Modern, production-ready book management system with complete DevOps pipeline
π Quick Start β’ πΊοΈ Learning Roadmap β’ π Documentation β’ π³ Docker β’ βΈοΈ Kubernetes β’ π§ Development β’ π Future Roadmap
- FastAPI with automatic OpenAPI documentation
- SQLAlchemy ORM with PostgreSQL and SQLite support
- JWT Authentication with secure user management
- Pydantic models for data validation
- Async/await support for high performance
- CRUD operations for books, authors, users, reviews
- Docker containerization with multi-stage builds
- Docker Compose for local development and production
- Kubernetes manifests for cloud deployment
- Nginx load balancer with SSL termination
- PostgreSQL with performance optimization
- Redis caching for fast data access
- Prometheus application and system metrics collection
- Grafana dashboards for performance visualization
- Loki log aggregation with structured format
- Health checks for service status monitoring
- Structured logging with JSON format and request tracing
- Rate limiting Ρ ΡΠ°Π·Π½ΡΠΌΠΈ Π»ΠΈΠΌΠΈΡΠ°ΠΌΠΈ Π΄Π»Ρ endpoints
- Security headers (HSTS, CSP, XSS protection)
- JWT tokens Ρ secure secrets
- Input validation Ρ Pydantic schemas
- Auto-scaling Ρ Horizontal Pod Autoscaler
- Backup procedures Ρ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΉ ΡΠΎΡΠ°ΡΠΈΠ΅ΠΉ
- GitHub Actions with complete testing pipeline
- Automated testing (unit, integration, property-based, performance)
- Security scanning (Bandit, Safety, Semgrep)
- Docker registry integration with GitHub Container Registry
- Multi-environment deployment (staging/production)
- Automated releases with versioning
# Clone and setup development environment
git clone <repository-url>
cd bookstore-api
./scripts/setup-dev.sh
# Start development server
make dev# Start all services with Docker
cd deployment/docker
docker-compose up -d
# API available at: http://localhost:8000
# Docs available at: http://localhost:8000/docs# Install dependencies
pip install -r requirements/base.txt -r requirements/api.txt
# Setup environment
cp .env.example .env
# Run tests
pytest tests/
# Start development server
python run_bookstore.pyWhether you're a beginner or experienced developer, this roadmap will guide you through using and understanding the BookStore API project.
π Quick Explorer (5 minutes) - Just want to see it work?
Goal: Get the API running and make your first request
-
Setup (2 min)
git clone <repository-url> cd bookstore-api ./scripts/setup-dev.sh
-
Start (1 min)
make dev
-
Explore (2 min)
- Visit: http://localhost:8000/docs
- Try the
/healthendpoint - Create a user via
/auth/register - Get books via
/api/v1/books/
Next Steps: Choose the "API User" or "Developer" path below
π± API User (30 minutes) - Want to integrate with the API?
Goal: Understand how to use the API in your applications
-
Authentication Flow (10 min)
- Register a new user:
POST /auth/register - Login to get JWT token:
POST /auth/login - Use token in headers:
Authorization: Bearer <token> - π Read: Authentication Guide
- Register a new user:
-
Core Operations (15 min)
- List books with pagination:
GET /api/v1/books/?page=1&size=10 - Search books:
GET /api/v1/books/?q=python - Get book details:
GET /api/v1/books/{id} - Add to reading list:
POST /api/v1/reading-lists/books/{id} - π Read: API Examples
- List books with pagination:
-
Advanced Features (5 min)
- Rate limiting and error handling
- Pagination and filtering
- Real-time health monitoring
- π Read: API Documentation
Next Steps:
- Build a client application
- Explore monitoring endpoints
- Check out the "Production User" path
π¨βπ» Developer (2 hours) - Want to understand and modify the code?
