Skip to content

Commit

Permalink
Merge pull request #822 from UW-GAC/deploy/stage
Browse files Browse the repository at this point in the history
Deploy to prod
  • Loading branch information
amstilp authored Nov 8, 2024
2 parents a80db6d + 3d2e189 commit 34110e1
Show file tree
Hide file tree
Showing 51 changed files with 11,512 additions and 3,279 deletions.
26 changes: 14 additions & 12 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,10 @@ jobs:
steps:

- name: Checkout Code Repository
uses: actions/checkout@v4
uses: actions/checkout@v4.2.2

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
uses: actions/setup-python@v5.3.0
with:
python-version: ${{ matrix.python-version }}
cache: pip
Expand All @@ -78,8 +78,8 @@ jobs:
- name: Recompile pip files if requested
if: matrix.pip-recompile
run: |
pip-compile requirements/requirements.in
pip-compile requirements/test-requirements.in
pip-compile -v requirements/requirements.in
pip-compile -v requirements/test-requirements.in
# Print out changes.
git diff
Expand All @@ -93,27 +93,28 @@ jobs:
- name: Run tests
run: |
pytest --cov=gregor_django -n auto
mv .coverage .coverage-${{ strategy.job-index }}
mv .coverage coverage-${{ strategy.job-index }}
- name: List files for debugging purposes
run: ls -lhta

- name: Upload coverage data
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v4.4.3
with:
name: coverage-data-${{ strategy.job-index }}
path: .coverage-${{ strategy.job-index }}
path: coverage-${{ strategy.job-index }}
if-no-files-found: error

coverage:
needs:
- test
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
uses: actions/checkout@v4.2.2

- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@v5.3.0
with:
python-version: '3.10'

Expand All @@ -123,13 +124,14 @@ jobs:
pip install --upgrade coverage "django<4" django-coverage-plugin
- name: Download coverage data
uses: actions/download-artifact@v4
uses: actions/download-artifact@v4.1.8
with:
path: ./artifacts/

- name: Merge coverage files
run: |
python -m coverage combine ./artifacts/coverage-data*/.coverage-*
ls -la ./artifacts/coverage-data*
python -m coverage combine ./artifacts/coverage-data*/coverage-*
python -m coverage xml
ls -la .coverage*
Expand All @@ -138,6 +140,6 @@ jobs:
python -m coverage report
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
uses: codecov/codecov-action@v4.6.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/combine-prs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
steps:
- name: combine-prs
id: combine-prs
uses: github/combine-prs@v5.1.0
uses: github/combine-prs@v5.2.0
with:
labels: combined-pr # Optional: add a label to the combined PR
ci_required: true # require all checks to pass before combining
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/gitleaks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ jobs:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
- uses: gitleaks/gitleaks-action@v2.3.7
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} # Only required for Organizations, not personal accounts.
6 changes: 3 additions & 3 deletions .github/workflows/pip-compile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,17 @@ jobs:

steps:
- name: Checkout Code Repository
uses: actions/checkout@v4
uses: actions/checkout@v4.2.2
with:
ref: ${{ github.head_ref }}

- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@v5.3.0
with:
python-version: "3.10"

- name: Update requirements files
uses: UW-GAC/pip-tools-actions/update-requirements-files@v0.1
uses: UW-GAC/pip-tools-actions/update-requirements-files@v0.2
with:
requirements_files: |-
requirements/requirements.in
Expand Down
8 changes: 4 additions & 4 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
exclude: 'docs|node_modules|migrations|.git|.tox'
default_stages: [commit]
default_stages: [pre-commit]
fail_fast: true

repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
rev: v5.0.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml

- repo: https://github.com/astral-sh/ruff-pre-commit
# Ruff version.
rev: v0.6.2
rev: v0.7.0
hooks:
# Run the linter.
- id: ruff
Expand All @@ -21,7 +21,7 @@ repos:
- id: ruff-format

- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.4
rev: v8.21.1
hooks:
- id: gitleaks

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
rc_1_uploader_group = ManagedGroupFactory(name="DEMO_RC1_UPLOADERS")
rc_1_nonmember_group = ManagedGroupFactory(name="DEMO_RC1_NONMEMBERS")
gregor_all_group = ManagedGroupFactory(name="GREGOR_ALL")
combined_auth_domain = ManagedGroupFactory(name="AUTH_GREGOR_COMBINED")

# Create an RC
rc = factories.ResearchCenterFactory.create(
Expand All @@ -27,8 +28,20 @@
non_member_group=rc_1_nonmember_group,
)

# Add GREGOR_ALL and DCC_ADMINS to the combined auth domain.
GroupGroupMembershipFactory.create(
parent_group=combined_auth_domain,
child_group=gregor_all_group,
role=GroupGroupMembership.MEMBER,
)
GroupGroupMembershipFactory.create(
parent_group=combined_auth_domain,
child_group=dcc_admin_group,
role=GroupGroupMembership.ADMIN,
)

# Create a future upload cycle.

## Future upload cycle.
upload_cycle = factories.UploadCycleFactory.create(
cycle=1,
is_future=True,
Expand All @@ -39,7 +52,7 @@
workspace__name="TEST_U01_RC1",
)

