From 17d71db3def826a01e9a7ce1a76ddc6ed55b98be Mon Sep 17 00:00:00 2001 From: Stuart Campbell Date: Thu, 4 Jan 2024 17:09:58 -0500 Subject: [PATCH 01/15] Moved http-client tests into a different folder --- .../check_all_beamlines.http | 0 .../facility_api_test.http | 0 .../http-client.env.json | 0 src/nsls2api/_version.py | 16 ---------------- 4 files changed, 16 deletions(-) rename {tests => integration-tests}/check_all_beamlines.http (100%) rename {tests => integration-tests}/facility_api_test.http (100%) rename {tests => integration-tests}/http-client.env.json (100%) delete mode 100644 src/nsls2api/_version.py diff --git a/tests/check_all_beamlines.http b/integration-tests/check_all_beamlines.http similarity index 100% rename from tests/check_all_beamlines.http rename to integration-tests/check_all_beamlines.http diff --git a/tests/facility_api_test.http b/integration-tests/facility_api_test.http similarity index 100% rename from tests/facility_api_test.http rename to integration-tests/facility_api_test.http diff --git a/tests/http-client.env.json b/integration-tests/http-client.env.json similarity index 100% rename from tests/http-client.env.json rename to integration-tests/http-client.env.json diff --git a/src/nsls2api/_version.py b/src/nsls2api/_version.py deleted file mode 100644 index 98a073f8..00000000 --- a/src/nsls2api/_version.py +++ /dev/null @@ -1,16 +0,0 @@ -# file generated by setuptools_scm -# don't change, don't track in version control -TYPE_CHECKING = False -if TYPE_CHECKING: - from typing import Tuple, Union - VERSION_TUPLE = Tuple[Union[int, str], ...] -else: - VERSION_TUPLE = object - -version: str -__version__: str -__version_tuple__: VERSION_TUPLE -version_tuple: VERSION_TUPLE - -__version__ = version = '0.1.dev243+g17f7c72.d20231220' -__version_tuple__ = version_tuple = (0, 1, 'dev243', 'g17f7c72.d20231220') From c2202836e3178e29395b901143ee65891faee07e Mon Sep 17 00:00:00 2001 From: Stuart Campbell Date: Thu, 4 Jan 2024 17:15:25 -0500 Subject: [PATCH 02/15] Move healthy endpoint to same place as other top level endpoints and hide --- src/nsls2api/main.py | 7 ------- src/nsls2api/views/home.py | 9 +++++++++ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/nsls2api/main.py b/src/nsls2api/main.py index ea1653e9..ab3210b5 100644 --- a/src/nsls2api/main.py +++ b/src/nsls2api/main.py @@ -66,13 +66,6 @@ def configure_routing(): ) -@api.get("/healthy") -async def healthy(): - return fastapi.responses.PlainTextResponse( - "OK", status_code=fastapi.status.HTTP_200_OK - ) - - @api.on_event("startup") async def configure_db(): await mongodb_setup.init_connection(settings.mongodb_dsn.unicode_string()) diff --git a/src/nsls2api/views/home.py b/src/nsls2api/views/home.py index 0a224535..4c1fd7af 100644 --- a/src/nsls2api/views/home.py +++ b/src/nsls2api/views/home.py @@ -20,6 +20,15 @@ def index(request: Request): return templates.TemplateResponse("home/index.html", data) +# This is a test endpoint to make sure the server is running +# It is used by haproxy to determine if the server is healthy +@router.get("/healthy", include_in_schema=False) +async def healthy(): + return fastapi.responses.PlainTextResponse( + "OK", status_code=fastapi.status.HTTP_200_OK + ) + + @router.get("/default", include_in_schema=False) def index(request: Request): data = {"request": request} From e892a58314744acfc7da26437732404cf22bd0d8 Mon Sep 17 00:00:00 2001 From: Stuart Campbell Date: Thu, 4 Jan 2024 17:18:54 -0500 Subject: [PATCH 03/15] Added Hatch managed version file to gitignore --- .gitignore | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index d8cb3df4..bfcfa17f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,9 @@ # Project exclude paths /venv/ +# Hatch managed version file +src/nsls2api/_version.py + # HTTP Client environments http-client.private.env.json @@ -141,4 +144,4 @@ settings.json .idea/ .idea/dataSources.xml -/workspace.code-workspace \ No newline at end of file +/workspace.code-workspace From fe5f2f7079b5118bf4cda7bd74ff740b403aea1b Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Mon, 18 Dec 2023 17:13:13 -0500 Subject: [PATCH 04/15] Add container-canary. --- .github/workflows/docker-publish.yml | 8 +++++++ Dockerfile | 2 +- canary-validator.yml | 33 ++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 canary-validator.