Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
e9b3dd7
Fix: Add refs/heads/ prefix to BranchPath in workflow processor
cbullinger Jan 13, 2026
5a7d6bc
Fix org-specific GitHub API access for multi-org installations
cbullinger Jan 14, 2026
4eb6e06
Improve error messages for GitHub App authentication failures
cbullinger Feb 2, 2026
79ce376
Phase 1 updates
cbullinger Feb 14, 2026
44a1669
Phase 3 updates
cbullinger Feb 14, 2026
84c0dfe
phase 4 updates
cbullinger Feb 14, 2026
5f3dc58
update error handling
cbullinger Feb 14, 2026
1735e56
remove dot imports
cbullinger Feb 14, 2026
5a17cd0
upgrade gogithub and driver major versions
cbullinger Feb 14, 2026
aecc56a
update logging
cbullinger Feb 14, 2026
f280fda
webhook idempotency
cbullinger Feb 14, 2026
207efc6
add rate limiting
cbullinger Feb 14, 2026
7a16d66
improved health checks
cbullinger Feb 14, 2026
b96d351
break up large functions
cbullinger Feb 14, 2026
364368f
add integration tests
cbullinger Feb 14, 2026
66c08bf
update docs
cbullinger Feb 14, 2026
2bd5bad
update scripts
cbullinger Feb 14, 2026
830ee1b
update cmds
cbullinger Feb 14, 2026
5f8c097
update gitignore
cbullinger Feb 14, 2026
8e089a9
update agent file
cbullinger Feb 14, 2026
be798be
revert binary name
cbullinger Feb 14, 2026
b7866eb
fix dry run setting
cbullinger Feb 14, 2026
26cbdf6
fix CI: pin golangci-lint v2 and install gosec via go for Go 1.26 compat
cbullinger Feb 14, 2026
faace30
fix CI: use golangci-lint-action v7, exclude gosec taint analysis rules
cbullinger Feb 14, 2026
fe82c91
fix: resolve all golangci-lint v2 issues, align pre-commit with CI
cbullinger Feb 14, 2026
7e813a6
fix: banner shows effective config file instead of legacy default
cbullinger Feb 15, 2026
7ce78bf
docs: clarify behavior when there are multiple workflows for a single…
cbullinger Feb 15, 2026
ab8ea0c
fix: separate write operations for mixed commit strategies on same ta…
cbullinger Feb 15, 2026
7f0e7fb
fix: log metadata overwrites in batched workflows and deduplicate cop…
cbullinger Feb 15, 2026
41c4cb2
perf: cache workflow configs with TTL and fetch file contents in para…
cbullinger Feb 15, 2026
9971dcb
fix: skip empty commits when tree is unchanged from HEAD
cbullinger Feb 15, 2026
f368677
reliability: add timeout, retry, and per-workflow error isolation
cbullinger Feb 15, 2026
16dd76a
chore: security, linting, alerting, and batching test improvements
cbullinger Feb 15, 2026
b548c1e
implement security and reliability recommendations
cbullinger Feb 15, 2026
af69ef4
implement integration tests
cbullinger Feb 15, 2026
4cd3314
implement tagging script
cbullinger Feb 15, 2026
ef0b619
fix auth error on dry-run
cbullinger Feb 15, 2026
7e777fe
Fix CI lint and security check failures
cbullinger Feb 15, 2026
24923bc
Fix remaining CI failures: lint config schema and missed gosec finding
cbullinger Feb 15, 2026
69125de
update slack notification to work with trigger-based webhook
cbullinger Feb 16, 2026
5d205fe
Update testdata and related scripts
cbullinger Feb 16, 2026
0d4f196
docs: update README with Release section
cbullinger Feb 17, 2026
f20c25d
fix: deprecation file reads from source repo + exclude patterns use r…
cbullinger Feb 17, 2026
ccb54c8
Add .cursorignore and improve AGENT.md
cbullinger Feb 17, 2026
c2383d9
fix: add warning for conflicting auto_merge settings in batched workf…
cbullinger Feb 17, 2026
814be1e
add slack notification status to the build banner
cbullinger Feb 17, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions .copier/main-test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Main Configuration File for the Dev Docs Copier App
# This is the central config file that references individual workflow configs
# Specified in app's env.yaml as MAIN_CONFIG_FILE

