====== Golang Production Review Checklist ======
===== 1. Architecture Review =====
==== System Design ====
Checklist:
* [ ] Clear separation of concerns
* [ ] Business logic separated from transport layer
* [ ] Business logic separated from persistence layer
* [ ] Dependency Injection used
* [ ] SOLID principles applied appropriately
* [ ] High cohesion
* [ ] Low coupling
* [ ] Scalable design
* [ ] Maintainable design
Recommended Structure:
cmd/
├── api/
├── worker/
internal/
├── domain/
├── service/
├── repository/
├── transport/
│ ├── http/
│ ├── grpc/
│ └── middleware/
├── infrastructure/
├── config/
└── dto/
pkg/
tests/
Review Questions:
* [ ] Can business logic run without HTTP?
* [ ] Can business logic run without database?
* [ ] Can business logic be reused?
----
===== 2. Package Design Review =====
Checklist:
* [ ] Single responsibility packages
* [ ] No circular dependencies
* [ ] Clear package boundaries
* [ ] Minimal exported symbols
* [ ] Internal package used correctly
Good:
user/
payment/
inventory/
notification/
Bad:
utils/
helpers/
common/
misc/
shared/
Review Questions:
* [ ] Is package purpose obvious?
* [ ] Can package be tested independently?
* [ ] Is dependency direction correct?
----
===== 3. Interface Review =====
Checklist:
* [ ] Small interfaces
* [ ] Consumer-defined interfaces
* [ ] Interface segregation respected
* [ ] Composition preferred
Good:
type UserRepository interface {
GetByID(ctx context.Context, id int64) (*User, error)
}
Bad:
type Repository interface {
Create()
Update()
Delete()
Search()
Login()
SendEmail()
}
Review Questions:
* [ ] Is interface minimal?
* [ ] Can implementation change without affecting consumers?
----
===== 4. Error Handling Review =====
Checklist:
* [ ] No ignored errors
* [ ] Errors wrapped properly
* [ ] Meaningful messages
* [ ] Context preserved
Good:
if err != nil {
return fmt.Errorf(
"create order: %w",
err,
)
}
Bad:
result, _ := repository.Get()
Review Questions:
* [ ] Can root cause be identified?
* [ ] Can logs explain failure?
----
===== 5. Context Review =====
Checklist:
* [ ] context.Context is first parameter
* [ ] Context propagated correctly
* [ ] Cancellation supported
* [ ] Timeouts configured
Good:
func CreateOrder(
ctx context.Context,
req Request,
) error
Bad:
func CreateOrder(
req Request,
) error
Review Questions:
* [ ] Can request be cancelled?
* [ ] Can timeout stop execution?
----
===== 6. Concurrency Review =====
==== Goroutines ====
Checklist:
* [ ] No goroutine leaks
* [ ] Lifecycle managed
* [ ] Context respected
* [ ] Panic recovery considered
Example:
go func() {
select {
case <-ctx.Done():
return
}
}()
==== Channels ====
Checklist:
* [ ] Proper ownership
* [ ] Proper closing
* [ ] No deadlocks
* [ ] Buffered channels justified
Review Questions:
* [ ] Can goroutines stop safely?
* [ ] Can system survive high load?
----
===== 7. HTTP API Review =====
Checklist:
* [ ] Thin handlers
* [ ] Validation performed
* [ ] Business logic delegated
* [ ] Consistent response format
* [ ] Proper HTTP status codes
Good:
func CreateOrder(
w http.ResponseWriter,
r *http.Request,
) {
service.Create(...)
}
Bad:
func CreateOrder(
w http.ResponseWriter,
r *http.Request,
) {
// validation
// business logic
// SQL
}
Review Questions:
* [ ] Can handlers remain simple?
* [ ] Can business logic be tested separately?
----
===== 8. Database Review =====
==== Query Review ====
Checklist:
* [ ] Parameterized queries
* [ ] Proper indexes
* [ ] Pagination used
* [ ] No N+1 problems
Good:
db.Query(
"SELECT * FROM users WHERE id=?",
id,
)
Bad:
query := fmt.Sprintf(
"SELECT * FROM users WHERE id=%d",
id,
)
==== Transaction Review ====
Checklist:
* [ ] Atomic operations protected
* [ ] Rollbacks handled
* [ ] Commit errors checked
Review Questions:
* [ ] Can data become inconsistent?
* [ ] Are failures recoverable?
----
===== 9. Security Review =====
==== Authentication ====
Checklist:
* [ ] JWT validated
* [ ] Password hashing secure
* [ ] Session security reviewed
Good:
bcrypt.GenerateFromPassword(...)
Bad:
md5.Sum(...)
==== Authorization ====
Checklist:
* [ ] Resource ownership checked
* [ ] Role checks enforced
* [ ] Least privilege applied
==== Input Security ====
Checklist:
* [ ] Validation everywhere
* [ ] SQL Injection prevention
* [ ] XSS prevention
* [ ] SSRF prevention
==== Secrets ====
Checklist:
* [ ] No secrets in code
* [ ] Environment variables used
* [ ] Secret manager considered
Review Questions:
* [ ] Can attacker access sensitive data?
* [ ] Are permissions minimized?
----
===== 10. Logging Review =====
Checklist:
* [ ] Structured logging
* [ ] Correlation IDs
* [ ] Error logging
* [ ] Business event logging
Good:
logger.Info(
"order_created",
"order_id",
orderID,
)
Bad:
fmt.Println(orderID)
Review Questions:
* [ ] Can production issues be diagnosed?
* [ ] Can request flow be traced?
----
===== 11. Configuration Review =====
Checklist:
* [ ] Configuration centralized
* [ ] Environment-specific configs
* [ ] Startup validation
* [ ] Sensible defaults
Example:
APP_PORT
DB_HOST
DB_NAME
REDIS_HOST
Review Questions:
* [ ] Can configuration be changed safely?
* [ ] Can secrets be rotated?
----
===== 12. Performance Review =====
Checklist:
* [ ] Memory allocations optimized
* [ ] Database queries optimized
* [ ] Connection pools configured
* [ ] Caching strategy exists
==== Profiling ====
Checklist:
* [ ] pprof enabled
* [ ] CPU profile reviewed
* [ ] Memory profile reviewed
Commands:
go tool pprof
Review Questions:
* [ ] Can application handle 10x traffic?
* [ ] Are bottlenecks identified?
----
===== 13. Testing Review =====
==== Unit Tests ====
Checklist:
* [ ] Service tests
* [ ] Domain tests
* [ ] Business rule tests
==== Integration Tests ====
Checklist:
* [ ] Database tests
* [ ] API tests
* [ ] Queue tests
==== Coverage ====
Targets:
* [ ] Critical logic > 90%
* [ ] Overall > 70%
Commands:
go test ./...
go test -cover ./...
Review Questions:
* [ ] Can critical bugs be caught?
* [ ] Is regression risk minimized?
----
===== 14. Queue & Worker Review =====
Checklist:
* [ ] Retry policy defined
* [ ] Dead letter queue configured
* [ ] Idempotent processing
* [ ] Backoff strategy
Review Questions:
* [ ] Can jobs be retried safely?
* [ ] Can duplicate processing occur?
----
===== 15. Observability Review =====
==== Metrics ====
Checklist:
* [ ] Request count
* [ ] Error rate
* [ ] Latency
* [ ] Business metrics
==== Tracing ====
Checklist:
* [ ] Distributed tracing
* [ ] Request tracing
* [ ] Context propagation
Review Questions:
* [ ] Can incidents be diagnosed quickly?
* [ ] Can slow requests be identified?
----
===== 16. Cloud Native Review =====
Checklist:
* [ ] Stateless design
* [ ] Health endpoint
* [ ] Readiness endpoint
* [ ] Metrics endpoint
* [ ] Graceful shutdown
Endpoints:
/health
/ready
/metrics
Review Questions:
* [ ] Can service run in Kubernetes?
* [ ] Can service scale horizontally?
----
===== 17. Graceful Shutdown Review =====
Checklist:
* [ ] SIGTERM handled
* [ ] HTTP server shutdown
* [ ] Worker shutdown
* [ ] DB connections closed
Example:
server.Shutdown(ctx)
Review Questions:
* [ ] Can deployments happen safely?
* [ ] Can requests finish gracefully?
----
===== 18. CI/CD Review =====
Checklist:
* [ ] gofmt
* [ ] golangci-lint
* [ ] Unit tests
* [ ] Security scans
* [ ] Automated deployments
Pipeline:
Git Push
↓
gofmt
↓
golangci-lint
↓
Unit Tests
↓
Build
↓
Docker Build
↓
Deploy
Review Questions:
* [ ] Can bad code reach production?
* [ ] Can rollback happen safely?
----
===== 19. Production Readiness =====
==== Reliability ====
Checklist:
* [ ] Retry strategy
* [ ] Timeout strategy
* [ ] Circuit breaker considered
* [ ] Rate limiting implemented
==== Scalability ====
Checklist:
* [ ] Horizontal scaling
* [ ] Shared cache
* [ ] Shared storage
* [ ] Queue scaling
==== Disaster Recovery ====
Checklist:
* [ ] Backup strategy
* [ ] Restore procedures
* [ ] Runbooks documented
Review Questions:
* [ ] Can service survive failures?
* [ ] Can service recover quickly?
----
===== 20. Senior Golang Final Review =====
- [ ] Is code simple?
- [ ] Is business logic framework-independent?
- [ ] Are interfaces small?
- [ ] Is context propagated correctly?
- [ ] Are errors handled properly?
- [ ] Are goroutines leak-free?
- [ ] Is application observable?
- [ ] Can service scale horizontally?
- [ ] Can another engineer maintain it in 6 months?
- [ ] Will this wake me up at 3 AM?
If all answers are YES, the Golang application is Production Ready.
----
===== Golang Maturity Score =====
^ Category ^ Target ^
| Architecture | 9/10 |
| Package Design | 9/10 |
| Concurrency | 9/10 |
| Security | 9/10 |
| Performance | 9/10 |
| Testing | 8/10+ |
| Scalability | 9/10 |
| Observability | 8/10+ |
| Maintainability | 9/10 |
Overall Production Grade Target: >= 85%