diff --git a/.PKGBUILD/PKGBUILD b/.PKGBUILD/PKGBUILD index 82d038d..3913360 100644 --- a/.PKGBUILD/PKGBUILD +++ b/.PKGBUILD/PKGBUILD @@ -22,8 +22,9 @@ sha256sums=('SKIP' '3dc60140c08122a8ec0e7fa7f0937eb8c1288058890ba09478420fc30ce9e30c') pkgver() { + echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > $srcdir/$pkgname/version.env source $srcdir/$pkgname/version.env - echo ${VERSION} + echo $VERSION } check() { diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 89db932..93188ca 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,3 +1,10 @@ +include: + - template: Jobs/Code-Quality.gitlab-ci.yml + - template: Jobs/Secret-Detection.gitlab-ci.yml + - template: Jobs/SAST.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml + - template: Jobs/Dependency-Scanning.gitlab-ci.yml + cache: key: one-key-to-rule-them-all @@ -13,26 +20,37 @@ build:docker: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' tags: [ docker ] before_script: - - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env # COMMIT=`git rev-parse HEAD` + - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD` script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF} - - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF} + - IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF + - docker build . --tag $IMAGE + - docker push $IMAGE + - echo "CS_IMAGE=$IMAGE" > container_scanning.env + artifacts: + reports: + dotenv: container_scanning.env build:apt: image: debian:bookworm-slim interruptible: true stage: build rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + - if: $CI_COMMIT_TAG + variables: + VERSION: $CI_BUILD_REF_NAME - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH changes: - app/**/* - .DEBIAN/**/* + - .gitlab-ci.yml + variables: + VERSION: "0.0.1" - if: $CI_PIPELINE_SOURCE == 'merge_request_event' + variables: + VERSION: "0.0.1" before_script: - - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env - - source version.env + - echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > version.env # install build dependencies - apt-get update -qq && apt-get install -qq -y build-essential # create build directory for .deb sources @@ -53,7 +71,7 @@ build:apt: # cd into "build/" - cd build/ script: - # set version based on value in "$VERSION" (which is set above from version.env) + # set version based on value in "$CI_BUILD_REF_NAME" - sed -i -E 's/(Version\:\s)0.0/\1'"$VERSION"'/g' DEBIAN/control # build - dpkg -b . build.deb @@ -68,14 +86,21 @@ build:pacman: interruptible: true stage: build rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + - if: $CI_COMMIT_TAG + variables: + VERSION: $CI_BUILD_REF_NAME - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH changes: - app/**/* - .PKGBUILD/**/* + - .gitlab-ci.yml + variables: + VERSION: "0.0.1" - if: $CI_PIPELINE_SOURCE == 'merge_request_event' + variables: + VERSION: "0.0.1" before_script: - - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env + #- echo -e "VERSION=$VERSION\nCOMMIT=$CI_COMMIT_SHA" > version.env # install build dependencies - pacman -Syu --noconfirm git # create a build-user because "makepkg" don't like root user @@ -90,7 +115,7 @@ build:pacman: # download dependencies - source PKGBUILD && pacman -Syu --noconfirm --needed --asdeps "${makedepends[@]}" "${depends[@]}" # build - - sudo -u build makepkg -s + - sudo --preserve-env -u build makepkg -s artifacts: expire_in: 1 week paths: @@ -101,6 +126,7 @@ test: stage: test rules: - if: $CI_COMMIT_BRANCH + - if: $CI_COMMIT_TAG - if: $CI_PIPELINE_SOURCE == "merge_request_event" variables: DATABASE: sqlite:///../app/db.sqlite @@ -112,10 +138,11 @@ test: - openssl rsa -in app/cert/instance.private.pem -outform PEM -pubout -out app/cert/instance.public.pem - cd test script: - - pytest main.py + - python -m pytest main.py --junitxml=report.xml artifacts: reports: dotenv: version.env + junit: ['**/report.xml'] .test:linux: stage: test @@ -179,42 +206,83 @@ test:archlinux: - pacman -Sy - pacman -U --noconfirm *.pkg.tar.zst +code_quality: + rules: + - if: $CODE_QUALITY_DISABLED + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + +secret_detection: + rules: + - if: $SECRET_DETECTION_DISABLED + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + +semgrep-sast: + rules: + - if: $SAST_DISABLED + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + +test_coverage: + extends: test + allow_failure: true + rules: + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + script: + - pip install pytest pytest-cov + - coverage run -m pytest main.py + - coverage report + - coverage xml + coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/' + artifacts: + reports: + coverage_report: + coverage_format: cobertura + path: '**/coverage.xml' + +container_scanning: + dependencies: [ build:docker ] + rules: + - if: $CONTAINER_SCANNING_DISABLED + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + +gemnasium-python-dependency_scanning: + rules: + - if: $DEPENDENCY_SCANNING_DISABLED + when: never + - if: $CI_PIPELINE_SOURCE == "merge_request_event" + .deploy: rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - if: $CI_COMMIT_TAG - when: never deploy:docker: extends: .deploy stage: deploy - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH before_script: - - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env - - source version.env - - echo "Building docker image for commit ${COMMIT} with version ${VERSION}" + - echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env + - echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_BUILD_REF_NAME" script: - echo "GitLab-Registry" - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${VERSION} - - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:latest - - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${VERSION} - - docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:latest + - docker build . --tag $CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF_NAME + - docker build . --tag $CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:latest + - docker push $CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF_NAME + - docker push $CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:latest - echo "Docker-Hub" - docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN - - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION} - - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest - - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION} - - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest + - docker build . --tag $PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME:$CI_BUILD_REF_NAME + - docker build . --tag $PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME:latest + - docker push $PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME:$CI_BUILD_REF_NAME + - docker push $PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME:latest deploy:apt: # doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package extends: .deploy image: debian:bookworm-slim stage: deploy - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH needs: - job: build:apt artifacts: true @@ -254,8 +322,6 @@ deploy:pacman: extends: .deploy image: archlinux:base-devel stage: deploy - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH needs: - job: build:pacman artifacts: true @@ -263,9 +329,9 @@ deploy:pacman: - source .PKGBUILD/PKGBUILD - source version.env # fastapi-dls-1.0-1-any.pkg.tar.zst - - BUILD_NAME=${pkgname}-${VERSION}-${pkgrel}-any.pkg.tar.zst + - BUILD_NAME=${pkgname}-${CI_BUILD_REF_NAME}-${pkgrel}-any.pkg.tar.zst - PACKAGE_NAME=${pkgname} - - PACKAGE_VERSION=${VERSION} + - PACKAGE_VERSION=${CI_BUILD_REF_NAME} - PACKAGE_ARCH=any - EXPORT_NAME=${BUILD_NAME} - 'echo "PACKAGE_NAME: ${PACKAGE_NAME}"' @@ -277,19 +343,15 @@ deploy:pacman: release: image: registry.gitlab.com/gitlab-org/release-cli:latest stage: .post - needs: - - job: test - artifacts: true + needs: [ test ] rules: - if: $CI_COMMIT_TAG - when: never - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH script: - - echo "Running release-job for $VERSION" + - echo "Running release-job for $CI_COMMIT_TAG" release: - name: $CI_PROJECT_TITLE $VERSION - description: Release of $CI_PROJECT_TITLE version $VERSION - tag_name: $VERSION + name: $CI_PROJECT_TITLE $CI_COMMIT_TAG + description: Release of $CI_PROJECT_TITLE version $CI_COMMIT_TAG + tag_name: $CI_COMMIT_TAG ref: $CI_COMMIT_SHA assets: links: diff --git a/README.md b/README.md index a56ca7d..add9f24 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,8 @@ Docker-Images are available here: - [Docker-Hub](https://hub.docker.com/repository/docker/collinwebdesigns/fastapi-dls): `collinwebdesigns/fastapi-dls:latest` - [GitLab-Registry](https://git.collinwebdesigns.de/oscar.krause/fastapi-dls/container_registry): `registry.git.collinwebdesigns.de/oscar.krause/fastapi-dls/main:latest` +The images include database drivers for `postgres`, `mysql`, `mariadb` and `sqlite`. + **Run this on the Docker-Host** ```shell @@ -388,9 +390,9 @@ After first success you have to replace `--issue` with `--renew`. every 4.8 hours. If network connectivity is lost, the loss of connectivity is detected during license renewal and the client has 19.2 hours in which to re-establish connectivity before its license expires. -\*2 Always use `https`, since guest-drivers only support secure connections! +\*3 Always use `https`, since guest-drivers only support secure connections! -\*3 If you recreate instance keys you need to **recreate client-token for each guest**! +\*4 If you recreate instance keys you need to **recreate client-token for each guest**! # Setup (Client) @@ -398,9 +400,14 @@ client has 19.2 hours in which to re-establish connectivity before its license e Successfully tested with this package versions: -- `14.3` (Linux-Host: `510.108.03`, Linux-Guest: `510.108.03`, Windows-Guest: `513.91`) -- `14.4` (Linux-Host: `510.108.03`, Linux-Guest: `510.108.03`, Windows-Guest: `514.08`) -- `15.0` (Linux-Host: `525.60.12`, Linux-Guest: `525.60.13`, Windows-Guest: `527.41`) +| vGPU Suftware | vGPU Manager | Linux Driver | Windows Driver | Release Date | +|---------------|--------------|--------------|----------------|---------------| +| `15.1` | `525.85.07` | `525.85.05` | `528.24` | January 2023 | +| `15.0` | `525.60.12` | `525.60.13` | `527.41` | December 2022 | +| `14.4` | `510.108.03` | `510.108.03` | `514.08` | December 2022 | +| `14.3` | `510.108.03` | `510.108.03` | `513.91` | November 2022 | + +- https://docs.nvidia.com/grid/index.html ## Linux diff --git a/app/main.py b/app/main.py index 4b78253..f5388c8 100644 --- a/app/main.py +++ b/app/main.py @@ -82,7 +82,7 @@ async def _index(): @app.get('/-/health', summary='* Health') -async def _health(request: Request): +async def _health(): return JSONr({'status': 'up'}) diff --git a/requirements.txt b/requirements.txt index 39bbfb9..a1838b5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,8 +1,8 @@ -fastapi==0.89.1 +fastapi==0.92.0 uvicorn[standard]==0.20.0 python-jose==3.3.0 pycryptodome==3.17 python-dateutil==2.8.2 -sqlalchemy==2.0.0 +sqlalchemy==2.0.3 markdown==3.4.1 python-dotenv==0.21.1 diff --git a/version.env b/version.env deleted file mode 100644 index db1aeb8..0000000 --- a/version.env +++ /dev/null @@ -1 +0,0 @@ -VERSION=1.3.5