# ============================================================================
# GLOBAL DEFAULTS
# ============================================================================
# These defaults apply to all workflows across all workflow config files
# unless overridden at the workflow config level or individual workflow level

defaults:
commit_strategy:
type: "pull_request"
auto_merge: false
deprecation_check:
enabled: true
file: "deprecated_examples.json"

# ============================================================================
# WORKFLOW CONFIG REFERENCES
# ============================================================================
# App will auto-discover installation ID for source repo, then fetch the workflow config

workflow_configs:

# --------------------------------------------------------------------------
# SAMPLE APPS
# --------------------------------------------------------------------------
- source: "repo"
repo: "mongodb/docs-sample-apps"
branch: "main" # optional, defaults to main
path: ".copier/config.yaml"
enabled: true

# --------------------------------------------------------------------------
# MONOREPO
# --------------------------------------------------------------------------
- source: "repo"
repo: "10gen/docs-mongodb-internal"
branch: "main"
path: ".copier/config.yaml"
enabled: true

# --------------------------------------------------------------------------
# DOCS CODE EXAMPLES (DISABLED)
# --------------------------------------------------------------------------
- source: "repo"
repo: "mongodb/docs-code-examples"
branch: "main"
path: ".copier/config.yaml"
enabled: false

# --------------------------------------------------------------------------
# ** TESTING **
# --------------------------------------------------------------------------
- source: "repo"
repo: "cbullinger/aggregation-tasks"
branch: "main"
path: "copier-config.yaml"
enabled: true

- source: "repo"
repo: "cbullinger/copier-app-source-test"
branch: "main"
path: ".copier/test-main.yaml"
enabled: true
50 changes: 50 additions & 0 deletions .cursorignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Git
.git/

# Binaries
github-copier
code-copier
copier
config-validator
test-webhook
test-pem
*.exe
*.dll
*.so
*.dylib
*.test

# Dependencies
vendor/
go.sum

# Build/Coverage output
*.out

# Environment files (secrets)
.env
.env.*
!.env.test

# Private keys
*.pem
*.key

# IDE
.idea/
.vscode/
*.swp
*.swo
*~

# OS files
.DS_Store
Thumbs.db

# Logs and temp
*.log
tmp/
temp/

# Large test fixtures (JSON payloads)
testdata/*.json
66 changes: 45 additions & 21 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ name: CI
on:
push:
branches: [main]
tags: ['v*']
pull_request:
branches: [main]

Expand All @@ -14,15 +15,13 @@ jobs:

- uses: actions/setup-go@v5
with:
go-version: '1.24'
go-version: '1.26'

- name: Download dependencies
run: go mod download

- name: Run tests
# Note: -race disabled due to pre-existing race conditions in tests that spawn
# background goroutines. These should be fixed by adding proper synchronization.
run: go test -v ./...
run: go test -race -v ./...

lint:
runs-on: ubuntu-latest
Expand All @@ -31,12 +30,12 @@ jobs:

- uses: actions/setup-go@v5
with:
go-version: '1.24'
go-version: '1.26'

- name: golangci-lint
uses: golangci/golangci-lint-action@v6
uses: golangci/golangci-lint-action@v7
with:
version: latest
version: v2.9.0

security:
runs-on: ubuntu-latest
Expand All @@ -45,16 +44,15 @@ jobs:

- uses: actions/setup-go@v5
with:
go-version: '1.24'
go-version: '1.26'

- name: Install gosec
run: go install github.com/securego/gosec/v2/cmd/gosec@latest

- name: Run gosec
uses: securego/gosec@master
with:
# Exclude G101 (hardcoded credentials - false positive on env var names)
# Exclude G115 (integer overflow - false positive for PR numbers)
# Exclude G304 (file inclusion - intentional for CLI tools)
# Exclude G306 (file permissions - config files don't need 0600)
args: -exclude=G101,G115,G304,G306 ./...
# All false positives are suppressed with inline #nosec comments.
# No global exclusions — every suppression is documented at the call site.
run: gosec ./...

build:
runs-on: ubuntu-latest
Expand All @@ -64,16 +62,34 @@ jobs:

