forked from cartsnitch/cartsnitch
Compare commits
2 Commits
dev
..
v2026.04.20
| Author | SHA1 | Date | |
|---|---|---|---|
| 60beb2d89e | |||
| 9120c834e4 |
@@ -16,15 +16,14 @@ permissions:
|
|||||||
security-events: write
|
security-events: write
|
||||||
|
|
||||||
env:
|
env:
|
||||||
REGISTRY: git.farh.net
|
REGISTRY: ghcr.io
|
||||||
IMAGE_NAME: cartsnitch/cartsnitch
|
IMAGE_NAME: cartsnitch/cartsnitch
|
||||||
RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness
|
RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness
|
||||||
API_IMAGE_NAME: cartsnitch/api
|
API_IMAGE_NAME: cartsnitch/api
|
||||||
AUTH_IMAGE_NAME: cartsnitch/auth
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lint:
|
lint:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- uses: actions/setup-node@v4
|
- uses: actions/setup-node@v4
|
||||||
@@ -38,7 +37,7 @@ jobs:
|
|||||||
run: npx tsc --noEmit
|
run: npx tsc --noEmit
|
||||||
|
|
||||||
test:
|
test:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- uses: actions/setup-node@v4
|
- uses: actions/setup-node@v4
|
||||||
@@ -50,7 +49,7 @@ jobs:
|
|||||||
run: npx vitest run
|
run: npx vitest run
|
||||||
|
|
||||||
audit:
|
audit:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- uses: actions/setup-node@v4
|
- uses: actions/setup-node@v4
|
||||||
@@ -62,7 +61,7 @@ jobs:
|
|||||||
run: npm audit --audit-level=high
|
run: npm audit --audit-level=high
|
||||||
|
|
||||||
e2e:
|
e2e:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- uses: actions/setup-node@v4
|
- uses: actions/setup-node@v4
|
||||||
@@ -74,7 +73,7 @@ jobs:
|
|||||||
- run: npx playwright test
|
- run: npx playwright test
|
||||||
|
|
||||||
lighthouse:
|
lighthouse:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
needs: [test]
|
needs: [test]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
@@ -99,7 +98,7 @@ jobs:
|
|||||||
CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
|
CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
|
||||||
|
|
||||||
build-and-push:
|
build-and-push:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
needs: [lint, test, e2e]
|
needs: [lint, test, e2e]
|
||||||
outputs:
|
outputs:
|
||||||
@@ -134,13 +133,13 @@ jobs:
|
|||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Log in to Gitea registry
|
- name: Log in to GHCR
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@v3
|
||||||
with:
|
with:
|
||||||
registry: ${{ env.REGISTRY }}
|
registry: ${{ env.REGISTRY }}
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Extract metadata
|
- name: Extract metadata
|
||||||
id: meta
|
id: meta
|
||||||
@@ -175,7 +174,11 @@ jobs:
|
|||||||
only-fixed: "true"
|
only-fixed: "true"
|
||||||
output-format: sarif
|
output-format: sarif
|
||||||
|
|
||||||
|
- name: Upload frontend scan results to GitHub Security
|
||||||
|
uses: github/codeql-action/upload-sarif@v3
|
||||||
|
if: always()
|
||||||
|
with:
|
||||||
|
sarif_file: ${{ steps.scan.outputs.sarif }}
|
||||||
|
|
||||||
- name: Push Docker image
|
- name: Push Docker image
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
@@ -195,7 +198,7 @@ jobs:
|
|||||||
git push origin "v${{ steps.calver.outputs.version }}"
|
git push origin "v${{ steps.calver.outputs.version }}"
|
||||||
|
|
||||||
build-and-push-receiptwitness:
|
build-and-push-receiptwitness:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
needs: [lint, test]
|
needs: [lint, test]
|
||||||
outputs:
|
outputs:
|
||||||
@@ -224,13 +227,13 @@ jobs:
|
|||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Log in to Gitea registry
|
- name: Log in to GHCR
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@v3
|
||||||
with:
|
with:
|
||||||
registry: ${{ env.REGISTRY }}
|
registry: ${{ env.REGISTRY }}
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Extract metadata
|
- name: Extract metadata
|
||||||
id: meta
|
id: meta
|
||||||
@@ -267,7 +270,11 @@ jobs:
|
|||||||
only-fixed: "true"
|
only-fixed: "true"
|
||||||
output-format: sarif
|
output-format: sarif
|
||||||
|
|
||||||
|
- name: Upload receiptwitness scan results to GitHub Security
|
||||||
|
uses: github/codeql-action/upload-sarif@v3
|
||||||
|
if: always()
|
||||||
|
with:
|
||||||
|
sarif_file: ${{ steps.scan.outputs.sarif }}
|
||||||
|
|
||||||
- name: Push Docker image
|
- name: Push Docker image
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
@@ -283,7 +290,7 @@ jobs:
|
|||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
|
|
||||||
build-and-push-api:
|
build-and-push-api:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
needs: [lint, test]
|
needs: [lint, test]
|
||||||
outputs:
|
outputs:
|
||||||
@@ -312,13 +319,13 @@ jobs:
|
|||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Log in to Gitea registry
|
- name: Log in to GHCR
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@v3
|
||||||
with:
|
with:
|
||||||
registry: ${{ env.REGISTRY }}
|
registry: ${{ env.REGISTRY }}
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Extract metadata (API)
|
- name: Extract metadata (API)
|
||||||
id: meta
|
id: meta
|
||||||
@@ -355,7 +362,11 @@ jobs:
|
|||||||
only-fixed: "true"
|
only-fixed: "true"
|
||||||
output-format: sarif
|
output-format: sarif
|
||||||
|
|
||||||
|
- name: Upload api scan results to GitHub Security
|
||||||
|
uses: github/codeql-action/upload-sarif@v3
|
||||||
|
if: always()
|
||||||
|
with:
|
||||||
|
sarif_file: ${{ steps.scan.outputs.sarif }}
|
||||||
|
|
||||||
- name: Push Docker image
|
- name: Push Docker image
|
||||||
if: github.event_name == 'push'
|
if: github.event_name == 'push'
|
||||||
@@ -370,104 +381,25 @@ jobs:
|
|||||||
APT_CACHE_BUST=${{ github.run_id }}
|
APT_CACHE_BUST=${{ github.run_id }}
|
||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
|
|
||||||
build-and-push-auth:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
needs: [lint, test]
|
|
||||||
outputs:
|
|
||||||
calver_tag: ${{ steps.calver.outputs.version }}
|
|
||||||
sha_tag: sha-${{ github.sha }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Generate CalVer tag
|
|
||||||
id: calver
|
|
||||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
||||||
run: |
|
|
||||||
DATE_TAG=$(date -u +%Y.%m.%d)
|
|
||||||
EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
|
|
||||||
if [ -z "$EXISTING" ]; then VERSION="$DATE_TAG"
|
|
||||||
elif [ "$EXISTING" = "v${DATE_TAG}" ]; then VERSION="${DATE_TAG}.2"
|
|
||||||
else BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//"); VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"; fi
|
|
||||||
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
|
||||||
|
|
||||||
- name: Log in to Docker Hub
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
||||||
|
|
||||||
- name: Log in to Gitea registry
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
uses: docker/login-action@v3
|
|
||||||
with:
|
|
||||||
registry: ${{ env.REGISTRY }}
|
|
||||||
username: ${{ github.actor }}
|
|
||||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
||||||
|
|
||||||
- name: Extract metadata (auth)
|
|
||||||
id: meta
|
|
||||||
uses: docker/metadata-action@v5
|
|
||||||
with:
|
|
||||||
images: ${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}
|
|
||||||
tags: |
|
|
||||||
type=sha,prefix=sha-,format=long
|
|
||||||
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
|
|
||||||
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
|
|
||||||
|
|
||||||
- name: Build Docker image
|
|
||||||
uses: docker/build-push-action@v6
|
|
||||||
with:
|
|
||||||
context: ./auth
|
|
||||||
file: ./auth/Dockerfile
|
|
||||||
load: true
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
|
||||||
build-args: |
|
|
||||||
APT_CACHE_BUST=${{ github.run_id }}
|
|
||||||
cache-from: type=gha
|
|
||||||
cache-to: type=gha,mode=max
|
|
||||||
|
|
||||||
- name: Scan auth image for vulnerabilities
|
|
||||||
uses: anchore/scan-action@v5
|
|
||||||
id: scan
|
|
||||||
env:
|
|
||||||
GRYPE_CONFIG: .grype.yaml
|
|
||||||
with:
|
|
||||||
image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}"
|
|
||||||
fail-build: true
|
|
||||||
severity-cutoff: high
|
|
||||||
only-fixed: "true"
|
|
||||||
output-format: sarif
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: Push Docker image
|
|
||||||
if: github.event_name == 'push'
|
|
||||||
uses: docker/build-push-action@v6
|
|
||||||
with:
|
|
||||||
context: ./auth
|
|
||||||
file: ./auth/Dockerfile
|
|
||||||
push: true
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
|
||||||
build-args: |
|
|
||||||
APT_CACHE_BUST=${{ github.run_id }}
|
|
||||||
cache-from: type=gha
|
|
||||||
|
|
||||||
deploy-dev:
|
deploy-dev:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api, build-and-push-auth]
|
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api]
|
||||||
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
|
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
|
||||||
steps:
|
steps:
|
||||||
|
- name: Generate GitHub App token
|
||||||
|
id: app-token
|
||||||
|
uses: actions/create-github-app-token@v1
|
||||||
|
with:
|
||||||
|
app-id: ${{ secrets.CARTSNITCH_APP_ID }}
|
||||||
|
private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
|
||||||
|
owner: ${{ github.repository_owner }}
|
||||||
|
repositories: infra
|
||||||
|
|
||||||
- name: Checkout infra repo
|
- name: Checkout infra repo
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
repository: cartsnitch/infra
|
repository: cartsnitch/infra
|
||||||
token: ${{ secrets.REGISTRY_TOKEN }}
|
token: ${{ steps.app-token.outputs.token }}
|
||||||
ref: main
|
ref: main
|
||||||
path: infra
|
path: infra
|
||||||
|
|
||||||
@@ -490,7 +422,7 @@ jobs:
|
|||||||
if: needs.build-and-push.result == 'success'
|
if: needs.build-and-push.result == 'success'
|
||||||
run: |
|
run: |
|
||||||
cd infra/apps/overlays/dev
|
cd infra/apps/overlays/dev
|
||||||
kustomize edit set image ghcr.io/cartsnitch/cartsnitch=git.farh.net/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
||||||
|
|
||||||
- name: Determine image tag for receiptwitness
|
- name: Determine image tag for receiptwitness
|
||||||
id: receiptwitness_tag
|
id: receiptwitness_tag
|
||||||
@@ -505,7 +437,7 @@ jobs:
|
|||||||
if: needs.build-and-push-receiptwitness.result == 'success'
|
if: needs.build-and-push-receiptwitness.result == 'success'
|
||||||
run: |
|
run: |
|
||||||
cd infra/apps/overlays/dev
|
cd infra/apps/overlays/dev
|
||||||
kustomize edit set image ghcr.io/cartsnitch/receiptwitness=git.farh.net/cartsnitch/receiptwitness:${{ steps.receiptwitness_tag.outputs.tag }}
|
kustomize edit set image ghcr.io/cartsnitch/receiptwitness:${{ steps.receiptwitness_tag.outputs.tag }}
|
||||||
|
|
||||||
- name: Determine image tag for api
|
- name: Determine image tag for api
|
||||||
id: api_tag
|
id: api_tag
|
||||||
@@ -520,44 +452,38 @@ jobs:
|
|||||||
if: needs.build-and-push-api.result == 'success'
|
if: needs.build-and-push-api.result == 'success'
|
||||||
run: |
|
run: |
|
||||||
cd infra/apps/overlays/dev
|
cd infra/apps/overlays/dev
|
||||||
kustomize edit set image ghcr.io/cartsnitch/api=git.farh.net/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
