Refactored docker build to use image caching

Added automati revision history pruning
Removed secrets from manifest, injecting them from predefined cluster secret in namespace
2026-06-16 10:36:25 +02:00 · 2026-06-15 23:27:39 +02:00 · 2026-06-15 23:05:22 +02:00 · 2026-06-15 09:06:23 +02:00 · 2026-06-13 21:27:40 +02:00 · 2026-06-13 21:27:02 +02:00
4 changed files with 28 additions and 99 deletions
@@ -31,6 +31,8 @@ steps:
      registry: nexus.khongisa.co.za
      repo: nexus.khongisa.co.za/midrandbooks-api
      tags: [ latest, "1.${DRONE_BUILD_NUMBER}" ]
      use_cache: true
      cache_from: nexus.khongisa.co.za/midrandbooks-api:latest
      custom_labels:
        - org.opencontainers.image.source=https://gitea.khongisa.co.za/litecharms/midrandbooks-api
        - org.opencontainers.image.version=1.${DRONE_BUILD_NUMBER}
@@ -54,13 +54,13 @@
  </ItemGroup>
  <ItemGroup>
-    <PackageReference Include="LiteCharms.Features" Version="1.115.0" />
+    <PackageReference Include="LiteCharms.Features" Version="1.137.0" />
  </ItemGroup>
  <!-- UI -->
  <ItemGroup>
    <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
-    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.115.0" />
+    <PackageReference Include="LiteCharms.Features.MidrandBooks" Version="1.137.0" />
    <!-- Global Usings -->
    <Using Include="Blazored.Toast.Services" />
@@ -16,19 +16,14 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
    public void Map(IEndpointRouteBuilder builder)
    {
        builder.MapPost("payments/payfast/confirm", async (HttpRequest request, PayfastService payfastService,
-            IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment, CancellationToken cancellationToken) =>
+            IJobOrchestrator jobOrchestrator, IConfiguration configuration, IHostEnvironment hostEnvironment,
            ILogger<PayfastConfirmationEndpoint> logger, CancellationToken cancellationToken) =>
        {
            using Activity? activity = PaymentActivitySource.StartActivity("ReceivePayfastWebhook", ActivityKind.Server);
            activity?.SetTag("messaging.system", "payfast");
            activity?.SetTag("messaging.destination.name", "payments/payfast/confirm");
            string? remoteIp = request.HttpContext.Connection.RemoteIpAddress?.ToString();
            var ipValidation = await payfastService.ValidateReferrerIpAsync(remoteIp!, !hostEnvironment.IsProduction(), cancellationToken);
            if (ipValidation.IsFailed || !ipValidation.Value) return Results.Unauthorized();
            var formCollection = await request.ReadFormAsync(cancellationToken);
            if (!formCollection.TryGetValue("signature", out var signatureValues) || string.IsNullOrWhiteSpace(signatureValues.ToString()))
@@ -37,24 +32,31 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
            string incomingSignature = signatureValues.ToString().Trim();
            var payload = ParseForm(formCollection, incomingSignature);
-            var paramDictionary = payload.ToParamDictionary();
+            string? passphrase = configuration["PayfastSettings:Passphrase"];
            string? passphrase = configuration["HasherSettings:PayfastPassphrase"];
-            var signatureCheck = PayfastService.GenerateSignature(paramDictionary, passphrase);
+            if (!PayfastService.VerifyIncomingSignatureFromForm(formCollection, passphrase!))
            {
                logger.LogCritical($"Incoming signature failed validation: {incomingSignature}");
            if (signatureCheck.IsFailed || !string.Equals(signatureCheck.Value, incomingSignature, StringComparison.OrdinalIgnoreCase))
                return Results.Unauthorized();
            }
-            var formPairs = formCollection.Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString())}");
+            var sortedPairs = formCollection
                .Where(kvp => !kvp.Key.Equals("signature", StringComparison.OrdinalIgnoreCase))
                .OrderBy(kvp => kvp.Key, StringComparer.Ordinal)
                .Select(kvp => $"{kvp.Key}={HttpUtility.UrlEncode(kvp.Value.ToString().Trim())}");
-            string rawQueryParamString = string.Join("&", formPairs);
+            string rawQueryParamString = string.Join("&", sortedPairs);
            bool isSandbox = !hostEnvironment.IsProduction();
            var serverConfirmation = await payfastService.ValidateServerConfirmationAsync(rawQueryParamString, isSandbox, cancellationToken);
            if (serverConfirmation.IsFailed || !serverConfirmation.Value)
            {
                logger.LogCritical($"Payfast server validation ping rejected the request data: {rawQueryParamString}");
                return Results.Unauthorized();
            }
            var notification = PayfastPaymentConfirmationReceivedEvent.Create(payload, payload.MerchantPaymentId!,
                allowLoopback: !hostEnvironment.IsProduction(), performBackgroundChecks: false);
@@ -62,7 +64,6 @@ public sealed class PayfastConfirmationEndpoint : IEndpoint
            await jobOrchestrator.SendAsync(notification, cancellationToken);
            activity?.SetStatus(ActivityStatusCode.Ok);
            return Results.Ok();
        })
        .WithDescription("Securely confirm and process an incoming Payfast merchant payment callback.")
