From f977f755389410fe1b83fd42f1f75f1991d14cdb Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 07:32:53 +0100 Subject: [PATCH 01/13] README.md updated --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 10cab6b..eea998d 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,14 @@ List registered origins. List current leases. +### `GET /client-token` + +Generate client token, (see [installation](#installation)). + +### Others + +There are some more internal api endpoints for handling authentication and lease process. + # Setup (Docker) **Run this on the Docker-Host** From 76f997d4378145413607307d6df4c61de822f83e Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 07:33:20 +0100 Subject: [PATCH 02/13] render README.md on index page --- Dockerfile | 1 + app/main.py | 6 ++++-- requirements.txt | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 40844d1..c3aa040 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,6 +11,7 @@ RUN apk update \ && apk del build-deps COPY app /app +COPY README.md /README.md HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1 CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "443", "--app-dir", "/app", "--proxy-headers", "--ssl-keyfile", "/app/cert/webserver.key", "--ssl-certfile", "/app/cert/webserver.crt"] diff --git a/app/main.py b/app/main.py index e09ebcc..a7cbc1d 100644 --- a/app/main.py +++ b/app/main.py @@ -12,7 +12,7 @@ from dateutil.relativedelta import relativedelta from calendar import timegm from jose import jws, jwk, jwt from jose.constants import ALGORITHMS -from starlette.responses import StreamingResponse, JSONResponse +from starlette.responses import StreamingResponse, JSONResponse, HTMLResponse import dataset from Crypto.PublicKey import RSA from Crypto.PublicKey.RSA import RsaKey @@ -53,7 +53,9 @@ def get_token(request: Request) -> dict: @app.get('/') async def index(): - return JSONResponse({'hello': 'world'}) + from markdown import markdown + content = load_file('../README.md').decode('utf-8') + return HTMLResponse(markdown(text=content, extensions=['tables', 'fenced_code', 'md_in_html', 'nl2br', 'toc'])) @app.get('/status') diff --git a/requirements.txt b/requirements.txt index d597ecb..03e8842 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,3 +4,4 @@ python-jose==3.3.0 pycryptodome==3.16.0 python-dateutil==2.8.2 dataset==1.5.2 +markdown==3.4.1 From 1d39f2308298262e6490a0ca5b43c0acc90215c4 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 07:33:39 +0100 Subject: [PATCH 03/13] removed some todos --- ToDo.md | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 ToDo.md diff --git a/ToDo.md b/ToDo.md deleted file mode 100644 index c87b012..0000000 --- a/ToDo.md +++ /dev/null @@ -1,9 +0,0 @@ -# FastAPI-DLS Server - - -## ToDo - -- Create Client Token (`.tok`-file) -- Docker Image -- Create Certificates if not exist -- Keep track of clients and Leases From 802366e9ffeb55100e938cf54df2f6faf7595394 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 08:00:52 +0100 Subject: [PATCH 04/13] code styling --- app/main.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/app/main.py b/app/main.py index a7cbc1d..13f0fad 100644 --- a/app/main.py +++ b/app/main.py @@ -48,7 +48,7 @@ jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), al def get_token(request: Request) -> dict: authorization_header = request.headers['authorization'] token = authorization_header.split(' ')[1] - return jwt.decode(token=token, key=jwt_decode_key, algorithms='RS256', options={'verify_aud': False}) + return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False}) @app.get('/') @@ -114,7 +114,7 @@ async def client_token(): "service_instance_public_key_configuration": service_instance_public_key_configuration, } - content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm='RS256') + content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256) response = StreamingResponse(iter([content]), media_type="text/plain") filename = f'client_configuration_token_{datetime.now().strftime("%d-%m-%y-%H-%M-%S")}' @@ -126,7 +126,7 @@ async def client_token(): # venv/lib/python3.9/site-packages/nls_services_auth/test/test_origins_controller.py # {"candidate_origin_ref":"00112233-4455-6677-8899-aabbccddeeff","environment":{"fingerprint":{"mac_address_list":["ff:ff:ff:ff:ff:ff"]},"hostname":"my-hostname","ip_address_list":["192.168.178.123","fe80::","fe80::1%enp6s18"],"guest_driver_version":"510.85.02","os_platform":"Debian GNU/Linux 11 (bullseye) 11","os_version":"11 (bullseye)"},"registration_pending":false,"update_pending":false} @app.post('/auth/v1/origin') -async def auth_origin(request: Request): +async def auth_v1_origin(request: Request): j = json.loads((await request.body()).decode('utf-8')) origin_ref = j['candidate_origin_ref'] @@ -159,7 +159,7 @@ async def auth_origin(request: Request): # venv/lib/python3.9/site-packages/nls_core_auth/auth.py - CodeResponse # {"code_challenge":"...","origin_ref":"00112233-4455-6677-8899-aabbccddeeff"} @app.post('/auth/v1/code') -async def auth_code(request: Request): +async def auth_v1_code(request: Request): j = json.loads((await request.body()).decode('utf-8')) origin_ref = j['origin_ref'] @@ -178,7 +178,7 @@ async def auth_code(request: Request): 'kid': SITE_KEY_XID } - auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm='RS256') + auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256) db['auth'].delete(origin_ref=origin_ref, expires={'<=': cur_time - delta}) db['auth'].insert(dict(origin_ref=origin_ref, code_challenge=j['code_challenge'], expires=expires)) @@ -196,7 +196,7 @@ async def auth_code(request: Request): # venv/lib/python3.9/site-packages/nls_core_auth/auth.py - TokenResponse # {"auth_code":"...","code_verifier":"..."} @app.post('/auth/v1/token') -async def auth_token(request: Request): +async def auth_v1_token(request: Request): j = json.loads((await request.body()).decode('utf-8')) payload = jwt.decode(token=j['auth_code'], key=jwt_decode_key) @@ -223,7 +223,7 @@ async def auth_token(request: Request): 'kid': SITE_KEY_XID, } - auth_token = jwt.encode(new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm='RS256') + auth_token = jwt.encode(new_payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256) response = { "expires": access_expires_on.isoformat(), @@ -236,7 +236,7 @@ async def auth_token(request: Request): # {'fulfillment_context': {'fulfillment_class_ref_list': []}, 'lease_proposal_list': [{'license_type_qualifiers': {'count': 1}, 'product': {'name': 'NVIDIA RTX Virtual Workstation'}}], 'proposal_evaluation_mode': 'ALL_OF', 'scope_ref_list': ['00112233-4455-6677-8899-aabbccddeeff']} @app.post('/leasing/v1/lessor') -async def leasing_lessor(request: Request): +async def leasing_v1_lessor(request: Request): j, token = json.loads((await request.body()).decode('utf-8')), get_token(request) code_challenge = token['origin_ref'] @@ -280,7 +280,7 @@ async def leasing_lessor(request: Request): # venv/lib/python3.9/site-packages/nls_services_lease/test/test_lease_multi_controller.py # venv/lib/python3.9/site-packages/nls_dal_service_instance_dls/schema/service_instance/V1_0_21__product_mapping.sql @app.get('/leasing/v1/lessor/leases') -async def leasing_lessor_lease(request: Request): +async def leasing_v1_lessor_lease(request: Request): token = get_token(request) code_challenge = token['origin_ref'] @@ -301,7 +301,7 @@ async def leasing_lessor_lease(request: Request): # venv/lib/python3.9/site-packages/nls_core_lease/lease_single.py @app.put('/leasing/v1/lease/{lease_ref}') -async def leasing_lease_renew(request: Request, lease_ref: str): +async def leasing_v1_lease_renew(request: Request, lease_ref: str): token = get_token(request) code_challenge = token['origin_ref'] @@ -330,7 +330,7 @@ async def leasing_lease_renew(request: Request, lease_ref: str): @app.delete('/leasing/v1/lessor/leases') -async def