use non-public port for metrics enpoint

.github/workflows/pr.yaml

@@ -27,7 +27,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v4
         with:
-          version: v1.55.2
+          version: v1.58.2
 
   test:
     name: Unit Test

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.21-alpine3.18 as builder
+FROM golang:1.22-alpine3.19 as builder
 
 ENV GO111MODULE=on
 

go.mod

@@ -1,59 +1,59 @@
 module github.com/equinor/radix-github-webhook
 
-go 1.21
+go 1.22
 
-toolchain go1.21.0
+toolchain go1.22.1
 
 require (
 	github.com/equinor/radix-common v1.9.2
-	github.com/gin-gonic/gin v1.9.1
-	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/gin-gonic/gin v1.10.0
+	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/golang/mock v1.6.0
 	github.com/google/go-github/v60 v60.0.0
-	github.com/prometheus/client_golang v1.19.0
+	github.com/prometheus/client_golang v1.19.1
 	github.com/rs/zerolog v1.32.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.9.0
-	golang.org/x/oauth2 v0.18.0
+	golang.org/x/oauth2 v0.20.0
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bytedance/sonic v1.9.1 // indirect
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.14.0 // indirect
+	github.com/go-playground/validator/v10 v10.20.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/kr/text v0.2.0 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/rs/xid v1.5.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.11 // indirect
-	golang.org/x/arch v0.3.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	golang.org/x/arch v0.8.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

handler/webhook_handler_test.go

@@ -48,7 +48,7 @@ func (s *handlerTestSuite) SetupTest() {
 func (s *handlerTestSuite) Test_MissingEventTypeHeader() {
 	sut := NewWebHookHandler(s.apiServer)
 	req, _ := http.NewRequest("POST", "/", nil)
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -65,7 +65,7 @@ func (s *handlerTestSuite) Test_UnhandledEventType() {
 	req, _ := http.NewRequest("POST", "/", bytes.NewReader(payload))
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "pull_request")
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -84,7 +84,7 @@ func (s *handlerTestSuite) Test_PingEventShowApplicationsReturnError() {
 	req, _ := http.NewRequest("POST", "/", bytes.NewReader(payload))
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "ping")
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -104,7 +104,7 @@ func (s *handlerTestSuite) Test_PingEventUnmatchedRepo() {
 	req, _ := http.NewRequest("POST", "/", bytes.NewReader(payload))
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "ping")
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -124,7 +124,7 @@ func (s *handlerTestSuite) Test_PingEventMultipleRepos() {
 	req, _ := http.NewRequest("POST", "/", bytes.NewReader(payload))
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "ping")
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -150,7 +150,7 @@ func (s *handlerTestSuite) Test_PingEventGetApplicationReturnsError() {
 	req, _ := http.NewRequest("POST", "/", bytes.NewReader(payload))
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "ping")
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -174,7 +174,7 @@ func (s *handlerTestSuite) Test_PingEventIncorrectSecret() {
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "ping")
 	req.Header.Add("X-Hub-Signature-256", s.computeSignature([]byte("incorrectsecret"), payload))
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -202,7 +202,7 @@ func (s *handlerTestSuite) Test_PingEventWithCorrectSecret() {
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "ping")
 	req.Header.Add("X-Hub-Signature-256", s.computeSignature([]byte("sharedsecret"), payload))
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusOK, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -223,7 +223,7 @@ func (s *handlerTestSuite) Test_PushEventShowApplicationsReturnsError() {
 	req, _ := http.NewRequest("POST", "/", bytes.NewReader(payload))
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "push")
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -310,7 +310,7 @@ func (s *handlerTestSuite) Test_PushEventUnmatchedRepo() {
 		req.Header.Add("Content-Type", "application/json")
 		req.Header.Add("X-GitHub-Event", "push")
 		req.Header.Add("X-Hub-Signature-256", s.computeSignature([]byte(sharedSecret), payload))
-		router.New(sut).ServeHTTP(s.w, req)
+		router.NewWebhook(sut).ServeHTTP(s.w, req)
 		s.Equal(scenario.expectedHttpCode, s.w.Code)
 		var res response
 		err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -332,7 +332,7 @@ func (s *handlerTestSuite) Test_PushEventMultipleReposWithoutAppName() {
 	req, _ := http.NewRequest("POST", "/", bytes.NewReader(payload))
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "push")
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -357,7 +357,7 @@ func (s *handlerTestSuite) Test_PushEventIncorrectSecret() {
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "push")
 	req.Header.Add("X-Hub-Signature-256", s.computeSignature([]byte("incorrectsecret"), payload))
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -383,7 +383,7 @@ func (s *handlerTestSuite) Test_PushEventGetApplicationReturnsError() {
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "push")
 	req.Header.Add("X-Hub-Signature-256", s.computeSignature([]byte("sharedsecret"), payload))
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusBadRequest, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -465,7 +465,7 @@ func (s *handlerTestSuite) Test_PushEventTriggerPipelineReturnsError() {
 		req.Header.Add("X-GitHub-Event", "push")
 		req.Header.Add("X-Hub-Signature-256", s.computeSignature([]byte("sharedsecret"), payload))
 
-		router.New(sut).ServeHTTP(s.w, req)
+		router.NewWebhook(sut).ServeHTTP(s.w, req)
 
 		var res response
 		err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -497,7 +497,7 @@ func (s *handlerTestSuite) Test_PushEventCorrectSecret() {
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "push")
 	req.Header.Add("X-Hub-Signature-256", s.computeSignature([]byte("sharedsecret"), payload))
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusOK, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -518,7 +518,7 @@ func (s *handlerTestSuite) Test_PushEventWithRefDeleted() {
 	req, _ := http.NewRequest("POST", "/", bytes.NewReader(payload))
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "push")
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusAccepted, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)
@@ -557,7 +557,7 @@ func (s *handlerTestSuite) Test_PushEventWithAnnotatedTag() {
 	req.Header.Add("Content-Type", "application/json")
 	req.Header.Add("X-GitHub-Event", "push")
 	req.Header.Add("X-Hub-Signature-256", s.computeSignature([]byte("sharedsecret"), payload))
-	router.New(sut).ServeHTTP(s.w, req)
+	router.NewWebhook(sut).ServeHTTP(s.w, req)
 	s.Equal(http.StatusOK, s.w.Code)
 	var res response
 	err := json.Unmarshal(s.w.Body.Bytes(), &res)

internal/jwt_token_source.go

@@ -1,7 +1,7 @@
 package internal
 
 import (
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/oauth2"
 )