Overview
ShopEase is a full-stack, cloud-native eCommerce platform built to production standards. Every service is independently deployable, domain-modelled behind a bounded context, continuously integrated via a five-layer test pyramid, and instrumented end-to-end with OpenTelemetry auto-instrumentation. The platform runs on Kubernetes with GitOps deployment and zero-trust network policies.
This is not a tutorial project β it is a living, deployed system demonstrating enterprise engineering patterns that are often described but rarely shown together in a single repository.
Architecture Diagram
Platform Structure
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Cloudflare Tunnel + Access β
β shop.kunlecreates.org β
ββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββββ
β NGINX Ingress Controller β
β (TLS termination, path-based routing) β
ββββββββ¬βββββββββββββββ¬βββββββββββββββ¬βββββββββββββββ¬βββββββββββββββ
β β β β
/frontend /api/user /api/products /api/orders
β β β β
βββββββββββ ββββββββββββ βββββββββββ βββββββββββββββ
βfrontend β βuser-svc β βproduct β βorder-serviceβ
βNext.js β βJava 21 β βNestJS β βJava 21 β
β β βSpring β βNode.js β βSpring Boot β
β β βOracle DB β βPostgres β βMS SQL Serverβ
βββββββββββ ββββββββββββ βββββββββββ ββββββββ¬βββββββ
β async notify
βββββββΌββββββββ
βnotif-serviceβ
βPython 3.12 β
βFastAPI/SMTP β
βββββββββββββββ
Service Breakdown
Full identity & auth domain: registration, JWT/RS256, email verification, password reset, RBAC (CUSTOMER/ADMIN), and login audit logging. Every token value is stored as a bcrypt hash β plaintext secrets never persist.
Product catalogue, full-text search (TSVECTOR), inventory tracking, and stock movement audit. Prices stored as integer cents (no floating-point). JSONB attributes column handles flexible per-SKU metadata without schema migrations.
Cart lifecycle (OPEN β CHECKED_OUT β ABANDONED), order management, payment metadata. Shipping address snapshotted at checkout β historical orders are immutable. Only display-safe payment metadata stored (PCI scope reduction).
Stateless email dispatcher. Consumes order events, renders Jinja2 templates, dispatches confirmation emails via SMTP. No database β trivially scalable and independently testable. Async call from order-service post-checkout.
Test Pyramid (330+ Tests)
| Layer | Location | Tools | Blocks PR? | Tests |
|---|---|---|---|---|
| Unit | services/*/test/ |
JUnit 5, Jest, pytest | β Yes | 277 |
| Frontend Unit | frontend/__tests__/ |
Jest | β Yes | 53 |
| Integration | services/*/test/integration/ |
Testcontainers (real DBs) | β Yes | ~40 |
| API Contracts | api-tests/ |
Supertest, RestAssured | β Post-deploy | 18 files |
| E2E | e2e/ |
Playwright | β Monitoring | 7 spec files |
CI/CD Pipeline
GitHub Actions β GHCR β Kubernetes Helm deploy. All five services build in parallel. Total time from git push to live deployment: ~5 minutes.
Coverage Authority Workflow β Platform-Level Quality Visibility
The Coverage Authority is a dedicated GitHub Actions workflow that runs after all five service CI pipelines complete. It collects the per-service coverage artefacts, computes a weighted aggregate across the entire platform (βΌ85%+ current), and auto-publishes the updated badge to the coverage-badge branch on every push. This is not per-service coverage tracking β it is a cross-platform signal that treats quality as a platform-level concern. A single service dropping below threshold fails the aggregate gate and alerts the team before any deployment proceeds.
coverage-badge branch
6οΈβ£ README badge reflects live state on every push
- Fail fast: Unit tests precede integration tests in every pipeline
- Real databases in CI: Testcontainers prevents environment-specific failures
- Build once, deploy everywhere: The CI image is the exact production image
- Self-hosted ARC runner: GitHub Actions Runner Controller running on-cluster
Observability Stack
OpenTelemetry Operator auto-injects agents β no SDK changes required in application code.
- π Prometheus + Grafana β HTTP metrics, JVM heap, GC pauses, connection pool utilisation
- π Jaeger v2 β Full distributed traces across all services with per-span timing
- π Elasticsearch + Kibana (ECK) β Centrally aggregated, indexed, and searchable logs
- βοΈ OTel Operator β Auto-instrumentation for Java, Node.js, and Python services (40β60% overhead optimised)
Security Architecture
- JWT/RS256 β Asymmetric token signing; public key distributed to verifying services
- Bcrypt (cost 12) β Passwords and all token values stored as hashes only
- HttpOnly cookies β JWT storage; eliminates XSS token theft via JavaScript
- Zero-trust NetworkPolicies β Deny all by default; explicit per-service ingress/egress rules
- Least-privilege DB users β App connects as CRUD-only role; no DDL rights at runtime
- Email verification β Required before full account access; tokens single-use and time-limited
- OWASP Top 10 β Parameterised queries, CSP headers, CSRF protection, rate limiting via NGINX
Polyglot Persistence
| Service | Engine | Why This Engine |
|---|---|---|
| user-service | Oracle DB 23c Free | Complex relational auth domain. JSON constraint (IS JSON) for domain event outbox. Enterprise audit capability. |
| product-service | PostgreSQL 17 | Native TSVECTOR full-text search. JSONB for flexible product attributes. Best-in-class ORM support for NestJS. |
| order-service | MS SQL Server 2022 | Schema isolation via order_svc schema qualifier. Strong typing for financial transactions. Spring Data JPA + MSSQL Testcontainers. |
UI Walkthrough (GIF Preview)
End-to-end user journey through the ShopEase web application β registration, product browsing, cart management, and order placement.
Read More
I wrote detailed engineering deep dives covering this platform:
Architecture Deep Dive β All 6 Engineering Pillars β
Database-as-a-Service Engineering Deep Dive β
Contact
The source code is public on GitHub. For a walkthrough of any specific service, the CI/CD pipeline configuration, or the Kubernetes manifests, contact me directly.