leasing_lessor_lease_remove(request: Request): +async def leasing_v1_lessor_lease_remove(request: Request): token = get_token(request) code_challenge = token['origin_ref'] From fdaedacfa5df0e406e242d8364e4a0f6a8581c9d Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 08:01:02 +0100 Subject: [PATCH 05/13] README.md --- README.md | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index eea998d..0599da0 100644 --- a/README.md +++ b/README.md @@ -36,10 +36,45 @@ There are some more internal api endpoints for handling authentication and lease WORKING_DIR=/opt/docker/fastapi-dls/cert mkdir -p $WORKING_DIR cd $WORKING_DIR +# create instance private and public key for singing JWT's openssl genrsa -out $WORKING_DIR/instance.private.pem 2048 openssl rsa -in $WORKING_DIR/instance.private.pem -outform PEM -pubout -out $WORKING_DIR/instance.public.pem +# create ssl certificate for integrated webserver (uvicorn) - because clients rely on ssl openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $WORKING_DIR/webserver.key -out $WORKING_DIR/webserver.crt -docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/app/cert collinwebdesigns/fastapi-dls:latest +``` + +**Start container** + +```shell +docker volume create dls-db +docker run -e DLS_URL=`hostname -i` -e DLS_PORT=443 -p 443:443 -v $WORKING_DIR:/app/cert -v dls-db:/app/database collinwebdesigns/fastapi-dls:latest +``` + +**Docker-Compose / Deploy stack** + +```yaml +version: '3.9' + +x-dls-variables: &dls-variables + DLS_URL: localhost # REQUIRED + DLS_PORT: 443 + LEASE_EXPIRE_DAYS: 90 + DATABASE: sqlite:////app/database/db.sqlite + +services: + dls: + image: collinwebdesigns/fastapi-dls:latest + restart: always + environment: + <<: *dls-variables + ports: + - "443:443" + volumes: + - /opt/docker/fastapi-dls/cert:/app/cert + - dls-db:/app/database + +volumes: + dls-db: ``` # Configuration From af6b17319dd65845c969bf22bc5429ca0b6618b8 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 10:40:05 +0100 Subject: [PATCH 06/13] include version and commit hash in status endpoint --- .gitlab-ci.yml | 2 ++ README.md | 2 +- app/main.py | 7 ++++++- requirements.txt | 1 + version.env | 1 + 5 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 version.env diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ea93548..ffa1295 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,6 +8,8 @@ build: rules: - if: $CI_COMMIT_BRANCH tags: [ docker ] + before_script: + - echo "COMMIT=`git rev-parse HEAD`" >> version.env script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF} diff --git a/README.md b/README.md index 0599da0..7f021cb 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Just a simple *hello world* endpoint. ### `GET /status` -Status endpoint, used for *healthcheck*. +Status endpoint, used for *healthcheck*. Shows also current version and commit hash. ### `GET /-/origins` diff --git a/app/main.py b/app/main.py index 13f0fad..813b5fe 100644 --- a/app/main.py +++ b/app/main.py @@ -17,6 +17,11 @@ import dataset from Crypto.PublicKey import RSA from Crypto.PublicKey.RSA import RsaKey +logger = logging.getLogger() +dotenv_values('version.env') + +VERSION, COMMIT, DEBUG = getenv('VERSION', 'unknown'), getenv('COMMIT', 'unknown'), bool(getenv('DEBUG', False)) + def load_file(filename) -> bytes: with open(filename, 'rb') as file: @@ -60,7 +65,7 @@ async def index(): @app.get('/status') async def status(request: Request): - return JSONResponse({'status': 'up'}) + return JSONResponse({'status': 'up', 'version': VERSION, 'commit': COMMIT, 'debug': DEBUG}) @app.get('/-/origins') diff --git a/requirements.txt b/requirements.txt index 03e8842..413b6d1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,3 +5,4 @@ pycryptodome==3.16.0 python-dateutil==2.8.2 dataset==1.5.2 markdown==3.4.1 +python-dotenv==0.21.0 diff --git a/version.env b/version.env new file mode 100644 index 0000000..3407a86 --- /dev/null +++ b/version.env @@ -0,0 +1 @@ +VERSION=0.5 From 42705be6317b9eac93ec6c41b8733a9a8b6eb459 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 10:40:31 +0100 Subject: [PATCH 07/13] README.md fixed description --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7f021cb..fe42cac 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Minimal Delegated License Service (DLS). ### `GET /` -Just a simple *hello world* endpoint. +HTML rendered README.md. ### `GET /status` From e323fd3488b9e67ea7fbe7fbcec0756d35f269d6 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 10:41:20 +0100 Subject: [PATCH 08/13] added cors support and improved logging --- README.md | 2 ++ app/main.py | 25 ++++++++++++++++++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fe42cac..7005045 100644 --- a/README.md +++ b/README.md @@ -81,10 +81,12 @@ volumes: | Variable | Default | Usage | |---------------------|-----------------------|---------------------------------------------------------------------------------------| +| `DEBUG` | `false` | Toggles `fastapi` debug mode | | `DLS_URL` | `localhost` | Used in client-token to tell guest driver where dls instance is reachable | | `DLS_PORT` | `443` | Used in client-token to tell guest driver where dls instance is reachable | | `LEASE_EXPIRE_DAYS` | `90` | Lease time in days | | `DATABASE` | `sqlite:///db.sqlite` | See [official dataset docs](https://dataset.readthedocs.io/en/latest/quickstart.html) | +| `CORS_ORIGINS` | `https://{DLS_URL}` | Sets `Access-Control-Allow-Origin` header (comma separated string) | # Installation diff --git a/app/main.py b/app/main.py index 813b5fe..c1cb965 100644 --- a/app/main.py +++ b/app/main.py @@ -1,8 +1,11 @@ +import logging from base64 import b64encode as b64enc from hashlib import sha256 from uuid import uuid4 from os.path import join, dirname from os import getenv + +from dotenv import dotenv_values from fastapi import FastAPI, HTTPException from fastapi.requests import Request from fastapi.encoders import jsonable_encoder @@ -12,6 +15,7 @@ from dateutil.relativedelta import relativedelta from calendar import timegm from jose import jws, jwk, jwt from jose.constants import ALGORITHMS +from starlette.middleware.cors import CORSMiddleware from starlette.responses import StreamingResponse, JSONResponse, HTMLResponse import dataset from Crypto.PublicKey import RSA @@ -35,7 +39,13 @@ def load_key(filename) -> RsaKey: # todo: initialize certificate (or should be done by user, and passed through "volumes"?) -app, db = FastAPI(), dataset.connect(str(getenv('DATABASE', 'sqlite:///db.sqlite'))) +__details = dict( + title='FastAPI-DLS', + description='Minimal Delegated License Service (DLS).', + version=VERSION, +) + +app, db = FastAPI(**__details), dataset.connect(str(getenv('DATABASE', 'sqlite:///db.sqlite'))) TOKEN_EXPIRE_DELTA = relativedelta(hours=1) # days=1 LEASE_EXPIRE_DELTA = relativedelta(days=int(getenv('LEASE_EXPIRE_DAYS', 90))) @@ -46,9 +56,22 @@ SITE_KEY_XID = getenv('SITE_KEY_XID', '00000000-0000-0000-0000-000000000000') INSTANCE_KEY_RSA = load_key(join(dirname(__file__), 'cert/instance.private.pem')) INSTANCE_KEY_PUB = load_key(join(dirname(__file__), 'cert/instance.public.pem')) +CORS_ORIGINS = getenv('CORS_ORIGINS').split(',') if (getenv('CORS_ORIGINS')) else f'https://{DLS_URL}' # todo: prevent static https + jwt_encode_key = jwk.construct(INSTANCE_KEY_RSA.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS256) jwt_decode_key = jwk.construct(INSTANCE_KEY_PUB.export_key().decode('utf-8'), algorithm=ALGORITHMS.RS512) +app.debug = DEBUG +app.add_middleware( + CORSMiddleware, + allow_origins=CORS_ORIGINS, + allow_credentials=True, + allow_methods=["*"], + allow_headers=["*"], +) + +logger.setLevel(logging.DEBUG if DEBUG else logging.INFO) + def get_token(request: Request) -> dict: authorization_header = request.headers['authorization'] From e89401dbc1d842f12ba271a3df1d2bc4647f8435 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 10:45:45 +0100 Subject: [PATCH 09/13] replaced "print" with "logging.info" --- app/main.