appdb

func Migrate ¶

func Migrate(ctx context.Context, db *sql.DB) error

Migrate runs all pending goose migrations bundled in the migrations/ subdirectory. Idempotent; safe to call on every startup. Returns an error if any migration fails — the caller should refuse to start the server in that case rather than serve a partially-migrated DB.

Goose's default logger writes to log.Default(). We route it through a Writer that drops everything; the API server's structured logger reports the migration outcome via its own log line in NewHandler.

func Open ¶

func Open(path string) (*sql.DB, error)

Open opens (or creates) the SQLite database at path and returns a *sql.DB ready for the various storage layers to share. The file is not migrated yet — the caller must call Migrate before using it.

We pin max-open to 1: SQLite serializes writes anyway, and the schema-create step relies on serial DDL to avoid the "database is locked" symptom that pops up under concurrent writers.

Open does an eager writability check on the parent directory and (when the file already exists) on the file itself. SQLite's pure-Go driver returns the cryptic "out of memory (14)" for any open failure, including "permission denied" and "directory doesn't exist" — which on a misconfigured deployment looks like an allocator problem but is really a filesystem ACL issue. By probing here we surface a real "directory not writable" error before sql.Open lazily tries to write.