|
kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
|
||||||
|
|
||||||
- name: Determine image tag for auth
|
|
||||||
id: auth_tag
|
|
||||||
run: |
|
|
||||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
|
||||||
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
|
|
||||||
else
|
|
||||||
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Update auth image tag
|
|
||||||
if: needs.build-and-push-auth.result == 'success'
|
|
||||||
run: |
|
|
||||||
cd infra/apps/overlays/dev
|
|
||||||
kustomize edit set image ghcr.io/cartsnitch/auth=git.farh.net/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
|
|
||||||
|
|
||||||
- name: Commit and push to infra
|
- name: Commit and push to infra
|
||||||
run: |
|
run: |
|
||||||
cd infra
|
cd infra
|
||||||
git config user.name "cartsnitch-ci[bot]"
|
git config user.name "cartsnitch-ci[bot]"
|
||||||
git config user.email "cartsnitch-ci[bot]@users.noreply.git.farh.net"
|
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
|
||||||
git add apps/overlays/dev/kustomization.yaml
|
git add apps/overlays/dev/kustomization.yaml
|
||||||
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
||||||
git commit -m "ci(dev): update cartsnitch, receiptwitness, api, and auth images"
|
git commit -m "ci(dev): update cartsnitch, receiptwitness, and api images"
|
||||||
git pull --rebase origin main
|
git pull --rebase origin main
|
||||||
git push origin main
|
git push origin main
|
||||||
|
|
||||||
deploy-uat:
|
deploy-uat:
|
||||||
runs-on: ubuntu-latest
|
runs-on: runners-cartsnitch
|
||||||
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api, build-and-push-auth]
|
needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api]
|
||||||
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
|
if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
|
||||||
steps:
|
steps:
|
||||||
|
- name: Generate GitHub App token
|
||||||
|
id: app-token
|
||||||
|
uses: actions/create-github-app-token@v1
|
||||||
|
with:
|
||||||
|
app-id: ${{ secrets.CARTSNITCH_APP_ID }}
|
||||||
|
private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
|
||||||
|
owner: ${{ github.repository_owner }}
|
||||||
|
repositories: infra
|
||||||
|
|
||||||
- name: Checkout infra repo
|
- name: Checkout infra repo
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
repository: cartsnitch/infra
|
repository: cartsnitch/infra
|
||||||
token: ${{ secrets.REGISTRY_TOKEN }}
|
token: ${{ steps.app-token.outputs.token }}
|
||||||
ref: main
|
ref: main
|
||||||
path: infra
|
path: infra
|
||||||
|
|
||||||
@@ -580,7 +506,7 @@ jobs:
|
|||||||
if: needs.build-and-push.result == 'success'
|
if: needs.build-and-push.result == 'success'
|
||||||
run: |
|
run: |
|
||||||
cd infra/apps/overlays/uat
|
cd infra/apps/overlays/uat
|
||||||
kustomize edit set image ghcr.io/cartsnitch/cartsnitch=git.farh.net/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}
|
||||||
|
|
||||||
- name: Determine image tag for receiptwitness
|
- name: Determine image tag for receiptwitness
|
||||||
id: receiptwitness_tag
|
id: receiptwitness_tag
|
||||||
@@ -595,7 +521,7 @@ jobs:
|
|||||||
if: needs.build-and-push-receiptwitness.result == 'success'
|
if: needs.build-and-push-receiptwitness.result == 'success'
|
||||||
run: |
|
run: |
|
||||||
cd infra/apps/overlays/uat
|
cd infra/apps/overlays/uat
|
||||||
kustomize edit set image ghcr.io/cartsnitch/receiptwitness=git.farh.net/cartsnitch/receiptwitness:${{ steps.receiptwitness_tag.outputs.tag }}
|
kustomize edit set image ghcr.io/cartsnitch/receiptwitness:${{ steps.receiptwitness_tag.outputs.tag }}
|
||||||
|
|
||||||
- name: Determine image tag for api
|
- name: Determine image tag for api
|
||||||
id: api_tag
|
id: api_tag
|
||||||
@@ -610,30 +536,15 @@ jobs:
|
|||||||
if: needs.build-and-push-api.result == 'success'
|
if: needs.build-and-push-api.result == 'success'
|
||||||
run: |
|
run: |
|
||||||
cd infra/apps/overlays/uat
|
cd infra/apps/overlays/uat
|
||||||
kustomize edit set image ghcr.io/cartsnitch/api=git.farh.net/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
|
kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
|
||||||
|
|
||||||
- name: Determine image tag for auth
|
|
||||||
id: auth_tag
|
|
||||||
run: |
|
|
||||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
|
||||||
echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
|
|
||||||
else
|
|
||||||
echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
|
|
||||||
fi
|
|
||||||
|
|
||||||
- name: Update auth image tag
|
|
||||||
if: needs.build-and-push-auth.result == 'success'
|
|
||||||
run: |
|
|
||||||
cd infra/apps/overlays/uat
|
|
||||||
kustomize edit set image ghcr.io/cartsnitch/auth=git.farh.net/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
|
|
||||||
|
|
||||||
- name: Commit and push to infra
|
- name: Commit and push to infra
|
||||||
run: |
|
run: |
|
||||||
cd infra
|
cd infra
|
||||||
git config user.name "cartsnitch-ci[bot]"
|
git config user.name "cartsnitch-ci[bot]"
|
||||||
git config user.email "cartsnitch-ci[bot]@users.noreply.git.farh.net"
|
git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
|
||||||
git add apps/overlays/uat/kustomization.yaml
|
git add apps/overlays/uat/kustomization.yaml
|
||||||
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
git diff --cached --quiet && echo "No image changes to deploy" && exit 0
|
||||||
git commit -m "ci(uat): update cartsnitch, receiptwitness, api, and auth images"
|
git commit -m "ci(uat): update cartsnitch, receiptwitness, and api images"
|
||||||
git pull --rebase origin main
|
git pull --rebase origin main
|
||||||
git push origin main
|
git push origin main
|
||||||
@@ -1,315 +1 @@
|
|||||||
# CartSnitch
|
# CartSnitch
|
||||||
|
|
||||||
**Grocery price intelligence — know what you're paying, every time.**
|
|
||||||
|
|
||||||
CartSnitch is a self-hosted grocery price intelligence platform that connects to your store loyalty accounts, tracks prices across retailers, monitors shrinkflation, and helps you find the best deals.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Project Overview
|
|
||||||
|
|
||||||
CartSnitch solves the problem of **grocery price opacity**. Most shoppers don't know if they're getting a good deal, whether prices have spiked since their last visit, or if the "sale" is actually a worse price than a competitor. CartSnitch makes prices transparent.
|
|
||||||
|
|
||||||
**Core features:**
|
|
||||||
- Connect Meijer, Kroger, Target loyalty accounts
|
|
||||||
- View purchase history across all stores in one timeline
|
|
||||||
- Track per-item price charts across stores over time
|
|
||||||
- Receive shrinkflation and price increase alerts
|
|
||||||
- Browse active coupons and deals
|
|
||||||
- Generate optimized shopping lists with store-split plans
|
|
||||||
- Public price transparency dashboards
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Architecture
|
|
||||||
|
|
||||||
CartSnitch is a polyglot microservices platform. The monorepo contains the frontend PWA and core services.
|
|
||||||
|
|
||||||
```
|
|
||||||
┌─────────────────────────────────────────────────────────────────┐
|
|
||||||
│ CartSnitch PWA │
|
|
||||||
│ (React, mobile-first PWA) │
|
|
||||||
└──────────┬────────────────────┬────────────────────┬───────────┘
|
|
||||||
│ │ │
|
|
||||||
▼ ▼ ▼
|
|
||||||
┌──────────────────┐ ┌─────────────────┐ ┌─────────────────────┐
|
|
||||||
│ Auth Service │ │ API Gateway │ │ ReceiptWitness │
|
|
||||||
│ (Better-Auth) │ │ (Python/FastAPI)│ │ (Python/Scrapers) │
|
|
||||||
│ Session mgmt │ │ REST + proxy │ │ Purchase ingestion │
|
|
||||||
└────────┬─────────┘ └────────┬────────┘ └──────────┬──────────┘
|
|
||||||
│ │ │
|
|
||||||
└──────────────────────┼────────────────────────┘
|
|
||||||
▼
|
|
||||||
┌────────────────────────┐
|
|
||||||
│ CloudNativePG (PGSQL) │
|
|
||||||
│ Shared database │
|
|
||||||
└────────────────────────┘
|
|
||||||
```
|
|
||||||
|
|
||||||
### Services in This Repo
|
|
||||||
|
|
||||||
| Directory | Service | Description |
|
|
||||||
|-----------|---------|-------------|
|
|
||||||
| `/` (root) | Frontend | React PWA, mobile-first |
|
|
||||||
| `auth/` | Auth | Better-Auth service — session management, email/password, OAuth |
|
|
||||||
| `api/` | API Gateway | Frontend-facing REST API, Python/FastAPI |
|
|
||||||
| `common/` | Common | Shared Python models, Pydantic schemas, Alembic migrations |
|
|
||||||
| `receiptwitness/` | ReceiptWitness | Purchase data ingestion via retailer scrapers |
|
|
||||||
|
|
||||||
### Other CartSnitch Repos
|
|
||||||
|
|
||||||
| Repo | Service |
|
|
||||||
|------|---------|
|
|
||||||
| `cartsnitch/stickershock` | Price increase detection & CPI comparison |
|
|
||||||
| `cartsnitch/shrinkray` | Shrinkflation monitoring |
|
|
||||||
| `cartsnitch/clipartist` | Coupon/deal watching |
|
|
||||||
| `cartsnitch/infra` | Kubernetes manifests, Flux kustomizations |
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Tech Stack
|
|
||||||
|
|
||||||
### Frontend
|
|
||||||
- **React 18+** with TypeScript
|
|
||||||
- **Vite** — build tool
|
|
||||||
- **Tailwind CSS v4** — mobile-first responsive design
|
|
||||||
- **Workbox** — service worker, offline caching, PWA manifest
|
|
||||||
- **Recharts** — price trend visualizations
|
|
||||||
- **TanStack Query** — data fetching and caching
|
|
||||||
- **React Router v7** — client-side routing
|
|
||||||
- **Zustand** — lightweight state management
|
|
||||||
|
|
||||||
### Backend Services
|
|
||||||
- **Better-Auth** — authentication (session management, email/password, OAuth)
|
|
||||||
- **Node.js** (API Gateway)
|
|
||||||
- **Python/FastAPI** (API Gateway, ReceiptWitness)
|
|
||||||
- **PostgreSQL** via CloudNativePG
|
|
||||||
- **DragonflyDB** for caching
|
|
||||||
|
|
||||||
### Infrastructure
|
|
||||||
- **Kubernetes** (k3s-compatible)
|
|
||||||
- **Flux CD** — GitOps deployment
|
|
||||||
- **GitHub Actions** — CI/CD
|
|
||||||
- **CalVer** (`YYYY.MM.DD[.N]`) — image tagging
|
|
||||||
- **Bitnami Sealed Secrets** — secret management
|
|
||||||
- **Authentik** — OIDC/OAuth2 provider
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Getting Started
|
|
||||||
|
|
||||||
### Prerequisites
|
|
||||||
|
|
||||||
- Node.js 20+
|
|
||||||
- npm or pnpm
|
|
||||||
- PostgreSQL (local or containerized)
|
|
||||||
- Docker (for running services locally)
|
|
||||||
|
|
||||||
### Local Development
|
|
||||||
|
|
||||||
1. **Clone the repo**
|
|
||||||
```bash
|
|
||||||
git clone https://github.com/cartsnitch/cartsnitch.git
|
|
||||||
cd cartsnitch
|
|
||||||
```
|
|
||||||
|
|
||||||
2. **Install dependencies**
|
|
||||||
```bash
|
|
||||||
npm install
|
|
||||||
```
|
|
||||||
|
|
||||||
3. **Set up environment variables**
|
|
||||||
```bash
|
|
||||||
cp .env.example .env
|
|
||||||
# Edit .env with your local settings
|
|
||||||
```
|
|
||||||
|
|
||||||
4. **Start the frontend dev server**
|
|
||||||
```bash
|
|
||||||
npm run dev
|
|
||||||
```
|
|
||||||
The PWA will be available at `http://localhost:5173`.
