From fa7370d537e4f41af2e72786260ae6c6a3d04581 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Aug 2023 17:56:25 +0000 Subject: [PATCH 01/27] chore(deps-dev): bump flask from 2.3.2 to 2.3.3 Bumps [flask](https://github.com/pallets/flask) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/flask/compare/2.3.2...2.3.3) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index cd6c8e3b..9b143ffa 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,7 @@ classifiers = ["Programming Language :: Python :: 3 :: Only"] description = "Server implementation of the Eligibility Verification API" dependencies = [ "eligibility-api==2023.6.1", - "Flask==2.3.2", + "Flask==2.3.3", "Flask-RESTful==0.3.10", "Flask-SQLAlchemy==3.0.5", "requests==2.31.0" From 0517cb0bc7eb4dc1f219adc60aed28ab6bc5d6dd Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Wed, 30 Aug 2023 17:51:08 +0000 Subject: [PATCH 02/27] fix(terraform): disable always_on setting is redundant with the healthcheck and causes 404 response since the root URL is not a valid endpoint --- terraform/app_service.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/app_service.tf b/terraform/app_service.tf index 189c3a95..bf60fe14 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -19,6 +19,7 @@ resource "azurerm_linux_web_app" "main" { https_only = true site_config { + always_on = false ftps_state = "Disabled" http2_enabled = true From 4816ed2f0010a21c54d609d2f99faa597c516c31 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Thu, 31 Aug 2023 00:31:07 +0000 Subject: [PATCH 03/27] refactor: split out pipeline into two stages second stage requires environment with approval check. change 'terraform plan' step to always run. --- terraform/pipeline/azure-pipelines.yml | 95 ++++++++++++++++++++------ 1 file changed, 75 insertions(+), 20 deletions(-) diff --git a/terraform/pipeline/azure-pipelines.yml b/terraform/pipeline/azure-pipelines.yml index 9ec60c77..dcc53629 100644 --- a/terraform/pipeline/azure-pipelines.yml +++ b/terraform/pipeline/azure-pipelines.yml @@ -10,12 +10,13 @@ trigger: paths: include: - terraform/* +pool: + vmImage: ubuntu-latest + stages: - - stage: terraform - pool: - vmImage: ubuntu-latest + - stage: TerraformPlan jobs: - - job: terraform + - job: Plan variables: - name: OTHER_SOURCE value: $[variables['System.PullRequest.SourceBranch']] @@ -28,7 +29,8 @@ stages: # https://learn.microsoft.com/en-us/azure/devops/pipelines/process/set-variables-scripts?view=azure-devops&tabs=bash#about-tasksetvariable - bash: | WORKSPACE=$(python terraform/pipeline/workspace.py) - echo "##vso[task.setvariable variable=workspace]$WORKSPACE" + echo "##vso[task.setvariable variable=workspace;isOutput=true]$WORKSPACE" + name: setvars displayName: Determine deployment environment env: REASON: $(Build.Reason) @@ -59,7 +61,7 @@ stages: provider: azurerm command: custom customCommand: workspace - commandOptions: select $(workspace) + commandOptions: select $(setvars.workspace) workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" # service connection environmentServiceNameAzureRM: deployer @@ -70,21 +72,74 @@ stages: command: plan # wait for lock to be released, in case being used by another pipeline run # https://discuss.hashicorp.com/t/terraform-plan-wait-for-lock-to-be-released/6870/2 - commandOptions: -input=false -lock-timeout=5m + commandOptions: -input=false -lock-timeout=5m -out=$(Build.ArtifactStagingDirectory)/tfplan workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" # service connection environmentServiceNameAzureRM: deployer - # the plan is done as part of the apply (below), so don't bother doing it twice - condition: notIn(variables['Build.SourceBranchName'], 'dev', 'test', 'prod') - - task: TerraformTaskV3@3 - displayName: Terraform apply - inputs: - provider: azurerm - command: apply - # (ditto the lock comment above) - commandOptions: -input=false -lock-timeout=5m - workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" - # service connection - environmentServiceNameAzureRM: deployer - # only run on certain branches + # need to publish the tfplan to used by next stage if it's going to run + - publish: "$(Build.ArtifactStagingDirectory)" + displayName: "Publish tfplan for use in TerraformApply" + artifact: savedPlan condition: in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod') + - stage: TerraformApply + dependsOn: TerraformPlan + variables: + - name: workspace + value: $[ dependencies.TerraformPlan.outputs['Plan.setvars.workspace'] ] + # only run on dev, test, or prod branches + condition: in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod') + jobs: + - deployment: Apply + condition: succeeded() + environment: Approval + variables: + - name: workspace + value: $[ stageDependencies.TerraformPlan.Plan.outputs['setvars.workspace'] ] + strategy: + runOnce: + deploy: + steps: + - checkout: self + - download: current + displayName: "Download plan file published from TerraformPlan" + artifact: savedPlan + - task: TerraformInstaller@0 + displayName: Install Terraform + inputs: + terraformVersion: 1.3.1 + # https://github.com/microsoft/azure-pipelines-terraform/tree/main/Tasks/TerraformTask/TerraformTaskV3#readme + - task: TerraformTaskV3@3 + displayName: Terraform init + inputs: + provider: azurerm + command: init + workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" + # https://developer.hashicorp.com/terraform/tutorials/automation/automate-terraform#automated-terraform-cli-workflow + commandOptions: -input=false + # service connection + backendServiceArm: deployer + # needs to match main.tf + backendAzureRmResourceGroupName: courtesy-cards-eligibility-terraform + backendAzureRmStorageAccountName: courtesycardsterraform + backendAzureRmContainerName: tfstate + backendAzureRmKey: terraform.tfstate + - task: TerraformTaskV3@3 + displayName: Select environment + inputs: + provider: azurerm + command: custom + customCommand: workspace + commandOptions: select $(workspace) + workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" + # service connection + environmentServiceNameAzureRM: deployer + - task: TerraformTaskV3@3 + displayName: Terraform apply + inputs: + provider: azurerm + command: apply + # (ditto the lock comment above) + commandOptions: -input=false -lock-timeout=5m $(Pipeline.Workspace)/savedPlan/tfplan + workingDirectory: "$(System.DefaultWorkingDirectory)/terraform" + # service connection + environmentServiceNameAzureRM: deployer From b98875800158eff1a623393fff391549297a8937 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Thu, 31 Aug 2023 00:37:20 +0000 Subject: [PATCH 04/27] feat: add support for tag-based trigger --- terraform/pipeline/azure-pipelines.yml | 34 +++++++++++++++++++++++--- terraform/pipeline/tag.py | 19 ++++++++++++++ terraform/pipeline/workspace.py | 6 +++++ 3 files changed, 56 insertions(+), 3 deletions(-) create mode 100644 terraform/pipeline/tag.py diff --git a/terraform/pipeline/azure-pipelines.yml b/terraform/pipeline/azure-pipelines.yml index dcc53629..0d3f0439 100644 --- a/terraform/pipeline/azure-pipelines.yml +++ b/terraform/pipeline/azure-pipelines.yml @@ -6,10 +6,15 @@ trigger: - dev - test - prod + tags: + include: + - 20??.??.?*-rc?* + - 20??.??.?* # only run for changes to Terraform files paths: include: - terraform/* + pool: vmImage: ubuntu-latest @@ -22,6 +27,8 @@ stages: value: $[variables['System.PullRequest.SourceBranch']] - name: INDIVIDUAL_SOURCE value: $[variables['Build.SourceBranchName']] + - name: IS_TAG + value: $[startsWith(variables['Build.SourceBranch'], 'refs/tags/')] - name: TARGET value: $[variables['System.PullRequest.TargetBranch']] steps: @@ -30,6 +37,9 @@ stages: - bash: | WORKSPACE=$(python terraform/pipeline/workspace.py) echo "##vso[task.setvariable variable=workspace;isOutput=true]$WORKSPACE" + + TAG_TYPE=$(python terraform/pipeline/tag.py) + echo "##vso[task.setvariable variable=tag_type;isOutput=true]$TAG_TYPE" name: setvars displayName: Determine deployment environment env: @@ -80,14 +90,30 @@ stages: - publish: "$(Build.ArtifactStagingDirectory)" displayName: "Publish tfplan for use in TerraformApply" artifact: savedPlan - condition: in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod') + condition: | + or( + in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod'), + or( + eq(variables['setvars.tag_type'], 'test'), + eq(variables['setvars.tag_type'], 'prod') + ) + ) - stage: TerraformApply dependsOn: TerraformPlan variables: - name: workspace value: $[ dependencies.TerraformPlan.outputs['Plan.setvars.workspace'] ] - # only run on dev, test, or prod branches - condition: in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod') + - name: tag_type + value: $[ dependencies.TerraformPlan.outputs['Plan.setvars.tag_type'] ] + # only run on dev, test, or prod branches OR if it's a tag for test or prod + condition: | + or( + in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod'), + or( + eq(variables['tag_type'], 'test'), + eq(variables['tag_type'], 'prod') + ) + ) jobs: - deployment: Apply condition: succeeded() @@ -95,6 +121,8 @@ stages: variables: - name: workspace value: $[ stageDependencies.TerraformPlan.Plan.outputs['setvars.workspace'] ] + - name: tag_type + value: $[ stageDependencies.TerraformPlan.Plan.outputs['setvars.tag_type'] ] strategy: runOnce: deploy: diff --git a/terraform/pipeline/tag.py b/terraform/pipeline/tag.py new file mode 100644 index 00000000..4c33f209 --- /dev/null +++ b/terraform/pipeline/tag.py @@ -0,0 +1,19 @@ +import os +import re + +REASON = os.environ["REASON"] +# use variable corresponding to tag triggers +SOURCE = os.environ["INDIVIDUAL_SOURCE"] +IS_TAG = os.environ["IS_TAG"].lower() == "true" + +if REASON == "IndividualCI" and IS_TAG: + if re.fullmatch(r"20\d\d.