diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..55cca57 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +--- +version: 2 +updates: + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + target-branch: "develop" + assignees: + - "kerberizer" diff --git a/.github/workflows/test-build-publish.yml b/.github/workflows/ci.yml similarity index 79% rename from .github/workflows/test-build-publish.yml rename to .github/workflows/ci.yml index e5e4747..07e75f8 100644 --- a/.github/workflows/test-build-publish.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,5 @@ --- -name: Test, build, publish Docker image +name: CI on: # yamllint disable-line rule:truthy push: @@ -12,7 +12,7 @@ on: # yamllint disable-line rule:truthy workflow_dispatch: env: - POETRY_VERSION: 1.8.2 + POETRY_VERSION: 1.8.3 REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} @@ -31,13 +31,14 @@ jobs: - '3.12' steps: + - name: Checkout the repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.7 with: submodules: recursive - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v5.2.0 with: python-version: ${{ matrix.python-version }} @@ -46,14 +47,14 @@ jobs: - name: Load the cached Poetry installation id: cached-poetry - uses: actions/cache@v4 + uses: actions/cache@v4.0.2 with: path: ~/.local key: poetry-${{ env.POETRY_VERSION }}-py_${{ env.PYTHON_ID}}-0 - name: Install Poetry if: steps.cached-poetry.outputs.cache-hit != 'true' - uses: snok/install-poetry@v1 + uses: snok/install-poetry@v1.4.1 with: version: ${{ env.POETRY_VERSION }} virtualenvs-create: true @@ -61,7 +62,7 @@ jobs: - name: Load the cached dependencies id: cached-deps - uses: actions/cache@v4 + uses: actions/cache@v4.0.2 with: path: .venv key: py${{ matrix.python-version }}-deps-${{ hashFiles('**/poetry.lock') }} @@ -88,8 +89,9 @@ jobs: id-token: write steps: + - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4.1.7 with: submodules: recursive @@ -97,19 +99,19 @@ jobs: # https://github.com/sigstore/cosign-installer - name: Install cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@v3.3.0 + uses: sigstore/cosign-installer@v3.6.0 with: - cosign-release: 'v2.2.3' + cosign-release: 'v2.4.0' # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf + uses: docker/setup-buildx-action@v3.6.1 # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c + uses: docker/login-action@v3.3.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -119,12 +121,18 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + uses: docker/metadata-action@v5.5.1 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + labels: | + org.opencontainers.image.description=RamanChada 2 API service + org.opencontainers.image.licenses=MIT + org.opencontainers.image.title=ramanchada-api + org.opencontainers.image.url=https://github.com/h2020charisma/ramanchada-api/blob/main/README.md + org.opencontainers.image.vendor=IDEAconsult tags: | - type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'develop') }} - type=raw,value=stable,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/develop' }} + type=raw,value=stable,enable=${{ github.ref == 'refs/heads/main' }} type=ref,event=branch type=ref,event=tag type=ref,event=pr @@ -133,14 +141,14 @@ jobs: # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v6.7.0 with: + cache-from: type=gha + cache-to: type=gha,mode=max context: . + labels: ${{ steps.meta.outputs.labels }} push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker @@ -148,7 +156,7 @@ jobs: # transparency data even for private images, pass --force to cosign below. # https://github.com/sigstore/cosign - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} + if: github.event_name != 'pull_request' env: # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable TAGS: ${{ steps.meta.outputs.tags }} diff --git a/Dockerfile b/Dockerfile index 59e57fc..52ab4bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.11-slim