⬆️(project) upgrade python-multipart to v0.0.18 [SECURITY] #802
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will install Python dependencies, run tests and lint with a single version of Python | |
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python | |
name: API | |
on: | |
push: | |
branches: ["main"] | |
pull_request: | |
branches: ["main"] | |
permissions: | |
contents: read | |
jobs: | |
build-api: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Pipenv | |
run: pipx install pipenv | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: "pipenv" | |
cache-dependency-path: "src/api/Pipfile.lock" | |
- name: Install dependencies | |
run: | | |
cd src/api | |
pipenv install -d | |
lint-api: | |
needs: build-api | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./src/api | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install pipenv | |
run: pipx install pipenv | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: "pipenv" | |
cache-dependency-path: "src/api/Pipfile.lock" | |
- name: Lint with Black | |
run: pipenv run black --check qualicharge tests | |
- name: Lint with Ruff | |
run: pipenv run ruff check qualicharge tests | |
- name: Lint with MyPy | |
run: pipenv run mypy qualicharge tests | |
lint-bench: | |
needs: build-api | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./src/api | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install pipenv | |
run: pipx install pipenv | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: "pipenv" | |
cache-dependency-path: "src/api/Pipfile.lock" | |
- name: Lint with Black | |
run: pipenv run black --check ../bench | |
- name: Lint with Ruff | |
run: pipenv run ruff check ../bench | |
- name: Lint with MyPy | |
run: pipenv run mypy ../bench | |
bench-api: | |
needs: build-api | |
runs-on: ubuntu-latest | |
services: | |
postgresql: | |
image: timescale/timescaledb-ha:pg14-ts2.14-oss | |
env: | |
POSTGRES_DB: qualicharge-api | |
POSTGRES_USER: qualicharge | |
POSTGRES_PASSWORD: pass | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432:5432 | |
permissions: | |
pull-requests: write | |
contents: write | |
defaults: | |
run: | |
working-directory: ./src/api | |
env: | |
PORT: 8000 | |
QUALICHARGE_DB_ENGINE: postgresql+psycopg | |
QUALICHARGE_DB_HOST: localhost | |
QUALICHARGE_DB_NAME: qualicharge-api | |
QUALICHARGE_TEST_DB_NAME: test-qualicharge-api | |
QUALICHARGE_OIDC_IS_ENABLED: False | |
QUALICHARGE_ALLOWED_HOSTS: '["http://localhost:8000"]' | |
QUALICHARGE_API_STATIQUE_BULK_CREATE_MAX_SIZE: 1000 | |
QUALICHARGE_DEBUG: 0 | |
QUALICHARGE_PROFILING: 0 | |
QUALICHARGE_UVICORN_WORKERS: 1 | |
QUALICHARGE_DB_CONNECTION_MAX_OVERFLOW: 200 | |
QUALICHARGE_DB_CONNECTION_POOL_SIZE: 50 | |
QUALICHARGE_STATIQUE_DATA_PATH: /home/runner/work/qualicharge/qualicharge/data/irve-statique.json.gz | |
QUALICHARGE_API_ADMIN_USER: admin | |
QUALICHARGE_API_ADMIN_PASSWORD: admin | |
# This is a fake setting required to run the app | |
QUALICHARGE_OIDC_PROVIDER_BASE_URL: http://localhost:8000/fake | |
QUALICHARGE_OAUTH2_TOKEN_ENCODING_KEY: thisissupersecret | |
QUALICHARGE_OAUTH2_TOKEN_ISSUER: http://test:8000 | |
QUALICHARGE_EXECUTION_ENVIRONMENT: ci | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.head_ref }} | |
- name: Create postgis extension | |
run: psql "postgresql://qualicharge:pass@localhost:5432/qualicharge-api" -c "create extension postgis;" | |
