Scaffold basketball-api project #2

Closed

forgejo_admin wants to merge 9 commits from 1-scaffold-project into main

pull from: 1-scaffold-project

merge into: forgejo_admin:main

forgejo_admin:main

forgejo_admin:hotfix-029-division-enum

forgejo_admin:205-clean-test-data-from-production-db-playe

forgejo_admin:114-email-verification

forgejo_admin:147-feat-add-get-jersey-player-info-endpoint

forgejo_admin:124-feat-many-to-many-player-team-assignment

forgejo_admin:125-feat-add-new-players-manually-seydou-gou

forgejo_admin:126-feat-team-placement-congratulations-emai

forgejo_admin:121-admin-teams-spa-endpoints

forgejo_admin:70-add-graduating-class-to-roster-api-respo

forgejo_admin:59-fix-auth-test

forgejo_admin:62-phase-4l-sveltekit-dashboard-wkq-tailsca

forgejo_admin:11-phase-1a-fix-ci-pipeline-venv-in-test-st

Conversation 1 Commits 9 Files changed 30 +1195 -1

forgejo_admin commented 2026-02-23 15:16:51 +00:00

Owner

Copy link

FastAPI + SQLAlchemy + Stripe webhooks + gmail-sdk + k8s manifests + Woodpecker CI

Closes #1

FastAPI + SQLAlchemy + Stripe webhooks + gmail-sdk + k8s manifests + Woodpecker CI Closes #1

forgejo_admin added 1 commit 2026-02-23 15:16:51 +00:00

Scaffold basketball-api project ... 25844230f9

FastAPI app with Stripe webhooks, gmail-sdk email, Postgres via SQLAlchemy/Alembic.
Includes k8s manifests (deployment, service, postgres), Woodpecker CI, and Dockerfile
for deployment to pal-e cluster.

Closes #1

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-02-23 15:21:25 +00:00

Fix review blockers: XSS, alembic creds, stripe config, webhook validation ... 7e0b2236d2

- Escape all user-controlled values in HTML roster and email templates
- Remove hardcoded credentials from alembic.ini
- Set stripe.api_key on app startup
- Return 400 (not 422) for missing stripe-signature header
- Add postgres subPath for k3s compatibility
- Document single-replica constraint for migrations

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-02-23 15:26:12 +00:00

Fix round 2 blockers: Dockerfile, webhook idempotency, stripe import ... f736d4979f

- Add src/ copy to Dockerfile builder stage
- Add idempotency check on stripe_checkout_session_id in webhook handler
- Use stripe.SignatureVerificationError (stable import path)
- Migrate from deprecated on_event to lifespan pattern
- Fix seed script session cleanup

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-02-23 15:29:11 +00:00

Fix round 3: unique constraint, webhook error handling, initial migration ... e884377c53

- Add unique constraint on Registration.stripe_checkout_session_id
- Add IntegrityError catch as secondary idempotency defense
- Return 200 for permanent webhook failures (ValueError), 500 only for transient
- Add initial Alembic migration for all tables

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin commented 2026-02-23 15:30:20 +00:00

Author

Owner

Copy link

Automated Review Summary (4 rounds)

Round 1 Fixes

• XSS in HTML roster and email templates (html.escape)
• Hardcoded credentials removed from alembic.ini
• stripe-signature header returns 400 (not 422) when missing
• Stripe API key set on app startup with warnings
• Postgres subPath for k3s compatibility
• Documented single-replica migration constraint

Round 2 Fixes

• Dockerfile builder stage: added src/ copy for hatchling
• Webhook idempotency: check stripe_checkout_session_id before processing
• stripe.SignatureVerificationError stable import path
• Migrated from deprecated on_event to lifespan pattern
• Seed script session cleanup

Round 3 Fixes

• Unique constraint on Registration.stripe_checkout_session_id
• IntegrityError catch as secondary idempotency defense
• Webhook returns 200 for permanent failures (ValueError), 500 only for transient
• Initial Alembic migration for all 4 tables

Round 4: PASS (zero blockers)

Remaining nits are standard MVP trade-offs (no auth on roster, no resource limits, Deployment vs StatefulSet) — all documented.

