Skip to content

Commit

Permalink
Merge pull request #82 from CentreForDigitalHumanities/develop
Browse files Browse the repository at this point in the history
Version 3.3.1
  • Loading branch information
tymees authored Nov 21, 2024
2 parents 2136ef5 + 34675f5 commit 40ed66e
Show file tree
Hide file tree
Showing 6 changed files with 132 additions and 32 deletions.
149 changes: 123 additions & 26 deletions .github/workflows/build-images.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,15 @@ name: Build and Push Docker Images

on:
push:
branches:
- 'main'
- 'develop'
tags:
- '*'
workflow_dispatch:
pull_request:
branches:
- 'main'
- 'develop'

env:
AGENT_IMAGE_NAME: humitifier
Expand All @@ -27,29 +33,29 @@ jobs:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}


- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/centrefordigitalhumanities/humitifier/${{ env.AGENT_IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=pep440,pattern={{version}}
type=pep440,pattern={{major}}.{{minor}}
- name: Build and push main image
id: build
uses: docker/build-push-action@v6
with:
context: ${{ env.AGENT_CONTEXT_PATH }}
file: ${{ env.AGENT_DOCKERFILE_PATH }}
push: true
tags: |
ghcr.io/centrefordigitalhumanities/humitifier/${{ env.AGENT_IMAGE_NAME }}:${{ github.ref_name }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

# ghcr.io/centrefordigitalhumanities/humitifier/${{ env.AGENT_IMAGE_NAME }}:latest

- name: Grype Scan
id: scan
uses: anchore/scan-action@v3
with:
image: ghcr.io/centrefordigitalhumanities/humitifier/${{ env.AGENT_IMAGE_NAME }}:${{ github.ref_name }}
fail-build: false

- name: upload Grype SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}

build-and-push-server:
runs-on: ubuntu-latest
Expand All @@ -64,24 +70,115 @@ jobs:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/centrefordigitalhumanities/humitifier/${{ env.SERVER_IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=pep440,pattern={{version}}
type=pep440,pattern={{major}}.{{minor}}
- name: Build and push main image
uses: docker/build-push-action@v6
with:
context: ${{ env.SERVER_CONTEXT_PATH }}
file: ${{ env.SERVER_DOCKERFILE_PATH }}
push: true
tags: |
ghcr.io/centrefordigitalhumanities/humitifier/${{ env.SERVER_IMAGE_NAME }}:${{ github.ref_name }}
# ghcr.io/centrefordigitalhumanities/humitifier/${{ env.SERVER_IMAGE_NAME }}:latest
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

- name: Grype Scan
grype-scan-agent:
needs: build-and-push-agent
if: ${{ github.event_name != 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/centrefordigitalhumanities/humitifier/${{ env.AGENT_IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=pep440,pattern={{version}}
- name: Run the Anchore Grype scan action
uses: anchore/scan-action@v5
id: scan
uses: anchore/scan-action@v3
with:
image: ghcr.io/centrefordigitalhumanities/humitifier/${{ env.SERVER_IMAGE_NAME }}:${{ github.ref_name }}
image: ghcr.io/centrefordigitalhumanities/humitifier/${{ env.AGENT_IMAGE_NAME }}:${{ steps.meta.outputs.version }}
fail-build: false
severity-cutoff: critical
- name: Upload vulnerability report
uses: github/codeql-action/upload-sarif@v3
with:
category: 'agent'
sarif_file: ${{ steps.scan.outputs.sarif }}

- name: upload Grype SARIF report
grype-scan-server:
needs: build-and-push-server
if: ${{ github.event_name != 'pull_request' }}
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/centrefordigitalhumanities/humitifier/${{ env.SERVER_IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=pep440,pattern={{version}}
- name: Run the Anchore Grype scan action
uses: anchore/scan-action@v5
id: scan
with:
image: ghcr.io/centrefordigitalhumanities/humitifier/${{ env.SERVER_IMAGE_NAME }}:${{ steps.meta.outputs.version }}
fail-build: false
severity-cutoff: critical
- name: Upload vulnerability report
uses: github/codeql-action/upload-sarif@v3
with:
category: 'server'
sarif_file: ${{ steps.scan.outputs.sarif }}

CodeQL:
name: "CodeQL: Analyze Python code"
runs-on: ubuntu-latest
permissions:
security-events: write
packages: read
actions: read
contents: read

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: python
build-mode: none

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "CodeQL"
2 changes: 1 addition & 1 deletion agent/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM python:3.11.9 AS builder
FROM python:3.11 AS builder

ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1
Expand Down
2 changes: 1 addition & 1 deletion agent/pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "humitifier"
version = "3.3.0"
version = "3.3.1"
description = "Tools and interfaces for displaying server resources"
authors = [
"Donatas Rasiukevicius <[email protected]>",
Expand Down
2 changes: 1 addition & 1 deletion humitifier-server/pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ target-version = [

[tool.poetry]
name = "humitifier-server"
version = "3.3.0"
version = "3.3.1"
description = ""
authors = [
"Mees, T.D. (Ty) <[email protected]>",
Expand Down
7 changes: 5 additions & 2 deletions humitifier-server/src/humitifier_server/oidc_backend.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,19 @@ def filter_users_by_claims(self, claims):
username = self.get_username(claims)
if not username:
return self.UserModel.objects.none()
return self.UserModel.objects.filter(username=username, is_local_account=False)
return self.UserModel.objects.filter(
username__iexact=username, is_local_account=False
)

def get_username(self, claims):
return claims.get("preferred_username")
return claims.get("preferred_username").lower()

def update_user(self, user, claims):
email = claims.get("email")
first_name = claims.get("given_name")
last_name = claims.get("family_name")

user.username = self.get_username(claims)
user.email = email
user.first_name = first_name
user.last_name = last_name
Expand Down
2 changes: 1 addition & 1 deletion humitifier-server/src/humitifier_server/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@
SPECTACULAR_SETTINGS = {
"TITLE": "Humitifier API",
"DESCRIPTION": "API for Humitifier, the Hum-IT CMDB",
"VERSION": "3.3.0",
"VERSION": "3.3.1",
"SERVE_INCLUDE_SCHEMA": False,
# OAuth2
"OAUTH2_FLOWS": ["clientCredentials"],
Expand Down

0 comments on commit 40ed66e

Please sign in to comment.