{"id":31041298,"url":"https://github.com/4cecoder/pocwhisp","last_synced_at":"2025-09-14T09:55:23.731Z","repository":{"id":309797105,"uuid":"1037586204","full_name":"4cecoder/pocwhisp","owner":"4cecoder","description":null,"archived":false,"fork":false,"pushed_at":"2025-08-13T20:46:04.000Z","size":276,"stargazers_count":0,"open_issues_count":11,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-13T22:11:20.633Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/4cecoder.png","metadata":{"files":{"readme":".github/README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-13T19:58:42.000Z","updated_at":"2025-08-13T20:46:08.000Z","dependencies_parsed_at":"2025-08-13T22:11:28.691Z","dependency_job_id":"4aed4e29-5e2b-4e27-9c4e-d5e63bf31417","html_url":"https://github.com/4cecoder/pocwhisp","commit_stats":null,"previous_names":["4cecoder/pocwhisp"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/4cecoder/pocwhisp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4cecoder%2Fpocwhisp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4cecoder%2Fpocwhisp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4cecoder%2Fpocwhisp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4cecoder%2Fpocwhisp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/4cecoder","download_url":"https://codeload.github.com/4cecoder/pocwhisp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4cecoder%2Fpocwhisp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275088386,"owners_count":25403373,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-14T02:00:10.474Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-09-14T09:55:20.320Z","updated_at":"2025-09-14T09:55:23.715Z","avatar_url":"https://github.com/4cecoder.png","language":"Go","readme":"# PocWhisp GitHub Automation\n\nThis directory contains comprehensive GitHub Actions workflows and configurations for automated testing, security monitoring, and deployment of the PocWhisp project.\n\n## 🚀 Workflows Overview\n\n### 1. **CI - Continuous Integration** (`ci.yml`)\n**Triggers:** Push to main/develop, Pull Requests\n**Purpose:** Code quality, testing, and validation\n\n**Jobs:**\n- **Code Quality \u0026 Security**: Linting, security scanning, dependency checks\n- **Go Unit Tests**: API service testing with coverage\n- **Python Unit Tests**: AI service testing with coverage  \n- **Integration Tests**: Full system testing with PostgreSQL/Redis\n- **Docker Build \u0026 Test**: Multi-service container builds\n- **Docker Compose Integration**: End-to-end deployment testing\n- **Performance Tests**: Benchmark validation (main branch only)\n- **Build Summary**: Comprehensive status reporting\n\n**Features:**\n- ✅ Multi-language linting (Go, Python)\n- 🔒 Security scanning (Trivy, Gosec, Bandit)\n- 📊 Code coverage reporting (Codecov)\n- 🐳 Docker image vulnerability scanning\n- 🧪 Real database/cache integration testing\n- ⚡ Performance regression detection\n\n### 2. **CD - Continuous Deployment** (`cd.yml`)\n**Triggers:** Push to main, Version tags, Manual dispatch\n**Purpose:** Automated deployment to staging and production\n\n**Jobs:**\n- **Build \u0026 Push**: Multi-arch Docker images (AMD64, ARM64)\n- **Security Scan**: Production image vulnerability assessment\n- **Staging Deploy**: Automated staging environment deployment\n- **Production Deploy**: Blue-green production deployment (tags only)\n- **Rollback**: Automatic rollback on deployment failure\n- **Post-Deployment**: End-to-end validation and load testing\n- **Deployment Summary**: Status dashboard and notifications\n\n**Features:**\n- 🏗️ Multi-architecture container builds\n- 🔄 Blue-green production deployments\n- 🚨 Automatic rollback on failures\n- 📊 Post-deployment validation\n- 📢 Slack/email notifications\n- 🎯 Manual deployment controls\n\n### 3. **Security Monitoring** (`security.yml`)\n**Triggers:** Daily schedule, Dependency changes, Manual dispatch\n**Purpose:** Continuous security monitoring and vulnerability detection\n\n**Jobs:**\n- **Dependency Scan**: Go and Python vulnerability scanning\n- **CodeQL Analysis**: Static code security analysis\n- **Container Security**: Docker image security assessment\n- **Secrets