|
|
||||||
|
|
||||||
5. **Run tests**
|
|
||||||
```bash
|
|
||||||
npm test
|
|
||||||
```
|
|
||||||
|
|
||||||
6. **Build for production**
|
|
||||||
```bash
|
|
||||||
npm run build
|
|
||||||
```
|
|
||||||
|
|
||||||
### Running Backend Services Locally
|
|
||||||
|
|
||||||
The frontend PWA communicates with three backend services. For full local development, you'll need to run each service:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
# Auth service (Better-Auth)
|
|
||||||
cd auth
|
|
||||||
npm install
|
|
||||||
npm run dev
|
|
||||||
|
|
||||||
# API Gateway (separate repo: cartsnitch/api)
|
|
||||||
# See api/README.md
|
|
||||||
|
|
||||||
# ReceiptWitness (separate repo: cartsnitch/receiptwitness)
|
|
||||||
# See receiptwitness/README.md
|
|
||||||
```
|
|
||||||
|
|
||||||
### Environment Variables
|
|
||||||
|
|
||||||
| Variable | Description | Default |
|
|
||||||
|----------|-------------|---------|
|
|
||||||
| `VITE_API_URL` | API Gateway base URL | `http://localhost:3000` |
|
|
||||||
| `VITE_AUTH_URL` | Auth service base URL | `http://localhost:3001` |
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Contributing
|
|
||||||
|
|
||||||
We welcome contributions. Please follow the workflow below.
|
|
||||||
|
|
||||||
### Branching Strategy
|
|
||||||
|
|
||||||
- Branch from `dev`
|
|
||||||
- Use prefix: `feature/`, `fix/`, `docs/`, `chore/`
|
|
||||||
- Examples: `feature/shopping-list-optimization`, `fix/price-chart-zoom`
|
|
||||||
|
|
||||||
### Commit Convention
|
|
||||||
|
|
||||||
We use [Conventional Commits](https://www.conventionalcommits.org/):
|
|
||||||
|
|
||||||
```
|
|
||||||
feat: add shopping list export
|
|
||||||
fix: correct price chart date formatting
|
|
||||||
docs: update API documentation
|
|
||||||
chore: update dependencies
|
|
||||||
```
|
|
||||||
|
|
||||||
### Pull Request Workflow
|
|
||||||
|
|
||||||
1. Open a PR against `dev`
|
|
||||||
2. CI must pass (lint, type check, tests, e2e)
|
|
||||||
3. QA reviews and approves
|
|
||||||
4. CTO merges to `dev`
|
|
||||||
5. Dev deploys automatically
|
|
||||||
6. CTO promotes `dev → uat`
|
|
||||||
7. UAT and security review
|
|
||||||
8. CEO merges `uat → main`
|
|
||||||
9. Production deploys automatically
|
|
||||||
|
|
||||||
**Never push directly to `main`, `dev`, or `uat`.**
|
|
||||||
|
|
||||||
### Code Standards
|
|
||||||
|
|
||||||
- ESLint for linting
|
|
||||||
- TypeScript strict mode
|
|
||||||
- Mobile-first responsive design
|
|
||||||
- Accessibility (WCAG 2.1 AA)
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Testing
|
|
||||||
|
|
||||||
### Unit Tests
|
|
||||||
|
|
||||||
```bash
|
|
||||||
npm test
|
|
||||||
```
|
|
||||||
|
|
||||||
### E2E Tests (Playwright)
|
|
||||||
|
|
||||||
```bash
|
|
||||||
npm run test:e2e
|
|
||||||
```
|
|
||||||
|
|
||||||
Tests run headless by default. For headed mode:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
npm run test:e2e:headed
|
|
||||||
```
|
|
||||||
|
|
||||||
### Lighthouse CI
|
|
||||||
|
|
||||||
Performance audits run automatically in CI. To run locally:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
npm run build
|
|
||||||
npm run preview
|
|
||||||
# In another terminal:
|
|
||||||
npx lighthouse http://localhost:4173 --output=html --output-path=./report/lighthouse.html
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## CI/CD Pipeline
|
|
||||||
|
|
||||||
All branches (`main`, `dev`, `uat`) run through GitHub Actions on every push.
|
|
||||||
|
|
||||||
### Pipeline Stages
|
|
||||||
|
|
||||||
| Job | Trigger | Purpose |
|
|
||||||
|-----|---------|---------|
|
|
||||||
| `lint` | Every push | ESLint + TypeScript type check |
|
|
||||||
| `test` | Every push | Unit tests via Vitest |
|
|
||||||
| `audit` | Every push | Security vulnerability scan |
|
|
||||||
| `e2e` | Every push | Playwright end-to-end tests |
|
|
||||||
| `lighthouse` | After test | Performance budget check |
|
|
||||||
| `build-and-push` | On push to main/dev/uat | Build and push Docker images to GHCR |
|
|
||||||
| `deploy-dev` | On push to dev or main | Update `cartsnitch/infra` → auto-deploy to dev |
|
|
||||||
| `deploy-uat` | On push to uat or main | Update `cartsnitch/infra` → auto-deploy to uat |
|
|
||||||
|
|
||||||
### Image Tagging
|
|
||||||
|
|
||||||
- **Production (`main`):** CalVer tag (`YYYY.MM.DD[.N]`) + `latest`
|
|
||||||
- **Development (`dev`):** SHA tag (`sha-<short-sha>`)
|
|
||||||
|
|
||||||
### Deployment Environments
|
|
||||||
|
|
||||||
| Environment | Namespace | URL | Trigger |
|
|
||||||
|-------------|-----------|-----|---------|
|
|
||||||
| Dev | `cartsnitch-dev` | `cartsnitch.dev.farh.net` | Push to `dev` branch |
|
|
||||||
| UAT | `cartsnitch-uat` | `cartsnitch.uat.farh.net` | Push to `uat` branch |
|
|
||||||
| Production | `cartsnitch` | `cartsnitch.farh.net` | Push to `main` branch |
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Deployment
|
|
||||||
|
|
||||||
### Infrastructure
|
|
||||||
|
|
||||||
The infrastructure repository ([cartsnitch/infra](https://github.com/cartsnitch/infra)) contains Kubernetes manifests and Flux Kustomize overlays.
|
|
||||||
|
|
||||||
### Flux GitOps Flow
|
|
||||||
|
|
||||||
1. CI builds and pushes a new Docker image
|
|
||||||
2. CI opens a PR to `cartsnitch/infra` updating the image tag
|
|
||||||
3. On merge, Flux reconciles the manifests and rolls out the new image
|
|
||||||
|
|
||||||
### Forcing a Rollout
|
|
||||||
|
|
||||||
To force pods to pick up a new `:latest` image:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
kubectl rollout restart deployment/<name> -n <namespace>
|
|
||||||
```
|
|
||||||
|
|
||||||
### Secrets
|
|
||||||
|
|
||||||
Secrets are managed via **Bitnami Sealed Secrets**. No plain Kubernetes secrets are used.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Related Projects
|
|
||||||
|
|
||||||
- [StickerShock](https://github.com/cartsnitch/stickershock) — Price increase detection
|
|
||||||
- [ShrinkRay](https://github.com/cartsnitch/shrinkray) — Shrinkflation monitoring
|
|
||||||
- [ClipArtist](https://github.com/cartsnitch/clipartist) — Coupon/deal optimization
|
|
||||||
- [Infra](https://github.com/cartsnitch/infra) — Kubernetes infrastructure
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## License
|
|
||||||
|
|
||||||
MIT © 2025 CartSnitch
|
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ permissions:
|
|||||||
packages: write
|
packages: write
|
||||||
|
|
||||||
env:
|
env:
|
||||||
REGISTRY: git.farh.net
|
REGISTRY: ghcr.io
|
||||||
IMAGE_NAME: cartsnitch/api
|
IMAGE_NAME: cartsnitch/api
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
@@ -130,13 +130,13 @@ jobs:
|
|||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Log in to Gitea registry
|
- name: Log in to GHCR
|
||||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||||||
uses: docker/login-action@v3
|
uses: docker/login-action@v3
|
||||||
with:
|
with:
|
||||||
registry: ${{ env.REGISTRY }}
|
registry: ${{ env.REGISTRY }}
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.REGISTRY_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Extract metadata
|
- name: Extract metadata
|
||||||
id: meta
|
id: meta
|
||||||
@@ -1,41 +1,9 @@
|
|||||||
"""Redis/DragonflyDB caching helpers."""
|
"""Redis/DragonflyDB caching helpers."""
|
||||||
|
|
||||||
import logging
|
|
||||||
from typing import TYPE_CHECKING
|
|
||||||
|
|
||||||
import redis.asyncio as redis
|
import redis.asyncio as redis
|
||||||
from redis.asyncio import Redis
|
|
||||||
|
|
||||||
from cartsnitch_api.config import settings
|
from cartsnitch_api.config import settings
|
||||||
|
|
||||||
if TYPE_CHECKING:
|
|
||||||
from cartsnitch_api.config import Settings
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
_redis: "Redis | None" = None
|
|
||||||
|
|
||||||
|
|
||||||
def get_settings() -> "Settings":
|
|
||||||
return settings
|
|
||||||
|
|
||||||
|
|
||||||
async def init_redis() -> None:
|
|
||||||
global _redis
|
|
||||||
_redis = redis.from_url(settings.redis_url)
|
|
||||||
await _redis.ping()
|
|
||||||
|
|
||||||
|
|
||||||
async def close_redis() -> None:
|
|
||||||
global _redis
|
|
||||||
if _redis is not None:
|
|
||||||
await _redis.aclose()
|
|
||||||
_redis = None
|
|
||||||
|
|
||||||
|
|
||||||
def get_redis() -> Redis | None:
|
|
||||||
return _redis
|
|
||||||
|
|
||||||
|
|
||||||
class CacheClient:
|
class CacheClient:
|
||||||
"""Redis/DragonflyDB caching with connection pooling.
|
"""Redis/DragonflyDB caching with connection pooling.
|
||||||
|
|||||||
@@ -1,60 +1,28 @@
|
|||||||
"""Database session management for the API gateway."""
|
"""Database session management for the API gateway."""
|
||||||
|
|
||||||
from collections.abc import AsyncGenerator
|
from collections.abc import AsyncGenerator
|
||||||
from typing import TYPE_CHECKING
|
|
||||||
|
|
||||||
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
|
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
|
||||||
|
|
||||||
from cartsnitch_api.config import settings
|
from cartsnitch_api.config import settings
|
||||||
|
|
||||||
if TYPE_CHECKING:
|
engine = create_async_engine(
|
||||||
from sqlalchemy.engine import Engine
|
settings.database_url,
|
||||||
|
echo=False,
|
||||||
|
pool_size=10,
|
||||||
_engine: "Engine | None" = None
|
max_overflow=20,
|
||||||
async_session_factory: async_sessionmaker[AsyncSession] | None = None
|
pool_pre_ping=True,
|
||||||
|
pool_recycle=3600,
|
||||||
|
)
|
||||||
def create_db_engine():
|
async_session_factory = async_sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
|
||||||
return create_async_engine(
|
|
||||||
settings.database_url,
|
|
||||||
pool_size=10,
|
|
||||||
max_overflow=20,
|
|
||||||
pool_pre_ping=True,
|
|
||||||
pool_recycle=3600,
|
|
||||||
echo=False,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
async def init_db() -> None:
|
|
||||||
global _engine, async_session_factory
|
|
||||||
_engine = create_db_engine()
|
|
||||||
async_session_factory = async_sessionmaker(_engine, class_=AsyncSession, expire_on_commit=False)
|
|
||||||
|
|
||||||
|
|
||||||
async def close_db() -> None:
|
|
||||||
global _engine, async_session_factory
|
|
||||||
if _engine is not None:
|
|
||||||
await _engine.dispose()
|
|
||||||
_engine = None
|
|
||||||
async_session_factory = None
|
|
||||||
|
|
||||||
|
|
||||||
def get_engine():
|
|
||||||
return _engine
|
|
||||||
|
|
||||||
|
|
||||||
async def get_db() -> AsyncGenerator[AsyncSession, None]:
|
async def get_db() -> AsyncGenerator[AsyncSession, None]:
|
||||||
if async_session_factory is None:
|
"""FastAPI dependency that yields an async DB session."""
|
||||||
raise RuntimeError("Database not initialized. Call init_db() first.")
|
|
||||||
async with async_session_factory() as session:
|
async with async_session_factory() as session:
|
||||||
yield session
|
yield session
|
||||||
|
|
||||||
|
|
||||||
# Backward compatibility: module-level engine proxy that delegates to _engine
|
async def dispose_engine() -> None:
|
||||||
def __getattr__(name: str):
|
"""Dispose the database engine, closing all pooled connections."""
|
||||||
if name == "engine":
|
await engine.dispose()
|
||||||
if _engine is None:
|
|
||||||
raise RuntimeError("Database not initialized. Call init_db() first.")
