Skip to content

Commit

Permalink
chore: initial setup pt 2
Browse files Browse the repository at this point in the history 
Co-authored-by: Scott Davis <[email protected]>
  • Loading branch information
@jacobdadams @stdavis
jacobdadams and stdavis committed Sep 16, 2024
1 parent 183cb29 commit 82a8beb
Show file tree
Hide file tree
Showing 9 changed files with 417 additions and 0 deletions.
33 changes: 33 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
version: 2
updates:
- package-ecosystem: pip
directory: /
schedule:
interval: monthly
groups:
safe-dependencies:
update-types: ["minor", "patch"]
major-dependencies:
update-types: ["major"]
commit-message:
prefix: deps
prefix-development: deps(dev)
- package-ecosystem: github-actions
directory: /
schedule:
interval: monthly
groups:
ci-dependencies:
dependency-type: "production"
- package-ecosystem: npm
directory: /
schedule:
interval: monthly
groups:
safe-dependencies:
update-types: ["minor", "patch"]
major-dependencies:
update-types: ["major"]
commit-message:
prefix: deps
prefix-development: deps(dev)
255 changes: 255 additions & 0 deletions .github/workflows/push.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,255 @@
name: Build and Test

on:
push:
branches:
- main
- dev
pull_request:
branches:
- main
- dev

concurrency:
group: "${{ github.head_ref || github.ref }}"
cancel-in-progress: true

jobs:
test:
name: Setup and Test
runs-on: ubuntu-latest

steps:

- name: Checkout code
uses: actions/checkout@v4
with:
show-progress: false

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
cache: pip
cache-dependency-path: setup.py

- name: Install libkrb5 for Kerberos on Linux
run: |
sudo apt-get update
sudo apt-get install -y libkrb5-dev
- name: Install module
run: pip install .[tests]

- name: Test with pytest
run: pytest

deploy-dev:
name: Deploy to Cloud Run (dev)
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/dev'
environment:
name: dev
permissions:
id-token: write
contents: read

steps:
- name: ⬇️ Checkout code
uses: actions/checkout@v4
with:
show-progress: false

- name: 🗝️ Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
token_format: "access_token"

- name: 🐳 Set up Docker Buildx
id: builder
uses: docker/setup-buildx-action@v3

- name: 🗝️ Authenticate Docker to Google Cloud
uses: docker/login-action@v3
with:
registry: us-central1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: 🏷️ Extract tags from GitHub
id: meta
uses: docker/metadata-action@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job
tags: |
type=ref,suffix=-{{sha}},event=branch
type=ref,prefix=pr-,suffix=-{{sha}},event=pr
type=semver,pattern={{version}}
latest
- name: 📦 Build and push image
uses: docker/build-push-action@v6
with:
builder: ${{ steps.builder.outputs.name }}
tags: ${{ steps.meta.outputs.tags }}
context: .
file: ./Dockerfile
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
provenance: false

- name: ☁️ Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2

- name: 🚀 Deploy to Cloud Run Job
uses: google-github-actions/deploy-cloudrun@v2
with:
project_id: secrets.PROJECT_ID
region: us-central1
image: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest
job: default
secrets: /secrets/app/secrets.json=skid-secrets:latest
timeout: 3h
flags: >
'--cpu=1
--memory=3Gi
--service-account=cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
--timeout=3h
--max-instances=1
--max-retries=0
--parallelism=0'
- name: 🕰️ Create Cloud Scheduler
run: |
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep saturday-evening)" ]; then
gcloud scheduler jobs create http saturday-evening \
--description="Trigger the nfhl-skid bot once a week on saturday evening" \
--schedule="0 3 * * 6" \
--time-zone=America/Denver \
--location=us-central1 \
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
else
gcloud scheduler jobs update http saturday-evening \
--description="Trigger the nfhl-skid bot once a week on saturday evening" \
--schedule="0 3 * * 6" \
--time-zone=America/Denver \
--location=us-central1 \
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
fi
deploy-prod:
name: Deploy to Cloud Run (prod)
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment:
name: prod
permissions:
id-token: write
contents: read

steps:
- name: ⬇️ Checkout code
uses: actions/checkout@v4
with:
show-progress: false

- name: 🗝️ Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
token_format: "access_token"

- name: 🐳 Set up Docker Buildx
id: builder
uses: docker/setup-buildx-action@v3

- name: 🗝️ Authenticate Docker to Google Cloud
uses: docker/login-action@v3
with:
registry: us-central1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}

- name: 🏷️ Extract tags from GitHub
id: meta
uses: docker/metadata-action@v5
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
images: us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job
tags: |
type=ref,suffix=-{{sha}},event=branch
type=ref,prefix=pr-,suffix=-{{sha}},event=pr
type=semver,pattern={{version}}
latest
- name: 📦 Build and push image
uses: docker/build-push-action@v6
with:
builder: ${{ steps.builder.outputs.name }}
tags: ${{ steps.meta.outputs.tags }}
context: .
file: ./Dockerfile
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
provenance: false

