Chore: Update security posture and packaging environment

Dockerfile

@@ -11,8 +11,8 @@ WORKDIR /usr/local/src/app
 RUN \
     # Install shadow-utils for adduser functionality
     microdnf -y install shadow-utils \
-    # Install Python 3.8
-    && microdnf -y install python38 \
+    # Install Python 3.9
+    && microdnf -y install python39 \
     # Install application
     && pip3 install . \
     # Clean up unnecessary data

Pipfile

@@ -19,4 +19,4 @@ flake8 = "*"
 pre-commit = "*"
 
 [requires]
-python_version = "3.8"
+python_version = "3.9"

pyproject.toml

@@ -1,3 +1,43 @@
+[project]
+name = "osc-physrisk-api"
+version = "v0.9.9"
+description = "OS-Climate Physical Risk API"
+authors = [
+  { name = "David Besslich", email = "[email protected]" },
+]
+requires-python = ">=3.9"
+readme = "README.md"
+license = { text = "Apache-2.0" }
+keywords = ["Climate", "Finance"]
+classifiers = [
+  "Intended Audience :: Developers",
+  "Intended Audience :: Science/Research",
+  "License :: OSI Approved :: Apache Software License",
+  "Operating System :: MacOS",
+  "Operating System :: Microsoft :: Windows",
+  "Operating System :: Unix",
+  "Programming Language :: Python",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3 :: Only",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.9",
+  "Topic :: Office/Business :: Financial",
+  "Topic :: Scientific/Engineering",
+  "Topic :: Software Development",
+]
+dependencies = [
+  "numpy>= 1.22",
+]
+
+[project.urls]
+Homepage = "https://github.com/os-climate/physrisk-api"
+Repository = "https://github.com/os-climate/physrisk-api"
+Downloads = "https://github.com/os-climate/physrisk-api/releases"
+"Bug Tracker" = "https://github.com/os-climate/physrisk-api/issues"
+Documentation = "https://github.com/os-climate/physrisk-api/tree/main/docs"
+"Source Code" = "https://github.com/os-climate/physrisk-api"
+
 [build-system]
 requires = [
     "setuptools>=42",
@@ -38,6 +78,7 @@ force_grid_wrap = 0
 use_parentheses = true
 ensure_newline_before_comments = true
 line_length = 120
+profile = "black"
 
 [tool.coverage.run]
 omit = ["src/test/*"]

scripts/dev-versioning.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+#set -x
+
+FILEPATH="pyproject.toml"
+
+if [ $# -ne 1 ] && [ $# -ne 0 ]; then
+    echo "Usage: $0 [version-string]"
+    echo "Substitutes the version string in pyproject.toml"; exit 1
+elif [ $# -eq 1 ]; then
+    VERSION=$1
+    echo "Received version string: $VERSION"
+else
+    datetime=$(date +'%Y%m%d%H%M')
+    pyver=$(python --version | awk '{print $2}')
+    VERSION="${pyver}.${datetime}"
+    echo "Defined version string: $VERSION"
+fi
+
+echo "Performing string substitution on: $FILEPATH"
+sed -i "s/.*version =.*/version = \"$VERSION\"/" "$FILEPATH"
+echo "Versioning set to:"
+grep version "$FILEPATH"
+echo "Script completed!"; exit 0

scripts/linting.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+npm install eslint @babel/core @babel/eslint-parser --save-dev
+echo "Run with: eslint --ext .toml ."
+pre-commit install
+pre-commit autoupdate

scripts/purge-dev-tags.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+#set -x
+
+for TAG in $(git tag -l | grep 202 | sort | uniq); do
+git tag -d "${TAG}"git tag -d "$TAG"
+done
+echo "Script completed!"; exit 0

scripts/release-versioning.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+#set -x
+
+FILEPATH="pyproject.toml"
+
+for TAG in $(git tag -l | sort | uniq); do
+echo "" > /dev/null
+done
+echo "Version string from tags: ${TAG}"
+
+echo "Performing string substitution on: ${FILEPATH}"
+sed -i "s/.*version =.*/version = \"$TAG\"/" "${FILEPATH}"
+echo "Versioning set to:"
+grep version "${FILEPATH}"
+echo "Script completed!"; exit 0

