From b350762820d024a4c7fdcaa3454b7b1362dbd3d6 Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 11 Dec 2023 16:56:14 +0000 Subject: [PATCH 01/42] update uwsgi --- apps/schematic/api/uwsgi.ini | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/apps/schematic/api/uwsgi.ini b/apps/schematic/api/uwsgi.ini index 5db4087341..434cf70cfb 100644 --- a/apps/schematic/api/uwsgi.ini +++ b/apps/schematic/api/uwsgi.ini @@ -1,7 +1,7 @@ [uwsgi] # The variables http and *-socket are passed as command line arguments and # must not be specified in this file. -wsgi-file = schematic_api/__main__.py +wsgi-file = schematic_api/main.py callable = app uid = www-data gid = www-data @@ -12,4 +12,13 @@ chmod-sock = 660 vacuum = true die-on-term = true thunder-lock = true -http-keepalive = true \ No newline at end of file +http-keepalive = true +harakiri-verbose = true +http-timeout = 300 # necessary for preventing time-out +uwsgi_read_timeout = 300 # necessary for preventing time-out +uwsgi_send_timeout = 300 # necessary for preventing time-out +buffer-size = 32768 # for dealing with long token in DCA and DFA +# for dealing with OSError: write error +ignore-sigpipe=true +ignore-write-errors=true +disable-write-exception=true \ No newline at end of file From 18ce93076c5fb6f9ef2334003e7e232de6613aa2 Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 11 Dec 2023 17:20:11 +0000 Subject: [PATCH 02/42] add main --- apps/schematic/api/schematic_api/main.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 apps/schematic/api/schematic_api/main.py diff --git a/apps/schematic/api/schematic_api/main.py b/apps/schematic/api/schematic_api/main.py new file mode 100644 index 0000000000..3a110e2804 --- /dev/null +++ b/apps/schematic/api/schematic_api/main.py @@ -0,0 +1,24 @@ +#!/usr/bin/env python3 +import connexion +from flask_cors import CORS +import flask +from schematic_api import encoder + +app = connexion.App(__name__, specification_dir="./openapi/") +app.app.json_encoder = encoder.JSONEncoder +app.add_api( + "openapi.yaml", arguments={"title": "Schematic REST API"}, pythonic_params=True +) +app.add_url_rule("/", "ui", lambda: flask.redirect("/api/v1/ui")) + +# add CORS support +# https://connexion.readthedocs.io/en/latest/cookbook.html#cors-support +CORS(app.app, resources={r"/api/*": {"origins": "*"}}) + + +def main(): + app.run(port=80, debug=False) + + +if __name__ == "__main__": + main() From a29bb293254af50b8a23ac9e852da63c3a76ffcb Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 11 Dec 2023 17:28:43 +0000 Subject: [PATCH 03/42] format --- apps/schematic/api/schematic_api/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/schematic/api/schematic_api/main.py b/apps/schematic/api/schematic_api/main.py index 3a110e2804..7666a5d5b1 100644 --- a/apps/schematic/api/schematic_api/main.py +++ b/apps/schematic/api/schematic_api/main.py @@ -19,6 +19,6 @@ def main(): app.run(port=80, debug=False) - + if __name__ == "__main__": main() From 55f9b9835e065bdecfb9886966542416f070edd6 Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 11 Dec 2023 17:35:00 +0000 Subject: [PATCH 04/42] update docker file and update nginx config files --- apps/schematic/api/Dockerfile | 86 +++++++++++++++++++---------- apps/schematic/api/certificate.conf | 24 ++++++++ apps/schematic/api/redirect.conf | 10 ++++ apps/schematic/api/self-signed.conf | 6 ++ apps/schematic/api/ssl-params.conf | 21 +++++++ 5 files changed, 118 insertions(+), 29 deletions(-) create mode 100644 apps/schematic/api/certificate.conf create mode 100644 apps/schematic/api/redirect.conf create mode 100644 apps/schematic/api/self-signed.conf create mode 100644 apps/schematic/api/ssl-params.conf diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index 59f2d13676..a108d126e9 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -1,41 +1,69 @@ -FROM python:3.10.12-slim-buster +FROM tiangolo/uwsgi-nginx-flask:python3.10 -ENV APP_DIR=/opt/app +# add version tag as a build argument +ARG TAG -SHELL ["/bin/bash", "-euxo", "pipefail", "-c"] +# add label +LABEL maintainer="Milen Nikolov, Andrew Lamb, Mialy DeFelice, Gianna Jordan, Lingling Peng" -# hadolint ignore=DL3008 -RUN apt-get update -qq -y \ - && apt-get install --no-install-recommends -qq -y \ - build-essential \ - gosu \ - libpcre3 \ - libpcre3-dev \ - python3-dev \ - && apt-get -y autoclean \ - && apt-get -y autoremove \ - && rm -rf /var/lib/apt/lists/* +# the environment variables defined here are the default +# and can be overwritten by docker run -e VARIABLE = XX +# or can be overwritten by .env when using docker compose +ENV PYTHONFAULTHANDLER=1 \ + PYTHONUNBUFFERED=1 \ + PYTHONHASHSEED=random \ + PIP_NO_CACHE_DIR=off \ + PIP_DISABLE_PIP_VERSION_CHECK=on \ + PIP_DEFAULT_TIMEOUT=200 \ + POETRY_VERSION=1.3.0 \ + APP_PARENT_DIR=/app \ + NGINX_CONFIG=/etc/nginx/conf.d \ + APP_DIR=/app/app \ + ROOT=/ \ + UWSGI_INI=/app/uwsgi.ini \ + NGINX_WORKER_PROCESSES=1 \ + VERSION=$TAG -WORKDIR ${APP_DIR} -COPY schematic_api schematic_api/ -COPY pyproject.toml poetry.lock uwsgi.ini ./ +# run open ssl and generate certificate +RUN apt update && \ + apt-get install openssl && \ + openssl req -x509 -nodes -days 365 \ + -subj "/C=CA/ST=QC/O=Company" \ + -newkey rsa:2048 -keyout /etc/ssl/private/localhost.key \ + -out /etc/ssl/certs/localhost.crt; + +# add dhparam.pem +# dhparam.pem was used in ssl-params.conf +RUN openssl dhparam -out /etc/ssl/dhparam.pem 4096 + +# copy config nginx files that handle encryption +WORKDIR ${NGINX_CONFIG} +COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf ./redirect.conf ./ + +# copy to use custom uwsgi.ini and a custom prestart script +# the prestart script ensures us to run container as user www-data +WORKDIR /app +COPY ./uwsgi.ini ./ +# COPY ./docker-entrypoint.sh ./prestart.sh +RUN rm -rf ${APP_PARENT_DIR}/prestart.sh +# copy files relevant for schematic apis +WORKDIR /app/app +COPY schematic_api ./schematic_api +COPY pyproject.toml poetry.lock ./ + +# install dependencies RUN pip install poetry \ && poetry config --local virtualenvs.create false \ && poetry run pip install "cython<3.0.0" \ && poetry run pip install --no-build-isolation pyyaml==5.4.1 \ - && poetry install --with prod --no-root --no-interaction --no-ansi \ - && pip cache purge - -WORKDIR / -COPY docker-entrypoint.sh ./ -RUN chmod +x docker-entrypoint.sh + && poetry install --with prod --no-root --no-interaction --no-ansi -EXPOSE 7080 +# make any users able to read, write /root +# this is temporarily here to ensure that .synapseCache folder can be created +RUN chmod -R 777 /root -ENTRYPOINT ["/docker-entrypoint.sh"] +WORKDIR ${APP_DIR} -# Run server in development mode -# CMD ["python", "-m", "openapi_server"] -# Run server in production mode -CMD ["uwsgi", "--ini", "uwsgi.ini", "--lazy", "--http", ":7080"] \ No newline at end of file +# Expose