d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md to provide a comprehensive overview of The Order monorepo, including repository structure, quickstart guide, development workflow, and contribution guidelines.

Browse Source
This commit is contained in:
defiQUG
2025-11-07 22:34:54 -08:00
parent e020318829
commit 4af7580f7a
128 changed files with 4558 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
infra/README.md Normal file
View File

@@ -0,0 +1,58 @@
# Infrastructure
Infrastructure as code for The Order.
## Directory Structure
- `terraform/` - Terraform configurations
- `k8s/` - Kubernetes manifests and Helm charts
- `gateways/` - API gateway and proxy configurations
- `cicd/` - CI/CD templates and scripts
## Getting Started
1. **Terraform**: Set up cloud infrastructure
```bash
cd terraform
terraform init
terraform plan
terraform apply
```
2. **Kubernetes**: Deploy applications
```bash
cd k8s
kubectl apply -k overlays/dev
```
3. **Gateway**: Configure API gateway
```bash
cd gateways
# Apply gateway configuration
```
## Environments
- **Development**: Local development environment
- **Staging**: Pre-production environment
- **Production**: Live production environment
## Security
- Secrets management via SOPS and KMS
- Network policies and security groups
- WAF rules for API protection
- TLS/SSL certificates
- Regular security audits
## Monitoring
- Prometheus for metrics
- Grafana for dashboards
- OpenTelemetry for tracing
- ELK/OpenSearch for logging
## Documentation
See individual README files in each subdirectory for more details.

42
infra/cicd/README.md Normal file
View File

@@ -0,0 +1,42 @@
# CI/CD Templates and Configuration
Reusable CI/CD templates and configuration for The Order.
## Structure
- `templates/` - Reusable CI/CD templates
- `scripts/` - CI/CD helper scripts
- `config/` - CI/CD configuration files
## Templates
- `ci-template.yml` - Base CI template
- `deploy-template.yml` - Deployment template
- `release-template.yml` - Release template
## Features
- Automated testing
- Security scanning (Trivy, Grype)
- SBOM generation (Syft)
- Image signing (Cosign)
- Deployment automation
- Release automation
## Usage
Copy templates to `.github/workflows/` and customize for your needs.
## Security
- All images are signed with Cosign
- SBOMs are generated for all artifacts
- Vulnerability scanning on every build
- Secrets are managed via GitHub Secrets or External Secrets
## Deployment
- Development: Automatic deployment on push to `develop`
- Staging: Automatic deployment on push to `main`
- Production: Manual approval required for deployment

87
infra/cicd/templates/ci-template.yml Normal file
View File

@@ -0,0 +1,87 @@
# CI/CD Template
# This is a reusable template for CI/CD pipelines
name: CI Template
on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: 8
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Lint
run: pnpm lint
- name: Type check
run: pnpm type-check
- name: Test
run: pnpm test
- name: Build
run: pnpm build
security-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
sbom:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Syft
uses: anchore/sbom-action/download-syft@v0
with:
syft-version: latest
- name: Generate SBOM
run: |
syft packages dir:. -o spdx-json > sbom.spdx.json
syft packages dir:. -o cyclonedx-json > sbom.cyclonedx.json
- name: Upload SBOM artifacts
uses: actions/upload-artifact@v3
with:
name: sbom
path: |
sbom.spdx.json
sbom.cyclonedx.json

