Demo App

A simple Golang demo application with CI/CD pipeline for AWS EKS deployment.

Features

• Simple HTTP server with calculator functionality
• Health check endpoint
• Unit tests with coverage
• Docker containerization
• CI/CD pipeline with GitHub Actions
• AWS ECR image registry
• EKS deployment with manual review step

API Endpoints

• GET /health - Health check endpoint
• POST /calculator - Calculator endpoint for arithmetic operations
• GET /hello?name=<name> - Simple greeting endpoint

Calculator API

Send a POST request to /calculator with JSON body:

{
  "a": 10,
  "b": 5,
  "operator": "add"
}

Supported operators: add, subtract, multiply, divide, +, -, *, /

Local Development

Prerequisites

• Go 1.21 or later
• Docker (optional)
• Make

Running the application

# Install dependencies
make deps

# Run tests
make test

# Run the application
make run

# Or run with Go directly
go run main.go

The application will start on port 8080 (configurable via PORT environment variable).

Testing

# Run tests (generates test-results.xml)
make test

# Run tests with coverage (generates coverage.out, coverage.html, coverage.txt, coverage.json)
make test-coverage

# Run linting
make lint

Test Output Formats:

• test-results.xml - JUnit XML format for CI/CD integration
• coverage.out - Go coverage data file
• coverage.html - HTML coverage report
• coverage.txt - Text coverage report with function-level details
• coverage.json - JSON format with coverage percentage for programmatic processing

Docker

Building and running with Docker

# Build Docker image
make docker-build

# Run container locally
make docker-run

# Stop container
make docker-stop

CI/CD Pipeline

The GitHub Actions workflow includes:

1. Initialize Kosli: Sets up Kosli flow and begins audit trail
2. Test Stage: Runs unit tests, linting, and coverage analysis with Kosli attestations
3. Build and Push: Builds Docker image and pushes to AWS ECR with artifact attestation
4. Manual Review: Requires manual approval before deployment with approval attestation
5. Deploy to EKS: Deploys the application to Amazon EKS cluster

Kosli Integration

The pipeline includes comprehensive Kosli attestations for compliance and audit trails:

• Pull Request Attestation: Links code changes to the deployment trail
• Test Results: Attests unit test results and coverage metrics
• Artifact Attestation: Records Docker image build and push to ECR
• Manual Approval: Captures approval/rejection decisions with approver details
• Custom Attestation Types: Uses structured schemas for coverage and approval data

Required Secrets

Configure the following secrets in your GitHub repository:

• AWS_ACCESS_KEY_ID: AWS access key
• AWS_SECRET_ACCESS_KEY: AWS secret key
• KOSLI_API_TOKEN: Kosli API token for attestations

Required Environment Variables

• AWS_REGION: AWS region (default: eu-central-1)
• ECR_REPOSITORY: ECR repository name (default: demo-app)
• EKS_CLUSTER_NAME: EKS cluster name (default: demo-cluster)
• KOSLI_ORG: Kosli organization name (default: kosli-public)
• KOSLI_FLOW: Kosli flow name (default: demo-app)

GitHub Environments

The pipeline uses two environments:

• manual-review: Requires manual approval and attests the decision to Kosli
• production: Deploys to EKS cluster

Manual Approval Process

When a deployment requires manual approval:

1. The workflow pauses at the manual-review environment
2. An authorized user must approve or reject the deployment
3. The approval decision is automatically attested to Kosli with:
   • Approval status (approved/rejected)
   • Approver username
   • Timestamp
   • Environment context
   • Commit SHA and workflow run ID

Makefile Targets

• make help - Show available targets
• make test - Run unit tests
• make test-coverage - Run tests with coverage
• make build - Build the application
• make run - Run the application locally
• make docker-build - Build Docker image
• make docker-run - Run Docker container
• make docker-push - Push image to ECR
• make lint - Run linting tools
• make clean - Clean build artifacts

Project Structure

.
├── main.go              # Main application code
├── main_test.go         # Unit tests
├── go.mod               # Go module file
├── Dockerfile           # Docker configuration
├── Makefile             # Build automation
├── k8s/                 # Kubernetes manifests
│   ├── deployment.yaml  # Deployment configuration
│   └── service.yaml     # Service configuration
├── custom-attestation-types/  # Kosli custom attestation schemas
│   ├── coverage.schema.json   # Coverage attestation schema
│   └── manual-approval.schema.json  # Manual approval schema
├── .github/
│   └── workflows/
│       ├── ci-cd.yml    # GitHub Actions workflow
│       └── custom-attestation-types.yml  # Kosli schema validation
└── README.md            # This file