ports +EXPOSE 443 diff --git a/apps/schematic/api/certificate.conf b/apps/schematic/api/certificate.conf new file mode 100644 index 0000000000..eb5bf94d98 --- /dev/null +++ b/apps/schematic/api/certificate.conf @@ -0,0 +1,24 @@ +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + include /etc/nginx/conf.d/self-signed.conf; + include /etc/nginx/conf.d/ssl-params.conf; + server_name 127.0.0.1; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + location / { + try_files $uri @app; + } + location @app { + include uwsgi_params; + uwsgi_pass unix:///tmp/uwsgi.sock; + } + location /static { + alias /app/static; + } + location /health { + return 200 'alive'; + add_header Content-Type text/plain; + } +} \ No newline at end of file diff --git a/apps/schematic/api/redirect.conf b/apps/schematic/api/redirect.conf new file mode 100644 index 0000000000..065fa86d6f --- /dev/null +++ b/apps/schematic/api/redirect.conf @@ -0,0 +1,10 @@ +# listen to http requests from port 80 +# and redirect all requests from all servers to port 443 +server { + listen 80 default_server; + server_name _; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + return 301 https://$server_name$request_uri; +} \ No newline at end of file diff --git a/apps/schematic/api/self-signed.conf b/apps/schematic/api/self-signed.conf new file mode 100644 index 0000000000..0ea774915b --- /dev/null +++ b/apps/schematic/api/self-signed.conf @@ -0,0 +1,6 @@ +# The ultimate goal is to set up a self-signed SSL certificate for Nginx to use +# A self-signed certificate is required to encrypt the communication between flask API server and any clients +# This configuration file is needed to configure nginx to use SSL certificates + +ssl_certificate /etc/ssl/certs/localhost.crt; +ssl_certificate_key /etc/ssl/private/localhost.key; \ No newline at end of file diff --git a/apps/schematic/api/ssl-params.conf b/apps/schematic/api/ssl-params.conf new file mode 100644 index 0000000000..cec80f7ed4 --- /dev/null +++ b/apps/schematic/api/ssl-params.conf @@ -0,0 +1,21 @@ +# The configuration file was borrowed from: https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-22-04 +# This configuration file is needed for setting up nginx securely. + +ssl_protocols TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_dhparam /etc/ssl/dhparam.pem; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; +ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; # Requires nginx >= 1.5.9 +ssl_stapling on; # Requires nginx >= 1.3.7 +ssl_stapling_verify on; # Requires nginx => 1.3.7 +resolver 8.8.8.8 8.8.4.4 valid=300s; +resolver_timeout 5s; +# Disable strict transport security for now. You can uncomment the following +# line if you understand the implications. +# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; +add_header X-Frame-Options DENY; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; \ No newline at end of file From 12b2f1b4c0c44fb0bbcefcb014780f6d51fd6b5d Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 11 Dec 2023 17:39:49 +0000 Subject: [PATCH 05/42] update to use python3.10.13 --- apps/schematic/api/poetry.lock | 2 +- apps/schematic/api/prepare-python.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/schematic/api/poetry.lock b/apps/schematic/api/poetry.lock index fa8954c221..a009c6226f 100644 --- a/apps/schematic/api/poetry.lock +++ b/apps/schematic/api/poetry.lock @@ -4370,5 +4370,5 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p [metadata] lock-version = "2.0" -python-versions = "3.10.12" +python-versions = "3.10.13" content-hash = "be68b5daa9b2bca977949e12447929e81df18fd22e5b883232bf5adb84d211f1" diff --git a/apps/schematic/api/prepare-python.sh b/apps/schematic/api/prepare-python.sh index 4ab7607475..ee493c5094 100755 --- a/apps/schematic/api/prepare-python.sh +++ b/apps/schematic/api/prepare-python.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -PYTHON_VERSION="3.10.12" +PYTHON_VERSION="3.10.13" pyenv install --skip-existing $PYTHON_VERSION From 65b44c64484b746f9ac3add4eb739557e213a155 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Dec 2023 01:10:36 +0000 Subject: [PATCH 06/42] update config file --- apps/schematic/api/schematic_api/config.yml | 70 ++++++++++++--------- 1 file changed, 40 insertions(+), 30 deletions(-) diff --git a/apps/schematic/api/schematic_api/config.yml b/apps/schematic/api/schematic_api/config.yml index bcc73704b8..999406f426 100644 --- a/apps/schematic/api/schematic_api/config.yml +++ b/apps/schematic/api/schematic_api/config.yml @@ -1,36 +1,46 @@ -# Do not change the 'definitions' section unless you know what you're doing -definitions: - synapse_config: ".synapseConfig" - service_acct_creds: "schematic_service_account_creds.json" +# This is an example config for Schematic. +# All listed values are those that are the default if a config is not used. +# Save this as config.yml, this will be gitignored. +# Remove any fields in the config you don't want to change +# If you remove all fields from a section, the entire section should be removed including the header. +# Change the values of any fields you do want to change + -synapse: - master_fileview: 'syn23643253' - manifest_folder: 'manifests' - manifest_basename: 'synapse_storage_manifest' - service_acct_creds: 'syn25171627' +# This describes where assets such as manifests are stored +asset_store: + # This is when assets are stored in a synapse project + synapse: + # Synapse ID of the file view listing all project data assets. + # master_fileview_id: "syn23643253" + master_fileview_id: "syn52854554" + # Path to the synapse config file, either absolute or relative to this file + config: ".synapseConfig" + # Base name that manifest files will be saved as + manifest_basename: "synapse_storage_manifest" +# This describes information about manifests as it relates to generation and validation manifest: - # if making many manifests, just include name prefix - title: 'example' - # to make all manifests enter only 'all manifests' - data_type: - - 'Biospecimen' - - 'Patient' + # Location where manifests will saved to + manifest_folder: "manifests" + # Title or title prefix given to generated manifest(s) + title: "example" + # Data types of manifests to be generated or data type (singular) to validate manifest against + data_type: + - "Biospecimen" + - "Patient" +# Describes the location of your schema model: - input: - location: 'tests/data/example.model.jsonld' - file_type: 'local' + # Location of your schema jsonld, it must be a path relative to this file or absolute + location: "tests/data/example.model.jsonld" -style: - google_manifest: - req_bg_color: - red: 0.9215 - green: 0.9725 - blue: 0.9803 - opt_bg_color: - red: 1.0 - green: 1.0 - blue: 0.9019 - master_template_id: '1LYS5qE4nV9jzcYw5sXwCza25slDfRA1CIg3cs-hCdpU' - strict_validation: true \ No newline at end of file +# This section is for using google sheets with Schematic +google_sheets: + # The Synapse id of the Google service account credentials. + service_acct_creds_synapse_id: "syn25171627" + # Path to the synapse config file, either absolute or relative to this file + service_acct_creds: "schematic_service_account_creds.json" + # When doing google sheet validation (regex match) with the validation rules. + # true is alerting the user and not allowing entry of bad values. + # false is warning but allowing the entry on to the sheet. + strict_validation: true From 60bc33b52f24ae7e77f49a87604af41da932c513 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Dec 2023 01:13:32 +0000 Subject: [PATCH 07/42] update to use python version 3.10.13 --- apps/schematic/api/pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/schematic/api/pyproject.toml b/apps/schematic/api/pyproject.toml index c85cdabb9f..8f5e56535e 100644 --- a/apps/schematic/api/pyproject.toml +++ b/apps/schematic/api/pyproject.toml @@ -7,7 +7,7 @@ readme = "README.md" packages = [{include = "schematic_api"}] [tool.poetry.dependencies] -python = "3.10.12" +python = "3.10.13" connexion = {version = "2.14.1", extras = ["swagger-ui"]} swagger-ui-bundle = "0.0.9" python-dateutil = "2.8.2" From 36972427120132b32adc8c576aeb02b487275989 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Dec 2023 01:13:54 +0000 Subject: [PATCH 08/42] udate dokcer compose up --- apps/schematic/api/docker-compose.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/apps/schematic/api/docker-compose.yml b/apps/schematic/api/docker-compose.yml index fab337eb92..9225771fbc 100644 --- a/apps/schematic/api/docker-compose.yml +++ b/apps/schematic/api/docker-compose.yml @@ -1,8 +1,11 @@ -version: "3.8" +version: "3.10" services: schematic-api: - image: ghcr.io/sage-bionetworks/schematic-api:local + # image: ghcr.io/sage-bionetworks/schematic-api:local + build: + dockerfile: Dockerfile + image: sagebionetworks/schematic-aws-api:latest container_name: schematic-api restart: always env_file: @@ -12,8 +15,9 @@ services: # - ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d networks: - schematic - ports: - - "${SERVER_PORT}:7080" + ports: + - "${SERVER_PORT}:80" + - "443:443" # volumes: # openchallenges-mariadb: From 9e07f5d4d73cc96e1333181b97888f42f43563e2 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Dec 2023 01:15:03 +0000 Subject: [PATCH 09/42] update docker file --- apps/schematic/api/Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index a108d126e9..4bea4fbfa9 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -59,11 +59,15 @@ RUN pip install poetry \ && poetry run pip install --no-build-isolation pyyaml==5.4.1 \ && poetry install --with prod --no-root --no-interaction --no-ansi -# make any users able to read, write /root -# this is temporarily here to ensure that .synapseCache folder can be created -RUN chmod -R 777 /root +# Update file permission +RUN mkdir /root/.synapseCache +RUN mkdir /app/app/manifests +# temporary here to ensure .synapseCache is not empty +RUN echo "This is a test file." > /root/.synapseCache/test.txt +# temporary here until we move .synapseCache to a different path +RUN chmod -R 777 /root /app WORKDIR ${APP_DIR} # Expose ports -EXPOSE 443 +EXPOSE 443 \ No newline at end of file From 2458bcbbad835e4b10a6d4acaf55c133739a6707 Mon Sep 17 00:00:00 2001 From: linglp Date: Fri, 15 Dec 2023 20:20:39 +0000 Subject: [PATCH 10/42] edit comment and remove unnecessary part in dockerfile --- apps/schematic/api/Dockerfile | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index 4bea4fbfa9..d19fb56289 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -36,16 +36,13 @@ RUN apt update && \ # dhparam.pem was used in ssl-params.conf RUN openssl dhparam -out /etc/ssl/dhparam.pem 4096 -# copy config nginx files that handle encryption +# copy all nginx config files WORKDIR ${NGINX_CONFIG} COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf ./redirect.conf ./ -# copy to use custom uwsgi.ini and a custom prestart script -# the prestart script ensures us to run container as user www-data +# copy to use custom uwsgi.ini WORKDIR /app COPY ./uwsgi.ini ./ -# COPY ./docker-entrypoint.sh ./prestart.sh -RUN rm -rf ${APP_PARENT_DIR}/prestart.sh # copy files relevant for schematic apis WORKDIR /app/app From bbe3173c8ce720f70f8e66ae071eb013b682c7b8 Mon Sep 17 00:00:00 2001 From: linglp Date: Thu, 11 Jan 2024 20:38:54 +0000 Subject: [PATCH 11/42] slightly modify nginx conf; add error page 497 --- apps/schematic/api/certificate.conf | 1 + apps/schematic/api/redirect.conf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/schematic/api/certificate.conf b/apps/schematic/api/certificate.conf index eb5bf94d98..82fbca6fc4 100644 --- a/apps/schematic/api/certificate.conf +++ b/apps/schematic/api/certificate.conf @@ -7,6 +7,7 @@ server { proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; + error_page 497 https://$http_host$request_uri; location / { try_files $uri @app; } diff --git a/apps/schematic/api/redirect.conf b/apps/schematic/api/redirect.conf index 065fa86d6f..0d666f50e2 100644 --- a/apps/schematic/api/redirect.conf +++ b/apps/schematic/api/redirect.conf @@ -1,7 +1,7 @@ # listen to http requests from port 80 # and redirect all requests from all servers to port 443 server { - listen 80 default_server; + listen 80 http2 default_server; server_name _; proxy_read_timeout 300; proxy_connect_timeout 300; From 881d1e1d0c02dcbc3d7d1af86604ee3d904b1552 Mon Sep 17 00:00:00 2001 From: linglp Date: Thu, 11 Jan 2024 21:00:51 +0000 Subject: [PATCH 12/42] combine server block; remove redirect.conf --- apps/schematic/api/Dockerfile | 2 +- apps/schematic/api/certificate.conf | 3 +++ apps/schematic/api/redirect.conf | 10 ---------- 3 files changed, 4 insertions(+), 11 deletions(-) delete mode 100644 apps/schematic/api/redirect.conf diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index d19fb56289..de6964451f 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -38,7 +38,7 @@ RUN openssl dhparam -out /etc/ssl/dhparam.pem 4096 # copy all nginx config files WORKDIR ${NGINX_CONFIG} -COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf ./redirect.conf ./ +COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf ./ # copy to use custom uwsgi.ini WORKDIR /app diff --git a/apps/schematic/api/certificate.conf b/apps/schematic/api/certificate.conf index 82fbca6fc4..f91ea3339f 100644 --- a/apps/schematic/api/certificate.conf +++ b/apps/schematic/api/certificate.conf @@ -1,4 +1,7 @@ server { + # listen to port 80 for http requests + listen 80 http2 default_server; + # listen to port 443 for https requests listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include /etc/nginx/conf.d/self-signed.conf; diff --git a/apps/schematic/api/redirect.conf