Smyik - Banking application

A banking application built with Go, PostgreSQL, and Docker. It uses SQLC for generating type-safe queries and go-playground/validator for input validation. The project includes comprehensive unit tests with testify and GoMock for mocking dependencies. Project has a CI-CD pipeline that runs automated tests, conduct database migrations, uploads code coverage to Codecov and builds, tags, and pushes images to AWS ECR, which is directly used in production.

The application is fully containerized with Docker and deployed on a self-managed Kubernetes cluster (AWS EC2) using Helm charts and ArgoCD for GitOps-driven deployments. Storage is managed using Rancher Local Path Provisioner for dynamic PVC provisioning and the CloudNativePG operator for PostgreSQL lifecycle management. Build automation and commands are handled with a Makefile. Infrastructure is provisioned and managed as code using Terraform, with state stored in AWS S3. The project includes a GitOps-based monitoring setup with Prometheus and Grafana, featuring proper alerting rules. Alertmanager is configured to send email notifications for alerts.

⭐ Star us on GitHub — it motivates me a lot!

📚Tech Stack

• Backend Language: Go (Golang)
• Database: PostgreSQL
• ORM/SQL Generator: SQLC
• Validation: go-playground/validator
• Testing: Comprehensive unit tests with GoMock for mocking
• CI Pipeline: GitHub Actions for CI tests and code coverage uploading,
• Code Coverage: Tracking test coverage of the project using Codecov. (find it here)
• Build and Commands: Managed using Makefile

⚙️ Infrastructure & Deployment

• CI/CD: GitHub Actions pipelines for testing, database migrations, code coverage, and automated Docker builds pushed to AWS ECR and directly to Prod.
• Cluster: Self-managed Kubernetes cluster on AWS EC2.
• Deployments: Helm charts with ArgoCD for GitOps-based continuous delivery - App of apps approach.
• Storage: Rancher Local Path Provisioner for dynamic PVCs.
• Database Operator: CloudNativePG operator for managing PostgreSQL inside Kubernetes.
• Infrastructure: Provisioned and managed as code using Terraform, with state stored in AWS S3.
• Monitoring: GitOps-based observability setup using Prometheus and Grafana for real-time metrics and visualization.
• Alerting: Configured Alertmanager with custom alerting rules to send email notifications for critical system events.

📝 How to Build

To build the packages, follow these steps:

# Open a terminal (Command Prompt or PowerShell for Windows, Terminal for macOS or Linux)

# Ensure Git and make is installed
# Visit https://git-scm.com to download and install console Git if not already installed

# Clone the repository
git clone https://github.com/1Shubham7/Banking-application.git

# Navigate to the project directory
cd Banking-application

make postgres

make createdb

make start_prod

# If you want to run it through local image:
# Install `go-migrate` with root previliges
sudo go install -tags 'postgres' github.com/golang-migrate/migrate/v4/cmd/migrate@v4.18.1

make migrateup1

make migrateup

make server

🙋‍♂️ Local User Journey

1. Create a User/SignIn:

curl -i -X POST http://localhost:8080/users -H "Content-Type: application/json" \
-d '{"username": "Shubham", "password": "secret", "full_name": "Shubham Singh", "email": "shubhammahar1306@gmail.com"}'

If running locally, you can checkout the db, we use postgres:

2. Login User:

curl -i -X POST http://localhost:8080/users/login -H "Content-Type application/json" \
-d '{"username": "Shubham", "password": "secret"}'

This will return you a JWT token:

{
  "session_id": "932680d9-a170-4e3d-8f1a-ed9aa090d21b",
  "access_token": "v2.local.nqUejIG_-A0-YKfedgDIjfFH9AyLr-idGE5e3QvduogV3hRsO0d1HTu3MoaXjHTfixDPjy7ZImbJZU_6S-LNZG3OqWtNZlQA0ta-UBg5vnnaGjzvahOT4CxwaBXOeZdxMjiZ0eRMB3yf4Kb8X0dYdjk0830h7b6b95gnmWfs85DfUUvh5JxuHaUwdT1SSiAf2r5-hh2d3qX1nFRnyeT0T0P3jOVrFd-Citqgz-ASCGMdtbJ1Dne6xjZ1SXsMlNt5zswiEkfTx5wOBshWV6oj.bnVsbA",
  "access_token_expires_at": "2024-12-13T12:15:43.050587204+05:30",
  "user": {
    "username": "Shubham",
    "full_name": "Shubham Singh",
    "email": "shubhammahar1306@gmail.com",
    "password_changed_at": "0001-01-01T05:53:28+05:53",
    "created_at": "2024-12-13T11:36:20.819497+05:30"
  },
  "refresh_token": "v2.local.aWZ1xqaQ6KZfgwmN-uPrwKgfu2uqzXILAA006JbGvIHdfmpAgWkj_vJ5bjPhUi8KDT1qGyzSYMTG1PD8tOTisGWVz__VYLKzjr7aPBkIB_Nj0yHBInYPXF27G1MK5E_DPi_GOYKiGjITW76CYN-ob7cM8p5ruCwxAB_Mz8Sr4XLlzGGSuRnuEaBVZkBd2rIQil2m5FjidkvyXtwztonC5wT93CxEeVCH7Nnx05zp_tKzUtAZV0vQU4xf_Z0S5ynPvrf0azYrHsyG_Jh2_t9s.bnVsbA",
  "refresh_token_expires_at": "2024-12-15T11:45:43.056058261+05:30"
}

Read More

AWS Secrets

Command to generate the .env file from secrets stored in secrets manager and accessed using IAM (which has the required permissions):

aws secretsmanager get-secret-value --secret-id smyik-secret  --query SecretString --output text | jq -r 'to_entries|map("\(.key)=\(.value)")|.[]' > app.env

Kubernetes Environment

The cluster is self-managed and provisioned on AWS EC2 with kubeadm (1 master, 1 worker node).

• Storage: Using Rancher Local Path Provisioner for dynamic StorageClass creation and PVC provisioning.

• SSH access to nodes is restricted — only inbound traffic from my machine is allowed.

ssh -v -i smyik-keypair.pem ubuntu@PUBLIC_IP

• Deployments: The smyik deployment always uses the latest image from AWS ECR, so merged code is automatically reflected in production.

• Database: PostgreSQL is managed via the CloudNativePG operator inside the cluster.

 username |                       hashed_password                        |   full_name   |           email            |  password_changed_at   |          created_at           
----------+--------------------------------------------------------------+---------------+----------------------------+------------------------+-------------------------------
 Shubham  | $2a$10$HJkUqL6rqeNdd5zLugg5iuZpkHFIh9QUu59yZyp4Q5n8puJwOjcJi | Shubham Singh | shubhammahar1306@gmail.com | 0001-01-01 00:00:00+00 | 2025-09-28 03:49:05.525485+00
(1 row)

• ArgoCD:
  • Accessed via port-forwarding for internal use, we are using app of apps approach:

kubectl port-forward svc/argocd-server -n argocd 8080:443

• To enable external GitHub integration, ArgoCD is also exposed through a NodePort service: https://13.235.238.140:32725/

🤝 Contributing

Whether you have feedback on features, have encountered any bugs, or have suggestions for enhancements, we're eager to hear from you. Your insights help us make our application more robust and user-friendly. Please feel free to contribute by submitting an issue. Each contribution helps us grow and improve. If you would like to contribute to this project, please read the Contribution guidelines and make sure to follow the Code Of Conduct.

We appreciate your support and look forward to making our product even better with your help!

📃 License

This product is distributed under a Apache License Version 2.0, January 2004. You can review the full license agreement at LICENSE