# This is a combination of 17 commits.

# This is the 1st commit message: Fix sonar badge # This is the commit message #2: Add deployment # This is the commit message #3: Add concurrency check # This is the commit message #4: Fix CI/CD deployment # This is the commit message #5: Add hash to build # This is the commit message #6: Inject version into template # This is the commit message #7: Fix typo in deployment # This is the commit message #8: Bump the allpip group across 1 directory with 5 updates Bumps the allpip group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [sqlmodel](https://github.com/tiangolo/sqlmodel) | `0.0.18` | `0.0.19` | | [pydantic](https://github.com/pydantic/pydantic) | `2.7.3` | `2.7.4` | | [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.3.1` | `2.3.3` | | [ruff](https://github.com/astral-sh/ruff) | `0.4.8` | `0.4.9` | | [pyright](https://github.com/RobertCraigie/pyright-python) | `1.1.366` | `1.1.367` | Updates `sqlmodel` from 0.0.18 to 0.0.19 - [Release notes](https://github.com/tiangolo/sqlmodel/releases) - [Changelog](https://github.com/tiangolo/sqlmodel/blob/main/docs/release-notes.md) - [Commits](fastapi/sqlmodel@0.0.18...0.0.19) Updates `pydantic` from 2.7.3 to 2.7.4 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.7.3...v2.7.4) Updates `pydantic-settings` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/pydantic/pydantic-settings/releases) - [Commits](pydantic/pydantic-settings@v2.3.1...v2.3.3) Updates `ruff` from 0.4.8 to 0.4.9 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@v0.4.8...v0.4.9) Updates `pyright` from 1.1.366 to 1.1.367 - [Release notes](https://github.com/RobertCraigie/pyright-python/releases) - [Commits](RobertCraigie/pyright-python@v1.1.366...v1.1.367) --- updated-dependencies: - dependency-name: sqlmodel dependency-type: direct:production update-type: version-update:semver-patch dependency-group: allpip - dependency-name: pydantic dependency-type: direct:production update-type: version-update:semver-patch dependency-group: allpip - dependency-name: pydantic-settings dependency-type: direct:production update-type: version-update:semver-patch dependency-group: allpip - dependency-name: ruff dependency-type: direct:development update-type: version-update:semver-patch dependency-group: allpip - dependency-name: pyright dependency-type: direct:development update-type: version-update:semver-patch dependency-group: allpip ... Signed-off-by: dependabot[bot] <[email protected]> # This is the commit message #9: Add automerge for dependabot & pre-commit and change CODEOWNERS # This is the commit message #10: Add database schema initialization # This is the commit message #11: Update .pre-commit-config.yaml updates: - [github.com/astral-sh/ruff-pre-commit: v0.4.8 → v0.4.9](astral-sh/ruff-pre-commit@v0.4.8...v0.4.9) # This is the commit message #12: Fix deployment order # This is the commit message #13: Fix deploy tag # This is the commit message #14: Fix deployment repo access # This is the commit message #15: Fix tag deployments # This is the commit message #16: Fix version labeling container # This is the commit message #17: Update .pre-commit-config.yaml updates: - [github.com/astral-sh/ruff-pre-commit: v0.4.9 → v0.4.10](astral-sh/ruff-pre-commit@v0.4.9...v0.4.10)
MinBZK · Jul 3, 2024 · 6c7f52f · 6c7f52f
1 parent d9a2816
commit 6c7f52f
Show file tree

Hide file tree

Showing 5 changed files with 78 additions and 48 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -141,6 +141,8 @@ jobs:
       actions: read
     steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: get commit hash
         id: get_commit_hash
@@ -168,7 +170,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} #TODO(berry): fix on git labels multiple tags
         env:
           DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
 
@@ -179,7 +181,6 @@ jobs:
           echo "annotations: ${{ steps.meta.outputs.annotations }}"
           echo "hash: ${{ steps.get_commit_hash.outputs.commit_hash }}"
 
-
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:
@@ -208,10 +209,20 @@ jobs:
         with:
           sarif_file: 'trivy-results.sarif'
 
+      - name: Extract metadata for Docker
+        id: meta2
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} #TODO(berry): fix on git labels multiple tags
+          flavor: |
+            latest=false
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+
       - name: Run Trivy SBOM
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ steps.meta.outputs.tags }}
+          image-ref: ${{ steps.meta2.outputs.tags }}
           scan-type: image
           exit-code: 0
           format: 'cyclonedx'
@@ -224,7 +235,7 @@ jobs:
       - name: Run Trivy license scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ steps.meta.outputs.tags }}
+          image-ref: ${{ steps.meta2.outputs.tags }}
           scan-type: image
           scanners: 'license'
           exit-code: 0
@@ -243,6 +254,34 @@ jobs:
           if-no-files-found: error
           overwrite: true
 
+  deploy:
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: ${{ github.event_name == 'push' }}
+    permissions:
+      actions: write
+    steps:
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: "" # make empty to get the correct tag
+          flavor: |
+            latest=false
+
+      - name: print metadata
+        run: |
+          echo "tags: ${{ steps.meta.outputs.tags }}"
+
+      - uses: actions/checkout@v4
+
+      - name: Trigger deployment
+        run: |
+          gh workflow run deploy.yml -f image_tag=${{ steps.meta.outputs.tags }} -f environment=production
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+
   notifyMattermost:
     runs-on: ubuntu-latest
     needs: [lint, security, test, build ]