Goal: Understand the codebase and make your first contribution
-
Code Structure (30 min)
- Explore
bookstore/directory structure - Understand FastAPI app setup in
main.py - Review models in
models.pyand schemas inschemas.py - Check routing in
routers/directory - π Read: Project Structure
- Explore
-
Development Workflow (45 min)
- Setup development environment:
make install - Run tests:
make test - Code formatting:
make format - Add a new endpoint (try adding a genre endpoint)
- π Read: Development Guide
- Setup development environment:
-
Testing Deep Dive (30 min)
- Unit tests:
make test-unit - Integration tests:
make test-integration - Property-based tests:
make test-property - Add tests for your new endpoint
- π Read: Testing Guide
- Unit tests:
-
Code Quality (15 min)
- Linting:
make lint - Type checking:
mypy bookstore/ - Security scan:
make security-scan - π Read: Code Examples
- Linting:
Next Steps:
- Contribute to the project
- Explore the "DevOps Engineer" path
- Learn about production deployment
π Production User (1 hour) - Ready to deploy to production?
Goal: Deploy and monitor the API in production
-
Docker Deployment (20 min)
- Local production stack:
make docker-prod - Environment configuration: Edit
.env.production - SSL setup and domain configuration
- π Read: Docker Guide
- Local production stack:
-
Monitoring Setup (25 min)
- Access Grafana dashboards
- Configure Prometheus metrics
- Setup log aggregation with Loki
- Health check endpoints
- π Read: Production Guide
-
Security & Backup (15 min)
- Security headers and rate limiting
- Database backup procedures:
make db-backup - SSL certificate management
- π Read: Security Best Practices
Next Steps:
- Setup CI/CD pipeline
- Explore Kubernetes deployment
- Learn about scaling strategies
βΈοΈ DevOps Engineer (3 hours) - Want to master the entire infrastructure?
Goal: Understand and manage the complete DevOps pipeline
-
Containerization Mastery (45 min)
- Multi-stage Dockerfile analysis
- Docker Compose for different environments
- Container security and optimization
- Registry management with GitHub Container Registry
- π Read: Docker DevOps Guide
-
Kubernetes Deployment (60 min)
- Deploy to Kubernetes:
make k8s-deploy - Understand manifests in
k8s/directory - Auto-scaling configuration
- Ingress and service mesh
- π Read: Kubernetes Manifests
- Deploy to Kubernetes:
-
CI/CD Pipeline (45 min)
- GitHub Actions workflows in
.github/workflows/ - Automated testing and security scanning
- Multi-environment deployment
- Release management
- π Read: CI/CD Setup
- GitHub Actions workflows in
-
Monitoring & Observability (30 min)
- Prometheus metrics collection
- Grafana dashboard configuration
- Log aggregation with Loki and Promtail
- Alerting and incident response
- π Read: Monitoring Setup
Next Steps:
- Customize for your infrastructure
- Add additional monitoring
- Implement advanced deployment strategies
π Learning Path (Ongoing) - Want to learn modern Python and DevOps?
Goal: Use this project as a learning resource for modern development practices
-
Python & FastAPI Fundamentals
- π FastAPI Cheatsheet
- π OOP Practice
- π Type Hints Advanced
- π Decorators Guide
-
Testing Methodologies
- π Testing Cheatsheet
- π Property-Based Testing
- π Performance Testing
- π Integration Testing
-
DevOps & Infrastructure
- π Docker Best Practices
- π Kubernetes Deployment
- π CI/CD Pipelines
- π Monitoring & Observability
-
Production Readiness
- π Security Practices
- π Performance Optimization
- π Backup & Recovery
- π Health Monitoring
Learning Resources:
- π Learning Materials
- π― Task System Examples
- π Performance Analysis
| Your Goal | Time Available | Recommended Path |
|---|---|---|
| "Just show me it works" | 5 minutes | π Quick Explorer |
| "I want to use this API" | 30 minutes | π± API User |
| "I want to modify the code" | 2 hours | π¨βπ» Developer |
| "I want to deploy this" | 1 hour | π Production User |
| "I want to master DevOps" | 3 hours | βΈοΈ DevOps Engineer |
| "I want to learn from this" | Ongoing | π Learning Path |