45
infra/gateways/README.md Normal file
View File

@@ -0,0 +1,45 @@
# API Gateway Configuration
Configuration for API gateway, proxy, and WAF.
## Components
- **NGINX** - Reverse proxy and load balancer
- **API Gateway** - Cloud provider API gateway (AWS API Gateway, GCP API Gateway, etc.)
- **WAF** - Web Application Firewall rules
## Configuration Files
- `nginx.conf` - NGINX configuration
- `api-gateway.yaml` - API Gateway configuration (cloud-specific)
- `waf-rules.yaml` - WAF rules configuration
## Features
- Rate limiting
- Request routing
- SSL/TLS termination
- Authentication/Authorization
- Request/Response transformation
- Logging and monitoring
## Policies
- OPA (Open Policy Agent) policies in `policies/` directory
- Rate limiting policies
- Access control policies
- Data validation policies
## Usage
```bash
# Deploy NGINX configuration
kubectl apply -f nginx-configmap.yaml
# Update API Gateway
# (Cloud provider specific commands)
# Apply WAF rules
# (Cloud provider specific commands)
```

74
infra/gateways/nginx.conf Normal file
View File

@@ -0,0 +1,74 @@
# NGINX configuration for API Gateway
# This is a template - customize for your needs
upstream intake {
server intake-service:4001;
}
upstream identity {
server identity-service:4002;
}
upstream finance {
server finance-service:4003;
}
upstream dataroom {
server dataroom-service:4004;
}
server {
listen 80;
server_name api.the-order.local;
# Rate limiting
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
# Intake service
location /api/intake/ {
limit_req zone=api_limit burst=20 nodelay;
proxy_pass http://intake/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Identity service
location /api/identity/ {
limit_req zone=api_limit burst=20 nodelay;
proxy_pass http://identity/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Finance service
location /api/finance/ {
limit_req zone=api_limit burst=20 nodelay;
proxy_pass http://finance/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Dataroom service
location /api/dataroom/ {
limit_req zone=api_limit burst=20 nodelay;
proxy_pass http://dataroom/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Health check
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}

67
infra/k8s/README.md Normal file
View File

@@ -0,0 +1,67 @@
# Kubernetes Configuration
Kubernetes manifests and Helm charts for The Order.
## Structure
- `base/` - Base Kubernetes manifests
- `overlays/` - Environment-specific overlays (dev, stage, prod)
- `charts/` - Helm charts (if using Helm)
## Usage
### Using Kustomize
```bash
# Build dev environment
kubectl kustomize overlays/dev
# Apply dev environment
kubectl apply -k overlays/dev
# Build prod environment
kubectl kustomize overlays/prod
# Apply prod environment
kubectl apply -k overlays/prod
```
### Using Helm
```bash
# Install chart
helm install the-order charts/the-order -f charts/the-order/values-dev.yaml
# Upgrade chart
helm upgrade the-order charts/the-order -f charts/the-order/values-prod.yaml
```
## Namespaces
- `the-order-dev` - Development environment
- `the-order-stage` - Staging environment
- `the-order-prod` - Production environment
## Services
Each service has its own deployment, service, and ingress configuration:
- Intake service
- Identity service
- Finance service
- Dataroom service
- Portal applications
## Secrets Management
Secrets are managed using:
- External Secrets Operator
- SOPS-encrypted secrets
- Cloud provider secrets managers
## Monitoring
- Prometheus for metrics
- Grafana for dashboards
- OpenTelemetry for tracing
- ELK/OpenSearch for logging

10
infra/k8s/base/configmap.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: the-order-config
namespace: the-order
data:
# Add configuration data here
LOG_LEVEL: "info"
ENVIRONMENT: "base"

16
infra/k8s/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: the-order
resources:
- namespace.yaml
- configmap.yaml
- secrets.yaml
# Add service-specific resources
# - intake/
# - identity/
# - finance/
# - dataroom/

8
infra/k8s/base/namespace.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Namespace
metadata:
name: the-order
labels:
name: the-order
environment: base

12
infra/k8s/base/secrets.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: the-order-secrets
namespace: the-order
type: Opaque
stringData:
# Secrets should be managed via External Secrets Operator or SOPS
# This is a template - do not commit actual secrets
# DATABASE_URL: "postgresql://..."
# API_KEY: "..."

