Migration PR: Staging to main #86

AkhileshNegi · 2025-03-24T07:23:39Z

Summary

Target issue is #87

This pull request merges changes from the staging-to-main branch into the main branch of the ProjectTech4DevAI/ai-platform repository. The updates include significant enhancements and new features across various components of the FastAPI application:

API Enhancements:
- Added dependency functions for HTTP exception handling and user access verification in deps.py.
- Introduced new routers for organization, project, and project_user modules in main.py.
- Implemented CRUD operations for organizations and projects, restricted to superuser access, in organization.py and project.py.
- Added endpoints for managing project users with authorization checks in project_user.py.
- Updated the login endpoint with customizable token expiration and improved type annotations in login.py.
Core and Configuration Updates:
- Reduced the access token expiration from 8 days to 1 day in config.py for enhanced security.
- Introduced exception handling capabilities in the main application file main.py.
Model and CRUD Operations:
- Developed SQLModel-based data models for organizations, projects, and project users, including relationships and field validations.
- Implemented CRUD operations for organizations and project users with admin checks and pagination in organization.py and project_user.py.
Utility and Documentation Improvements:
- Added a generic APIResponse class for standardized responses and improved error handling in utils.py.
- Updated deployment and development documentation, focusing on Docker Compose setup, GitHub Actions configuration, and environment variables.
Miscellaneous:
- Renamed a function in users.py to avoid naming conflicts.
- Updated environment variables in envSample for project configuration.

These changes aim to enhance the functionality, security, and maintainability of the AI Platform project.

This pull request, titled "Migration PR: Staging to main," merges changes from the staging-to-main branch into the main branch of the ProjectTech4DevAI/ai-platform repository. The updates include:

GitHub Actions Workflows:
- A new workflow for deploying the AI platform to ECS Production, triggered by version tags, with AWS authentication, Docker image building, and ECS service updates.
- A workflow for deploying to AWS ECS, including Docker image building and pushing to ECR, with AWS credentials configuration.
Backend Updates:
- Dockerfile updated to use Python 3.12, implement UV package manager, and configure FastAPI with uvicorn.
- Alembic migrations to add tables for API keys, organizations, projects, and project users.
- Authentication enhancements with API key support and improved error handling.
- New FastAPI router endpoints for managing organizations, projects, project users, and API keys.
- Customizable token expiration in login endpoint and improved type hints.
- Access token expiration reduced from 8 days to 1 day for improved security.
- CRUD operations for API keys, projects, and project users.
- Improved error handling with HTTPException import and exception handler registration.
Model Enhancements:
- Introduction of SQLModel-based models for API keys, organizations, projects, and project users.
- User models extended with project and API key relationships.
Documentation:
- Deployment documentation updated for Docker Compose setup and GitHub Actions configuration.
- Development documentation reorganized with a new section header.
Configuration:
- Environment variables and project configuration updated in the envSample file.

These changes aim to enhance the deployment process, improve code organization, and strengthen security and authentication mechanisms.

Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local>

rename project and stack --------- Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local>

* use latest docker image * update envsample

* token expiry time can be customize * default to one day

* trial * pushing all * models file * renaming * Rename Project.py to project.py * Rename oganization.py to organization.py * Update README.md (#44) * changes (#45) Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local> * Readme update (#47) rename project and stack --------- Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local> * fix create_user endpoint (#62) * standard api response and http exception handling (#67) * standardization and edits * small edits * small edits * small edits * fixed project post * trial * pushing all * models file * renaming * Rename Project.py to project.py * Rename oganization.py to organization.py * standardization and edits * small edits * small edits * small edits * fixed project post * remove these files since they were somehow pushed into this branch * re-push the docker file * re-push utils file * re-push the file * fixing test cases --------- Co-authored-by: Sourabh Lodha <sourabh_lodha@ymail.com> Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local> Co-authored-by: Aviraj Gour <100823015+avirajsingh7@users.noreply.github.com> Co-authored-by: Ishankoradia <ikoradia@umich.edu>