\d\d.\d+-rc\d+", SOURCE): + tag_type = "test" + elif re.fullmatch(r"20\d\d.\d\d.\d+", SOURCE): + tag_type = "prod" + else: + tag_type = None +else: + tag_type = None + +print(tag_type) diff --git a/terraform/pipeline/workspace.py b/terraform/pipeline/workspace.py index 526296e8..b63d23ca 100644 --- a/terraform/pipeline/workspace.py +++ b/terraform/pipeline/workspace.py @@ -1,10 +1,12 @@ import os +import re import sys REASON = os.environ["REASON"] # the name of the variable that Azure Pipelines uses for the source branch depends on the type of run, so need to check both SOURCE = os.environ.get("OTHER_SOURCE") or os.environ["INDIVIDUAL_SOURCE"] TARGET = os.environ["TARGET"] +IS_TAG = os.environ["IS_TAG"].lower() == "true" # the branches that correspond to environments ENV_BRANCHES = ["dev", "test", "prod"] @@ -15,6 +17,10 @@ elif REASON in ["IndividualCI", "Manual"] and SOURCE in ENV_BRANCHES: # it's being run on one of the environment branches, so use that environment = SOURCE +elif REASON in ["IndividualCI"] and IS_TAG and re.fullmatch(r"20\d\d.\d\d.\d+-rc\d+", SOURCE): + environment = "test" +elif REASON in ["IndividualCI"] and IS_TAG and re.fullmatch(r"20\d\d.\d\d.\d+", SOURCE): + environment = "prod" else: # default to running against dev environment = "dev" From 3610f019fa1abe4e0df7f3d2736241ae67d13072 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Thu, 31 Aug 2023 00:38:56 +0000 Subject: [PATCH 05/27] fix: make PR trigger also only happen for Terraform file changes --- terraform/pipeline/azure-pipelines.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/terraform/pipeline/azure-pipelines.yml b/terraform/pipeline/azure-pipelines.yml index 0d3f0439..0b3ff7e2 100644 --- a/terraform/pipeline/azure-pipelines.yml +++ b/terraform/pipeline/azure-pipelines.yml @@ -1,6 +1,4 @@ trigger: - # automatically runs on pull requests - # https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github?view=azure-devops&tabs=yaml#pr-triggers branches: include: - dev @@ -15,6 +13,14 @@ trigger: include: - terraform/* +pr: + branches: + include: + - "*" + paths: + include: + - terraform/* + pool: vmImage: ubuntu-latest From eca6eef93281a535c5559d253667982ddcff13ca Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Thu, 31 Aug 2023 20:57:19 +0000 Subject: [PATCH 06/27] refactor: simplify condition by consolidating 'or' expression --- terraform/pipeline/azure-pipelines.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/terraform/pipeline/azure-pipelines.yml b/terraform/pipeline/azure-pipelines.yml index 0b3ff7e2..16b7aa3c 100644 --- a/terraform/pipeline/azure-pipelines.yml +++ b/terraform/pipeline/azure-pipelines.yml @@ -99,10 +99,8 @@ stages: condition: | or( in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod'), - or( - eq(variables['setvars.tag_type'], 'test'), - eq(variables['setvars.tag_type'], 'prod') - ) + eq(variables['setvars.tag_type'], 'test'), + eq(variables['setvars.tag_type'], 'prod') ) - stage: TerraformApply dependsOn: TerraformPlan @@ -115,10 +113,8 @@ stages: condition: | or( in(variables['Build.SourceBranchName'], 'dev', 'test', 'prod'), - or( - eq(variables['tag_type'], 'test'), - eq(variables['tag_type'], 'prod') - ) + eq(variables['tag_type'], 'test'), + eq(variables['tag_type'], 'prod') ) jobs: - deployment: Apply From 9c78e78f2892da33a4b5bb2a5a2b8f380c6c8c18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 17:06:26 +0000 Subject: [PATCH 07/27] chore(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/docker-publish.yml | 2 +- .github/workflows/mkdocs.yml | 2 +- .github/workflows/run-tests.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4ab2eec5..74235411 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v2 diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 73daf3e7..95f5ec99 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Docker Login to GitHub Container Registry uses: docker/login-action@v2 diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml index 0751c71a..6ea17f4d 100644 --- a/.github/workflows/mkdocs.yml +++ b/.github/workflows/mkdocs.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Deploy docs uses: mhausenblas/mkdocs-deploy-gh-pages@master diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index be47c86d..2cc3ee2a 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -8,7 +8,7 @@ jobs: tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: From e5f67db3f7e1fe23ffba4e8a3e8e0b216c454e2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 17:02:18 +0000 Subject: [PATCH 08/27] chore(deps-dev): bump flask-sqlalchemy from 3.0.5 to 3.1.0 Bumps [flask-sqlalchemy](https://github.com/pallets-eco/flask-sqlalchemy) from 3.0.5 to 3.1.0. - [Release notes](https://github.com/pallets-eco/flask-sqlalchemy/releases) - [Changelog](https://github.com/pallets-eco/flask-sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets-eco/flask-sqlalchemy/compare/3.0.5...3.1.0) --- updated-dependencies: - dependency-name: flask-sqlalchemy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 9b143ffa..104ced10 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,7 +9,7 @@ dependencies = [ "eligibility-api==2023.6.1", "Flask==2.3.3", "Flask-RESTful==0.3.10", - "Flask-SQLAlchemy==3.0.5", + "Flask-SQLAlchemy==3.1.0", "requests==2.31.0" ] dynamic = ["version"] From 1523110af8a89252819d82c87c85ae66e39b3d39 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Sep 2023 17:55:05 +0000 Subject: [PATCH 09/27] chore(deps-dev): bump flask-sqlalchemy from 3.1.0 to 3.1.1 Bumps [flask-sqlalchemy](https://github.com/pallets-eco/flask-sqlalchemy) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/pallets-eco/flask-sqlalchemy/releases) - [Changelog](https://github.com/pallets-eco/flask-sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets-eco/flask-sqlalchemy/compare/3.1.0...3.1.1) --- updated-dependencies: - dependency-name: flask-sqlalchemy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 104ced10..39d1a4ea 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,7 +9,7 @@ dependencies = [ "eligibility-api==2023.6.1", "Flask==2.3.3", "Flask-RESTful==0.3.10", - "Flask-SQLAlchemy==3.1.0", + "Flask-SQLAlchemy==3.1.1", "requests==2.31.0" ] dynamic = ["version"] From 11bee15cdff3554a3d144315a3c87a90ecc2523e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Sep 2023 17:59:51 +0000 Subject: [PATCH 10/27] chore(deps): bump docker/login-action from 2 to 3 Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 95f5ec99..324eb370 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@v4 - name: Docker Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} From a9b1fa4f5efa4fceefb6681d91cf9b7cdde3a520 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Sep 2023 17:59:54 +0000 Subject: [PATCH 11/27] chore(deps): bump docker/build-push-action from 4 to 5 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 95f5ec99..861d82a9 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -34,7 +34,7 @@ jobs: uses: docker/setup-buildx-action@v2 - name: Build, tag, and push image to GitHub Container Registry - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: builder: ${{ steps.buildx.outputs.name }} build-args: GIT-SHA=${{ github.sha }} From e3886b2959a51e5016bb64f5bb191421e112e439 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Sep 2023 17:59:57 +0000 Subject: [PATCH 12/27] chore(deps): bump docker/setup-buildx-action from 2 to 3 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 95f5ec99..f1f497f5 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -31,7 +31,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Build, tag, and push image to GitHub Container Registry uses: docker/build-push-action@v4 From f250a362dab5e5816b73b2a389bd5c831e741553 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 14 Sep 2023 22:57:30 +0000 Subject: [PATCH 13/27] chore(devcontainer): use black/flake8 extensions --- .devcontainer/devcontainer.json | 4 +++- .vscode/settings.json | 4 ++-- pyproject.toml | 5 ++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index cb5b195b..f2cb1ec1 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -27,7 +27,9 @@ "hashicorp.terraform", "mhutchie.git-graph", "ms-python.python", - "ms-python.vscode-pylance" + "ms-python.black-formatter", + "ms-python.flake8", + "tamasfe.even-better-toml" ] } } diff --git a/.vscode/settings.json b/.vscode/settings.json index 57f4dcd9..de645199 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -7,9 +7,9 @@ "files.trimFinalNewlines": true, "files.trimTrailingWhitespace": true, "[python]": { - "editor.defaultFormatter": "ms-python.python" + "editor.defaultFormatter": "ms-python.black-formatter" }, - "python.formatting.provider": "black", + "python.formatting.provider": "none", "python.languageServer": "Pylance", "python.linting.enabled": true, "python.linting.flake8Enabled": true, diff --git a/pyproject.toml b/pyproject.toml index 39d1a4ea..23936a14 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["setuptools>=64", "wheel"] +requires = ["setuptools>=65", "wheel"] build-backend = "setuptools.build_meta" [project] @@ -42,5 +42,8 @@ line-length = 127 target-version = ['py310'] include = '\.pyi?