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,10 +1,6 @@
 name: deploy
 
-
 on:
-  push:
-    branches:
-      - main
   workflow_dispatch:
       inputs:
         image_tag:
@@ -28,47 +24,14 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-        with:
-          path: 'source/tad/'
-
-      - name: get commit hash
-        id: get_commit_hash
-        run: |
-          cd source/tad/
-          echo "commit_hash=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
-
-
       - name: Get GHCR package hash
         id: get_package_hash
         run: |
-          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
             container_id=$(gh api --paginate -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /orgs/MinBZK/packages/container/tad/versions | jq -r '.[] | select(.metadata.container.tags | contains(["${{ inputs.image_tag }}"])) | .name')
             echo "container_id=$container_id" >> "$GITHUB_OUTPUT"
-          else
-            container_id=$(gh api --paginate -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /orgs/MinBZK/packages/container/tad/versions | jq -r '.[] | select(.metadata.container.tags | contains(["main"])) | .name')
-            echo "container_id=$container_id" >> "$GITHUB_OUTPUT"
-          fi
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Get deploy environment
-        id: get_deploy_env
-        run: |
-          if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
-              echo "env=${{ inputs.environment }}" >> "$GITHUB_OUTPUT"
-          else
-             echo "env=sandbox" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Print deploy hash and environment
-        run: |
-           echo "Container ID: ${{ steps.get_package_hash.outputs.container_id }}"
-           echo "Overlay: ${{ steps.get_deploy_env.outputs.env }}"
-           echo "Version:  ${{ inputs.image_tag || 'main' }}"
-           echo "Actor: ${{ github.actor}}"
-           echo "Commit: ${{ steps.get_commit_hash.outputs.commit_hash }}"
-
       - name: check correct name
         run: |
             if [ -z "${{steps.get_package_hash.outputs.container_id}}" ]; then
@@ -90,17 +53,16 @@ jobs:
 
       - name: Make changes to the file
         run: |
-          sed -i 's/newTag: .*$/newTag: ${{inputs.image_tag || 'main' }}@${{ steps.get_package_hash.outputs.container_id }}/g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml
-          sed -i 's/commithash: .*$/commithash: ${{ steps.get_commit_hash.outputs.commit_hash }}/g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml
-          sed -i 's|minbzk.github.io/version: .*$|minbzk.github.io/version: ${{ inputs.image_tag || 'main' }}|g' apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml
-          git add apps/tad/overlays/${{ steps.get_deploy_env.outputs.env }}/kustomization.yaml
+          sed -i 's/newTag: .*$/newTag: ${{inputs.image_tag  }}@${{ steps.get_package_hash.outputs.container_id }}/g' apps/tad/overlays/${{ inputs.environment }}/kustomization.yaml
+          sed -i 's|minbzk.github.io/version: .*$|minbzk.github.io/version: ${{ inputs.image_tag }}|g' apps/tad/overlays/${{ inputs.environment }}/kustomization.yaml
+          git add apps/tad/overlays/${{ inputs.environment }}/kustomization.yaml
 
       - name: show changes
         run: git diff --staged
 
       - name: push changes
         run: |
-          git commit -m "Update tad overlay ${{ steps.get_deploy_env.outputs.env }} tag ${{ steps.get_package_hash.outputs.container_id }} by actor ${{ github.actor}}"
+          git commit -m "Update tad overlay ${{ inputs.environment }} tag ${{ steps.get_package_hash.outputs.container_id }}"
           git push --force-with-lease
         env:
           GITHUB_TOKEN: ${{ secrets.GH_PAT }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -15,7 +15,7 @@ repos:
       - id: check-toml
       - id: detect-private-key
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.4.8
+    rev: v0.4.10
     hooks:
       - id: ruff
       - id: ruff-format

diff --git a/tad/repositories/statuses.py b/tad/repositories/statuses.py
@@ -34,14 +34,29 @@ def save(self, status: Status) -> Status:
         :param status: the status to store
         :return: the updated status after storing
         """
-        self.session.add(status)
         try:
+            self.session.add(status)
             self.session.commit()
+            self.session.refresh(status)
         except Exception as e:
             self.session.rollback()
             raise RepositoryError from e
         return status
 
+    def delete(self, status: Status) -> None:
+        """
+        Deletes the given status in the repository.
+        :param status: the status to store
+        :return: the updated status after storing
+        """
+        try:
+            self.session.delete(status)
+            self.session.commit()
+        except Exception as e:
+            self.session.rollback()
+            raise RepositoryError from e
+        return None
+
     def find_by_id(self, status_id: int) -> Status:
         """
         Returns the status with the given id or an exception if the id does not exist.

diff --git a/tad/repositories/tasks.py b/tad/repositories/tasks.py
@@ -53,6 +53,20 @@ def save(self, task: Task) -> Task:
             raise RepositoryError from e
         return task
 
+    def delete(self, task: Task) -> None:
+        """
+        Deletes the given task in the repository or throws a RepositoryException
+        :param task: the task to store
+        :return: the updated task after storing
+        """
+        try:
+            self.session.delete(task)
+            self.session.commit()
+        except Exception as e:
+            self.session.rollback()
+            raise RepositoryError from e
+        return None
+
     def find_by_id(self, task_id: int) -> Task:
         """
         Returns the task with the given id.