[WIP] Implement Github Actions CI/CD Pipeline

.github/auto_assign.yml

@@ -0,0 +1,14 @@
+# Set to true to add reviewers to pull requests
+addReviewers: true
+
+# Set to true to add assignees to pull requests
+addAssignees: false
+
+# A list of reviewers to be added to pull requests (GitHub user name)
+reviewers:
+  - maheshkasabe
+  - mrhacker4657
+
+# A number of reviewers added to the pull request
+# Set 0 to add all the reviewers (default: 0)
+numberOfReviewers: 0

.github/pr-labeler.yml

@@ -0,0 +1,3 @@
+feature: ['feature/*', 'feat/*']
+fix: fix/*
+chore :hammer:: chore/*

.github/workflows/Image_scan.yaml

@@ -0,0 +1,24 @@
+name: Trivy Docker Image Scan 
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Build an image from Dockerfile
+        run: docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
+          format: 'table'
+          exit-code: '0'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'

.github/workflows/assign_pr.yaml

@@ -0,0 +1,12 @@
+name: 'Auto Assign'
+on:
+  pull_request_target:
+    types: [opened, ready_for_review]
+
+jobs:
+  add-reviews:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: kentaro-m/[email protected]
+        with:
+          configuration-path: '.github/auto_assign.yml' # Only needed if you use something other than .github/auto_assign.yml

.github/workflows/branch_labeler.yaml

@@ -0,0 +1,32 @@
+name: PR Labeler
+on: pull_request_target
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  pr-labeler:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: branch-label
+        uses: TimonVS/pr-labeler-action@v4
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value
+
+      - name: size-label
+        uses: "pascalgn/[email protected]"
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        with:
+          sizes: >
+            {
+              "0": "XS",
+              "20": "S",
+              "50": "M",
+              "200": "L",
+              "800": "XL",
+              "2000": "XXL"
+            }

.github/workflows/ci-graphspace.yaml

@@ -0,0 +1,32 @@
+name: Docker Build & Push Graphspace
+
+on: [push, pull_request]
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: login to docker hub 
+      uses: docker/login-action@v2
+      with: 
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_TOKEN }}
+
+    - name: Set outputs
+      id: vars
+      if: ${{ github.ref == 'refs/heads/master' }}
+      run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+    - name: create image
+      run: docker build -t graphspace . 
+
+    - name: push image 
+      if: ${{ github.ref == 'refs/heads/master' }}
+      run: |
+        docker tag graphspace maheshkasbe/graphspace:${{ steps.vars.outputs.sha_short }}
+        docker tag graphspace maheshkasbe/graphspace:latest
+        docker push maheshkasbe/graphspace:latest
+        docker push maheshkasbe/graphspace:${{ steps.vars.outputs.sha_short }}

.github/workflows/deploy.yaml

@@ -0,0 +1,48 @@
+name: Push to ECR
+
+on: [push, pull_request]
+
+jobs:
+   deploy:
+    runs-on: ubuntu-latest  
+    steps:
+
+    - name: Check out code
+      uses: actions/checkout@v2
+
+    - name: Build the Docker-compose file
+      run: docker-compose -f "docker-compose.yaml" up -d --build
+
+    - name: Show containers
+      run: docker ps -a
+
+    - name: Configure AWS credentials
+      if: ${{ github.ref == 'refs/heads/master' }}
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-1
+
+    - name: Login to Amazon ECR
+      if: ${{ github.ref == 'refs/heads/master' }}
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v1
+      with:
+          registry-type: public
+
+    - name: Set outputs
+      id: vars
+      if: ${{ github.ref == 'refs/heads/master' }}
+      run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+    - name: Build, tag, and push image to Amazon ECR
+      if: ${{ github.ref == 'refs/heads/master' }}
+      env:
+        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        REGISTRY_ALIAS: ${{ secrets.AWS_REGISTRY_ALIAS }}
+        ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPOSITORY }}
+        IMAGE_TAG: ${{ steps.vars.outputs.sha_short }}
+      run: |
+        docker build -t $ECR_REGISTRY/$REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG .
+        docker push $ECR_REGISTRY/$REGISTRY_ALIAS/$ECR_REPOSITORY:$IMAGE_TAG

