Merge branch 'master' of https://github.com/geopython/pycsw into ISO1…

…9115-3-part1

.github/workflows/main.yml

@@ -21,10 +21,6 @@ jobs:
     strategy:
       matrix:
         include:
-          - python-version: "3.8"
-            toxenv: "py38-sqlite"
-          - python-version: "3.9"
-            toxenv: "py39-sqlite"
           - python-version: "3.10"
             toxenv: "py310-sqlite"
           - python-version: "3.11"

.github/workflows/vulnerabilities.yml

@@ -14,27 +14,33 @@ on:
       - released
 
 jobs:
-  clone:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Setup Python
-        uses: actions/setup-python@v1
-        with:
-          python-version: 3.8
-          architecture: x64
-      - name: Checkout pycsw
-        uses: actions/checkout@master
 
   vulnerabilities:
-    needs: [clone]
     runs-on: ubuntu-22.04
-
+    defaults:
+      run:
+        working-directory: .
     steps:
+    - name: Checkout pycsw
+      uses: actions/checkout@v4
     - name: Scan vulnerabilities with trivy
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: fs
+        exit-code: 1
+        ignore-unfixed: true
+        severity: CRITICAL,HIGH
+        scanners: vuln,misconfig,secret
+        scan-ref: .
+    - name: Build locally the image from Dockerfile
       run: |
-        sudo apt-get install -y wget apt-transport-https gnupg lsb-release
-        wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
-        echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
-        sudo apt-get update
-        sudo apt-get install -y trivy
-        trivy --exit-code 1 fs --scanners vuln,misconfig,secret --severity HIGH,CRITICAL --ignore-unfixed .
+        docker buildx build -t ${{ github.repository }}:${{ github.sha }} --platform linux/amd64 --no-cache -f Dockerfile .
+    - name: Scan locally built Docker image for vulnerabilities with trivy
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: image
+        exit-code: 1
+        ignore-unfixed: true
+        severity: CRITICAL,HIGH
+        vuln-type: os,library
+        image-ref: '${{ github.repository }}:${{ github.sha }}'

CONTRIBUTING.rst

@@ -96,7 +96,6 @@ Coding Guidelines
 - always code with `PEP 8`_ conventions
 - always run source code through `flake8`_ and `pylint`_, using all pylint defaults except for ``C0111``.  ``sbin/pycsw-pylint.sh`` is included for convenience
 - for exceptions which make their way to OGC ``ExceptionReport`` XML, always specify the appropriate ``locator`` and ``code`` parameters
-- the pycsw wiki documents `developer tasks`_ for things like releasing documentation, testing, etc.
 
 Submitting a Pull Request
 ^^^^^^^^^^^^^^^^^^^^^^^^^

Dockerfile

@@ -10,7 +10,7 @@
 # Copyright (c) 2020 Ricardo Garcia Silva
 # Copyright (c) 2020 Massimo Di Stefano
 # Copyright (c) 2020 Tom Kralidis
-# Copyright (c) 2020 Angelos Tzotsos
+# Copyright (c) 2024 Angelos Tzotsos
 #
 # Permission is hereby granted, free of charge, to any person
 # obtaining a copy of this software and associated documentation
@@ -36,17 +36,17 @@
 #
 # =================================================================
 
-FROM python:3.8-slim-buster
+FROM python:3.10-slim-bookworm
 LABEL maintainer="[email protected],[email protected],[email protected]"
 
 # Build arguments
 # add "--build-arg BUILD_DEV_IMAGE=true" to Docker build command when building with test/doc tools
 
 ARG BUILD_DEV_IMAGE="false"
 
-RUN apt-get update && apt-get install --yes \
-        ca-certificates libexpat1 \
-    && rm -rf /var/lib/apt/lists/*
+RUN apt-get update --yes && \
+    apt-get install --yes --no-install-recommends ca-certificates python3-setuptools && \
+    rm -rf /var/lib/apt/lists/*
 
 RUN adduser --uid 1000 --gecos '' --disabled-password pycsw
 
@@ -63,19 +63,19 @@ COPY --chown=pycsw \
     requirements-dev.txt \
     ./
 
-RUN pip install -U pip && \
-    python3 -m pip install \
+RUN pip3 install -U pip setuptools && \
+    pip3 install \
     --requirement requirements.txt \
     --requirement requirements-standalone.txt \
     psycopg2-binary gunicorn \
-    && if [ "$BUILD_DEV_IMAGE" = "true" ] ; then python3 -m pip install -r requirements-dev.txt; fi
+    && if [ "$BUILD_DEV_IMAGE" = "true" ] ; then python3 -m pip3 install -r requirements-dev.txt; fi
 
 COPY --chown=pycsw . .
 
