lukas/uis-cloud-computing
1
0
Fork 0
mirror of https://github.com/dat515-2025/Group-8.git synced 2026-03-22 15:12:08 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: lukas:test_arm_build
Branches Tags
lukas:main lukas:merge/core_simplificcation lukas:test_arm_build lukas:51-refactor-project-structure lukas:merge/update_workers lukas:merge/email_sender lukas:merge/prometheus_custom_metrics lukas:add_more_tests lukas:merge/prometheus_metrics lukas:merge/csas_scraping lukas:30-create-tests-and-set-up-a-github-pipeline lukas:merge/fix_react_oauth lukas:merge/frontend_basics lukas:merge/deployment_envs lukas:20-create-a-controller-layer-on-backend-side lukas:merge/database_backups lukas:merge/oauth lukas:merge/basic_database_structure lukas:11-update-deployment lukas:merge/cloudflare-deploy lukas:merge/pr_deploy_test lukas:merge/background-worker lukas:merge/refactor_migrations
...
compare: lukas:a76138614b1121ec39d8f14d7ec7e4a421ec3464
Branches Tags
lukas:main lukas:merge/core_simplificcation lukas:test_arm_build lukas:51-refactor-project-structure lukas:merge/update_workers lukas:merge/email_sender lukas:merge/prometheus_custom_metrics lukas:add_more_tests lukas:merge/prometheus_metrics lukas:merge/csas_scraping lukas:30-create-tests-and-set-up-a-github-pipeline lukas:merge/fix_react_oauth lukas:merge/frontend_basics lukas:merge/deployment_envs lukas:20-create-a-controller-layer-on-backend-side lukas:merge/database_backups lukas:merge/oauth lukas:merge/basic_database_structure lukas:11-update-deployment lukas:merge/cloudflare-deploy lukas:merge/pr_deploy_test lukas:merge/background-worker lukas:merge/refactor_migrations

26 Commits
test_arm_b ... a76138614b

Author SHA1 Message Date
Dejan Ribarovski
a76138614b Merge 8974561308 into d593f7a994 2025-10-17 15:14:17 +02:00
Lukáš Trkan
d593f7a994 feat(infrastructure): move to secrets
Some checks are pending
Deploy Prod / Build and push image (reusable) (push) Waiting to run
Details
Deploy Prod / Generate Production URLs (push) Waiting to run
Details
Deploy Prod / Frontend - Build and Deploy to Cloudflare Pages (prod) (push) Blocked by required conditions
Details
Deploy Prod / Helm upgrade/install (prod) (push) Blocked by required conditions
Details
2025-10-16 18:30:13 +02:00
Lukáš Trkan
ef5b3f2d30 feat(infrastructure): move to secrets 2025-10-16 18:25:06 +02:00
Lukáš Trkan
60109c4a35 fix(infrastructure): add oauth keys as secret 2025-10-16 18:18:19 +02:00
Lukáš Trkan
b6f9ee8fc7 fix(infrastructure): add missing slash 2025-10-16 18:11:19 +02:00
Lukáš Trkan
52333b24d5 Merge pull request #29 from dat515-2025/merge/deployment_envs 
fix(infrastructure): add env variables to deployment
 2025-10-16 18:05:59 +02:00
Lukáš Trkan
8929920072 Potential fix for code scanning alert no. 9: Workflow does not contain permissions 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2025-10-16 18:04:04 +02:00
Lukáš Trkan
cdb6cf5e20 Update .github/workflows/deploy-pr.yaml 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-16 18:02:09 +02:00
Lukáš Trkan
5190e9c48e fix(infrastructure): use correct runner 2025-10-16 18:00:07 +02:00
Lukáš Trkan
815bf7f065 fix(infrastructure): use correct runner 2025-10-16 17:50:39 +02:00
Lukáš Trkan
85a390565a fix(infrastructure): use correct runner 2025-10-16 17:43:55 +02:00
Lukáš Trkan
20d26b7edc fix(infrastructure): use correct runner 2025-10-16 17:42:16 +02:00
Lukáš Trkan
579dda50b9 fix(infrastructure): use correct runner 2025-10-16 17:42:02 +02:00
Lukáš Trkan
4f7d30daf6 fix(infrastructure): use correct runner 2025-10-16 17:32:00 +02:00
Lukáš Trkan
49c96187c9 fix(infrastructure): use correct runner 2025-10-16 17:17:41 +02:00
Lukáš Trkan
d1feafd4ef fix(infrastructure): use correct runner 2025-10-16 17:12:01 +02:00
Lukáš Trkan
efb454ba99 fix(infrastructure): use correct runner 2025-10-16 17:06:06 +02:00
Lukáš Trkan
810f1ccb32 fix(infrastructure): use correct runner 2025-10-16 17:01:38 +02:00
Lukáš Trkan
c4afdf5ad2 fix(infrastructure): use correct runner 2025-10-16 15:10:33 +02:00
Lukáš Trkan
c290a109b6 fix(infrastructure): use variables, not secrets 2025-10-16 15:01:53 +02:00
Lukáš Trkan
7c161f6f37 fix(infrastructure): add env variables to deployment 2025-10-16 14:49:26 +02:00
Lukáš Trkan
c4991ea3c4 fix(infrastructure): add env variables to deployment 2025-10-16 14:47:16 +02:00
Lukáš Trkan
3b6b64d472 update report.md 2025-10-16 13:51:52 +02:00
ribardej
9bc543a5fa feat(docs): weekly meeting 2025-10-16 13:27:53 +02:00
ribardej
14516a808b feat(docs): this week meeting.md 2025-10-16 11:15:54 +02:00
ribardej
922ebf46ae feat(docs): Catch up on report.md 2025-10-15 16:25:28 +02:00
12 changed files with 478 additions and 250 deletions
Expand all files Collapse all files