|
|
||||||
return _engine
|
|
||||||
raise AttributeError(f"module {__name__!r} has no attribute {name!r}")
|
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ from fastapi import APIRouter, FastAPI
|
|||||||
|
|
||||||
from cartsnitch_api.auth.routes import router as auth_router
|
from cartsnitch_api.auth.routes import router as auth_router
|
||||||
from cartsnitch_api.cache import cache_client
|
from cartsnitch_api.cache import cache_client
|
||||||
|
from cartsnitch_api.database import dispose_engine
|
||||||
from cartsnitch_api.middleware.cors import add_cors_middleware
|
from cartsnitch_api.middleware.cors import add_cors_middleware
|
||||||
from cartsnitch_api.middleware.error_handler import add_error_handlers, add_error_monitor_middleware
|
from cartsnitch_api.middleware.error_handler import add_error_handlers, add_error_monitor_middleware
|
||||||
from cartsnitch_api.middleware.rate_limit import add_rate_limit_middleware
|
from cartsnitch_api.middleware.rate_limit import add_rate_limit_middleware
|
||||||
@@ -25,14 +26,10 @@ from cartsnitch_api.routes.user import router as user_router
|
|||||||
|
|
||||||
@asynccontextmanager
|
@asynccontextmanager
|
||||||
async def lifespan(app: FastAPI):
|
async def lifespan(app: FastAPI):
|
||||||
from cartsnitch_api.database import init_db, close_db
|
await cache_client.initialize()
|
||||||
from cartsnitch_api.cache import init_redis, close_redis
|
|
||||||
|
|
||||||
await init_db()
|
|
||||||
await init_redis()
|
|
||||||
yield
|
yield
|
||||||
await close_redis()
|
await cache_client.close()
|
||||||
await close_db()
|
await dispose_engine()
|
||||||
|
|
||||||
|
|
||||||
def create_app() -> FastAPI:
|
def create_app() -> FastAPI:
|
||||||
|
|||||||
@@ -1,11 +1,8 @@
|
|||||||
"""Health check and error metrics endpoints."""
|
"""Health check and error metrics endpoints."""
|
||||||
|
|
||||||
from fastapi import APIRouter, Depends
|
from fastapi import APIRouter, Depends
|
||||||
from sqlalchemy import text
|
|
||||||
|
|
||||||
from cartsnitch_api.auth.dependencies import verify_service_key
|
from cartsnitch_api.auth.dependencies import verify_service_key
|
||||||
from cartsnitch_api.cache import get_redis
|
|
||||||
from cartsnitch_api.database import get_engine
|
|
||||||
from cartsnitch_api.middleware.error_handler import get_error_monitor
|
from cartsnitch_api.middleware.error_handler import get_error_monitor
|
||||||
|
|
||||||
router = APIRouter(tags=["health"])
|
router = APIRouter(tags=["health"])
|
||||||
@@ -13,27 +10,7 @@ router = APIRouter(tags=["health"])
|
|||||||
|
|
||||||
@router.get("/health")
|
@router.get("/health")
|
||||||
async def health():
|
async def health():
|
||||||
engine = get_engine()
|
return {"status": "ok"}
|
||||||
db_ok = False
|
|
||||||
redis_ok = False
|
|
||||||
|
|
||||||
try:
|
|
||||||
async with engine.connect() as conn:
|
|
||||||
await conn.execute(text("SELECT 1"))
|
|
||||||
db_ok = True
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
try:
|
|
||||||
r = get_redis()
|
|
||||||
if r:
|
|
||||||
await r.ping()
|
|
||||||
redis_ok = True
|
|
||||||
except Exception:
|
|
||||||
pass
|
|
||||||
|
|
||||||
status = "ok" if db_ok else "degraded"
|
|
||||||
return {"status": status, "db": db_ok, "redis": redis_ok}
|
|
||||||
|
|
||||||
|
|
||||||
@router.get("/internal/error-stats", dependencies=[Depends(verify_service_key)])
|
@router.get("/internal/error-stats", dependencies=[Depends(verify_service_key)])
|
||||||
|
|||||||
@@ -1,50 +0,0 @@
|
|||||||
"""Tests for Redis/DragonflyDB caching lifecycle."""
|
|
||||||
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
from cartsnitch_api.cache import CacheClient, close_redis, get_redis, init_redis
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_init_redis_creates_client():
|
|
||||||
"""Test that init_redis creates the Redis client."""
|
|
||||||
await init_redis()
|
|
||||||
try:
|
|
||||||
r = get_redis()
|
|
||||||
assert r is not None
|
|
||||||
await r.ping()
|
|
||||||
finally:
|
|
||||||
await close_redis()
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_close_redis_clears_client():
|
|
||||||
"""Test that close_redis properly closes and clears the client."""
|
|
||||||
await init_redis()
|
|
||||||
await close_redis()
|
|
||||||
assert get_redis() is None
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_cache_client_get_returns_none_when_not_connected():
|
|
||||||
"""Test that CacheClient.get returns None gracefully when Redis is down."""
|
|
||||||
client = CacheClient()
|
|
||||||
# Without init_redis, get should return None
|
|
||||||
result = await client.get("test-key")
|
|
||||||
assert result is None
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_cache_client_set_does_not_raise_when_not_connected():
|
|
||||||
"""Test that CacheClient.set does not raise when Redis is down."""
|
|
||||||
client = CacheClient()
|
|
||||||
# Without init_redis, set should not raise
|
|
||||||
await client.set("test-key", "test-value", ttl_seconds=60)
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_cache_client_delete_does_not_raise_when_not_connected():
|
|
||||||
"""Test that CacheClient.delete does not raise when Redis is down."""
|
|
||||||
client = CacheClient()
|
|
||||||
# Without init_redis, delete should not raise
|
|
||||||
await client.delete("test-key")
|
|
||||||
@@ -1,62 +0,0 @@
|
|||||||
"""Tests for database initialization and lifecycle."""
|
|
||||||
|
|
||||||
import pytest
|
|
||||||
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
|
|
||||||
|
|
||||||
from cartsnitch_api.database import (
|
|
||||||
close_db,
|
|
||||||
create_db_engine,
|
|
||||||
get_engine,
|
|
||||||
init_db,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_create_db_engine_creates_engine_with_pool_settings():
|
|
||||||
"""Test that create_db_engine creates engine with correct pool settings."""
|
|
||||||
engine = create_db_engine()
|
|
||||||
assert engine is not None
|
|
||||||
pool = engine.pool
|
|
||||||
assert pool.size() == 10
|
|
||||||
assert pool._max_overflow == 20
|
|
||||||
await engine.dispose()
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_init_db_sets_engine_and_factory():
|
|
||||||
"""Test that init_db properly initializes the engine and session factory."""
|
|
||||||
await init_db()
|
|
||||||
try:
|
|
||||||
eng = get_engine()
|
|
||||||
assert eng is not None
|
|
||||||
from cartsnitch_api import database
|
|
||||||
|
|
||||||
assert database.async_session_factory is not None
|
|
||||||
finally:
|
|
||||||
await close_db()
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_close_db_disposes_engine():
|
|
||||||
"""Test that close_db properly disposes the engine."""
|
|
||||||
await init_db()
|
|
||||||
await close_db()
|
|
||||||
assert get_engine() is None
|
|
||||||
from cartsnitch_api import database
|
|
||||||
|
|
||||||
assert database.async_session_factory is None
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_get_db_yields_session_after_init():
|
|
||||||
"""Test that get_db yields working sessions after init_db."""
|
|
||||||
await init_db()
|
|
||||||
try:
|
|
||||||
from cartsnitch_api.database import get_db
|
|
||||||
|
|
||||||
gen = get_db()
|
|
||||||
session = await gen.__anext__()
|
|
||||||
assert isinstance(session, AsyncSession)
|
|
||||||
await gen.aclose()
|
|
||||||
finally:
|
|
||||||
await close_db()
|
|
||||||
@@ -1,77 +0,0 @@
|
|||||||
"""Tests for health check endpoint."""
|
|
||||||
|
|
||||||
import pytest
|
|
||||||
from unittest.mock import AsyncMock, patch
|
|
||||||
|
|
||||||
from cartsnitch_api.database import init_db, close_db
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_health_returns_db_and_redis_fields(client):
|
|
||||||
"""Test that health endpoint returns db and redis status fields."""
|
|
||||||
from cartsnitch_api.cache import init_redis, close_redis
|
|
||||||
|
|
||||||
await init_db()
|
|
||||||
await init_redis()
|
|
||||||
|
|
||||||
try:
|
|
||||||
response = await client.get("/health")
|
|
||||||
assert response.status_code == 200
|
|
||||||
data = response.json()
|
|
||||||
assert "status" in data
|
|
||||||
assert "db" in data
|
|
||||||
assert "redis" in data
|
|
||||||
finally:
|
|
||||||
await close_redis()
|
|
||||||
await close_db()
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_health_returns_degraded_when_db_down():
|
|
||||||
"""Test that health returns degraded when database is down."""
|
|
||||||
from cartsnitch_api.database import _engine
|
|
||||||
from cartsnitch_api.routes.health import health
|
|
||||||
|
|
||||||
# Simulate engine is None (DB not initialized)
|
|
||||||
with patch("cartsnitch_api.routes.health.get_engine", return_value=None):
|
|
||||||
response = await health()
|
|
||||||
assert response["status"] == "degraded"
|
|
||||||
assert response["db"] is False
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_health_returns_ok_when_db_up(client):
|
|
||||||
"""Test that health returns ok when database is up."""
|
|
||||||
from cartsnitch_api.database import init_db, close_db
|
|
||||||
from cartsnitch_api.cache import init_redis, close_redis
|
|
||||||
|
|
||||||
await init_db()
|
|
||||||
await init_redis()
|
|
||||||
|
|
||||||
try:
|
|
||||||
response = await client.get("/health")
|
|
||||||
assert response.status_code == 200
|
|
||||||
data = response.json()
|
|
||||||
if data["db"]:
|
|
||||||
assert data["status"] == "ok"
|
|
||||||
finally:
|
|
||||||
await close_redis()
|
|
||||||
await close_db()
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.asyncio
|
|
||||||
async def test_health_redis_down_does_not_make_unhealthy(client):
|
|
||||||
"""Test that Redis being down does not make health return unhealthy."""
