chore: add card-service and pos-service image build steps in CI

.github/workflows/node-build.yml

@@ -92,6 +92,13 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/workflows/rafiki/env-setup
       - run: pnpm --filter card-service test:ci
+      - run: pnpm --filter card-service build
+      - name: AsyncAPI extension
+        run: |
+          echo "{\"extends\":[\"spectral:oas\",\"spectral:asyncapi\"]}" >> .spectral.json
+      - name: Validate Open API specs
+        run: |
+          npx @stoplight/spectral-cli lint ./packages/card-service/src/openapi/specs/*.yaml
 
   point-of-sale:
     runs-on: ubuntu-latest
@@ -100,7 +107,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/workflows/rafiki/env-setup
-      - run: pnpm --filter point-of-sale build:deps
+      - run: pnpm --filter point-of-sale build
       - run: pnpm --filter point-of-sale test:ci
 
   mock-account-servicing-entity:
@@ -426,6 +433,8 @@ jobs:
           - auth
           - backend
           - frontend
+          - card-service
+          - point-of-sale
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -461,6 +470,8 @@ jobs:
           - auth
           - backend
           - frontend
+          - card-service
+          - point-of-sale
     steps:
       - uses: actions/checkout@v4
       - name: Fetch docker image from cache
@@ -497,6 +508,8 @@ jobs:
           - auth
           - backend
           - frontend
+          - card-service
+          - point-of-sale
     steps:
       - uses: actions/checkout@v4
       - name: Fetch docker image from cache
@@ -529,6 +542,8 @@ jobs:
           - auth
           - backend
           - frontend
+          - card-service
+          - point-of-sale
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/image-push
@@ -550,6 +565,8 @@ jobs:
           - auth
           - backend
           - frontend
+          - card-service
+          - point-of-sale
     steps:
       - uses: actions/checkout@v4
       - name: Push manifest list

packages/card-service/Dockerfile.prod

@@ -0,0 +1,65 @@
+FROM node:20-alpine3.20 AS base
+
+WORKDIR /home/rafiki
+
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+
+RUN corepack enable
+RUN corepack prepare [email protected] --activate
+
+COPY pnpm-lock.yaml ./
+
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm fetch \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
+
+FROM base AS prod-deps
+
+COPY package.json pnpm-workspace.yaml .npmrc ./
+COPY packages/card-service/knexfile.js ./packages/card-service/knexfile.js
+COPY packages/card-service/package.json ./packages/card-service/package.json
+RUN pnpm clean
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --prefer-offline \
+    --frozen-lockfile \
+    --prod \
+    | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
+
+FROM base AS builder   
+
+COPY package.json pnpm-workspace.yaml .npmrc tsconfig.json tsconfig.build.json ./
+COPY packages/card-service ./packages/card-service
+
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
+    pnpm install \
+    --recursive \
+    --offline \
+    --frozen-lockfile
+RUN pnpm --filter card-service build
+
+FROM node:20-alpine3.20 AS runner
+
+# Since this is from a fresh image, we need to first create the Rafiki user
+RUN adduser -D rafiki
+WORKDIR /home/rafiki
+
+COPY --from=prod-deps /home/rafiki/node_modules ./node_modules
+COPY --from=prod-deps /home/rafiki/packages/card-service/node_modules ./packages/card-service/node_modules
+COPY --from=prod-deps /home/rafiki/packages/card-service/package.json ./packages/card-service/package.json
+COPY --from=prod-deps /home/rafiki/packages/card-service/knexfile.js ./packages/card-service/knexfile.js
+
+COPY --from=builder /home/rafiki/packages/card-service/migrations/ ./packages/card-service/migrations
+COPY --from=builder /home/rafiki/packages/card-service/dist ./packages/card-service/dist
+COPY --from=builder /home/rafiki/packages/card-service/knexfile.js ./packages/card-service/knexfile.js
+
+USER root
+
+# For additional paranoia, we make it so that the Rafiki user has no write access to the packages
+RUN chown -R :rafiki /home/rafiki/packages
+RUN chmod -R 750 /home/rafiki/packages
+
+USER rafiki
+CMD ["node", "/home/rafiki/packages/card-service/dist/index.js"]

