Skip to content

⬆️(project) upgrade python-multipart to v0.0.18 [SECURITY] #792

⬆️(project) upgrade python-multipart to v0.0.18 [SECURITY]

⬆️(project) upgrade python-multipart to v0.0.18 [SECURITY] #792

Workflow file for this run

# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: API
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
permissions:
contents: read
jobs:
build-api:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Pipenv
run: pipx install pipenv
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pipenv"
cache-dependency-path: "src/api/Pipfile.lock"
- name: Install dependencies
run: |
cd src/api
pipenv install -d
lint-api:
needs: build-api
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./src/api
steps:
- uses: actions/checkout@v4
- name: Install pipenv
run: pipx install pipenv
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pipenv"
cache-dependency-path: "src/api/Pipfile.lock"
- name: Lint with Black
run: pipenv run black --check qualicharge tests
- name: Lint with Ruff
run: pipenv run ruff check qualicharge tests
- name: Lint with MyPy
run: pipenv run mypy qualicharge tests
lint-bench:
needs: build-api
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./src/api
steps:
- uses: actions/checkout@v4
- name: Install pipenv
run: pipx install pipenv
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pipenv"
cache-dependency-path: "src/api/Pipfile.lock"
- name: Lint with Black
run: pipenv run black --check ../bench
- name: Lint with Ruff
run: pipenv run ruff check ../bench
- name: Lint with MyPy
run: pipenv run mypy ../bench
bench-api:
needs: build-api
runs-on: ubuntu-latest
services:
postgresql:
image: timescale/timescaledb-ha:pg14-ts2.14-oss
env:
POSTGRES_DB: qualicharge-api
POSTGRES_USER: qualicharge
POSTGRES_PASSWORD: pass
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
permissions:
pull-requests: write
contents: write
defaults:
run:
working-directory: ./src/api
env:
PORT: 8000
QUALICHARGE_DB_ENGINE: postgresql+psycopg
QUALICHARGE_DB_HOST: localhost
QUALICHARGE_DB_NAME: qualicharge-api
QUALICHARGE_TEST_DB_NAME: test-qualicharge-api
QUALICHARGE_OIDC_IS_ENABLED: False
QUALICHARGE_ALLOWED_HOSTS: '["http://localhost:8000"]'
QUALICHARGE_API_STATIQUE_BULK_CREATE_MAX_SIZE: 1000
QUALICHARGE_DEBUG: 0
QUALICHARGE_PROFILING: 0
QUALICHARGE_UVICORN_WORKERS: 1
QUALICHARGE_DB_CONNECTION_MAX_OVERFLOW: 200
QUALICHARGE_DB_CONNECTION_POOL_SIZE: 50
QUALICHARGE_STATIQUE_DATA_PATH: /home/runner/work/qualicharge/qualicharge/data/irve-statique.json.gz
QUALICHARGE_API_ADMIN_USER: admin
QUALICHARGE_API_ADMIN_PASSWORD: admin
# This is a fake setting required to run the app
QUALICHARGE_OIDC_PROVIDER_BASE_URL: http://localhost:8000/fake
QUALICHARGE_OAUTH2_TOKEN_ENCODING_KEY: thisissupersecret
QUALICHARGE_OAUTH2_TOKEN_ISSUER: http://test:8000
QUALICHARGE_EXECUTION_ENVIRONMENT: ci
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Create postgis extension
run: psql "postgresql://qualicharge:pass@localhost:5432/qualicharge-api" -c "create extension postgis;"
- name: Install pipenv
run: pipx install pipenv
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pipenv"
cache-dependency-path: "src/api/Pipfile.lock"
- name: Run database migrations
run: pipenv run alembic -c qualicharge/alembic.ini upgrade head
- name: Create API superuser
run: |
pipenv run python -m qualicharge create-user \
admin \
--email [email protected] \
--password admin \
--is-active \
--is-superuser \
--is-staff \
--force
- name: Seed API database
run: |
pipenv install -d --skip-lock qualicharge-client
pipenv run honcho start &
sleep 10
zcat ../../data/irve-statique.json.gz | \
head -n 500 | \
pipenv run qcc static bulk --chunk-size 100
env:
QCC_API_LOGIN_USERNAME: admin
QCC_API_LOGIN_PASSWORD: admin
QCC_API_ROOT_URL: "http://localhost:8000/api/v1"
# API server is still running here
- name: Run locust
run: |
pipenv run locust \
-f ../bench/locustfile.py \
--headless \
-u 30 \
-r 1 \
--run-time 30s \
-H "http://localhost:${PORT}/api/v1" \
--csv bench_admin \
--exit-code-on-error 0 \
APIAdminUser
- name: Add bench file metadata
run: |
pipenv run \
python ../bench/cli.py \
stamp bench_admin_stats.csv $(git rev-parse --short "${GITHUB_SHA}") \
> bench_admin_stats_stamped.csv
- name: Save bench CSV as artefact
uses: actions/upload-artifact@v4
with:
name: api-admin-benchmark
path: ./src/api/bench_admin_stats_stamped.csv
- name: Generate markdown table
# Only when in PR, not when merged
if: github.event.pull_request.merged == false
run: |
