Update service commons and adapt auth (#20)

ghga-de · Mar 20, 2024 · a20ec2b · a20ec2b
1 parent 5aed6d0
commit a20ec2b
Show file tree

Hide file tree

Showing 24 changed files with 1,090 additions and 1,235 deletions.
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -30,13 +30,13 @@ services:
       WPS_CONFIG_YAML: /workspace/.devcontainer/.dev_config.yaml
 
   mongodb:
-    image: mongo:6.0.3
+    image: mongo:7.0.7
     restart: unless-stopped
     volumes:
       - mongo_fs:/data/db
 
   mongo-express:
-    image: mongo-express
+    image: mongo-express:1.0.2
     restart: unless-stopped
     ports:
       - 8088:8081

diff --git a/.github/workflows/ci_workflow_dispatch.yaml b/.github/workflows/ci_workflow_dispatch.yaml
@@ -12,7 +12,7 @@ on:
 jobs:
   fetch-tag:
     runs-on: ubuntu-latest
-    if: ( github.event.action == 'workflow_dispatch' || github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'build') ) || ( github.event.action == 'labeled' && github.event.label.name == 'build' )
+    if:  github.event_name == 'workflow_dispatch' || ( github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'build') ) || ( github.event.action == 'labeled' && github.event.label.name == 'build' )
     steps:
       - id: fetch-tag
         uses: ghga-de/gh-action-fetch-tag@v1

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -48,13 +48,13 @@ repos:
       - id: no-commit-to-branch
         args: [--branch, dev, --branch, int, --branch, main]
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.2.1
+    rev: v0.3.3
     hooks:
       - id: ruff
         args: [--fix, --exit-non-zero-on-fix]
       - id: ruff-format
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.8.0
+    rev: v1.9.0
     hooks:
       - id: mypy
         args: [--no-warn-unused-ignores]
diff --git a/.pyproject_generation/pyproject_custom.toml b/.pyproject_generation/pyproject_custom.toml
@@ -1,11 +1,11 @@
 [project]
 name = "wps"
-version = "1.0.1"
+version = "2.0.0"
 description = "Work Package Service"
 dependencies = [
-    "ghga-event-schemas~=3.0.0",
-    "ghga-service-commons[api,auth,crypt]>=2, <3",
-    "hexkit[akafka,mongodb]>=2.1.0",
+    "ghga-event-schemas~=3.1.0",
+    "ghga-service-commons[api,auth,crypt]>=3.1.1",
+    "hexkit[akafka,mongodb]>=2.1.1",
     "typer>=0.9.0",
 ]
 

diff --git a/.pyproject_generation/pyproject_template.toml b/.pyproject_generation/pyproject_template.toml
@@ -32,6 +32,16 @@ exclude = [
     "build",
     "dist",
 ]
+line-length = 88
+src = ["src", "tests", "examples", "scripts"]
+target-version = "py39"
+
+[tool.ruff.lint]
+fixable = [
+    "UP", # e.g. List -> list
+    "I", # sort imports
+    "D", # pydocstyle
+]
 ignore = [
     "E", # pycodestyle errors
     "W", # pycodestyle warnings - pycodestyle covered by black
@@ -49,7 +59,6 @@ ignore = [
     "D206", # indent-with-spaces (ignored for formatter)
     "D300", # triple-single-quotes (ignored for formatter)
 ]
-line-length = 88
 select = [
     "C90", # McCabe Complexity
     "F", # pyflakes codes
@@ -63,25 +72,18 @@ select = [
     "SIM", # flake8-simplify
     "D", # pydocstyle
 ]
-fixable = [
-    "UP", # e.g. List -> list
-    "I", # sort imports
-    "D", # pydocstyle
-]
-src = ["src", "tests", "examples", "scripts"]
-target-version = "py39"
 
-[tool.ruff.mccabe]
+[tool.ruff.lint.mccabe]
 max-complexity = 10
 
-[tool.ruff.per-file-ignores]
+[tool.ruff.lint.per-file-ignores]
 "scripts/*" = ["PL", "S", "SIM", "D"]
 "tests/*" = ["S", "SIM", "PLR", "B011"]
 ".devcontainer/*" = ["S", "SIM", "D"]
 "examples/*" = ["S", "D"]
 "__init__.py" = ["D"]
 
-[tool.ruff.pydocstyle]
+[tool.ruff.lint.pydocstyle]
 convention = "pep257"
 
 [tool.mypy]

diff --git a/README.md b/README.md
@@ -52,21 +52,21 @@ We recommend using the provided Docker container.
 