41
.github/workflows/deploy-pr.yaml vendored
View File

@@ -20,13 +20,26 @@ jobs:
pr_number: ${{ github.event.pull_request.number }}
secrets: inherit
get_urls:
if: github.event.action != 'closed'
name: Generate Preview URLs
uses: ./.github/workflows/url_generator.yml
with:
runner: vhs
mode: pr
pr_number: ${{ github.event.pull_request.number }}
base_domain: ${{ vars.DEV_BASE_DOMAIN }}
secrets: inherit
frontend:
if: github.event.action != 'closed'
name: Frontend - Build and Deploy to Cloudflare Pages (PR)
needs: [get_urls]
uses: ./.github/workflows/frontend-pages.yml
with:
mode: pr
pr_number: ${{ github.event.pull_request.number }}
backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }}
secrets: inherit
deploy:
@@ -36,7 +49,7 @@ jobs:
concurrency:
group: pr-${{ github.event.pull_request.number }}
cancel-in-progress: false
needs: [build, frontend]
needs: [build, frontend, get_urls]
steps:
- name: Checkout
uses: actions/checkout@v4
@@ -62,25 +75,24 @@ jobs:
DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
DIGEST: ${{ needs.build.outputs.digest }}
DOMAIN: "${{ needs.get_urls.outputs.backend_url }}"
DOMAIN_SCHEME: "${{ needs.get_urls.outputs.backend_url_scheme }}"
FRONTEND_DOMAIN: "${{ needs.get_urls.outputs.frontend_url }}"
FRONTEND_DOMAIN_SCHEME: "${{ needs.get_urls.outputs.frontend_url_scheme }}"
run: |
PR=${{ github.event.pull_request.number }}
if [ -z "$PR" ]; then echo "PR number missing"; exit 1; fi
if [ -z "$DEV_BASE_DOMAIN" ]; then echo "Secret DEV_BASE_DOMAIN is required (e.g., dev.example.com)"; exit 1; fi
if [ -z "$RABBITMQ_PASSWORD" ]; then echo "Secret DEV_RABBITMQ_PASSWORD is required"; exit 1; fi
if [ -z "$DB_PASSWORD" ]; then echo "Secret DEV_DB_PASSWORD is required"; exit 1; fi
RELEASE=myapp-pr-$PR
NAMESPACE=pr-$PR
DOMAIN=pr-$PR.$DEV_BASE_DOMAIN
if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
helm upgrade --install "$RELEASE" ./7project/charts/myapp-chart \
-n "$NAMESPACE" --create-namespace \
-f 7project/charts/myapp-chart/values-dev.yaml \
--set prNumber="$PR" \
--set deployment="pr-$PR" \
--set domain="$DOMAIN" \
--set image.repository="$IMAGE_REPO" \
--set domain_scheme="$DOMAIN_SCHEME" \
--set frontend_domain="$FRONTEND_DOMAIN" \
--set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
--set image.digest="$DIGEST" \
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
--set-string database.password="$DB_PASSWORD"
@@ -88,19 +100,16 @@ jobs:
- name: Post preview URLs as PR comment
uses: actions/github-script@v7
env:
DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
FRONTEND_URL: ${{ needs.frontend.outputs.deployed_url }}
BACKEND_URL: ${{ needs.get_urls.outputs.backend_url_scheme }}
FRONTEND_URL: ${{ needs.get_urls.outputs.frontend_url_scheme }}
with:
script: |
const pr = context.payload.pull_request;
if (!pr) { core.setFailed('No pull_request context'); return; }
const prNumber = pr.number;
const domainBase = process.env.DEV_BASE_DOMAIN;
if (!domainBase) { core.setFailed('DEV_BASE_DOMAIN is required'); return; }
const backendDomain = `pr-${prNumber}.${domainBase}`;
const backendUrl = `https://${backendDomain}`;
const backendUrl = process.env.BACKEND_URL || '(not available)';
const frontendUrl = process.env.FRONTEND_URL || '(not available)';
const marker = '<!-- preview-link -->';
const marker = '<!-- preview-comment-marker -->';
const body = `${marker}\nPreview environment is running\n- Frontend: ${frontendUrl}\n- Backend: ${backendUrl}\n`;
const { owner, repo } = context.repo;
const { data: comments } = await github.rest.issues.listComments({ owner, repo, issue_number: prNumber, per_page: 100 });

