Skip to content

mim-space/mim-services

BranchesTags

Repository files navigation

πŸš€ Project Deployment Guide

This document describes how to run and develop the project locally (via Docker) and how to deploy it into Kubernetes (via Helm).
It also provides guidance on environment setup, migrations, testing, and code quality checks.

βš™οΈ Requirements

Before starting, make sure you have installed:

  • Docker (Containerized local development)
  • Poetry (Python dependencies management)
  • Helm (Kubernetes deployment)
  • SOPS (Helm secrets encryption)
  • pre-commit (Code checks and secrets auto-encryption before commit)

🌍 Environment Setup

The project relies on .env files and pre-commit hooks for correct operation.

1. Global .env (in the repository root)

⚠️ This step is required for Docker builds to access private repositories during the image build process.

Create .env in the root of the project (based on .env.example).
It must contain a path to your GitHub access token file:

GITHUB_ACCESS_TOKEN_FILE=/path/to/token/file

2. Service-specific .env

Each service (services/<SERVICE>/) contains its own .env.example. Before local development or running migrations, copy it to .env and fill in the required credentials:

cp services/<SERVICE>/.env.example services/<SERVICE>/.env

3. Setup pre-commit

Run once in the root of the repository:

pre-commit install

This will ensure that before each commit:

  • code style and linters are checked.
  • secrets.yaml is encrypted into secrets.enc.yaml automatically.

⚠️ Without these steps:

  • Docker containers will not start correctly.
  • Database migrations (Alembic) will fail.
  • Secrets won’t be encrypted before commit.

πŸ“‚ Project Structure

.
β”œβ”€β”€ .github/                    # GitHub Actions workflows
β”œβ”€β”€ helm/                       # Base Helm charts
β”œβ”€β”€ k6/                         # Grafana k6 load tests
β”œβ”€β”€ scripts/                    # Helper scripts
β”œβ”€β”€ services/                   # Microservices (auth, user, etc.)
β”‚   └── <service>/
β”‚       β”œβ”€β”€ docker/             # Docker configuration (Dockerfile, docker-compose)
β”‚       β”œβ”€β”€ helm/               # Helm chart for Kubernetes
β”‚       β”œβ”€β”€ src/                # Source code
β”‚       └── pyproject.toml      # Poetry configuration
β”œβ”€β”€ .env                        # Global environment variables (github access token)
β”œβ”€β”€ .pre-commit-config.yaml     # Pre-commit configuration (code quality checks)
β”œβ”€β”€ .sops.yaml                  # SOPS GPG fingerprints (secrets.yaml encryption/decryption)
β”œβ”€β”€ Makefile                    # Global commands (docker, helm, testing, linting)
└── team-keys.asc               # Team GPG keys for SOPS

🐳 Local Development with Docker

⚠️ Make sure .env files are created both in the project root and inside each service before starting containers.

Each service can be built and started individually. All commands are executed via make.

1. Build image

make build <SERVICE>

2. Start container

make up <SERVICE>

3. Stop container

make stop <SERVICE>

4. Remove container

make down <SERVICE>

5. Rebuild image (clean build)

make rebuild <SERVICE>

6. Destroy image

make destroy <SERVICE>

Example for the auth service:

make build auth
make up auth

☸️ Kubernetes Deployment with Helm

Kubernetes deployment is based on Helm charts with helm-secrets and sops for secret management. A detailed guide is available here: πŸ‘‰ Helm Deployment Guide

πŸ”§ Database Migrations (Alembic)

⚠️ Requires valid .env for the target service (copied from .env.example).

Create new migration

make revision <SERVICE> msg="add new table"

Apply migrations

make upgrade <SERVICE>

Revert migrations

make downgrade <SERVICE>

πŸ§ͺ Testing

Run tests for a specific service:

make pytest <SERVICE>

Run tests with coverage report:

make pytest-cov <SERVICE>

🧹 Code Quality

Format and check code for a specific service:

  • Lint:

    make lint <SERVICE>

  • Format imports:

    make isort <SERVICE>

  • Format code:

    make black <SERVICE>

  • Type check:

    make mypy <SERVICE>

  • Full check (lint, format, mypy, tests, helm-encrypt):

    make check <SERVICE>

πŸ” Secrets Management

  • Always work with secrets.yaml (plain text).

  • secrets.enc.yaml is never edited manually β€” it is generated automatically:

    • during the global check step (make check <SERVICE>), or
    • via pre-commit hooks (if installed).

  • If you use pre-commit, you don’t need to run make check manually before committing.

βœ… Recommendations

  • Use Docker for local development.
  • Use Helm for deploying into Kubernetes clusters.
  • Keep secrets only in secrets.yaml (do not commit plain text to git).
  • Trust pre-commit to handle secret encryption automatically.
  • Run make check <SERVICE> manually only if you want to verify locally without committing.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

27 tags

Packages

No packages published

Contributors 6

Languages