Merge branch 'auth-changes' of https://github.com/sumesh-aot/spiff-arena

into auth-changes
sumesh-aot · Jul 4, 2024 · f6cb5d7 · f6cb5d7
2 parents 698dc4a + 399d328
commit f6cb5d7
Show file tree

Hide file tree

Showing 234 changed files with 7,192 additions and 2,670 deletions.
diff --git a/.darglint b/.darglint
diff --git a/.flake8 b/.flake8
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -28,6 +28,9 @@ updates:
     schedule:
       interval: daily
     open-pull-requests-limit: 1
+    ignore:
+      - dependency-name: "gunicorn"
+        versions: ["22.0.0"]
 
   # NPM
   - package-ecosystem: npm

diff --git a/...orkflows/docker_image_for_main_builds.yml → .github/workflows/build_docker_images.yml b/...orkflows/docker_image_for_main_builds.yml → .github/workflows/build_docker_images.yml
@@ -1,4 +1,4 @@
-name: Docker Image For Main Builds
+name: Build Docker Images
 # we want to be able to sort by tag name to find the newest and trace back to source control
 # on every commit to main:
 #   frontend:main-20230223164322-b8becd1-45
@@ -30,6 +30,7 @@ on:
   push:
     branches:
       - main
+    tags: [v*]
 
 jobs:
   create_frontend_docker_image:
@@ -58,7 +59,7 @@ jobs:
         run: echo "date=$(date -u +'%Y-%m-%d_%H-%M-%S')" >> "$GITHUB_OUTPUT"
       - name: Get short commit sha
         id: commit_sha
-        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/[email protected]
@@ -68,14 +69,16 @@ jobs:
             org.opencontainers.image.description=Frontend component of SpiffWorkflow, a software development platform for building, running, and monitoring executable diagrams
             org.opencontainers.image.version=${{ env.BRANCH_NAME }}-${{ steps.date.outputs.date }}-${{ steps.commit_sha.outputs.sha_short }}
           tags: |
-            type=ref,event=branch,suffix=-latest
+            type=ref,event=branch,branch=main,suffix=-latest
             type=ref,event=branch,suffix=-${{ steps.date.outputs.date }}-${{ steps.commit_sha.outputs.sha_short }}
+            type=ref,event=tag,enable=true,format={{version}}
+            type=ref,event=tag,enable=true,format=latest
 
       - name: Write app version info
         working-directory: spiffworkflow-frontend
         run: echo "$DOCKER_METADATA_OUTPUT_JSON" | jq '.labels' > version_info.json
       - name: Build and push Frontend Docker image
-        uses: docker/build-push-action@v5.3.0
+        uses: docker/build-push-action@v6.3.0
         with:
           # this action doesn't seem to respect working-directory so set context
           context: spiffworkflow-frontend
@@ -112,7 +115,7 @@ jobs:
         run: echo "date=$(date -u +'%Y-%m-%d_%H-%M-%S')" >> "$GITHUB_OUTPUT"
       - name: Get short commit sha
         id: commit_sha
-        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/[email protected]
@@ -122,14 +125,16 @@ jobs:
             org.opencontainers.image.description=Backend component of SpiffWorkflow, a software development platform for building, running, and monitoring executable diagrams
             org.opencontainers.image.version=${{ env.BRANCH_NAME }}-${{ steps.date.outputs.date }}-${{ steps.commit_sha.outputs.sha_short }}
           tags: |
-            type=ref,event=branch,suffix=-latest
+            type=ref,event=branch,branch=main,suffix=-latest
             type=ref,event=branch,suffix=-${{ steps.date.outputs.date }}-${{ steps.commit_sha.outputs.sha_short }}
+            type=ref,event=tag,enable=true,format={{version}}
+            type=ref,event=tag,enable=true,format=latest
 
       - name: Write app version info
         working-directory: spiffworkflow-backend
         run: echo "$DOCKER_METADATA_OUTPUT_JSON" | jq '.labels' > version_info.json
       - name: Build and push Backend Docker image
-        uses: docker/build-push-action@v5.3.0
+        uses: docker/build-push-action@v6.3.0
         with:
           # this action doesn't seem to respect working-directory so set context
           context: spiffworkflow-backend
@@ -167,7 +172,7 @@ jobs:
         run: echo "date=$(date -u +'%Y-%m-%d_%H-%M-%S')" >> "$GITHUB_OUTPUT"
       - name: Get short commit sha
         id: commit_sha
-        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/[email protected]
@@ -177,11 +182,13 @@ jobs:
             org.opencontainers.image.description=spiffworkflow-connector-proxy-demo
             org.opencontainers.image.version=${{ env.BRANCH_NAME }}-${{ steps.date.outputs.date }}-${{ steps.commit_sha.outputs.sha_short }}
           tags: |
-            type=ref,event=branch,suffix=-latest
+            type=ref,event=branch,branch=main,suffix=-latest
             type=ref,event=branch,suffix=-${{ steps.date.outputs.date }}-${{ steps.commit_sha.outputs.sha_short }}
+            type=ref,event=tag,enable=true,format={{version}}
+            type=ref,event=tag,enable=true,format=latest
 
