From 6d115ee0fb270f27d73a605d4c03c0627d1bbb5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20G=C3=B6bel?= <dgoebel@techfak.uni-bielefeld.de>
Date: Wed, 31 Jan 2024 14:17:10 +0100
Subject: [PATCH] Fix broken kaniko build
#76
---
.gitlab-ci.yml | 4 +++-
.pre-commit-config.yaml | 12 ++++++------
Dockerfile | 6 +++---
Dockerfile-Gunicorn | 8 ++++----
app/api/dependencies.py | 1 +
app/api/endpoints/bucket_permissions.py | 2 +-
app/api/endpoints/buckets.py | 4 ++--
app/core/security.py | 2 +-
requirements-dev.txt | 4 ++--
requirements.txt | 2 +-
10 files changed, 24 insertions(+), 21 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e9ed9bd..ad86610 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -129,7 +129,7 @@ lint-test-job: # Runs linters checks on code
script:
- ./scripts/lint.sh
-build-publish-dev-docker-container-job:
+publish-main-docker-container-job:
stage: deploy
image:
name: gcr.io/kaniko-project/executor:v1.20.0-debug
@@ -146,6 +146,7 @@ build-publish-dev-docker-container-job:
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
--destination "${CI_REGISTRY_IMAGE}:main-${CI_COMMIT_SHA}"
--destination "${CI_REGISTRY_IMAGE}:main-latest"
+ --cleanup
- /kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile-Gunicorn"
@@ -170,6 +171,7 @@ publish-docker-container-job:
--destination "${CI_REGISTRY_IMAGE}:$(echo ${CI_COMMIT_TAG} | cut -d'.' -f1-2)"
--destination "${CI_REGISTRY_IMAGE}:$(echo ${CI_COMMIT_TAG} | cut -d'.' -f1)"
--destination "${CI_REGISTRY_IMAGE}:latest"
+ --cleanup
- /kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile-Gunicorn"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9bd76cd..c55dddf 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -15,29 +15,29 @@ repos:
- id: check-merge-conflict
- id: check-ast
- repo: https://github.com/psf/black
- rev: 23.11.0
+ rev: 24.1.1
hooks:
- id: black
files: app
args: [--check]
- repo: https://github.com/charliermarsh/ruff-pre-commit
- rev: 'v0.1.6'
+ rev: 'v0.1.15'
hooks:
- id: ruff
- repo: https://github.com/PyCQA/isort
- rev: 5.12.0
+ rev: 5.13.2
hooks:
- id: isort
files: app
args: [-c]
- repo: https://github.com/pre-commit/mirrors-mypy
- rev: v1.7.1
+ rev: v1.8.0
hooks:
- id: mypy
files: app
args: [--config=pyproject.toml]
additional_dependencies:
- - boto3-stubs-lite[s3]>=1.29.0,<1.30.0
+ - boto3-stubs-lite[s3]<1.35.0
- sqlalchemy>=2.0.0,<2.1.0
- - pydantic>=2.5.0,<2.6.0
+ - pydantic<2.7.0
- types-requests
diff --git a/Dockerfile b/Dockerfile
index 0800cf0..70badfc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get update && apt-get -y install dumb-init
RUN apt-get clean
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
STOPSIGNAL SIGINT
-RUN pip install --no-cache-dir httpx[cli] "uvicorn>=0.27.0"
+RUN pip install --no-cache-dir httpx[cli] "uvicorn<0.28.0"
HEALTHCHECK --interval=30s --timeout=2s CMD httpx http://localhost:$PORT/health || exit 1
@@ -17,7 +17,7 @@ WORKDIR /home/worker/code
ENV PYTHONPATH=/home/worker/code
ENV PATH="/home/worker/.local/bin:${PATH}"
-COPY --chown=worker:worker ./start_service_uvicorn.sh ./start.sh
+COPY --chown=worker:worker ./start_service_uvicorn.sh ./entrypoint.sh
COPY --chown=worker:worker ./scripts/prestart.sh ./prestart.sh
COPY --chown=worker:worker requirements.txt ./requirements.txt
@@ -26,4 +26,4 @@ RUN pip install --user --no-cache-dir --upgrade -r requirements.txt
COPY --chown=worker:worker ./app ./app
-CMD ["./start.sh"]
+CMD ["./entrypoint.sh"]
diff --git a/Dockerfile-Gunicorn b/Dockerfile-Gunicorn
index 2da77b1..693523a 100644
--- a/Dockerfile-Gunicorn
+++ b/Dockerfile-Gunicorn
@@ -4,17 +4,17 @@ EXPOSE $PORT
WORKDIR /app/
ENV PYTHONPATH=/app
-RUN pip install --no-cache-dir httpx[cli] "gunicorn<=21.2.0" "uvicorn>=0.27.0"
+RUN pip install --no-cache-dir httpx[cli] "gunicorn<21.3.0" "uvicorn<0.28.0"
