Add webhook logging, pagination, middleware, migrations, and prod hardening

- Webhook event logging repo and subscription webhook idempotency - Pagination helper (echohelpers) with cursor/offset support - Request ID and structured logging middleware - Push client improvements (FCM HTTP v1, better error handling) - Task model version column, business constraint migrations, targeted indexes - Expanded categorization chain tests - Email service and config hardening - CI workflow updates, .gitignore additions, .env.example updates Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 21:32:09 -06:00
parent 806bd07f80
commit e26116e2cf
50 changed files with 1681 additions and 97 deletions
--- a/.github/workflows/backend-ci.yml
+++ b/.github/workflows/backend-ci.yml
@@ -2,9 +2,9 @@ name: Backend CI

 on:
  push:
-    branches: [main, develop]
+    branches: [main, master, develop]
  pull_request:
-    branches: [main, develop]
+    branches: [main, master, develop]

 jobs:
  test:
@@ -26,13 +26,29 @@ jobs:
      - name: Run tests
        run: go test -race -count=1 ./...

+  contract-tests:
+    name: Contract Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+
+      - name: Download dependencies
+        run: go mod download
+
      - name: Run contract validation
        run: go test -v -run "TestRouteSpecContract|TestKMPSpecContract" ./internal/integration/

  build:
    name: Build
    runs-on: ubuntu-latest
-    needs: test
+    needs: [test, contract-tests]

    steps:
      - uses: actions/checkout@v4
@@ -73,3 +89,23 @@ jobs:
            echo "$unformatted"
            exit 1
          fi
+
+      - name: Install govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: Run govulncheck
+        run: govulncheck ./...
+
+  secrets:
+    name: Secret Scanning
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}