41
.github/workflows/deploy-prod.yaml vendored
View File

@@ -30,17 +30,28 @@ jobs:
context: 7project/backend
secrets: inherit
get_urls:
name: Generate Production URLs
uses: ./.github/workflows/url_generator.yml
with:
mode: prod
runner: vhs
base_domain: ${{ vars.PROD_DOMAIN }}
secrets: inherit
frontend:
name: Frontend - Build and Deploy to Cloudflare Pages (prod)
needs: [get_urls]
uses: ./.github/workflows/frontend-pages.yml
with:
mode: prod
backend_url_scheme: ${{ needs.get_urls.outputs.backend_url_scheme }}
secrets: inherit
deploy:
name: Helm upgrade/install (prod)
runs-on: vhs
needs: [build, frontend]
needs: [build, frontend, get_urls]
steps:
- name: Checkout
uses: actions/checkout@v4
@@ -63,25 +74,31 @@ jobs:
- name: Helm upgrade/install prod
env:
DOMAIN: ${{ secrets.PROD_DOMAIN }}
DOMAIN: ${{ needs.get_urls.outputs.backend_url }}
DOMAIN_SCHEME: ${{ needs.get_urls.outputs.backend_url_scheme }}
FRONTEND_DOMAIN: ${{ needs.get_urls.outputs.frontend_url }}
FRONTEND_DOMAIN_SCHEME: ${{ needs.get_urls.outputs.frontend_url_scheme }}
RABBITMQ_PASSWORD: ${{ secrets.PROD_RABBITMQ_PASSWORD }}
DB_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
IMAGE_REPO: ${{ needs.build.outputs.image_repo }}
DIGEST: ${{ needs.build.outputs.digest }}
BANKID_CLIENT_ID: ${{ secrets.BANKID_CLIENT_ID }}
BANKID_CLIENT_SECRET: ${{ secrets.BANKID_CLIENT_SECRET }}
MOJEID_CLIENT_ID: ${{ secrets.MOJEID_CLIENT_ID }}
MOJEID_CLIENT_SECRET: ${{ secrets.MOJEID_CLIENT_SECRET }}
run: |
if [ -z "$DOMAIN" ]; then
echo "Secret PROD_DOMAIN is required (e.g., app.example.com)"; exit 1; fi
if [ -z "$RABBITMQ_PASSWORD" ]; then
echo "Secret PROD_RABBITMQ_PASSWORD is required"; exit 1; fi
if [ -z "$DB_PASSWORD" ]; then
echo "Secret PROD_DB_PASSWORD is required"; exit 1; fi
if [ -z "$IMAGE_REPO" ]; then IMAGE_REPO="lukastrkan/cc-app-demo"; fi
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n prod --create-namespace \
-f 7project/charts/myapp-chart/values-prod.yaml \
--set deployment="prod" \
--set domain="$DOMAIN" \
--set image.repository="$IMAGE_REPO" \
--set domain_scheme="$DOMAIN_SCHEME" \
--set frontend_domain="$FRONTEND_DOMAIN" \
--set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
--set image.digest="$DIGEST" \
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
--set-string database.password="$DB_PASSWORD"
--set-string database.password="$DB_PASSWORD" \
--set-string oauth.bankid.clientId="$BANKID_CLIENT_ID" \
--set-string oauth.bankid.clientSecret="$BANKID_CLIENT_SECRET" \
--set-string oauth.mojeid.clientId="$MOJEID_CLIENT_ID" \
--set-string oauth.mojeid.clientSecret="$MOJEID_CLIENT_SECRET"

57
.github/workflows/frontend-pages.yml vendored
View File

@@ -15,6 +15,10 @@ on:
description: 'Cloudflare Pages project name (overrides default)'
required: false
type: string
backend_url_scheme:
description: 'The full scheme URL for the backend (e.g., https://api.example.com)'
required: true
type: string
secrets:
CLOUDFLARE_API_TOKEN:
required: true
@@ -25,14 +29,6 @@ on:
description: 'URL of deployed frontend'
value: ${{ jobs.deploy.outputs.deployed_url }}
# Required repository secrets:
# CLOUDFLARE_API_TOKEN - API token with Pages:Edit (or Account:Workers Scripts:Edit) permissions
# CLOUDFLARE_ACCOUNT_ID - Your Cloudflare account ID
# Optional repository variables:
# CF_PAGES_PROJECT_NAME - Default Cloudflare Pages project name
# PROD_DOMAIN - App domain for prod releases (e.g., api.example.com or https://api.example.com)
# BACKEND_URL_PR_TEMPLATE - Template for PR backend URL. Use {PR} placeholder for PR number (e.g., https://api-pr-{PR}.example.com)
jobs:
build:
name: Build frontend
@@ -54,50 +50,9 @@ jobs:
- name: Install dependencies
run: npm ci
- name: Compute backend URL for Vite
id: be
env:
EVENT_NAME: ${{ github.event_name }}
PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr_number }}
PR_TEMPLATE: ${{ vars.BACKEND_URL_PR_TEMPLATE }}
DEV_BASE_DOMAIN: ${{ secrets.BASE_DOMAIN }}
PROD_DOMAIN_VAR: ${{ vars.PROD_DOMAIN }}
PROD_DOMAIN_SECRET: ${{ secrets.PROD_DOMAIN }}
BACKEND_URL_OVERRIDE: ${{ vars.BACKEND_URL || secrets.BACKEND_URL }}
MODE: ${{ inputs.mode }}
- name: Set backend URL from workflow input
run: |
set -euo pipefail
URL=""
# 1) Explicit override wins (from repo var or secret)
if [ -n "${BACKEND_URL_OVERRIDE:-}" ]; then
if echo "$BACKEND_URL_OVERRIDE" | grep -Eiq '^https?://'; then
URL="$BACKEND_URL_OVERRIDE"
else
URL="https://${BACKEND_URL_OVERRIDE}"
fi
else
# 2) PR-specific URL when building for PR
if [ "${MODE:-}" = "pr" ] || [ "${EVENT_NAME}" = "pull_request" ]; then
if [ -n "${PR_TEMPLATE:-}" ] && [ -n "${PR_NUMBER:-}" ] ; then
URL="${PR_TEMPLATE//\{PR\}/${PR_NUMBER}}"
elif [ -n "${DEV_BASE_DOMAIN:-}" ] && [ -n "${PR_NUMBER:-}" ]; then
URL="https://pr-${PR_NUMBER}.${DEV_BASE_DOMAIN}"
fi
fi
# 3) Fallback to PROD_DOMAIN (prefer repo var, then secret)
if [ -z "$URL" ]; then
PROD_DOMAIN="${PROD_DOMAIN_VAR:-${PROD_DOMAIN_SECRET:-}}"
if [ -n "$PROD_DOMAIN" ]; then
if echo "$PROD_DOMAIN" | grep -Eiq '^https?://'; then
URL="$PROD_DOMAIN"
else
URL="https://${PROD_DOMAIN}"
fi
fi
fi
fi
echo "Using backend URL: ${URL:-<empty>}"
echo "VITE_BACKEND_URL=${URL}" >> $GITHUB_ENV
echo "VITE_BACKEND_URL=${{ inputs.backend_url_scheme }}" >> $GITHUB_ENV
- name: Build
run: npm run build

74
.github/workflows/url_generator.yml vendored Normal file
View File

@@ -0,0 +1,74 @@
name: Generate Preview or Production URLs
on:
workflow_call:
inputs:
mode:
description: "Build mode: 'prod' or 'pr'"
required: true
type: string
pr_number:
description: 'PR number (required when mode=pr)'
required: false
type: string
runner:
description: 'The runner to use for this job'
required: false
type: string
default: 'ubuntu-latest'
base_domain:
description: 'The base domain for production URLs (e.g., example.com)'
required: true
type: string
outputs:
backend_url:
description: "The backend URL without scheme (e.g., api.example.com)"
value: ${{ jobs.generate-urls.outputs.backend_url }}
frontend_url:
description: "The frontend URL without scheme (e.g., app.example.com)"
value: ${{ jobs.generate-urls.outputs.frontend_url }}
backend_url_scheme:
description: "The backend URL with scheme (e.g., https://api.example.com)"
value: ${{ jobs.generate-urls.outputs.backend_url_scheme }}
frontend_url_scheme:
description: "The frontend URL with scheme (e.g., https://app.example.com)"
value: ${{ jobs.generate-urls.outputs.frontend_url_scheme }}
jobs:
generate-urls:
permissions:
contents: none
runs-on: ${{ inputs.runner }}
outputs:
backend_url: ${{ steps.set_urls.outputs.backend_url }}
frontend_url: ${{ steps.set_urls.outputs.frontend_url }}
backend_url_scheme: ${{ steps.set_urls.outputs.backend_url_scheme }}
frontend_url_scheme: ${{ steps.set_urls.outputs.frontend_url_scheme }}
steps:
- name: Generate URLs
id: set_urls
env:
BASE_DOMAIN: ${{ inputs.base_domain }}
run: |
set -euo pipefail
if [ "${{ inputs.mode }}" = "prod" ]; then
BACKEND_URL="api.${BASE_DOMAIN}"
FRONTEND_URL="finance.${BASE_DOMAIN}"
else
# This is your current logic
FRONTEND_URL="pr-${{ inputs.pr_number }}.group-8-frontend.pages.dev"
BACKEND_URL="api-pr-${{ inputs.pr_number }}.${BASE_DOMAIN}"
fi
FRONTEND_URL_SCHEME="https://$FRONTEND_URL"
BACKEND_URL_SCHEME="https://$BACKEND_URL"
# This part correctly writes to GITHUB_OUTPUT for the step
echo "backend_url_scheme=$BACKEND_URL_SCHEME" >> $GITHUB_OUTPUT
echo "frontend_url_scheme=$FRONTEND_URL_SCHEME" >> $GITHUB_OUTPUT
echo "backend_url=$BACKEND_URL" >> $GITHUB_OUTPUT
echo "frontend_url=$FRONTEND_URL" >> $GITHUB_OUTPUT

54
7project/charts/myapp-chart/templates/NOTES.txt
View File

@@ -1,54 +0,0 @@
Thank you for installing myapp-chart.
This chart packages all Kubernetes manifests from the original deployment directory and parameterizes environment, database name (with optional PR suffix), image, and domain for external access.
Namespaces per developer (important):
- Install each developer's environment into their own namespace using Helm's -n/--namespace flag.
- No hardcoded namespace is used in templates; resources are created in .Release.Namespace.
- Example namespaces: dev-alice, dev-bob, pr-123, etc.
Key values:
- deployment -> used as Database CR name and DB username (MARIADB_DB and MARIADB_USER)
- image.repository/tag or image.digest -> container image
- domain -> public FQDN used by TunnelBinding (required to expose app)
- app/worker names, replicas, ports
Examples:
- Dev install (Alice):
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n dev-alice --create-namespace \
-f values-dev.yaml \
--set domain=alice.demo.example.com \
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
--set-string database.password="$DB_PASSWORD"
- Dev install (Bob):
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n dev-bob --create-namespace \
-f values-dev.yaml \
--set domain=bob.demo.example.com
- Prod install (different cleanupPolicy):
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n prod --create-namespace \
-f values-prod.yaml \
--set domain=app.example.com
- PR (preview) install with DB name containing PR number (also its own namespace):
PR=123
helm upgrade --install myapp-pr-$PR ./7project/charts/myapp-chart \
-n pr-$PR --create-namespace \
-f values-dev.yaml \
--set prNumber=$PR \
--set deployment=preview-$PR \
--set domain=pr-$PR.example.com
- Use a custom deployment identifier to suffix DB name, DB username and Secret name:
helm upgrade --install myapp ./7project/charts/myapp-chart \
-n dev-alice --create-namespace \
-f values-dev.yaml \
--set deployment=alice \
--set domain=alice.demo.example.com
Render locally (dry run):
helm template ./7project/charts/myapp-chart -f values-dev.yaml --set prNumber=456 --set deployment=test --set domain=demo.example.com --namespace dev-test | sed -n '/kind: Database/,$p' | head -n 30

