Skip to content

feat: complete iteration 0 AOT contract tier#5

Draft
Blind-Striker wants to merge 22 commits into
masterfrom
feature/iteration0-aot-contract-tier
Draft

feat: complete iteration 0 AOT contract tier#5
Blind-Striker wants to merge 22 commits into
masterfrom
feature/iteration0-aot-contract-tier

Conversation

@Blind-Striker

Copy link
Copy Markdown
Contributor

Summary

  • replace RIE-based coverage with Aspire and LocalStack-backed HTTP contract tests
  • add the file-based BadgeSmith CLI and migrate CI, Lambda build, ingestion, badge, and secret-seeding workflows
  • refresh .NET 10, Aspire, AWS, and LocalStack package alignment
  • harden HMAC nonce ordering, DynamoDB key normalization, and client-facing error handling
  • consolidate architecture, tooling, roadmap, performance, and secret-safety documentation

Validation

  • dotnet test tests/BadgeSmith.Api.Tests/BadgeSmith.Api.Tests.csproj --configuration Release
  • 350 passed, 0 failed

Pipeline validation goal

  • exercise the migrated test composite action
  • build and upload the ARM64 Native AOT Lambda ZIP from the feature-branch PR path

Known review follow-ups

  • return 401 rather than 500 for malformed HMAC hex
  • URL-encode feature branch route segments in tooling
  • complete tests ingest argument validation
  • reconcile repository-local composite actions with reusable-action documentation
  • correct Aspire source-navigation ownership and LocalStack integration mapping
  • move composite-action inputs out of interpolated Bash script text

This PR is intentionally draft until the review follow-ups and approval-gated Native AOT verification are complete.

- Add the Iteration 0 planning and research baseline: deep-dive code review findings,
  performance opportunities, roadmap wave mapping, AOT contract-tier design, execution
  handoff notes, and the initial Slopwatch baseline for pre-existing findings.
- Add contract-test infrastructure for local AWS-style execution, including shared
  Testcontainers setup, deterministic contract fixtures, HTTP client base URL overrides,
  and normalized override URL handling for WireMock-backed NuGet/GitHub flows.
- Expand active HTTP contract coverage across test-result ingestion, HMAC auth failure
  paths, test badges, redirects, NuGet package badges, GitHub package badges, upstream
  unauthorized/forbidden/not-found cases, missing GitHub secrets, routing, HEAD, CORS
  preflight, and response CORS headers.
- Make test-result contract data deterministic so repeated local and CI runs do not
  collide on run identifiers, timestamps, nonces, or stored DynamoDB state.
- Add and harden the k6 performance baseline tooling, including environment-driven
  configuration, Lambda response projection, RIE-safe validation, memory sampling via
  mstat export, and local smoke baseline capture.
- Replace the active RIE-based contract path with Aspire Testing plus
  APIGatewayEmulator, and move local benchmark execution to the LocalStack ZIP Lambda
  path with Function URL fallback where LocalStack Community API Gateway v2 support is
  insufficient.
- Record durable baseline evidence for the mock pre-iteration reference, final local
  LocalStack smoke, live direct API Gateway smoke, and live CloudFront comparison smoke;
  document that direct API Gateway is the Lambda/API baseline while CloudFront is only
  an edge-cache comparison.
- Update Aspire/agent handover notes so future work starts from the RIE-free contract
  and benchmark topology, with CloudWatch Lambda REPORT lines as the source of truth
  for Lambda duration, memory, and cold-start observations.
Squashes the W1.5 file-based tooling migration commits while preserving their intent:

- build: add file-based BadgeSmith tool foundation

- build: migrate lambda build script to file-based tool

- build: migrate test runner helper to file-based tool

- build: migrate badge update and ingestion tooling to C#

- refactor: complete hosted DI conversion for file-based tool

Also syncs the Slopwatch baseline after removing the standalone seeder project.
W1.7 Task 2: bump non-pinned PackageVersion entries to latest stable on NuGet.

Aspire / LocalStack.Aspire.Hosting / Aspire.Hosting.AWS pins from Task 1 (4cbc96b) preserved unchanged. Microsoft.Extensions.* and System.Text.Json kept on 10.x stable (10.0.9). No xUnit / BenchmarkDotNet prereleases taken.