b/apps/schematic/api/redirect.conf deleted file mode 100644 index 0d666f50e2..0000000000 --- a/apps/schematic/api/redirect.conf +++ /dev/null @@ -1,10 +0,0 @@ -# listen to http requests from port 80 -# and redirect all requests from all servers to port 443 -server { - listen 80 http2 default_server; - server_name _; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - return 301 https://$server_name$request_uri; -} \ No newline at end of file From e92e3bb8a3fe831242d1ba0dcd27d5f690ed0b48 Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 22 Jan 2024 16:46:58 +0000 Subject: [PATCH 13/42] remove unnecessary part related to arg --- apps/schematic/api/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index de6964451f..3d1d3e650b 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -1,8 +1,5 @@ FROM tiangolo/uwsgi-nginx-flask:python3.10 -# add version tag as a build argument -ARG TAG - # add label LABEL maintainer="Milen Nikolov, Andrew Lamb, Mialy DeFelice, Gianna Jordan, Lingling Peng" @@ -26,6 +23,9 @@ ENV PYTHONFAULTHANDLER=1 \ # run open ssl and generate certificate RUN apt update && \ + && apt-get -y autoclean \ + && apt-get -y autoremove \ + && rm -rf /var/lib/apt/lists/* \ apt-get install openssl && \ openssl req -x509 -nodes -days 365 \ -subj "/C=CA/ST=QC/O=Company" \ From b9c65cf6d5fc37f52873b102b3ebdb6425d7ae0a Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 22 Jan 2024 18:43:22 +0000 Subject: [PATCH 14/42] update docker file --- apps/schematic/api/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index 3d1d3e650b..6f8188a434 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -22,7 +22,7 @@ ENV PYTHONFAULTHANDLER=1 \ VERSION=$TAG # run open ssl and generate certificate -RUN apt update && \ +RUN apt update \ && apt-get -y autoclean \ && apt-get -y autoremove \ && rm -rf /var/lib/apt/lists/* \ From ae7295bb9ba860857da4963af38a7d1bab173190 Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 22 Jan 2024 19:05:48 +0000 Subject: [PATCH 15/42] use image in ghcr in docker compose --- apps/schematic/api/docker-compose.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/apps/schematic/api/docker-compose.yml b/apps/schematic/api/docker-compose.yml index 9225771fbc..caa9ebcef6 100644 --- a/apps/schematic/api/docker-compose.yml +++ b/apps/schematic/api/docker-compose.yml @@ -2,10 +2,11 @@ version: "3.10" services: schematic-api: - # image: ghcr.io/sage-bionetworks/schematic-api:local - build: - dockerfile: Dockerfile - image: sagebionetworks/schematic-aws-api:latest + image: ghcr.io/sage-bionetworks/schematic-api:local + # for building docker image locally if needed + # build: + # dockerfile: Dockerfile + # image: sagebionetworks/schematic-aws-api:latest container_name: schematic-api restart: always env_file: From bcf0b9af6014f9e97410da248653630df94ee670 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 14 Feb 2024 19:29:38 +0000 Subject: [PATCH 16/42] redirect to port 8080 and port 8443 --- apps/schematic/api/Dockerfile | 2 +- apps/schematic/api/certificate.conf | 6 +++--- apps/schematic/api/redirect.conf | 11 +++++++++++ 3 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 apps/schematic/api/redirect.conf diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index 6f8188a434..57f1f9b9e0 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -67,4 +67,4 @@ RUN chmod -R 777 /root /app WORKDIR ${APP_DIR} # Expose ports -EXPOSE 443 \ No newline at end of file +EXPOSE 8443 \ No newline at end of file diff --git a/apps/schematic/api/certificate.conf b/apps/schematic/api/certificate.conf index f91ea3339f..6f5c365add 100644 --- a/apps/schematic/api/certificate.conf +++ b/apps/schematic/api/certificate.conf @@ -1,9 +1,9 @@ server { # listen to port 80 for http requests listen 80 http2 default_server; - # listen to port 443 for https requests - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; + # listen to port 8443 for https requests + listen 8443 ssl http2 default_server; + listen [::]:8443 ssl http2 default_server; include /etc/nginx/conf.d/self-signed.conf; include /etc/nginx/conf.d/ssl-params.conf; server_name 127.0.0.1; diff --git a/apps/schematic/api/redirect.conf b/apps/schematic/api/redirect.conf new file mode 100644 index 0000000000..34b402741e --- /dev/null +++ b/apps/schematic/api/redirect.conf @@ -0,0 +1,11 @@ +server { + # listen to port 443 for https requests + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + include /etc/nginx/conf.d/self-signed.conf; + include /etc/nginx/conf.d/ssl-params.conf; + server_name 127.0.0.1; + + # Redirect the browser to port 8443 + return 301 https://$server_name:8443$request_uri; +} \ No newline at end of file From 96ace7f90ea973cb80fa0206a78b581c6bb832bf Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 14 Feb 2024 20:01:58 +0000 Subject: [PATCH 17/42] update docker compose to use port 8443 --- apps/schematic/api/docker-compose.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/apps/schematic/api/docker-compose.yml b/apps/schematic/api/docker-compose.yml index caa9ebcef6..1a9e48b02f 100644 --- a/apps/schematic/api/docker-compose.yml +++ b/apps/schematic/api/docker-compose.yml @@ -3,10 +3,6 @@ version: "3.10" services: schematic-api: image: ghcr.io/sage-bionetworks/schematic-api:local - # for building docker image locally if needed - # build: - # dockerfile: Dockerfile - # image: sagebionetworks/schematic-aws-api:latest container_name: schematic-api restart: always env_file: @@ -16,9 +12,8 @@ services: # - ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d networks: - schematic - ports: - - "${SERVER_PORT}:80" - - "443:443" + ports: + - "8443:8443" # volumes: # openchallenges-mariadb: From 7e98b7d9b7a1d24b539b55628f95e10106ec14d4 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 14 Feb 2024 20:30:51 +0000 Subject: [PATCH 18/42] updated to use port 7443 --- apps/schematic/api/Dockerfile | 2 +- apps/schematic/api/certificate.conf | 6 +++--- apps/schematic/api/docker-compose.yml | 2 +- apps/schematic/api/redirect.conf | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index 57f1f9b9e0..ee1aeb1e94 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -67,4 +67,4 @@ RUN chmod -R 777 /root /app WORKDIR ${APP_DIR} # Expose ports -EXPOSE 8443 \ No newline at end of file +EXPOSE 7443 \ No newline at end of file diff --git a/apps/schematic/api/certificate.conf b/apps/schematic/api/certificate.conf index 6f5c365add..805572fbf6 100644 --- a/apps/schematic/api/certificate.conf +++ b/apps/schematic/api/certificate.conf @@ -1,9 +1,9 @@ server { # listen to port 80 for http requests listen 80 http2 default_server; - # listen to port 8443 for https requests - listen 8443 ssl http2 default_server; - listen [::]:8443 ssl http2 default_server; + # listen to port 7443 for https requests + listen 7443 ssl http2 default_server; + listen [::]:7443 ssl http2 