COPY ./gunicorn_conf.py /app/gunicorn_conf.py
-COPY ./start_service_gunicorn.sh /app/start.sh
+COPY ./start_service_gunicorn.sh /app/entrypoint.sh
HEALTHCHECK --interval=30s --timeout=2s CMD httpx http://localhost:$PORT/health || exit 1
COPY ./scripts/prestart.sh /app/prestart.sh
COPY ./requirements.txt /app/requirements.txt
-RUN pip install --no-cache-dir --upgrade -r requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
COPY ./app /app/app
-CMD ["./start.sh"]
+CMD ["./entrypoint.sh"]
diff --git a/app/api/dependencies.py b/app/api/dependencies.py
index c4182da..afadd5e 100644
--- a/app/api/dependencies.py
+++ b/app/api/dependencies.py
@@ -114,6 +114,7 @@ async def decode_bearer_token(
"""
try:
jwt = JWT(**decode(token.credentials), raw_token=token.credentials)
+ trace.get_current_span().set_attributes({"exp": jwt.exp.isoformat(), "uid": jwt.sub})
await get_current_user(jwt, db) # make sure the user exists
return jwt
except ExpiredTokenError: # pragma: no cover
diff --git a/app/api/endpoints/bucket_permissions.py b/app/api/endpoints/bucket_permissions.py
index c3a0eaa..05f8e9b 100644
--- a/app/api/endpoints/bucket_permissions.py
+++ b/app/api/endpoints/bucket_permissions.py
@@ -196,7 +196,7 @@ async def list_permissions_per_user(
List of all permissions for this user.
"""
current_span = trace.get_current_span()
- current_span.set_attribute("uid", user.uid)
+ current_span.set_attribute("uid", str(user.uid))
if permission_types is not None and len(permission_types) > 0: # pragma: no cover
current_span.set_attribute("permission_types", [ptype.name for ptype in permission_types])
if permission_status is not None: # pragma: no cover
diff --git a/app/api/endpoints/buckets.py b/app/api/endpoints/buckets.py
index 6a86650..202143e 100644
--- a/app/api/endpoints/buckets.py
+++ b/app/api/endpoints/buckets.py
@@ -80,7 +80,7 @@ async def list_buckets(
\f
Parameters
----------
- uid : uuid.UUID
+ owner_id : uuid.UUID
User for which to retrieve the buckets. Dependency Injection.
bucket_type : app.crud.crud_bucket.CRUDBucket.BucketType, default BucketType.ALL
Type of the bucket to get. Query Parameter.
@@ -99,7 +99,7 @@ async def list_buckets(
"""
current_span = trace.get_current_span()
if owner_id is not None: # pragma: no cover
- current_span.set_attribute("uid", str(owner_id))
+ current_span.set_attribute("owner_id", str(owner_id))
current_span.set_attribute("bucket_type", bucket_type.name)
await authorization("list_all" if current_user.uid != owner_id else "list")
if owner_id is None:
diff --git a/app/core/security.py b/app/core/security.py
index a497a34..603cdd7 100644
--- a/app/core/security.py
+++ b/app/core/security.py
@@ -71,6 +71,6 @@ async def request_authorization(request_params: AuthzRequest, client: AsyncClien
if not parsed_response.result: # pragma: no cover
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
- detail=f"Action forbidden. Decision ID {parsed_response.decision_id}",
+ detail=f"Action forbidden. Decision ID {str(parsed_response.decision_id)}",
)
return parsed_response
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 9d1bcf3..18167f9 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1,11 +1,11 @@
# test packages
-pytest>=7.4.0,<7.5.0
+pytest>=8.0.0,<8.1.0
pytest-asyncio>=0.21.0,<0.22.0
pytest-cov>=4.1.0,<4.2.0
coverage[toml]>=7.4.0,<7.5.0
# Linters
ruff>=0.1.0,<0.2.0
-black>=23.12.0,<24.1.0
+black>=24.1.0,<24.2.0
isort>=5.13.0,<5.14.0
mypy>=1.8.0,<1.9.0
# stubs for mypy
diff --git a/requirements.txt b/requirements.txt
index e4fb6fd..62edd64 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,7 @@ clowmdb>=3.0.0,<3.1.0
# Webserver packages
fastapi>=0.109.0,<0.110.0
-pydantic>=2.5.0,<2.6.0
+pydantic>=2.6.0,<2.7.0
pydantic-settings>=2.1.0,<2.2.0
# Database packages
PyMySQL>=1.1.0,<1.2.0
--
GitLab