Conversation
- Fix Axum router fallback bug returning 401 instead of 404 - Update auth-service and url-service Dockerfiles to resolve glibc mismatch - Create web/Dockerfile and web/nginx.conf to containerize the Vite frontend - Configure frontend NGINX for custom fallback routing (intercept 404s and proxy to url-service or serve React SPA) - Add K8s Deployment and Service manifests for frontend-service - Update NGINX Ingress Controller routing to send root traffic to frontend-service - Expand scripts/deploy-local.sh to build and deploy frontend - Update TARGET.md to mark Phase 7 as completed - Add Kubernetes deployment instructions to README.md
- Start postgres-auth, postgres-urls, redis, and rabbitmq via docker-compose for local test runs (only kind was running, causing PoolTimedOut) - auth-service tests require DATABASE_URL=postgres://...@localhost:5432/bittuly_auth - url-service tests require DATABASE_URL=postgres://...@localhost:5433/bittuly_urls (handler tests also need Redis at localhost:6379 for UrlState setup) - Add scripts/test.sh: smart runner that auto-starts infra and sets correct DATABASE_URL per service — run ./scripts/test.sh to test everything - Update .cargo/config.toml: use force=false so DATABASE_URL can be overridden from the shell, and add test-auth/test-urls aliases - All 26 tests now pass (13 auth + 13 url)
Mirrors the docker compose up/down UX for the kind cluster: ./scripts/k8s.sh up - create cluster + full deploy (first time) ./scripts/k8s.sh start - resume a stopped cluster, no rebuild ./scripts/k8s.sh stop - pause containers, data preserved ./scripts/k8s.sh down - delete cluster, images kept (fast redeploy) ./scripts/k8s.sh purge - delete cluster + all bittuly Docker images ./scripts/k8s.sh deploy - rebuild images + rolling redeploy ./scripts/k8s.sh status - show nodes, pods, services ./scripts/k8s.sh logs <s> - tail pod logs for a service ./scripts/k8s.sh restart <s> - rolling restart a deployment ./scripts/k8s.sh jaeger - port-forward Jaeger UI → :16686 ./scripts/k8s.sh rabbitmq - port-forward RabbitMQ UI → :15672
ci.yml — fixed and expanded: - Split into 5 parallel jobs: rust-lint, test-auth, test-url, docker-build, frontend - Add postgres-auth service container for auth-service tests (DATABASE_URL fixed) - Add postgres-urls + redis service containers for url-service tests - Add cargo-audit security scanning - Use docker/build-push-action with GHA layer cache for fast Docker smoke builds - Fix Node.js version from 26 to 20 (LTS) - tests now run in parallel (test-auth and test-url run concurrently) cd.yml — new: - Triggers on every push to main (after CI passes) - Builds and pushes all 4 images to GHCR tagged with git SHA + latest - Uses docker layer cache (type=gha) for fast incremental builds - Deploy step scaffolded with both kubectl and ArgoCD options (commented, ready to enable when production cluster is provisioned)
url-service/handlers.rs: - Remove unused imports: moka::future::Cache, std::time::Duration - Remove mut from 4 test response variables (unused_mut) url-service/services.rs: - Remove unused DateTime from chrono import in test module url-service/mock.rs: - Collapse nested if-let blocks (clippy::collapsible_if) - add_shorten_url: merge expires_at check into single if-let && guard - delete_url: merge user_id check into single if-let && guard auth-service/services.rs: - Remove unused imports: async_trait, HashMap, RwLock from test module auth-service/handlers.rs: - Remove mut from 3 test response variables (unused_mut) All 16 clippy errors resolved. cargo clippy --workspace --all-targets -- -D warnings now passes clean.
The jsonwebtoken crate depends on rsa, which has an unfixable timing side-channel vulnerability (Marvin Attack). Since we only use HS256 (symmetric HMAC) for our JWTs and do not use RSA keys, we are unaffected by this vulnerability. - Added --ignore RUSTSEC-2023-0071 to ci.yml - Added audit.toml for local cargo audit runs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 Overview
This major release merges the fully completed, production-ready
devbranch intomaster. It transitions Bittuly from a set of isolated local applications into a highly resilient, observable, and scalable distributed microservice architecture deployed via Kubernetes.The system has been heavily optimized with distributed caching, message brokering, and asynchronous eventing, and has been proven under extreme load testing to handle 6,500+ RPS with sub-millisecond median latencies.
🏗️ Architecture & Infrastructure Highlights
Deployments,Services,ConfigMaps,Secrets) across all services.clippy), dependency security auditing, and running isolatedsqlxintegration tests against ephemeral Docker databases.⚡ Performance & Caching Optimizations
url-service.tokio::spawn, preventing thread starvation and connection pool exhaustion under heavy load.k6cluster testing.🔭 Observability & Telemetry Stack
url-servicedirectly toconsumer-service).📦 Services Included
auth-service): JWT-based authentication, user registration, and secure credential management.url-service): The high-throughput redirect engine and link generation API.consumer-service): Background worker processing RabbitMQ queues for analytics aggregation and Dead Letter Queue (DLQ) retry logic.frontend-service): React/Vite web application served efficiently via NGINX.