## Automated Review Summary (4 rounds) ### Round 1 Fixes - XSS in HTML roster and email templates (html.escape) - Hardcoded credentials removed from alembic.ini - stripe-signature header returns 400 (not 422) when missing - Stripe API key set on app startup with warnings - Postgres subPath for k3s compatibility - Documented single-replica migration constraint ### Round 2 Fixes - Dockerfile builder stage: added src/ copy for hatchling - Webhook idempotency: check stripe_checkout_session_id before processing - stripe.SignatureVerificationError stable import path - Migrated from deprecated on_event to lifespan pattern - Seed script session cleanup ### Round 3 Fixes - Unique constraint on Registration.stripe_checkout_session_id - IntegrityError catch as secondary idempotency defense - Webhook returns 200 for permanent failures (ValueError), 500 only for transient - Initial Alembic migration for all 4 tables ### Round 4: PASS (zero blockers) Remaining nits are standard MVP trade-offs (no auth on roster, no resource limits, Deployment vs StatefulSet) — all documented.

forgejo_admin referenced this pull request 2026-02-23 17:21:12 +00:00

Fix scaffold to match SERVICE_ONBOARDING.md conventions #3

forgejo_admin added 1 commit 2026-02-23 17:32:13 +00:00

Fix scaffold to match SERVICE_ONBOARDING.md conventions (Closes #3) ... bd81787dee

- .woodpecker.yaml: switch to kaniko plugin, full SHA tags, proper path
  exclude, add pytest test step
- k8s manifests: add namespace to all resources, add resource
  requests/limits, fix Service port to 8000 with name: http
- k8s/postgres.yaml: add subPath for k3s, PGDATA env, strategy: Recreate,
  resource limits
- k8s/servicemonitor.yaml: new file for Prometheus scraping
- /metrics endpoint: stub returning basketball_api_up gauge

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-02-23 17:35:08 +00:00

Fix review findings: webhook error leaking, container name, CI format check, seed script, type hints ... 863956f8e8

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-02-23 17:37:43 +00:00

Fix review round 2: webhook guard, health tests, deployment strategy, port name, lint scope ... 7723ffe167

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-02-23 17:40:38 +00:00

Fix review round 3: email after commit, explicit exception suppression, model defaults ... d46fa767ce

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin added 1 commit 2026-02-23 18:14:46 +00:00

Remove hardcoded namespace from k8s manifests ... 3833981e68

ArgoCD destination.namespace controls placement, making manifests
environment-agnostic. This enables branch-based dev/prod promotion.

Refs: forgejo_admin/basketball-api#1

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin closed this pull request 2026-03-07 21:29:43 +00:00

forgejo_admin referenced this pull request 2026-03-10 00:21:21 +00:00

feat: Brand alignment + registration tokens (Phase 3a) #22

forgejo_admin referenced this pull request 2026-03-21 17:08:49 +00:00

feat: MJML template loader and jersey reminder endpoint #135

forgejo_admin referenced this pull request 2026-03-27 21:08:34 +00:00

Fix: reconciliation script should create groups with requires_approval=false #159

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

  

status:approved

QA passed, awaiting merge approval

  

status:in-progress

Dev agent is actively working

  

status:needs-fix

QA found issues, back to dev

  

status:qa

PR submitted, awaiting QA review

  

type:bug

Bug fix

  

type:devops

Infrastructure/CI/config work

  

type:feature

New functionality

No labels

domain:backend

domain:devops

domain:frontend

status:approved

status:in-progress

status:needs-fix

status:qa

type:bug

type:devops

type:feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/basketball-api!2

No description provided.