Merge 410739c into f671cf9

release-engineering · Oct 25, 2022 · 5234143 · 5234143
2 parents f671cf9 + 410739c
commit 5234143
Show file tree

Hide file tree

Showing 18 changed files with 967 additions and 290 deletions.
diff --git a/.copr/Makefile b/.copr/Makefile
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,8 @@
+.git/
+.tox/
+.*_cache/
+__pycache__/
+dist/
+htmlcov/
+*.egg-info/
+Dockerfile
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,9 @@
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "monthly"
diff --git a/.github/workflows/gating.yaml b/.github/workflows/gating.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.6"]
+        python-version: ["3.9"]
 
     steps:
       - uses: actions/checkout@v3
@@ -30,9 +30,7 @@ jobs:
           pip install tox
 
       - name: Test with tox
-        run: |
-          PY=py$(echo ${{ matrix.python-version }} | tr -d ".")
-          tox -e ${PY}
+        run: tox -e py
 
       - name: Run coveralls-python
         env:
@@ -59,6 +57,33 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  linters:
+    name: Linters
+    strategy:
+      matrix:
+        tox_env:
+          - bandit
+          - lint
+          - docs
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: "3.9"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install tox
+
+      - name: Test '${{ matrix.tox_env }}' with tox
+        run: tox -e ${{ matrix.tox_env }}
+
   hadolint:
     name: Hadolint
     runs-on: ubuntu-latest
@@ -88,7 +113,7 @@ jobs:
       GH_REGISTRY: ghcr.io/${{ github.actor }}
     strategy:
       matrix:
-        python-version: ["3.6"]
+        python-version: ["3.9"]
 
     steps:
       - uses: actions/checkout@v3
@@ -98,6 +123,14 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
 
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install poetry tox tox-gh-actions
+
+      - name: Update the Application Version
+        run: poetry version "$(./get-version.sh)"
+
       - name: Get image tag from git branch
         id: get-image-tag
         run: |
@@ -114,6 +147,8 @@ jobs:
             ${{ github.ref == 'refs/heads/master' && 'latest' || '' }}
             ${{ github.sha }}
           containerfiles: Dockerfile
+          build-args: |
+            GITHUB_SHA=${{ github.sha }}
 
       - name: Log in to the image registry
         if: github.event_name == 'push' && github.actor != 'dependabot[bot]'

diff --git a/.tito/packages/.readme b/.tito/packages/.readme
diff --git a/.tito/packages/product-listings-manager b/.tito/packages/product-listings-manager
diff --git a/.tito/templates/__init__.py.in b/.tito/templates/__init__.py.in
diff --git a/.tito/tito.props b/.tito/tito.props
diff --git a/Dockerfile b/Dockerfile
@@ -1,49 +1,82 @@
-FROM registry.fedoraproject.org/fedora:36
+FROM registry.access.redhat.com/ubi8/ubi:8.5 as builder
+
+# hadolint ignore=DL3033,DL4006,SC2039,SC3040
+RUN set -exo pipefail \
+    && mkdir -p /mnt/rootfs \
+    # install builder dependencies
+    && yum install -y \
+        --setopt install_weak_deps=false \
+        --nodocs \
+        gcc \
+        krb5-devel \
+        python39 \
+        python39-devel \
+    # install runtime dependencies
+    && yum install -y \
+        --installroot=/mnt/rootfs \
+        --releasever=8 \
+        --setopt install_weak_deps=false \
+        --nodocs \
+        python39 \
+    && yum --installroot=/mnt/rootfs clean all \
+    && rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* \
+    # https://python-poetry.org/docs/master/#installing-with-the-official-installer
+    && curl -sSL https://install.python-poetry.org | python3 - \
+    && python3 -m venv /venv
+
+ENV \
+    PIP_DEFAULT_TIMEOUT=100 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PYTHONFAULTHANDLER=1 \
+    PYTHONHASHSEED=random \
+    PYTHONUNBUFFERED=1
+
+WORKDIR /build
+COPY . .
+# hadolint ignore=SC1091
+RUN set -ex \
+    && export PATH=/root/.local/bin:$PATH \
+    && . /venv/bin/activate \
+    && pip install --no-cache-dir -r requirements.txt \
+    && poetry build --format=wheel \
+    && version=$(poetry version --short) \
+    && pip install --no-cache-dir dist/product_listings_manager-"$version"-py3*.whl \
+    && deactivate \
+    && mv /venv /mnt/rootfs \
+    && mkdir -p /mnt/rootfs/src/docker \
+    && cp -v docker/docker-entrypoint.sh /mnt/rootfs/src/docker
+
+# --- Final image
+FROM scratch
+ARG GITHUB_SHA
 LABEL \
     name="product-listings-manager" \
     vendor="product-listings-manager developers" \
+    summary="Product Listings Manager application" \
+    description="HTTP API for finding product listings and interacting with data in composedb." \
+    maintainer="Red Hat, Inc." \
     license="MIT" \
-    build-date=""
+    url="https://github.com/release-engineering/product-listings-manager" \
+    vcs-type="git" \
+    vcs-ref=$GITHUB_SHA \
+    io.k8s.display-name="Product Listings Manager"
 