packages/card-service/package.json

@@ -1,10 +1,6 @@
 {
   "name": "card-service",
-  "main": "dist/index.js",
-  "types": "dist/index.d.ts",
-  "files": [
-    "dist/**/*"
-  ],
+  "main": "index.js",
   "scripts": {
     "build": "pnpm clean && tsc --build tsconfig.json",
     "clean": "rm -fr dist/",
@@ -37,6 +33,7 @@
     "@types/koa-bodyparser": "^4.3.12",
     "@types/koa__cors": "^5.0.0",
     "@types/koa__router": "^12.0.4",
+    "@types/node": "^20.14.15",
     "@types/uuid": "^9.0.8",
     "jest-environment-node": "^29.7.0",
     "nock": "14.0.0-beta.19",

packages/card-service/src/openapi/specs/card-server.yaml

@@ -1,7 +1,13 @@
 openapi: 3.0.3
 info:
   title: Card Service API
   version: 1.0.0
+  description: Card Service API specs
+  contact:
+    email: [email protected]
+tags:
+  - name: payment
+    description: Operations related to payments
 paths:
   /payment:
     post:
@@ -67,6 +73,9 @@
           description: Card expired or invalid signature
         '500':
           description: Internal server error
+      description: 'POS service calls this endpoint to initiate a payment request.'
+      tags:
+        - payment
   /payment-event:
     post:
       summary: Handle payment event result from backend
@@ -106,3 +115,6 @@
           description: Malformed request body
         '404':
           description: Request not found
+      description: 'Rafiki backend calls this endpoint to send the payment result.'
+      tags:
+        - payment

packages/point-of-sale/Dockerfile.prod

@@ -19,7 +19,6 @@ FROM base AS prod-deps
 COPY package.json pnpm-workspace.yaml .npmrc ./
 COPY packages/point-of-sale/knexfile.js ./packages/point-of-sale/knexfile.js
 COPY packages/point-of-sale/package.json ./packages/point-of-sale/package.json
-COPY packages/token-introspection/package.json ./packages/token-introspection/package.json
 
 RUN pnpm clean
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
@@ -34,7 +33,6 @@ FROM base AS builder
 
 COPY package.json pnpm-workspace.yaml .npmrc tsconfig.json tsconfig.build.json ./
 COPY packages/point-of-sale ./packages/point-of-sale
-COPY packages/token-introspection ./packages/token-introspection
 
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
     pnpm install \
@@ -52,17 +50,17 @@ WORKDIR /home/rafiki
 COPY --from=prod-deps /home/rafiki/node_modules ./node_modules
 COPY --from=prod-deps /home/rafiki/packages/point-of-sale/node_modules ./packages/point-of-sale/node_modules
 COPY --from=prod-deps /home/rafiki/packages/point-of-sale/package.json ./packages/point-of-sale/package.json
-COPY --from=prod-deps /home/rafiki/packages/token-introspection/node_modules ./packages/token-introspection/node_modules
-COPY --from=prod-deps /home/rafiki/packages/token-introspection/package.json ./packages/token-introspection/package.json
 COPY --from=prod-deps /home/rafiki/packages/point-of-sale/knexfile.js ./packages/point-of-sale/knexfile.js
 
 COPY --from=builder /home/rafiki/packages/point-of-sale/migrations/ ./packages/point-of-sale/migrations
 COPY --from=builder /home/rafiki/packages/point-of-sale/dist ./packages/point-of-sale/dist
-COPY --from=builder /home/rafiki/packages/token-introspection/dist ./packages/token-introspection/dist
 COPY --from=builder /home/rafiki/packages/point-of-sale/knexfile.js ./packages/point-of-sale/knexfile.js
 
 USER root
 
 # For additional paranoia, we make it so that the Rafiki user has no write access to the packages
 RUN chown -R :rafiki /home/rafiki/packages
 RUN chmod -R 750 /home/rafiki/packages
+
+USER rafiki
+CMD ["node", "/home/rafiki/packages/point-of-sale/dist/index.js"]

packages/point-of-sale/package.json

@@ -12,8 +12,7 @@
     "generate": "graphql-codegen --config codegen.yml",
     "knex": "knex",
     "dev": "ts-node-dev --inspect=0.0.0.0:9229 --respawn --transpile-only src/index.ts",
-    "build": "pnpm build:deps && pnpm clean && tsc --build tsconfig.json",
-    "build:deps": "pnpm --filter token-introspection build",
+    "build": "pnpm clean && tsc --build tsconfig.json",
     "clean": "rm -fr dist/"
   },
   "keywords": [],
@@ -25,7 +24,7 @@
     "@faker-js/faker": "^8.4.1",
     "@koa/cors": "^5.0.0",
     "@koa/router": "^12.0.2",
-    "axios": "1.8.2",
+    "axios": "1.12.0",
     "dotenv": "^16.4.7",
     "graphql": "^16.11.0",
     "json-canonicalize": "^1.0.6",