46
7project/charts/myapp-chart/templates/app-deployment.yaml
View File

@@ -29,21 +29,27 @@ spec:
- name: MARIADB_PORT
value: '3306'
- name: MARIADB_DB
value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_DB
- name: MARIADB_USER
value: {{ required "Set .Values.deployment" .Values.deployment | quote }}
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_USER
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ required "Set .Values.database.secretName" .Values.database.secretName }}
key: password
name: prod
key: MARIADB_PASSWORD
- name: RABBITMQ_USERNAME
value: {{ .Values.rabbitmq.username | quote }}
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
key: password
name: prod
key: RABBITMQ_PASSWORD
- name: RABBITMQ_HOST
value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
- name: RABBITMQ_PORT
@@ -52,6 +58,34 @@ spec:
value: {{ .Values.rabbitmq.vhost | default "/" | quote }}
- name: MAIL_QUEUE
value: {{ .Values.worker.mailQueueName | default "mail_queue" | quote }}
- name: MOJEID_CLIENT_ID
valueFrom:
secretKeyRef:
name: prod
key: MOJEID_CLIENT_ID
- name: MOJEID_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: prod
key: MOJEID_CLIENT_SECRET
- name: BANKID_CLIENT_ID
valueFrom:
secretKeyRef:
name: prod
key: BANKID_CLIENT_ID
- name: BANKID_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: prod
key: BANKID_CLIENT_SECRET
- name: DOMAIN
value: {{ required "Set .Values.domain" .Values.domain | quote }}
- name: DOMAIN_SCHEME
value: {{ required "Set .Values.domain_scheme" .Values.domain_scheme | quote }}
- name: FRONTEND_DOMAIN
value: {{ required "Set .Values.frontend_domain" .Values.frontend_domain | quote }}
- name: FRONTEND_DOMAIN_SCHEME
value: {{ required "Set .Values.frontend_domain_scheme" .Values.frontend_domain_scheme | quote }}
livenessProbe:
httpGet:
path: /

17
7project/charts/myapp-chart/templates/prod.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: prod
type: Opaque
stringData:
MOJEID_CLIENT_ID: {{ .Values.oauth.mojeid.clientId | quote }}
MOJEID_CLIENT_SECRET: {{ .Values.oauth.mojeid.clientSecret | quote }}
BANKID_CLIENT_ID: {{ .Values.oauth.bankid.clientId | quote }}
BANKID_CLIENT_SECRET: {{ .Values.oauth.bankid.clientSecret | quote }}
# Database credentials
MARIADB_DB: {{ required "Set .Values.deployment" .Values.deployment | quote }}
MARIADB_USER: {{ required "Set .Values.deployment" .Values.deployment | quote }}
MARIADB_PASSWORD: {{ .Values.database.password | default "" | quote }}
# RabbitMQ credentials
RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }}
RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }}

23
7project/charts/myapp-chart/templates/worker-deployment.yaml
View File

@@ -31,13 +31,32 @@ spec:
- --loglevel
- INFO
env:
- name: MARIADB_HOST
value: "mariadb-repl-maxscale-internal.mariadb-operator.svc.cluster.local"
- name: MARIADB_PORT
value: '3306'
- name: MARIADB_DB
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_DB
- name: MARIADB_USER
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_USER
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
name: prod
key: MARIADB_PASSWORD
- name: RABBITMQ_USERNAME
value: {{ .Values.rabbitmq.username | quote }}
- name: RABBITMQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ printf "%s-user-credentials" (.Values.rabbitmq.username | default "app-user") }}
key: password
name: prod
key: RABBITMQ_PASSWORD
- name: RABBITMQ_HOST
value: {{ printf "%s.%s.svc.cluster.local" "rabbitmq-cluster" .Release.Namespace | quote }}
- name: RABBITMQ_PORT

12
7project/charts/myapp-chart/values.yaml
View File

@@ -11,6 +11,10 @@ deployment: ""
# Public domain to expose the app under (used by TunnelBinding fqdn)
# Set at install time: --set domain=example.com
domain: ""
domain_scheme: ""
frontend_domain: ""
frontend_domain_scheme: ""
image:
repository: lukastrkan/cc-app-demo
@@ -33,6 +37,14 @@ worker:
service:
port: 80
oauth:
bankid:
clientId: ""
clientSecret: ""
mojeid:
clientId: ""
clientSecret: ""
rabbitmq:
create: true
replicas: 1

53
7project/meetings/2025-10-16-meeting.md Normal file
View File

@@ -0,0 +1,53 @@
# Weekly Meeting Notes
- Group 8 - Personal finance tracker
- Mentor: Jaychander
Keep all meeting notes in the `meetings.md` file in your project folder.
Just copy the template below for each weekly meeting and fill in the details.
## Administrative Info
- Date: 2025-10-08
- Attendees: Dejan Ribarovski, Lukas Trkan
- Notetaker: Dejan Ribarovski
## Progress Update (Before Meeting)
Summary of what has been accomplished since the last meeting in the following categories.
## Action Items from Last Week (During Meeting)
- [x] start coding the app logic
- [x] start writing the report so it matches the actual progress
- [x] redo the system diagram so it includes a response flow
### Coding
Implemented initial functioning version of the app, added OAuth with BankId and MojeID,
added database snapshots.
### Documentation
report.md is up to date
## Questions and Topics for Discussion (Before Meeting)
Prepare 3-5 questions and topics you want to discuss with your mentor.
1. What other functionality should be added to the app
2. Priority for the next week (Testing maybe?)
3. Question 3
## Discussion Notes (During Meeting)
## Action Items for Next Week (During Meeting)
Last 3 minutes of the meeting, summarize action items.
- [ ] OAuth
- [ ] CI/CD fix
- [ ] Database local (multiple bank accounts)
- [ ] Add tests and set up github pipeline
- [ ] Frontend imporvment - user experience
- [ ] make the report more clear
---

