Story: There are over 100,000 flights a day, with millions of people and cargo being transferred around the world. With so many people and different carrier/agency groups, it can be hard to track where a person might be. In order to determine the flight path of a person, we must sort through all of their flight records.
Goal: To create a simple microservice API that can help us understand and track how a particular person's flight path may be queried. The API should accept a request that includes a list of flights, which are defined by a source and destination airport code. These flights may not be listed in order and will need to be sorted to find the total flight paths starting and ending airports.
See docs/ARCHITECTURE.md for C4 diagrams (Context, Container, Component), request flow sequence diagram, and CI/CD pipeline flowchart.
- gvm Go
LATEST_GO=$(curl -s 'https://go.dev/VERSION?m=text' | head -1) gvm install "$LATEST_GO" --prefer-binary --with-build-tools --with-protobuf gvm use "$LATEST_GO" --default
- nmv Node
nvm install --lts nvm use --lts npm install yarn --global npm install npm --global npm install -g pnpm pnpm add -g pnpm
- All dev tools are installed automatically:
make deps
Usage: make COMMAND
Commands :
help - List available tasks
deps - Download and install dependencies
api-docs - Build source code for swagger api reference
lint - Run golangci-lint (60+ linters via .golangci.yml)
sec - Run gosec security scanner
vulncheck - Run Go vulnerability check on dependencies
secrets - Scan for hardcoded secrets in source code and git history
lint-ci - Lint GitHub Actions workflow files
test - Run tests
bench - Run bench tests
bench-save - Save benchmark results to file
bench-compare - Compare two benchmark files
fuzz - Run fuzz tests for 30 seconds
build - Build REST API server's binary
run - Run REST API locally
build-image - Build Docker image
release - Create and push a new tag
update - Update dependencies to latest versions
open-swagger - Open browser with Swagger docs pointing to localhost
test-case-one - Test case 1 [["SFO", "EWR"]]
test-case-two - Test case 2 [["ATL", "EWR"], ["SFO", "ATL"]]
test-case-three - Test case 3 [["IND", "EWR"], ["SFO", "ATL"], ["GSO", "IND"], ["ATL", "GSO"]]
e2e - Run Postman/Newman end-to-end tests
make runmake test-case-one
make test-case-two
make test-case-three| Tool | Command | What it does |
|---|---|---|
| gosec | make sec |
Go-specific security scanner (injection, crypto, permissions) |
| govulncheck | make vulncheck |
Checks dependencies against the Go vulnerability database |
| gitleaks | make secrets |
Scans source code and git history for hardcoded secrets |
| Tool | Where | What it does |
|---|---|---|
| OWASP ZAP | CI only | API security scan using Swagger/OpenAPI spec |
| Tool | Command | What it does |
|---|---|---|
| golangci-lint | make lint |
Meta-linter running 60+ linters (configured via .golangci.yml) |
| actionlint | make lint-ci |
Lints GitHub Actions workflow files |
| Tool | Where | What it does |
|---|---|---|
| Trivy | CI only | Scans Docker images and filesystem for CVEs |
| Tool | Command | What it does |
|---|---|---|
| go test | make test |
Unit and handler tests (table-driven) |
| go test -bench | make bench |
Benchmark tests for critical paths |
| go test -fuzz | make fuzz |
Fuzz testing for FindItinerary algorithm |
| Newman | make e2e |
Postman/Newman end-to-end API tests |
make lint && make sec && make vulncheck && make secrets && make test && make api-docs && make buildTake a look at autogenerated REST API Documentation
Swagger API documentation - http://localhost:8080/swagger/index.html
"/calculate": {
"post": {
"description": "get the flight path of a person.",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"tags": [
"FlightCalculate"
],
"summary": "Determine the flight path of a person.",
"operationId": "flightCalculate-get",
"parameters": [
{
"description": "Flight segments",
"name": "flightSegments",
"in": "body",
"required": true,
"schema": {
"type": "array",
"items": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "array",
"items": {
"type": "string"
}
}
},
"500": {
"description": "Internal Server Error",
"schema": {
"type": "object",
"additionalProperties": true
}
}
}
}
}GitHub CI pipeline:
| Job | Steps |
|---|---|
| static-check | golangci-lint, gosec, govulncheck, gitleaks, actionlint, Trivy filesystem scan |
| builds | Build binary |
| tests | Unit + handler tests |
| integration | Build, run server, Newman/Postman E2E tests |
| dast | Build, run server, OWASP ZAP API security scan |
| image-scan | Build Docker image, Trivy vulnerability scan |
Utilized Postman collection exported to JSON file
and executes same use cases as Makefile targets test-case-one test-case-two test-case-three, plus negative test cases (empty body, malformed JSON, incomplete segment)
