From d458b8d84606cee38149be8741623cc0841bc43e Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Thu, 21 Nov 2024 14:19:52 -0800 Subject: [PATCH 1/7] fix(gradle): added javadoc req. to spotless and removed yaml and misc file checking --- skaha/build.gradle | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/skaha/build.gradle b/skaha/build.gradle index e7004934..7c0cbe55 100644 --- a/skaha/build.gradle +++ b/skaha/build.gradle @@ -60,24 +60,19 @@ dependencies { spotless { java { + // Interpret all files as utf-8 + encoding 'UTF-8' + // Only require formatting of files that diff from main + ratchetFrom 'origin/main' // Use the default importOrder configuration importOrder() // Remove unused imports removeUnusedImports() // Google Java Format, Android Open Source Project style which uses 4 spaces for indentation - palantirJavaFormat() + palantirJavaFormat('2.50.0').formatJavaDoc(true) // Format annotations on a single line formatAnnotations() } - yaml { - target '**/*.yaml, **/*.yml, ../.github/workflows/*.yml' - } - format 'misc', { - target '**/*.gradle' - trimTrailingWhitespace() - indentWithSpaces(4) - endWithNewline() - } } check.dependsOn spotlessCheck From 807e5f56fede5513ec19faf25b5df019941da391 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 22 Nov 2024 11:24:16 -0800 Subject: [PATCH 2/7] feat(pre-commit): added base pre-commit config moved png from base to docs->images --- .pre-commit-config.yaml | 56 ++++++++++++++++++ README.md | 6 +- .../images/canfar-architecture-0.3.png | Bin .../images/canfar-architecture-1.0.png | Bin .../images/canfar-architecture-2024-04-08.png | Bin .../canfar-platform-architecture-0.1.png | Bin .../canfar-platform-architecture-0.2.png | Bin .../images/skaha-architecture-0.1.png | Bin .../images/skaha-architecture-0.2.png | Bin skaha/build.gradle | 2 +- 10 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 .pre-commit-config.yaml rename canfar-architecture-0.3.png => docs/images/canfar-architecture-0.3.png (100%) rename canfar-architecture-1.0.png => docs/images/canfar-architecture-1.0.png (100%) rename canfar-architecture-2024-04-08.png => docs/images/canfar-architecture-2024-04-08.png (100%) rename canfar-platform-architecture-0.1.png => docs/images/canfar-platform-architecture-0.1.png (100%) rename canfar-platform-architecture-0.2.png => docs/images/canfar-platform-architecture-0.2.png (100%) rename skaha-architecture-0.1.png => docs/images/skaha-architecture-0.1.png (100%) rename skaha-architecture-0.2.png => docs/images/skaha-architecture-0.2.png (100%) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..823ccc1f --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,56 @@ +# Pre-Commit Configuration File: https://pre-commit.com +--- +repos: + # Commitizen Configuration + # This configuration will add commitizen to your pre-commit hooks and will run it on commit-msg stage + # of the git commit process. + - repo: https://github.com/commitizen-tools/commitizen + rev: v3.31.0 + hooks: + - id: commitizen + stages: [commit-msg] + # Pre-Commit Hooks Configuration + # This configuration will add pre-commit hooks to your pre-commit hooks and will run it on pre-commit stage + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + # Prevent giant files from being committed. + - id: check-added-large-files + # Check for files with names that would conflict on a case-insensitive filesystem like MacOS HFS+ or Windows FAT. + - id: check-case-conflict + # Checks that non-binary executables have a proper shebang. + - id: check-executables-have-shebangs + # Attempts to load all json files to verify syntax. + - id: check-json + # Check for files that contain merge conflict strings. + - id: check-merge-conflict + # Checks for symlinks which do not point to anything. + - id: check-symlinks + # Attempts to load all TOML files to verify syntax. + - id: check-toml + # Attempts to load all yaml files to verify syntax. + - id: check-yaml + # Attempts to load all xml files to verify syntax. + - id: check-xml + # Check for debugger imports and py37+ breakpoint() calls in python source. + - id: debug-statements + # Makes sure files end in a newline and only a newline. + - id: end-of-file-fixer + # Trims trailing whitespace. + - id: trailing-whitespace + # Checks for private key files. + - id: detect-private-key + - repo: local + hooks: + - id: gradle-build + name: Skaha Gradle Build + entry: /bin/bash + args: + - -c + - | + cd skaha + ./gradlew clean check + language: system + pass_filenames: false + always_run: true + verbose: true \ No newline at end of file diff --git a/README.md b/README.md index 712f8c37..19e58875 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,6 @@ *A container based science platform in CANFAR.* ---- - [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/opencadc/science-platform/badge)](https://scorecard.dev/viewer/?uri=github.com/opencadc/science-platform) ## Table of Contents @@ -32,11 +30,11 @@ This project has been funded in part by: ## Overview -![science-platform-architecture](canfar-architecture-2024-04-08.png) +![science-platform-architecture](docs/images/canfar-architecture-2024-04-08.png) skaha is a general purpose online platform for running science containers interactively. It is part of the CANFAR science platform for containers. In the architecture diagram below, skaha is the main API to the Science Platform. -![canfar-architecture](canfar-architecture-1.0.png) +![canfar-architecture](docs/images/canfar-architecture-1.0.png) The CANFAR Science Platform Architecture. Skaha is the API to the Science Platform box. diff --git a/canfar-architecture-0.3.png b/docs/images/canfar-architecture-0.3.png similarity index 100% rename from canfar-architecture-0.3.png rename to docs/images/canfar-architecture-0.3.png diff --git a/canfar-architecture-1.0.png b/docs/images/canfar-architecture-1.0.png similarity index 100% rename from canfar-architecture-1.0.png rename to docs/images/canfar-architecture-1.0.png diff --git a/canfar-architecture-2024-04-08.png b/docs/images/canfar-architecture-2024-04-08.png similarity index 100% rename from canfar-architecture-2024-04-08.png rename to docs/images/canfar-architecture-2024-04-08.png diff --git a/canfar-platform-architecture-0.1.png b/docs/images/canfar-platform-architecture-0.1.png similarity index 100% rename from canfar-platform-architecture-0.1.png rename to docs/images/canfar-platform-architecture-0.1.png diff --git a/canfar-platform-architecture-0.2.png b/docs/images/canfar-platform-architecture-0.2.png similarity index 100% rename from canfar-platform-architecture-0.2.png rename to docs/images/canfar-platform-architecture-0.2.png diff --git a/skaha-architecture-0.1.png b/docs/images/skaha-architecture-0.1.png similarity index 100% rename from skaha-architecture-0.1.png rename to docs/images/skaha-architecture-0.1.png diff --git a/skaha-architecture-0.2.png b/docs/images/skaha-architecture-0.2.png similarity index 100% rename from skaha-architecture-0.2.png rename to docs/images/skaha-architecture-0.2.png diff --git a/skaha/build.gradle b/skaha/build.gradle index 7c0cbe55..204de0ef 100644 --- a/skaha/build.gradle +++ b/skaha/build.gradle @@ -69,7 +69,7 @@ spotless { // Remove unused imports removeUnusedImports() // Google Java Format, Android Open Source Project style which uses 4 spaces for indentation - palantirJavaFormat('2.50.0').formatJavaDoc(true) + palantirJavaFormat('2.50.0').formatJavadoc(true) // Format annotations on a single line formatAnnotations() } From 9cfc1f5b06283357705c885bc780551aee82dc2c Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 22 Nov 2024 11:28:29 -0800 Subject: [PATCH 3/7] fix(gha): cosign signing is not only done on sha digest, rather than tags, e.g. latest, vX.X.X etc --- .github/workflows/cd.edge.build.yml | 2 +- .github/workflows/cd.release.build.