echo -e "### Current benchmark\n\n" >> bench_admin_stats.md && \
pipenv run csvlook -I bench_admin_stats_stamped.csv >> bench_admin_stats.md && \
echo -e "\n### Comparison with the latest previous benchmark\n\n" >> bench_admin_stats.md && \
echo -e "> A lower (negative) value means the current version performs better than the previous one.\n\n" >> bench_admin_stats.md && \
pipenv run \
python ../bench/cli.py diff ../../data/bench.csv bench_admin_stats_stamped.csv | \
pipenv run \
csvlook -I >> bench_admin_stats.md
cat bench_admin_stats.md
- uses: actions/github-script@v7
# Only when in PR, not when merged
if: github.event.pull_request.merged == false
with:
script: |
const fs = require('node:fs');
fs.readFile('/home/runner/work/qualicharge/qualicharge/src/api/bench_admin_stats.md', 'utf8', (err, data) => {
if (err) {
console.error(err);
return;
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: data
});
});
# Only when a PR is merged
update-bench-db:
if: github.event.pull_request.merged == true
needs:
- build-api
- bench-api
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
defaults:
run:
working-directory: ./src/api
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
- name: Install pipenv
run: pipx install pipenv
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pipenv"
cache-dependency-path: "src/api/Pipfile.lock"
- name: Get latest bench CSV artefact
uses: actions/download-artifact@v4
with:
name: api-admin-benchmark
path: ./src/api
- name: Merge Bench database
run: |
pipenv run \
csvstack \
../../data/bench.csv \
bench_admin_stats_stamped.csv \
> /tmp/bench.csv
cp -f /tmp/bench.csv ../../data/bench.csv
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7
with:
add-paths: |
data/bench.csv
commit-message: |
⚡️(api) update benchmark database
Update bench database.
branch: update-api-bench-db
title: "⚡️(api) update benchmark database"
body: |
## Purpose
Each time a PR is merged and a new benchmark has been released, the bench database is updated.
## Proposal
- [x] update `data/bench.csv`
labels: |
API
needs review
test-database-migrations:
needs: build-api
runs-on: ubuntu-latest
services:
postgresql:
image: timescale/timescaledb-ha:pg14-ts2.14-oss
env:
POSTGRES_DB: test-qualicharge-api
POSTGRES_USER: qualicharge
POSTGRES_PASSWORD: pass
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
defaults:
run:
working-directory: ./src/api
steps:
- uses: actions/checkout@v4
- name: Create postgis extension
run: psql "postgresql://qualicharge:pass@localhost:5432/test-qualicharge-api" -c "create extension postgis;"
- name: Install pipenv
run: pipx install pipenv
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pipenv"
cache-dependency-path: "src/api/Pipfile.lock"
- name: Run migrations
run: pipenv run alembic -c qualicharge/alembic.ini upgrade head
env:
QUALICHARGE_DB_ENGINE: postgresql+psycopg
QUALICHARGE_DB_HOST: localhost
QUALICHARGE_DB_NAME: test-qualicharge-api
QUALICHARGE_TEST_DB_NAME: test-qualicharge-api
# This is a fake setting required to run the app
QUALICHARGE_OIDC_PROVIDER_BASE_URL: http://localhost:8080/fake
QUALICHARGE_OAUTH2_TOKEN_ENCODING_KEY: thisissupersecret
QUALICHARGE_OAUTH2_TOKEN_ISSUER: http://test:8010
QUALICHARGE_EXECUTION_ENVIRONMENT: ci
test-api:
needs: build-api
runs-on: ubuntu-latest
services:
postgresql:
image: timescale/timescaledb-ha:pg14-ts2.14-oss
env:
POSTGRES_DB: test-qualicharge-api
POSTGRES_USER: qualicharge
POSTGRES_PASSWORD: pass
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
defaults:
run:
working-directory: ./src/api
steps:
- uses: actions/checkout@v4
- name: Create postgis extension
run: psql "postgresql://qualicharge:pass@localhost:5432/test-qualicharge-api" -c "create extension postgis;"
- name: Install pipenv
run: pipx install pipenv
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pipenv"
cache-dependency-path: "src/api/Pipfile.lock"
- name: Test with pytest
run: pipenv run pytest
env:
QUALICHARGE_DB_ENGINE: postgresql+psycopg
QUALICHARGE_DB_HOST: localhost
QUALICHARGE_DB_NAME: test-qualicharge-api
QUALICHARGE_TEST_DB_NAME: test-qualicharge-api
# Speed up tests
QUALICHARGE_API_STATIQUE_BULK_CREATE_MAX_SIZE: 10
QUALICHARGE_API_STATUS_BULK_CREATE_MAX_SIZE: 10
QUALICHARGE_API_SESSION_BULK_CREATE_MAX_SIZE: 10
# This is a fake setting required to run the app
QUALICHARGE_OIDC_PROVIDER_BASE_URL: http://localhost:8080/fake
QUALICHARGE_OAUTH2_TOKEN_ENCODING_KEY: thisissupersecret
QUALICHARGE_OAUTH2_TOKEN_ISSUER: http://test:8010
QUALICHARGE_EXECUTION_ENVIRONMENT: ci