- π Found a bug? β Report it
- β Have a question? β Check documentation/ or development/examples/
- π‘ Want a feature? β Request it
- π€ Want to contribute? β See Contributing section
POST /auth/register # Register new user
POST /auth/login # Login and get JWT token
POST /auth/refresh # Refresh JWT tokenGET /api/v1/books/ # List books (with pagination & search)
POST /api/v1/books/ # Create book (admin only)
GET /api/v1/books/{id} # Get book details
PUT /api/v1/books/{id} # Update book (admin only)
DELETE /api/v1/books/{id} # Delete book (admin only)
GET /api/v1/books/{id}/reviews # Get book reviews
POST /api/v1/books/{id}/reviews # Add review (authenticated)GET /api/v1/authors/ # List authors
POST /api/v1/authors/ # Create author (admin only)
GET /api/v1/authors/{id} # Get author details
GET /api/v1/users/{id} # Get user profile
PUT /api/v1/users/{id} # Update user profileGET /api/v1/reading-lists/ # Get user's reading lists
POST /api/v1/reading-lists/books/{id} # Add book to reading list
DELETE /api/v1/reading-lists/books/{id} # Remove from reading listGET /health # Health check with detailed status
GET /metrics # Prometheus metrics
GET /info # Application informationπ Interactive Documentation:
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
# Start development environment
cd deployment/docker
docker-compose up -d
# View logs
docker-compose logs -f api
# Stop services
docker-compose down# Setup production environment
cp .env.production .env
# Edit .env with your production values
# Deploy to production
cd deployment/docker
docker-compose -f docker-compose.prod.yml up -d
# Check status
docker-compose -f docker-compose.prod.yml psProduction Stack Includes:
- BookStore API (3 replicas with auto-restart)
- PostgreSQL (optimized for production)
- Redis (with persistence)
- Nginx (load balancer with SSL)
- Prometheus (metrics collection)
- Grafana (monitoring dashboards)
- Loki (log aggregation)
# Deploy to Kubernetes cluster
cd deployment/k8s
./deploy.sh
# Check deployment status
./deploy.sh status
# Update deployment
./deploy.sh updatecd deployment/k8s/
# Deploy all components
kubectl apply -f namespace.yaml
kubectl apply -f configmap.yaml
kubectl apply -f secrets.yaml
kubectl apply -f postgresql.yaml
kubectl apply -f redis.yaml
kubectl apply -f api-deployment.yaml
kubectl apply -f monitoring.yaml
kubectl apply -f ingress.yaml
# Check status
kubectl get pods -n bookstore-apiKubernetes Features:
- Horizontal Pod Autoscaling (3-10 replicas)
- Persistent storage for database and cache
- Ingress with SSL termination
- Service discovery and health checks
- Resource limits and requests
- Rolling updates with zero downtime
make help # Show all available commands
make install # Install dependencies
make dev # Start development server
make test # Run all tests
make test-unit # Run unit tests only
make test-integration # Run integration tests
make test-property # Run property-based tests
make test-performance # Run performance tests
make lint # Run code linting
make format # Format code
make security-scan # Run security scans
make load-test # Run load tests- Unit Tests: 17/17 β (100% core functionality)
- Integration Tests: 25/25 β (API endpoints)
- Property-Based Tests: 8/10 β (Hypothesis testing)
- Performance Tests: 11/11 β (Load testing with Locust)
- Security Tests: Automated scanning with multiple tools
- Black code formatting
- isort import sorting
- flake8 linting
- mypy type checking
- pytest testing framework
- coverage reporting (95%+ coverage)
Access monitoring at: https://monitoring.yourdomain.com
Key Metrics Tracked:
- Request rate and response times
- Error rates and status codes
- Database performance and connections
- System resources (CPU, memory, disk)
- Cache hit rates and performance
- Security events and rate limiting
{
"timestamp": "2026-01-10T18:13:38.385801Z",
"level": "INFO",
"service": "bookstore-api",
"version": "1.0.0",
"environment": "production",
"request_id": "uuid-here",
"user_id": "user-456",
"endpoint": "/api/v1/books",
"method": "GET",
"status_code": 200,
