diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index b8bd93432..56c0e02e8 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -43,7 +43,7 @@ jobs: shell: bash run: | oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}" - GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=web DOCKER_FILE=Dockerfile.web PATH_BC=openshift/templates/build.web.bc.yaml SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}" ARTIFACTORY_SVCACCT_TOKEN="${{ secrets.ARTIFACTORY_SVCACCT_TOKEN}}" bash openshift/scripts/oc_build.sh ${SUFFIX} apply + GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=web DOCKER_FILE=Dockerfile.web PATH_BC=openshift/templates/build.web.bc.yaml SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}" bash openshift/scripts/oc_build.sh ${SUFFIX} apply build-api-image: name: Build API Image @@ -61,7 +61,7 @@ jobs: shell: bash run: | oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}" - GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=api ARTIFACTORY_PYPI_USERNAME=${{ secrets.ARTIFACTORY_PYPI_USERNAME }} ARTIFACTORY_PYPI_PASSWORD=${{ secrets.ARTIFACTORY_PYPI_PASSWORD }} bash openshift/scripts/oc_build.sh ${SUFFIX} apply + GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=api bash openshift/scripts/oc_build.sh ${SUFFIX} apply # TODO: Delete once pmtiles has run for some time # build-tileserv-image: # name: Build tileserv Image diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index bcd65ab96..2f93c7212 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -63,7 +63,6 @@ jobs: if: steps.cache-venv.outputs.cache-hit != 'true' working-directory: ./api run: | - poetry config http-basic.psu ${{ secrets.ARTIFACTORY_PYPI_USERNAME }} ${{ secrets.ARTIFACTORY_PYPI_PASSWORD }} poetry run python -m pip install --upgrade pip poetry install poetry run python -m pip install gdal==$(gdal-config --version) @@ -139,7 +138,6 @@ jobs: if: steps.cache-venv.outputs.cache-hit != 'true' working-directory: ./api run: | - poetry config http-basic.psu ${{ secrets.ARTIFACTORY_PYPI_USERNAME }} ${{ secrets.ARTIFACTORY_PYPI_PASSWORD }} poetry run python -m pip install --upgrade pip poetry install poetry run python -m pip install gdal==$(gdal-config --version) diff --git a/.github/workflows/post_merge_integration.yml b/.github/workflows/post_merge_integration.yml index 0773101ea..7c097466b 100644 --- a/.github/workflows/post_merge_integration.yml +++ b/.github/workflows/post_merge_integration.yml @@ -60,9 +60,6 @@ jobs: with: path: ~/work/wps/wps/api/.venv key: ${{ runner.os }}-venv-poetry-1.6.1-${{ hashFiles('**/poetry.lock') }} - - name: Configure artifactory creds for poetry - working-directory: ./api - run: poetry config http-basic.psu ${{ secrets.ARTIFACTORY_PYPI_USERNAME }} ${{ secrets.ARTIFACTORY_PYPI_PASSWORD }} - name: Install python dependencies using poetry (api) if: steps.cache-venv.outputs.cache-hit != 'true' working-directory: ./api @@ -138,9 +135,6 @@ jobs: with: path: ~/work/wps/wps/api/.venv key: ${{ runner.os }}-venv-poetry-1.6.1-${{ hashFiles('**/poetry.lock') }} - - name: Configure artifactory creds for poetry - working-directory: ./api - run: poetry config http-basic.psu ${{ secrets.ARTIFACTORY_PYPI_USERNAME }} ${{ secrets.ARTIFACTORY_PYPI_PASSWORD }} - name: Install python dependencies using poetry (api) if: steps.cache-venv.outputs.cache-hit != 'true' working-directory: ./api @@ -206,9 +200,6 @@ jobs: run: corepack enable - name: use new yarn run: yarn set version berry - - name: Setup yarn for scoped artifactory packages - working-directory: ./web - run: yarn config set npmScopes.psu.npmRegistryServer https://artifacts.developer.gov.bc.ca/artifactory/api/npm/pe1e-psu-npm-local/ && yarn config set npmScopes.psu.npmAlwaysAuth true && yarn config set npmScopes.psu.npmAuthToken ${{ secrets.ARTIFACTORY_SVCACCT_TOKEN }} - name: Install node dependencies (web) working-directory: ./web if: steps.yarn-cache.outputs.cache-hit != 'true' diff --git a/Dockerfile b/Dockerfile index 30ead8b4b..14cc9b194 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,7 @@ ARG DOCKER_IMAGE=image-registry.openshift-image-registry.svc:5000/e1e498-tools/w # To build locally, point to a local base image you've already built (see openshift/wps-api-base) # e.g. : docker build --build-arg DOCKER_IMAGE=wps-api-base:my-tag . -# Stage 1: Install Python packages, including internally published cffdrs. Installation from artifactory -# requires a username/password which we don't want in our final image, so we use a multi-stage build. +# Stage 1: Install Python packages FROM ${DOCKER_IMAGE} AS builder # We don't want to run our app as root, so we define a worker user. @@ -29,11 +28,6 @@ RUN python -m pip install --upgrade pip # Copy poetry files. COPY --chown=$USERNAME:$USERNAME ./api/pyproject.toml ./api/poetry.lock /app/ -ARG ARTIFACTORY_PYPI_USERNAME -ARG ARTIFACTORY_PYPI_PASSWORD - -RUN poetry config http-basic.psu "$ARTIFACTORY_PYPI_USERNAME" "$ARTIFACTORY_PYPI_PASSWORD" - # Install dependencies. RUN poetry install --without dev # Get a python binding for gdal that matches the version of gdal we have installed. diff --git a/api/poetry.lock b/api/poetry.lock index f707aef6d..71b53e295 100644 --- a/api/poetry.lock +++ b/api/poetry.lock @@ -543,16 +543,15 @@ name = "cffdrs" version = "0.1.2" description = "" optional = false -python-versions = ">=3.10,<4.0" -files = [ - {file = "cffdrs-0.1.2-py3-none-any.whl", hash = "sha256:a124e09bb963670bc22cfa25de5e8d4b63f582b24bdeffd4f413afe8da7a8507"}, - {file = "cffdrs-0.1.2.tar.gz", hash = "sha256:d655ad3b2648ea2200d093c17d2098a1f49fc26617b50a33157baa38dcf8079b"}, -] +python-versions = ">=3.7" +files = [] +develop = false [package.source] -type = "legacy" -url = "https://artifacts.developer.gov.bc.ca/artifactory/api/pypi/pe1e-gen-python-local/simple" -reference = "psu" +type = "git" +url = "https://github.com/cffdrs/cffdrs_py.git" +reference = "c760307" +resolved_reference = "c7603073264906242a2c8d46ceecb01d1f539975" [[package]] name = "cffi" @@ -5907,4 +5906,4 @@ multidict = ">=4.0" [metadata] lock-version = "2.0" python-versions = ">=3.10.4,<3.11" -content-hash = "6132ba6026efb36189a6e7eb81575d66cd94fde5db46237296cc003a15afc509" +content-hash = "660a4ee280e9d284b527f1d2a6e63dbe8de1aeaa0d81417e90e672b773d08ee2" diff --git a/api/pyproject.toml b/api/pyproject.toml index 35f0b342b..f8a05383d 100644 --- a/api/pyproject.toml +++ b/api/pyproject.toml @@ -42,9 +42,9 @@ scikit-learn = "^1.1.3" httpx = "^0.27.0" orjson = "^3.9.0" greenlet = "^3.0.0" -sentry-sdk = {extras = ["fastapi"], version = "^2.0.1"} +sentry-sdk = { extras = ["fastapi"], version = "^2.0.1" } numba = "^0.59.1" -cffdrs = {version = "^0.1.1", source = "psu"} +cffdrs = {git = "https://github.com/cffdrs/cffdrs_py.git", rev = "c760307"} geopandas = "^1.0.1" shapely = "^2.0.5" @@ -65,12 +65,6 @@ pytest-watch = "^4.2.0" pytest-testmon = "^2.0.0" ruff = "^0.4.0" - -[[tool.poetry.source]] -name = "psu" -url = "https://artifacts.developer.gov.bc.ca/artifactory/api/pypi/pe1e-gen-python-local/simple" -priority = "supplemental" - [build-system] requires = ["poetry>=1.1.11"] build-backend = "poetry.masonry.api" @@ -105,4 +99,3 @@ per-file-ignores = { "alembic/versions/00df3c7b5cba_rethink_classification.py" = ] } line-length = 185 ignore = ["E712", "F401"] - diff --git a/openshift/scripts/oc_build.sh b/openshift/scripts/oc_build.sh index 7ae735ba3..627502448 100755 --- a/openshift/scripts/oc_build.sh +++ b/openshift/scripts/oc_build.sh @@ -30,9 +30,6 @@ OC_PROCESS="oc -n ${PROJ_TOOLS} process -f ${PATH_BC} \ -p SUFFIX=${SUFFIX} \ -p GIT_BRANCH=${GIT_BRANCH} \ ${SENTRY_AUTH_TOKEN:+ "-p SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN}"} \ - ${ARTIFACTORY_SVCACCT_TOKEN:+ "-p ARTIFACTORY_SVCACCT_TOKEN=${ARTIFACTORY_SVCACCT_TOKEN}"} \ - ${ARTIFACTORY_PYPI_USERNAME:+ "-p ARTIFACTORY_PYPI_USERNAME=${ARTIFACTORY_PYPI_USERNAME}"} \ - ${ARTIFACTORY_PYPI_PASSWORD:+ "-p ARTIFACTORY_PYPI_PASSWORD=${ARTIFACTORY_PYPI_PASSWORD}"} \ ${DOCKER_IMAGE:+ "-p DOCKER_IMAGE=${DOCKER_IMAGE}"} \ ${DOCKER_FILE:+ "-p DOCKER_FILE=${DOCKER_FILE}"}" diff --git a/openshift/templates/build.bc.yaml b/openshift/templates/build.bc.yaml index 10f54d9e0..a7a347a35 100644 --- a/openshift/templates/build.bc.yaml +++ b/openshift/templates/build.bc.yaml @@ -37,12 +37,6 @@ parameters: description: Dockerfile to use required: true value: Dockerfile - - name: ARTIFACTORY_PYPI_USERNAME - description: Username for internal pypi artifactory instance - required: true - - name: ARTIFACTORY_PYPI_PASSWORD - description: Password for internal pypi artifactory instance - required: true objects: - apiVersion: v1 kind: ImageStream @@ -86,12 +80,5 @@ objects: contextDir: ./ strategy: dockerStrategy: - buildArgs: - - name: "DOCKER_IMAGE" - value: "${{DOCKER_IMAGE}}" - - name: "ARTIFACTORY_PYPI_USERNAME" - value: "${{ARTIFACTORY_PYPI_USERNAME}}" - - name: "ARTIFACTORY_PYPI_PASSWORD" - value: "${{ARTIFACTORY_PYPI_PASSWORD}}" dockerfilePath: ${DOCKER_FILE} triggers: [] diff --git a/openshift/templates/build.web.bc.yaml b/openshift/templates/build.web.bc.yaml index 7bbe19dc9..f8a91308b 100644 --- a/openshift/templates/build.web.bc.yaml +++ b/openshift/templates/build.web.bc.yaml @@ -36,9 +36,6 @@ parameters: - name: SENTRY_AUTH_TOKEN description: Sentry auth token for uploading source maps required: true - - name: ARTIFACTORY_SVCACCT_TOKEN - description: Arctifactory service account token - required: true objects: - apiVersion: v1 kind: ImageStream @@ -85,7 +82,5 @@ objects: env: - name: "SENTRY_AUTH_TOKEN" value: ${SENTRY_AUTH_TOKEN} - - name: "ARTIFACTORY_SVCACCT_TOKEN" - value: ${ARTIFACTORY_SVCACCT_TOKEN} dockerfilePath: ${DOCKER_FILE} triggers: []