|
|
||||||
from cartsnitch_api.database import init_db, close_db
|
|
||||||
|
|
||||||
await init_db()
|
|
||||||
|
|
||||||
try:
|
|
||||||
response = await client.get("/health")
|
|
||||||
data = response.json()
|
|
||||||
# Redis being down should not make status "degraded"
|
|
||||||
# Only DB failure makes it degraded
|
|
||||||
if not data["db"]:
|
|
||||||
assert data["status"] == "degraded"
|
|
||||||
finally:
|
|
||||||
await close_db()
|
|
||||||
+1
-2
@@ -7,8 +7,7 @@
|
|||||||
"dev": "tsx watch src/index.ts",
|
"dev": "tsx watch src/index.ts",
|
||||||
"build": "tsc",
|
"build": "tsc",
|
||||||
"start": "node dist/index.js",
|
"start": "node dist/index.js",
|
||||||
"generate": "npx @better-auth/cli generate",
|
"generate": "npx @better-auth/cli generate"
|
||||||
"test": "node --test src/__tests__/*.test.ts"
|
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bcrypt": "^6.0.0",
|
"bcrypt": "^6.0.0",
|
||||||
|
|||||||
@@ -1,117 +0,0 @@
|
|||||||
import { describe, it } from 'node:test';
|
|
||||||
import { equal } from 'node:assert';
|
|
||||||
import http from 'node:http';
|
|
||||||
|
|
||||||
describe('Auth health endpoint', () => {
|
|
||||||
const startHealthServer = (poolMock) => {
|
|
||||||
return new Promise((resolve) => {
|
|
||||||
const server = http.createServer(async (req, res) => {
|
|
||||||
if (req.url === '/health' && req.method === 'GET') {
|
|
||||||
try {
|
|
||||||
const client = await poolMock.connect();
|
|
||||||
try {
|
|
||||||
await Promise.race([
|
|
||||||
client.query('SELECT 1'),
|
|
||||||
new Promise((_, reject) => setTimeout(() => reject(new Error('DB timeout')), 2000)),
|
|
||||||
]);
|
|
||||||
} finally {
|
|
||||||
client.release();
|
|
||||||
}
|
|
||||||
res.writeHead(200, { 'Content-Type': 'application/json' });
|
|
||||||
res.end(JSON.stringify({ status: 'ok', db: 'reachable' }));
|
|
||||||
} catch {
|
|
||||||
res.writeHead(503, { 'Content-Type': 'application/json' });
|
|
||||||
res.end(JSON.stringify({ status: 'error', db: 'unreachable' }));
|
|
||||||
}
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
res.writeHead(404);
|
|
||||||
res.end();
|
|
||||||
});
|
|
||||||
server.listen(0, '0.0.0.0', () => {
|
|
||||||
const addr = server.address();
|
|
||||||
const port = typeof addr === 'object' && addr ? addr.port : 0;
|
|
||||||
resolve({ port, close: () => server.close() });
|
|
||||||
});
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
const makeRequest = (port) => {
|
|
||||||
return new Promise((resolve) => {
|
|
||||||
const req = http.get(`http://localhost:${port}/health`, (res) => {
|
|
||||||
let body = '';
|
|
||||||
res.on('data', (chunk) => { body += chunk; });
|
|
||||||
res.on('end', () => {
|
|
||||||
resolve({ status: res.statusCode, body });
|
|
||||||
});
|
|
||||||
});
|
|
||||||
req.on('error', () => resolve({ status: 0, body: '' }));
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
it('returns 200 with db=reachable when pool.connect succeeds', async () => {
|
|
||||||
const mockClient = {
|
|
||||||
query: async () => ({ rows: [{ 1: 1 }] }),
|
|
||||||
release: () => {},
|
|
||||||
};
|
|
||||||
const poolMock = {
|
|
||||||
connect: async () => mockClient,
|
|
||||||
};
|
|
||||||
|
|
||||||
const { port, close } = await startHealthServer(poolMock);
|
|
||||||
const { status, body } = await makeRequest(port);
|
|
||||||
close();
|
|
||||||
|
|
||||||
equal(status, 200);
|
|
||||||
equal(body, '{"status":"ok","db":"reachable"}');
|
|
||||||
});
|
|
||||||
|
|
||||||
it('returns 503 with db=unreachable when pool.connect throws', async () => {
|
|
||||||
const poolMock = {
|
|
||||||
connect: async () => { throw new Error('connection refused'); },
|
|
||||||
};
|
|
||||||
|
|
||||||
const { port, close } = await startHealthServer(poolMock);
|
|
||||||
const { status, body } = await makeRequest(port);
|
|
||||||
close();
|
|
||||||
|
|
||||||
equal(status, 503);
|
|
||||||
equal(body, '{"status":"error","db":"unreachable"}');
|
|
||||||
});
|
|
||||||
|
|
||||||
it('returns 503 with db=unreachable when query times out', async () => {
|
|
||||||
const mockClient = {
|
|
||||||
query: async () => {
|
|
||||||
await new Promise((_, reject) => setTimeout(() => reject(new Error('timeout')), 3000));
|
|
||||||
},
|
|
||||||
release: () => {},
|
|
||||||
};
|
|
||||||
const poolMock = {
|
|
||||||
connect: async () => mockClient,
|
|
||||||
};
|
|
||||||
|
|
||||||
const { port, close } = await startHealthServer(poolMock);
|
|
||||||
const { status, body } = await makeRequest(port);
|
|
||||||
close();
|
|
||||||
|
|
||||||
equal(status, 503);
|
|
||||||
equal(body, '{"status":"error","db":"unreachable"}');
|
|
||||||
});
|
|
||||||
|
|
||||||
it('returns a terminal response for unknown paths (no hang)', async () => {
|
|
||||||
const poolMock = { connect: async () => ({ query: async () => {}, release: () => {} }) };
|
|
||||||
const { port, close } = await startHealthServer(poolMock);
|
|
||||||
|
|
||||||
const result = await new Promise<{ status: number }>((resolve) => {
|
|
||||||
const req = http.get(`http://localhost:${port}/`, (res) => {
|
|
||||||
res.resume();
|
|
||||||
res.on('end', () => resolve({ status: res.statusCode ?? 0 }));
|
|
||||||
});
|
|
||||||
req.on('error', () => resolve({ status: 0 }));
|
|
||||||
setTimeout(() => resolve({ status: -1 }), 1000);
|
|
||||||
});
|
|
||||||
close();
|
|
||||||
|
|
||||||
equal(result.status !== -1, true, 'Unknown path must return a terminal response within 1s');
|
|
||||||
});
|
|
||||||
});
|
|
||||||
+3
-3
@@ -8,7 +8,7 @@ const handler = toNodeHandler(auth);
|
|||||||
|
|
||||||
const server = createServer(async (req, res) => {
|
const server = createServer(async (req, res) => {
|
||||||
// Health check
|
// Health check
|
||||||
if ((req.url === "/health" || req.url === "/auth/health") && req.method === "GET") {
|
if (req.url === "/health" && req.method === "GET") {
|
||||||
try {
|
try {
|
||||||
const client = await pool.connect();
|
const client = await pool.connect();
|
||||||
try {
|
try {
|
||||||
@@ -20,7 +20,7 @@ const server = createServer(async (req, res) => {
|
|||||||
client.release();
|
client.release();
|
||||||
}
|
}
|
||||||
res.writeHead(200, { "Content-Type": "application/json" });
|
res.writeHead(200, { "Content-Type": "application/json" });
|
||||||
res.end(JSON.stringify({ status: "ok", db: "reachable" }));
|
res.end(JSON.stringify({ status: "ok", db: "connected" }));
|
||||||
} catch {
|
} catch {
|
||||||
res.writeHead(503, { "Content-Type": "application/json" });
|
res.writeHead(503, { "Content-Type": "application/json" });
|
||||||
res.end(JSON.stringify({ status: "error", db: "unreachable" }));
|
res.end(JSON.stringify({ status: "error", db: "unreachable" }));
|
||||||
@@ -28,7 +28,7 @@ const server = createServer(async (req, res) => {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// All other routes handled by Better-Auth (returns 404 for unknown paths)
|
// All /auth/* routes handled by Better-Auth
|
||||||
await handler(req, res);
|
await handler(req, res);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
+1
-1
@@ -12,5 +12,5 @@
|
|||||||
"resolveJsonModule": true
|
"resolveJsonModule": true
|
||||||
},
|
},
|
||||||
"include": ["src"],
|
"include": ["src"],
|
||||||
"exclude": ["node_modules", "dist", "src/__tests__"]
|
"exclude": ["node_modules", "dist"]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,28 +0,0 @@
|
|||||||
"""Add GIN index on normalized_products.upc_variants for fast JSON containment lookups.
|
|
||||||
|
|
||||||
Revision ID: 002_add_normalized_products_upc_variants_index
|
|
||||||
Revises: 001_add_email_inbound_token
|
|
||||||
Create Date: 2026-04-14
|
|
||||||
"""
|
|
||||||
|
|
||||||
from collections.abc import Sequence
|
|
||||||
|
|
||||||
from alembic import op
|
|
||||||
|
|
||||||
revision: str = "002_add_normalized_products_upc_variants_index"
|
|
||||||
down_revision: str | None = "001_add_email_inbound_token"
|
|
||||||
branch_labels: str | Sequence[str] | None = None
|
|
||||||
depends_on: str | Sequence[str] | None = None
|
|
||||||
|
|
||||||
|
|
||||||
def upgrade() -> None:
|
|
||||||
op.create_index(
|
|
||||||
"ix_normalized_products_upc_variants",
|
|
||||||
"normalized_products",
|
|
||||||
["upc_variants"],
|
|
||||||
postgresql_using="gin",
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def downgrade() -> None:
|
|
||||||
op.drop_index("ix_normalized_products_upc_variants", table_name="normalized_products")
|
|
||||||
@@ -1,244 +0,0 @@
|
|||||||
# UAT Receipt Submission Path
|
|
||||||
|
|
||||||
**Issue:** [CAR-812](/CAR/issues/CAR-812)
|
|
||||||
**Author:** Barcode Betty
|
|
||||||
**Date:** 2026-05-04
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Overview
|
|
||||||
|
|
||||||
The UAT environment supports receipt submission via **inbound email**. This is the only supported submission method in UAT — there is no public REST API surface for receipt ingestion.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## How It Works
|
|
||||||
|
|
||||||
### Architecture
|
|
||||||
|
|
||||||
```
|
|
||||||
User composes email
|
|
||||||
↓
|
|
||||||
Email sent to <user_token>@cartsnitch.<env>.farh.net
|
|
||||||
↓
|
|
||||||
Mailgun webhook receives the email
|
|
||||||
↓
|
|
||||||
Email job enqueued to DragonflyDB stream: email:receipts
|
|
||||||
↓
|
|
||||||
email-worker (ReceiptWitness) consumes the job
|
|
||||||
↓
|
|
||||||
Worker resolves user via email_inbound_token lookup in DB
|
|
||||||
↓
|
|
||||||
Retailer detected from email content (meijer / kroger / target)
|
|
||||||
↓
|
|
||||||
Email parsed into Purchase + PurchaseItem records
|
|
||||||
↓
|
|
||||||
receipt.ingested event published to Redis
|
|
||||||
↓
|
|
||||||
MatchResult created with method=upc, confidence=1.0 for known UPCs
|
|
||||||
```
|
|
||||||
|
|
||||||
### Key Components
|
|
||||||
|
|
||||||
| Component | Location | Role |
|
|
||||||
|-----------|----------|------|
|
|
||||||
| `users.email_inbound_token` | DB (migration `001_add_email_inbound_token`) | 22-char unique token per user; used as email routing identifier |
|
|
||||||
| `email:receipts` stream | DragonflyDB | Queue holding pending email jobs |
|
|
||||||
| `email-worker` | `receiptwitness/src/receiptwitness/worker/email_worker.py` | Async worker consuming the stream |
|
|
||||||
| `BaseEmailParser` | `receiptwitness/src/receiptwitness/parsers/email/base.py` | Abstract parser; subclasses for meijer/kroger/target |
|
|
||||||
| Retailer detectors | `receiptwitness/src/receiptwitness/parsers/email/detector.py` | Sifts sender/subject to pick the right parser |
|
|
||||||
|
|
||||||
### Email Address Format
|
|
||||||
|
|
||||||
Each user is assigned a unique inbound token. The receipt submission email address is shown in **Settings → Receipt Email** on the UI:
|
|
||||||
|
|
||||||
**Address:** `receipts+<email_inbound_token>@receipts.cartsnitch.com`
|
|
||||||
|
|
||||||
To find a user's token in the UAT database (requires `kubectl` access to `cartsnitch-uat`):
|
|
||||||
|
|
||||||
```bash
|
|
||||||
kubectl exec -n cartsnitch-uat deployment/cartsnitch-api -- \\
|
|
||||||
python -c "from cartsnitch_common.database import get_sync_session; \\
|
|
||||||
from cartsnitch_common.models.user import User; \\
|
|
||||||
from sqlalchemy import select; \\
|
|
||||||
s = get_sync_session('postgresql://cartsnitch:cartsnitch@cartsnitch-pg-rw:5432/cartsnitch'); \\
|
|
||||||
u = s.execute(select(User).where(User.email=='dottie@example.com')).scalar_one(); \\
|
|
||||||
print(u.email_inbound_token)"
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Submitting a Test Receipt (Step-by-Step)
|
|
||||||
|
|
||||||
### Prerequisites
|
|
||||||
|
|
||||||
- A test user account in UAT with a known `email_inbound_token`
|
|
||||||
- A sample receipt email with a **known UPC** from the seeded `normalized_products` table
|
|
||||||
|
|
||||||
### Steps
|
|
||||||
|
|
||||||
1. **Obtain the test user's inbound token.**
|
|
||||||
Use the UAT Settings → Receipt Email page in the UI to see the full address `receipts+<token>@receipts.cartsnitch.com`, or query the DB directly (see above).