Version table (old -> new):

  Amazon.JSII.Analyzers                       1.121.0          -> 1.138.0

  Meziantou.Analyzer                         2.0.264          -> 3.0.122

  Microsoft.CodeAnalysis.BannedApiAnalyzers   4.14.0           -> 5.6.0

  Microsoft.CodeAnalysis.NetAnalyzers         10.0.101         -> 10.0.301

  Microsoft.VisualStudio.Threading.Analyzers  17.14.15         -> 18.7.23

  SonarAnalyzer.CSharp                       10.17.0.131074   -> 10.28.0.143324

  xunit.analyzers                            1.26.0           -> 1.27.0

  AWSSDK.Core                                4.0.100.1        -> 4.0.100.3

  AWSSDK.DynamoDBv2                          4.0.10.4         -> 4.0.101.1

  AWSSDK.SecretsManager                      4.0.4.1          -> 4.0.100.3

  Amazon.CDK.Lib                             2.233.0          -> 2.261.0

  Amazon.Lambda.APIGatewayEvents             2.7.3            -> 3.0.0

  Amazon.Lambda.Core                         2.8.0            -> 3.1.1

  Amazon.Lambda.RuntimeSupport               1.14.1           -> 2.1.2

  Amazon.Lambda.Serialization.SystemTextJson 2.4.4            -> 3.0.0

  Amazon.Lambda.TestUtilities                3.0.1            -> 4.1.0

  AWSSDK.Extensions.NETCore.Setup            4.0.3.17         -> 4.0.100.3

  Microsoft.Extensions.Hosting               10.0.8           -> 10.0.9

  Microsoft.Extensions.Http                  10.0.8           -> 10.0.9

  Microsoft.Extensions.Caching.Memory        10.0.1           -> 10.0.9

  Microsoft.Extensions.Logging.Console       10.0.1           -> 10.0.9

  Microsoft.SourceLink.GitHub                8.0.0            -> 10.0.300

  System.Text.Json                           10.0.1           -> 10.0.9

  OpenTelemetry.Api                          1.14.0           -> 1.16.0

  OpenTelemetry.Instrumentation.AspNetCore   1.14.0           -> 1.16.0

  OpenTelemetry.Instrumentation.Runtime      1.15.1           -> 1.16.0

  CliWrap                                    3.6.0            -> 3.10.2

  Constructs                                 10.4.4           -> 10.6.0

  NuGet.Versioning                           7.0.1            -> 7.6.0

  ZLinq                                     1.5.4            -> 1.5.6

  Microsoft.NET.Test.Sdk                     18.0.1           -> 18.7.0

  Testcontainers                             4.12.0           -> 4.13.0

  Testcontainers.LocalStack                  4.12.0           -> 4.13.0

  xunit.v3                                   3.2.1            -> 3.2.2

  xunit.v3.runner.console                    3.2.1            -> 3.2.2

Unchanged (Task 1 pins preserved):

  Aspire.Hosting.AppHost     13.4.6

  Aspire.Hosting.AWS         13.3.1

  Aspire.Hosting.Testing     13.4.6

  LocalStack.Aspire.Hosting  13.4.0

  LocalStack.Client          2.0.0 (already latest stable)

  LocalStack.Client.Extensions 2.0.0 (already latest stable)

  Roslynator.Analyzers / CodeAnalysis / Formatting 4.15.0 (already latest)

  SecurityCodeScan.VS2019   5.6.7 (already latest)

  Spectre.Console.Cli(.Extensions.DependencyInjection|.Testing) 0.55.0 / 0.26.0 (latest)

  BenchmarkDotNet           0.15.8 (already latest)

  OneOf / OneOf.SourceGenerator 3.0.271 (already latest)

  Moq                       4.20.72 (already latest)

  xunit.runner.visualstudio  3.1.5 (already latest)

Compile fix: SonarAnalyzer 10.28 promotes S5332 (HTTP usage) to error. The CDK local-performance stack uses 'http://localstack:4566' as the LocalStack container endpoint inside the Docker network (HTTP-only by design). Added a scoped #pragma warning disable/restore S5332 at the call site with an explanatory comment; no behavior change.

Verification: dotnet restore + dotnet build BadgeSmith.sln -c Release (0 warn / 0 err); dotnet build tools/badgesmith.cs (ok); dotnet test Category=Unit (315 passed); dotnet test Category=Functional (28 passed, Docker available); slopwatch analyze clean.
@Blind-Striker

Copy link
Copy Markdown
Contributor Author

Pipeline validation result:

  • build-and-test: passed (350 tests)
  • continuous-deployment: failed during the ARM64 Native AOT publish
  • Root cause: Amazon.Lambda.Serialization.SystemTextJson 3.0.0 emits IL3053 AOT analysis warnings, which are blocking under the repository warnings-as-errors policy

Failed job: https://github.com/localstack-dotnet/badge-smith/actions/runs/29073897324/job/86302264987

The PR remains draft until this AOT compatibility issue and the listed review follow-ups are resolved.

- restore Native AOT serializer compatibility
- harden HMAC and white-label tooling contracts
- secure GitHub Actions and ARM artifact generation
- correct Aspire source-navigation guidance

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of lines (20,000). Try reducing the number of changed lines and requesting a review from Copilot again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants