Skip to content

Commit

Permalink
Chore: Update security posture and packaging environment
Browse files Browse the repository at this point in the history
Signed-off-by: Matthew Watkins <[email protected]>
  • Loading branch information
ModeSevenIndustrialSolutions committed Nov 21, 2023
1 parent 5d6477e commit 1c9ab8a
Show file tree
Hide file tree
Showing 11 changed files with 395 additions and 191 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ WORKDIR /usr/local/src/app
RUN \
# Install shadow-utils for adduser functionality
microdnf -y install shadow-utils \
# Install Python 3.8
&& microdnf -y install python38 \
# Install Python 3.9
&& microdnf -y install python39 \
# Install application
&& pip3 install . \
# Clean up unnecessary data
Expand Down
2 changes: 1 addition & 1 deletion Pipfile
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ flake8 = "*"
pre-commit = "*"

[requires]
python_version = "3.8"
python_version = "3.9"
377 changes: 191 additions & 186 deletions Pipfile.lock

Large diffs are not rendered by default.

41 changes: 41 additions & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,3 +1,43 @@
[project]
name = "osc-physrisk-api"
version = "v0.9.9"
description = "OS-Climate Physical Risk API"
authors = [
{ name = "David Besslich", email = "[email protected]" },
]
requires-python = ">=3.9"
readme = "README.md"
license = { text = "Apache-2.0" }
keywords = ["Climate", "Finance"]
classifiers = [
"Intended Audience :: Developers",
"Intended Audience :: Science/Research",
"License :: OSI Approved :: Apache Software License",
"Operating System :: MacOS",
"Operating System :: Microsoft :: Windows",
"Operating System :: Unix",
"Programming Language :: Python",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3.10",
"Programming Language :: Python :: 3.9",
"Topic :: Office/Business :: Financial",
"Topic :: Scientific/Engineering",
"Topic :: Software Development",
]
dependencies = [
"numpy>= 1.22",
]

[project.urls]
Homepage = "https://github.com/os-climate/physrisk-api"
Repository = "https://github.com/os-climate/physrisk-api"
Downloads = "https://github.com/os-climate/physrisk-api/releases"
"Bug Tracker" = "https://github.com/os-climate/physrisk-api/issues"
Documentation = "https://github.com/os-climate/physrisk-api/tree/main/docs"
"Source Code" = "https://github.com/os-climate/physrisk-api"

[build-system]
requires = [
"setuptools>=42",
Expand Down Expand Up @@ -38,6 +78,7 @@ force_grid_wrap = 0
use_parentheses = true
ensure_newline_before_comments = true
line_length = 120
profile = "black"

[tool.coverage.run]
omit = ["src/test/*"]
Expand Down
24 changes: 24 additions & 0 deletions scripts/dev-versioning.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/bin/bash

#set -x

FILEPATH="pyproject.toml"

if [ $# -ne 1 ] && [ $# -ne 0 ]; then
echo "Usage: $0 [version-string]"
echo "Substitutes the version string in pyproject.toml"; exit 1
elif [ $# -eq 1 ]; then
VERSION=$1
echo "Received version string: $VERSION"
else
datetime=$(date +'%Y%m%d%H%M')
pyver=$(python --version | awk '{print $2}')
VERSION="${pyver}.${datetime}"
echo "Defined version string: $VERSION"
fi

echo "Performing string substitution on: $FILEPATH"
sed -i "s/.*version =.*/version = \"$VERSION\"/" "$FILEPATH"
echo "Versioning set to:"
grep version "$FILEPATH"
echo "Script completed!"; exit 0
6 changes: 6 additions & 0 deletions scripts/linting.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash

npm install eslint @babel/core @babel/eslint-parser --save-dev
echo "Run with: eslint --ext .toml ."
pre-commit install
pre-commit autoupdate
8 changes: 8 additions & 0 deletions scripts/purge-dev-tags.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

#set -x

for TAG in $(git tag -l | grep 202 | sort | uniq); do
git tag -d "${TAG}"git tag -d "$TAG"
done
echo "Script completed!"; exit 0
16 changes: 16 additions & 0 deletions scripts/release-versioning.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash

#set -x

FILEPATH="pyproject.toml"

for TAG in $(git tag -l | sort | uniq); do
echo "" > /dev/null
done
echo "Version string from tags: ${TAG}"

echo "Performing string substitution on: ${FILEPATH}"
sed -i "s/.*version =.*/version = \"$TAG\"/" "${FILEPATH}"
echo "Versioning set to:"
grep version "${FILEPATH}"
echo "Script completed!"; exit 0
104 changes: 104 additions & 0 deletions scripts/tomllint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
#!/bin/bash

