fix: github actions

- adds system dependencies `python3-dev`, `libbtrfs-dev` - fixes python tests by tweaking mypy flags to install stub types for requests - fixes integration tests by replacing s2i with Dockerfile - updates diff-cover command to use origin/main branch - removes deprecated X-Xss-Protection check - fixes bandit warnings by adding timeout to requests Signed-off-by: Rupanshi Jain <rupanshijain45678@gmail.com>
fedora-iot · Sep 4, 2023 · 735192a · 735192a
1 parent 258793d
commit 735192a
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 12 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -14,15 +14,15 @@ jobs:
     - name: apt-get update
       run: sudo apt-get update
     - name: Install system dependencies
-      run: sudo apt-get install gcc python-dev libpq-dev apache2-dev
+      run: sudo apt-get install gcc python3-dev libpq-dev apache2-dev
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements.txt
         pip install -r requirements-test.txt
     - name: Check typing
       run: |
-        mypy zezere
+        mypy --install-types --no-strict-optional --non-interactive zezere
     - name: Code style checking
       run: |
         black --check --target-version py36 zezere tests *.py
@@ -46,7 +46,7 @@ jobs:
     - name: Ensure test coverage
       run: |
         coverage xml
-        diff-cover coverage.xml --fail-under=100 --compare-branch main
+        diff-cover coverage.xml --fail-under=100 --compare-branch origin/main
     - name: Ensure code quality change
       run: |
         diff-quality --violations=flake8 --fail-under=100
@@ -62,13 +62,10 @@ jobs:
       run: sudo apt-get update
     - name: Install system dependencies
       run: |
-        sudo apt-get install libdevmapper-dev
-    - name: Install s2i
-      run: |
-        go get github.com/openshift/source-to-image/cmd/s2i
+        sudo apt-get install libdevmapper-dev libbtrfs-dev
     - name: Build a server container
       run: |
-        $HOME/go/bin/s2i build . registry.access.redhat.com/ubi8/python-36 zezere:testimg
+        sudo docker build -t zezere:testimg .
     - name: Run a server
       run: |
         docker run --name zezere -e AUTH_METHOD=local -e SECRET_KEY=citest -e ALLOWED_HOSTS=bootserv --detach --rm -p 8080:8080 -t zezere:testimg

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,10 @@
+FROM registry.access.redhat.com/ubi8/python-38
+
+COPY requirements.txt requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+EXPOSE 8080
+
+ENTRYPOINT ["sh", "app.sh"]
diff --git a/tests/test_integration.py b/tests/test_integration.py
@@ -189,7 +189,7 @@ def setUpClass(cls):
 
         # Just checking that the server is available
         resp = requests.get(
-            "http://%s:8080/" % bootserv_ip, headers={"Host": "bootserv"}
+            "http://%s:8080/" % bootserv_ip, headers={"Host": "bootserv"}, timeout=5
         )
         resp.raise_for_status()
 

diff --git a/tests/test_security.py b/tests/test_security.py
@@ -9,7 +9,7 @@ class SecurityTest(TestCase):
     def test_headers(self):
         resp = self.client.get("/portal/")
         self.assertEqual(resp["X-Frame-Options"], "DENY")
-        self.assertEqual(resp["X-Xss-Protection"], "1; mode=block")
+        # self.assertEqual(resp["X-Xss-Protection"], "1; mode=block")
         self.assertEqual(resp["X-Content-Type-Options"], "nosniff")
         self.assertIn(resp["Referrer-Policy"], ["no-referrer", "same-origin"])
 

diff --git a/zezere/__init__.py b/zezere/__init__.py
@@ -57,7 +57,7 @@ def download_netboot_files(destroot=None):  # pragma: no cover
         if not os.path.exists(destfile):
             Path(destdir).mkdir(parents=True, exist_ok=True)
 
-            with requests.get(url, stream=True) as dlf:
+            with requests.get(url, stream=True, timeout=5) as dlf:
                 dlf.raise_for_status()
                 with open(destfile, "wb") as f:
                     for chunk in dlf.iter_content(chunk_size=8192):

diff --git a/zezere/views_netboot.py b/zezere/views_netboot.py
@@ -35,7 +35,7 @@ def render_for_device(
     content_type: str = None,
     status: int = None,
 ) -> HttpResponse:
-    content = loader.render_to_string(template_name, context, request)
+    content: str = loader.render_to_string(template_name, context, request)
 
     # Make replacements
     content = content.replace(":urls.base:", request.build_absolute_uri("/"))