default_server; include /etc/nginx/conf.d/self-signed.conf; include /etc/nginx/conf.d/ssl-params.conf; server_name 127.0.0.1; diff --git a/apps/schematic/api/docker-compose.yml b/apps/schematic/api/docker-compose.yml index 1a9e48b02f..076b8db28a 100644 --- a/apps/schematic/api/docker-compose.yml +++ b/apps/schematic/api/docker-compose.yml @@ -13,7 +13,7 @@ services: networks: - schematic ports: - - "8443:8443" + - "7443:7443" # volumes: # openchallenges-mariadb: diff --git a/apps/schematic/api/redirect.conf b/apps/schematic/api/redirect.conf index 34b402741e..5a0871b3cc 100644 --- a/apps/schematic/api/redirect.conf +++ b/apps/schematic/api/redirect.conf @@ -6,6 +6,6 @@ server { include /etc/nginx/conf.d/ssl-params.conf; server_name 127.0.0.1; - # Redirect the browser to port 8443 - return 301 https://$server_name:8443$request_uri; + # Redirect the browser to port 7443 + return 301 https://$server_name:7443$request_uri; } \ No newline at end of file From e8d48d7c4ad07c6ef81f5ca068c25fc553817444 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 16:27:22 +0000 Subject: [PATCH 19/42] add package environs --- apps/schematic/api/poetry.lock | 36 ++++++++++++++++++++++++++++++- apps/schematic/api/pyproject.toml | 1 + 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/apps/schematic/api/poetry.lock b/apps/schematic/api/poetry.lock index b7bb30088d..b8edb135a8 100644 --- a/apps/schematic/api/poetry.lock +++ b/apps/schematic/api/poetry.lock @@ -852,6 +852,26 @@ files = [ {file = "entrypoints-0.4.tar.gz", hash = "sha256:b706eddaa9218a19ebcd67b56818f05bb27589b1ca9e8d797b74affad4ccacd4"}, ] +[[package]] +name = "environs" +version = "11.0.0" +description = "simplified environment variable parsing" +optional = false +python-versions = ">=3.8" +files = [ + {file = "environs-11.0.0-py3-none-any.whl", hash = "sha256:e0bcfd41c718c07a7db422f9109e490746450da38793fe4ee197f397b9343435"}, + {file = "environs-11.0.0.tar.gz", hash = "sha256:069727a8f73d8ba8d033d3cd95c0da231d44f38f1da773bf076cef168d312ee8"}, +] + +[package.dependencies] +marshmallow = ">=3.13.0" +python-dotenv = "*" + +[package.extras] +dev = ["environs[tests]", "pre-commit (>=3.5,<4.0)", "tox"] +django = ["dj-database-url", "dj-email-url", "django-cache-url"] +tests = ["environs[django]", "pytest"] + [[package]] name = "et-xmlfile" version = "1.1.0" @@ -2904,6 +2924,20 @@ files = [ [package.dependencies] six = ">=1.5" +[[package]] +name = "python-dotenv" +version = "1.0.1" +description = "Read key-value pairs from a .env file and set them as environment variables" +optional = false +python-versions = ">=3.8" +files = [ + {file = "python-dotenv-1.0.1.tar.gz", hash = "sha256:e324ee90a023d808f1959c46bcbc04446a10ced277783dc6ee09987c37ec10ca"}, + {file = "python_dotenv-1.0.1-py3-none-any.whl", hash = "sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a"}, +] + +[package.extras] +cli = ["click (>=5.0)"] + [[package]] name = "python-json-logger" version = "2.0.7" @@ -4371,4 +4405,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p [metadata] lock-version = "2.0" python-versions = "3.10.13" -content-hash = "be68b5daa9b2bca977949e12447929e81df18fd22e5b883232bf5adb84d211f1" +content-hash = "85ba3925db5b8a24cdbf77f036d68e9ee0613258ea44f7374ba58b8472fd2ee0" diff --git a/apps/schematic/api/pyproject.toml b/apps/schematic/api/pyproject.toml index c6b142bde9..cd2d7ac926 100644 --- a/apps/schematic/api/pyproject.toml +++ b/apps/schematic/api/pyproject.toml @@ -18,6 +18,7 @@ schematicpy = "23.12.1" # This is to avoid deprecationWarnings # See https://sagebionetworks.jira.com/browse/FDS-1324 jsonschema = ">=4.0.0 <4.10.0" +environs = "^11.0.0" [tool.poetry.group.dev.dependencies] black = "23.7.0" From 36f0ae2bf326c6589c77b45641c5a1c465efa23b Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 16:28:55 +0000 Subject: [PATCH 20/42] modify entrypoint to handle certificate and private key; also add debugging script --- apps/schematic/api/Dockerfile | 22 ++++-- apps/schematic/api/debug.py | 76 +++++++++++++++++++ apps/schematic/api/prepare_key_certificate.py | 60 +++++++++++++++ apps/schematic/api/save_key_certificate.py | 20 +++++ apps/schematic/api/uwsgi-nginx-entrypoint.sh | 56 ++++++++++++++ 5 files changed, 229 insertions(+), 5 deletions(-) create mode 100644 apps/schematic/api/debug.py create mode 100644 apps/schematic/api/prepare_key_certificate.py create mode 100644 apps/schematic/api/save_key_certificate.py create mode 100644 apps/schematic/api/uwsgi-nginx-entrypoint.sh diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index ee1aeb1e94..b3ae157df8 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -26,11 +26,8 @@ RUN apt update \ && apt-get -y autoclean \ && apt-get -y autoremove \ && rm -rf /var/lib/apt/lists/* \ - apt-get install openssl && \ - openssl req -x509 -nodes -days 365 \ - -subj "/C=CA/ST=QC/O=Company" \ - -newkey rsa:2048 -keyout /etc/ssl/private/localhost.key \ - -out /etc/ssl/certs/localhost.crt; + && apt-get update \ + && apt-get install -y openssl jq # add dhparam.pem # dhparam.pem was used in ssl-params.conf @@ -64,7 +61,22 @@ RUN echo "This is a test file." > /root/.synapseCache/test.txt # temporary here until we move .synapseCache to a different path RUN chmod -R 777 /root /app +# Modify entrypoint script to allow private certificate to be saved +WORKDIR ${ROOT} +COPY ./uwsgi-nginx-entrypoint.sh ./entrypoint2.sh +COPY ./uwsgi-nginx-entrypoint.sh ./uwsgi-nginx-entrypoint2.sh +COPY ./save_key_certificate.py ./save_key_certificate.py +RUN chmod +x uwsgi-nginx-entrypoint2.sh +RUN chmod +x entrypoint2.sh +RUN chown -R nginx /uwsgi-nginx-entrypoint2.sh +RUN chown -R nginx /entrypoint2.sh + WORKDIR ${APP_DIR} +# specify entrypoint again to generate config +# have to respecify CMD too +ENTRYPOINT ["/entrypoint2.sh"] +CMD ["/start.sh"] + # Expose ports EXPOSE 7443 \ No newline at end of file diff --git a/apps/schematic/api/debug.py b/apps/schematic/api/debug.py new file mode 100644 index 0000000000..1425b422b7 --- /dev/null +++ b/apps/schematic/api/debug.py @@ -0,0 +1,76 @@ +from environs import Env +import subprocess +import json +import base64 +import os + +# Create an instance of Env +env = Env() + +# Load the .env file +env.read_env(path=".env") + +# Define key and certificate file path +test_private_key_file_path = "test_private_key.key" +test_certificate_key_file_path = "test_certificate.crt" + +# Access the variables +secret_manager_secrets = os.environ["SECRETS_MANAGER_SECRETS"] + +ssl_private_key = json.loads(secret_manager_secrets)["SSL_PRIVATE_KEY"] +ssl_certificate_key = json.loads(secret_manager_secrets)["SSL_CERTIFICATE"] + +# delete preivous results if necessary +if os.path.exists(test_private_key_file_path): + os.remove(test_private_key_file_path) +if os.path.exists(test_certificate_key_file_path): + os.remove(test_certificate_key_file_path) + +# make