lsst-ts · mfisherlevine · Jun 27, 2023 · Jun 27, 2023 · Jun 27, 2023 · Jun 28, 2023
diff --git a/.flake8 b/.flake8
@@ -0,0 +1,7 @@
+[flake8]
+max-line-length = 79
+# E203: whitespace before :, flake8 disagrees with PEP-8
+# W503: line break after binary operator, flake8 disagrees with PEP-8
+ignore = E203, W503
+exclude =
+    docs/conf.py
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,29 +1,27 @@
 name: CI
 
-'on':
+"on":
+  merge_group: {}
+  pull_request: {}
   push:
     branches-ignore:
       # These should always correspond to pull requests, so ignore them for
       # the push trigger and let them be triggered by the pull_request
       # trigger, avoiding running the workflow twice.  This is a minor
       # optimization so there's no need to ensure this is comprehensive.
-      - 'dependabot/**'
-      - 'renovate/**'
-      - 'tickets/**'
-      - 'u/**'
+      - "dependabot/**"
+      - "gh-readonly-queue/**"
+      - "renovate/**"
+      - "tickets/**"
+      - "u/**"
     tags:
-      - '*'
-  pull_request: {}
+      - "*"
 
 jobs:
-  test:
-    runs-on: ubuntu-latest
+  lint:
 
-    strategy:
-      matrix:
-        python:
-          - '3.9'
-          - '3.10'
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
 
     steps:
       - uses: actions/checkout@v3
@@ -42,48 +40,45 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: ${{ matrix.python }}
+          python-version: "3.11"
 
       - name: Run pre-commit
         uses: pre-commit/[email protected]
 
-      - name: Install tox
-        run: pip install tox
+  test:
+
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
 
-      - name: Cache tox environments
-        id: cache-tox
-        uses: actions/cache@v3
-        with:
-          path: .tox
-          # requirements/*.txt and pyproject.toml have versioning info
-          # that would impact the tox environment.
-          key: tox-${{ matrix.python }}-${{ hashFiles('requirements/*.txt') }}-${{ hashFiles('pyproject.toml') }}
-          restore-keys: |
-            tox-${{ matrix.python }}-${{ hashFiles('requirements/*.txt') }}-
-
-      - name: Stash Google credentials
-        run: echo "$GOOGLE_CREDS" > /tmp/google_creds.json
-        shell: bash
-        env:
-          GOOGLE_CREDS: ${{ secrets.GOOGLE_CREDS }}
+    strategy:
+      matrix:
+        python:
+          - "3.11"
+
+    steps:
+      - uses: actions/checkout@v3
 
       - name: Run tox
-        run: tox -e py,coverage-report,typing
-        env:
-          GOOGLE_APPLICATION_CREDENTIALS: '/tmp/google_creds.json'
+        uses: lsst-sqre/run-tox@v1
+        with:
+          python-version: ${{ matrix.python }}
+          tox-envs: "py,coverage-report,typing"
 
   build:
+
     runs-on: ubuntu-latest
-    needs: [test]
+    needs: [lint, test]
+    timeout-minutes: 10
 
     # Only do Docker builds of tagged releases and pull requests from ticket
     # branches.  This will still trigger on pull requests from untrusted
     # repositories whose branch names match our tickets/* branch convention,
     # but in this case the build will fail with an error since the secret
     # won't be set.
     if: >
-      startsWith(github.ref, 'refs/tags/') || startsWith(github.head_ref, 'tickets/') || startsWith(github.ref, 'refs/heads/develop')
-
+      github.event_name != 'merge_group'
+      && (startsWith(github.ref, 'refs/tags/')
+          || startsWith(github.head_ref, 'tickets/'))
 
     steps:
       - uses: actions/checkout@v3
@@ -102,7 +97,7 @@ jobs:
 
       - name: Define the Docker tag
         id: vars
-        run: echo "tag=$(scripts/docker-tag.sh)" >> $GITHUB_OUTPUT
+        run: echo ::set-output name=tag::$(scripts/docker-tag.sh)
 
       - name: Print the tag
         id: print
@@ -111,12 +106,6 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v2
         with:
@@ -125,12 +114,11 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v3
         with:
           context: .
           push: true
           tags: |
-            lsstsqre/rubintv:${{ steps.vars.outputs.tag }}
-            ghcr.io/lsst-sqre/rubintv:${{ steps.vars.outputs.tag }}
+            ghcr.io/lsst-dm/rubintv:${{ steps.vars.outputs.tag }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+rubintv2
diff --git a/Dockerfile b/Dockerfile
@@ -14,7 +14,7 @@
 #   - Runs a non-root user.
 #   - Sets up the entrypoint and port.
 