- name: Install pipenv | |
run: pipx install pipenv | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: "pipenv" | |
cache-dependency-path: "src/api/Pipfile.lock" | |
- name: Run database migrations | |
run: pipenv run alembic -c qualicharge/alembic.ini upgrade head | |
- name: Create API superuser | |
run: | | |
pipenv run python -m qualicharge create-user \ | |
admin \ | |
--email [email protected] \ | |
--password admin \ | |
--is-active \ | |
--is-superuser \ | |
--is-staff \ | |
--force | |
- name: Seed API database | |
run: | | |
pipenv install -d --skip-lock qualicharge-client | |
pipenv run honcho start & | |
sleep 10 | |
zcat ../../data/irve-statique.json.gz | \ | |
head -n 500 | \ | |
pipenv run qcc static bulk --chunk-size 100 | |
env: | |
QCC_API_LOGIN_USERNAME: admin | |
QCC_API_LOGIN_PASSWORD: admin | |
QCC_API_ROOT_URL: "http://localhost:8000/api/v1" | |
# API server is still running here | |
- name: Run locust | |
run: | | |
pipenv run locust \ | |
-f ../bench/locustfile.py \ | |
--headless \ | |
-u 30 \ | |
-r 1 \ | |
--run-time 30s \ | |
-H "http://localhost:${PORT}/api/v1" \ | |
--csv bench_admin \ | |
--exit-code-on-error 0 \ | |
APIAdminUser | |
- name: Add bench file metadata | |
run: | | |
pipenv run \ | |
python ../bench/cli.py \ | |
stamp bench_admin_stats.csv $(git rev-parse --short "${GITHUB_SHA}") \ | |
> bench_admin_stats_stamped.csv | |
- name: Save bench CSV as artefact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: api-admin-benchmark | |
path: ./src/api/bench_admin_stats_stamped.csv | |
- name: Generate markdown table | |
# Only when in PR, not when merged | |
if: github.event.pull_request.merged == false | |
run: | | |
echo -e "### Current benchmark\n\n" >> bench_admin_stats.md && \ | |
pipenv run csvlook -I bench_admin_stats_stamped.csv >> bench_admin_stats.md && \ | |
echo -e "\n### Comparison with the latest previous benchmark\n\n" >> bench_admin_stats.md && \ | |
echo -e "> A lower (negative) value means the current version performs better than the previous one.\n\n" >> bench_admin_stats.md && \ | |
pipenv run \ | |
python ../bench/cli.py diff ../../data/bench.csv bench_admin_stats_stamped.csv | \ | |
pipenv run \ | |
csvlook -I >> bench_admin_stats.md | |
cat bench_admin_stats.md | |
- uses: actions/github-script@v7 | |
# Only when in PR, not when merged | |
if: github.event.pull_request.merged == false | |
with: | |
script: | | |
const fs = require('node:fs'); | |
fs.readFile('/home/runner/work/qualicharge/qualicharge/src/api/bench_admin_stats.md', 'utf8', (err, data) => { | |
if (err) { | |
console.error(err); | |
return; | |
} | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: data | |
}); | |
}); | |
# Only when a PR is merged | |
update-bench-db: | |
if: github.event.pull_request.merged == true | |
needs: | |
- build-api | |
- bench-api | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
contents: write | |
defaults: | |
run: | |
working-directory: ./src/api | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.head_ref }} | |
- name: Install pipenv | |
run: pipx install pipenv | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: "pipenv" | |
cache-dependency-path: "src/api/Pipfile.lock" | |
- name: Get latest bench CSV artefact | |
uses: actions/download-artifact@v4 | |
with: | |
name: api-admin-benchmark | |
path: ./src/api | |
- name: Merge Bench database | |