21
infra/k8s/overlays/dev/kustomization.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: the-order-dev
resources:
- ../../base
patches:
- path: configmap-patch.yaml
target:
kind: ConfigMap
name: the-order-config
configMapGenerator:
- name: the-order-config
behavior: merge
literals:
- ENVIRONMENT=dev
- LOG_LEVEL=debug

31
infra/k8s/overlays/prod/kustomization.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: the-order-prod
resources:
- ../../base
patches:
- path: configmap-patch.yaml
target:
kind: ConfigMap
name: the-order-config
configMapGenerator:
- name: the-order-config
behavior: merge
literals:
- ENVIRONMENT=prod
- LOG_LEVEL=info
replicas:
- name: intake
count: 3
- name: identity
count: 3
- name: finance
count: 2
- name: dataroom
count: 2

49
infra/terraform/README.md Normal file
View File

@@ -0,0 +1,49 @@
# Terraform Infrastructure
Terraform configuration for The Order infrastructure.
## Structure
- `main.tf` - Main Terraform configuration
- `variables.tf` - Variable definitions
- `outputs.tf` - Output definitions
- `modules/` - Reusable Terraform modules
## Usage
```bash
# Initialize Terraform
terraform init
# Plan changes
terraform plan
# Apply changes
terraform apply
# Destroy infrastructure
terraform destroy
```
## Environments
- `dev/` - Development environment
- `stage/` - Staging environment
- `prod/` - Production environment
## Resources
- Kubernetes cluster
- Database (PostgreSQL)
- Object storage (S3/GCS)
- KMS/HSM for key management
- Load balancers
- Network configuration
## Secrets Management
Secrets are managed using:
- SOPS for encrypted secrets
- Cloud KMS for key management
- External Secrets Operator for Kubernetes

46
infra/terraform/main.tf Normal file
View File

@@ -0,0 +1,46 @@
# Terraform configuration for The Order infrastructure
# This is a template - customize for your cloud provider
terraform {
required_version = ">= 1.5.0"
required_providers {
# Add your cloud provider(s) here
# Example for AWS:
# aws = {
# source = "hashicorp/aws"
# version = "~> 5.0"
# }
}
# Configure backend for state management
# backend "s3" {
# bucket = "the-order-terraform-state"
# key = "terraform.tfstate"
# region = "us-east-1"
# }
}
# Provider configuration
# provider "aws" {
# region = var.aws_region
# }
# Variables
variable "aws_region" {
description = "AWS region"
type = string
default = "us-east-1"
}
variable "environment" {
description = "Environment name (dev, stage, prod)"
type = string
default = "dev"
}
# Outputs
output "environment" {
value = var.environment
}

24
infra/terraform/outputs.tf Normal file
View File

@@ -0,0 +1,24 @@
# Terraform outputs for The Order infrastructure
output "environment" {
description = "Environment name"
value = var.environment
}
output "project_name" {
description = "Project name"
value = var.project_name
}
# Add more outputs as needed
# Example:
# output "kubernetes_cluster_endpoint" {
# description = "Kubernetes cluster endpoint"
# value = module.kubernetes.cluster_endpoint
# }
# output "database_endpoint" {
# description = "Database endpoint"
# value = module.database.endpoint
# }

41
infra/terraform/variables.tf Normal file
View File

@@ -0,0 +1,41 @@
# Terraform variables for The Order infrastructure
variable "environment" {
description = "Environment name (dev, stage, prod)"
type = string
validation {
condition = contains(["dev", "stage", "prod"], var.environment)
error_message = "Environment must be dev, stage, or prod."
}
}
variable "aws_region" {
description = "AWS region"
type = string
default = "us-east-1"
}
variable "project_name" {
description = "Project name"
type = string
default = "the-order"
}
variable "domain_name" {
description = "Domain name for the application"
type = string
default = ""
}
variable "enable_monitoring" {
description = "Enable monitoring and observability"
type = bool
default = true
}
variable "enable_logging" {
description = "Enable centralized logging"
type = bool
default = true
}