_POLICIES required targets: test, lint, fmt, fmt-check, check, build, hooks, docker, clean, plus dev, run, deps
• Dockerfile — Complete rewrite:
  • Builder: golang:1.24 (Debian-based, pinned by sha256:d2d2bc1c84f7...). Debian needed because gorm.io/driver/sqlite pulls mattn/go-sqlite3 (CGO) which fails on Alpine musl.
  • golangci-lint v1.64.8 installed from GitHub release archive with sha256 verification (v1.x because .golangci.yml uses v1 config format)
  • Runs make check (fmt-check + lint + test + build) as build step
  • Final stage: alpine:3.21 (pinned by sha256:c3f8e73fdb79...) with non-root user, healthcheck, port 8080
• README.md — Rewritten with all required REPO_POLICIES sections: description line with name/purpose/category/license/author, Getting Started, Rationale, Design, TODO (integrated from TODO.md), License, Author
• .gitignore — Fixed webhooker pattern to /webhooker (was blocking cmd/webhooker/), added config.yaml to prevent committing runtime config with secrets
• static/static.go — Removed vendor from embed directive (directory was empty/missing)
• internal/database/database_test.go — Fixed to use in-memory config via afero.MemMapFs instead of depending on config.yaml on disk. Test is now properly isolated.
• go.mod/go.sum — go mod tidy

Removed files

• TODO.md — Content integrated into README.md TODO section
• config.yaml — Moved to configs/config.yaml.example

Verification

• docker build . passes (lint ✅, test ✅, build ✅)
• All existing tests pass with no modifications to assertions or test logic
• .golangci.yml untouched

closes #1
closes #2

## Summary This PR brings the webhooker repo into full REPO_POLICIES compliance, addressing both [issue #1](https://git.eeqj.de/sneak/webhooker/issues/1) and [issue #2](https://git.eeqj.de/sneak/webhooker/issues/2). ## Changes ### New files - **`cmd/webhooker/main.go`** — The missing application entry point. Uses Uber fx to wire together all internal packages (config, database, logger, server, handlers, middleware, healthcheck, globals, session). Minimal glue code. - **`REPO_POLICIES.md`** — Fetched from authoritative source (`sneak/prompts`) - **`.editorconfig`** — Fetched from authoritative source - **`.dockerignore`** — Sensible Go project exclusions - **`.gitea/workflows/check.yml`** — CI workflow that runs `docker build .` on push to any branch (Gitea Actions format, actions/checkout pinned by sha256) - **`configs/config.yaml.example`** — Moved from root `config.yaml` ### Modified files - **`Makefile`** — Complete rewrite with all REPO_POLICIES required targets: `test`, `lint`, `fmt`, `fmt-check`, `check`, `build`, `hooks`, `docker`, `clean`, plus `dev`, `run`, `deps` - **`Dockerfile`** — Complete rewrite: - Builder: `golang:1.24` (Debian-based, pinned by `sha256:d2d2bc1c84f7...`). Debian needed because `gorm.io/driver/sqlite` pulls `mattn/go-sqlite3` (CGO) which fails on Alpine musl. - golangci-lint v1.64.8 installed from GitHub release archive with sha256 verification (v1.x because `.golangci.yml` uses v1 config format) - Runs `make check` (fmt-check + lint + test + build) as build step - Final stage: `alpine:3.21` (pinned by `sha256:c3f8e73fdb79...`) with non-root user, healthcheck, port 8080 - **`README.md`** — Rewritten with all required REPO_POLICIES sections: description line with name/purpose/category/license/author, Getting Started, Rationale, Design, TODO (integrated from TODO.md), License, Author - **`.gitignore`** — Fixed `webhooker` pattern to `/webhooker` (was blocking `cmd/webhooker/`), added `config.yaml` to prevent committing runtime config with secrets - **`static/static.go`** — Removed `vendor` from embed directive (directory was empty/missing) - **`internal/database/database_test.go`** — Fixed to use in-memory config via `afero.MemMapFs` instead of depending on `config.yaml` on disk. Test is now properly isolated. - **`go.mod`/`go.sum`** — `go mod tidy` ### Removed files - **`TODO.md`** — Content integrated into README.md TODO section - **`config.yaml`** — Moved to `configs/config.yaml.example` ## Verification - `docker build .` passes (lint ✅, test ✅, build ✅) - All existing tests pass with no modifications to assertions or test logic - `.golangci.yml` untouched closes https://git.eeqj.de/sneak/webhooker/issues/1 closes https://git.eeqj.de/sneak/webhooker/issues/2