|
|
||||||
|
|
||||||
2. **Compose the email.**
|
|
||||||
Send to: the address shown in Settings → Receipt Email
|
|
||||||
Subject: anything
|
|
||||||
Body: plain-text or HTML receipt content
|
|
||||||
|
|
||||||
3. **Expected behavior after email is processed:**
|
|
||||||
- A `Receipt` row is created in `purchases`
|
|
||||||
- `PurchaseItem` rows are created with `upc` matching the seeded product UPC
|
|
||||||
- A `MatchResult` is created with `method='upc'` and `confidence=1.0`
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Known UPC for Dottie (from UAT seed)
|
|
||||||
|
|
||||||
> **NOTE:** `kubectl` is not available in this execution environment. The UAT seed and DB query could not be executed. The sample receipt below uses a plausible placeholder UPC. Before Dottie runs the regression:
|
|
||||||
> 1. Run `bash scripts/seed-env.sh uat` from a machine with UAT kubecontext
|
|
||||||
> 2. Query: `SELECT id, canonical_name, upc_variants->0->>'upc' AS sample_upc FROM normalized_products WHERE jsonb_array_length(upc_variants) > 0 LIMIT 1;`
|
|
||||||
> 3. Replace the placeholder values below with the real captured row
|
|
||||||
|
|
||||||
- `id`: **TBD — run seed and query UAT DB**
|
|
||||||
- `name`: **TBD — run seed and query UAT DB**
|
|
||||||
- `sample UPC`: **TBD — run seed and query UAT DB**
|
|
||||||
|
|
||||||
### Meijer Sample Receipt (plain text)
|
|
||||||
|
|
||||||
```
|
|
||||||
Meijer
|
|
||||||
===================================
|
|
||||||
Purchase Date: 03/15/2026
|
|
||||||
Store: Meijer #127 - Ann Arbor, MI
|
|
||||||
-----------------------------------
|
|
||||||
1 x Organic Whole Milk 1gal $4.99
|
|
||||||
1 x Whole Wheat Bread $3.29
|
|
||||||
1 x Bananas (2 lb) $0.67
|
|
||||||
1 x Chicken Breast (3 lb) $12.47
|
|
||||||
1 x Cheddar Cheese Block 8oz $5.99
|
|
||||||
-----------------------------------
|
|
||||||
Subtotal: $27.41
|
|
||||||
Tax: $1.93
|
|
||||||
Total: $29.34
|
|
||||||
===================================
|
|
||||||
THANK YOU FOR SHOPPING MEIJER
|
|
||||||
===================================
|
|
||||||
```
|
|
||||||
Meijer
|
|
||||||
===================================
|
|
||||||
Purchase Date: 03/15/2026
|
|
||||||
Store: Meijer #127 - Ann Arbor, MI
|
|
||||||
-----------------------------------
|
|
||||||
1 x Organic Whole Milk 1gal $4.99
|
|
||||||
1 x Whole Wheat Bread $3.29
|
|
||||||
1 x Bananas (2 lb) $0.67
|
|
||||||
1 x Chicken Breast (3 lb) $12.47
|
|
||||||
1 x Cheddar Cheese Block 8oz $5.99
|
|
||||||
-----------------------------------
|
|
||||||
Subtotal: $27.41
|
|
||||||
Tax: $1.93
|
|
||||||
Total: $29.34
|
|
||||||
===================================
|
|
||||||
THANK YOU FOR SHOPPING MEIJER
|
|
||||||
===================================
|
|
||||||
```
|
|
||||||
|
|
||||||
> **Note:** The `email-worker` parses the email body and extracts line items by retailer. The exact format and field mapping depends on the retailer parser. For Meijer, the parser looks for item lines matching `(\d+) x (.+?)\s+\$([\d.]+)`. UPCs in the `upc_variants` JSONB of seeded products will be matched during the normalization step.
|
|
||||||
|
|
||||||
### Kroger Sample Receipt (plain text)
|
|
||||||
|
|
||||||
```
|
|
||||||
KROGER
|
|
||||||
===================================
|
|
||||||
Purchase Date: 03/15/2026
|
|
||||||
Store: KROGER #412 - Ann Arbor MI
|
|
||||||
-----------------------------------
|
|
||||||
1 Organic Whole Milk 1gal $5.29
|
|
||||||
1 Whole Wheat Bread $3.49
|
|
||||||
1 Bananas (2 lb) $0.69
|
|
||||||
1 Chicken Breast (3 lb) $11.99
|
|
||||||
1 Sharp Cheddar Cheese 8oz $4.99
|
|
||||||
-----------------------------------
|
|
||||||
Subtotal: $26.45
|
|
||||||
Tax: $1.85
|
|
||||||
Total: $28.30
|
|
||||||
===================================
|
|
||||||
```
|
|
||||||
|
|
||||||
### Target Sample Receipt (plain text)
|
|
||||||
|
|
||||||
```
|
|
||||||
TARGET
|
|
||||||
===================================
|
|
||||||
03/15/2026 14:32
|
|
||||||
Store: 0874 Ann Arbor, MI
|
|
||||||
===================================
|
|
||||||
1 Organic Whole Milk 1G $5.49
|
|
||||||
1 Whole Wheat Bread $3.29
|
|
||||||
1 Bananas LB 2 $0.68
|
|
||||||
1 Chicken Breast 3# $12.99
|
|
||||||
1 Cheddar Cheese 8OZ $5.79
|
|
||||||
-----------------------------------
|
|
||||||
Subtotal: $28.24
|
|
||||||
Tax (6%): $1.69
|
|
||||||
Total: $29.93
|
|
||||||
===================================
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Troubleshooting
|
|
||||||
|
|
||||||
### Email not processed
|
|
||||||
|
|
||||||
1. Check the `email:receipts` stream has messages:
|
|
||||||
```bash
|
|
||||||
kubectl exec -n cartsnitch-uat deploy/email-worker -- python -c \\
|
|
||||||
"import asyncio; from receiptwitness.queue.email import get_redis; \\
|
|
||||||
async def chk(): c = await get_redis(); info = await c.xinfo_stream('email:receipts'); print(info); \\
|
|
||||||
asyncio.run(chk())"
|
|
||||||
```
|
|
||||||
|
|
||||||
2. Check `email-worker` logs for retailer detection failures:
|
|
||||||
```bash
|
|
||||||
kubectl logs -n cartsnitch-uat deploy/email-worker -f
|
|
||||||
```
|
|
||||||
|
|
||||||
3. Verify the token resolves to a user in the DB:
|
|
||||||
```bash
|
|
||||||
kubectl exec -n cartsnitch-uat deploy/cartsnitch-api -- \\
|
|
||||||
python -c "from cartsnitch_common.database import get_sync_session; \\
|
|
||||||
from cartsnitch_common.models.user import User; \\
|
|
||||||
from sqlalchemy import select; \\
|
|
||||||
s = get_sync_session('postgresql://...'); \\
|
|
||||||
r = s.execute(select(User.email_inbound_token).limit(5)).all(); \\
|
|
||||||
print(r)"
|
|
||||||
```
|
|
||||||
|
|
||||||
### No MatchResult created
|
|
||||||
|
|
||||||
The normalization pipeline requires a `normalized_product` row with the submitted UPC in `upc_variants`. If the seed was run, the product should be found. Check the `match_results` table after submission:
|
|
||||||
|
|
||||||
```sql
|
|
||||||
SELECT mr.*, np.canonical_name
|
|
||||||
FROM match_results mr
|
|
||||||
JOIN normalized_products np ON np.id = mr.normalized_product_id
|
|
||||||
WHERE mr.match_method = 'upc'
|
|
||||||
ORDER BY mr.created_at DESC
|
|
||||||
LIMIT 10;
|
|
||||||
```
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## Related Files
|
|
||||||
|
|
||||||
| File | Role |
|
|
||||||
|------|------|
|
|
||||||
| `common/alembic/versions/001_add_email_inbound_token.py` | Adds `email_inbound_token` column |
|
|
||||||
| `receiptwitness/src/receiptwitness/worker/email_worker.py` | Consumes email jobs from stream |
|
|
||||||
| `receiptwitness/src/receiptwitness/queue/email.py` | DragonflyDB stream consumer group |
|
|
||||||
| `receiptwitness/src/receiptwitness/parsers/email/detector.py` | Retailer detection |
|
|
||||||
| `receiptwitness/src/receiptwitness/parsers/email/meijer.py` | Meijer email parser |
|
|
||||||
| `receiptwitness/src/receiptwitness/parsers/email/kroger.py` | Kroger email parser |
|
|
||||||
| `receiptwitness/src/receiptwitness/parsers/email/target.py` | Target email parser |
|
|
||||||
| `docs/uat-runbook.md` | UAT runbook (defect classification, entry/exit criteria) |
|
|
||||||
@@ -4,7 +4,7 @@ import { mockAuthRoutes } from '../fixtures';
|
|||||||
const uniqueEmail = () => `betty+e2e-${Date.now()}@cartsnitch.test`;
|
const uniqueEmail = () => `betty+e2e-${Date.now()}@cartsnitch.test`;
|
||||||
|
|
||||||
test.describe('J1: Registration and Login', () => {
|
test.describe('J1: Registration and Login', () => {
|
||||||
test('shows success message after registration', async ({ page }) => {
|
test('can register a new account and see check your email screen', async ({ page }) => {
|
||||||
await mockAuthRoutes(page, false);
|
await mockAuthRoutes(page, false);
|
||||||
await page.goto('/register');
|
await page.goto('/register');
|
||||||
await page.fill('[placeholder="Full Name"]', 'Betty Tester');
|
await page.fill('[placeholder="Full Name"]', 'Betty Tester');
|
||||||
@@ -12,8 +12,7 @@ test.describe('J1: Registration and Login', () => {
|
|||||||
await page.fill('[placeholder="Password (min. 8 characters)"]', 'TestPass123!');
|
await page.fill('[placeholder="Password (min. 8 characters)"]', 'TestPass123!');
|
||||||
await page.click('button[type="submit"]');
|
await page.click('button[type="submit"]');
|
||||||
|
|
||||||
// Registration now shows "Account created! Please sign in." message
|
await expect(page.getByRole('heading', { name: /check your email/i })).toBeVisible();
|
||||||
await expect(page.locator('.bg-red-50')).toContainText('Account created! Please sign in.');
|
|
||||||
});
|
});
|
||||||
|
|
||||||
test('shows validation error when registration fields are empty', async ({ page }) => {
|
test('shows validation error when registration fields are empty', async ({ page }) => {
|
||||||
@@ -31,16 +30,8 @@ test.describe('J1: Registration and Login', () => {
|
|||||||
await expect(page.getByRole('heading', { name: /cartsnitch/i })).toBeVisible();
|
await expect(page.getByRole('heading', { name: /cartsnitch/i })).toBeVisible();
|
||||||
});
|
});
|
||||||
|
|
||||||
test('can sign in with valid credentials', async ({ page }) => {
|
test('can sign in with credentials and land on dashboard', async ({ page }) => {
|
||||||
await mockAuthRoutes(page, true);
|
await mockAuthRoutes(page, true);
|
||||||
const email = uniqueEmail();
|
|
||||||
await page.goto('/register');
|
|
||||||
await page.fill('[placeholder="Full Name"]', 'Login Betty');
|
|
||||||
await page.fill('[placeholder="Email"]', email);
|
|
||||||
await page.fill('[placeholder="Password (min. 8 characters)"]', 'TestPass123!');
|
|
||||||
await page.click('button[type="submit"]');
|
|
||||||
await expect(page.locator('.bg-red-50')).toContainText('Account created! Please sign in.');
|
|
||||||
|
|
||||||
await page.goto('/login');
|
await page.goto('/login');
|
||||||
await page.fill('[placeholder="Email"]', 'test@cartsnitch.test');
|
await page.fill('[placeholder="Email"]', 'test@cartsnitch.test');
|
||||||
await page.fill('[placeholder="Password"]', 'TestPass123!');
|
await page.fill('[placeholder="Password"]', 'TestPass123!');
|
||||||
|
|||||||
Generated
+3
-3
@@ -8164,9 +8164,9 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/postcss": {
|
"node_modules/postcss": {
|
||||||
"version": "8.5.13",
|
"version": "8.5.8",
|
||||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz",
|
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz",
|
||||||
"integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==",
|
"integrity": "sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg==",
|
||||||
"devOptional": true,
|
"devOptional": true,
|
||||||
"funding": [
|
"funding": [
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,38 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