"duration_ms": 45.67,
"message": "API request completed"
}# Check application health
make health
# Run comprehensive health check
./development/scripts/production-health-check.sh
# Continuous monitoring
./development/scripts/production-health-check.sh monitor- JWT authentication with secure secrets
- Input validation with Pydantic schemas
- SQL injection protection via SQLAlchemy ORM
- XSS protection headers
- CSRF protection
- Rate limiting per IP and endpoint
- HTTPS with TLS 1.2+
- Security headers (HSTS, CSP, X-Frame-Options)
- Non-root containers
- Secrets management
- Network isolation
- Regular security scanning
- Automated backups with encryption
- Log monitoring and alerting
- Health checks and incident response
- Access controls and audit logging
- Vulnerability scanning in CI/CD
- Response Time: < 200ms (95th percentile)
- Throughput: 100+ RPS per instance
- Availability: 99.9% uptime target
- Scalability: Auto-scaling 3-10 replicas
- Database: Connection pooling, optimized queries
- Cache Hit Rate: 80%+ for frequently accessed data
bookstore-api/
βββ π bookstore/ # Main application code
β βββ routers/ # API route handlers
β βββ models.py # Database models
β βββ schemas.py # Pydantic schemas
β βββ auth.py # Authentication logic
β βββ database.py # Database configuration
β βββ main.py # FastAPI application
βββ π tests/ # Comprehensive test suite
β βββ test_unit_basic.py # Unit tests
β βββ test_api_integration.py # Integration tests
β βββ test_property_based.py # Property-based tests
β βββ test_performance.py # Performance tests
βββ π deployment/ # Deployment configurations
β βββ docker/ # Docker configurations
β βββ k8s/ # Kubernetes manifests
β βββ config/ # Environment configurations
β βββ monitoring/ # Monitoring dashboards
βββ π development/ # Development tools
β βββ scripts/ # Utility scripts
β βββ examples/ # Code examples and tutorials
β βββ tools/ # Development utilities
βββ π documentation/ # Project documentation
β βββ guides/ # Step-by-step guides
β βββ api/ # API documentation
β βββ project/ # Project summaries
βββ π requirements/ # Python dependencies
β βββ base.txt # Core dependencies
β βββ api.txt # FastAPI dependencies
β βββ testing.txt # Testing dependencies
βββ π alembic/ # Database migrations
βββ π archive/ # Archived files
βββ π³ deployment/docker/Dockerfile # Docker configuration
βββ βοΈ Makefile # Development commands
βββ π alembic.ini # Migration configuration
βββ π README.md # This file
βββ π README_RU.md # Russian documentation
βββ π LICENSE # MIT License
| Environment | Command | URL | Features |
|---|---|---|---|
| Development | make dev |
http://localhost:8000 | Hot reload, debug logging |
| Docker Local | make docker-dev |
http://localhost:8000 | Full stack, easy setup |
| Production | make deploy-prod |
https://api.yourdomain.com | SSL, monitoring, backups |
| Kubernetes | make k8s-deploy |
https://api.yourdomain.com | Auto-scaling, high availability |
- API Docs: Available at
/docsendpoint - Production Guide: documentation/guides/PRODUCTION_DEPLOYMENT.md
- Docker Setup: documentation/guides/DOCKER_SETUP.md
- CI/CD Guide: documentation/guides/CI_CD_SETUP.md
- Testing Guide: documentation/guides/TESTING_GUIDE.md
- Project Structure: documentation/guides/PROJECT_STRUCTURE_DETAILED.md
# Check application logs
make logs
# Check health status
make health
# Run diagnostics
./development/scripts/production-health-check.sh
# View system metrics
make metrics# Create database backup
make db-backup
# Restore from backup
make db-restore BACKUP_FILE=/path/to/backup.sql
# Run backup script
./development/scripts/backup-script.sh
# List available backups
ls -la backups/π Short Term (Next 2-4 weeks)
Core Features
- Advanced Search - Full-text search with Elasticsearch
- Book Recommendations - ML-based recommendation engine
- User Preferences - Customizable user settings and themes
- Book Categories - Enhanced categorization and tagging
- Wishlist Management - Advanced wishlist features
API Enhancements
- GraphQL Support - Alternative to REST API
- Webhooks - Event-driven notifications