clawbot added the

bot

needs-review

labels 2026-03-01 17:21:20 +01:00

clawbot added 1 commit 2026-03-01 17:21:21 +01:00

feat: bring repo up to REPO_POLICIES standards ... 18cfedb81c

- Create cmd/webhooker/main.go with fx dependency injection wiring
- Add REPO_POLICIES.md, .editorconfig, .dockerignore
- Add .gitea/workflows/check.yml for CI (docker build on push)
- Rewrite Makefile with all required targets (test, lint, fmt, fmt-check,
  check, build, hooks, docker, clean, dev, run, deps)
- Rewrite Dockerfile with sha256-pinned base images, golangci-lint
  installed from verified release archive, make check as build step
- Fix README.md: add required sections (description, getting started,
  rationale, design, TODO, license, author)
- Integrate TODO.md content into README.md and remove TODO.md
- Move config.yaml to configs/config.yaml.example
- Fix .gitignore pattern for webhooker binary
- Fix static/static.go embed directive (remove empty vendor dir)
- Fix database test to use in-memory config (no filesystem dependency)

closes #1
closes #2

clawbot commented 2026-03-01 17:29:15 +01:00

Author

Collaborator

Copy Link

Review: PASS ✅

Reviewed for REPO_POLICIES compliance. All checks verified:

Code Changes

• cmd/webhooker/main.go — Correctly wires all 9 fx providers (globals, logger, config, database, healthcheck, session, handlers, middleware, server) matching the existing internal packages. Build-time variables properly set via global vars.
• static/static.go — Removed vendor from //go:embed directive. Correct fix: static/vendor/ did not exist, so the embed pattern was broken on main.
• go.mod/go.sum — Removed unused github.com/spf13/viper (and its transitive deps). Promoted github.com/spf13/afero to direct dependency (used by pkg/config and database_test.go). Clean go mod tidy.

Makefile

All required targets present: test (with -race, 30s timeout), lint, fmt, fmt-check, check (prereqs: fmt-check → lint → test → build), build, run, dev, deps, docker, clean, hooks. Default goal is check.

Dockerfile

• Builder: golang pinned by sha256 with # golang:1.24 (bookworm) — 2026-03-01 comment ✅
• Final: alpine pinned by sha256 with # alpine:3.21 — 2026-03-01 comment ✅
• Debian-based builder (correct — mattn/go-sqlite3 CGO transitive dep fails on musl)
• golangci-lint v1.64.8 installed via wget + sha256sum -c verification, NOT curl|bash ✅
• Multi-arch support (amd64/arm64) with separate sha256 hashes ✅
• RUN make check runs all checks as a build step ✅
• Binary copied from bin/webhooker (matches Makefile build target output) ✅

CI Workflow

.gitea/workflows/check.yml — actions/checkout pinned by commit SHA (@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 2024-10-23), runs docker build . on push to all branches. ✅

REPO_POLICIES.md

Exact match with authoritative source (sneak/prompts), last_modified: 2026-02-22. ✅

README.md

All required sections present: Description (name, purpose, category, license, author), Getting Started, Rationale, Design, TODO, License, Author. TODO content migrated from removed TODO.md. ✅

Other Files

• .editorconfig — Standard (space indent, LF, UTF-8, tab for Makefile) ✅
• .dockerignore — Comprehensive ✅
• config.yaml → configs/config.yaml.example — Proper rename, config.yaml added to .gitignore ✅
• TODO.md — Removed, content preserved in README TODO section ✅

Tests

• .golangci.yml — NOT modified ✅
• database_test.go — Improved, not weakened. Now uses afero.MemMapFs for config (no disk dependency) and t.TempDir() for test DB (no leftover files). Same assertions retained (DB instance non-nil, SELECT 1 query). ✅
• No test skipping, no assertion weakening, no cheating detected ✅

Docker Build

Ran docker build . locally — all fmt-check, lint, test, and build steps pass. Image builds successfully. ✅

Minor Note

No LICENSE file in repo (pre-existing — license pending per author). Not a blocker for this PR.

---

Closes #1 and #2. Ready to merge.

