Python (FastAPI) E-Commerce Microservice

Overview

This project mirrors the Enterprise Java Architecture but uses a modern Python Stack. It demonstrates a production-grade FastAPI application with DevSecOps integrated via Makefiles.

Key Features

Application: FastAPI (Async), SQLAlchemy (ORM), Pydantic (Validation).
Build Automation: Makefile for standardized developer experience.
Observability: Zero-code instrumentation with opentelemetry-instrument.
Security (DevSecOps):
- Snyk: Checks requirements.txt for vulnerable libraries.
- Trivy: Checks Docker images for OS-level CVEs.
- SonarQube: Checks Python code quality & smells.

1. Project Structure

Directory	Description
`app/`	FastAPI Source: `main.py`, `models.py`, `Makefile`.
`infra/`	Terraform: EKS, RDS (PostgreSQL), Redis.
`testing/`	PyTest: Unit & Integration tests.
`cicd/`	Jenkinsfile: Pipeline including Security Scans.

2. Quick Start (Makefile)

We use a Makefile to simplify commands.

# 1. Install Dependencies
make install

# 2. Run Tests
make test

# 3. Security Scan (Local)
make security

# 4. Build & Scan Container
make build

3. Implementation Details

A. Application (`app/`)

Async/Await: Uses Python's asyncio for high-concurrency API handling.
Auto-instrumentation: The Dockerfile uses opentelemetry-bootstrap to install agents that trace every Request/DB call to Jaeger.

B. DevSecOps Pipeline (`cicd/Jenkinsfile`)

The pipeline enforces security before deployment: 1. SCA Stage: Runs snyk test. Blocks build if vulnerable libraries (e.g., old request lib) are found. 2. Container Stage: Runs trivy image. Blocks build if the Base OS (Debian/Alpine) has Critical CVEs.

C. Infrastructure

The Terraform code in infra/ is identical in structure to the Java project but deploys a python-commerce-cluster to keep environments isolated.

4. Testing Strategy

Unit: pytest verifies internal logic.
API: TestClient (Starlette) verifies HTTP endpoints (/orders).
Integration: Selenium Scripts (in testing/) connect to SauceLabs for UI flows.