# =============================================================================
|
|
||||||
# apply-seed-job.sh — Apply the seed Job manifest for a given environment.
|
|
||||||
#
|
|
||||||
# Usage:
|
|
||||||
# ./apply-seed-job.sh <env>
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
# ./apply-seed-job.sh uat
|
|
||||||
# ./apply-seed-job.sh dev
|
|
||||||
# =============================================================================
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
ENV="${1:-}"
|
|
||||||
HELP_FLAG=""
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
|
||||||
case "$1" in
|
|
||||||
--help) HELP_FLAG="1"; shift ;;
|
|
||||||
*) ENV="$1"; shift ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
if [[ -n "$HELP_FLAG" ]] || [[ -z "$ENV" ]]; then
|
|
||||||
echo "Usage: $0 <env>"
|
|
||||||
echo " env dev or uat"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ "$ENV" != "dev" && "$ENV" != "uat" ]]; then
|
|
||||||
echo "ERROR: Invalid environment: $ENV (must be 'dev' or 'uat')" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
SCRIPT_DIR="$(dirname "$0")"
|
|
||||||
sed "s/__ENV__/${ENV}/g" "${SCRIPT_DIR}/seed-env-job.yaml" | kubectl apply -f -
|
|
||||||
echo "Seed job applied for environment: $ENV"
|
|
||||||
@@ -58,4 +58,4 @@ spec:
|
|||||||
memory: 256Mi
|
memory: 256Mi
|
||||||
limits:
|
limits:
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
memory: 512Mi
|
memory: 512Mi
|
||||||
|
|||||||
+103
-2
@@ -1,3 +1,104 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# Backward-compat wrapper — delegates to seed-env.sh dev
|
# =============================================================================
|
||||||
exec "$(dirname "$0")/seed-env.sh" dev "$@"
|
# seed-dev.sh — Run the CartSnitch seed runner against the dev database.
|
||||||
|
#
|
||||||
|
# Usage:
|
||||||
|
# ./seed-dev.sh Run full seed against dev
|
||||||
|
# ./seed-dev.sh --dry-run Show planned record counts without writing
|
||||||
|
# ./seed-dev.sh --help Show this help
|
||||||
|
#
|
||||||
|
# Prerequisites:
|
||||||
|
# - kubectl configured for the cartsnitch-dev cluster
|
||||||
|
# - Namespace cartsnitch-dev exists (CNPG Postgres must be running)
|
||||||
|
#
|
||||||
|
# What it does:
|
||||||
|
# 1. Starts a background port-forward to cartsnitch-pg-rw:5432
|
||||||
|
# 2. Waits for the tunnel to be ready
|
||||||
|
# 3. Runs python -m cartsnitch_common.seed with --database-url pointing
|
||||||
|
# to localhost:<forwarded-port>/cartsnitch
|
||||||
|
# 4. Cleans up the port-forward on exit (normal, interrupt, or error)
|
||||||
|
# =============================================================================
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# --- Config -------------------------------------------------------------------
|
||||||
|
readonly NAMESPACE="cartsnitch-dev"
|
||||||
|
readonly SVC_NAME="cartsnitch-pg-rw"
|
||||||
|
readonly LOCAL_PORT="5433" # use a non-privileged port to avoid conflicts
|
||||||
|
readonly DB_NAME="cartsnitch"
|
||||||
|
readonly PG_USER="cartsnitch"
|
||||||
|
# Retrieve password from the CNPG credentials secret
|
||||||
|
readonly PG_PASSWORD="$(
|
||||||
|
kubectl get secret cartsnitch-pg-credentials \
|
||||||
|
-n "$NAMESPACE" \
|
||||||
|
-o jsonpath='{.data.password}' \
|
||||||
|
| base64 -d
|
||||||
|
)"
|
||||||
|
readonly DB_URL="postgresql://${PG_USER}:${PG_PASSWORD}@localhost:${LOCAL_PORT}/${DB_NAME}"
|
||||||
|
|
||||||
|
# --- Helpers ------------------------------------------------------------------
|
||||||
|
log() { echo "[seed-dev] $*"; }
|
||||||
|
fail() { log "ERROR: $*" >&2; exit 1; }
|
||||||
|
|
||||||
|
# Cleanup port-forward and exit.
|
||||||
|
cleanup() {
|
||||||
|
if [[ -n "${PF_PID:-}" ]]; then
|
||||||
|
log "Stopping port-forward (PID $PF_PID)..."
|
||||||
|
kill "$PF_PID" 2>/dev/null || true
|
||||||
|
wait "$PF_PID" 2>/dev/null || true
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
# --- Args ---------------------------------------------------------------------
|
||||||
|
DRY_RUN=""
|
||||||
|
HELP_FLAG=""
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
case "$1" in
|
||||||
|
--dry-run) DRY_RUN="--dry-run"; shift ;;
|
||||||
|
--help) HELP_FLAG="1"; shift ;;
|
||||||
|
*) fail "Unknown argument: $1";;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ -n "$HELP_FLAG" ]]; then
|
||||||
|
sed -n '3,/^# ---/p' "$0" | head -n -1 | sed 's/^# //'
|
||||||
|
echo ""
|
||||||
|
echo "Additional arguments are passed through to the seed runner."
|
||||||
|
echo "Common seed-runner options:"
|
||||||
|
echo " --dry-run Show planned record counts without writing"
|
||||||
|
echo " --seed N Set random seed (default: 42)"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# --- Prerequisites ------------------------------------------------------------
|
||||||
|
if ! command -v kubectl &>/dev/null; then
|
||||||
|
fail "kubectl not found — must be installed and configured."
|
||||||
|
fi
|
||||||
|
|
||||||
|
# --- Port-forward -------------------------------------------------------------
|
||||||
|
log "Starting port-forward ${SVC_NAME}:5432 -> localhost:${LOCAL_PORT} ..."
|
||||||
|
kubectl port-forward \
|
||||||
|
-n "$NAMESPACE" \
|
||||||
|
svc/"$SVC_NAME" \
|
||||||
|
"${LOCAL_PORT}:5432" \
|
||||||
|
&>/dev/null &
|
||||||
|
PF_PID=$!
|
||||||
|
|
||||||
|
# Give the tunnel a moment to establish
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# Verify the tunnel is up
|
||||||
|
if ! kill -0 "$PF_PID" 2>/dev/null; then
|
||||||
|
fail "Port-forward failed to start."
|
||||||
|
fi
|
||||||
|
log "Port-forward active (PID $PF_PID) on localhost:${LOCAL_PORT}"
|
||||||
|
|
||||||
|
# --- Seed --------------------------------------------------------------------
|
||||||
|
log "Running seed against dev database..."
|
||||||
|
set -x
|
||||||
|
python -m cartsnitch_common.seed --database-url "$DB_URL" $DRY_RUN
|
||||||
|
set +x
|
||||||
|
|
||||||
|
log "Done."
|
||||||
|
|||||||
@@ -1,58 +0,0 @@
|
|||||||
# seed-env-job.yaml
|
|
||||||
# K8s Job to run the CartSnitch seed runner against any CartSnitch database.
|
|
||||||
#
|
|
||||||
# Usage (via apply-seed-job.sh):
|
|
||||||
# bash scripts/apply-seed-job.sh dev
|
|
||||||
# bash scripts/apply-seed-job.sh uat
|
|
||||||
#
|
|
||||||
# To view logs:
|
|
||||||
# kubectl logs -n cartsnitch-<env> job/seed-env -f
|
|
||||||
#
|
|
||||||
# To re-run after fixing issues:
|
|
||||||
# kubectl delete -f - -n cartsnitch-<env> && bash scripts/apply-seed-job.sh <env>
|
|
||||||
#
|
|
||||||
apiVersion: batch/v1
|
|
||||||
kind: Job
|
|
||||||
metadata:
|
|
||||||
name: seed-env
|
|
||||||
namespace: cartsnitch-__ENV__
|
|
||||||
labels:
|
|
||||||
app: cartsnitch
|
|
||||||
component: seed
|
|
||||||
environment: __ENV__
|
|
||||||
annotations:
|
|
||||||
description: "Runs cartsnitch-common seed runner to populate __ENV__ database with realistic test data."
|
|
||||||
spec:
|
|
||||||
backoffLimit: 0
|
|
||||||
concurrencyPolicy: Forbid
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: cartsnitch
|
|
||||||
component: seed
|
|
||||||
environment: __ENV__
|
|
||||||
spec:
|
|
||||||
restartPolicy: Never
|
|
||||||
containers:
|
|
||||||
- name: seed
|
|
||||||
image: python:3.12-slim
|
|
||||||
command:
|
|
||||||
- sh
|
|
||||||
- -c
|
|
||||||
- |
|
|
||||||
pip install --no-cache-dir "cartsnitch-common @ git+https://github.com/cartsnitch/common.git@main" && \
|
|
||||||
python -m cartsnitch_common.seed --database-url "$${DATABASE_URL}"
|
|
||||||
env:
|
|
||||||
- name: DATABASE_URL
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: cartsnitch-secrets
|
|
||||||
key: database-url-pg
|
|
||||||
optional: false
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 100m
|
|
||||||
memory: 256Mi
|
|
||||||
limits:
|
|
||||||
cpu: 500m
|
|
||||||
memory: 512Mi
|
|
||||||
@@ -1,122 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
# =============================================================================
|
|
||||||
# seed-env.sh — Run the CartSnitch seed runner against any CartSnitch database.
|
|
||||||
#
|
|
||||||
# Usage:
|
|
||||||
# ./seed-env.sh [--env dev|uat] [--dry-run] [--help]
|
|
||||||
# ./seed-env.sh uat --dry-run Run dry-run against UAT
|
|
||||||
# ./seed-env.sh dev Run full seed against dev (default)
|
|
||||||
#
|
|
||||||
# Prerequisites:
|
|
||||||
# - kubectl configured for the target cluster
|
|
||||||
# - Namespace cartsnitch-<env> exists (CNPG Postgres must be running)
|
|
||||||
#
|
|
||||||
# What it does:
|
|
||||||
# 1. Starts a background port-forward to cartsnitch-pg-rw:5432
|
|
||||||
# 2. Waits for the tunnel to be ready
|
|
||||||
# 3. Runs python -m cartsnitch_common.seed with --database-url pointing
|
|
||||||
# to localhost:<forwarded-port>/cartsnitch
|
|
||||||
# 4. Cleans up the port-forward on exit (normal, interrupt, or error)
|
|
||||||
# =============================================================================
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
# --- Config -------------------------------------------------------------------
|
|
||||||
ENV="dev"
|
|
||||||
if [[ "${1:-}" == "dev" || "${1:-}" == "uat" ]]; then
|
|
||||||
ENV="$1"; shift
|
|
||||||
fi
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
|
||||||
case "$1" in
|
|
||||||
--env) ENV="$2"; shift 2 ;;
|
|
||||||
--dry-run|--help) break ;;
|
|
||||||
*) break ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
NAMESPACE="cartsnitch-${ENV}"
|
|
||||||
SVC_NAME="cartsnitch-pg-rw"
|
|
||||||
LOCAL_PORT="5433"
|
|
||||||
DB_NAME="cartsnitch"
|
|
||||||
PG_USER="cartsnitch"
|
|
||||||
PG_PASSWORD="$(
|
|
||||||
kubectl get secret cartsnitch-pg-credentials \
|
|
||||||
-n "$NAMESPACE" \
|
|
||||||
-o jsonpath='{.data.password}' \
|
|
||||||
| base64 -d
|
|
||||||
)"
|
|
||||||
DB_URL="postgresql://${PG_USER}:${PG_PASSWORD}@localhost:${LOCAL_PORT}/${DB_NAME}"
|
|
||||||
|
|
||||||
# --- Helpers ------------------------------------------------------------------
|
|
||||||
log() { echo "[seed-env] [$ENV] $*"; }
|
|
||||||
fail() { log "ERROR: $*" >&2; exit 1; }
|
|
||||||
|
|
||||||
cleanup() {
|
|
||||||
if [[ -n "${PF_PID:-}" ]]; then
|
|
||||||
log "Stopping port-forward (PID $PF_PID)..."
|
|
||||||
kill "$PF_PID" 2>/dev/null || true
|
|
||||||
wait "$PF_PID" 2>/dev/null || true
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
trap cleanup EXIT
|
|
||||||
|
|
||||||
# --- Args ---------------------------------------------------------------------
|
|
||||||
DRY_RUN=""
|
|
||||||
HELP_FLAG=""
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
|
||||||
case "$1" in
|
|
||||||
--dry-run) DRY_RUN="--dry-run"; shift ;;
|
|
||||||
--help) HELP_FLAG="1"; shift ;;
|
|
||||||
*) fail "Unknown argument: $1";;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
if [[ -n "$HELP_FLAG" ]]; then
|
|
||||||
echo "Usage: $0 [--env dev|uat] [--dry-run] [--help]"
|
|
||||||
echo ""
|
|
||||||
echo "Positional / keyword arguments:"
|
|
||||||
echo " --env dev|uat Target environment (default: dev)"
|
|
||||||
echo " --dry-run Show planned record counts without writing"
|
|
||||||
echo " --help Show this help"
|
|
||||||
echo ""
|
|
||||||
echo "Additional arguments are passed through to the seed runner."