# set -x

status_code="0"
TAPLO_URL=https://github.com/tamasfe/taplo/releases/download/0.8.1

# Process commmand-line arguments
if [ $# -eq 0 ]; then
TARGET=$(pwd)
elif [ $# -eq 1 ]; then
TARGET="$1"
fi

check_platform() {
# Enumerate platform and set binary name appropriately
PLATFORM=$(uname -a)
if (echo "${PLATFORM}" | grep Darwin | grep arm64); then
TAPLO_BIN="taplo-darwin-aarch64"
elif (echo "${PLATFORM}" | grep Darwin | grep x86_64); then
TAPLO_BIN="taplo-darwin-x86_64"
elif (echo "${PLATFORM}" | grep Linux | grep aarch64); then
TAPLO_BIN="taplo-full-linux-aarch64"
elif (echo "${PLATFORM}" | grep Linux | grep x86_64); then
TAPLO_BIN="taplo-full-linux-x86_64"
else
echo "Unsupported platform!"; exit 1
fi
TAPLO_GZIP="$TAPLO_BIN.gz"

}

check_file() {
local file_path="$1"
cp "$file_path" "$file_path.original"
/tmp/"${TAPLO_BIN}" format "$file_path" >/dev/null
diff "$file_path" "$file_path.original"
local exit_code=$?
if [ $exit_code -ne 0 ]; then
status_code=$exit_code
echo "::error file={$file_path},line={line},col={col}::{TOML file not formatted}"
elif [ -f "$file_path.original" ]; then
rm "$file_path.original"
fi
}

check_all() {
if [ -d "${TARGET}" ]; then
echo "Scanning all the TOML files at folder: ${TARGET}"
fi
while IFS= read -r current_file; do
echo "Check file $current_file"
check_file "$current_file"
done < <(find . -name '*.toml' -type f -not -path '*/.*')
}

download_taplo() {
if [ ! -f /tmp/"${TAPLO_GZIP}" ]; then
"${WGET_BIN}" -q -e robots=off -P /tmp "${TAPLO_URL}"/"${TAPLO_GZIP}"
fi
TAPLO_PATH="/tmp/${TAPLO_BIN}"
if [ ! -x "${TAPLO_PATH}" ]; then
gzip -d "/tmp/${TAPLO_GZIP}"
chmod +x "/tmp/${TAPLO_BIN}"
fi
TAPLO_BIN="/tmp/${TAPLO_BIN}"
}

cleanup_tmp() {
# Only clean the temp directory if it was used
if [ -f /tmp/"${TAPLO_BIN}" ] || [ -f /tmp/"${TAPLO_GZIP}" ]; then
echo "Cleaning up..."
rm /tmp/"${TAPLO_BIN}"*
fi
}

check_wget() {
# Pre-flight binary checks and download
WGET_BIN=$(which wget)
if [ ! -x "${WGET_BIN}" ]; then
echo "WGET command not found"
sudo apt update; sudo apt-get install -y wget | true
fi
WGET_BIN=$(which wget)
if [ ! -x "${WGET_BIN}" ]; then
echo "WGET could not be installed"; exit 1
fi
}

TAPLO_BIN=$(which taplo)
if [ ! -x "${TAPLO_BIN}" ]; then
check_wget && check_platform && download_taplo
fi

if [ ! -x "${TAPLO_BIN}" ]; then
echo "Download failed: TOML linting binary not found [taplo]"
status_code="1"
else
# To avoid execution when sourcing this script for testing
[ "$0" = "${BASH_SOURCE[0]}" ] && check_all "$@"
fi

cleanup_tmp
exit $status_code
2 changes: 1 addition & 1 deletion setup.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ install_requires =
flask-cors
flask-jwt-extended
physrisk-lib>=0.19.0

numpy>=1.22
[options.packages.find]
where = src
include = physrisk*
2 changes: 1 addition & 1 deletion src/physrisk_api/app/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ def get_image(resource, x=None, y=None, z=None, format="png", requester: Request
max_value_arg = request.args.get("maxValue")
max_value = float(max_value_arg) if max_value_arg is not None else None
colormap = request.args.get("colormap")
scenario_id = request.args.get("scenarioId")
scenario_id = request.args.get("scenarioid")
year = int(request.args.get("year")) # type:ignore
try:
verify_jwt_in_request(optional=True)
Expand Down

0 comments on commit 1c9ab8a

Please sign in to comment.