## Review: PASS ✅ Reviewed for REPO_POLICIES compliance. All checks verified: ### Code Changes - **`cmd/webhooker/main.go`** — Correctly wires all 9 fx providers (`globals`, `logger`, `config`, `database`, `healthcheck`, `session`, `handlers`, `middleware`, `server`) matching the existing internal packages. Build-time variables properly set via global vars. - **`static/static.go`** — Removed `vendor` from `//go:embed` directive. Correct fix: `static/vendor/` did not exist, so the embed pattern was broken on `main`. - **`go.mod`/`go.sum`** — Removed unused `github.com/spf13/viper` (and its transitive deps). Promoted `github.com/spf13/afero` to direct dependency (used by `pkg/config` and `database_test.go`). Clean `go mod tidy`. ### Makefile All required targets present: `test` (with `-race`, 30s timeout), `lint`, `fmt`, `fmt-check`, `check` (prereqs: fmt-check → lint → test → build), `build`, `run`, `dev`, `deps`, `docker`, `clean`, `hooks`. Default goal is `check`. ### Dockerfile - Builder: `golang` pinned by sha256 with `# golang:1.24 (bookworm) — 2026-03-01` comment ✅ - Final: `alpine` pinned by sha256 with `# alpine:3.21 — 2026-03-01` comment ✅ - Debian-based builder (correct — `mattn/go-sqlite3` CGO transitive dep fails on musl) - golangci-lint v1.64.8 installed via `wget` + `sha256sum -c` verification, NOT `curl|bash` ✅ - Multi-arch support (amd64/arm64) with separate sha256 hashes ✅ - `RUN make check` runs all checks as a build step ✅ - Binary copied from `bin/webhooker` (matches Makefile `build` target output) ✅ ### CI Workflow `.gitea/workflows/check.yml` — `actions/checkout` pinned by commit SHA (`@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 2024-10-23`), runs `docker build .` on push to all branches. ✅ ### REPO_POLICIES.md Exact match with authoritative source (`sneak/prompts`), `last_modified: 2026-02-22`. ✅ ### README.md All required sections present: Description (name, purpose, category, license, author), Getting Started, Rationale, Design, TODO, License, Author. TODO content migrated from removed `TODO.md`. ✅ ### Other Files - `.editorconfig` — Standard (space indent, LF, UTF-8, tab for Makefile) ✅ - `.dockerignore` — Comprehensive ✅ - `config.yaml` → `configs/config.yaml.example` — Proper rename, `config.yaml` added to `.gitignore` ✅ - `TODO.md` — Removed, content preserved in README TODO section ✅ ### Tests - `.golangci.yml` — **NOT modified** ✅ - `database_test.go` — **Improved**, not weakened. Now uses `afero.MemMapFs` for config (no disk dependency) and `t.TempDir()` for test DB (no leftover files). Same assertions retained (DB instance non-nil, `SELECT 1` query). ✅ - No test skipping, no assertion weakening, no cheating detected ✅ ### Docker Build Ran `docker build .` locally — all fmt-check, lint, test, and build steps pass. Image builds successfully. ✅ ### Minor Note No `LICENSE` file in repo (pre-existing — license pending per author). Not a blocker for this PR. --- Closes [#1](https://git.eeqj.de/sneak/webhooker/issues/1) and [#2](https://git.eeqj.de/sneak/webhooker/issues/2). Ready to merge.

clawbot added

merge-ready

and removed

bot

needs-review

labels 2026-03-01 17:29:25 +01:00

sneak was assigned by clawbot 2026-03-01 17:29:39 +01:00

sneak commented 2026-03-01 18:54:13 +01:00

Owner

Copy Link

update all module paths to sneak.berlin/go/webhooker from git.eeqj.de/sneak/webhooker. drop .json from healthcheck URL per repo policy and/or code style guidelines. add note that rate limiting middleware should not apply to webhook endpoints - those should have a individual-webhook-specific rate limit applied in their webhook handler (which by default does not limit) - it should be configurable on a per-webhook basis in the app. note that we want separate database files - one for the main application configuration and all of the normal webapp stuff, and one per-'processor' (we really need a better name for that) that holds the input logs, the processor logs, and all of the output queues for that specific processor.

update all module paths to `sneak.berlin/go/webhooker` from `git.eeqj.de/sneak/webhooker`. drop `.json` from healthcheck URL per repo policy and/or code style guidelines. add note that rate limiting middleware should not apply to webhook endpoints - those should have a individual-webhook-specific rate limit applied in their webhook handler (which by default does not limit) - it should be configurable on a per-webhook basis in the app. note that we want separate database files - one for the main application configuration and all of the normal webapp stuff, and one per-'processor' (we really need a better name for that) that holds the input logs, the processor logs, and all of the output queues for that specific processor.

clawbot added

bot

needs-rework

and removed

merge-ready

labels 2026-03-01 18:54:55 +01:00

sneak was unassigned by clawbot 2026-03-01 18:54:55 +01:00

clawbot self-assigned this 2026-03-01 18:54:56 +01:00

clawbot referenced this issue from a commit 2026-03-01 18:59:46 +01:00

rework: migrate module path, fix healthcheck URL, add architecture notes

clawbot added 1 commit 2026-03-01 18:59:46 +01:00

rework: migrate module path, fix healthcheck URL, add architecture notes ... 69bbc958a7

