[service-infra] Add database integration, containerization, CI/CD, observability, and Kubernetes manifests#3
Merged
devin-ai-integration[bot] merged 2 commits intoproductionizefrom Mar 28, 2026
Conversation
…servability, and Kubernetes manifests - Add PostgreSQL via pg library with connection pooling and parameterized queries - Create migration scripts with rollback capability (backend/migrations/) - Replace in-memory storage with DB-backed model layer - Add Dockerfile.backend (node:18-alpine multi-stage) and Dockerfile.frontend (nginx:alpine) - Add docker-compose.yml with backend, frontend, PostgreSQL, and Redis services - Add health check endpoints: /health (liveness), /health/ready (readiness with DB check) - Create CI workflow (.github/workflows/ci.yml) for lint, test, Docker build - Create CD workflow (.github/workflows/cd.yml) with staging and production deploy - Add husky pre-commit hooks for lint and secret scanning - Add structured winston logging with JSON format per CONVENTIONS.md - Implement correlation ID middleware for request tracing - Add Prometheus metrics: request count, response time, error rate, active connections - Expose /metrics endpoint - Create k8s/ manifests: deployment, service, ingress, configmap, secret, hpa, migration job - Add resource limits, liveness/readiness probes, pod security policies - Add standard labels (team, service, environment) and cost allocation tags - Externalize config to env vars with .env.example - Document observability in OBSERVABILITY.md
Contributor
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the full service infrastructure layer to the todo app, replacing the in-memory prototype with production-ready foundations across five areas:
Database Integration — PostgreSQL via
pgwith connection pooling, a migration framework (backend/migrations/) with up/down support, and a model layer (backend/models/todo.js) using parameterized queries. In-memory array storage inroutes/todos.jsis fully replaced.Containerization — Multi-stage
Dockerfile.backend(node:18-alpine),Dockerfile.frontend(nginx:alpine with reverse proxy config), anddocker-compose.ymlorchestrating backend, frontend, PostgreSQL, Redis, and a one-shot migration service..dockerignoreincluded to preventnode_modules/leaking into image builds.CI/CD —
.github/workflows/ci.yml(lint → test → build Docker images) andcd.yml(build+push to GHCR → staging auto-deploy → production with manual approval). Husky pre-commit hook for lint and basic regex secret scanning.Observability — Winston structured JSON logger, correlation ID middleware (UUID v4, propagated via
X-Correlation-ID), Prometheus metrics (request count, response time histogram, error rate, active connections) on/metrics. Documented inOBSERVABILITY.md.Kubernetes — Full
k8s/directory: Deployment (with security contexts, resource limits, liveness/readiness probes), Service, Ingress, ConfigMap, Secret template, HPA, and a DB migration Job. Standard labels (team,service,environment,cost-center) applied throughout.All error responses follow the
{ error: { code, message, details } }format and env vars use theTODO_APP_prefix perCONVENTIONS.md.Updates since initial revision
.dockerignoreto prevent localnode_modules/from overriding the clean install in the Docker deps stage.deployment.yamlandmigration-job.yamlto match the CD pipeline (ghcr.io/cognition-partner-workshops/prototype-1/…).nginx.ingress.kubernetes.io/rewrite-target: /annotation fromingress.yamlwhich would have stripped path prefixes and broken API routing.cd backendin a subshell so the working directory is preserved for the subsequent secret scanning step.Review & Testing Checklist for Human
npm run lintechoes a string andnpm testalso echoes — CI will always pass. Verify this is acceptable as a placeholder until the unit-tests workstream lands.k8s/secret.yamlcontains placeholder values: The base64-encodedCHANGE_MEvalues must be replaced before any real cluster deployment. Confirm this template-only approach is acceptable for the repo..env.example) or miss obfuscated secrets. Consider replacing with a dedicated tool (e.g.,gitleaks,detect-secrets) in a future iteration.Suggested manual test plan:
docker compose up --buildand verify all services start and the migration runsGET /health,GET /health/ready,GET /metrics, and the CRUD endpoints against the running backenddocker compose down+docker compose uppreserves data (volume persistence)Notes
uuidpackage emits aCommonJS loading ES Moduleexperimental warning at require-time. Harmless in Node 18+ but may be noisy in logs.mainonly; this PR targetsproductionize, so CD won't fire from this merge.Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/854827350b68447eb7ccb725e0d40d3e