@@ -22,34 +22,13 @@ data:
  PayfastSettings__CheckoutUrl: "https://sandbox.payfast.co.za/eng/process"
  PayfastSettings__ValidHosts__0: "www.payfast.co.za"
  PayfastSettings__ValidHosts__1: "sandbox.payfast.co.za"
-  PayfastSettings__ValidHosts__2: "w1w.payfast.co.za"
+  PayfastSettings__ValidHosts__2: "ips.payfast.co.za"
-  PayfastSettings__ValidHosts__3: "w2w.payfast.co.za"
+  PayfastSettings__ValidHosts__3: "api.payfast.co.za"
-  PayfastSettings__ValidHosts__4: "ips.payfast.co.za"
+  PayfastSettings__ValidHosts__4: "payment.payfast.io"
  PayfastSettings__ValidHosts__5: "api.payfast.co.za"
  PayfastSettings__ValidHosts__6: "payment.payfast.io"
  LiteCharmsSettings__Authority: "https://sts.security.khongisa.co.za"
  LiteCharmsSettings__Audience: "midrandbooks-api"
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: midrandbooksapi-secrets
  namespace: midrandbooksapi-uat
 type: Opaque
 data:  
  connection-string: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPW1pZHJhbmRzaG9wLWRldjtVc2VybmFtZT1taWRyYW5kc2hvcC1kZXYtdXNlcjtQYXNzd29yZD1hUFh5a0tnM3RTOWNtRDtQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZQ==
  connection-string-quartz: SG9zdD0xOTIuMTY4LjEuMTcwO0RhdGFiYXNlPXNjaGVkdWxlci1kZXY7VXNlcm5hbWU9c2NoZWR1bGVyLWRldi11c2VyO1Bhc3N3b3JkPWtWVm1vV0tKM3h6Z1FYO1BlcnNpc3QgU2VjdXJpdHkgSW5mbz1UcnVl
  aspire-apikey: bWMzRzYzSzJqNVpPRXNpMEFqTW9qTFRYbTFLRVpGY3R6SUlqU3dEaVRHdXQ4cUdTa1B1V3d4R1AxUmJzY0pVbw==
  hasher-salt: VEdsbmFIUWdRMmhoY20xekxDQk5hV1J5WVc1a1FtOXZhM01nYldGclpTQnNiM1J6SUc5bUlHMXZibVY1SUdGdVpDQmhjbVVnWVNCemRXTmpaWE56Wm5Wc0lIWnBjbUZzSUhOMGIzSjVJR2x1SUZOdmRYUm9JRUZtY21sallRPT0=  
  bookshop-s3-accesskey: R0s1MTRkMmNlOGRjNjkyMzdhMDVjMDFlZWY=
  bookshop-s3-secretkey: ZWFhZmVkYTFhZWQ0MDllY2ZlNjA3MTRlY2RhNTQ5YjgyYmRmNWEzZGFmOWYxOGRkNjFmNjZiNDk3M2E2NDgyZQ==
  litecharms-clientid: bWlkcmFuZGJvb2tzLWFwaQ==
  litecharms-clientsecret: c2VjcmV0X2YzZjA0YWNhYTMzNmVlOTEzZDRjNjdlYmQwOTE1ZWFlYzQ0NzdmYTkwOTdlYTJhYzkyZGE4ZDc0NjgzZTAyNTU=
  payfast-passphrase: OUdBSVIwdFdwaFgwcU8=
  payfast-merchantid: MTAwNDkzMDc=
  payfast-merchantkey: anU2bmF2bjBqY2JmMA==
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: midrandbooksapi-pvc
@@ -68,6 +47,7 @@ metadata:
  namespace: midrandbooksapi-uat
 spec:
  replicas: 2
  revisionHistoryLimit: 0
  selector:
    matchLabels:
      app: midrandbooks-api
@@ -99,62 +79,8 @@ spec:
          envFrom:
            - configMapRef:
                name: midrandbooksapi-config
-          env:
+            - secretRef:
-            - name: LiteCharmsSettings__ClientId
+                name: midrandbooksapi-secrets          
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: litecharms-clientid
            - name: LiteCharmsSettings__ClientSecret
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: litecharms-clientsecret
            - name: BookshopS3Settings__AccessKey
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: bookshop-s3-accesskey
            - name: BookshopS3Settings__SecretKey
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: bookshop-s3-secretkey
            - name: HasherSettings__Salt
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: hasher-salt
            - name: PayfastSettings__Passphrase
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: payfast-passphrase
            - name: PayfastSettings__MerchantId
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: payfast-merchantid
            - name: PayfastSettings__MerchantKey
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: payfast-merchantkey
            - name: ConnectionStrings__PostgresScheduler
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: connection-string-quartz
            - name: ConnectionStrings__PostgresMidrandBooks
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: connection-string
            - name: Monitoring__ApiKey
              valueFrom:
                secretKeyRef:
                  name: midrandbooksapi-secrets
                  key: aspire-apikey
          volumeMounts:
            - name: data
              mountPath: /app/wwwroot/content
@@ -163,8 +89,8 @@ spec:
            httpGet:
              path: /health
              port: 8080
-            initialDelaySeconds: 5
+            initialDelaySeconds: 10
-            periodSeconds: 10
+            periodSeconds: 15
          readinessProbe:
            httpGet:
              path: /health
Author	SHA1	Message	Date
Khwezi Mngoma	24c8f81391	Refactored docker build to use image caching continuous-integration/drone/pr Build is passing Details	2026-06-16 10:36:25 +02:00
Khwezi Mngoma	d219a7727f	Added automati revision history pruning continuous-integration/drone/pr Build is passing Details	2026-06-15 23:27:39 +02:00
Khwezi Mngoma	8cdcaa55e9	Removed secrets from manifest, injecting them from predefined cluster secret in namespace continuous-integration/drone/pr Build is passing Details	2026-06-15 23:05:22 +02:00
Khwezi Mngoma	7125f5b909	Updated nuget packages continuous-integration/drone/pr Build is passing Details	2026-06-15 09:06:23 +02:00
khwezi	b7c30fbfb5	Merge pull request 'Updated nuget packages' (#28 ) from payments into master Reviewed-on: #28	2026-06-13 21:27:40 +02:00
Khwezi Mngoma	6f913ce9d4	Updated nuget packages continuous-integration/drone/pr Build is passing Details	2026-06-13 21:27:02 +02:00
khwezi	5c7ef3525f	Merge pull request 'Refactored ledger handing' (#27 ) from payments into master Reviewed-on: #27	2026-06-13 18:08:59 +02:00
Khwezi Mngoma	86da0d843e	Refactored ledger handing continuous-integration/drone/pr Build is passing Details	2026-06-13 18:08:34 +02:00
khwezi	59710e32a6	Merge pull request 'Updated nuget packages' (#26 ) from payments into master Reviewed-on: #26	2026-06-13 17:22:56 +02:00
Khwezi Mngoma	5190fcaa17	Updated nuget packages continuous-integration/drone/pr Build is passing Details	2026-06-13 17:22:26 +02:00
khwezi	d0afc4f748	Merge pull request 'Updated niget packages' (#25 ) from payments into master Reviewed-on: #25	2026-06-13 16:38:48 +02:00
Khwezi Mngoma	9a96c0ad0c	Updated niget packages continuous-integration/drone/pr Build is passing Details	2026-06-13 16:38:18 +02:00
khwezi	8cdfba58fd	Merge pull request 'Refactored endpoint to handle incoming form using IFormCollection' (#24 ) from payments into master Reviewed-on: #24	2026-06-13 16:10:33 +02:00
Khwezi Mngoma	41e1c9da4c	Refactored endpoint to handle incoming form using IFormCollection continuous-integration/drone/pr Build is passing Details	2026-06-13 16:10:05 +02:00
khwezi	01d3aa90ea	Merge pull request 'Added inline logging for critical bugs' (#23 ) from payments into master Reviewed-on: #23	2026-06-13 15:30:28 +02:00
Khwezi Mngoma	c3981fd859	Added inline logging for critical bugs continuous-integration/drone/pr Build is passing Details	2026-06-13 15:29:55 +02:00
khwezi	8cc4425dfb	Merge pull request 'payments' (#22 ) from payments into master Reviewed-on: #22	2026-06-13 13:14:50 +02:00
Khwezi Mngoma	60579c6230	Slowed down health check stream continuous-integration/drone/pr Build is passing Details	2026-06-13 13:14:27 +02:00
Khwezi Mngoma	f3478270fb	Added logging to endpoint	2026-06-13 13:13:01 +02:00
khwezi	1039f6f2d5	Merge pull request 'Removed ipValidation checks' (#21 ) from payments into master Reviewed-on: #21	2026-06-13 12:48:52 +02:00
Khwezi Mngoma	765eee2060	Removed ipValidation checks continuous-integration/drone/pr Build is passing Details	2026-06-13 12:48:08 +02:00
khwezi	ee250a18f0	Merge pull request 'Refactored valid payfast host list' (#20 ) from payments into master Reviewed-on: #20	2026-06-13 12:12:26 +02:00
Khwezi Mngoma	5972f8906b	Refactored valid payfast host list continuous-integration/drone/pr Build is passing Details	2026-06-13 12:11:44 +02:00