From e29824f25dc3fb5cf87f8e015695a34d442cc087 Mon Sep 17 00:00:00 2001 From: LGTM Migrator Date: Wed, 7 Dec 2022 11:19:32 +0000 Subject: [PATCH 1/3] Add CodeQL workflow for GitHub code scanning --- .github/codeql.yml | 3 +++ .github/workflows/codeql.yml | 42 ++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 .github/codeql.yml create mode 100644 .github/workflows/codeql.yml diff --git a/.github/codeql.yml b/.github/codeql.yml new file mode 100644 index 0000000..f5ada4d --- /dev/null +++ b/.github/codeql.yml @@ -0,0 +1,3 @@ +query-filters: + - exclude: + id: py/similar-function diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..1192409 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,42 @@ +name: "CodeQL" + +on: + push: + branches: [ "main", "develop" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: "27 3 * * 0" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ python ] + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + config-file: ./.github/codeql.yml + queries: +security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{ matrix.language }}" From e258660058ab91acd940571403c1989270b48b9f Mon Sep 17 00:00:00 2001 From: Eric Darchis Date: Mon, 18 Sep 2023 11:48:57 +0200 Subject: [PATCH 2/3] OP-1555 is_imis_admin not available in main (core) (#88) --- location/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/location/models.py b/location/models.py index 662565f..e846ae4 100644 --- a/location/models.py +++ b/location/models.py @@ -301,7 +301,7 @@ def get_user_districts(cls, user): .filter(*filter_validity()) .filter(location__type='D') ) - elif user.is_imis_admin: + elif hasattr(user, "is_imis_admin") and user.is_imis_admin: # TODO: Use 'distinct()' when it is supported by MSSQL or if PostgreSQL becomes the sole database. distinct_districts_codes = UserDistrict.objects.all().values_list('location__code') usd_list = list(set(item[0] for item in distinct_districts_codes)) From ab81b4f438aebc598bb392857a47a7634e8c1f20 Mon Sep 17 00:00:00 2001 From: Damian Borowiecki Date: Tue, 19 Sep 2023 11:16:19 +0200 Subject: [PATCH 3/3] Sonar Added --- .github/workflows/ci.yml | 30 +++++++ .github/workflows/openmis-module-test.yml | 100 ---------------------- 2 files changed, 30 insertions(+), 100 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/openmis-module-test.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..2ecf63b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,30 @@ +name: Module CI +on: + pull_request: + types: [opened, synchronize, reopened] + push: + branches: + - main + - 'release/**' + - develop + - 'feature/**' + workflow_dispatch: + inputs: + comment: + description: Just a simple comment to know the purpose of the manual build + required: false + +jobs: + call: + name: Default CI Flow + uses: openimis/openimis-be_py/.github/workflows/ci_module.yml@develop + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + with: + SONAR_PROJECT_KEY: openimis_openimis-be-location_py + SONAR_ORGANIZATION: openimis-1 + SONAR_PROJECT_NAME: openimis-be-location_py + SONAR_PROJECT_VERSION: 1.0 + SONAR_SOURCES: location + SONAR_EXCLUSIONS: "**/migrations/**,**/static/**,**/media/**,**/tests/**" + diff --git a/.github/workflows/openmis-module-test.yml b/.github/workflows/openmis-module-test.yml deleted file mode 100644 index 599329e..0000000 --- a/.github/workflows/openmis-module-test.yml +++ /dev/null @@ -1,100 +0,0 @@ -name: Automated CI testing -# This workflow run automatically for every commit on github it checks the syntax and launch the tests. -# | grep . | uniq -c filters out empty lines and then groups consecutive lines together with the number of occurrences -on: - pull_request: - workflow_dispatch: - inputs: - comment: - description: Just a simple comment to know the purpose of the manual build - required: false - -jobs: - run_test: - runs-on: ubuntu-20.04 - services: - mssql: - image: mcr.microsoft.com/mssql/server:2017-latest - env: - ACCEPT_EULA: Y - SA_PASSWORD: GitHub999 - ports: - - 1433:1433 - # needed because the mssql container does not provide a health check - options: --health-interval=10s --health-timeout=3s --health-start-period=10s --health-retries=10 --health-cmd="/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P ${SA_PASSWORD} -Q 'SELECT 1' || exit 1" - - steps: - - name: Set up Python 3.8 - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - name: install linux packages - run: | - git clone --depth 1 --branch develop https://github.com/openimis/database_ms_sqlserver.git ./sql - cd sql/ && bash concatenate_files.sh && cd .. - curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - - curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list - sudo apt-get update - sudo ACCEPT_EULA=Y apt-get install -y mssql-tools build-essential dialog apt-utils unixodbc-dev -y - python -m pip install --upgrade pip - - name: pull openimis backend - run: | - rm ./openimis -rf - git clone --depth 1 --branch develop https://github.com/openimis/openimis-be_py.git ./openimis - - name: copy current branch - uses: actions/checkout@v2 - with: - path: './current-module' - - name: Update the configuration - working-directory: ./openimis - run: | - export MODULE_NAME="$(echo $GITHUB_REPOSITORY | sed 's#^openimis/openimis-be-\(.*\)_py$#\1#')" - echo "the local module called $MODULE_NAME will be injected in openIMIS .json" - jq --arg name "$MODULE_NAME" 'if [.modules[].name == ($name)]| max then (.modules[] | select(.name == ($name)) | .pip)|="../current-module" else .modules |= .+ [{name:($name), pip:"../current-module"}] end' openimis.json - echo $(jq --arg name "$MODULE_NAME" 'if [.modules[].name == ($name)]| max then (.modules[] | select(.name == ($name)) | .pip)|="../current-module" else .modules |= .+ [{name:($name), pip:"../current-module"}] end' openimis.json) > openimis.json - - name: Install openIMIS Python dependencies - working-directory: ./openimis - run: | - pip install -r requirements.txt - python modules-requirements.py openimis.json > modules-requirements.txt - cat modules-requirements.txt - pip install -r modules-requirements.txt - - name: Environment info - working-directory: ./openimis - run: | - pip list - - name: Initialize DB - run: | - /opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U SA -P $SA_PASSWORD -Q 'DROP DATABASE IF EXISTS imis' - /opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U SA -P $SA_PASSWORD -Q 'CREATE DATABASE imis' - /opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U SA -P $SA_PASSWORD -d imis -i sql/output/fullDemoDatabase.sql | grep . | uniq -c - env: - SA_PASSWORD: GitHub999 - ACCEPT_EULA: Y - -# - name: Check formatting with black -# run: | -# black --check . - - - name: Django tests - working-directory: ./openimis/openIMIS - run: | - export MODULE_NAME="$(echo $GITHUB_REPOSITORY | sed 's#^openimis/openimis-be-\(.*\)_py$#\1#')" - python -V - ls -l - python manage.py migrate - python init_test_db.py | grep . | uniq -c - python manage.py test --keepdb $MODULE_NAME - env: - SECRET_KEY: secret - DEBUG: true - #DJANGO_SETTINGS_MODULE: hat.settings - DB_HOST: localhost - DB_PORT: 1433 - DB_NAME: imis - DB_USER: sa - DB_PASSWORD: GitHub999 - #DEV_SERVER: true - SITE_ROOT: api - REMOTE_USER_AUTHENTICATION: True -