 COPY docker/pycsw.yml ${PYCSW_CONFIG}
 COPY docker/entrypoint.py /usr/local/bin/entrypoint.py
 
-RUN python3 -m pip install --editable .
+RUN pip3 install --editable .
 
 WORKDIR /home/pycsw
 

docker/helm/templates/db-statefulset.yaml

@@ -36,6 +36,8 @@ spec:
         volumeMounts:
         - mountPath: {{ .Values.db.volume_path }}
           name: {{ .Values.db.volume_name }}
+        securityContext:
+          readOnlyRootFilesystem: true
       restartPolicy: Always
   volumeClaimTemplates:
     - metadata:

docker/helm/templates/pycsw-deployment.yaml

@@ -31,6 +31,8 @@ spec:
         volumeMounts:
         - mountPath: {{ .Values.pycsw.volume_path }}
           name: {{ .Values.pycsw.volume_name }}
+        securityContext:
+          readOnlyRootFilesystem: true
       restartPolicy: Always
       volumes:
       - name: {{ .Values.pycsw.volume_name }}

docker/kubernetes/db-deployment.yaml

@@ -34,6 +34,8 @@ spec:
         volumeMounts:
         - mountPath: /var/lib/postgresql/data/pgdata
           name: db-data
+        securityContext:
+          readOnlyRootFilesystem: true
       restartPolicy: Always
       volumes:
       - name: db-data

docker/kubernetes/pycsw-deployment.yaml

@@ -30,6 +30,8 @@ spec:
         volumeMounts:
         - mountPath: /etc/pycsw
           name: pycsw-config
+        securityContext:
+         readOnlyRootFilesystem: true
       restartPolicy: Always
       volumes:
       - name: pycsw-config

docs/conf.py

@@ -39,7 +39,7 @@
 # All configuration values have a default; values that are commented out
 # serve to show the default.
 
-import sys, os
+import sys
 from unittest.mock import MagicMock
 
 # If extensions (or modules to document with autodoc) are in another directory,
@@ -84,8 +84,7 @@
 # built documents.
 #
 # The short X.Y version.
-with open('../VERSION.txt') as f:
-    version = f.read().strip()
+version = '3.0-dev'
 # The full version, including alpha/beta/rc tags.
 release = version
 

docs/docker.rst

@@ -144,7 +144,6 @@ The following instructions set up a fully working development environment::
         --detach \
         --volume ${PWD}/pycsw:/usr/lib/python3.7/site-packages/pycsw \
         --volume ${PWD}/docs:/home/pycsw/docs \
-        --volume ${PWD}/VERSION.txt:/home/pycsw/VERSION.txt \
         --volume ${PWD}/LICENSE.txt:/home/pycsw/LICENSE.txt \
         --volume ${PWD}/COMMITTERS.txt:/home/pycsw/COMMITTERS.txt \
         --volume ${PWD}/CONTRIBUTING.rst:/home/pycsw/CONTRIBUTING.rst \
@@ -166,7 +165,7 @@ The following instructions set up a fully working development environment::
 
 .. note::
 
-   Please note that the pycsw image only uses python 3.8 and that it also does
+   The pycsw image uses a specific Python version and does
    not install pycsw in editable mode. As such it is not possible to
    use ``tox``.
 

docs/installation.rst

@@ -221,9 +221,9 @@ WSGI mode, use ``pycsw/wsgi.py`` in your WSGI server environment.
 
 .. note::
 
-  ``mod_wsgi`` supports only the version of python it was compiled with. If the target server
-  already supports WSGI applications, pycsw will need to use the same python version.
-  `WSGIDaemonProcess`_ provides a ``python-path`` directive that may allow a virtualenv created from the python version ``mod_wsgi`` uses.
+  ``mod_wsgi`` supports only the version of Python it was compiled with. If the target server
+  already supports WSGI applications, pycsw will need to use the same Python version.
+  `WSGIDaemonProcess`_ provides a ``python-path`` directive that may allow a virtualenv created from the Python version ``mod_wsgi`` uses.
 