as requirements-stage +FROM python:3.11-slim AS requirements-stage WORKDIR /tmp @@ -10,24 +10,18 @@ COPY ./extern/ramanchada2 /tmp/extern/ramanchada2 RUN poetry export -f requirements.txt --output requirements.txt --without=dev --without-hashes -FROM tiangolo/uvicorn-gunicorn-fastapi:python3.11-slim -LABEL maintainer="Luchesar ILIEV " \ - org.opencontainers.image.created=$BUILD_DATE \ - org.opencontainers.image.description="RamanChada 2 API service" \ - org.opencontainers.image.revision=$VCS_REF \ - org.opencontainers.image.schema-version="1.0" \ - org.opencontainers.image.source="https://github.com/h2020charisma/ramanchada-api" \ - org.opencontainers.image.title="ramanchada-api" \ - org.opencontainers.image.url="https://github.com/h2020charisma/ramanchada-api/blob/main/README.md" \ - org.opencontainers.image.vendor="IDEAconsult" \ - org.opencontainers.image.version="latest" +FROM python:3.11-slim + +RUN apt-get update && apt-get install -y \ + git \ + && rm -rf /var/lib/apt/lists/* COPY --from=requirements-stage /tmp/requirements.txt /app/requirements.txt COPY ./extern/pynanomapper /tmp/extern/pynanomapper COPY ./extern/ramanchada2 /tmp/extern/ramanchada2 -RUN sed -i 's/^-e //' /app/requirements.txt +RUN sed -Ei -e 's|^-e ||' -e 's|(/pyambit.git)@\S+|\1|' /app/requirements.txt RUN pip install --no-cache-dir --upgrade -r /app/requirements.txt @@ -38,8 +32,10 @@ COPY ./src/rcapi /app/rcapi RUN sed -i '/^upload_dir:/s|:.*|: "/var/uploads"|' /app/rcapi/config/config.yaml RUN mkdir -p /var/uploads/TEMPLATES - COPY ./tests/resources/templates/dose_response.json /var/uploads/TEMPLATES/3c22a1f0-a933-4855-848d-05fcc26ceb7a.json ENV RAMANCHADA_API_CONFIG="/app/rcapi/config/config.yaml" -ENV MODULE_NAME="rcapi.main" +EXPOSE 80 +WORKDIR /app + +CMD ["uvicorn", "rcapi.main:app", "--host", "0.0.0.0", "--port", "80", "--workers", "4"] diff --git a/docker-compose.yml b/docker-compose.yml index 0074b52..192d167 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -60,10 +60,14 @@ services: - uploads-prod:/var/uploads dev: - image: ghcr.io/h2020charisma/ramanchada-api:develop + image: ghcr.io/h2020charisma/ramanchada-api:latest container_name: ramanchada-api-dev hostname: ramanchada-api-dev restart: unless-stopped + environment: + HS_ENDPOINT: ${HS_ENDPOINT} + HS_USERNAME: ${HS_USERNAME} + HS_PASSWORD: ${HS_PASSWORD} labels: traefik.enable: 'true' traefik.http.routers.ramanchada-api-dev.entrypoints: tcp80v4*,tcp443v4*,tcp80v6*,tcp443v6* diff --git a/poetry.lock b/poetry.lock index 7c11389..e6ecd4f 100644 --- a/poetry.lock +++ b/poetry.lock @@ -3810,4 +3810,4 @@ test = ["big-O", "importlib-resources", "jaraco.functools", "jaraco.itertools", [metadata] lock-version = "2.0" python-versions = ">=3.9,<3.13" -content-hash = "be2bea1729e7ee8fb2e622713f82e1e790954dc265ba720467390b77a37b75a5" +content-hash = "dec50919902b0c7df076897d1cba020aed1648b509e686d779e7f6163fdb3c90" diff --git a/pyproject.toml b/pyproject.toml index f405a2c..7fe2f25 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -21,13 +21,14 @@ include = [ [tool.poetry.dependencies] python = ">=3.9,<3.13" -fastapi = "^0.101.0" -python-multipart = "^0.0.6" -pynanomapper = { path = "extern/pynanomapper", develop = true } -ramanchada2 = { path = "extern/ramanchada2", develop = true } apscheduler = "^3.10.1" +fastapi = "^0.101.0" h5grove = "^1.3.0" openpyxl = "^3.1.2" +pynanomapper = { path = "extern/pynanomapper", develop = true } +python-multipart = "^0.0.6" +ramanchada2 = { path = "extern/ramanchada2", develop = true } +uvicorn = "^0.27.1" [tool.poetry.urls] "Bug Tracker" = "https://github.com/h2020charisma/ramanchada-api/issues" @@ -36,9 +37,8 @@ openpyxl = "^3.1.2" dev = "scripts.dev_server:main" [tool.poetry.group.dev.dependencies] -pytest = "^8.0.1" httpx = "^0.27.0" -uvicorn = "^0.27.1" +pytest = "^8.0.1" [tool.poetry.group.jupyter.dependencies] jupyter = "^1.0.0"