fix ci workflow

Author: DEVMANISHOFFL

.github/ci.yml

@@ -0,0 +1,53 @@
+name: Backend CI (E2E Checkout)
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  e2e:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and start services
+        run: |
+          docker compose up -d --build
+
+      - name: Wait for services to be healthy
+        run: |
+          echo "Waiting for services..."
+          for i in {1..30}; do
+            if curl -s http://localhost:8080/healthz \
+              && curl -s http://localhost:8081/healthz \
+              && curl -s http://localhost:8082/healthz \
+              && curl -s http://localhost:8083/healthz; then
+              echo "All services are up"
+              exit 0
+            fi
+            sleep 5
+          done
+          echo "Services failed to start"
+          docker compose logs
+          exit 1
+
+      - name: Run Full E2E Checkout Flow
+        run: |
+          go run ./tools/e2e_checkout/full_flow.go
+
+      - name: Dump logs on failure
+        if: failure()
+        run: |
+          docker compose logs
+
+      - name: Shutdown services
+        if: always()
+        run: |
+          docker compose down -v

services/orders/internal/api/handlers.go

@@ -208,7 +208,7 @@ func (h *Handler) MarkOrderPaid(w http.ResponseWriter, r *http.Request) {
 
 	// deduct stock
 	for _, it := range order.Items {
-		if err := h.pclient.DeductReservedStock(ctx, it.VariantID, it.Quantity); err != nil {
+		if err := h.pclient.DeductStock(ctx, it.VariantID, it.Quantity); err != nil {
 			http.Error(w, "stock deduction failed", http.StatusBadGateway)
 			return
 		}
@@ -247,3 +247,44 @@ func (h *Handler) GetOrderInternal(w http.ResponseWriter, r *http.Request) {
 		"currency":     order.Currency,
 	})
 }
+
+func (h *Handler) ReleaseOrder(w http.ResponseWriter, r *http.Request) {
+	orderID := chi.URLParam(r, "orderID")
+
+	if !isValidUUID(orderID) {
+		http.Error(w, "invalid order id", http.StatusBadRequest)
+		return
+	}
+
+	if r.Header.Get("X-INTERNAL-KEY") != os.Getenv("INTERNAL_SERVICE_KEY") {
+		http.Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	if err := h.store.ReleaseOrder(r.Context(), orderID); err != nil {
+		// idempotent: already released / already paid
+		w.WriteHeader(http.StatusOK)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+}
+
+func (h *Handler) RefundOrder(w http.ResponseWriter, r *http.Request) {
+	orderID := chi.URLParam(r, "orderID")
+
+	// Internal auth
+	if r.Header.Get("X-INTERNAL-KEY") != os.Getenv("INTERNAL_SERVICE_KEY") {
+		http.Error(w, "unauthorized", http.StatusUnauthorized)
+		return
+	}
+
+	// Business logic
+	if err := h.store.RefundOrder(r.Context(), orderID); err != nil {
+		// Idempotent: already refunded / not refundable
+		w.WriteHeader(http.StatusOK)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+}

services/orders/internal/api/routes.go

@@ -10,11 +10,14 @@ func RegisterRoutes(r *chi.Mux, h *Handler) {
 	r.Route("/v1/orders", func(r chi.Router) {
 		r.Post("/prepare", h.PrepareOrder)
 		r.Post("/confirm", h.ConfirmOrder)
+		r.Post("/{orderID}/refund", h.RefundOrder)
+
 		r.Get("/internal/orders/{orderID}", h.GetOrderInternal)
 
 		r.Post("/{orderID}/paid", h.MarkOrderPaid)
-
+		r.Post("/{orderID}/release", h.ReleaseOrder)
 	})
+
 	r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(200)
 		w.Write([]byte("ok"))

services/orders/internal/client/cart_client.go

@@ -14,7 +14,7 @@ type CartClient struct {
 	c    *http.Client
 }
 
-func NewCartClientFromEnv() *CartClient {
+func NewCartClient() *CartClient {
 	base := os.Getenv("CART_SVC_BASE")
 	if base == "" {
 		base = "http://localhost:8081"

services/orders/internal/client/product_client.go

@@ -8,116 +8,123 @@ import (
 	"net/http"
 	"os"
 	"time"
-
-	"github.com/joho/godotenv"
 )
 
 type ProductClient struct {
 	base     string
-	c        *http.Client
 	adminKey string
+	c        *http.Client
 }
 
-func NewProductClientFromEnv() *ProductClient {
-	godotenv.Load()
+func NewProductClient() *ProductClient {
 	base := os.Getenv("PRODUCT_SVC_BASE")
 	if base == "" {
-		base = "http://localhost:8080"
+		// Docker DNS default
+		base = "http://product:8080"
+	}
+
+	adminKey := os.Getenv("ADMIN_KEY")
+	if adminKey == "" {
+		adminKey = os.Getenv("PRODUCT_ADMIN_KEY")
 	}
 