0
7project/meetings/meeting-9-10.md → 7project/meetings/2025-10-9-meeting.md
View File

300
7project/report.md
View File

@@ -1,4 +1,4 @@
# Project Report
# Personal finance tracker
> **Instructions**:
> This template provides the structure for your project report.
@@ -7,126 +7,211 @@
## Project Overview
**Project Name**: [Your project name]
**Project Name**: Personal Finance Tracker
**Group Members**:
- Student number, Name, GitHub username
- Student number, Name, GitHub username
- Student number, Name, GitHub username
- 289229, Lukáš Trkan, lukastrkan
- 289258, Dejan Ribarovski, derib2613, ribardej
**Brief Description**:
[2-3 sentences describing what your application does and its main purpose]
Our application is a finance tracker, so a person can easily track his cash flow
through multiple bank accounts. Person can label transactions with custom categories
and later filter by them.
## Architecture Overview
Our system is a fullstack web application composed of a React frontend, a FastAPI backend, a PostgreSQL database, and asynchronous background workers powered by Celery with RabbitMQ. Redis is available for caching/kv and may be used by Celery as a result backend. The backend exposes REST endpoints for authentication (email/password and OAuth), users, categories, and transactions. A thin controller layer (FastAPI routers) lives under app/api. Infrastructure for Kubernetes is provided via OpenTofu (Terraformcompatible) modules and the application is packaged via a Helm chart.
### High-Level Architecture
[Describe the overall system architecture. Consider including a diagram using mermaid or linking to an image]
```mermaid
graph TD
A[Component A] --> B[Component B]
B --> C[Component C]
flowchart LR
proc_queue[Message Queue] --> proc_queue_worker[Worker Service]
proc_queue_worker --> ext_mail[(Email Service)]
proc_cron[Task planner] --> proc_queue
proc_queue_worker --> ext_bank[(Bank API)]
proc_queue_worker --> db
client[Client/Frontend] <--> svc[Backend API]
svc --> proc_queue
svc <--> db[(Database)]
svc <--> cache[(Cache)]
```
### Components
- **Component 1**: [Description of what this component does]
- **Component 2**: [Description of what this component does]
- **Component 3**: [Description of what this component does]
- Frontend (frontend/): React + TypeScript app built with Vite. Talks to the backend via REST, handles login/registration, shows latest transactions, filtering, and allows adding transactions.
- Backend API (backend/app): FastAPI app with routers under app/api for auth, categories, and transactions. Uses FastAPI Users for auth (JWT + OAuth), SQLAlchemy ORM, and Pydantic v2 schemas.
- Worker service (backend/app/workers): Celery worker handling asynchronous tasks (e.g., sending verification emails, future background processing).
- Database (PostgreSQL): Persists users, categories, transactions; schema managed by Alembic migrations.
- Message Queue (RabbitMQ): Transports background jobs from the API to the worker.
- Cache/Result Store (Redis): Available for caching or Celery result backend.
- Infrastructure as Code (tofu/): OpenTofu modules provisioning cluster services (RabbitMQ, Redis, Argo CD, cert-manager, Cloudflare tunnel, etc.).
- Deployment Chart (charts/myapp-chart/): Helm chart to deploy the application to Kubernetes.
### Technologies Used
- **Backend**: [e.g., Go, Node.js, Python]
- **Database**: [e.g., PostgreSQL, MongoDB, Redis]
- **Cloud Services**: [e.g., AWS EC2, Google Cloud Run, Azure Functions]
- **Container Orchestration**: [e.g., Docker, Kubernetes]
- **Other**: [List other significant technologies]
- Backend: Python, FastAPI, FastAPI Users, SQLAlchemy, Pydantic, Alembic, Celery
- Frontend: React, TypeScript, Vite
- Database: PostgreSQL
- Messaging: RabbitMQ
- Cache: Redis
- Containerization/Orchestration: Docker, Docker Compose (dev), Kubernetes, Helm
- IaC/Platform: OpenTofu (Terraform), Argo CD, cert-manager, MetalLB, Cloudflare Tunnel, Prometheus
## Prerequisites
### System Requirements
- Operating System: [e.g., Linux, macOS, Windows]
- Minimum RAM: [e.g., 8GB]
- Storage: [e.g., 10GB free space]
- Operating System: Linux, macOS, or Windows
- Minimum RAM: 4 GB (8 GB recommended for running backend, frontend, and database together)
- Storage: 2 GB free (Docker images may require additional space)
### Required Software
- [Software 1] (version X.X or higher)
- [Software 2] (version X.X or higher)
- [etc.]
- Docker Desktop or Docker Engine 24+
- Docker Compose v2+
- Node.js 20+ and npm 10+ (for local frontend dev/build)
- Python 3.12+ (for local backend dev outside Docker)
- PostgreSQL 15+ (optional if running DB outside Docker)
- Helm 3.12+ and kubectl 1.29+ (for Kubernetes deployment)
- OpenTofu 1.7+ (for infrastructure provisioning)
### Dependencies
### Environment Variables (common)
```bash
# List key dependencies that need to be installed
# For example:
# Docker Engine 20.10+
# Node.js 18+
# Go 1.25+
```
- Backend: SECRET, FRONTEND_URL, BACKEND_URL, DATABASE_URL, RABBITMQ_URL, REDIS_URL