Scanning**: GitLeaks and TruffleHog detection\n- **Infrastructure Scan**: Docker/IaC configuration security\n- **Compliance Check**: Security best practices validation\n- **Security Dashboard**: Centralized security reporting\n- **Alert Management**: Automatic issue creation and notifications\n\n**Features:**\n- 🔍 Daily automated security scans\n- 🚨 Critical vulnerability alerts\n- 📋 Automatic security issue creation\n- 🛡️ Comprehensive vulnerability reporting\n- 📊 Security score dashboard\n- 🔔 Security team notifications\n\n### 4. **Performance Monitoring** (`performance.yml`)\n**Triggers:** Weekly schedule, Code changes, Manual dispatch\n**Purpose:** Performance benchmarking and regression detection\n\n**Jobs:**\n- **Load Testing**: API and full pipeline performance\n- **Benchmark Testing**: Go and Python micro-benchmarks\n- **Memory Profiling**: Memory usage analysis\n- **GPU Performance**: GPU-accelerated performance testing\n- **Scalability Testing**: Horizontal scaling validation\n- **Regression Testing**: Performance comparison with previous versions\n- **Performance Dashboard**: Centralized performance reporting\n- **Performance Alerts**: Degradation notifications\n\n**Features:**\n- 📈 Automated performance benchmarking\n- 🧠 Memory and GPU profiling\n- 📊 Performance regression detection\n- 🔄 Scalability testing\n- 🎯 Custom performance thresholds\n- 📢 Performance degradation alerts\n\n### 5. **Release Management** (`release.yml`)\n**Triggers:** Version tags, Manual dispatch\n**Purpose:** Automated release creation and deployment\n\n**Jobs:**\n- **Release Validation**: Version format and tag validation\n- **Build Artifacts**: Multi-platform release builds\n- **Security Scan**: Release artifact security validation\n- **Release Notes**: Automated changelog generation\n- **GitHub Release**: Release creation with assets\n- **Production Deploy**: Automated production deployment\n- **Post-Release**: Documentation updates and notifications\n- **Release Summary**: Comprehensive release reporting\n\n**Features:**\n- 🏷️ Semantic version validation\n- 📝 Automated release notes generation\n- 🐳 Multi-platform Docker releases\n- 🚀 Production deployment automation\n- 📊 Release dashboard and metrics\n- 🎉 Team notifications and milestones\n\n## 🛠️ Configuration Files\n\n### **Dependabot** (`.github/dependabot.yml`)\n- **Go Dependencies**: Weekly updates for `api/` directory\n- **Python Dependencies**: Weekly updates for `ai/` directory  \n- **Docker Images**: Weekly base image updates\n- **GitHub Actions**: Weekly workflow updates\n- **Security Labels**: Automatic security classification\n- **Team Assignment**: Automated reviewer assignment\n\n### **Issue Templates**\n- **Bug Report**: Comprehensive bug reporting template\n- **Feature Request**: Detailed feature proposal template\n- **Security Issue**: Security vulnerability reporting\n- **Documentation**: Documentation improvement requests\n\n### **Pull Request Template**\n- **Change Classification**: Bug fix, feature, breaking change\n- **Testing Requirements**: Coverage and validation checklists\n- **Security Review**: Security impact assessment\n- **Performance Impact**: Performance consideration checklist\n- **Documentation Updates**: Documentation requirement tracking\n\n### **Security Configuration** (`.gitleaks.toml`)\n- **Secret Detection**: AWS keys, JWT secrets, database passwords\n- **Custom Rules**: Application-specific secret patterns\n- **Allowlists**: Safe patterns and test data exclusions\n- **File Exclusions**: Documentation and test file handling\n\n## 🚦 Workflow Triggers\n\n| Workflow | Push (main) | Push (develop) | PR | Tags | Schedule | Manual |\n|----------|-------------|----------------|----|----- |----------|--------|\n| **CI** | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ |\n| **CD** | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ |\n| **Security** | ✅ | ❌ | ❌ | ❌ | ✅ Daily | ✅ |\n| **Performance** | ✅ | ❌ | ❌ | ❌ | ✅ Weekly | ✅ |\n| **Release** | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ |\n\n## 🔧 Required Secrets\n\n### **GitHub Secrets**\n```bash\n# AWS Deployment\nAWS_ACCESS_KEY_ID          # AWS