 A pre-build version is available at [docker hub](https://hub.docker.com/repository/docker/ghga/work-package-service):
 ```bash
-docker pull ghga/work-package-service:1.0.1
+docker pull ghga/work-package-service:2.0.0
 ```
 
 Or you can build the container yourself from the [`./Dockerfile`](./Dockerfile):
 ```bash
 # Execute in the repo's root dir:
-docker build -t ghga/work-package-service:1.0.1 .
+docker build -t ghga/work-package-service:2.0.0 .
 ```
 
 For production-ready deployment, we recommend using Kubernetes, however,
 for simple use cases, you could execute the service using docker
 on a single server:
 ```bash
 # The entrypoint is preconfigured:
-docker run -p 8080:8080 ghga/work-package-service:1.0.1 --help
+docker run -p 8080:8080 ghga/work-package-service:2.0.0 --help
 ```
 
 If you prefer not to use containers, you may install the service from source:
@@ -239,7 +239,7 @@ The service requires the following configuration parameters:
 
   - **Items** *(string)*
 
-- **`auth_check_claims`** *(object)*: A dict of all GHGA internal claims that shall be verified. Default: `{"name": null, "email": null, "iat": null, "exp": null}`.
+- **`auth_check_claims`** *(object)*: A dict of all GHGA internal claims that shall be verified. Default: `{"id": null, "name": null, "email": null, "iat": null, "exp": null}`.
 
 - **`auth_map_claims`** *(object)*: A mapping of claims to attributes in the GHGA auth context. Can contain additional properties. Default: `{}`.
 
@@ -253,7 +253,7 @@ The service requires the following configuration parameters:
 
 - **`workers`** *(integer)*: Number of workers processes to run. Default: `1`.
 
-- **`api_root_path`** *(string)*: Root path at which the API is reachable. This is relative to the specified host and port. Default: `"/"`.
+- **`api_root_path`** *(string)*: Root path at which the API is reachable. This is relative to the specified host and port. Default: `""`.
 
 - **`openapi_url`** *(string)*: Path to get the openapi specification in JSON format. This is relative to the specified host and port. Default: `"/openapi.json"`.
 

diff --git a/config_schema.json b/config_schema.json
@@ -199,6 +199,7 @@
     },
     "auth_check_claims": {
       "default": {
+        "id": null,
         "name": null,
         "email": null,
         "iat": null,
@@ -242,7 +243,7 @@
       "type": "integer"
     },
     "api_root_path": {
-      "default": "/",
+      "default": "",
       "description": "Root path at which the API is reachable. This is relative to the specified host and port.",
       "title": "Api Root Path",
       "type": "string"

diff --git a/example_config.yaml b/example_config.yaml
@@ -1,10 +1,11 @@
-api_root_path: /
+api_root_path: ''
 auth_algs:
 - ES256
 auth_check_claims:
   email: null
   exp: null
   iat: null
+  id: null
   name: null
 auth_key: '{}'
 auth_map_claims: {}

diff --git a/lock/requirements-dev-template.in b/lock/requirements-dev-template.in
@@ -1,32 +1,34 @@
 # common requirements for development and testing of services
 
-pytest>=7.2.0
-pytest-asyncio>=0.20.3
-pytest-cov>=4.0.0
+pytest>=7.4.0
+pytest-asyncio>=0.23.0
+pytest-cov>=4.1.0
 pytest-profiling>=1.7.0
 snakeviz>=2.2.0
+logot>=1.2.0
 
-pre-commit>=3.1.1
+pre-commit>=3.6.0
 
-mypy>=1.0.0
+mypy>=1.8.0
 mypy-extensions>=1.0.0
 
-ruff>=0.0.290
+ruff>=0.3.0
 
 click>=8.1.0
-typer>=0.7.0
+typer>=0.9.0
 
-httpx>=0.23.3
-pytest-httpx>=0.21.3
+httpx>=0.27.0
+pytest-httpx>=0.30.0
 
-urllib3>=1.26.15
-requests>=2.28.2
+urllib3>=1.26.18
+requests>=2.31.0
 
 stringcase>=1.2.0
 jsonschema2md>=1.0.0
-setuptools>=67.7.2
+setuptools>=69.1.0
 
 # required since switch to pyproject.toml and pip-tools
-pip-tools>=7.3.0
 tomli>=2.0.1
 tomli_w>=1.0.0
+
+uv>=0.1.21