- Bulk Operations - Batch create/update/delete
- Advanced Filtering - Complex query capabilities
- API Versioning - v2 API with enhanced features
Performance & Scalability
- Database Sharding - Horizontal database scaling
- CDN Integration - Static asset optimization
- Advanced Caching - Multi-layer caching strategy
- Connection Pooling - Optimized database connections
π― Medium Term (1-3 months)
Advanced Features
- Multi-tenancy - Support for multiple bookstore instances
- Real-time Features - WebSocket support for live updates
- Mobile API - Optimized endpoints for mobile apps
- Social Features - User interactions and book sharing
- Analytics Dashboard - Business intelligence and reporting
Infrastructure
- Multi-region Deployment - Global availability
- Advanced Monitoring - APM and distributed tracing
- Disaster Recovery - Cross-region backup and failover
- Service Mesh - Istio integration for microservices
- GitOps - ArgoCD for automated deployments
Security & Compliance
- OAuth2 Integration - Social login support
- RBAC System - Role-based access control
- Audit Logging - Comprehensive audit trails
- GDPR Compliance - Data privacy and protection
- SOC 2 Compliance - Security and availability standards
π Long Term (3-6 months)
Microservices Architecture
- Service Decomposition - Break into microservices
- Event Sourcing - Event-driven architecture
- CQRS Pattern - Command Query Responsibility Segregation
- Saga Pattern - Distributed transaction management
- API Gateway - Centralized API management
AI & Machine Learning
- Recommendation Engine - Personalized book suggestions
- Sentiment Analysis - Review sentiment scoring
- Price Optimization - Dynamic pricing algorithms
- Fraud Detection - Automated fraud prevention
- Content Moderation - AI-powered content filtering
Advanced DevOps
- Chaos Engineering - Resilience testing
- Canary Deployments - Gradual rollout strategies
- Feature Flags - Dynamic feature management
- Infrastructure as Code - Terraform automation
- Policy as Code - Open Policy Agent integration
How You Can Help:
- π Bug Reports - Help us identify and fix issues
- π‘ Feature Requests - Suggest new functionality
- π Documentation - Improve guides and examples
- π§ͺ Testing - Add test cases and scenarios
- π¨ UI/UX - Design improvements and user experience
- π§ DevOps - Infrastructure and deployment improvements
Contribution Areas:
- Backend Development - Python, FastAPI, SQLAlchemy
- Frontend Development - React, Vue.js, or Angular integration
- Mobile Development - React Native or Flutter apps
- DevOps & Infrastructure - Kubernetes, Docker, CI/CD
- Data Science - Analytics, ML models, recommendations
- Security - Penetration testing, security audits
- Documentation - Technical writing, tutorials, guides
Technical Goals:
- β‘ Performance: < 100ms average response time
- π Availability: 99.99% uptime
- π Scalability: Handle 10,000+ concurrent users
- π‘οΈ Security: Zero critical vulnerabilities
- π§ͺ Quality: 98%+ test coverage
Community Goals:
- β GitHub Stars: 1,000+ stars
- π€ Contributors: 50+ active contributors
- π Documentation: Complete guides for all features
- π Adoption: Used in 100+ production environments
- π Education: Teaching resource in 10+ courses
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Add tests for new functionality
- Run the test suite (
make test) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
# Setup development environment
./development/scripts/setup-dev.sh
# Make changes and test
make test
# Check code quality
make lint
# Run security scan
make security-scan
# Submit PRThis project is licensed under the MIT License - see the LICENSE file for details.
- FastAPI for the amazing web framework
- SQLAlchemy for the powerful ORM
- Pydantic for data validation
- Docker for containerization
- Kubernetes for orchestration
- Prometheus & Grafana for monitoring
- GitHub Actions for CI/CD
π From Idea to Production in 2 Days! π
Built with β€οΈ using modern Python and DevOps best practices
β Star this repo β’ π Report Bug β’ π‘ Request Feature