- name: ☁️ Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2

- name: 🚀 Deploy to Cloud Run Job
run: |
if [ ! "$(gcloud run jobs list | grep default)" ]; then
gcloud run jobs create default \
--region us-central1 \
--image us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest \
--service-account cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \
--memory=3Gi \
--cpu=1 \
--max-retries 0 \
--parallelism 0 \
--set-secrets=/secrets/app/secrets.json=skid-secrets:latest \
--task-timeout 3h
else
gcloud run jobs update default \
--region us-central1 \
--image us-central1-docker.pkg.dev/${{ secrets.PROJECT_ID }}/images/job:latest \
--service-account cloud-run-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com \
--memory=3Gi \
--cpu=1 \
--max-retries 0 \
--parallelism 0 \
--set-secrets=/secrets/app/secrets.json=skid-secrets:latest \
--task-timeout 3h
fi
- name: 🕰️ Create Cloud Scheduler
run: |
if [ ! "$(gcloud scheduler jobs list --location=us-central1 | grep saturday-evening)" ]; then
gcloud scheduler jobs create http saturday-evening \
--description="Trigger the nfhl-skid bot once a week on saturday evening" \
--schedule="0 3 * * 6" \
--time-zone=America/Denver \
--location=us-central1 \
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
else
gcloud scheduler jobs update http saturday-evening \
--description="Trigger the nfhl-skid bot once a week on saturday evening" \
--schedule="0 3 * * 6" \
--time-zone=America/Denver \
--location=us-central1 \
--uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ secrets.PROJECT_ID }}/jobs/default:run" \
--oauth-service-account-email=scheduler-sa@${{ secrets.PROJECT_ID }}.iam.gserviceaccount.com
fi
0 src/backup/.gitignore → packages/backup/.gitignore
View file
File renamed without changes.
17 changes: 17 additions & 0 deletions packages/backup/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
FROM python:3.11-slim

# Allow statements and log messages to immediately appear in the Knative logs
ENV PYTHONUNBUFFERED=True

USER root
RUN useradd -s /bin/bash dummy

# Set the locale
RUN apt-get update && apt-get install -y locales && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 && apt-get install -y gcc && apt-get install -y libkrb5-dev && pip install requests-kerberos

COPY . /app
WORKDIR /app
RUN pip install .

USER dummy
ENTRYPOINT ["backup"]
11 changes: 11 additions & 0 deletions packages/backup/pyproject.toml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[tool.ruff]
line-length = 120
ignore = ["E501"]
[tool.black]
line-length = 120
[tool.pytest.ini_options]
minversion = "6.0"
testpaths = [ "tests", "src" ]
norecursedirs = [".env", "data", "maps", ".github", ".vscode"]
console_output_style = "count"
addopts = "--cov-branch --cov=project-moonwalk --cov-report term --cov-report xml:cov.xml --instafail"
58 changes: 58 additions & 0 deletions packages/backup/setup.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
#!/usr/bin/env python
# -*- encoding: utf-8 -*-
"""
setup.py
A module that installs the backup process as a module
"""
from glob import glob
from os.path import basename, splitext

from setuptools import find_packages, setup

setup(
name="moonwalk-backup",
version="1.0.0",
license="MIT",
description="Backup process for project moonwalk",
author="UGRC Developers",
author_email="[email protected]",
url="https://github.com/agrc/project-moonwalk",
packages=find_packages("src"),
package_dir={"": "src"},
py_modules=[splitext(basename(path))[0] for path in glob("src/*.py")],
include_package_data=True,
zip_safe=True,
classifiers=[
# complete classifier list: http://pypi.python.org/pypi?%3Aaction=list_classifiers
"Development Status :: 5 - Production/Stable",
"Intended Audience :: Developers",
"Topic :: Utilities",
],
project_urls={
"Issue Tracker": "https://github.com/agrc/project-moonwalk/issues",
},
keywords=["gis"],
install_requires=[
"arcgis>=2.3,<2.4",
],
extras_require={
"tests": [
"pytest-cov>=3,<6",
"pytest-instafail==0.5.*",
"pytest-mock==3.*",
"pytest-ruff==0.*",
"pytest-watch==4.*",
"pytest>=6,<9",
"black>=24.4.2,<24.5",
"ruff==0.*",
]
},
setup_requires=[
"pytest-runner",
],
entry_points={
"console_scripts": [
"backup = backup.main:backup",
]
},
)
Loading

0 comments on commit 82a8beb

Please sign in to comment.