Merge remote-tracking branch 'origin' into chore/bump-dependencies

.github/workflows/codeql.yml

@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: "11 18 * * 6"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ go ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"

.github/workflows/deploy.yml

@@ -9,11 +9,11 @@ jobs:
   ci:
     name: CI
     runs-on: ubuntu-latest
-    timeout-minutes: 10
-    container: golang:1.21-bookworm
+    timeout-minutes: 15
+    container: golang:1
     services:
       db:
-        image: postgres:15-bookworm
+        image: postgres:15
         ports:
           - 5432:5432
         env:
@@ -22,30 +22,30 @@ jobs:
           POSTGRES_DB: captcha
         options: >-
           --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
+          --health-interval 30s
+          --health-timeout 20s
           --health-retries 5
       cache:
-        image: redis:7-bookworm
+        image: redis:7
         ports:
           - 6379:6379
         options: >-
           --health-cmd "redis-cli ping"
-          --health-interval 10s
-          --health-timeout 5s
+          --health-interval 30s
+          --health-timeout 20s
           --health-retries 5
       mongo:
-        image: mongo:5
+        image: mongo:6
         ports:
           - 27017:27017
         env:
           MONGO_INITDB_ROOT_USERNAME: root
           MONGO_INITDB_ROOT_PASSWORD: password
           MONGO_INITDB_DATABASE: captcha
         options: >-
-          --health-cmd "echo 'db.runCommand({serverStatus:1}).ok' | mongo admin -u root -p password --quiet"
-          --health-interval 10s
-          --health-timeout 5s
+          --health-cmd "echo 'db.runCommand(\"ping\").ok' | mongosh mongodb://localhost:27017/test --quiet"
+          --health-interval 30s
+          --health-timeout 20s
           --health-retries 5
     steps:
       - name: Checkout code
@@ -74,64 +74,49 @@ jobs:
           MONGO_DBNAME: captcha
           TZ: UTC
 
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          languages: go
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
-
       - uses: codecov/codecov-action@v3
 
   cd:
     name: CD
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
     needs:
       - ci
-    runs-on: ubuntu-latest
-    container: debian:bookworm
-    timeout-minutes: 120
+    permissions:
+      contents: read
+      packages: write
     steps:
-      - name: Install required packages
-        run: apt-get update && apt-get upgrade -y && apt-get install -y tar gzip curl ssh
-
-      - name: Register SSH key
-        uses: shimataro/ssh-key-action@v2
-        with:
-          key: ${{ secrets.SSH_KEY }}
-          name: id_ed25519
-          known_hosts: ${{ secrets.SSH_IP }}
-          if_key_exists: replace
+      - name: Checkout code
+        uses: actions/checkout@v3
 
-      - name: SSH Keyscan
-        run: ssh-keyscan -p ${{ secrets.SSH_PORT }} -H ${{ secrets.SSH_IP }} >> /root/.ssh/known_hosts
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
 
-      - name: Pull latest code
-        run: >
-          ssh
-          -i /root/.ssh/id_ed25519
-          -p ${{ secrets.SSH_PORT }}
-          -t ${{ secrets.SSH_USER }}@${{ secrets.SSH_IP }}
-          'ssh captcha "cd ${{ secrets.SSH_WORKDIR }}/captcha && git pull" '
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build Docker images
-        run: >
-          ssh
-          -i /root/.ssh/id_ed25519
-          -p ${{ secrets.SSH_PORT }}
-          -t ${{ secrets.SSH_USER }}@${{ secrets.SSH_IP }}
-          "ssh captcha 'echo ${{ secrets.SSH_PASSWORD }} | sudo -S bash -c '\"'cd ${{ secrets.SSH_WORKDIR }}/captcha &&
-          docker compose up -d --build'\"' ' "
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/${{ github.repository }}
+          flavor: |
+            latest=false
+          tags: |
+            type=edge
+            type=sha
 
-      - name: Clean up docker artifacts
-        run: >
-          ssh
-          -i /root/.ssh/id_ed25519
-          -p ${{ secrets.SSH_PORT }}
-          -t ${{ secrets.SSH_USER }}@${{ secrets.SSH_IP }}
-          "ssh captcha 'echo ${{ secrets.SSH_PASSWORD }} | sudo -S bash -c '\"'docker container prune -f &&
-          docker image prune -f &&
-          docker builder prune -f '\"' ' "
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          context: "{{defaultContext}}"
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
 