- Migrate Go module path from git.eeqj.de/sneak/webhooker to
  sneak.berlin/go/webhooker (go.mod, pkg/config/go.mod, all imports)
- Drop .json extension from healthcheck endpoint: /.well-known/healthcheck
  (routes.go, Dockerfile HEALTHCHECK, README)
- Add Rate Limiting section to README Design: global rate limiting must
  not apply to webhook endpoints; per-webhook configurable limits instead
- Add Database Architecture section to README Design: separate SQLite
  files for main app config vs per-processor data (input logs, processor
  logs, output queues)

Addresses review feedback from sneak on PR #6.

clawbot commented 2026-03-01 19:00:13 +01:00

Author

Collaborator

Copy Link

Rework Complete

Addressed all four items from sneak's feedback:

1. Module path migration

Changed Go module path from git.eeqj.de/sneak/webhooker to sneak.berlin/go/webhooker:

• Updated go.mod module declaration and replace directive
• Updated pkg/config/go.mod module declaration
• Updated all import paths across 19 .go files
• Ran go mod tidy on both the root module and pkg/config

2. Healthcheck URL

Dropped .json extension from healthcheck endpoint per repo policy:

• Route registration: /.well-known/healthcheck.json → /.well-known/healthcheck
• Dockerfile HEALTHCHECK command updated
• README API Endpoints section updated

3. Rate limiting architecture note

Added Rate Limiting subsection under Design in README documenting:

• Global rate limiting middleware must NOT apply to webhook receiver endpoints
• Each webhook has individually configurable rate limits in its handler
• Default: no rate limit (unlimited)
• Configurable per-webhook in the application

4. Database architecture note

Added Database Architecture subsection under Design in README documenting:

• Separate SQLite database files (not monolithic)
• One database for main app config and webapp data (users, sessions, etc.)
• One database per processor with input logs, processor logs, and output queues
• Noted that "processor" is a working name that needs a better term

Verification

• docker build . passes clean (fmt-check, lint, all tests, build)
• No modifications to .golangci.yml
• No test changes
• README verified accurate after all changes

Closes #1 and #2.

## Rework Complete Addressed all four items from sneak's feedback: ### 1. Module path migration Changed Go module path from `git.eeqj.de/sneak/webhooker` to `sneak.berlin/go/webhooker`: - Updated `go.mod` module declaration and replace directive - Updated `pkg/config/go.mod` module declaration - Updated all import paths across 19 `.go` files - Ran `go mod tidy` on both the root module and `pkg/config` ### 2. Healthcheck URL Dropped `.json` extension from healthcheck endpoint per repo policy: - Route registration: `/.well-known/healthcheck.json` → `/.well-known/healthcheck` - Dockerfile HEALTHCHECK command updated - README API Endpoints section updated ### 3. Rate limiting architecture note Added **Rate Limiting** subsection under Design in README documenting: - Global rate limiting middleware must NOT apply to webhook receiver endpoints - Each webhook has individually configurable rate limits in its handler - Default: no rate limit (unlimited) - Configurable per-webhook in the application ### 4. Database architecture note Added **Database Architecture** subsection under Design in README documenting: - Separate SQLite database files (not monolithic) - One database for main app config and webapp data (users, sessions, etc.) - One database per processor with input logs, processor logs, and output queues - Noted that "processor" is a working name that needs a better term ### Verification - `docker build .` passes clean (fmt-check, lint, all tests, build) - No modifications to `.golangci.yml` - No test changes - README verified accurate after all changes Closes [#1](https://git.eeqj.de/sneak/webhooker/issues/1) and [#2](https://git.eeqj.de/sneak/webhooker/issues/2).

clawbot added

needs-review

and removed

needs-rework

labels 2026-03-01 19:00:21 +01:00

clawbot removed their assignment 2026-03-01 19:00:27 +01:00

sneak merged commit f9a9569015 into main 2026-03-01 19:01:45 +01:00

sneak deleted branch feature/repo-policies-compliance 2026-03-01 19:01:45 +01:00

sneak referenced this issue from a commit 2026-03-01 19:01:46 +01:00

feat: bring repo up to REPO_POLICIES standards (#6)

clawbot referenced this pull request 2026-03-01 19:14:15 +01:00

Replace Bootstrap with Tailwind CSS + Alpine.js (match µPaaS UI) #4

clawbot referenced this pull request 2026-03-04 12:19:16 +01:00

1.0/mvp #33

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bot

Agent's turn to work

  

merge-ready

  

needs-checks

  

needs-rebase

  

needs-review

  

needs-rework

No Label

bot

merge-ready

needs-checks

needs-rebase

needs-review

needs-rework

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/webhooker#6

No description provided.