- OAuth vars (Backend): MOJEID_CLIENT_ID/SECRET, BANKID_CLIENT_ID/SECRET (optional)
- Frontend: VITE_BACKEND_URL
### Dependencies (key libraries)
I am not sure what is meant by "key libraries"
Backend: FastAPI, fastapi-users, SQLAlchemy, pydantic v2, Alembic, Celery
Frontend: React, TypeScript, Vite
Services: PostgreSQL, RabbitMQ, Redis
## Build Instructions
### 1. Clone the Repository
You can run the project with Docker Compose (recommended for local development) or run services manually.
### 1) Clone the Repository
```bash
git clone [your-repository-url]
cd [repository-name]
git clone https://github.com/dat515-2025/Group-8.git
cd 7project
```
### 2. Install Dependencies
### 2) Install dependencies
Backend
```bash
# Provide step-by-step commands
# For example:
# npm install
# go mod download
# In 7project/backend
python3.12 -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
```
### 3. Build the Application
Frontend
```bash
# Provide exact build commands
# For example:
# make build
# docker build -t myapp .
# In 7project/frontend
npm install
```
### 4. Configuration
### 3) Manual Local Run
Backend
```bash
# Any configuration steps needed
# Environment variables to set
# Configuration files to create
# From the 7project/ directory
docker compose up --build
# This starts: PostgreSQL, RabbitMQ/Redis (if defined)
# Set environment variables (or create .env file)
export SECRET=CHANGE_ME_SECRET
export BACKEND_URL=http://127.0.0.1:8000
export FRONTEND_URL=http://localhost:5173
export DATABASE_URL=postgresql+asyncpg://user:password@127.0.0.1:5432/app
export RABBITMQ_URL=amqp://guest:guest@127.0.0.1:5672/
export REDIS_URL=redis://127.0.0.1:6379/0
# Apply DB migrations (Alembic)
# From 7project/backend
alembic upgrade head
# Run API
uvicorn app.app:fastApi --reload --host 0.0.0.0 --port 8000
# Run Celery worker (optional, for emails/background tasks)
celery -A app.celery_app.celery_app worker -l info
```
Frontend
```bash
# Configure backend URL for dev
echo 'VITE_BACKEND_URL=http://127.0.0.1:8000' > .env
npm run dev
# Open http://localhost:5173
```
- Backend default: http://127.0.0.1:8000 (OpenAPI at /docs)
- Frontend default: http://localhost:5173
If needed, adjust compose services/ports in compose.yml.
## Deployment Instructions
### Local Deployment
### Local (Docker Compose)
Described in the previous section (Manual Local Run)
### Kubernetes (via OpenTofu + Helm)
1) Provision platform services (RabbitMQ/Redis/ingress/tunnel/etc.) with OpenTofu
```bash
# Step-by-step commands for local deployment
# For example:
# docker-compose up -d
# kubectl apply -f manifests/
cd tofu
# copy and edit variables
cp terraform.tfvars.example terraform.tfvars
# authenticate to your cluster/cloud as needed, then:
tofu init
tofu plan
tofu apply
```
### Cloud Deployment
2) Deploy the app using Helm
```bash
# Commands for cloud deployment
# Include any cloud-specific setup
# Set the namespace
kubectl create namespace myapp || true
# Install/upgrade the chart with required values
helm upgrade --install myapp charts/myapp-chart \
-n myapp \
-f charts/myapp-chart/values.yaml \
--set image.backend.repository=myorg/myapp-backend \
--set image.backend.tag=latest \
--set env.BACKEND_URL="https://myapp.example.com" \
--set env.FRONTEND_URL="https://myapp.example.com" \
--set env.SECRET="CHANGE_ME_SECRET"
```
Adjust values to your registry and domain. The charts NOTES.txt includes additional examples.
3) Expose and access
- If using Cloudflare Tunnel or an ingress, configure DNS accordingly (see tofu/modules/cloudflare and deployment/tunnel.yaml).
- For quick testing without ingress:
```bash
kubectl -n myapp port-forward deploy/myapp-backend 8000:8000
kubectl -n myapp port-forward deploy/myapp-frontend 5173:80
```
### Verification
```bash
# Commands to verify deployment worked
# How to check if services are running
# Example health check endpoints
# Check pods
kubectl -n myapp get pods
# Backend health
curl -i http://127.0.0.1:8000/
# OpenAPI
open http://127.0.0.1:8000/docs
# Frontend (if port-forwarded)
open http://localhost:5173
```
## Testing Instructions
@@ -156,19 +241,38 @@ cd [repository-name]
## Usage Examples
### Basic Usage
All endpoints are documented at OpenAPI: http://127.0.0.1:8000/docs
### Auth: Register and Login (JWT)
```bash
# Examples of how to use the application
# Common commands or API calls
# Sample data or test scenarios
# Register
curl -X POST http://127.0.0.1:8000/auth/register \
-H 'Content-Type: application/json' \
-d '{
"email": "user@example.com",
"password": "StrongPassw0rd",
"first_name": "Jane",
"last_name": "Doe"
}'
# Login (JWT)
TOKEN=$(curl -s -X POST http://127.0.0.1:8000/auth/jwt/login \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'username=user@example.com&password=StrongPassw0rd' | jq -r .access_token)
echo $TOKEN
# Call a protected route
curl -H "Authorization: Bearer $TOKEN" http://127.0.0.1:8000/authenticated-route
```
### Advanced Features
### Frontend
```bash
# Examples showcasing advanced functionality
```