* intial commit user project mapping and authorization * fix alembic migration * Use standard API response * add pagination * add index and use base model

* fixing testcases and migrations * changes migration file name * remove old migration --------- Co-authored-by: Akhilesh Negi <akhileshnegi.an3@gmail.com>

* Intial setup api key * added Api key auth flow * support both api key and oauth --------- Co-authored-by: Sourabh Lodha <sourabh_lodha@ymail.com>

Back merge Production to staging code

kody-ai · 2025-03-24T07:24:25Z

Code Review Completed! 🔥

The code review was successfully completed based on your current configurations.

Kody Guide: Usage and Configuration

Interacting with Kody

Request a Review: Ask Kody to review your PR manually by adding a comment with the @kody start-review command at the root of your PR.
Provide Feedback: Help Kody learn and improve by reacting to its comments with a 👍 for helpful suggestions or a 👎 if improvements are needed.

Current Kody Configuration

Review Options

The following review options are enabled or disabled:

Options	Enabled
Security	✅
Code Style	✅
Kody Rules	✅
Refactoring	✅
Error Handling	✅
Maintainability	✅
Potential Issues	✅
Documentation And Comments	✅
Performance And Optimization	✅
Breaking Changes	✅

Access your configuration settings here.

envSample

backend/app/api/routes/login.py

backend/app/api/routes/project.py

kody-ai · 2025-03-24T07:26:49Z

backend/app/api/routes/project_user.py

+
+
+# Add a user to a project
+@router.post("/{user_id}", response_model=APIResponse[ProjectUserPublic])


from fastapi import RateLimiter @app.state.limiter.limit('5/minute') @router.post('/{user_id}', response_model=APIResponse[ProjectUserPublic])

Add rate limiting to protect endpoints from potential abuse

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

backend/app/api/routes/users.py

backend/app/crud/project_user.py

kody-ai · 2025-03-24T07:26:58Z

backend/app/models/organization.py

+
+# Shared properties for an Organization
+class OrganizationBase(SQLModel):
+    name: str = Field(unique=True, index=True, max_length=255)


name: str = Field(unique=True, index=True, max_length=255, min_length=1, regex=r'^[\w\s\-\.\&\,\']+$')

Add input validation for organization name.

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

backend/app/models/project.py

kody-ai · 2025-03-24T07:28:06Z

Code Review Completed! 🔥

The code review was successfully completed based on your current configurations.

Kody Guide: Usage and Configuration

Interacting with Kody

Request a Review: Ask Kody to review your PR manually by adding a comment with the @kody start-review command at the root of your PR.
Provide Feedback: Help Kody learn and improve by reacting to its comments with a 👍 for helpful suggestions or a 👎 if improvements are needed.

Current Kody Configuration

Review Options

The following review options are enabled or disabled:

Options	Enabled
Security	✅
Code Style	✅
Kody Rules	✅
Refactoring	✅
Error Handling	✅
Maintainability	✅
Potential Issues	✅
Documentation And Comments	✅
Performance And Optimization	✅
Breaking Changes	✅

Access your configuration settings here.

kody-ai · 2025-03-24T07:30:43Z

.github/workflows/cd-production.yml

+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          REPOSITORY: ${{ github.event.repository.name }}-repo
+          TAG: ${{ github.ref_name }}


env: REGISTRY: ${{ steps.login-ecr.outputs.registry }} REPOSITORY: ${{ github.event.repository.name }}-repo TAG: ${{ github.ref_name }} run: | if [ -z "$REGISTRY" ] || [ -z "$REPOSITORY" ] || [ -z "$TAG" ]; then echo "Required environment variables are not set" exit 1 fi

Add environment variable validation to ensure required variables are set before running critical operations.

