Merge pull request #26 from michaelconan/fix/nonroot

Fix/nonroot

Author: michaelconan

.devcontainer/Dockerfile

@@ -1,7 +1,24 @@
 FROM python:3.12-slim
 
+# User and Group identifiers
+ARG UID=1000
+ARG GID=1000
+
+# Add local bin to PATH
+ENV PATH="/home/vscode/.local/bin:${PATH}"
+
 # Install git and other dependencies
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends git && \
+    apt-get install -y --no-install-recommends git sudo && \
     apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*
+
+# Create and run as non-root user
+RUN addgroup --gid $GID vscode && \
+    adduser --uid $UID --gid $GID vscode
+
+# Allow the non-root user to run sudo without a password
+RUN echo "vscode ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vscode \
+    && chmod 0440 /etc/sudoers.d/vscode
+
+USER vscode

.devcontainer/devcontainer.json

@@ -1,7 +1,7 @@
 // For format details, see https://aka.ms/devcontainer.json. For config options, see the
 // README at: https://github.com/devcontainers/templates/tree/main/src/postgres
 {
-	"name": "Python 3 & PostgreSQL",
+	"name": "Local Airflow",
 	"dockerComposeFile": "docker-compose.yml",
 	"service": "app",
 	"workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
@@ -26,9 +26,9 @@
 		5432
 	],
 	// Use 'postCreateCommand' to run commands after the container is created.
-	"postCreateCommand": "chmod -R +x script/* && script/setup"
+	"postCreateCommand": "sudo chown -R vscode:vscode $PWD && chmod -R 777 script/* && script/setup",
 	// Configure tool-specific properties.
 	// "customizations": {},
 	// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
-	// "remoteUser": "root"
+	"remoteUser": "vscode"
 }

.flake8

@@ -0,0 +1,2 @@
+[flake8]
+max-line-length = 100

.github/workflows/ci.yml

@@ -14,6 +14,9 @@ env:
 jobs:
   test:
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
     env:
       CI: true
 
@@ -27,7 +30,7 @@ jobs:
           echo "$AIRFLOW_CONNECTIONS" > ${{ env.CONNECTIONS_FILE }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v2 
+        uses: docker/login-action@v2
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -40,20 +43,24 @@ jobs:
           cacheFrom: ${{ env.IMAGE_NAME }}
           push: always
 
-      - name: Build and run Dev Container task
+      - name: Build container and run pre-commit format and lint
         uses: devcontainers/[email protected]
         with:
-          # Devcontainer image
           imageName: ${{ env.IMAGE_NAME }}
-          # Run setup, validation and tests in dev container
+          cacheFrom: ${{ env.IMAGE_NAME }}
+          # Run pre-commit checks
           runCmd: |
-            # Run setup steps
-            script/setup
-            # Run pre-commit checks
             pre-commit run --all-files --verbose --show-diff-on-failure
-            # Run tests (which now have access to connections)
+  
+      - name: Build container and run unit tests
+        uses: devcontainers/[email protected]
+        with:
+          imageName: ${{ env.IMAGE_NAME }}
+          cacheFrom: ${{ env.IMAGE_NAME }}
+          # Run unit tests
+          runCmd: |
             script/test
 
       - name: Cleanup Files
         run: |
-          rm ${{ env.CONNECTIONS_FILE }}
+          rm -f ${{ env.CONNECTIONS_FILE }}

.pre-commit-config.yaml

@@ -13,10 +13,11 @@ repos:
   rev: v3.1.0
   hooks:
     - id: add-trailing-comma
-- repo: https://github.com/psf/black
-  rev: 24.10.10
+- repo: https://github.com/psf/black-pre-commit-mirror
+  rev: 24.8.0
   hooks:
     - id: black
+      language_version: python3.12
 - repo: https://github.com/PyCQA/flake8
   rev: 6.1.0
   hooks:

README.md

@@ -52,7 +52,7 @@ graph TB
 
 1. [Alembic](https://alembic.sqlalchemy.org/en/latest/) database migrations for raw tables which should generally match the schema of the source system, run via [Airflow provider package](https://pypi.org/project/airflow-provider-alembic/)
 2. [Airflow](https://airflow.apache.org/) to orchestrate data loading scripts and additional automated workflows
-3. [DBT core](https://docs.getdbt.com/) to define data models and transformations, again orchestrated by Airflow (via CLI / `BashOperator`) 
+3. [DBT core](https://docs.getdbt.com/) to define data models and transformations, again orchestrated by Airflow (via CLI / `BashOperator`)
 
 
 ## Setup
@@ -78,7 +78,7 @@ To run Airflow on a single instance, I used Honcho to run multiple processes via
 5. Set startup command to use the `startup.txt` file
 6. Run database migrations (`airflow db migrate`) and user setup (`airflow users create`) as one-off admin process, Procfile just for main processes
     - Reference [quick start](https://airflow.apache.org/docs/apache-airflow/stable/start.html) for guidance on this setup process
-    - It may be necessary to run these via startup command to get the app to launch 
+    - It may be necessary to run these via startup command to get the app to launch
 
 ### Automated Deployment