sure that key and certificate can be decoded in correct format +with open(test_private_key_file_path, "wb") as file: + decoded_private_key = base64.b64decode(ssl_private_key) + file.write(decoded_private_key) + +with open(test_certificate_key_file_path, "wb") as file: + decoded_ssl_certificate_key = base64.b64decode(ssl_certificate_key) + file.write(decoded_ssl_certificate_key) + + +# Make sure that certificate and key match each other +def get_md5_cert(file): + openssl_x509_command = ["openssl", "x509", "-noout", "-modulus", "-in", file] + openssl_md5_command = ["openssl", "md5"] + + x509_process = subprocess.Popen(openssl_x509_command, stdout=subprocess.PIPE) + md5_process = subprocess.Popen( + openssl_md5_command, stdin=x509_process.stdout, stdout=subprocess.PIPE + ) + + output, error = md5_process.communicate() + + if error: + print("error getting md5", error.decode("utf-8")) + + return output.decode("utf-8").strip() + + +def get_md5_private_key(file): + openssl_rsa_command = ["openssl", "rsa", "-noout", "-modulus", "-in", file] + openssl_md5_command = ["openssl", "md5"] + + rsa_process = subprocess.Popen(openssl_rsa_command, stdout=subprocess.PIPE) + md5_process = subprocess.Popen( + openssl_md5_command, stdin=rsa_process.stdout, stdout=subprocess.PIPE + ) + + output, error = md5_process.communicate() + + if error: + print(error.decode("utf-8")) + return output.decode("utf-8").strip() + + +md5_key = get_md5_private_key(test_private_key_file_path) +md5_cert = get_md5_cert(test_certificate_key_file_path) + +assert md5_key == md5_cert diff --git a/apps/schematic/api/prepare_key_certificate.py b/apps/schematic/api/prepare_key_certificate.py new file mode 100644 index 0000000000..316a4e53c1 --- /dev/null +++ b/apps/schematic/api/prepare_key_certificate.py @@ -0,0 +1,60 @@ +import base64 +import json +import subprocess + + +# Define the paths to your SSL certificate and key +cert_file_path = "private_localhost_certificate.crt" +key_file_path = "private_localhost.key" +env_file_path = ".env" # Path to your .env file + +# Define the OpenSSL command +openssl_command = [ + "openssl", + "req", + "-x509", + "-nodes", + "-days", + "365", + "-subj", + "/C=US/ST=WA/O=SAGE", + "-newkey", + "rsa:2048", + "-keyout", + key_file_path, + "-out", + cert_file_path, +] + +# Run the OpenSSL command +try: + subprocess.run(openssl_command, check=True) + print("SSL certificate and key generated successfully.") +except subprocess.CalledProcessError as e: + print(f"Error generating SSL certificate and key: {e}") + + +# Function to read a file and encode its contents to Base64 +# Certificate has to be in base64 format otherwise can't be parse properly as environment variables +def encode_file_to_base64(file_path): + with open(file_path, "rb") as file: + return base64.b64encode(file.read()).decode("utf-8") + + +# Encode the SSL certificate and key +ssl_certificate_base64 = encode_file_to_base64(cert_file_path) +ssl_private_key_base64 = encode_file_to_base64(key_file_path) + +# Combine into a JSON object +ssl_config_json = json.dumps( + { + "SSL_CERTIFICATE": ssl_certificate_base64, + "SSL_PRIVATE_KEY": ssl_private_key_base64, + } +) + +# Append to .env file +with open(env_file_path, "a") as env_file: + env_file.write(f"SECRETS_MANAGER_SECRETS={ssl_config_json}\n") + +print("SSL certificate and key have been encoded and appended to the .env file.") diff --git a/apps/schematic/api/save_key_certificate.py b/apps/schematic/api/save_key_certificate.py new file mode 100644 index 0000000000..1b88809362 --- /dev/null +++ b/apps/schematic/api/save_key_certificate.py @@ -0,0 +1,20 @@ +import os +import base64 +import json + +secret_manager_secrets = os.environ["SECRETS_MANAGER_SECRETS"] + +ssl_private_key = json.loads(secret_manager_secrets)["SSL_PRIVATE_KEY"] +ssl_certificate_key = json.loads(secret_manager_secrets)["SSL_CERTIFICATE"] + +# save the key and certificate as files +test_private_key_file_path = "/etc/ssl/private/localhost.key" +test_certificate_key_file_path = "/etc/ssl/certs/localhost.crt" + +with open(test_private_key_file_path, "wb") as file: + decoded_private_key = base64.b64decode(ssl_private_key) + file.write(decoded_private_key) + +with open(test_certificate_key_file_path, "wb") as file: + decoded_ssl_certificate_key = base64.b64decode(ssl_certificate_key) + file.write(decoded_ssl_certificate_key) diff --git a/apps/schematic/api/uwsgi-nginx-entrypoint.sh b/apps/schematic/api/uwsgi-nginx-entrypoint.sh new file mode 100644 index 0000000000..c3552119ed --- /dev/null +++ b/apps/schematic/api/uwsgi-nginx-entrypoint.sh @@ -0,0 +1,56 @@ +#! /usr/bin/env sh +set -e + +echo "Value of MY_VARIABLE is: $SECRETS_MANAGER_SECRETS" + +/uwsgi-nginx-entrypoint.sh + +# save private key and certificate from environment variable +if [ -n "$SECRETS_MANAGER_SECRETS" ]; then + python3 /save_key_certificate.py + + # Ensure the private key file is securely accessible + chmod 600 /etc/ssl/private/localhost.key +fi + +# Get the URL for static files from the environment variable +USE_STATIC_URL=${STATIC_URL:-'/static'} +# Get the absolute path of the static files from the environment variable +USE_STATIC_PATH=${STATIC_PATH:-'/app/static'} +# Get the listen port for Nginx, default to 80 +USE_LISTEN_PORT=${LISTEN_PORT:-80} + +if [ -f /app/nginx.conf ]; then + cp /app/nginx.conf /etc/nginx/nginx.conf +else + content_server='server {\n' + content_server=$content_server" listen ${USE_LISTEN_PORT};\n" + content_server=$content_server' location / {\n' + content_server=$content_server' try_files $uri @app;\n' + content_server=$content_server' }\n' + content_server=$content_server' location @app {\n' + content_server=$content_server' include uwsgi_params;\n' + content_server=$content_server' uwsgi_pass unix:///tmp/uwsgi.sock;\n' + content_server=$content_server' }\n' + content_server=$content_server" location $USE_STATIC_URL {\n" + content_server=$content_server" alias $USE_STATIC_PATH;\n" + content_server=$content_server' }\n' + # If STATIC_INDEX is 1, serve / with /static/index.html directly (or the static URL configured) + if [ "$STATIC_INDEX" = 1 ] ; then + content_server=$content_server' location = / {\n' + content_server=$content_server" index $USE_STATIC_URL/index.html;\n" + content_server=$content_server' }\n' + fi + content_server=$content_server'}\n' + # Save generated server /etc/nginx/conf.d/nginx.conf + printf "$content_server" > /etc/nginx/conf.d/nginx.conf +fi + +# For Alpine: +# Explicitly add installed Python packages and uWSGI Python packages to PYTHONPATH +# Otherwise uWSGI can't import Flask +if [ -n "$ALPINEPYTHON" ] ; then + export PYTHONPATH=$PYTHONPATH:/usr/local/lib/$ALPINEPYTHON/site-packages:/usr/lib/$ALPINEPYTHON/site-packages +fi + +exec "$@" \ No newline at end of file From 