- uses: actions/setup-go@v5
with:
go-version: '1.24'
go-version: '1.26'

- name: Build
run: go build -v ./...

scan:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v4

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
severity: 'CRITICAL,HIGH'
exit-code: '1'

deploy:
runs-on: ubuntu-latest
needs: [build, security]
# Only deploy on push to main (not on PRs)
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: [build, security, scan]
# Only deploy on version tag pushes (e.g. v1.0.0)
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')

environment:
name: production
url: ${{ steps.show-url.outputs.url }}

permissions:
contents: read
Expand All @@ -87,6 +103,10 @@ jobs:
steps:
- uses: actions/checkout@v4

- name: Extract version from tag
id: version
run: echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT

- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
Expand All @@ -104,6 +124,9 @@ jobs:
--project $PROJECT_ID \
--allow-unauthenticated \
--env-vars-file=env-cloudrun.yaml \
--set-env-vars="GITHUB_APP_ID=${{ secrets.GITHUB_APP_ID }},INSTALLATION_ID=${{ secrets.INSTALLATION_ID }}" \
--build-arg="VERSION=${{ steps.version.outputs.tag }}" \
--tag="${{ steps.version.outputs.tag }}" \
--max-instances=10 \
--cpu=1 \
--memory=512Mi \
Expand All @@ -113,10 +136,11 @@ jobs:
--platform=managed

- name: Show deployment URL
id: show-url
run: |
URL=$(gcloud run services describe $SERVICE_NAME \
--region $REGION \
--project $PROJECT_ID \
--format='value(status.url)')
echo "🚀 Deployed to: $URL"

echo "url=$URL" >> $GITHUB_OUTPUT
echo "Deployed ${{ steps.version.outputs.tag }} to: $URL"
4 changes: 3 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
github-copier
code-copier
copier
config-validator
test-webhook
test-pem
*.exe
*.exe~
*.dll
Expand Down Expand Up @@ -60,4 +63,3 @@ Thumbs.db
# Temporary files
tmp/
temp/
RECOMMENDATIONS.md
5 changes: 5 additions & 0 deletions .gitleaksignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Example placeholder string in .env.local.example (not a real key)
configs/.env.local.example:private-key:77

# Purpose-generated test-only PEM key in .env.test (never associated with a real GitHub App)
.env.test:private-key:30
56 changes: 56 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# golangci-lint v2 configuration
# Matches CI (golangci-lint v2.9.0) and local pre-commit.
# Docs: https://golangci-lint.run/usage/configuration/
version: "2"

linters:
default: none
enable:
# Bug detection (default set)
- errcheck # unchecked errors
- govet # suspicious constructs
- ineffassign # unused assignments
- staticcheck # advanced static analysis (includes gosimple)
- unused # unused code

# Style & quality
- misspell # common typos in comments/strings
- revive # extensible linter (replaces golint)

settings:
errcheck:
# Ignore intentionally discarded errors in defer cleanup.
# All such cases use the _ = expr pattern for explicitness.
exclude-functions:
- (io.Closer).Close

revive:
rules:
- name: exported
disabled: true # too noisy for internal-only code

staticcheck:
checks:
- "all"
- "-SA1029" # context.WithValue key type — acceptable for request-scoped data
- "-ST1000" # package comments — not enforced for this project
- "-ST1003" # naming conventions — existing codebase uses mixed styles

# In golangci-lint v2, exclusion rules live under linters.exclusions (not issues).
exclusions:
rules:
# Test files: allow dot-imports and unused parameters.
- path: _test\.go
linters:
- revive
text: "dot-imports|unused-parameter"

formatters:
enable:
- gofmt
- goimports

issues:
# Don't limit the number of reported issues per linter.
max-issues-per-linter: 0
max-same-issues: 0
11 changes: 8 additions & 3 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,16 @@ repos:
hooks:
- id: gitleaks

# Go linting
- repo: https://github.com/golangci/golangci-lint
rev: v1.62.2
# Go linting - requires golangci-lint v2 installed locally:
# go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.9.0
- repo: local
hooks:
- id: golangci-lint
name: golangci-lint
entry: golangci-lint run --fix
language: system
pass_filenames: false
types: [go]

# Local Go hooks
- repo: local
Expand Down
Loading