Merge branch 'safe-global:main' into boba-stg

.env.example

@@ -9,19 +9,11 @@
 PYTHONDONTWRITEBYTECODE=true
 
 # You should generate a random string of 50+ characters for this value in prod.
-# SECRET_KEY=insecure_key_for_dev
+SECRET_KEY=insecure_key_for_dev
 
 # This should never be set to true in production but it should be enabled in dev.
 DEBUG=false
 
-# Enable One-Time-Password for admin access
-# If this setting is enabled, access to the Django Admin panel will require a
-# one time password from a registered device.
-# If you have no registered devices you can set a static token for onboarding to the admin:
-# python src/manage.py addstatictoken <username>
-# See: https://django-otp-official.readthedocs.io/en/stable/overview.html#addstatictoken
-DJANGO_OTP_ADMIN=true
-
 # Root log level (default is INFO)
 # Possible values are DEBUG | INFO | WARNING | ERROR | CRITICAL
 ROOT_LOG_LEVEL=INFO
@@ -61,8 +53,8 @@ NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx/
 
 # You'll always want to set the POSTGRES_USER and POSTGRES_PASSWORD since the
 # postgres Docker image uses them for its default database user and password.
-#POSTGRES_USER=postgres
-#POSTGRES_PASSWORD=postgres
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres
 POSTGRES_NAME=postgres
 POSTGRES_HOST=db
 POSTGRES_PORT=5432
@@ -98,8 +90,8 @@ GUNICORN_WEB_RELOAD=false
 # Default file storage class to be used for any file-related operations that don’t specify a particular storage system.
 # storages.backends.s3boto3.S3Boto3Storage – Used for S3 configuration (AWS needs to be configured)
 # django.core.files.storage.FileSystemStorage – Django default
-#DEFAULT_FILE_STORAGE=django.core.files.storage.FileSystemStorage
-DEFAULT_FILE_STORAGE=storages.backends.s3boto3.S3Boto3Storage
+DEFAULT_FILE_STORAGE=django.core.files.storage.FileSystemStorage
+#DEFAULT_FILE_STORAGE=storages.backends.s3boto3.S3Boto3Storage
 
 # django-storages – Amazon S3 configuration
 # See https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html
@@ -119,6 +111,7 @@ DEFAULT_FILE_STORAGE=storages.backends.s3boto3.S3Boto3Storage
 #AWS_S3_CUSTOM_DOMAIN=
 
 # CSRF protection 
-# See https://docs.djangoproject.com/en/4.0/ref/settings/#std:setting-CSRF_TRUSTED_ORIGINS
+# See https://docs.djangoproject.com/en/dev/ref/settings/#csrf-trusted-origins
+CSRF_TRUSTED_ORIGINS="http://localhost:${NGINX_HOST_PORT}"
 #CSRF_TRUSTED_ORIGINS="https://safe-config.staging.gnosisdev.com,http://safe-config.staging.gnosisdev.com"
 #CSRF_TRUSTED_ORIGINS="https://safe-config.gnosis.io,http://safe-config.gnosis.io"

.github/CODEOWNERS

@@ -1,5 +1,5 @@
 # These owners will be the default owners for everything in
 # the repo. Unless a later match takes precedence,
-* @gnosis/safe-services
+* @safe-global/safe-services
 
-/src/safe_apps @mikheevm
+/src/safe_apps @mikheevm @safe-global/safe-services

.github/workflows/cla.yml

@@ -12,17 +12,17 @@ jobs:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
         # Beta Release
-        uses: cla-assistant/github-action@v2.1.3-beta
+        uses: cla-assistant/github-action@v2.2.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # the below token should have repo scope and must be manually added by you in the repository's secret
           PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
         with:
           path-to-signatures: 'signatures/version1/cla.json'
-          path-to-document: 'https://gnosis-safe.io/cla/'
+          path-to-document: 'https://safe.global/cla/'
           # branch should not be protected
           branch: 'cla-signatures'
-          allowlist: jpalvarezl,fmrsabino,rmeissner,Uxio0,*bot # may need to update this expression if we add new bots
+          allowlist: hectorgomezv,moisses89,luarx,fmrsabino,rmeissner,Uxio0,*bot # may need to update this expression if we add new bots
 
           #below are the optional inputs - If the optional inputs are not given, then default values will be taken
           #remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository)

