diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..4198f1aa --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +version: 2 +updates: + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "[deps] " + open-pull-requests-limit: 3 diff --git a/.github/workflows/check_code_vulnerabilities.yml b/.github/workflows/check_code_vulnerabilities.yml new file mode 100644 index 00000000..e78327aa --- /dev/null +++ b/.github/workflows/check_code_vulnerabilities.yml @@ -0,0 +1,39 @@ +name: code vulnerabilities check + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + codeql: + runs-on: ubuntu-latest + + permissions: + packages: read + actions: read + contents: read + security-events: write + + strategy: + matrix: + # Using a matrix in case we need to test Javascript code in the future + language: ['python'] + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" + config: | + # only scan the code in the src directory + paths: ["src"] diff --git a/.github/workflows/check_lint.yml b/.github/workflows/check_lint.yml new file mode 100644 index 00000000..2fa45236 --- /dev/null +++ b/.github/workflows/check_lint.yml @@ -0,0 +1,31 @@ +name: lint check + +# When the workflow will be triggered +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + lint: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + cache: 'pip' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install '.[dev]' + + - name: Run lint checks + run: | + ruff check src/ diff --git a/.github/workflows/check_unit_tests.yml b/.github/workflows/check_unit_tests.yml new file mode 100644 index 00000000..e8fd8a76 --- /dev/null +++ b/.github/workflows/check_unit_tests.yml @@ -0,0 +1,50 @@ +name: unit tests check + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + test: + runs-on: ubuntu-latest + + services: + postgres: + image: postgres:13 + ports: + - 5432:5432 + env: + POSTGRES_PASSWORD: pw + POSTGRES_DB: testdb + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + cache: 'pip' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install '.[dev]' + + - name: Wait for PostgreSQL to be ready + run: | + until pg_isready -h localhost -U postgres; do sleep 1; done + + - name: Run unit tests + env: + MPI_DB_TYPE: postgres + MPI_DBNAME: testdb + MPI_HOST: localhost + MPI_PORT: 5432 + MPI_USER: postgres + MPI_PASSWORD: pw + run: | + pytest --cov=recordlinker --cov-report=xml tests/unit diff --git a/README.md b/README.md index fa2ff4d3..d3ebb7d1 100644 --- a/README.md +++ b/README.md @@ -45,14 +45,6 @@ To run a single unit test, use the following command: ./scripts/test_unit.sh tests/unit/test_linkage.py::test_link_record_against_mpi ``` -### Building the Docker Image - -To build the Docker image for the record linkage service from source code instead of downloading it from the DIBBs repository follow these steps. -1. Ensure that both [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) and [Docker](https://docs.docker.com/get-docker/) are installed. -2. Clone the DIBBs repository with `git clone https://github.com/CDCgov/phdi`. -3. Navigate to `/phdi/containers/record-linkage/`. -4. Run `docker build -t record-linkage .`. - ## Standard Notices ### Public Domain Standard Notice diff --git a/pyproject.toml b/pyproject.toml index 9d2c0d35..152434d7 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,9 +31,8 @@ dependencies = [ [project.optional-dependencies] dev = [ "pytest>=8.3", + "pytest-cov", "ruff", - "pip-audit", - "bandit", "mypy", "pyarrow", "httpx", diff --git a/scripts/vulnerability_check.sh b/scripts/vulnerability_check.sh deleted file mode 100644 index be88417d..00000000 --- a/scripts/vulnerability_check.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# -# Run vulnerability checks on the project and its dependencies. -# -# Usage: scripts/vulnerability_check.sh - -set -e - -cd "$(dirname "$0")/.." - -pip-audit . && bandit -r src/ diff --git a/src/recordlinker/config.py b/src/recordlinker/config.py index ce39b6e2..0afaf509 100644 --- a/src/recordlinker/config.py +++ b/src/recordlinker/config.py @@ -1,8 +1,8 @@ from functools import lru_cache from typing import Optional -from pydantic_settings import BaseSettings from pydantic import Field +from pydantic_settings import BaseSettings class Settings(BaseSettings): diff --git a/src/recordlinker/linkage/config.py b/src/recordlinker/linkage/config.py index 2908a5cd..d4455740 100644 --- a/src/recordlinker/linkage/config.py +++ b/src/recordlinker/linkage/config.py @@ -2,6 +2,7 @@ from pydantic_settings import BaseSettings + class DBSettings(BaseSettings): mpi_db_type: str mpi_dbname: str diff --git a/src/recordlinker/linkage/models.py b/src/recordlinker/linkage/models.py index fa11e793..1d4c30a5 100644 --- a/src/recordlinker/linkage/models.py +++ b/src/recordlinker/linkage/models.py @@ -1,6 +1,9 @@ import uuid -from sqlalchemy import orm, ForeignKey, String, JSON +from sqlalchemy import ForeignKey +from sqlalchemy import JSON +from sqlalchemy import orm +from sqlalchemy import String class Base(orm.DeclarativeBase):