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/app/main.py b/app/main.py index c1cb965..2af3bc9 100644 --- a/app/main.py +++ b/app/main.py @@ -158,7 +158,7 @@ async def auth_v1_origin(request: Request): j = json.loads((await request.body()).decode('utf-8')) origin_ref = j['candidate_origin_ref'] - print(f'> [ origin ]: {origin_ref}: {j}') + logging.info(f'> [ origin ]: {origin_ref}: {j}') data = dict( origin_ref=origin_ref, @@ -191,7 +191,7 @@ async def auth_v1_code(request: Request): j = json.loads((await request.body()).decode('utf-8')) origin_ref = j['origin_ref'] - print(f'> [ code ]: {origin_ref}: {j}') + logging.info(f'> [ code ]: {origin_ref}: {j}') cur_time = datetime.utcnow() delta = relativedelta(minutes=15) @@ -231,7 +231,7 @@ async def auth_v1_token(request: Request): code_challenge = payload['origin_ref'] origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref'] - print(f'> [ auth ]: {origin_ref} ({code_challenge}): {j}') + logging.info(f'> [ auth ]: {origin_ref} ({code_challenge}): {j}') # validate the code challenge if payload['challenge'] != b64enc(sha256(j['code_verifier'].encode('utf-8')).digest()).rstrip(b'=').decode('utf-8'): @@ -272,7 +272,7 @@ async def leasing_v1_lessor(request: Request): origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref'] - print(f'> [ create ]: {origin_ref} ({code_challenge}): create leases for scope_ref_list {scope_ref_list}') + logging.info(f'> [ create ]: {origin_ref} ({code_challenge}): create leases for scope_ref_list {scope_ref_list}') cur_time = datetime.utcnow() lease_result_list = [] @@ -315,7 +315,7 @@ async def leasing_v1_lessor_lease(request: Request): origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref'] active_lease_list = list(map(lambda x: x['lease_ref'], db['lease'].find(origin_ref=origin_ref))) - print(f'> [ leases ]: {origin_ref} ({code_challenge}): found {len(active_lease_list)} active leases') + logging.info(f'> [ leases ]: {origin_ref} ({code_challenge}): found {len(active_lease_list)} active leases') cur_time = datetime.utcnow() response = { @@ -335,7 +335,7 @@ async def leasing_v1_lease_renew(request: Request, lease_ref: str): code_challenge = token['origin_ref'] origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref'] - print(f'> [ renew ]: {origin_ref} ({code_challenge}): renew {lease_ref}') + logging.info(f'> [ renew ]: {origin_ref} ({code_challenge}): renew {lease_ref}') if db['lease'].count(origin_ref=origin_ref, lease_ref=lease_ref) == 0: raise HTTPException(status_code=404, detail='requested lease not available') @@ -366,7 +366,7 @@ async def leasing_v1_lessor_lease_remove(request: Request): origin_ref = db['auth'].find_one(code_challenge=code_challenge)['origin_ref'] released_lease_list = list(map(lambda x: x['lease_ref'], db['lease'].find(origin_ref=origin_ref))) deletions = db['lease'].delete(origin_ref=origin_ref) - print(f'> [ remove ]: {origin_ref} ({code_challenge}): removed {deletions} leases') + logging.info(f'> [ remove ]: {origin_ref} ({code_challenge}): removed {deletions} leases') cur_time = datetime.utcnow() response = { @@ -389,7 +389,7 @@ if __name__ == '__main__': # ### - print(f'> Starting dev-server ...') + logging.info(f'> Starting dev-server ...') ssl_keyfile = join(dirname(__file__), 'cert/webserver.key') ssl_certfile = join(dirname(__file__), 'cert/webserver.crt') From 7eddb1786255e20e50fb95511531f382a167d34f Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 10:48:36 +0100 Subject: [PATCH 10/13] Dockerfile - include version.env to image --- .gitlab-ci.yml | 7 +++++-- Dockerfile | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ffa1295..076485b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -24,9 +24,12 @@ deploy: stage: deploy rules: - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + before_script: + - source version.env + - Building docker image for commit "${COMMIT}" with version "${VERSION}" script: - docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN - - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${CI_BUILD_REF} + - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION} - docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest - - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${CI_BUILD_REF} + - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION} - docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest diff --git a/Dockerfile b/Dockerfile index c3aa040..9b5a9f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,6 +11,7 @@ RUN apk update \ && apk del build-deps COPY app /app +COPY version.env /app/version.env COPY README.md /README.md HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1 From 418473157147ec84eaa4d82d4c974d7f38826907 Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 10:53:51 +0100 Subject: [PATCH 11/13] dotenv fixes --- app/main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/main.py b/app/main.py index 2af3bc9..b48ffab 100644 --- a/app/main.py +++ b/app/main.py @@ -5,7 +5,7 @@ from uuid import uuid4 from os.path import join, dirname from os import getenv -from dotenv import dotenv_values +from dotenv import load_dotenv from fastapi import FastAPI, HTTPException from fastapi.requests import Request from fastapi.encoders import jsonable_encoder @@ -22,7 +22,7 @@ from Crypto.PublicKey import RSA from Crypto.PublicKey.RSA import RsaKey logger = logging.getLogger() -dotenv_values('version.env') +load_dotenv('version.env') VERSION, COMMIT, DEBUG = getenv('VERSION', 'unknown'), getenv('COMMIT', 'unknown'), bool(getenv('DEBUG', False)) From c5b6c79d1c8ec317590baf9ce86ce8678fca05ce Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 11:06:09 +0100 Subject: [PATCH 12/13] fixes --- .gitlab-ci.yml | 3 ++- Dockerfile | 2 +- app/main.py | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 076485b..52fa10f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,7 @@ build: - if: $CI_COMMIT_BRANCH tags: [ docker ] before_script: - - echo "COMMIT=`git rev-parse HEAD`" >> version.env + - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env # COMMIT=`git rev-parse HEAD` script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF} @@ -25,6 +25,7 @@ deploy: rules: - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH before_script: + - echo "COMMIT=${CI_COMMIT_SHA}" >> version.env - source version.env - Building docker image for commit "${COMMIT}" with version "${VERSION}" script: diff --git a/Dockerfile b/Dockerfile index 9b5a9f3..5819ef5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ RUN apk update \ && apk del build-deps COPY app /app -COPY version.env /app/version.env +COPY version.env /version.env COPY README.md /README.md HEALTHCHECK --start-period=30s --interval=10s --timeout=5s --retries=3 CMD curl --insecure --fail https://localhost/status || exit 1 diff --git a/app/main.py b/app/main.py index b48ffab..f35d3fc 100644 --- a/app/main.py +++ b/app/main.py @@ -22,7 +22,7 @@ from Crypto.PublicKey import RSA from Crypto.PublicKey.RSA import RsaKey logger = logging.getLogger() -load_dotenv('version.env') +load_dotenv('../version.env') VERSION, COMMIT, DEBUG = getenv('VERSION', 'unknown'), getenv('COMMIT', 'unknown'), bool(getenv('DEBUG', False)) From 6afb121533973f5cfeea759cf1eb56694838d0dd Mon Sep 17 00:00:00 2001 From: Oscar Krause Date: Wed, 21 Dec 2022 11:06:25 +0100 Subject: [PATCH 13/13] README.md - added docs section --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 7005045..25a7547 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,10 @@ HTML rendered README.md. Status endpoint, used for *healthcheck*. Shows also current version and commit hash. +### `GET /docs` + +OpenAPI specifications rendered from `GET /openapi.json`. + ### `GET /-/origins` List registered origins.