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index d8e4a007..5dfa2c93 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -82,6 +82,14 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max + - name: Install Container Canary + run: | + curl -L https://github.com/NVIDIA/container-canary/releases/download/v0.2.1/canary_linux_amd64 > /usr/local/bin/canary + chmod +x /usr/local/bin/canary + + - name: Validate container + run: canary validate --file canary-validator.yml ${{ steps.meta.outputs.tags }} + # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish diff --git a/Dockerfile b/Dockerfile index 2f2c5ccc..d25d73a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ COPY requirements.txt . RUN pip install --no-cache-dir --upgrade pip wheel RUN pip install --no-cache-dir --upgrade -r /code/requirements.txt -COPY . . +COPY . . RUN pip install '.' CMD ["uvicorn", "nsls2api.main:api", "--proxy-headers", "--host", "0.0.0.0", "--port", "8080", "--workers", "4", "--ssl-keyfile=/etc/nsls2/tls/server.key", "--ssl-certfile=/etc/nsls2/tls/server.cer"] diff --git a/canary-validator.yml b/canary-validator.yml new file mode 100644 index 00000000..c0948300 --- /dev/null +++ b/canary-validator.yml @@ -0,0 +1,33 @@ +# This is used to verify that a container image has the basic expected behavior. +# See https://github.com/NVIDIA/container-canary +# +# Run locally like: +# +# canary validate --file canary-validator.yml ghcr.io/bluesky/tiled:latest + +apiVersion: container-canary.nvidia.com/v2 +kind: Validator +name: nsls2api +description: Validate that container image is operational. +# env: +# - name: ... +# value: +ports: + - port: 31415 + protocol: TCP +volumes: [] +checks: + - name: tcp + description: Is listening via TCP on port 31415 + probe: + tcpSocket: + port: 31415 + - name: http + description: Responds HTTP GET on port 31415 at route / + probe: + httpGet: + path: / + port: 31415 + initialDelaySeconds: 5 + timeoutSeconds: 10 + failureThreshold: 3 From c6e6e163e1e44c52bdc69751b42d4febd36cae81 Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Tue, 19 Dec 2023 14:24:16 -0500 Subject: [PATCH 05/15] Fix target of validator --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 5dfa2c93..214d0a73 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -88,7 +88,7 @@ jobs: chmod +x /usr/local/bin/canary - name: Validate container - run: canary validate --file canary-validator.yml ${{ steps.meta.outputs.tags }} + run: canary validate --file canary-validator.yml ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker From 5c08c4b675d650bca8e599e37904a930e9891461 Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Tue, 19 Dec 2023 14:47:31 -0500 Subject: [PATCH 06/15] Use local name --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 214d0a73..966b4623 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -88,7 +88,7 @@ jobs: chmod +x /usr/local/bin/canary - name: Validate container - run: canary validate --file canary-validator.yml ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + run: canary validate --file canary-validator.yml ${{ env.IMAGE_NAME }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker From 2578151e907e45e3984baab71cb0a90f7b9efa45 Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Tue, 19 Dec 2023 16:24:53 -0500 Subject: [PATCH 07/15] Tag a local name --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 966b4623..02f9754b 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -77,7 +77,7 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} + tags: ${{ steps.meta.outputs.tags }},{{ env.IMAGE_NAME }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max From be0adf99363e9ad15c15a8114a8947036f614e4e Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Tue, 19 Dec 2023 16:30:41 -0500 Subject: [PATCH 08/15] Pass env var correctly --- .github/workflows/docker-publish.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 02f9754b..288f1846 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -88,7 +88,9 @@ jobs: chmod +x /usr/local/bin/canary - name: Validate container - run: canary validate --file canary-validator.yml ${{ env.IMAGE_NAME }} + run: canary validate --file canary-validator.yml $IMAGE_NAME + env: + IMAGE_NAME: ${{ env.IMAGE_NAME }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker From 760a0818ec12c35304d29b0ef56a1e7297166179 Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Tue, 19 Dec 2023 16:58:27 -0500 Subject: [PATCH 09/15] Fix tag specification --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 288f1846..4b68ddf4 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -77,7 +77,7 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }},{{ env.IMAGE_NAME }} + tags: ${{ steps.meta.outputs.tags }},${{ env.IMAGE_NAME }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max From