       - name: Build and push the connector proxy
-        uses: docker/build-push-action@v5.3.0
+        uses: docker/build-push-action@v6.3.0
         with:
           # this action doesn't seem to respect working-directory so set context
           context: connector-proxy-demo
@@ -191,3 +198,41 @@ jobs:
           platforms: linux/amd64,linux/arm64
       - name: Adding markdown
         run: echo 'TAGS ${{ steps.meta.outputs.tags }}' >> "$GITHUB_STEP_SUMMARY"
+
+  quickstart-guide-test:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/v')
+    needs:
+      [
+        create_frontend_docker_image,
+        create_backend_docker_image,
+        create_demo_proxy_docker_image,
+      ]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Apps
+        run: ./bin/run_arena_with_docker_compose
+      - name: wait_for_backend
+        working-directory: ./spiffworkflow-backend
+        run: ./bin/wait_for_backend_to_be_up 5 8000
+      - name: wait_for_frontend
+        working-directory: ./spiffworkflow-frontend
+        run: ./bin/wait_for_frontend_to_be_up 5 8001
+      - name: wait_for_connector
+        working-directory: ./connector-proxy-demo
+        run: ./bin/wait_for_connector_to_be_up 5 8004
+      - name: Cypress run
+        uses: cypress-io/github-action@v6
+        with:
+          working-directory: ./spiffworkflow-frontend
+          browser: chromium
+          # just run one test to make sure we didn't completely break it
+          spec: cypress/e2e/process_groups.cy.js
+        env:
+          # pass GitHub token to allow accurately detecting a build vs a re-run build
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CYPRESS_SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK: "false"
+          CYPRESS_SPIFFWORKFLOW_FRONTEND_USERNAME: "admin"
+          CYPRESS_SPIFFWORKFLOW_FRONTEND_PASSWORD: "admin"
+          SPIFFWORKFLOW_FRONTEND_PORT: 8001
diff --git a/.github/workflows/constraints.txt b/.github/workflows/constraints.txt
@@ -1,2 +1,2 @@
-pip==24.0
+pip==24.1.1
 poetry==1.8.3
diff --git a/.github/workflows/release_builds.yml b/.github/workflows/release_builds.yml
diff --git a/.github/workflows/snyk-security.yml b/.github/workflows/snyk-security.yml
@@ -54,7 +54,7 @@ jobs:
       - name: Set up Snyk CLI to check for security issues
         # Snyk can be used to break the build when it detects security issues.
         # In this case we want to upload the SAST issues to GitHub Code Scanning
-        uses: snyk/actions/setup@d406fd286b663eb8c6f8adcced4f7bcd199c0a3f
+        uses: snyk/actions/setup@a1346e4eaf761d462da22c34c681dc06849b6851
         env:
           # This is where you will need to introduce the Snyk API token created with your Snyk account
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
@@ -120,7 +120,7 @@ jobs:
       - name: Set up Snyk CLI to check for security issues
         # Snyk can be used to break the build when it detects security issues.
         # In this case we want to upload the SAST issues to GitHub Code Scanning
-        uses: snyk/actions/setup@d406fd286b663eb8c6f8adcced4f7bcd199c0a3f
+        uses: snyk/actions/setup@a1346e4eaf761d462da22c34c681dc06849b6851
         env:
           # This is where you will need to introduce the Snyk API token created with your Snyk account
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -298,10 +298,10 @@ jobs:
           ./bin/run_ci_session coverage
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v4.4.1
+        uses: codecov/codecov-action@v4.5.0
 
       - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@v2.2.0
+        uses: sonarsource/sonarcloud-github-action@v2.3.0
         # thought about just skipping dependabot
         # if: ${{ github.actor != 'dependabot[bot]' }}
         # but figured all pull requests seems better, since none of them will have access to sonarcloud.
@@ -364,7 +364,7 @@ jobs:
         # if: ${{ github.event_name != 'pull_request' }}
         # so just skip everything but main
         if: github.ref_name == 'main'
-        uses: sonarsource/sonarcloud-github-action@v2.2.0
+        uses: sonarsource/sonarcloud-github-action@v2.3.0
         with:
           projectBaseDir: spiffworkflow-frontend
         env:

diff --git a/.gitignore b/.gitignore
@@ -12,3 +12,4 @@ process_models/
 .cache
 .mypy_cache
 .aider*
+/spiffworkflow_docker_compose
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,3 +12,4 @@ process_models/ @@
     .cache
     .mypy_cache
     .aider*
+    /spiffworkflow_docker_compose