Merge pull request #3192 from SwissDataScienceCenter/release/v1.9.0

chore: release v1.9.0

.github/workflows/test_deploy.yml

@@ -64,7 +64,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -113,7 +113,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -152,7 +152,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -192,7 +192,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           pip install .[all]
@@ -238,7 +238,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -306,7 +306,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -380,7 +380,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -454,7 +454,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -678,7 +678,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -769,7 +769,7 @@ jobs:
         if: steps.dependency-cache.outputs.cache-hit != 'true' || 'refs/heads/master' == github.ref || 'refs/heads/develop' == github.ref || startsWith(github.ref, 'refs/tags/')
         run: |
           python -m pip install --upgrade pip
-          python -m pip install coveralls poetry wheel twine poetry-dynamic-versioning==0.17.1
+          python -m pip install coveralls poetry==1.1.15 wheel twine poetry-dynamic-versioning==0.17.1
           poetry-dynamic-versioning
           make download-templates
           python -m pip install .[all]
@@ -897,7 +897,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          python -m pip install poetry poetry-dynamic-versioning==0.17.1 poetry-lock-package twine
+          python -m pip install poetry==1.1.15 poetry-dynamic-versioning==0.17.1 poetry-lock-package twine
           python -m pip install .[all]
           git config --global --add user.name "Renku Bot"
           git config --global --add user.email "renku@datascience.ch"

.vscode/settings.json

@@ -23,4 +23,7 @@
     "\\.eggs | \\.git | \\.hg | \\.mypy_cache | \\.tox | \\.venv | _build | buck-out | build | dist | docs/conf.py",
   ],
   "esbonio.sphinx.confDir": "",
+  "python.analysis.include": [
+    "renku/**"
+  ],
 }

CHANGES.rst

@@ -18,6 +18,29 @@
 Changes
 =======
 
+`1.9.0 <https://github.com/SwissDataScienceCenter/renku-python/compare/v1.8.1...v1.9.0>`__ (2022-11-03)
+-------------------------------------------------------------------------------------------------------
+
+Bug Fixes
+~~~~~~~~~
+
+-  **core:** fix metadata to match RFC and properly format wasDerivedFrom
+   (`#3166 <https://github.com/SwissDataScienceCenter/renku-python/issues/3166>`__)
+   (`42aee90 <https://github.com/SwissDataScienceCenter/renku-python/commit/42aee90b893fd24b0b7cf968f7958ce46905e88f>`__)
+-  **core:** fix rerun overwriting plan details with previous versions
+   (`#3172 <https://github.com/SwissDataScienceCenter/renku-python/issues/3172>`__)
+   (`72ad1d5 <https://github.com/SwissDataScienceCenter/renku-python/commit/72ad1d58e6477288b95d483e91963b96a7411b1b>`__)
+-  **service:** fixes core service not working with python 3.10
+   (`#3186 <https://github.com/SwissDataScienceCenter/renku-python/issues/3186>`__)
+   (`dc7554f <https://github.com/SwissDataScienceCenter/renku-python/commit/dc7554fc8e3ae02444792e0f97b30417860dd5ed>`__)
+
+Features
+~~~~~~~~
+
+-  **svc:** added workflow endpoints in core service for new workflow UI
+   (`#3135 <https://github.com/SwissDataScienceCenter/renku-python/issues/3135>`__)
+   (`3cf7c5d <https://github.com/SwissDataScienceCenter/renku-python/commit/3cf7c5df8a04acea407a28f3eee46bc49b1a80db>`__)
+
 `1.8.1 <https://github.com/SwissDataScienceCenter/renku-python/compare/v1.8.0...v1.8.1>`__ (2022-10-26)
 -------------------------------------------------------------------------------------------------------
 

docker-compose.yml

@@ -117,7 +117,7 @@ services:
     image: traefik:v2.4
     command: --api.insecure=true --providers.docker
     ports:
-      - "80:80"
+      - "81:81"
       # set the UI port to something other than 8080 since that's our service already
       - "8088:8080"
     volumes:

helm-chart/renku-core/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: "1.0"
 description: A Helm chart for Kubernetes
 name: renku-core
 icon: https://avatars0.githubusercontent.com/u/53332360?s=400&u=a4311d22842343604ef61a8c8a1e5793209a67e9&v=4
-version: 1.8.1
+version: 1.9.0

helm-chart/renku-core/templates/deployment.yaml

@@ -49,7 +49,7 @@ spec:
         {{- include "certificates.initContainer" $ | nindent 8 }}
       securityContext:
         {{- toYaml $.Values.podSecurityContext | nindent 8 }}
-      automountServiceAccountToken: false
+      automountServiceAccountToken: {{ $.Values.global.debug }}
       containers:
       {{ if $.Values.metrics.enabled }}
         - name: {{ $.Chart.Name}}-rqmetrics

helm-chart/renku-core/values.yaml

@@ -28,6 +28,7 @@ global:
       renku-redis-host: "true"
     existingSecret: redis-secret
     existingSecretPasswordKey: redis-password
+  debug: false
 # base path - this is the reverse proxy base path
 apiBasePath: /api
 cacheDirectory: /svc/cache
@@ -96,7 +97,7 @@ versions:
     fullnameOverride: ""
     image:
       repository: renku/renku-core
-      tag: "v1.8.1"
+      tag: "v1.9.0"
       pullPolicy: IfNotPresent
   v8:
     name: v8

load-tests/.gitignore

@@ -0,0 +1 @@
+config.js

load-tests/README.md

@@ -0,0 +1,17 @@
+# Load testing with k6
+
+## To run
+1. Download k6: https://k6.io/docs/get-started/installation/ - you can also get a binary from the github page
+2. Enter the credentials and deployment you wish to test in a file named `config.js`, you can
+use the `example.config.js` to start - just make a copy and rename it.
+3. Run the tests with `k6 run testFileName.js`
+
+## Limitations
+
+- This can log into Renku only and specifically in the cases where Renku has its own built-in gitlab that does
+not require a separate log in OR when the gitlab deployment is part of another renku deployment
+- The login flow cannot handle giving authorization when prompted in the oauth flow - do this
+for the first time manually then run the tests with the same account
+- The project used to test migrations has to be in a namespace that you control and can create
+other projects in. When forks are created they are always created in the same namespace as the
+original project with the name being unique.

load-tests/example.config.js

@@ -0,0 +1,27 @@
+export const baseUrl = "https://dev.renku.ch"
+// oldGitlabProjectId has to point to a project that resides in a namespace that the user
+// has at least maintainer access to. This is because the load tests will fork this project
+// into the same namespace as where the original project resides and only generate a uuid-like
+// name for the project. So if you point to a project that resides in a namespace to which
+// the test runner has no permissions, the forking part of the tests will fail.
+export const oldGitlabProjectId = 5011
+// This project is used to test calling api/renku/project.show, the project is not forked
+// and it does not have the same strict requirements as the project mentioned above. Any
+// public project should work here (whether the user has write access to it or not).
+export const sampleGitProjectUrl = "https://dev.renku.ch/gitlab/tasko.olevski/test-project-2.git"
+
+// Two sets of credentials are needed only if the Renku deployment
+// has a separate Gitlab that requires logging into another Renku
+// instance. So for dev.renku.ch you need one set of credentials
+// for CI deployments you need 2. First the credentials to the
+// CI deployment then the ones for dev.renku.ch.
+export const credentials = [
+  {
+    username: "user@email.com",
+    password: "secret-password1"
+  },
+  {
+    username: "user@email.com",
+    password: "secret-password1"
+  },
+]