-RUN yum -y install \
-        --setopt=install_weak_deps=false \
-        --setopt=tsflags=nodocs \
-        git-core \
-        python3 \
-        python3-flask \
-        python3-flask-restful \
-        python3-flask-sqlalchemy \
-        python3-gunicorn \
-        python3-koji \
-        python3-pip \
-        python3-psycopg2 \
-        python3-sqlalchemy
+ENV \
+    PYTHONFAULTHANDLER=1 \
+    PYTHONHASHSEED=random \
+    PYTHONUNBUFFERED=1 \
+    WEB_CONCURRENCY=8
 
-WORKDIR /var/www/product-listings-manager
-
-# Restore working tree from current git commit in container.
-COPY .git .git
-RUN git reset --hard HEAD \
-    && git checkout HEAD
-
-# Clean up.
-RUN yum -y remove git-core \
-    && yum -y clean all \
-    && rm -rf /var/cache/yum \
-    && rm -rf /tmp/*
-
-ARG cacert_url
-RUN if [ -n "$cacert_url" ]; then \
-        cd /etc/pki/ca-trust/source/anchors \
-        && curl -O --insecure $cacert_url \
-        && update-ca-trust extract; \
-    fi
+COPY --from=builder /mnt/rootfs/ /
+COPY --from=builder /etc/yum.repos.d/ubi.repo /etc/yum.repos.d/ubi.repo
+WORKDIR /src
 
 USER 1001
-EXPOSE 5000
-
-ENTRYPOINT [ \
-    "/usr/bin/gunicorn-3", \
+EXPOSE 8080
+ENTRYPOINT ["/src/docker/docker-entrypoint.sh"]
+CMD [ \
+    "gunicorn", \
     "--bind=0.0.0.0:5000", \
     "--access-logfile=-", \
     "--enable-stdio-inheritance", \

diff --git a/MANIFEST.in b/MANIFEST.in
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+set -e
+
+if [ -z "$GREENWAVE_CONFIG"]; then
+    if [ -f /etc/greenwave/settings.py ]; then
+        export GREENWAVE_CONFIG=/etc/greenwave/settings.py
+    elif [ -f /src/conf/settings.py ]; then
+        export GREENWAVE_CONFIG=/src/conf/settings.py
+    else
+        export GREENWAVE_CONFIG=/src/conf/settings.py.example
+    fi
+fi
+
+if [ -z "$GREENWAVE_SUBJECT_TYPES_DIR"]; then
+    if [ -d /etc/greenwave/subject_types ]; then
+        export GREENWAVE_SUBJECT_TYPES_DIR=/etc/greenwave/subject_types
+    else
+        export GREENWAVE_SUBJECT_TYPES_DIR=/src/conf/subject_types
+    fi
+fi
+
+if [ -z "$GREENWAVE_POLICIES_DIR"]; then
+    if [ -d /etc/greenwave/policies ]; then
+        export GREENWAVE_POLICIES_DIR=/etc/greenwave/policies
+    else
+        export GREENWAVE_POLICIES_DIR=/src/conf/policies
+    fi
+fi
+
+. /venv/bin/activate
+exec "$@"
diff --git a/get-version.sh b/get-version.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# SPDX-License-Identifier: GPL-2.0+
+
+# Prints the current version based on the current git revision.
+
+set -e
+
+name=greenwave
+
+if [[ -n "$GITHUB_SHA" ]]; then
+    if [[ $GITHUB_REF =~ ^ref/tags/$name- ]]; then
+        echo "${GITHUB_REF#refs/tags/$name-}"
+    else
+        last_version=$(poetry version --short)
+        echo "$last_version+git.${GITHUB_SHA:0:7}"
+    fi
+    exit
+fi
+
+if [ "$(git tag | wc -l)" -eq 0 ] ; then
+    # never been tagged since the project is just starting out
+    lastversion="0.0"
+    revbase=""
+else
+    lasttag="$(git describe --abbrev=0 HEAD)"
+    lastversion="${lasttag##${name}-}"
+    revbase="^$lasttag"
+fi
+if [ "$(git rev-list $revbase HEAD | wc -l)" -eq 0 ] ; then
+    # building a tag
+    version="$lastversion"
+else
+    # git builds count as a pre-release of the next version
+    version="$lastversion"
+    version="${version%%[a-z]*}" # strip non-numeric suffixes like "rc1"
+    # increment the last portion of the version
+    version="${version%.*}.$((${version##*.} + 1))"
+    commitcount=$(git rev-list $revbase HEAD | wc -l)
+    commitsha=$(git rev-parse --short HEAD)
+    version="${version}.dev${commitcount}+git.${commitsha}"
+fi
+
+echo $version