Implement apix-registry with IoT sunset/decommission lifecycle and full BDD suite

- REST API: register, patch, O-level, replacements, history, search endpoints - IoT lifecycle validations: future sunset, lock-before-release, sunset-passed-before-decommission - DB schema: Liquibase changesets 001–008 (services, versions, replacements, sunset-at column) - @ColumnTransformer(write="?::jsonb") on bsm_payload fields to avoid JDBC varchar→jsonb rejection - Jandex plugin on apix-common + quarkus.index-dependency so @NotBlank validators resolve at runtime - quarkus-logging-json extension added; quarkus.log.console.json=false is now a recognised key - Fix requireSunsetBeforeLockRelease: Boolean.TRUE.equals instead of !Boolean.FALSE.equals (null guard) - BDD suite: 27 scenarios / 213 steps across 5 feature files (sunset-lock, decommission, replacement, discovery, anonymity) - Test infrastructure: JDBC TRUNCATE in @Before for DB isolation, Arc.container() for clock control — no test endpoints in production code - sunsetAt truncated to microseconds in BDD steps to match Postgres timestamptz precision - Cucumber step fixes: singular/plural candidate(s), lastResponse propagation in replacementsReturnsNCandidates Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-08 09:13:26 +02:00
commit b2a16a8be7
71 changed files with 5480 additions and 0 deletions
@@ -0,0 +1,104 @@
+version: "3.9"
+
+# Production service topology. For local JVM dev mode see docker-compose.override.yml (Block 5 / I-02).
+# Images are built and pushed by CI (Block 5 / I-21); Dockerfiles are Block 5-6 (I-04 to I-06).
+
+services:
+
+  db:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_USER: ${APIX_DB_USER:-apix}
+      POSTGRES_PASSWORD: ${APIX_DB_PASSWORD:-apix}
+      POSTGRES_DB: ${APIX_DB_NAME:-apix}
+    ports:
+      - "${APIX_DB_PORT:-5432}:5432"
+    volumes:
+      - db_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${APIX_DB_USER:-apix}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    restart: unless-stopped
+
+  registry:
+    image: apix-registry:latest
+    ports:
+      - "8180:8180"
+    environment:
+      QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://db:5432/${APIX_DB_NAME:-apix}
+      QUARKUS_DATASOURCE_USERNAME: ${APIX_DB_USER:-apix}
+      QUARKUS_DATASOURCE_PASSWORD: ${APIX_DB_PASSWORD:-apix}
+      APIX_API_KEY: ${APIX_API_KEY}
+      GLEIF_API_URL: ${GLEIF_API_URL:-https://api.gleif.org/api/v1}
+      OPENCORPORATES_API_KEY: ${OPENCORPORATES_API_KEY:-}
+      SANCTIONS_CACHE_PATH: /app/sanctions
+      LOG_LEVEL: ${LOG_LEVEL:-INFO}
+    volumes:
+      - sanctions_cache:/app/sanctions
+    depends_on:
+      db:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8180/q/health/live || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    restart: unless-stopped
+
+  # Internal only — no public port exposure
+  spider:
+    image: apix-spider:latest
+    environment:
+      QUARKUS_DATASOURCE_JDBC_URL: jdbc:postgresql://db:5432/${APIX_DB_NAME:-apix}
+      QUARKUS_DATASOURCE_USERNAME: ${APIX_DB_USER:-apix}
+      QUARKUS_DATASOURCE_PASSWORD: ${APIX_DB_PASSWORD:-apix}
+      SPIDER_INTERVAL_MINUTES: ${SPIDER_INTERVAL_MINUTES:-15}
+      LOG_LEVEL: ${LOG_LEVEL:-INFO}
+    depends_on:
+      db:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8082/q/health/live || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    restart: unless-stopped
+
+  portal:
+    image: apix-portal:latest
+    ports:
+      - "8081:8081"
+    environment:
+      REGISTRY_BASE_URL: http://registry:8180
+      LOG_LEVEL: ${LOG_LEVEL:-INFO}
+    depends_on:
+      - registry
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sf http://localhost:8081/q/health/live || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    restart: unless-stopped
+
+  caddy:
+    image: caddy:2-alpine
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy_data:/data
+      - caddy_config:/config
+    depends_on:
+      - registry
+      - portal
+    restart: unless-stopped
+
+volumes:
+  db_data:
+  sanctions_cache:
+  caddy_data:
+  caddy_config: