Merge branch 'bugfix/76-fix-broken-kaniko-build' into 'main'

Resolve "Fix broken kaniko build" Closes #76 See merge request !74

Merge branch 'bugfix/76-fix-broken-kaniko-build' into 'main'
f2a6c7ef · Daniel Göbel · a9f1ea4b · 6d115ee0 · f2a6c7ef · f2a6c7ef
Commit f2a6c7ef authored 1 year ago by Daniel Göbel
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -129,7 +129,7 @@ lint-test-job: # Runs linters checks on code
  script:
    - ./scripts/lint.sh

-build-publish-dev-docker-container-job:
+publish-main-docker-container-job:
  stage: deploy
  image:
    name: gcr.io/kaniko-project/executor:v1.20.0-debug
@@ -146,6 +146,7 @@ build-publish-dev-docker-container-job:
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      --destination "${CI_REGISTRY_IMAGE}:main-${CI_COMMIT_SHA}"
      --destination "${CI_REGISTRY_IMAGE}:main-latest"
+      --cleanup
    - /kaniko/executor
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile-Gunicorn"
@@ -170,6 +171,7 @@ publish-docker-container-job:
      --destination "${CI_REGISTRY_IMAGE}:$(echo ${CI_COMMIT_TAG} | cut -d'.' -f1-2)"
      --destination "${CI_REGISTRY_IMAGE}:$(echo ${CI_COMMIT_TAG} | cut -d'.' -f1)"
      --destination "${CI_REGISTRY_IMAGE}:latest"
+      --cleanup
    - /kaniko/executor
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile-Gunicorn"

--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -15,29 +15,29 @@ repos:
    -   id: check-merge-conflict
    -   id: check-ast
 -   repo: https://github.com/psf/black
-    rev: 23.11.0
+    rev: 24.1.1
    hooks:
    -   id: black
        files: app
        args: [--check]
 -   repo: https://github.com/charliermarsh/ruff-pre-commit
-    rev: 'v0.1.6'
+    rev: 'v0.1.15'
    hooks:
    -   id: ruff
 -   repo: https://github.com/PyCQA/isort
-    rev: 5.12.0
+    rev: 5.13.2
    hooks:
    -   id: isort
        files: app
        args: [-c]
 -   repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.7.1
+    rev: v1.8.0
    hooks:
    -   id: mypy
        files: app
        args: [--config=pyproject.toml]
        additional_dependencies:
-            - boto3-stubs-lite[s3]>=1.29.0,<1.30.0
+            - boto3-stubs-lite[s3]<1.35.0
            - sqlalchemy>=2.0.0,<2.1.0
-            - pydantic>=2.5.0,<2.6.0
+            - pydantic<2.7.0
            - types-requests
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get update && apt-get -y install dumb-init
 RUN apt-get clean
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 STOPSIGNAL SIGINT
-RUN pip install --no-cache-dir httpx[cli] "uvicorn>=0.27.0"
+RUN pip install --no-cache-dir httpx[cli] "uvicorn<0.28.0"

 HEALTHCHECK --interval=30s --timeout=2s CMD httpx http://localhost:$PORT/health || exit 1

@@ -17,7 +17,7 @@ WORKDIR /home/worker/code
 ENV PYTHONPATH=/home/worker/code
 ENV PATH="/home/worker/.local/bin:${PATH}"

-COPY --chown=worker:worker ./start_service_uvicorn.sh ./start.sh
+COPY --chown=worker:worker ./start_service_uvicorn.sh ./entrypoint.sh
 COPY --chown=worker:worker ./scripts/prestart.sh ./prestart.sh

 COPY --chown=worker:worker requirements.txt ./requirements.txt
@@ -26,4 +26,4 @@ RUN pip install --user --no-cache-dir --upgrade -r requirements.txt

 COPY --chown=worker:worker ./app ./app

-CMD ["./start.sh"]
+CMD ["./entrypoint.sh"]
--- a/Dockerfile-Gunicorn
+++ b/Dockerfile-Gunicorn
@@ -4,17 +4,17 @@ EXPOSE $PORT
 WORKDIR /app/
 ENV PYTHONPATH=/app