-FROM python:3.10.7-slim-buster AS base-image
+FROM python:3.11.1-slim-bullseye as base-image
 
 # Update system packages
 COPY scripts/install-base-packages.sh .
@@ -38,30 +38,31 @@ RUN pip install --upgrade --no-cache-dir pip setuptools wheel
 COPY requirements/main.txt ./requirements.txt
 RUN pip install --quiet --no-cache-dir -r requirements.txt
 
-FROM base-image AS install-image
+FROM dependencies-image AS install-image
 
 # Use the virtualenv
-COPY --from=dependencies-image /opt/venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
 
-COPY . /app
-WORKDIR /app
+COPY . /workdir
+WORKDIR /workdir
 RUN pip install --no-cache-dir .
 
 FROM base-image AS runtime-image
 
 # Create a non-root user
 RUN useradd --create-home appuser
-WORKDIR /home/appuser
+
+# Copy the virtualenv
+COPY --from=install-image /opt/venv /opt/venv
 
 # Make sure we use the virtualenv
 ENV PATH="/opt/venv/bin:$PATH"
 
-COPY --from=install-image /opt/venv /opt/venv
-
-# Switch to non-root user
+# Switch to the non-root user.
 USER appuser
 
+# Expose the port.
 EXPOSE 8080
 
-ENTRYPOINT ["rubintv", "run", "--port", "8080"]
+# Run the application.
+CMD ["uvicorn", "rubintv.main:app", "--host", "0.0.0.0", "--port", "8080"]
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Association of Universities for Research in Astronomy, Inc. (AURA)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -1 +1,2 @@
+include src/rubintv/models/models_data.yaml
 graft src/rubintv/static/assets
diff --git a/Makefile b/Makefile
@@ -1,20 +1,27 @@
 .PHONY: update-deps
 update-deps:
 	pip install --upgrade pip-tools pip setuptools
-	pip-compile --upgrade --build-isolation --generate-hashes --output-file requirements/main.txt requirements/main.in
-	pip-compile --upgrade --build-isolation --generate-hashes --output-file requirements/dev.txt requirements/dev.in
+	pip-compile --upgrade --resolver=backtracking --build-isolation --generate-hashes --output-file requirements/main.txt requirements/main.in
+	pip-compile --upgrade --resolver=backtracking --build-isolation --generate-hashes --output-file requirements/dev.txt requirements/dev.in
+
+# Useful for testing against a Git version of Safir.
+.PHONY: update-deps-no-hashes
+update-deps-no-hashes:
+	pip install --upgrade pip-tools pip setuptools
+	pip-compile --upgrade --resolver=backtracking --build-isolation --allow-unsafe --output-file requirements/main.txt requirements/main.in
+	pip-compile --upgrade --resolver=backtracking --build-isolation --allow-unsafe --output-file requirements/dev.txt requirements/dev.in
 
 .PHONY: init
 init:
 	pip install --editable .
 	pip install --upgrade -r requirements/main.txt -r requirements/dev.txt
 	rm -rf .tox
-	pip install --upgrade tox
+	pip install --upgrade pre-commit tox
 	pre-commit install
 
 .PHONY: update
 update: update-deps init
 
 .PHONY: run
 run:
-	adev runserver --app-factory create_app src/rubintv/app.py
+	tox run -e run
diff --git a/README.md b/README.md
@@ -0,0 +1,6 @@
+# rubintv
+
+Web app to display Butler-served data sets
+Learn more at https://rubintv.lsst.io
+
+rubintv is developed with [FastAPI](https://fastapi.tiangolo.com) and [Safir](https://safir.lsst.io).
diff --git a/README.rst b/README.rst
diff --git a/manifests/base/configmap.yaml b/manifests/base/configmap.yaml
diff --git a/manifests/base/deployment.yaml b/manifests/base/deployment.yaml
diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml
diff --git a/manifests/base/service.yaml b/manifests/base/service.yaml