 Below is an example of configuring with Apache:
 

docs/locale/zh/LC_MESSAGES/contributing.po

@@ -320,12 +320,6 @@ msgstr ""
 "除了OGC ``ExceptionReport`` XML运行方式为个别例外，通常会指定合适的 ``定"
 "位器`` 和 ``代码`` 参数"
 
-#: ../../../CONTRIBUTING.rst:99
-msgid ""
-"the pycsw wiki documents `developer tasks`_ for things like releasing "
-"documentation, testing, etc."
-msgstr "pycsw wiki 文档的 `developer tasks`_ 类似于发布文档，测试等。"
-
 #: ../../../CONTRIBUTING.rst:102
 msgid "Submitting a Pull Request"
 msgstr "提交pull请求"

docs/locale/zh/LC_MESSAGES/testing.po

@@ -543,12 +543,6 @@ msgstr "导航到 ``http://host/path/to/pycsw/tests/index.html`` 。"
 #~ msgid "Running Locally"
 #~ msgstr "本地运行"
 
-#~ msgid ""
-#~ "The tests framework can be run from ``tests`` using `Paver`_ (see ``pavement."
-#~ "py``) tasks for convenience:"
-#~ msgstr ""
-#~ "为方便工作，测试框架可以用 `Paver`_ (见 ``pavement.py``) 在 ``tests`` 中运行："
-
 #~ msgid ""
 #~ "The tests perform HTTP GET and POST requests against ``http://"
 #~ "localhost:8000``.  The expected output for each test can be found in "
@@ -566,12 +560,12 @@ msgstr "导航到 ``http://host/path/to/pycsw/tests/index.html`` 。"
 #~ "If a given test has failed, the output is saved in ``results``.  The "
 #~ "resulting failure can be analyzed by running ``diff tests/expected/"
 #~ "name_of_test.xml tests/results/name_of_test.xml`` to find variances.  The "
-#~ "Paver task returns a status code which indicates the number of tests which "
+#~ "task returns a status code which indicates the number of tests which "
 #~ "have failed (i.e. ``echo $?``)."
 #~ msgstr ""
 #~ "如果某个测试失败，输出将保存在``结果``中。 运行``diff tests/expected/"
 #~ "name_of_test.xml tests/results/name_of_test.xml`` ，会自动统计失败结果以找到差"
-#~ "异。Paver任务会返回一个状态代码，表示已失败的测试数目（即``echo $?``）。"
+#~ "异。任务会返回一个状态代码，表示已失败的测试数目（即``echo $?``）。"
 
 #~ msgid "Test Suites"
 #~ msgstr "测试套件"
@@ -631,9 +625,6 @@ msgstr "导航到 ``http://host/path/to/pycsw/tests/index.html`` 。"
 #~ "文件的名称内）。该 ``request`` 值是HTTP GET请求的值。该 ``PYCSW_SERVER`` 在"
 #~ "URL pycsw安装运行时会被替换掉的。"
 
-#~ msgid "run ``paver test``"
-#~ msgstr "运行`paver test`"
-
 #~ msgid "Ensure that all file paths are relative to ``path/to/pycsw``"
 #~ msgstr "确保所有文件的路径都关联 ``path/to/pycsw`` "
 
@@ -646,11 +637,6 @@ msgstr "导航到 ``http://host/path/to/pycsw/tests/index.html`` 。"
 #~ "个sqlite3数据库。该数据库*必须*被写为 ``records.db``，目录 ``tests/suites/foo/"
 #~ "data`` 也必须存在"
 
-#~ msgid ""
-#~ "run ``paver test`` (or ``paver test -s foo`` to test only the new test suite)"
-#~ msgstr ""
-#~ "运行 ``paver test`` （或 ``paver test-s foo`` ， 仅用来测试新的测试套件）"
-
 #~ msgid ""
 #~ "Pycsw uses `pytest`_ for managing its automated tests. There are a number of "
 #~ "test suites that perform mostly functional testing. These tests ensure that "

docs/testing.rst

@@ -289,7 +289,7 @@ Examples:
 .. code:: bash
 
    # install tox on your system
-   sudo pip install tox
+   sudo pip3 install tox
 
    # run all tests on multiple Python versions against all databases,
    # with default arguments
@@ -311,15 +311,15 @@ requests against your pycsw install.  The tests are is located in
 
 .. code-block:: bash
 
-  $ paver gen_tests_html
+   python3 gen_html.py > index.html
+
 
 Then navigate to ``http://host/path/to/pycsw/tests/index.html``.
 
 
 
 .. _Compliance & Interoperability Testing & Evaluation Initiative: https://github.com/opengeospatial/cite/wiki
 .. _functional tests: https://en.wikipedia.org/wiki/Functional_testing
-.. _`Paver`: https://pythonhosted.org/Paver/
 .. _pytest's invocation documentation: https://docs.pytest.org/en/stable/usage.html
 .. _pytest: https://docs.pytest.org
 .. _Github Actions: https://github.com/geopython/pycsw/actions