-RUN pip install --no-cache-dir httpx[cli] "gunicorn<=21.2.0" "uvicorn>=0.27.0"
+RUN pip install --no-cache-dir httpx[cli] "gunicorn<21.3.0" "uvicorn<0.28.0"
 COPY ./gunicorn_conf.py /app/gunicorn_conf.py
-COPY ./start_service_gunicorn.sh /app/start.sh
+COPY ./start_service_gunicorn.sh /app/entrypoint.sh

 HEALTHCHECK --interval=30s --timeout=2s CMD httpx http://localhost:$PORT/health || exit 1

 COPY ./scripts/prestart.sh /app/prestart.sh
 COPY ./requirements.txt /app/requirements.txt

-RUN pip install --no-cache-dir --upgrade -r requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt

 COPY ./app /app/app

-CMD ["./start.sh"]
+CMD ["./entrypoint.sh"]
--- a/app/api/dependencies.py
+++ b/app/api/dependencies.py
@@ -114,6 +114,7 @@ async def decode_bearer_token(
    """
    try:
        jwt = JWT(**decode(token.credentials), raw_token=token.credentials)
+        trace.get_current_span().set_attributes({"exp": jwt.exp.isoformat(), "uid": jwt.sub})
        await get_current_user(jwt, db)  # make sure the user exists
        return jwt
    except ExpiredTokenError:  # pragma: no cover

--- a/app/api/endpoints/bucket_permissions.py
+++ b/app/api/endpoints/bucket_permissions.py
@@ -196,7 +196,7 @@ async def list_permissions_per_user(
        List of all permissions for this user.
    """
    current_span = trace.get_current_span()
-    current_span.set_attribute("uid", user.uid)
+    current_span.set_attribute("uid", str(user.uid))
    if permission_types is not None and len(permission_types) > 0:  # pragma: no cover
        current_span.set_attribute("permission_types", [ptype.name for ptype in permission_types])
    if permission_status is not None:  # pragma: no cover

--- a/app/api/endpoints/buckets.py
+++ b/app/api/endpoints/buckets.py
@@ -80,7 +80,7 @@ async def list_buckets(
    \f
    Parameters
    ----------
-    uid : uuid.UUID
+    owner_id : uuid.UUID
        User for which to retrieve the buckets. Dependency Injection.
    bucket_type : app.crud.crud_bucket.CRUDBucket.BucketType, default BucketType.ALL
        Type of the bucket to get. Query Parameter.
@@ -99,7 +99,7 @@ async def list_buckets(
    """
    current_span = trace.get_current_span()
    if owner_id is not None:  # pragma: no cover
-        current_span.set_attribute("uid", str(owner_id))
+        current_span.set_attribute("owner_id", str(owner_id))
    current_span.set_attribute("bucket_type", bucket_type.name)
    await authorization("list_all" if current_user.uid != owner_id else "list")
    if owner_id is None:

--- a/app/core/security.py
+++ b/app/core/security.py
@@ -71,6 +71,6 @@ async def request_authorization(request_params: AuthzRequest, client: AsyncClien
    if not parsed_response.result:  # pragma: no cover
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
-            detail=f"Action forbidden. Decision ID {parsed_response.decision_id}",
+            detail=f"Action forbidden. Decision ID {str(parsed_response.decision_id)}",
        )
    return parsed_response
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
 # test packages
-pytest>=7.4.0,<7.5.0
+pytest>=8.0.0,<8.1.0
 pytest-asyncio>=0.21.0,<0.22.0
 pytest-cov>=4.1.0,<4.2.0
 coverage[toml]>=7.4.0,<7.5.0
 # Linters
 ruff>=0.1.0,<0.2.0
-black>=23.12.0,<24.1.0
+black>=24.1.0,<24.2.0
 isort>=5.13.0,<5.14.0
 mypy>=1.8.0,<1.9.0
 # stubs for mypy

--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,7 @@ clowmdb>=3.0.0,<3.1.0

 # Webserver packages
 fastapi>=0.109.0,<0.110.0
-pydantic>=2.5.0,<2.6.0
+pydantic>=2.6.0,<2.7.0
 pydantic-settings>=2.1.0,<2.2.0
 # Database packages
 PyMySQL>=1.1.0,<1.2.0