.github/workflows/test.yml

@@ -17,9 +17,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@v3
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: '3.10'
       - run: python -m pip install flake8
@@ -33,9 +33,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@v3
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: '3.10'
       - run: python -m pip install isort
@@ -49,9 +49,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@v3
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: '3.10'
       - run: python -m pip install black
@@ -83,19 +83,20 @@ jobs:
       AWS_STORAGE_BUCKET_NAME: 'example-aws-storage-bucket-name'
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v2.4.0
-      - uses: actions/cache@v2.1.7
+        uses: actions/checkout@v3
+      - uses: actions/cache@v3
         with:
           path: ~/.cache/pip
           key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }}
           restore-keys: |
             ${{ runner.os }}-pip-
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: '3.10'
       - name: Install dependencies
         run: |
+          pip install -U wheel setuptools
           pip install -r requirements-dev.txt
       - name: Run mypy
         run: mypy --strict src/chains src/safe_apps
@@ -121,18 +122,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2.4.0
+        uses: actions/checkout@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1.6.0
+        uses: docker/setup-buildx-action@v2.0.0
       - name: Cache Docker layers
-        uses: actions/cache@v2.1.7
+        uses: actions/cache@v3
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
           restore-keys: |
             ${{ runner.os }}-buildx-
       - name: Login to DockerHub
-        uses: docker/login-action@v1.12.0
+        uses: docker/login-action@v2.0.0
         with:
           username: ${{ secrets.DOCKER_USER }}
           password: ${{ secrets.DOCKER_PASSWORD }}
@@ -146,7 +147,7 @@ jobs:
         run: echo "DOCKER_TAG=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v2.9.0
+        uses: docker/build-push-action@v3.1.1
         with:
           context: .
           push: true
@@ -162,3 +163,16 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
+
+  autodeploy:
+    runs-on: ubuntu-latest
+    needs: [docker-publish]
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    steps:
+    - uses: actions/checkout@v2
+    - name: Deploy Staging
+      run: bash scripts/autodeploy.sh
+      env:
+        AUTODEPLOY_URL: ${{ secrets.AUTODEPLOY_URL }}
+        AUTODEPLOY_TOKEN: ${{ secrets.AUTODEPLOY_TOKEN }}
+        TARGET_ENV: "staging"

.pre-commit-config.yaml

@@ -5,7 +5,7 @@ repos:
       - id: isort
         args: [ "--profile", "black", "--filter-files" ]
   - repo: https://github.com/psf/black
-    rev: 21.12b0
+    rev: 22.6.0
     hooks:
       - id: black
         language_version: python3

Dockerfile

@@ -21,6 +21,7 @@ RUN set ex \
 		" \
     && apt-get update \
     && apt-get install -y --no-install-recommends $buildDeps tini \
+    && pip3 install -U --no-cache-dir wheel setuptools pip \
     && pip3 install --no-cache-dir --user -r requirements.txt \
     && apt-get purge -y --auto-remove $buildDeps \
     && rm -rf /var/lib/apt/lists/* \

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Gnosis
+Copyright (c) 2021 Safe Ecosystem Foundation
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -13,14 +13,12 @@ The `safe-config-service` is a service that provides configuration information i
 
 ### 1. Configuration
 
-The environment variables are set via the `.env` file. The configuration in `.env.example` is meant to be production ready. You can copy it and adjust it to your development needs (refer to the file for the explanation about each environment variable).
-
+The environment variables are set via the `.env` file. The configuration in `.env.example` is meant to be used **only for development**. You can copy it and adjust it to your development needs (refer to the file for the explanation about each environment variable).
 ```shell
 cp .env.example .env
 ```
 
-**Important:** Some variables are required to be set before running the application: `SECRET_KEY`, `POSTGRES_USER`, `POSTGRES_PASSWORD`.
-They can be set either locally on your environment or (as a provided example) by uncommenting these variables from the `.env` file.
+**Important:** It is recommended to set sensitive fields (like passwords) and adjust other parameters for your production environment needs. The `.env.sample` configuration shouldn't be used for any production deployment.
 
 ### 2. Running the service image
 
@@ -32,6 +30,19 @@ docker compose up
 
 The service will then be available under `localhost:$NGINX_HOST_PORT`.
 