- Start with: npm run dev in 7project/frontend
- Ensure VITE_BACKEND_URL is set to the backend URL (e.g., http://127.0.0.1:8000)
- Open http://localhost:5173
- Login, view latest transactions, filter, and add new transactions from the UI.
---
@@ -216,17 +320,17 @@ cd [repository-name]
> Link to the specific commit on GitHub for each contribution.
| Task/Component | Assigned To | Status | Time Spent | Difficulty | Notes |
| ------------------------------------------------------------------- | ----------- | ------------- | ---------- | ---------- | ----------- |
| Project Setup & Repository | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] |
| [Design Document](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] |
| [Backend API Development](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Hard | [Any notes] |
| [Database Setup & Models](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] |
| [Frontend Development](https://github.com/dat515-2025/group-name) | [Name] | 🔄 In Progress | [X hours] | Medium | [Any notes] |
| [Docker Configuration](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] |
| [Cloud Deployment](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Hard | [Any notes] |
| [Testing Implementation](https://github.com/dat515-2025/group-name) | [Name] | ⏳ Pending | [X hours] | Medium | [Any notes] |
| [Documentation](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Easy | [Any notes] |
| [Presentation Video](https://github.com/dat515-2025/group-name) | [Name] | ✅ Complete | [X hours] | Medium | [Any notes] |
|-----------------------------------------------------------------------|-------------| ------------- |----------------|------------| ----------- |
| [Project Setup & Repository](https://github.com/dat515-2025/Group-8#) | Lukas | ✅ Complete | [X hours] | Medium | [Any notes] |
| [Design Document](https://github.com/dat515-2025/Group-8/blob/main/6design/design.md) | Both | ✅ Complete | 2 Hours | Easy | [Any notes] |
| [Backend API Development](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/api) | Dejan | ✅ Complete | 10 hours | Medium | [Any notes] |
| [Database Setup & Models](https://github.com/dat515-2025/Group-8/tree/main/7project/backend/app/models) | Lukas | ✅ Complete | [X hours] | Medium | [Any notes] |
| [Frontend Development](https://github.com/dat515-2025/Group-8/tree/main/7project/frontend) | Dejan | 🔄 In Progress | 7 hours so far | Medium | [Any notes] |
| [Docker Configuration](https://github.com/dat515-2025/Group-8/blob/main/7project/compose.yml) | Lukas | ✅ Complete | [X hours] | Easy | [Any notes] |
| [Cloud Deployment](https://github.com/dat515-2025/Group-8/blob/main/7project/deployment/app-demo-deployment.yaml) | Lukas | ✅ Complete | [X hours] | Hard | [Any notes] |
| [Testing Implementation](https://github.com/dat515-2025/group-name) | Dejan | ❌ Not Started | [X hours] | Medium | [Any notes] |
| [Documentation](https://github.com/dat515-2025/group-name) | Both | ❌ Not Started | [X hours] | Easy | [Any notes] |
| [Presentation Video](https://github.com/dat515-2025/group-name) | Both | ❌ Not Started | [X hours] | Medium | [Any notes] |
**Legend**: ✅ Complete | 🔄 In Progress | ⏳ Pending | ❌ Not Started
@@ -244,25 +348,16 @@ cd [repository-name]
| [Date] | Documentation | [X.X] | Updated README and design doc |
| **Total** | | **[XX.X]** | |
### [Team Member 2 Name]
### Dejan
| Date | Activity | Hours | Description |
| --------- | -------------------- | ---------- | ----------------------------------------- |
| [Date] | Frontend Development | [X.X] | Created user interface mockups |
| [Date] | Integration | [X.X] | Connected frontend to backend API |
| [Date] | Deployment | [X.X] | Docker configuration and cloud deployment |
| [Date] | Testing | [X.X] | End-to-end testing |
| **Total** | | **[XX.X]** | |
|-------------|----------------------|--------|--------------------------------|
| 25.9. | Design | 1.5 | 6design |
| 9-11.10. | Backend APIs | 10 | Implemented Backend APIs |
| 13-15.10. | Frontend Development | 6.5 | Created user interface mockups |
| Continually | Documantation | 3 | Documenting the dev process |
| **Total** | | **21** | |
### [Team Member 3 Name] (if applicable)
| Date | Activity | Hours | Description |
| --------- | ------------------------ | ---------- | -------------------------------- |
| [Date] | Database Design | [X.X] | Schema design and implementation |
| [Date] | Cloud Configuration | [X.X] | AWS/GCP setup and configuration |
| [Date] | Performance Optimization | [X.X] | Caching and query optimization |
| [Date] | Monitoring | [X.X] | Logging and monitoring setup |
| **Total** | | **[XX.X]** | |
### Group Total: [XXX.X] hours
@@ -292,11 +387,8 @@ cd [repository-name]
[Personal reflection on growth, challenges, and learning]
#### [Team Member 3 Name] (if applicable)
[Personal reflection on growth, challenges, and learning]
---
**Report Completion Date**: [Date]
**Last Updated**: [Date]
**Last Updated**: 15.10.2025