74ec3c17ee8438ccec27a196396ab182df1b89cc Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 19:09:23 +0000 Subject: [PATCH 21/42] publish docker image one time --- .github/workflows/build-devcontainer-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index bd703b3a3c..95da5cac60 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -2,7 +2,7 @@ name: Build Dev Container Image on: push: branches: - - 'main' + - 'develop-nginx-schematic-new' paths: - '.github/workflows/build-devcontainer-image.yml' - 'tools/devcontainers/sage/**/devcontainer.json' @@ -15,7 +15,7 @@ on: env: IMAGE_REPOSITORY: ghcr.io/sage-bionetworks/sage-devcontainer - DEFAULT_BRANCH: main + DEFAULT_BRANCH: develop-nginx-schematic-new jobs: devcontainer: From 5ac4f3db8b4c78925aba33b7a1b071fbf7587aa9 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 19:13:00 +0000 Subject: [PATCH 22/42] try publish image --- .github/workflows/build-devcontainer-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index 95da5cac60..43859d936d 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -2,7 +2,7 @@ name: Build Dev Container Image on: push: branches: - - 'develop-nginx-schematic-new' + - 'linglp:develop-nginx-schematic-new' paths: - '.github/workflows/build-devcontainer-image.yml' - 'tools/devcontainers/sage/**/devcontainer.json' @@ -15,7 +15,7 @@ on: env: IMAGE_REPOSITORY: ghcr.io/sage-bionetworks/sage-devcontainer - DEFAULT_BRANCH: develop-nginx-schematic-new + DEFAULT_BRANCH: linglp:develop-nginx-schematic-new jobs: devcontainer: From 5f255773f13a8193bfd56aa33e05b294a7e8902b Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 19:15:54 +0000 Subject: [PATCH 23/42] workflow dispatch --- .github/workflows/build-devcontainer-image.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index 43859d936d..bb3964e43b 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -2,7 +2,7 @@ name: Build Dev Container Image on: push: branches: - - 'linglp:develop-nginx-schematic-new' + - 'main' paths: - '.github/workflows/build-devcontainer-image.yml' - 'tools/devcontainers/sage/**/devcontainer.json' @@ -12,10 +12,11 @@ on: - '.github/workflows/build-devcontainer-image.yml' - 'tools/devcontainers/sage/**/devcontainer.json' - 'tools/devcontainers/sage/**/Dockerfile' + workflow_dispatch: env: IMAGE_REPOSITORY: ghcr.io/sage-bionetworks/sage-devcontainer - DEFAULT_BRANCH: linglp:develop-nginx-schematic-new + DEFAULT_BRANCH: main jobs: devcontainer: From b2e798874ced776a1ca921f0c52448613555b92a Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 19:25:29 +0000 Subject: [PATCH 24/42] try trigger docker build again --- .github/workflows/build-devcontainer-image.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index bb3964e43b..e444fbe691 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -2,11 +2,12 @@ name: Build Dev Container Image on: push: branches: + - 'develop-nginx-schematic-new' - 'main' - paths: - - '.github/workflows/build-devcontainer-image.yml' - - 'tools/devcontainers/sage/**/devcontainer.json' - - 'tools/devcontainers/sage/**/Dockerfile' + # paths: + # - '.github/workflows/build-devcontainer-image.yml' + # - 'tools/devcontainers/sage/**/devcontainer.json' + # - 'tools/devcontainers/sage/**/Dockerfile' pull_request: paths: - '.github/workflows/build-devcontainer-image.yml' @@ -16,7 +17,8 @@ on: env: IMAGE_REPOSITORY: ghcr.io/sage-bionetworks/sage-devcontainer - DEFAULT_BRANCH: main + DEFAULT_BRANCH: develop-nginx-schematic-new + # DEFAULT_BRANCH: main jobs: devcontainer: From bb1e8ebf71d45e55c006b1ca8848728d930b0740 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 19:37:21 +0000 Subject: [PATCH 25/42] trigger again --- .github/workflows/build-devcontainer-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index e444fbe691..bc5205c223 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -2,7 +2,7 @@ name: Build Dev Container Image on: push: branches: - - 'develop-nginx-schematic-new' + - 'linglp:develop-nginx-schematic-new' - 'main' # paths: # - '.github/workflows/build-devcontainer-image.yml' @@ -17,7 +17,7 @@ on: env: IMAGE_REPOSITORY: ghcr.io/sage-bionetworks/sage-devcontainer - DEFAULT_BRANCH: develop-nginx-schematic-new + DEFAULT_BRANCH: linglp:develop-nginx-schematic-new # DEFAULT_BRANCH: main jobs: From 0e300c0ca3659ea1b3a7ba2a2f22f1ac8cc0841c Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 19:53:05 +0000 Subject: [PATCH 26/42] add one time workflow --- .github/workflows/one-time-workflow.yml | 57 +++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/one-time-workflow.yml diff --git a/.github/workflows/one-time-workflow.yml b/.github/workflows/one-time-workflow.yml new file mode 100644 index 0000000000..50596b7db0 --- /dev/null +++ b/.github/workflows/one-time-workflow.yml @@ -0,0 +1,57 @@ +# Taken from https://github.com/Sage-Bionetworks/data_curator/blob/schematic-rest-api/.github/workflows/docker_build.yml +# Workflow derived from https://github.com/r-lib/actions/tree/master/examples +# Need help debugging build failures? Start at https://github.com/r-lib/actions#where-to-find-help + +name: Create and publish a Docker image + +on: + push: + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + - 'v[0-9]+.[0-9]+.[0-9]+-[A-Za-z0-9]+' + +env: + REGISTRY: ghcr.io + IMAGE_PATH: ghcr.io/${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Set env variable for version tag + run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV + + - name: Log in to the Container registry + uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + with: + images: ${{ env.IMAGE_PATH }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{raw}} + + - name: Build and push Docker image + uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc + with: + file: schematic_api/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + TAG=${{ env.RELEASE_VERSION }} + \ No newline at end of file From b6a320b6640a223fae744247964b5e5c2318d083 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 6 Mar 2024 19:55:38 +0000 Subject: [PATCH 27/42] remove one time workflow --- .github/workflows/one-time-workflow.yml | 57 ------------------------- 1 file changed, 57 deletions(-) delete mode 100644 .github/workflows/one-time-workflow.yml diff --git a/.github/workflows/one-time-workflow.yml b/.github/workflows/one-time-workflow.yml deleted file mode 100644 index 50596b7db0..0000000000 --- a/.github/workflows/one-time-workflow.yml +++ /dev/null @@ -1,57 +0,0 @@ -# Taken from https://github.com/Sage-Bionetworks/data_curator/blob/schematic-rest-api/.github/workflows/docker_build.yml -# Workflow derived from https://github.com/r-lib/actions/tree/master/examples -# Need help debugging build failures? Start at https://github.com/r-lib/actions#where-to-find-help - -name: Create and publish a Docker image - -on: - push: - tags: - - 'v[0-9]+.[0-9]+.[0-9]+' - - 'v[0-9]+.[0-9]+.