# Create a current upload cycle before compute.
## Current upload cycle before compute.
upload_cycle = factories.UploadCycleFactory.create(
cycle=2,
is_current=True,
Expand Down Expand Up @@ -111,7 +124,7 @@
)


# Create a current upload cycle after compute.
## Current upload cycle after compute.
upload_cycle = factories.UploadCycleFactory.create(
cycle=3,
is_current=True,
Expand Down Expand Up @@ -256,7 +269,7 @@
role=GroupGroupMembership.ADMIN,
)

# Create a past upload cycle after QC is completed.
## Past upload cycle after QC is completed; combined workspace is not complete.
upload_cycle = factories.UploadCycleFactory.create(
cycle=5,
is_past=True,
Expand Down Expand Up @@ -320,8 +333,18 @@
child_group=dcc_admin_group,
role=GroupGroupMembership.ADMIN,
)
# Create the combined workspace and its records.
combined_workspace = factories.CombinedConsortiumDataWorkspaceFactory.create(
upload_cycle=upload_cycle,
workspace__name="TEST_U05_COMBINED",
)
# Delete the auth domain created by the factory and add the shared auth domain.
combined_workspace.workspace.authorization_domains.clear()
combined_workspace.workspace.authorization_domains.add(combined_auth_domain)
# No sharing records yet.


# Create a past upload cycle with a combined workspace.
## Past upload cycle with a combined workspace.
upload_cycle = factories.UploadCycleFactory.create(
cycle=6,
is_past=True,
Expand All @@ -332,11 +355,6 @@
workspace__name="TEST_U06_RC1",
date_qc_completed=timezone.now(),
)
factories.CombinedConsortiumDataWorkspaceFactory.create(
upload_cycle=upload_cycle,
date_completed=timezone.now(),
workspace__name="TEST_U06_COMBINED",
)
# Create records as appropriate for the previous point in the cycle - past cycle before QC complete.
# Auth domain.
WorkspaceGroupSharingFactory.create(
Expand Down Expand Up @@ -383,3 +401,31 @@
child_group=dcc_admin_group,
role=GroupGroupMembership.ADMIN,
)
# Create the combined workspace and its records.
combined_workspace = factories.CombinedConsortiumDataWorkspaceFactory.create(
upload_cycle=upload_cycle,
date_completed=timezone.now(),
workspace__name="TEST_U06_COMBINED",
)
# Delete the auth domain created by the factory and add the shared auth domain.
combined_workspace.workspace.authorization_domains.clear()
combined_workspace.workspace.authorization_domains.add(combined_auth_domain)
# Add sharing records from previous step - DCC admins, writers, and members.
WorkspaceGroupSharingFactory.create(
workspace=combined_workspace.workspace,
group=dcc_admin_group,
access=WorkspaceGroupSharing.OWNER,
can_compute=True,
)
WorkspaceGroupSharingFactory.create(
workspace=combined_workspace.workspace,
group=dcc_writer_group,
access=WorkspaceGroupSharing.WRITER,
can_compute=True,
)
WorkspaceGroupSharingFactory.create(
workspace=combined_workspace.workspace,
group=dcc_member_group,
access=WorkspaceGroupSharing.READER,
can_compute=False,
)
1 change: 1 addition & 0 deletions config/settings/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@
"maintenance_mode.middleware.MaintenanceModeMiddleware",
"simple_history.middleware.HistoryRequestMiddleware",
"django_htmx.middleware.HtmxMiddleware",
"allauth.account.middleware.AccountMiddleware",
]

# STATIC
Expand Down
6 changes: 6 additions & 0 deletions gregor_apps.cron
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,9 @@ MAILTO="[email protected]"

# Nightly user data audit
0 3 * * * . /var/www/django/gregor_apps/gregor-apps-activate.sh; python manage.py sync-drupal-data --update --email [email protected] >> cron.log

# Nightly upload workspace audit
0 3 * * * . /var/www/django/gregor_apps/gregor-apps-activate.sh; python manage.py run_upload_workspace_audit --email [email protected] >> cron.log

# Nightly combined workspace audit
0 3 * * * . /var/www/django/gregor_apps/gregor-apps-activate.sh; python manage.py run_combined_workspace_audit --email [email protected] >> cron.log
10 changes: 10 additions & 0 deletions gregor_django/drupal_oauth_provider/provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,14 @@

from allauth.account.models import EmailAddress
from allauth.socialaccount import app_settings, providers
from allauth.socialaccount.adapter import get_adapter
from allauth.socialaccount.providers.base import ProviderAccount
from allauth.socialaccount.providers.oauth2.provider import OAuth2Provider
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured

from .views import CustomAdapter

logger = logging.getLogger(__name__)

DRUPAL_PROVIDER_ID = "drupal_oauth_provider"
Expand All @@ -27,6 +30,13 @@ class CustomProvider(OAuth2Provider):
id = DRUPAL_PROVIDER_ID
name = OVERRIDE_NAME
account_class = CustomAccount
oauth2_adapter_class = CustomAdapter
supports_token_authentication = True

def __init__(self, request, app=None):
if app is None:
app = get_adapter().get_app(request, self.id)
super().__init__(request, app=app)

def extract_uid(self, data):
return str(data["sub"])
Expand Down
Loading

0 comments on commit 34110e1

Please sign in to comment.