{"id":37179357,"url":"https://github.com/treeder/goapibase","last_synced_at":"2026-01-14T20:52:36.112Z","repository":{"id":44782586,"uuid":"238940919","full_name":"treeder/goapibase","owner":"treeder","description":null,"archived":false,"fork":false,"pushed_at":"2025-06-20T16:46:21.000Z","size":61,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-15T05:49:14.436Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/treeder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-07T14:16:59.000Z","updated_at":"2023-10-26T22:54:06.000Z","dependencies_parsed_at":"2024-06-21T12:51:01.969Z","dependency_job_id":"f5983a04-6055-4f49-82d7-c7d40a42a7d4","html_url":"https://github.com/treeder/goapibase","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/treeder/goapibase","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treeder%2Fgoapibase","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treeder%2Fgoapibase/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treeder%2Fgoapibase/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treeder%2Fgoapibase/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/treeder","download_url":"https://codeload.github.com/treeder/goapibase/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/treeder%2Fgoapibase/sbom","scorecard":{"id":897691,"data":{"date":"2025-08-11","repo":{"name":"github.com/treeder/goapibase","commit":"fdb6f1e1a2b12f8247c639fb696ae92d3af83328"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Warn: no topLevel permission defined: .github/workflows/version.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/treeder/goapibase/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/treeder/goapibase/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/version.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/treeder/goapibase/version.yml/master?enable=pin","Warn: containerImage not pinned by hash: example/Dockerfile:1","Warn: containerImage not pinned by hash: example/Dockerfile:13: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Warn: downloadThenRun not pinned by hash: .github/workflows/version.yml:20","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3770 / GHSA-vrw8-fxc6-2r93","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T14:21:49.234Z","repository_id":44782586,"created_at":"2025-08-24T14:21:49.234Z","updated_at":"2025-08-24T14:21:49.234Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28434500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T20:52:35.281Z","updated_at":"2026-01-14T20:52:36.103Z","avatar_url":"https://github.com/treeder.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Go API Base\n\n## Initial setup\n\n* Create a Firebase project\n* Click database and create it\n* Click gear and enable billing\n* Go to settings -\u003e Service accounts, click \"Generate new private key\". This will download a JSON file. \n* Run `base64 -w 0 account.json` to get encoded version of the file (for secrets)\n* Go to https://console.cloud.google.com/ , choose your firebase project then:\n  * search for \"Cloud Build API\" and enable it.\n  * search for \"Cloud Run API\" and enable it.\n  * In IAM \u0026 admin, choose the firebase-adminsdk service account, click the edit (pencil) and add Project Owner role. (see below for reduced scope)\n\n## Setup local environment\n\nSet local env vars. Easiest way is to create a file in `secrets/dev.env` with the following (be sure to .gitignore secrets/), then `source secrets/dev.env`. \n\n\n```sh\nexport G_PROJECT_ID=FIREBASE_ID\nexport G_SERVICE_NAME=example\nexport G_KEY=BASE64_ENCODED_STRING_FROM_ABOVE\n```\n\n\n## Code\n\nCopy [main.go](example/main.go) as a starting point.\n\n```go\ngo mod init\ngo build\n./example\n```\n\n## Deploy\n\nCopy this [Dockerfile](example/Dockerfile) as is, no changes required.\n\nSet cgloud project ID:\n\n```sh\ngcloud config set project $G_PROJECT_ID\n```\n\nCopy the [example Makefile](example/Makefile) and put into your project dir.\n\nThen run:\n\n```sh\nmake deploy\n```\n\nIf you need other environment variables, it'll fail here, but go look at the Cloud Run interface and you'll see the service. Click it, then click Deploy New Revision, then at the bottom you'll see \"Environment Variables\". Add them there. You don't need to add the google ones above. \n\nALSO, if the allow-unauthenticated didn't work (I've noticed this happen), click the service, go to permissions and [see this](https://cloud.google.com/run/docs/securing/managing-access?authuser=1\u0026_ga=2.204426711.-650445000.1578069338#making_a_service_public).\n\n## Auto Deploying\n\nGo to https://github.com/treeder/YOUR_REPO/settings/secrets and add all of the above env vars.\n\nCopy the GitHub action in this repo at [.github/workflows/main.yml](.github/worksflows/main.yml) and put\nit in the same location in your repo. Commit it and push it then check the Actions tab for progress.\n\n## User interface\n\n### Deploying Static App to Firebase\n\nREDO\n\n### For firebase auth / google sign in\n\nYou'll need to whitelist the \\*.web.app domains from firebase to use the web.app version. Go to `https://console.cloud.google.com/apis/credentials`, edit the OAuth 2.0 Client ID that says `Web client (auto created by Google Service)` and add the domains there. \n\nTODO: probably have to do the same on the production domains.\n\n\n## Reducing firebase-adminsdk scope\n\nSeems the following roles may be all that's needed:\n\n```\nCloud Build Service Account\nFirebase Admin SDK Administrator Service Agent\nService Account Token Creator\nCloud Run Admin\nStorage Object Admin\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftreeder%2Fgoapibase","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftreeder%2Fgoapibase","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftreeder%2Fgoapibase/lists"}