.github/workflows/issue_label.yaml

@@ -0,0 +1,14 @@
+name: Labeling new issue
+on:
+  issues:
+    types: ['opened','edited']
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: Renato66/auto-label@v2
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          ignore-comments: true
+          labels-synonyms: '{"bug":["error","need fix","not working"],"enhancement":["upgrade"],"question":["help"]}'
+          labels-not-allowed: '["good first issue"]'

.gitignore

@@ -3,7 +3,6 @@
 
 # Ignore updates to production.py,
 # It's meant to be local
-production.py
 
 # Ignore Mac DS_Store files
 .DS_Store

Dockerfile

@@ -0,0 +1,14 @@
+FROM ubuntu:18.04
+WORKDIR /app
+RUN apt-get -y update && apt-get install -y \
+    npm \
+    git \
+    libpq-dev \
+    libxml2 \
+    libxslt-dev
+RUN npm install bower -g
+RUN apt-get install -y python-pip && pip install --upgrade pip
+COPY . /app
+RUN pip install -r requirements.txt
+RUN sh install.sh
+EXPOSE 8000

README.md

@@ -14,6 +14,7 @@ Requirements
 Installation Instructions
 ===================================
 * [Running GraphSpace Locally](https://github.com/Murali-group/GraphSpace/wiki/Running-GraphSpace-locally)
+* [Running Graphspace Locally using Docker & Docker‐Compose](https://github.com/Murali-group/GraphSpace/wiki/Running-Graphspace-using-Docker-&-Docker‐Compose)
 * [Running GraphSpace on Apache](https://github.com/Murali-group/GraphSpace/wiki/Running-GraphSpace-on-Apache)
 
 Documentation

bower.json

@@ -23,11 +23,9 @@
     "animate.css": "^3.5.2",
     "cytoscape": "^2.7.11",
     "webcola": "^3.3.0",
-    "bootstrap": "^3.3.7",
     "cytoscape-cola": "^1.6.0",
     "intro.js": "^2.4.0",
     "jquery-ui": "^1.12.1",
-    "bootstrap-table": "^1.11.0",
     "cytoscape-panzoom": "^2.4.0",
     "select2": "select2-dist#^4.0.3",
     "cytoscape-context-menus": "^2.1.1",

db.sh

@@ -0,0 +1,7 @@
+#!bin/sh
+echo "enabling pg_trgm & btree_gin on database $POSTGRES_DB"
+psql -U $POSTGRES_USER --dbname="$POSTGRES_DB" <<-'EOSQL'
+create extension if not exists pg_trgm;
+create extension if not exists btree_gin;
+EOSQL
+echo "finished with exit code $?"

docker-compose.prod.yaml

@@ -0,0 +1,15 @@
+version: "3.4"
+services:
+  graphspace:
+    restart: always
+    stdin_open: true # docker run -i
+    tty: true # docker run -t
+    build:
+      context: .
+    ports:
+      - "8000:8000"
+    env_file:
+      - ./secrets.env
+    command: >
+      sh -c "python manage.py migrate && 
+              python manage.py runserver"

docker-compose.yaml

@@ -0,0 +1,49 @@
+version: "3.4"
+services:
+  db:
+    image: postgres:9.6
+    restart: always
+    environment:
+      POSTGRES_DB: graphspace
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    ports:
+      - "5432:5432"
+    volumes:
+      - pgdata:/var/lib/PostgreSQL/data
+      - ./db.sh:/docker-entrypoint-initdb.d/create_extensions.sh
+
+  elasticsearch:
+    restart: always
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.5.2
+    ports:
+      - "9200:9200"
+    environment:
+      - discovery.type=single-node
+    volumes:
+      - esdata:/var/lib/elasticsearch/data
+
+  graphspace:
+    restart: always
+    image: maheshkasbe/graphspace:latest
+    environment:
+      POSTGRES_HOST: db
+      POSTGRES_DB: graphspace
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    stdin_open: true # docker run -i
+    tty: true # docker run -t
+    # build:
+    #   context: .
+    ports:
+      - "8000:8000"
+    command: >
+      sh -c "python manage.py migrate --settings=graphspace.settings.local && 
+            python manage.py runserver 0.0.0.0:8000 --settings=graphspace.settings.local"
+    depends_on:
+      - db
+      - elasticsearch
+
+volumes:
+  pgdata:
+  esdata:

graphspace/settings/base.py

@@ -140,7 +140,8 @@
 )
 