credentials for ECS deployment\nAWS_SECRET_ACCESS_KEY      # AWS secret key\n\n# Container Registry  \nGITHUB_TOKEN              # Automatic (GitHub provided)\n\n# Security Scanning\nSNYK_TOKEN                # Snyk security scanning\nSECURITY_SLACK_WEBHOOK_URL # Security alerts channel\n\n# Notifications\nSLACK_WEBHOOK_URL         # General notifications\nPERFORMANCE_SLACK_WEBHOOK_URL # Performance alerts\nEMAIL_USERNAME            # Email notifications\nEMAIL_PASSWORD            # Email credentials\nSECURITY_TEAM_EMAIL       # Security team email\n\n# Deployment\nDEPLOY_WEBHOOK_URL        # Production deployment webhook\nDEPLOY_TOKEN              # Deployment authentication\n```\n\n### **Environment Variables**\n```bash\n# Docker Registry\nREGISTRY=ghcr.io\nIMAGE_NAME=${{ github.repository }}\n\n# Application Versions\nGO_VERSION=1.21\nPYTHON_VERSION=3.11\n\n# Deployment Environments\nSTAGING_URL=https://staging.pocwhisp.com\nPRODUCTION_URL=https://api.pocwhisp.com\n```\n\n## 📊 Monitoring \u0026 Dashboards\n\n### **GitHub Actions Dashboard**\n- ✅ Workflow success/failure rates\n- ⏱️ Build time trends\n- 🔄 Deployment frequency\n- 🚨 Alert summaries\n\n### **Security Dashboard**\n- 🛡️ Vulnerability scan results\n- 🔍 Dependency health scores\n- 🚨 Security alert trends\n- 📋 Compliance status\n\n### **Performance Dashboard**\n- 📈 Performance benchmarks\n- 🧠 Memory usage trends\n- ⚡ Response time metrics\n- 🎯 Regression tracking\n\n## 🚀 Getting Started\n\n### **1. Enable Workflows**\n```bash\n# All workflows are enabled by default\n# Configure required secrets in repository settings\n```\n\n### **2. Configure Notifications**\n```bash\n# Set up Slack webhooks for team notifications\n# Configure email alerts for security team\n# Set up AWS credentials for deployment\n```\n\n### **3. Customize Thresholds**\n```bash\n# Edit workflow files to adjust:\n# - Performance regression thresholds (10% default)\n# - Security scan sensitivity\n# - Test timeout values\n# - Deployment strategies\n```\n\n### **4. Monitor Results**\n```bash\n# Check Actions tab for workflow status\n# Review Security tab for vulnerability reports\n# Monitor deployment notifications\n# Track performance trends\n```\n\n## 🎯 Best Practices\n\n### **Branch Protection**\n- ✅ Require status checks (CI workflow)\n- ✅ Require up-to-date branches\n- ✅ Include administrators\n- ✅ Require linear history\n\n### **Security**\n- 🔒 Enable vulnerability alerts\n- 🔍 Review Dependabot PRs promptly\n- 🚨 Monitor security workflow failures\n- 📋 Regular security team reviews\n\n### **Performance**\n- 📊 Monitor performance trends\n- 🎯 Set realistic regression thresholds\n- ⚡ Optimize based on benchmark results\n- 🔄 Regular performance reviews\n\n### **Deployment**\n- 🚀 Use semantic versioning for releases\n- 🧪 Validate staging deployments\n- 📋 Review deployment notifications\n- 🔄 Plan rollback procedures\n\n## 🆘 Troubleshooting\n\n### **Common Issues**\n\n**Workflow Failures:**\n- Check required secrets are configured\n- Verify branch protection rules\n- Review workflow logs for specific errors\n- Ensure service dependencies are available\n\n**Security Alerts:**\n- Review vulnerability details\n- Check if false positive (adjust allowlists)\n- Create security issues for critical findings\n- Update dependencies promptly\n\n**Performance Degradation:**\n- Compare with previous benchmarks\n- Check resource usage patterns\n- Review recent code changes\n- Validate test environment consistency\n\n**Deployment Issues:**\n- Verify deployment credentials\n- Check service health endpoints\n- Review rollback procedures\n- Monitor infrastructure status\n\n### **Support Resources**\n- 📚 GitHub Actions Documentation\n- 🛠️ Workflow troubleshooting guides\n- 🔧 Security scanning help\n- 📊 Performance optimization tips\n\n---\n\n**🎉 The GitHub automation provides comprehensive CI/CD, security monitoring, and performance tracking for production-ready deployments!**\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4cecoder%2Fpocwhisp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F4cecoder%2Fpocwhisp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4cecoder%2Fpocwhisp/lists"}