run: | | |
pipenv run \ | |
csvstack \ | |
../../data/bench.csv \ | |
bench_admin_stats_stamped.csv \ | |
> /tmp/bench.csv | |
cp -f /tmp/bench.csv ../../data/bench.csv | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v7 | |
with: | |
add-paths: | | |
data/bench.csv | |
commit-message: | | |
⚡️(api) update benchmark database | |
Update bench database. | |
branch: update-api-bench-db | |
title: "⚡️(api) update benchmark database" | |
body: | | |
## Purpose | |
Each time a PR is merged and a new benchmark has been released, the bench database is updated. | |
## Proposal | |
- [x] update `data/bench.csv` | |
labels: | | |
API | |
needs review | |
test-database-migrations: | |
needs: build-api | |
runs-on: ubuntu-latest | |
services: | |
postgresql: | |
image: timescale/timescaledb-ha:pg14-ts2.14-oss | |
env: | |
POSTGRES_DB: test-qualicharge-api | |
POSTGRES_USER: qualicharge | |
POSTGRES_PASSWORD: pass | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432:5432 | |
defaults: | |
run: | |
working-directory: ./src/api | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Create postgis extension | |
run: psql "postgresql://qualicharge:pass@localhost:5432/test-qualicharge-api" -c "create extension postgis;" | |
- name: Install pipenv | |
run: pipx install pipenv | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: "pipenv" | |
cache-dependency-path: "src/api/Pipfile.lock" | |
- name: Run migrations | |
run: pipenv run alembic -c qualicharge/alembic.ini upgrade head | |
env: | |
QUALICHARGE_DB_ENGINE: postgresql+psycopg | |
QUALICHARGE_DB_HOST: localhost | |
QUALICHARGE_DB_NAME: test-qualicharge-api | |
QUALICHARGE_TEST_DB_NAME: test-qualicharge-api | |
# This is a fake setting required to run the app | |
QUALICHARGE_OIDC_PROVIDER_BASE_URL: http://localhost:8080/fake | |
QUALICHARGE_OAUTH2_TOKEN_ENCODING_KEY: thisissupersecret | |
QUALICHARGE_OAUTH2_TOKEN_ISSUER: http://test:8010 | |
QUALICHARGE_EXECUTION_ENVIRONMENT: ci | |
test-api: | |
needs: build-api | |
runs-on: ubuntu-latest | |
services: | |
postgresql: | |
image: timescale/timescaledb-ha:pg14-ts2.14-oss | |
env: | |
POSTGRES_DB: test-qualicharge-api | |
POSTGRES_USER: qualicharge | |
POSTGRES_PASSWORD: pass | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432:5432 | |
defaults: | |
run: | |
working-directory: ./src/api | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Create postgis extension | |
run: psql "postgresql://qualicharge:pass@localhost:5432/test-qualicharge-api" -c "create extension postgis;" | |
- name: Install pipenv | |
run: pipx install pipenv | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: "pipenv" | |
cache-dependency-path: "src/api/Pipfile.lock" | |
- name: Test with pytest | |
run: pipenv run pytest | |
env: | |
QUALICHARGE_DB_ENGINE: postgresql+psycopg | |
QUALICHARGE_DB_HOST: localhost | |
QUALICHARGE_DB_NAME: test-qualicharge-api | |
QUALICHARGE_TEST_DB_NAME: test-qualicharge-api | |
# Speed up tests | |
QUALICHARGE_API_STATIQUE_BULK_CREATE_MAX_SIZE: 10 | |
QUALICHARGE_API_STATUS_BULK_CREATE_MAX_SIZE: 10 | |
QUALICHARGE_API_SESSION_BULK_CREATE_MAX_SIZE: 10 | |
# This is a fake setting required to run the app | |
QUALICHARGE_OIDC_PROVIDER_BASE_URL: http://localhost:8080/fake | |
QUALICHARGE_OAUTH2_TOKEN_ENCODING_KEY: thisissupersecret | |
QUALICHARGE_OAUTH2_TOKEN_ISSUER: http://test:8010 | |
QUALICHARGE_EXECUTION_ENVIRONMENT: ci |