b039f2ec5b0862157d8b44e5c66ea74641704aab Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Fri, 5 Jan 2024 10:46:36 -0500 Subject: [PATCH 10/15] Try adding a tag suffix. --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 4b68ddf4..1997cc3e 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -77,7 +77,7 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }},${{ env.IMAGE_NAME }} + tags: ${{ steps.meta.outputs.tags }},${{ env.IMAGE_NAME }}:latest labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max @@ -88,7 +88,7 @@ jobs: chmod +x /usr/local/bin/canary - name: Validate container - run: canary validate --file canary-validator.yml $IMAGE_NAME + run: canary validate --file canary-validator.yml $IMAGE_NAME:latest env: IMAGE_NAME: ${{ env.IMAGE_NAME }} From 0106bc768c0e71e25593ad78f33a5e0a6a5d89cc Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Fri, 5 Jan 2024 10:55:35 -0500 Subject: [PATCH 11/15] debug --- .github/workflows/docker-publish.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 1997cc3e..71b18ddc 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -82,6 +82,9 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max + - name: Look up images + run: docker image ls + - name: Install Container Canary run: | curl -L https://github.com/NVIDIA/container-canary/releases/download/v0.2.1/canary_linux_amd64 > /usr/local/bin/canary From 663ef73b5318692188cca6ea771668ac4839e890 Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Fri, 5 Jan 2024 11:10:09 -0500 Subject: [PATCH 12/15] Try hard-coding name only --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 71b18ddc..70c17f28 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -91,7 +91,7 @@ jobs: chmod +x /usr/local/bin/canary - name: Validate container - run: canary validate --file canary-validator.yml $IMAGE_NAME:latest + run: canary validate --file canary-validator.yml nsls2api env: IMAGE_NAME: ${{ env.IMAGE_NAME }} From daacdb2ad90c9f4a619ef0c139d9496579efd888 Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Fri, 5 Jan 2024 11:15:37 -0500 Subject: [PATCH 13/15] Build container locally for validation --- .github/workflows/docker-publish.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 70c17f28..e61aa6d2 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -77,19 +77,19 @@ jobs: with: context: . push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }},${{ env.IMAGE_NAME }}:latest + tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - - name: Look up images - run: docker image ls - - name: Install Container Canary run: | curl -L https://github.com/NVIDIA/container-canary/releases/download/v0.2.1/canary_linux_amd64 > /usr/local/bin/canary chmod +x /usr/local/bin/canary + - name: Build Container for validation + run: docker build -t nsls2api . + - name: Validate container run: canary validate --file canary-validator.yml nsls2api env: From 7bae3ffca6b1b94972f72b28cd39044dfe45c54a Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Fri, 5 Jan 2024 11:16:13 -0500 Subject: [PATCH 14/15] Fix YAML syntax --- .github/workflows/docker-publish.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index e61aa6d2..96b085e4 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -87,8 +87,8 @@ jobs: curl -L https://github.com/NVIDIA/container-canary/releases/download/v0.2.1/canary_linux_amd64 > /usr/local/bin/canary chmod +x /usr/local/bin/canary - - name: Build Container for validation - run: docker build -t nsls2api . + - name: Build Container for validation + run: docker build -t nsls2api . - name: Validate container run: canary validate --file canary-validator.yml nsls2api From d2c2fb5c6c3b760dd10e2a28af2343e487bf6b9d Mon Sep 17 00:00:00 2001 From: Dan Allan Date: Fri, 5 Jan 2024 11:21:45 -0500 Subject: [PATCH 15/15] Container runs on 8080 not 31415 --- canary-validator.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/canary-validator.yml b/canary-validator.yml index c0948300..de1b007d 100644 --- a/canary-validator.yml +++ b/canary-validator.yml @@ -13,21 +13,21 @@ description: Validate that container image is operational. # - name: ... # value: ports: - - port: 31415 + - port: 8080 protocol: TCP volumes: [] checks: - name: tcp - description: Is listening via TCP on port 31415 + description: Is listening via TCP on port 8080 probe: tcpSocket: port: 31415 - name: http - description: Responds HTTP GET on port 31415 at route / + description: Responds HTTP GET on port 8080 at route /docs probe: httpGet: - path: / - port: 31415 + path: /docs + port: 8080 initialDelaySeconds: 5 timeoutSeconds: 10 failureThreshold: 3