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/cd.edge.build.yml b/.github/workflows/cd.edge.build.yml index 3f99b30c..9ed5b2f5 100644 --- a/.github/workflows/cd.edge.build.yml +++ b/.github/workflows/cd.edge.build.yml @@ -78,4 +78,4 @@ jobs: id: cosign run: | cosign version - cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload + cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.build.outputs.digest }} --upload \ No newline at end of file diff --git a/.github/workflows/cd.release.build.yml b/.github/workflows/cd.release.build.yml index f626157a..fcf76d86 100644 --- a/.github/workflows/cd.release.build.yml +++ b/.github/workflows/cd.release.build.yml @@ -84,6 +84,4 @@ jobs: id: cosign run: | cosign version - cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} --upload - cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG_RELEASE }} --upload cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ steps.build.outputs.digest }} --upload From e1183bf9ecb0c1a1d2e64331a33eb069c5640245 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 22 Nov 2024 12:43:09 -0800 Subject: [PATCH 4/7] fix(gha): edge builds are now only triggered when pushed to main --- .github/workflows/cd.release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml index 36597f88..cc2b6cdc 100644 --- a/.github/workflows/cd.release.yml +++ b/.github/workflows/cd.release.yml @@ -24,7 +24,7 @@ jobs: - name: Dispatch Edge Build # Run this step only if the release-please completes successfully - if: steps.release-please.outcome == 'success' + if: steps.release-please.outcome == 'success' && github.event_name == 'push' uses: peter-evans/repository-dispatch@v3.0.0 with: repository: opencadc/science-platform From c5863c354d8bf67c58f0e634f4791508c9d2f19d Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 22 Nov 2024 12:45:17 -0800 Subject: [PATCH 5/7] fix(gha): release steps are now only run after a push to main, and not on pr events --- .github/workflows/cd.release.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml index cc2b6cdc..98f93c96 100644 --- a/.github/workflows/cd.release.yml +++ b/.github/workflows/cd.release.yml @@ -5,9 +5,6 @@ on: push: branches: - main - pull_request: - branches: - - main jobs: release-please: From 49e246de62b1fe0af17147cec39ea339b93a3dec Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 22 Nov 2024 12:52:14 -0800 Subject: [PATCH 6/7] docs(readme): small updates --- README.md | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 19e58875..a7a0b343 100644 --- a/README.md +++ b/README.md @@ -2,21 +2,23 @@ *A container based science platform in CANFAR.* +[![CI: Linting](https://github.com/opencadc/science-platform/actions/workflows/ci.linting.yml/badge.svg)](https://github.com/opencadc/science-platform/actions/workflows/ci.linting.yml) +[![CI: Testing](https://github.com/opencadc/science-platform/actions/workflows/ci.testing.yml/badge.svg)](https://github.com/opencadc/science-platform/actions/workflows/ci.testing.yml) +[![CD: Edge Build](https://github.com/opencadc/science-platform/actions/workflows/cd.edge.build.yml/badge.svg)](https://github.com/opencadc/science-platform/actions/workflows/cd.edge.build.yml) +[![CD: Release Build](https://github.com/opencadc/science-platform/actions/workflows/cd.release.build.yml/badge.svg)](https://github.com/opencadc/science-platform/actions/workflows/cd.release.build.yml) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/opencadc/science-platform/badge)](https://scorecard.dev/viewer/?uri=github.com/opencadc/science-platform) - ## Table of Contents - [Skaha](#skaha) - [Table of Contents](#table-of-contents) - [CANFAR Science Portal Documentation](#canfar-science-portal-documentation) - [Acknowledgements](#acknowledgements) - [Overview](#overview) - - [Helm Installation](#helm-installation) + - [Deployment](#deployment) - [System Components](#system-components) - [skaha](#skaha-1) - [Session Containers](#session-containers) - [Software Containers](#software-containers) - [Dependencies](#dependencies) - - [Deployment](#deployment) ## CANFAR Science Portal Documentation @@ -30,17 +32,16 @@ This project has been funded in part by: ## Overview -![science-platform-architecture](docs/images/canfar-architecture-2024-04-08.png) - -skaha is a general purpose online platform for running science containers interactively. It is part of the CANFAR science platform for containers. In the architecture diagram below, skaha is the main API to the Science Platform. +Skaha is a general purpose online platform for running science containers interactively. It is part of the [CANFAR Science Platform](https://canfar.net). In the architecture diagram below, skaha is the main API to the Science Platform. +![science-platform-architecture](docs/images/canfar-architecture-2024-04-08.png) +The CANFAR Science Platform Architecture. ![canfar-architecture](docs/images/canfar-architecture-1.0.png) +Skaha is the API to the Science Platform box. -The CANFAR Science Platform Architecture. Skaha is the API to the Science Platform box. - -## Helm Installation +## Deployment -Deploying the Skaha service is made up of a small number of Helm installations. See the [Deployment Guide](./deployment/helm/README.md) for installations. +Skaha runs on Kubernetes and and is deployed using Helm. See the [Deployment Guide](./deployment/helm/README.md) for more information. ## System Components @@ -73,7 +74,4 @@ skaha relies on a number of other opencadc modules to operate. * access control (ac) web service (https://github.com/opencadc/ac) -- If the IdentityManager implementation is configured to use cadc-access-control-server for authentication an operational ac web service is required to be running. * credential delegation (cdp) web service (https://github.com/opencadc/cdp) -- The cdp service is used to obtain users' delegated proxy certificates. * cavern -- skaha is complimented by having the cavern VOSpace implementation mounted as a shared POSIX file system. (https://github.com/opencadc/vos/tree/master/cavern). cavern is a vospace implementation where both the data and metadata are based on the contents of a file system. If the software-containers have access to the cavern file system the contents of that file system can be accessed and shared through the cavern web service. -* posix/sssd -- Containers in skaha are always run _as the user_ and with the users' group memberships. If skaha-desktop and software-containers are run with a SSSD configuration that points to the same LDAP instance as used by ac, the names of those uids and gids can be resolved. - -## Deployment -skaha runs on kubernetes. See the deployment directory for specifics. +* posix/sssd -- Containers in skaha are always run _as the user_ and with the users' group memberships. If skaha-desktop and software-containers are run with a SSSD configuration that points to the same LDAP instance as used by ac, the names of those uids and gids can be resolved. \ No newline at end of file From fa5db3670e6425fd6fec9a0abec2700fbef11f88 Mon Sep 17 00:00:00 2001 From: Shiny Brar Date: Fri, 22 Nov 2024 13:18:25 -0800 Subject: [PATCH 7/7] fix(release-please): removed v from tags tags are now 0.1.1 rather than v0.1.1 --- .github/workflows/cd.release.build.yml | 1 + release-please-config.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd.release.build.yml b/.github/workflows/cd.release.build.yml index fcf76d86..f993fc36 100644 --- a/.github/workflows/cd.release.build.yml +++ b/.github/workflows/cd.release.build.yml @@ -55,6 +55,7 @@ jobs: tags: | ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG }} ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.TAG_RELEASE }} + ${{ env.REGISTRY }}/${{ env.IMAGE }}:v${{ env.TAG_RELEASE }} labels: | org.opencontainers.image.title=skaha org.opencontainers.image.version=${{ env.TAG_RELEASE }} diff --git a/release-please-config.json b/release-please-config.json index c80864ff..86287a8c 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -9,7 +9,7 @@ "draft": false, "prerelease": false, "include-component-in-tag": false, - "include-v-in-tag": true, + "include-v-in-tag": false, "extra-files": [ "skaha/gradle.properties" ],