Initial commit

Author: kantacky

.dockerignore

@@ -0,0 +1,13 @@
+.claude/
+.git/
+.github/
+.serena/
+
+.dockerignore
+.env*
+.gitignore
+.mcp.json
+CLAUDE.md
+Dockerfile
+mise.toml
+Taskfile.yaml

.env.example

@@ -0,0 +1,4 @@
+DB_IAM_USER=
+DB_NAME=
+INSTANCE_CONNECTION_NAME=
+GOOGLE_APPLICATION_CREDENTIALS=

.github/workflows/cd.yaml

@@ -0,0 +1,131 @@
+name: CD
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      environment_name:
+        description: Environment
+        required: true
+        type: choice
+        options:
+          - dev
+          - stg
+          - qa
+          - prod
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.environment_name }}
+  cancel-in-progress: true
+jobs:
+  set-env:
+    runs-on: ubuntu-latest
+    outputs:
+      environment: ${{ steps.set-env.outputs.environment }}
+      service_name: ${{ steps.set-env.outputs.service_name }}
+      image_tag: ${{ steps.set-env.outputs.image_tag }}
+    steps:
+      - uses: actions/checkout@v6
+      - name: Set Environmet
+        id: set-env
+        run: |
+          # Environment
+          IS_WORKFLOW_DISPATCH="${{ github.event_name == 'workflow_dispatch' && github.event.inputs.environment_name != '' }}"
+          IS_PUSH_TO_MAIN="${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.base_ref == 'main') }}"
+          if [ $IS_WORKFLOW_DISPATCH = "true" ]; then
+            export TARGET_ENVIRONMENT="${{ github.event.inputs.environment_name }}"
+          elif [ $IS_PUSH_TO_MAIN = "true" ]; then
+            export TARGET_ENVIRONMENT="stg"
+          else
+            exit 1
+          fi
+
+          echo "Environment: $TARGET_ENVIRONMENT"
+
+          # Service name suffix
+          if [ "$TARGET_ENVIRONMENT" = "prod" ]; then
+            export SERVICE_NAME_SUFFIX=""
+          else
+            export SERVICE_NAME_SUFFIX="-$TARGET_ENVIRONMENT"
+          fi
+
+          export REPO_NAME=$(echo ${{ github.repository }} | awk -F '/' '{print $2}')
+          export SERVICE_NAME=$REPO_NAME$SERVICE_NAME_SUFFIX
+          export IMAGE_TAG=${{ vars._AR_HOSTNAME }}/${{ vars.PROJECT_ID }}/github-actions/$REPO_NAME/$SERVICE_NAME:${{ github.sha }}
+
+          echo "Repository name: $REPO_NAME"
+          echo "Service name: $SERVICE_NAME"
+          echo "Image tag: $IMAGE_TAG"
+
+          echo "environment=$TARGET_ENVIRONMENT" >> "$GITHUB_OUTPUT"
+          echo "service_name=$SERVICE_NAME" >> "$GITHUB_OUTPUT"
+          echo "image_tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT"
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    env:
+      SERVICE_NAME: ${{ needs.set-env.outputs.service_name }}
+      IMAGE_TAG: ${{ needs.set-env.outputs.image_tag }}
+    needs:
+      - set-env
+    steps:
+      - uses: actions/checkout@v6
+      - name: Build
+        run: |
+          docker build \
+          -t ${{ env.IMAGE_TAG }} \
+          . \
+          -f Dockerfile \
+          --no-cache
+      - name: Authenticate
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ vars.SERVICE_ACCOUNT }}
+      - name: Setup Google Cloud
+        uses: google-github-actions/setup-gcloud@v2
+        with:
+          project_id: ${{ vars.PROJECT_ID }}
+      - name: Configure Docker
+        run: |
+          gcloud auth \
+          configure-docker \
+          ${{ vars._AR_HOSTNAME }}
+      - name: Push
+        run: |
+          docker push \
+          ${{ env.IMAGE_TAG }}
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    environment: ${{ needs.set-env.outputs.environment }}
+    env:
+      SERVICE_NAME: ${{ needs.set-env.outputs.service_name }}
+      IMAGE_TAG: ${{ needs.set-env.outputs.image_tag }}
+    needs:
+      - set-env
+      - build-and-push
+    steps:
+      - name: Authenticate
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ vars.SERVICE_ACCOUNT }}
+      - name: Deploy
+        id: deploy
+        uses: google-github-actions/deploy-cloudrun@v2
+        with:
+          service: ${{ env.SERVICE_NAME }}
+          image: ${{ env.IMAGE_TAG }}
+          region: ${{ vars._DEPLOY_REGION }}
+          env_vars: |
+            DB_IAM_USER=${{ vars.DB_IAM_USER }}
+            DB_NAME=${{ vars.DB_NAME }}
+            INSTANCE_CONNECTION_NAME=${{ vars.INSTANCE_CONNECTION_NAME }}
+          env_vars_update_strategy: overwrite
+          secrets_update_strategy: overwrite

.github/workflows/ci.yaml

@@ -0,0 +1,26 @@
+name: CI
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+    types:
+      - opened
+      - ready_for_review
+      - reopened
+      - synchronize
+  workflow_dispatch:
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  test:
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: jdx/mise-action@v3
+      - name: Test
+        run: task test

.gitignore

@@ -0,0 +1,62 @@
+# Created by https://www.toptal.com/developers/gitignore/api/macos,go
+# Edit at https://www.toptal.com/developers/gitignore?templates=macos,go
+
+### Go ###
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+# End of https://www.toptal.com/developers/gitignore/api/macos,go
+
+.env.keys

.mcp.json

@@ -0,0 +1,12 @@
+{
+  "mcpServers": {
+    "serena": {
+      "command": "uvx",
+      "args": [
+        "--from",
+        "git+https://github.com/oraios/serena.git",
+        "serena-mcp-server"
+      ]
+    }
+  }
+}

.serena/.gitignore

@@ -0,0 +1 @@
+/cache

CLAUDE.md

@@ -0,0 +1,53 @@
+# Build stage
+FROM golang:1.25.6-alpine AS builder
+
+# Install build dependencies
+RUN apk add --no-cache git
+
+# Set working directory
+WORKDIR /app
+
+# Copy go mod files
+COPY go.mod go.sum ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the application
+RUN CGO_ENABLED=0 GOOS=linux go build -tags timetzdata -o ./bin/main ./cmd/server/main.go
+
+# Runtime stage
+FROM alpine:3
+
+ENV PORT=8080
+
+# Install runtime dependencies
+RUN apk add --no-cache ca-certificates
+
+# Create non-root user
+RUN addgroup -g 1000 appuser && \
+    adduser -D -u 1000 -G appuser appuser
+
+# Set working directory
+WORKDIR /app
+
+# Copy binary from builder
+COPY --from=builder /app/bin/main /app/main
+
+# Copy OpenAPI spec
+COPY --from=builder /app/openapi /app/openapi
+
+# Change ownership
+RUN chown -R appuser:appuser /app
+
+# Switch to non-root user
+USER appuser
+
+# Expose port
+EXPOSE $PORT
+
+# Run the application
+CMD ["/app/main"]

Dockerfile

@@ -0,0 +1,52 @@
+version: "3"
+
+vars:
+  GO: go
+
+tasks:
+  install:
+    desc: Install dependencies
+    cmds:
+      - "{{.GO}} mod tidy"
+
+  generate:
+    desc: Generate API code from OpenAPI spec
+    cmds:
+      - rm -rf ./generated
+      - mkdir -p ./generated
+      - "{{.GO}} tool oapi-codegen -config ./openapi/config.yaml ./openapi/openapi.yaml"
+
+  clean:
+    desc: Clean build artifacts
+    cmds:
+      - rm -rf ./bin
+
+  build:
+    desc: Build the application
+    deps:
+      - clean
+    cmds:
+      - mkdir -p ./bin
+      - "{{.GO}} build -tags timetzdata -o ./bin/main ./cmd/server/main.go"
+
+  run:
+    desc: Run the application
+    cmds:
+      - "{{.GO}} run ./cmd/server/main.go"
+
+  build-and-run:
+    desc: Build and run the application
+    deps:
+      - build
+    cmds:
+      - ./bin/main
+
+  test:
+    desc: Run tests
+    cmds:
+      - "{{.GO}} test -v ./..."
+
+  default:
+    desc: Show available tasks
+    cmds:
+      - task --list