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

kody-ai · 2025-03-24T07:30:45Z

.github/workflows/cd-production.yml

+          aws ecs update-service \
+            --cluster ${{ github.event.repository.name }}-cluster \
+            --service ${{ github.event.repository.name }}-service \
+            --force-new-deployment


aws ecs update-service \n --cluster ${{ github.event.repository.name }}-cluster \n --service ${{ github.event.repository.name }}-service \n --force-new-deployment aws ecs wait services-stable \n --cluster ${{ github.event.repository.name }}-cluster \n --services ${{ github.event.repository.name }}-service \n --timeout-seconds 300

Add timeout configuration for ECS deployment to prevent indefinite hanging of the workflow in case of deployment issues.

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

kody-ai · 2025-03-24T07:30:48Z

.github/workflows/cd-staging.yml

+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4 # More information on this action can be found below in the 'AWS Credentials' section
+        with:
+          role-to-assume: arn:aws:iam::024209611402:role/github-action-role


role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-action-role

Hard-coded AWS account ID should be stored as a GitHub secret for better security

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

kody-ai · 2025-03-24T07:30:51Z

backend/Dockerfile

 ENV PYTHONUNBUFFERED=1

+# Set working directory
 WORKDIR /app/


WORKDIR /app/ RUN adduser --system --no-create-home appuser RUN chown -R appuser:appuser /app USER appuser

Add a non-root user and switch to it for better security. Running containers as root is a security risk that should be avoided in production environments.

_{Talk to Kody by mentioning @kody}

_{Was this suggestion helpful? React with 👍 or 👎 to help Kody learn from this interaction.}

backend/app/api/routes/api_keys.py

backend/app/crud/api_key.py

* fix authentication part * Modify test cases to compatible with new auth

* issue CI * first stab at continuous integration * fixing testcases and migrations * syncing with master * moving to python version 3.11.7 * making copy of env * updating env * added migrations * added uv sync * updating working directory * added step to activate env * updating working directory * updating working directory for codecov upload * updating script to upload to codecov * remove working directory * added working directory for % check * clenaup * cleanup * activating env * update the issue template * update readme and env file

jerome-white

There are far too many files, and far too many purposes of those files, to give an in-depth review. Also, my understanding is that this is effectively a branch move, implying that most of these files have been reviewed already.

There are several comments from the review bot. They mostly seem like defensive programming suggestions. Whether to implement them should be the decision of those that have more context. I'm comfortable making them into low priority issues and fixing them one-by-one at a later date.

sourabhlodha and others added 14 commits March 14, 2025 10:56

Update README.md (#44)

4b18f4d

changes (#45)

ff651a8

Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local>

Readme update (#47)

56c30e6

rename project and stack --------- Co-authored-by: sourabhlodha <sourabhlodha@Administrators-MacBook-Pro.local>

Merge branch 'main' into staging

ce86e7b

fix create_user endpoint (#62)

5942790

standard api response and http exception handling (#67)

bf76406

Upgrade PostgreSQL to 16 & Fix CORS Configuration (#57)

641bc89

* use latest docker image * update envsample

Add Customizable Token Expiry Time in Login API (#70)

765c2ac

* token expiry time can be customize * default to one day

Add Project User Management (#65)

a7a2a9c

* intial commit user project mapping and authorization * fix alembic migration * Use standard API response * add pagination * add index and use base model

Alembic: migration fixes for organization (#77)

17daeb9

* fixing testcases and migrations * changes migration file name * remove old migration --------- Co-authored-by: Akhilesh Negi <akhileshnegi.an3@gmail.com>

Added Support of API Key Authentication (#76)

961b6a7

* Intial setup api key * added Api key auth flow * support both api key and oauth --------- Co-authored-by: Sourabh Lodha <sourabh_lodha@ymail.com>

Main to stage code sync (#80)

8f121b2

Back merge Production to staging code

added migration for api table (#81)

9996a5e

AkhileshNegi self-assigned this Mar 24, 2025

AkhileshNegi linked an issue Mar 24, 2025 that may be closed by this pull request

Migration Branch: Staging to Main #87

Closed

AkhileshNegi requested review from jerome-white and sourabhlodha March 24, 2025 07:25