$' +[tool.pyright] +include = ["eligibility_server", "tests"] + [tool.setuptools] packages = ["eligibility_server"] From 68dd16f5a3231a71585c3fbcbdb723d797135751 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 14 Sep 2023 22:59:29 +0000 Subject: [PATCH 14/27] chore(devcontainer): simplify build --- .devcontainer/Dockerfile | 6 +++--- .devcontainer/devcontainer.json | 2 -- .devcontainer/postAttach.sh | 5 ----- 3 files changed, 3 insertions(+), 10 deletions(-) delete mode 100755 .devcontainer/postAttach.sh diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 7e90d990..168f17d6 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,12 +1,12 @@ FROM eligibility_server:latest -# install devcontainer requirements -RUN pip install -e .[dev,test] - # docs requirements are in a separate file for the GitHub Action COPY docs/requirements.txt docs/requirements.txt RUN pip install --no-cache-dir -r docs/requirements.txt +# install devcontainer requirements +RUN pip install -e .[dev,test] + # install pre-commit environments in throwaway Git repository # https://stackoverflow.com/a/68758943 COPY .pre-commit-config.yaml . diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index f2cb1ec1..c9dbe597 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -6,8 +6,6 @@ "runServices": ["dev", "docs"], "workspaceFolder": "/home/calitp/app", "postStartCommand": ["/bin/bash", "bin/init.sh"], - "postAttachCommand": ["/bin/bash", ".devcontainer/postAttach.sh"], - "customizations": { // Set *default* container specific settings.json values on container create. "vscode": { diff --git a/.devcontainer/postAttach.sh b/.devcontainer/postAttach.sh deleted file mode 100755 index 15ee70ca..00000000 --- a/.devcontainer/postAttach.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -set -eux - -# initialize hook environments -pre-commit install --install-hooks --overwrite From d009daccd116bb97bacb72b0150e0842684d936f Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 11 Sep 2023 22:34:09 +0000 Subject: [PATCH 15/27] chore(pre-commit): autoupdate hooks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/compilerla/conventional-pre-commit: v2.1.1 → v2.4.0](https://github.com/compilerla/conventional-pre-commit/compare/v2.1.1...v2.4.0) - [github.com/psf/black: 23.1.0 → 23.9.1](https://github.com/psf/black/compare/23.1.0...23.9.1) - [github.com/PyCQA/flake8: 6.0.0 → 6.1.0](https://github.com/PyCQA/flake8/compare/6.0.0...6.1.0) - [github.com/pycqa/bandit: 1.7.4 → 1.7.5](https://github.com/pycqa/bandit/compare/1.7.4...1.7.5) - [github.com/igorshubovych/markdownlint-cli: v0.33.0 → v0.36.0](https://github.com/igorshubovych/markdownlint-cli/compare/v0.33.0...v0.36.0) --- .pre-commit-config.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 14c0caea..67157190 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,7 +15,7 @@ default_stages: repos: - repo: https://github.com/compilerla/conventional-pre-commit - rev: v2.1.1 + rev: v2.4.0 hooks: - id: conventional-pre-commit stages: [commit-msg] @@ -33,27 +33,27 @@ repos: - id: check-added-large-files - repo: https://github.com/psf/black - rev: 23.1.0 + rev: 23.9.1 hooks: - id: black types: - python - repo: https://github.com/PyCQA/flake8 - rev: 6.0.0 + rev: 6.1.0 hooks: - id: flake8 types: - python - repo: https://github.com/pycqa/bandit - rev: 1.7.4 + rev: 1.7.5 hooks: - id: bandit args: ["-ll"] files: .py$ - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.33.0 + rev: v0.36.0 hooks: - id: markdownlint From 870b19b69ac21235076b5621eef83936988f2ee7 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 14 Sep 2023 23:43:56 +0000 Subject: [PATCH 16/27] feat(settings): add config item for request timeout --- eligibility_server/settings.py | 5 +++++ tests/test_settings.py | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/eligibility_server/settings.py b/eligibility_server/settings.py index 1cdfa6b5..7ba0a664 100644 --- a/eligibility_server/settings.py +++ b/eligibility_server/settings.py @@ -9,6 +9,7 @@ DEBUG_MODE = True HOST = "0.0.0.0" # nosec LOG_LEVEL = "INFO" +REQUEST_TIMEOUT = 5 # Database settings @@ -62,6 +63,10 @@ def host(self): def log_level(self): return str(current_app.config["LOG_LEVEL"]) + @property + def request_timeout(self): + return int(current_app.config["REQUEST_TIMEOUT"]) + # API settings @property diff --git a/tests/test_settings.py b/tests/test_settings.py index 6135338a..63232320 100644 --- a/tests/test_settings.py +++ b/tests/test_settings.py @@ -51,6 +51,17 @@ def test_configuration_log_level(mocker, configuration: Configuration): assert configuration.log_level == new_value +@pytest.mark.usefixtures("flask") +def test_configuration_request_timeout(mocker, configuration: Configuration): + assert configuration.request_timeout == settings.REQUEST_TIMEOUT + + new_value = 1000 + mocked_config = {"REQUEST_TIMEOUT": new_value} + mocker.patch.dict("eligibility_server.settings.current_app.config", mocked_config) + + assert configuration.request_timeout == new_value + + @pytest.mark.usefixtures("flask") def test_configuration_auth_header(mocker, configuration: Configuration): assert configuration.auth_header == settings.AUTH_HEADER From 