-	adminKey := os.Getenv("PRODUCT_ADMIN_KEY")
 	if adminKey == "" {
-		fmt.Println("WARNING: PRODUCT_ADMIN_KEY is not set")
+		fmt.Println("WARNING: ADMIN_KEY not set for ProductClient")
 	}
 
 	return &ProductClient{
 		base:     base,
-		c:        &http.Client{Timeout: 5 * time.Second},
 		adminKey: adminKey,
+		c: &http.Client{
+			Timeout: 5 * time.Second,
+		},
 	}
 }
 
-func (p *ProductClient) GetProductDetail(ctx context.Context, productID string) (map[string]any, error) {
+/* -------------------- READ APIs -------------------- */
+
+func (p *ProductClient) GetProductDetail(
+	ctx context.Context,
+	productID string,
+) (map[string]any, error) {
+
 	url := fmt.Sprintf("%s/v1/products/%s", p.base, productID)
-	req, _ := http.NewRequestWithContext(ctx, "GET", url, nil)
+
+	req, _ := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+
 	resp, err := p.c.Do(req)
 	if err != nil {
 		return nil, err
 	}
 	defer resp.Body.Close()
-	if resp.StatusCode != 200 {
+
+	if resp.StatusCode != http.StatusOK {
 		return nil, fmt.Errorf("product service returned %d", resp.StatusCode)
 	}
+
 	var out map[string]any
 	if err := json.NewDecoder(resp.Body).Decode(&out); err != nil {
 		return nil, err
 	}
+
 	return out, nil
 }
 
-func (p *ProductClient) DeductStock(ctx context.Context, variantID string, quantity int) error {
-	url := fmt.Sprintf("%s/v1/admin/variants/%s/deduct", p.base, variantID)
-	body := map[string]any{"quantity": quantity}
-	b, _ := json.Marshal(body)
-
-	req, _ := http.NewRequestWithContext(ctx, "POST", url, bytes.NewReader(b))
-	req.Header.Set("Content-Type", "application/json")
-
-	// 💥 THE FIX: FORWARD ADMIN KEY
-	req.Header.Set("X-ADMIN-KEY", p.adminKey)
-
-	resp, err := p.c.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
+/* -------------------- STOCK APIs -------------------- */
 
-	if resp.StatusCode != 200 {
-		return fmt.Errorf("deduct returned %d", resp.StatusCode)
-	}
-	return nil
+func (p *ProductClient) ReserveStock(
+	ctx context.Context,
+	variantID string,
+	quantity int,
+) error {
+	return p.postStockAction(ctx, "reserve", variantID, quantity)
 }
 
-func (p *ProductClient) ReserveStock(ctx context.Context, variantID string, quantity int) error {
-	url := fmt.Sprintf("%s/v1/admin/variants/%s/reserve", p.base, variantID)
-	body := map[string]any{"quantity": quantity}
-	b, _ := json.Marshal(body)
-
-	req, _ := http.NewRequestWithContext(ctx, "POST", url, bytes.NewReader(b))
-	req.Header.Set("Content-Type", "application/json")
-
-	// 💥 THE FIX AGAIN
-	req.Header.Set("X-ADMIN-KEY", p.adminKey)
-
-	resp, err := p.c.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
+func (p *ProductClient) DeductStock(
+	ctx context.Context,
+	variantID string,
+	quantity int,
+) error {
+	return p.postStockAction(ctx, "deduct", variantID, quantity)
+}
 
-	if resp.StatusCode != 200 {
-		return fmt.Errorf("reserve returned %d", resp.StatusCode)
-	}
-	return nil
+func (p *ProductClient) ReleaseStock(
+	ctx context.Context,
+	variantID string,
+	quantity int,
+) error {
+	return p.postStockAction(ctx, "release", variantID, quantity)
 }
 
-func (p *ProductClient) DeductReservedStock(
+/* -------------------- INTERNAL HELPER -------------------- */
+
+func (p *ProductClient) postStockAction(
 	ctx context.Context,
+	action string,
 	variantID string,
 	quantity int,
 ) error {
 
-	url := fmt.Sprintf("%s/v1/admin/variants/%s/deduct", p.base, variantID)
+	url := fmt.Sprintf(
+		"%s/v1/admin/variants/%s/%s",
+		p.base,
+		variantID,
+		action,
+	)
 
-	body := map[string]any{
+	body := map[string]int{
 		"quantity": quantity,
 	}
 	b, _ := json.Marshal(body)
 
-	req, _ := http.NewRequestWithContext(ctx, "POST", url, bytes.NewReader(b))
-	req.Header.Set("Content-Type", "application/json")
+	req, _ := http.NewRequestWithContext(
+		ctx,
+		http.MethodPost,
+		url,
+		bytes.NewReader(b),
+	)
 
-	// INTERNAL AUTH
+	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("X-ADMIN-KEY", p.adminKey)
 
 	resp, err := p.c.Do(req)
@@ -127,7 +134,11 @@ func (p *ProductClient) DeductReservedStock(
 	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("deduct reserved stock failed: %d", resp.StatusCode)
+		return fmt.Errorf(
+			"product %s failed: %d",
+			action,
+			resp.StatusCode,
+		)
 	}
 
 	return nil