 BASE = declarative_base()
-ELASTIC_CLIENT = Elasticsearch()
+# for connecting with elasticsearch client using hostname and port
+ELASTIC_CLIENT = Elasticsearch(['elasticsearch:9200'])
 
 LOGGING = {
     'version': 1,

graphspace/settings/local.py

@@ -36,14 +36,14 @@
 # http://stackoverflow.com/questions/4642011/test-sending-email-without-email-server
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 
-
+# Added enviornment variable option to run with doccker-compose file and also with local dev setup
 DATABASES = {
     'default': {
         'ENGINE': 'django.db.backends.postgresql_psycopg2',
-        'NAME': 'test_database',
-        'USER': 'adb',
-        'PASSWORD': '',
-        'HOST': 'localhost',
+        'NAME':  os.environ.get('POSTGRES_DB', 'graphspace'),
+        'USER':  os.environ.get('POSTGRES_USER', 'postgres'),
+        'PASSWORD': os.environ.get('POSTGRES_PASSWORD', 'postgres'),
+        'HOST': os.environ.get('POSTGRES_HOST', 'localhost'),
         'PORT': '5432'
     }
 }

graphspace/settings/production.py

@@ -0,0 +1,49 @@
+from graphspace.settings.base import *
+
+# variables for setting up account through which GraphSpace emails
+EMAIL_HOST = os.environ.get('EMAIL_HOST')
+EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER')
+EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD')
+
+# If error is thrown, display the error in the browser (ONLY FOR LOCAL MACHINES)
+DEBUG = os.environ.get('DEBUG')
+TEMPLATE_DEBUG = os.environ.get('TEMPLATE_DEBUG')
+MAINTENANCE = os.environ.get('MAINTENANCE')
+
+# URL through which to access graphspace
+URL_PATH = os.environ.get('URL_PATH')
+
+# If tracking is enabled for GraphSpace in Google Analytics
+GOOGLE_ANALYTICS_PROPERTY_ID = os.environ.get('GOOGLE_ANALYTICS_PROPERTY_ID')
+
+# Keys given by creating a requestor account on Amazon Mechanical Turk (https://www.mturk.com/mturk/welcome)
+AWSACCESSKEYID = os.environ.get('AWSACCESSKEYID')
+SECRETKEY = os.environ.get('SECRETKEYOST')
+
+# Path to GraphSPace
+PATH = os.environ.get('PATH', '/path_to_graphspace')
+
+# SHOULD NEVER CHANGE THIS VALUE
+SECRET_KEY = os.environ.get('SECRET_KEY')
+
+# If needing to test on production mturk account (real money)
+# AWS_URL = 'https://mechanicalturk.amazonaws.com'
+
+# Sandbox (development) MTURK (fake money used)
+AWS_URL = os.environ.get('AWS_URL')
+
+# To configure the application to use the Console Backend for sending e-mail. It writes e-mails to standard out instead of sending them.
+# http://stackoverflow.com/questions/4642011/test-sending-email-without-email-server
+EMAIL_BACKEND = os.environ.get('EMAIL_BACKEND')
+
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'NAME':  os.environ.get('POSTGRES_DB'),
+        'USER':  os.environ.get('POSTGRES_USER'),
+        'PASSWORD': os.environ.get('POSTGRES_PASSWORD'),
+        'HOST': os.environ.get('POSTGRES_HOST'),
+        'PORT': os.environ.get('POSTGRES_PORT')
+    }
+}