scripts/tomllint.sh

@@ -0,0 +1,104 @@
+#!/bin/bash
+
+# set -x
+
+status_code="0"
+TAPLO_URL=https://github.com/tamasfe/taplo/releases/download/0.8.1
+
+# Process commmand-line arguments
+if [ $# -eq 0 ]; then
+    TARGET=$(pwd)
+elif [ $# -eq 1 ]; then
+    TARGET="$1"
+fi
+
+check_platform() {
+    # Enumerate platform and set binary name appropriately
+    PLATFORM=$(uname -a)
+    if (echo "${PLATFORM}" | grep Darwin | grep arm64); then
+        TAPLO_BIN="taplo-darwin-aarch64"
+    elif (echo "${PLATFORM}" | grep Darwin | grep x86_64); then
+        TAPLO_BIN="taplo-darwin-x86_64"
+    elif (echo "${PLATFORM}" | grep Linux | grep aarch64); then
+        TAPLO_BIN="taplo-full-linux-aarch64"
+    elif (echo "${PLATFORM}" | grep Linux | grep x86_64); then
+        TAPLO_BIN="taplo-full-linux-x86_64"
+    else
+        echo "Unsupported platform!"; exit 1
+    fi
+    TAPLO_GZIP="$TAPLO_BIN.gz"
+
+}
+
+check_file() {
+    local file_path="$1"
+    cp "$file_path" "$file_path.original"
+    /tmp/"${TAPLO_BIN}" format "$file_path" >/dev/null
+    diff "$file_path" "$file_path.original"
+    local exit_code=$?
+    if [ $exit_code -ne 0 ]; then
+        status_code=$exit_code
+        echo "::error file={$file_path},line={line},col={col}::{TOML file not formatted}"
+    elif [ -f "$file_path.original" ]; then
+        rm "$file_path.original"
+    fi
+}
+
+check_all() {
+    if [ -d "${TARGET}" ]; then
+        echo "Scanning all the TOML files at folder: ${TARGET}"
+    fi
+    while IFS= read -r current_file; do
+        echo "Check file $current_file"
+        check_file "$current_file"
+    done < <(find . -name '*.toml' -type f -not -path '*/.*')
+}
+
+download_taplo() {
+    if [ ! -f /tmp/"${TAPLO_GZIP}" ]; then
+        "${WGET_BIN}" -q -e robots=off -P /tmp "${TAPLO_URL}"/"${TAPLO_GZIP}"
+    fi
+    TAPLO_PATH="/tmp/${TAPLO_BIN}"
+    if [ ! -x "${TAPLO_PATH}" ]; then
+        gzip -d "/tmp/${TAPLO_GZIP}"
+        chmod +x "/tmp/${TAPLO_BIN}"
+    fi
+    TAPLO_BIN="/tmp/${TAPLO_BIN}"
+}
+
+cleanup_tmp() {
+    # Only clean the temp directory if it was used
+    if [ -f /tmp/"${TAPLO_BIN}" ] || [ -f /tmp/"${TAPLO_GZIP}" ]; then
+        echo "Cleaning up..."
+        rm /tmp/"${TAPLO_BIN}"*
+    fi
+}
+
+check_wget() {
+    # Pre-flight binary checks and download
+    WGET_BIN=$(which wget)
+    if [ ! -x "${WGET_BIN}" ]; then
+        echo "WGET command not found"
+        sudo apt update; sudo apt-get install -y wget | true
+    fi
+    WGET_BIN=$(which wget)
+    if [ ! -x "${WGET_BIN}" ]; then
+        echo "WGET could not be installed"; exit 1
+    fi
+}
+
+TAPLO_BIN=$(which taplo)
+if [ ! -x "${TAPLO_BIN}" ]; then
+    check_wget && check_platform && download_taplo
+fi
+
+if [ ! -x "${TAPLO_BIN}" ]; then
+    echo "Download failed: TOML linting binary not found [taplo]"
+    status_code="1"
+else
+    # To avoid execution when sourcing this script for testing
+    [ "$0" = "${BASH_SOURCE[0]}" ] && check_all "$@"
+fi
+
+cleanup_tmp
+exit $status_code

setup.cfg

@@ -24,7 +24,7 @@ install_requires =
     flask-cors
     flask-jwt-extended
     physrisk-lib>=0.19.0
-
+    numpy>=1.22
 [options.packages.find]
 where = src
 include = physrisk*

src/physrisk_api/app/api.py

@@ -90,7 +90,7 @@ def get_image(resource, x=None, y=None, z=None, format="png", requester: Request
     max_value_arg = request.args.get("maxValue")
     max_value = float(max_value_arg) if max_value_arg is not None else None
     colormap = request.args.get("colormap")
-    scenario_id = request.args.get("scenarioId")
+    scenario_id = request.args.get("scenarioid")
     year = int(request.args.get("year"))  # type:ignore
     try:
         verify_jwt_in_request(optional=True)