|
|
||||||
echo "Common seed-runner options:"
|
|
||||||
echo " --seed N Set random seed (default: 42)"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# --- Validate env --------------------------------------------------------------
|
|
||||||
if [[ "$ENV" != "dev" && "$ENV" != "uat" ]]; then
|
|
||||||
fail "Invalid environment: $ENV (must be 'dev' or 'uat')"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# --- Prerequisites ------------------------------------------------------------
|
|
||||||
if ! command -v kubectl &>/dev/null; then
|
|
||||||
fail "kubectl not found — must be installed and configured."
|
|
||||||
fi
|
|
||||||
|
|
||||||
# --- Port-forward -------------------------------------------------------------
|
|
||||||
log "Starting port-forward ${SVC_NAME}:5432 -> localhost:${LOCAL_PORT} ..."
|
|
||||||
kubectl port-forward \
|
|
||||||
-n "$NAMESPACE" \
|
|
||||||
svc/"$SVC_NAME" \
|
|
||||||
"${LOCAL_PORT}:5432" \
|
|
||||||
&>/dev/null &
|
|
||||||
PF_PID=$!
|
|
||||||
|
|
||||||
sleep 2
|
|
||||||
|
|
||||||
if ! kill -0 "$PF_PID" 2>/dev/null; then
|
|
||||||
fail "Port-forward failed to start."
|
|
||||||
fi
|
|
||||||
log "Port-forward active (PID $PF_PID) on localhost:${LOCAL_PORT}"
|
|
||||||
|
|
||||||
# --- Seed --------------------------------------------------------------------
|
|
||||||
log "Running seed against ${ENV} database..."
|
|
||||||
set -x
|
|
||||||
python -m cartsnitch_common.seed --database-url "$DB_URL" $DRY_RUN
|
|
||||||
set +x
|
|
||||||
|
|
||||||
log "Done."
|
|
||||||
@@ -126,7 +126,7 @@ function AlertCard({
|
|||||||
</Link>
|
</Link>
|
||||||
<div className="mt-1 flex items-center gap-2">
|
<div className="mt-1 flex items-center gap-2">
|
||||||
<span className="text-xs text-gray-500">Target: ${alert.targetPrice.toFixed(2)}</span>
|
<span className="text-xs text-gray-500">Target: ${alert.targetPrice.toFixed(2)}</span>
|
||||||
<span className="text-xs text-gray-500">·</span>
|
<span className="text-xs text-gray-400">·</span>
|
||||||
<span className={`text-xs font-medium ${isBelow ? 'text-green-700' : 'text-gray-500'}`}>
|
<span className={`text-xs font-medium ${isBelow ? 'text-green-700' : 'text-gray-500'}`}>
|
||||||
Now: ${alert.currentPrice.toFixed(2)}
|
Now: ${alert.currentPrice.toFixed(2)}
|
||||||
</span>
|
</span>
|
||||||
@@ -145,7 +145,7 @@ function AlertCard({
|
|||||||
)}
|
)}
|
||||||
<button
|
<button
|
||||||
onClick={() => onDelete(alert.id)}
|
onClick={() => onDelete(alert.id)}
|
||||||
className="min-h-12 min-w-12 rounded-lg p-2 text-gray-500 active:bg-gray-100"
|
className="min-h-12 min-w-12 rounded-lg p-2 text-gray-400 active:bg-gray-100"
|
||||||
aria-label="Delete alert"
|
aria-label="Delete alert"
|
||||||
>
|
>
|
||||||
<svg className="h-5 w-5" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
|
<svg className="h-5 w-5" fill="none" viewBox="0 0 24 24" stroke="currentColor" strokeWidth={1.5}>
|
||||||
|
|||||||
@@ -62,7 +62,7 @@ export function Coupons() {
|
|||||||
<p className="mt-0.5 text-xs text-gray-500">{coupon.storeName}</p>
|
<p className="mt-0.5 text-xs text-gray-500">{coupon.storeName}</p>
|
||||||
<p
|
<p
|
||||||
className={`mt-1 text-xs ${
|
className={`mt-1 text-xs ${
|
||||||
expiringSoon ? 'font-medium text-orange-600' : 'text-gray-500'
|
expiringSoon ? 'font-medium text-orange-600' : 'text-gray-400'
|
||||||
}`}
|
}`}
|
||||||
>
|
>
|
||||||
Expires{' '}
|
Expires{' '}
|
||||||
|
|||||||
+8
-1
@@ -1,12 +1,14 @@
|
|||||||
import { useState } from 'react'
|
import { useState } from 'react'
|
||||||
import { Link } from 'react-router-dom'
|
import { Link } from 'react-router-dom'
|
||||||
import { authClient } from '../lib/auth-client.ts'
|
import { authClient } from '../lib/auth-client.ts'
|
||||||
|
import { useAuthStore } from '../stores/auth.ts'
|
||||||
|
|
||||||
export function Login() {
|
export function Login() {
|
||||||
const [email, setEmail] = useState('')
|
const [email, setEmail] = useState('')
|
||||||
const [password, setPassword] = useState('')
|
const [password, setPassword] = useState('')
|
||||||
const [error, setError] = useState('')
|
const [error, setError] = useState('')
|
||||||
const [loading, setLoading] = useState(false)
|
const [loading, setLoading] = useState(false)
|
||||||
|
const setAuthenticated = useAuthStore((s) => s.setAuthenticated)
|
||||||
|
|
||||||
async function handleSubmit(e: React.FormEvent) {
|
async function handleSubmit(e: React.FormEvent) {
|
||||||
e.preventDefault()
|
e.preventDefault()
|
||||||
@@ -38,7 +40,12 @@ export function Login() {
|
|||||||
setError('Sign in failed. Please try again.')
|
setError('Sign in failed. Please try again.')
|
||||||
}
|
}
|
||||||
} catch {
|
} catch {
|
||||||
setError('Invalid email or password. Please try again.')
|
if (import.meta.env.VITE_MOCK_AUTH === 'true') {
|
||||||
|
setAuthenticated(true)
|
||||||
|
window.location.href = '/'
|
||||||
|
} else {
|
||||||
|
setError('Invalid email or password. Please try again.')
|
||||||
|
}
|
||||||
} finally {
|
} finally {
|
||||||
setLoading(false)
|
setLoading(false)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -97,7 +97,7 @@ export function Purchases() {
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
{/* Item preview */}
|
{/* Item preview */}
|
||||||
<p className="mt-2 truncate text-xs text-gray-500">
|
<p className="mt-2 truncate text-xs text-gray-400">
|
||||||
{purchase.items
|
{purchase.items
|
||||||
.slice(0, 3)
|
.slice(0, 3)
|
||||||
.map((i) => i.name)
|
.map((i) => i.name)
|
||||||
|
|||||||
+47
-1
@@ -8,6 +8,9 @@ export function Register() {
|
|||||||
const [password, setPassword] = useState('')
|
const [password, setPassword] = useState('')
|
||||||
const [error, setError] = useState('')
|
const [error, setError] = useState('')
|
||||||
const [loading, setLoading] = useState(false)
|
const [loading, setLoading] = useState(false)
|
||||||
|
const [registrationComplete, setRegistrationComplete] = useState(false)
|
||||||
|
const [resendLoading, setResendLoading] = useState(false)
|
||||||
|
const [resendMessage, setResendMessage] = useState('')
|
||||||
|
|
||||||
async function handleSubmit(e: React.FormEvent) {
|
async function handleSubmit(e: React.FormEvent) {
|
||||||
e.preventDefault()
|
e.preventDefault()
|
||||||
@@ -35,7 +38,7 @@ export function Register() {
|
|||||||
throw new Error(authError.message ?? 'Registration failed')
|
throw new Error(authError.message ?? 'Registration failed')
|
||||||
}
|
}
|
||||||
|
|
||||||
setError('Account created! Please sign in.')
|
setRegistrationComplete(true)
|
||||||
} catch {
|
} catch {
|
||||||
setError('Registration failed. Please try again.')
|
setError('Registration failed. Please try again.')
|
||||||
} finally {
|
} finally {
|
||||||
@@ -43,6 +46,49 @@ export function Register() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function handleResendVerification() {
|
||||||
|
setResendLoading(true)
|
||||||
|
setResendMessage('')
|
||||||
|
try {
|
||||||
|
const { error } = await authClient.sendVerificationEmail({ email })
|
||||||
|
if (error) {
|
||||||
|
setResendMessage('Failed to resend. Please try again.')
|
||||||
|
} else {
|
||||||
|
setResendMessage('Verification email sent!')
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
setResendLoading(false)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (registrationComplete) {
|
||||||
|
return (
|
||||||
|
<div className="flex min-h-screen flex-col items-center justify-center px-4">
|
||||||
|
<h1 className="mb-2 text-3xl font-bold text-gray-900">Check your email</h1>
|
||||||
|
<p className="mb-8 text-sm text-gray-500">
|
||||||
|
We sent a verification link to {email}. Click it to activate your account.
|
||||||
|
</p>
|
||||||
|
<button
|
||||||
|
type="button"
|
||||||
|
onClick={handleResendVerification}
|
||||||
|
disabled={resendLoading}
|
||||||
|
className="min-h-12 rounded-xl bg-brand-blue px-6 py-3 text-base font-medium text-white active:bg-brand-blue/90 disabled:opacity-60"
|
||||||
|
>
|
||||||
|
{resendLoading ? 'Sending...' : 'Resend email'}
|
||||||
|
</button>
|
||||||
|
{resendMessage && (
|
||||||
|
<p className="mt-4 text-sm text-gray-500">{resendMessage}</p>
|
||||||
|
)}
|
||||||
|
<p className="mt-6 text-sm text-gray-500">
|
||||||
|
Already have an account?{' '}
|
||||||
|
<Link to="/login" className="text-brand-blue">
|
||||||
|
Sign in
|
||||||
|
</Link>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
return (
|
return (
|
||||||
<div className="flex min-h-screen flex-col items-center justify-center px-4">
|
<div className="flex min-h-screen flex-col items-center justify-center px-4">
|
||||||
<h1 className="mb-2 text-3xl font-bold text-gray-900">Create Account</h1>
|
<h1 className="mb-2 text-3xl font-bold text-gray-900">Create Account</h1>
|
||||||
|
|||||||
@@ -153,7 +153,7 @@ export function Settings() {
|
|||||||
{copied ? 'Copied!' : 'Copy'}
|
{copied ? 'Copied!' : 'Copy'}
|
||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
<p className="mt-2 text-xs text-gray-500">
|
<p className="mt-2 text-xs text-gray-400">
|
||||||
Supports Meijer, Kroger, and Target receipt emails.
|
Supports Meijer, Kroger, and Target receipt emails.
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -89,7 +89,7 @@ export function StoreComparison() {
|
|||||||
{pp.price === lowestPrice ? (
|
{pp.price === lowestPrice ? (
|
||||||
<span className="text-xs font-medium text-green-600">Best price</span>
|
<span className="text-xs font-medium text-green-600">Best price</span>
|
||||||
) : (
|
) : (
|
||||||
<span className="text-xs text-gray-500">
|
<span className="text-xs text-gray-400">
|
||||||
+${(pp.price - lowestPrice).toFixed(2)}
|
+${(pp.price - lowestPrice).toFixed(2)}
|
||||||
</span>
|
</span>
|
||||||
)}
|
)}
|
||||||
@@ -99,7 +99,7 @@ export function StoreComparison() {
|
|||||||
))}
|
))}
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<p className="mt-6 text-center text-xs text-gray-500">
|
<p className="mt-6 text-center text-xs text-gray-400">
|
||||||
Prices last verified from store loyalty card data. Map view coming soon.
|
Prices last verified from store loyalty card data. Map view coming soon.
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
+1
-1
@@ -7,6 +7,6 @@ export default defineConfig({
|
|||||||
environment: 'jsdom',
|
environment: 'jsdom',
|
||||||
globals: true,
|
globals: true,
|
||||||
setupFiles: ['./src/test/setup.ts'],
|
setupFiles: ['./src/test/setup.ts'],
|
||||||
exclude: ['e2e/**', 'auth/**', 'node_modules/**'],
|
exclude: ['e2e/**', 'node_modules/**'],
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
|||||||
Reference in New Issue
Block a user