+### 3. Create an admin user
+
+The admin interface of the service is available under `http://<host>:<NGINX_HOST_PORT>/admin` but you need to have an admin registered before you are able to access the panel.
+
+To create an admin user (assuming that the name of the `web` container is `safe-config-service-web-1`):
+
+```shell
+docker exec -it safe-config-service-web-1 /bin/bash
+python src/manage.py createsuperuser
+```
+
+And then just follow the prompts in order to create an admin user. Further users (admin or not) can be created from the admin interface itself.
+
 ## Development
 
 If you wish to develop locally without running an image for the Django service you can do the following:

requirements-dev.txt

@@ -1,17 +1,17 @@
 -r requirements.txt
-black==22.1.0
-coverage==6.3.1
+black==22.6.0
+coverage==6.4.4
 coveralls==3.3.1
 factory-boy==3.2.1
-Faker==12.3.0
-flake8==4.0.1
+Faker==14.2.0
+flake8==5.0.4
 isort==5.10.1
-pre-commit==2.17.0
+pre-commit==2.20.0
 pytest-django==4.5.2
-responses==0.18.0
+responses==0.21.0
 
 # mypy and PEP 561 stubs
-mypy==0.931
-django-stubs==1.9.0
-djangorestframework-stubs==1.4.0
-types-requests==2.27.9
+mypy==0.971
+django-stubs==1.12.0
+djangorestframework-stubs==1.7.0
+types-requests==2.28.9

requirements.txt

@@ -1,14 +1,13 @@
-boto3==1.20.54
-Django==4.0.2
-django-cors-headers==3.11.0
+boto3==1.24.66
+Django==4.1.1
+django-cors-headers==3.13.0
 djangorestframework==3.13.1
 djangorestframework-camel-case==1.3.0
-django-otp[qrcode]==1.1.3
-django-storages==1.12.3
-django-stubs-ext==0.3.1
-drf-yasg[validation]==1.20.0
-gnosis-py[django]==3.8.0
+django-storages==1.13.1
+django-stubs-ext==0.5.0
+drf-yasg[validation]==1.21.3
+safe-eth-py[django]==4.4.0
 gunicorn==20.1.0
-Pillow==9.0.1
+Pillow==9.2.0
 psycopg2-binary==2.9.3
-requests==2.27.1
+requests==2.28.1

scripts/autodeploy.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -ev
+
+curl -s --output /dev/null --write-out "%{http_code}" \
+    -H "Content-Type: application/json" \
+    -X POST \
+    -u "$AUTODEPLOY_TOKEN" \
+    -d '{"push_data": {"tag": "'$TARGET_ENV'" }}' \
+    $AUTODEPLOY_URL

src/about/tests/test_views.py

@@ -7,7 +7,7 @@ def test_json_payload_format(self):
         url = reverse("v1:about:detail")
         expected_json_response = {
             "name": "Safe Config Service",
-            "version": "2.9.5",
+            "version": "2.31.0",
             "apiVersion": "v1",
             "secure": False,
         }
@@ -23,7 +23,7 @@ def test_https_request(self):
         url = reverse("v1:about:detail")
         expected_json_response = {
             "name": "Safe Config Service",
-            "version": "2.9.5",
+            "version": "2.31.0",
             "api_version": "v1",
             "secure": True,
         }
@@ -37,7 +37,7 @@ def test_http_request(self):
         url = reverse("v1:about:detail")
         expected_json_response = {
             "name": "Safe Config Service",
-            "version": "2.9.5",
+            "version": "2.31.0",
             "api_version": "v1",
             "secure": False,
         }

src/chains/admin.py

@@ -4,19 +4,19 @@
 from .models import Chain, Feature, GasPrice, Wallet
 
 
-class GasPriceInline(admin.TabularInline[Model]):
+class GasPriceInline(admin.TabularInline[Model, Model]):
     model = GasPrice
     extra = 0
     verbose_name_plural = "Gas prices set for this chain"
 
 
-class FeatureInline(admin.TabularInline[Model]):
+class FeatureInline(admin.TabularInline[Model, Model]):
     model = Feature.chains.through
     extra = 0
     verbose_name_plural = "Features enabled for this chain"
 
 
-class WalletInline(admin.TabularInline[Model]):
+class WalletInline(admin.TabularInline[Model, Model]):
     model = Wallet.chains.through
     extra = 0
     verbose_name_plural = "Wallets enabled for this chain"

src/chains/migrations/0036_alter_chain_transaction_service_uri_and_more.py

@@ -0,0 +1,29 @@
+# Generated by Django 4.0.3 on 2022-03-23 09:39
+
+from django.db import migrations, models
+
+import chains.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("chains", "0035_alter_chain_currency_logo_uri"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="chain",
+            name="transaction_service_uri",
+            field=models.CharField(
+                max_length=255, validators=[chains.models.validate_tx_service_url]
+            ),
+        ),
+        migrations.AlterField(
+            model_name="chain",
+            name="vpc_transaction_service_uri",
+            field=models.CharField(
+                max_length=255, validators=[chains.models.validate_tx_service_url]
+            ),
+        ),
+    ]