       - name: Create Sentry release
         uses: getsentry/action-release@v1

.github/workflows/pr.yml

@@ -10,10 +10,10 @@ jobs:
     name: CI
     runs-on: ubuntu-latest
     timeout-minutes: 10
-    container: golang:1.21-bookworm
+    container: golang:1
     services:
       db:
-        image: postgres:15-bookworm
+        image: postgres:15
         ports:
           - 5432:5432
         env:
@@ -22,30 +22,30 @@ jobs:
           POSTGRES_DB: captcha
         options: >-
           --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
+          --health-interval 30s
+          --health-timeout 20s
           --health-retries 5
       cache:
-        image: redis:7-bookworm
+        image: redis:7
         ports:
           - 6379:6379
         options: >-
           --health-cmd "redis-cli ping"
-          --health-interval 10s
-          --health-timeout 5s
+          --health-interval 30s
+          --health-timeout 20s
           --health-retries 5
       mongo:
-        image: mongo:5
+        image: mongo:6
         ports:
           - 27017:27017
         env:
           MONGO_INITDB_ROOT_USERNAME: root
           MONGO_INITDB_ROOT_PASSWORD: password
           MONGO_INITDB_DATABASE: captcha
         options: >-
-          --health-cmd "echo 'db.runCommand({serverStatus:1}).ok' | mongo admin -u root -p password --quiet"
-          --health-interval 10s
-          --health-timeout 5s
+          --health-cmd "echo 'db.runCommand(\"ping\").ok' | mongosh mongodb://localhost:27017/test --quiet"
+          --health-interval 30s
+          --health-timeout 20s
           --health-retries 5
     steps:
       - name: Checkout code
@@ -74,12 +74,4 @@ jobs:
           MONGO_DBNAME: captcha
           TZ: UTC
 
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          languages: go
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
-
       - uses: codecov/codecov-action@v3

Dockerfile

@@ -1,23 +1,25 @@
 FROM golang:1.21-bookworm AS builder
 
-ARG PORT=8080
-
 WORKDIR /app
 
 COPY . .
 
-RUN go build .
+RUN go build -o teknologi-umum-captcha .
 
-FROM debian:bookworm AS runtime
+FROM debian:bookworm-slim AS runtime
 
 WORKDIR /app
 
+ARG PORT=8080
+
 RUN apt-get update && \
     apt-get upgrade -y && \
     apt-get install -y curl ca-certificates openssl
 
-COPY --from=builder /app/ .
+COPY . .
+
+COPY --from=builder /app/teknologi-umum-captcha .
 
 EXPOSE ${PORT}
 
-CMD [ "/app/teknologi-umum-bot" ]
+CMD [ "/app/teknologi-umum-captcha" ]

README.md

@@ -1,6 +1,6 @@
 # Captcha
 
-This repository provides a captcha bot for Telegram messaging app. To self host your own captcha bot,
+This repository provides a captcha bot for Telegram messaging app. To self-host your own captcha bot,
 please use the [captcha-lite](https://github.com/teknologi-umum/captcha-lite) as it has no analytics
 and database dependency whatsoever, it only needs a single small VM.
 
@@ -10,7 +10,7 @@ Telebot repository and documentation: https://github.com/tucnak/telebot/tree/v3
 
 ```
 Teknologi Umum Captcha Bot
-Copyright (C) 2021 Teknologi Umum <teknologi.umum@gmail.com>
+Copyright (C) 2023 Teknologi Umum <opensource@teknologiumum.com>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -25,3 +25,5 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.
 ```
+
+See [LICENSE](./LICENSE)

analytics/analytics_test.go

@@ -5,10 +5,11 @@ import (
 	"database/sql"
 	"log"
 	"os"
-	"teknologi-umum-bot/analytics"
 	"testing"
 	"time"
 
+	"teknologi-umum-captcha/analytics"
+
 	"github.com/allegro/bigcache/v3"
 	"github.com/getsentry/sentry-go"
 	"github.com/jmoiron/sqlx"

analytics/fetch.go

@@ -3,7 +3,8 @@ package analytics
 import (
 	"context"
 	"database/sql"
-	"teknologi-umum-bot/shared"
+
+	"teknologi-umum-captcha/shared"
 
 	"github.com/jmoiron/sqlx"
 	"github.com/pkg/errors"

analytics/incr.go

@@ -4,9 +4,10 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"teknologi-umum-bot/shared"
 	"time"
 
+	"teknologi-umum-captcha/shared"
+
 	"github.com/jmoiron/sqlx"
 
 	"github.com/pkg/errors"

analytics/incr_test.go

@@ -2,9 +2,10 @@ package analytics_test
 
 import (
 	"context"
-	"teknologi-umum-bot/analytics"
 	"testing"
 	"time"
+
+	"teknologi-umum-captcha/analytics"
 )
 
 func TestIncrementUsrDB(t *testing.T) {

analytics/join.go

@@ -4,10 +4,11 @@ import (
 	"context"
 	"database/sql"
 	"strconv"
-	"teknologi-umum-bot/shared"
-	"teknologi-umum-bot/utils"
 	"time"
 
+	"teknologi-umum-captcha/shared"
+	"teknologi-umum-captcha/utils"
+
 	"github.com/jmoiron/sqlx"
 	"github.com/pkg/errors"