58144e79b52a48e941aec02f0b7192b0de4eb908 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 14 Sep 2023 23:44:48 +0000 Subject: [PATCH 17/27] fix: use config timeout for all requests --- eligibility_server/db/setup.py | 4 ++-- eligibility_server/keypair.py | 2 +- tests/test_keypair.py | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/eligibility_server/db/setup.py b/eligibility_server/db/setup.py index 047cc81e..983b3ea0 100644 --- a/eligibility_server/db/setup.py +++ b/eligibility_server/db/setup.py @@ -64,7 +64,7 @@ def import_json_users(json_path, remote): data = {} if remote: # download the file to a dict - data = requests.get(json_path).json() + data = requests.get(json_path, timeout=config.request_timeout).json() else: # open the file and load to a dict with open(json_path) as file: @@ -82,7 +82,7 @@ def import_csv_users(csv_path, remote): temp_csv = None if remote: # download the content as text and write to a temp file - content = requests.get(csv_path).text + content = requests.get(csv_path, timeout=config.request_timeout).text # note we leave the temp file open so it exists later for reading temp_csv = NamedTemporaryFile(mode="w", encoding="utf-8") temp_csv.write(content) diff --git a/eligibility_server/keypair.py b/eligibility_server/keypair.py index 5614447f..47e4191b 100644 --- a/eligibility_server/keypair.py +++ b/eligibility_server/keypair.py @@ -17,7 +17,7 @@ def _read_key_file(key_path): return _CACHE[key_path] if key_path.startswith("http"): - data = requests.get(key_path).text + data = requests.get(key_path, timeout=config.request_timeout).text key = data.encode("utf8") else: with open(key_path, "rb") as pemfile: diff --git a/tests/test_keypair.py b/tests/test_keypair.py index f6664eaf..755bc35b 100644 --- a/tests/test_keypair.py +++ b/tests/test_keypair.py @@ -43,16 +43,16 @@ def test_read_key_file_local(mocker, sample_key_path_local, spy_open): assert key == file.read() -@pytest.mark.usefixtures("reset_cache") +@pytest.mark.usefixtures("reset_cache", "flask") def test_read_key_file_remote(sample_key_path_remote, spy_open, spy_requests_get): key = _read_key_file(sample_key_path_remote) # check that there was no call to open assert spy_open.call_count == 0 # check that we made a get request - spy_requests_get.assert_called_with(sample_key_path_remote) + spy_requests_get.assert_called_once_with(sample_key_path_remote, timeout=5) assert key - assert key == requests.get(sample_key_path_remote).text.encode("utf8") + assert key == requests.get(sample_key_path_remote, timeout=5).text.encode("utf8") @pytest.mark.usefixtures("reset_cache") From e4194e6ccb2a88da041f3fa403ddaa7452b0d9b9 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 15 Sep 2023 17:53:10 +0000 Subject: [PATCH 18/27] fix(docs): remove broken/unused extension --- docs/requirements.txt | 1 - mkdocs.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 80d1f6e3..f7699d91 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,4 +1,3 @@ -fontawesome_markdown mkdocs mkdocs-awesome-pages-plugin mkdocs-macros-plugin diff --git a/mkdocs.yml b/mkdocs.yml index a1152c46..82e6f06d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -57,4 +57,3 @@ markdown_extensions: # insert a blank space before the character permalink: " ¶" - smarty - - fontawesome_markdown From 72ae4f1ac1ca33cb0827fde3e759bfd3d13ae844 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Sep 2023 17:38:50 +0000 Subject: [PATCH 19/27] chore(deps-dev): bump eligibility-api from 2023.6.1 to 2023.9.1 Bumps [eligibility-api](https://github.com/cal-itp/eligibility-api) from 2023.6.1 to 2023.9.1. - [Release notes](https://github.com/cal-itp/eligibility-api/releases) - [Commits](https://github.com/cal-itp/eligibility-api/compare/2023.06.01...2023.09.1) --- updated-dependencies: - dependency-name: eligibility-api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 23936a14..b3d65a34 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "setuptools.build_meta" classifiers = ["Programming Language :: Python :: 3 :: Only"] description = "Server implementation of the Eligibility Verification API" dependencies = [ - "eligibility-api==2023.6.1", + "eligibility-api==2023.9.1", "Flask==2.3.3", "Flask-RESTful==0.3.10", "Flask-SQLAlchemy==3.1.1", From 2cff2e5b3a9110c017b4b76a32faf66581636f47 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Mon, 18 Sep 2023 20:39:32 +0000 Subject: [PATCH 20/27] chore(version): manage string in pyproject app code reads dynamically from installed package version --- eligibility_server/__init__.py | 8 ++++++-- pyproject.toml | 2 +- tests/test_app.py | 8 ++++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/eligibility_server/__init__.py b/eligibility_server/__init__.py index 1eb05ef3..3aa921e5 100644 --- a/eligibility_server/__init__.py +++ b/eligibility_server/__init__.py @@ -1,3 +1,7 @@ -__version__ = "2023.08.2" +from importlib.metadata import version, PackageNotFoundError -VERSION = __version__ +try: + __version__ = version("eligibility-server") +except PackageNotFoundError: + # package is not installed + pass diff --git a/pyproject.toml b/pyproject.toml index b3d65a34..c36cd562 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ dependencies = [ "Flask-SQLAlchemy==3.1.1", "requests==2.31.0" ] -dynamic = ["version"] +version = "2023.08.2" keywords = ["flask"] license = { file = "LICENSE" } name = "eligibility-server" diff --git a/tests/test_app.py b/tests/test_app.py index 341e9700..ea8e6850 100644 --- a/tests/test_app.py +++ b/tests/test_app.py @@ -1,6 +1,7 @@ """ Test app """ +import re from eligibility_server.settings import APP_NAME from eligibility_server.keypair import get_server_public_key @@ -31,3 +32,10 @@ def test_publickey(client): assert response.status_code == 200 assert response.mimetype == "text/plain" assert response.text == get_server_public_key().decode("utf-8") + + +def test_version(): + from eligibility_server import __version__ + + assert __version__ is not None + assert re.match(r"\d{4}\.\d{1,2}\.\d+", __version__) From 35c552b28b5299eea8749f434727aeed0f355f30 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Mon, 18 Sep 2023 20:41:52 +0000 Subject: [PATCH 21/27] chore: normalize pyproject structure --- pyproject.toml | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index c36cd562..b4d15f67 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,10 +1,11 @@ -[build-system] -requires = ["setuptools>=65", "wheel"] -build-backend = "setuptools.build_meta" - [project] -classifiers = ["Programming Language :: Python :: 3 :: Only"] +name = "eligibility-server" +version = "2023.09.1" description = "Server implementation of the Eligibility Verification API" +readme = "README.md" +license = { file = "LICENSE" } +classifiers = ["Programming Language :: Python :: 3 :: Only"] +requires-python = ">=3.9" dependencies = [ "eligibility-api==2023.9.1", "Flask==2.3.3", @@ -12,12 +13,6 @@ dependencies = [ "Flask-SQLAlchemy==3.1.1", "requests==2.31.0" ] -version = "2023.08.2" -keywords = ["flask"] -license = { file = "LICENSE" } -name = "eligibility-server" -readme = "README.md" -requires-python = ">=3.9" [project.optional-dependencies] dev = [ @@ -36,7 +31,10 @@ Code = "https://github.com/cal-itp/eligibility-server" Documentation = "https://docs.calitp.org/eligibility-server" Issues = "https://github.com/cal-itp/eligibility-server/issues" -# Configuration for black +[build-system] +requires = ["setuptools>=65", "wheel"] +build-backend = "setuptools.build_meta" + [tool.black] line-length = 127 target-version = ['py310'] From ba6f113522e5b5669b4714d139eaf768b34d5e96 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 15 Sep 2023 18:13:53 +0000 Subject: [PATCH 22/27] docs(configuration): creating keypairs --- .markdownlint.yaml | 3 +++ docs/configuration/README.md | 34 +++++++++++++++++++++++++++++++--- keys/README.md | 4 +++- 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 9de30c91..b6b146b4 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -13,3 +13,6 @@ MD024: false # Allow inline HTML MD033: false + +# Allow fenced code blocks +MD046: false diff --git a/docs/configuration/README.md b/docs/configuration/README.md index 621808f5..a62f529d 100644 --- a/docs/configuration/README.md +++ b/docs/configuration/README.md @@ -9,7 +9,35 @@ If you want to run with different settings, you should: 1. Set the `ELIGIBILITY_SERVER_SETTINGS` environment variable to the path of your new file !!! note -The Eligibility server loads in settings using Flask's methods for [Configuration Handling](https://flask.palletsprojects.com/en/2.2.x/config/). -!!! important -The default settings that will always be loaded are in [eligibility_server/settings.py](https://github.com/cal-itp/eligibility-server/blob/dev/eligibility_server/settings.py) + The Eligibility server loads in settings using Flask's methods for [Configuration Handling](https://flask.palletsprojects.com/en/2.3.x/config/). + +!!! note + + The default settings that will always be loaded are in [eligibility_server/settings.py](https://github.com/cal-itp/eligibility-server/blob/dev/eligibility_server/settings.py) + +## Creating a new keypair + +!!! warning + + The sample keys cannot be used for production. You must create and use a new keypair. + +To create a new keypair, start by creating the private key e.g. using [OpenSSL](https://www.openssl.org/docs/man3.1/man1/openssl-genrsa.html): + +```console +openssl genrsa -out private.pem -traditional 4096 +``` + +Next, extract the public key e.g. using [OpenSSL](https://www.openssl.org/docs/man3.1/man1/openssl-rsa.html): + +```console +openssl rsa -in private.pem -pubout -out