load-tests/fileUpload.js

@@ -0,0 +1,84 @@
+// Creator: k6 Browser Recorder 0.6.2
+
+import { sleep, check, fail } from 'k6'
+import http from 'k6/http'
+import { uuidv4 } from 'https://jslib.k6.io/k6-utils/1.2.0/index.js';
+import crypto from 'k6/crypto';
+import { URL } from 'https://jslib.k6.io/url/1.0.0/index.js';
+
+import { renkuLogin } from './oauth.js'
+import { credentials, baseUrl } from './config.js'
+
+export const options = {
+  scenarios: {
+    testUploads: {
+      executor: 'per-vu-iterations',
+      vus: 3,
+      iterations: 1,
+    },
+  }
+}
+
+function uploadRandomFile(baseUrl, uuid, fileName, numChunks, chunkSizeBytes) {
+  const responses = []
+  for (let i = 0; i < numChunks; i++) {
+    const url = new URL(`ui-server/api/renku/cache.files_upload`, baseUrl);
+    url.searchParams.append('dzuuid', uuid);
+    url.searchParams.append('dzchunkindex', i);
+    url.searchParams.append('dztotalfilesize', numChunks * chunkSizeBytes);
+    url.searchParams.append('dzchunksize', chunkSizeBytes);
+    url.searchParams.append('dztotalchunkcount', numChunks);
+    url.searchParams.append('dzchunkbyteoffset', i * chunkSizeBytes);
+    url.searchParams.append('chunked_content_type', "application/octet-stream");
+    const res = http.post(url.toString(), {
+      file: http.file(crypto.randomBytes(chunkSizeBytes), fileName, "application/octet-stream")
+    })
+    responses.push(res)
+  }
+  if (!check(responses, {
+    "file uploads all have 200 repsonses": (responses) => responses.every(res => res.status === 200),
+    "file uploads all completed without errors": (responses) => responses.every(res => res.json().error === undefined),
+  })) {
+    const errResponses = responses.filter(res => res.json().error !== undefined).map(res => res.json())
+    const failedResponsesBody = responses.filter(res => res.status != 200).map(res => res.body)
+    const failedResponsesCodes = responses.filter(res => res.status != 200).map(res => res.status)
+    fail(
+      `some responses failed with errors ${JSON.stringify(errResponses)}\nsome respones ` +
+      `failed with non-200 status codes codes: ${JSON.stringify(failedResponsesCodes)} bodies: ${JSON.stringify(failedResponsesBody)}`
+    )
+  };
+  return responses[numChunks - 1]
+}
+
+export default function fileUpload() {
+  renkuLogin(baseUrl, credentials)
+  const baseUrlResponse = http.get(baseUrl)
+  const projects = http.get(`${baseUrl}/ui-server/api/projects?query=last_activity_at&per_page=100&starred=true&page=1`)
+  check(baseUrlResponse, {
+    "baseUrl responds with status 200": (r) => r.status === 200,
+  });
+  check(projects, {
+    'projects list endpoint responds with status 200': (r) => r.status === 200,
+    'project list exists': (r) => r.json().length >= 0,
+  });
+  sleep(1)
+  const uploads = http.get(`${baseUrl}/ui-server/api/renku/cache.files_list`)
+  check(uploads, {
+    'uploads list response does not have errors': (r) => r.json().error === undefined,
+    'uploads list response contains a list of uploads': (r) => r.json().result.files.length >= 0,
+  });
+  sleep(1)
+  const uuid = uuidv4()
+  const fileName = `${uuid}.bin`
+  const fileUploadResponse = uploadRandomFile(baseUrl, uuid, fileName, 100, 1e6)
+  let uploadedFiles = fileUploadResponse.json().result.files
+  if (uploadedFiles === undefined) {
+    uploadedFiles = []
+  }
+  uploadedFiles = uploadedFiles.map(i => i.file_name)
+  if (!check(uploadedFiles, {
+    'file name found in last upload response': (r) => r.includes(fileName),
+  })) {
+    fail(`could not find file in last upload response, body: ${fileUploadResponse.body}, status code: ${fileUploadResponse.status}`)
+  }
+}

load-tests/oauth.js

@@ -0,0 +1,54 @@
+import http from 'k6/http';
+import { parseHTML } from 'k6/html';
+
+function handleRenkuLoginForm(httpResponse, username, password) {
+  const doc = parseHTML(httpResponse.body);
+  const actionUrl = doc.find('#kc-form-login').attr('action');
+  if (!actionUrl) {
+    throw new Error(`Could not locate login form in http response ${httpResponse.body}`)
+  }
+  const loginData = {
+    username,
+    password,
+    credentialId: '',
+  };
+  return http.post(actionUrl, loginData)
+}
+
+function followRedirectLinkFromHtml(httpResponse) {
+  const doc = parseHTML(httpResponse.body);
+  let url = doc.find('a').attr("href")
+  if (!url) {
+    throw new Error(`Could not find <a> element with href attribute in ${httpResponse.body}`)
+  }
+  if (url.endsWith("/")) {
+    // leaving trailing slashes here results in 404
+    url = url.slice(0,-1)
+  }
+  return http.get(url)
+}
+
+export function renkuLogin(baseUrl, credentials) {
+  // double slashes when composing url causes trouble and 404s
+  if (baseUrl.endsWith("/")) {
+    baseUrl = baseUrl.slice(0,-1)
+  }
+  // the trailing slash is needed here keycloak accepts only such and longer callbacks
+  const redirectUrl = `${baseUrl}/`
+  let finalResponse = null
+  const res1 = http.get(`${baseUrl}/ui-server/auth/login?redirect_url=${redirectUrl}"`)
+  const res2 = handleRenkuLoginForm(res1, credentials[0].username, credentials[0].password)
+  const res3 = followRedirectLinkFromHtml(res2)
+  if (res3.body.match(".*redirect.*|.*Redirect.*") && parseHTML(res3.body).find("a").toArray().length > 0) {
+    // no more login forms just follow a single last redirect
+    finalResponse = followRedirectLinkFromHtml(res3)
+  }
+  else if (parseHTML(res3.body).find('#kc-form-login').toArray().length > 0) {
+    // one more login required, usually happens for ci and similar deployments that do not have their own gitlab
+    const res4 = handleRenkuLoginForm(res3, credentials[1].username, credentials[1].password)
+    finalResponse = followRedirectLinkFromHtml(res4)
+  }
+  if (finalResponse.status != 200) {
+    throw new Error(`Could not successfully login, expected status code 200 but got ${finalResponse.status}`)
+  }
+}