public.pem +``` + +Now there are two files: + +- The private key, kept secret for this server instance only: `private.pem` +- The public key, shared with all clients of this server: `public.pem` + +The server instance also needs a public key reference from its client, so the above process should be repeated on the client- +side and the client's _public key_ should be shared with the server. diff --git a/keys/README.md b/keys/README.md index bc80db72..a649549b 100644 --- a/keys/README.md +++ b/keys/README.md @@ -1,3 +1,5 @@ # keys -*These keys are just samples*. They cannot be used for production systems. +_These keys are just samples_. They cannot be used for production systems. + +See more at From 24e7c3a07a96ed24f056d0064f211998a759cbda Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Tue, 19 Sep 2023 20:51:34 +0000 Subject: [PATCH 23/27] chore: update to Python 3.11, handle new behavior with csv 'quotechar' from https://docs.python.org/3.11/library/csv.html#csv.Dialect.quotechar, > Changed in version 3.11: An empty quotechar is not allowed. --- eligibility_server/db/setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eligibility_server/db/setup.py b/eligibility_server/db/setup.py index 983b3ea0..2ec0689d 100644 --- a/eligibility_server/db/setup.py +++ b/eligibility_server/db/setup.py @@ -98,7 +98,7 @@ def import_csv_users(csv_path, remote): file, delimiter=config.csv_delimiter, quoting=config.csv_quoting, - quotechar=config.csv_quotechar, + quotechar=config.csv_quotechar if config.csv_quotechar else None, ) for row in data: From a4ad552b04bbca4037fd00a2bd38d67cb2f91216 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Tue, 19 Sep 2023 21:18:25 +0000 Subject: [PATCH 24/27] chore: update Python version for GitHub workflows --- .github/workflows/.python-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/.python-version b/.github/workflows/.python-version index c8cfe395..2c073331 100644 --- a/.github/workflows/.python-version +++ b/.github/workflows/.python-version @@ -1 +1 @@ -3.10 +3.11 From 774c21061ab7f9734ce55d18e7f527616de9a3d8 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Tue, 19 Sep 2023 21:30:49 +0000 Subject: [PATCH 25/27] chore: update Black target version to 3.11 --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index b4d15f67..bb2a8a50 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -37,7 +37,7 @@ build-backend = "setuptools.build_meta" [tool.black] line-length = 127 -target-version = ['py310'] +target-version = ['py311'] include = '\.pyi?$' [tool.pyright] From 1da2d98a1ef619087e8dc8d716d342fb0a2fb161 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 22:33:46 +0000 Subject: [PATCH 26/27] chore(pre-commit): autoupdate hooks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/igorshubovych/markdownlint-cli: v0.36.0 → v0.37.0](https://github.com/igorshubovych/markdownlint-cli/compare/v0.36.0...v0.37.0) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 67157190..3388b308 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -54,6 +54,6 @@ repos: files: .py$ - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.36.0 + rev: v0.37.0 hooks: - id: markdownlint From 5204fa233e7211784a5452628beeb0bc8a27be6f Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 26 Sep 2023 20:01:23 +0000 Subject: [PATCH 27/27] fix(settings): match default timeout to benefits makes the default setting more useful --- eligibility_server/settings.py | 4 ++-- tests/test_keypair.py | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/eligibility_server/settings.py b/eligibility_server/settings.py index 7ba0a664..0e9d979f 100644 --- a/eligibility_server/settings.py +++ b/eligibility_server/settings.py @@ -9,7 +9,7 @@ DEBUG_MODE = True HOST = "0.0.0.0" # nosec LOG_LEVEL = "INFO" -REQUEST_TIMEOUT = 5 +REQUEST_TIMEOUT = (3, 20) # Database settings @@ -65,7 +65,7 @@ def log_level(self): @property def request_timeout(self): - return int(current_app.config["REQUEST_TIMEOUT"]) + return current_app.config["REQUEST_TIMEOUT"] # API settings diff --git a/tests/test_keypair.py b/tests/test_keypair.py index 755bc35b..5be62017 100644 --- a/tests/test_keypair.py +++ b/tests/test_keypair.py @@ -5,6 +5,7 @@ from eligibility_server import keypair from eligibility_server.keypair import _read_key_file +from eligibility_server.settings import REQUEST_TIMEOUT @pytest.fixture @@ -50,7 +51,7 @@ def test_read_key_file_remote(sample_key_path_remote, spy_open, spy_requests_get # check that there was no call to open assert spy_open.call_count == 0 # check that we made a get request - spy_requests_get.assert_called_once_with(sample_key_path_remote, timeout=5) + spy_requests_get.assert_called_once_with(sample_key_path_remote, timeout=REQUEST_TIMEOUT) assert key assert key == requests.get(sample_key_path_remote, timeout=5).text.encode("utf8")