[0-9]+-[A-Za-z0-9]+' - -env: - REGISTRY: ghcr.io - IMAGE_PATH: ghcr.io/${{ github.repository }} - -jobs: - build-and-push-image: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Set env variable for version tag - run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV - - - name: Log in to the Container registry - uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 - with: - images: ${{ env.IMAGE_PATH }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{raw}} - - - name: Build and push Docker image - uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc - with: - file: schematic_api/Dockerfile - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - TAG=${{ env.RELEASE_VERSION }} - \ No newline at end of file From 0900cb90d131fefa17777335fd5be02f5c3bd10c Mon Sep 17 00:00:00 2001 From: linglp Date: Thu, 7 Mar 2024 16:55:22 +0000 Subject: [PATCH 28/42] remove echo --- apps/schematic/api/uwsgi-nginx-entrypoint.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/apps/schematic/api/uwsgi-nginx-entrypoint.sh b/apps/schematic/api/uwsgi-nginx-entrypoint.sh index c3552119ed..8b42bf1016 100644 --- a/apps/schematic/api/uwsgi-nginx-entrypoint.sh +++ b/apps/schematic/api/uwsgi-nginx-entrypoint.sh @@ -1,8 +1,5 @@ #! /usr/bin/env sh set -e - -echo "Value of MY_VARIABLE is: $SECRETS_MANAGER_SECRETS" - /uwsgi-nginx-entrypoint.sh # save private key and certificate from environment variable From e873bb69cfad0fcf225bddccc05f3f8ee406ee19 Mon Sep 17 00:00:00 2001 From: linglp Date: Fri, 8 Mar 2024 16:44:22 +0000 Subject: [PATCH 29/42] update port number --- .devcontainer/devcontainer.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 89e24e785a..63cadc5a93 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -65,7 +65,7 @@ } }, "forwardPorts": [ - 2432, 3000, 3306, 4200, 4211, 5017, 5200, 5432, 5601, 7010, 7080, 7200, 7888, 8010, 8071, 8000, + 2432, 3000, 3306, 4200, 4211, 5017, 5200, 5432, 5601, 7010, 7443, 7200, 7888, 8010, 8071, 8000, 8080, 8081, 8082, 8083, 8084, 8085, 8086, 8090, 8091, 8092, 8200, 8787, 8888, 8889, 9090, 9104, 9200, 9411, 27017 ], @@ -114,7 +114,7 @@ "label": "schematic-api-docs", "onAutoForward": "silent" }, - "7080": { + "7443": { "label": "schematic-api", "onAutoForward": "silent" }, From cfca2ccc7a414276e90e8d3eff17ff94d564484d Mon Sep 17 00:00:00 2001 From: linglp Date: Fri, 8 Mar 2024 16:45:28 +0000 Subject: [PATCH 30/42] add maintainer names --- apps/schematic/api/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index b3ae157df8..692aaee5d9 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -1,7 +1,7 @@ FROM tiangolo/uwsgi-nginx-flask:python3.10 # add label -LABEL maintainer="Milen Nikolov, Andrew Lamb, Mialy DeFelice, Gianna Jordan, Lingling Peng" +LABEL maintainer="Milen Nikolov , Andrew Lamb , Mialy DeFelice , Gianna Jordan , Lingling Peng " # the environment variables defined here are the default # and can be overwritten by docker run -e VARIABLE = XX @@ -61,7 +61,7 @@ RUN echo "This is a test file." > /root/.synapseCache/test.txt # temporary here until we move .synapseCache to a different path RUN chmod -R 777 /root /app -# Modify entrypoint script to allow private certificate to be saved +# Modify entrypoint script to allow SSL private key and certificate to be saved WORKDIR ${ROOT} COPY ./uwsgi-nginx-entrypoint.sh ./entrypoint2.sh COPY ./uwsgi-nginx-entrypoint.sh ./uwsgi-nginx-entrypoint2.sh From 00a7f95e0f7b93382ddf5581d9f171de180992fd Mon Sep 17 00:00:00 2001 From: linglp Date: Fri, 8 Mar 2024 17:45:58 +0000 Subject: [PATCH 31/42] revert changes --- .github/workflows/build-devcontainer-image.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index bc5205c223..2280ea94a2 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -4,10 +4,10 @@ on: branches: - 'linglp:develop-nginx-schematic-new' - 'main' - # paths: - # - '.github/workflows/build-devcontainer-image.yml' - # - 'tools/devcontainers/sage/**/devcontainer.json' - # - 'tools/devcontainers/sage/**/Dockerfile' + paths: + - '.github/workflows/build-devcontainer-image.yml' + - 'tools/devcontainers/sage/**/devcontainer.json' + - 'tools/devcontainers/sage/**/Dockerfile' pull_request: paths: - '.github/workflows/build-devcontainer-image.yml' @@ -18,7 +18,7 @@ on: env: IMAGE_REPOSITORY: ghcr.io/sage-bionetworks/sage-devcontainer DEFAULT_BRANCH: linglp:develop-nginx-schematic-new - # DEFAULT_BRANCH: main + DEFAULT_BRANCH: main jobs: devcontainer: From 63af81a53873a736ae59b84ca0d0ab4ebcc809db Mon Sep 17 00:00:00 2001 From: linglp Date: Fri, 8 Mar 2024 17:47:59 +0000 Subject: [PATCH 32/42] revert change --- .github/workflows/build-devcontainer-image.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index 2280ea94a2..bb3964e43b 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -2,7 +2,6 @@ name: Build Dev Container Image on: push: branches: - - 'linglp:develop-nginx-schematic-new' - 'main' paths: - '.github/workflows/build-devcontainer-image.yml' @@ -17,7 +16,6 @@ on: env: IMAGE_REPOSITORY: ghcr.io/sage-bionetworks/sage-devcontainer - DEFAULT_BRANCH: linglp:develop-nginx-schematic-new DEFAULT_BRANCH: main jobs: From 007c5c43c2bb9cd8b34c40ea33666156ec39a323 Mon Sep 17 00:00:00 2001 From: linglp Date: Fri, 8 Mar 2024 17:50:25 +0000 Subject: [PATCH 33/42] revert adding workflow dispatch --- .github/workflows/build-devcontainer-image.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index bb3964e43b..bd703b3a3c 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -12,7 +12,6 @@ on: - '.github/workflows/build-devcontainer-image.yml' - 'tools/devcontainers/sage/**/devcontainer.json' - 'tools/devcontainers/sage/**/Dockerfile' - workflow_dispatch: env: IMAGE_REPOSITORY: ghcr.io/sage-bionetworks/sage-devcontainer From 812722ee16311d2e63d021606c035ff298dd5e8d Mon Sep 17 00:00:00 2001 From: linglp Date: Mon, 11 Mar 2024 15:35:25 +0000 Subject: [PATCH 34/42] modify authors --- apps/schematic/api/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index 692aaee5d9..b8e63202cd 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -1,7 +1,7 @@ FROM tiangolo/uwsgi-nginx-flask:python3.10 # add label -LABEL maintainer="Milen Nikolov , Andrew Lamb , Mialy DeFelice , Gianna Jordan , Lingling Peng " +LABEL org.opencontainers.image.authors='Milen Nikolov , Andrew Lamb , Mialy DeFelice , Gianna Jordan , Lingling Peng ' # the environment variables defined here are the default # and can be overwritten by docker run -e VARIABLE = XX From fe0ca577463db2acd2eed2b18b2d5fc879217ae0 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Mar 2024 19:43:15 +0000 Subject: [PATCH 35/42] update poetry lock file and also port number --- apps/schematic/api/poetry.lock | 2 +- docker/schematic/services/api.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/schematic/api/poetry.lock b/apps/schematic/api/poetry.lock index 6c08b8d0e6..cc770acba5 100644 --- a/apps/schematic/api/poetry.lock +++ b/apps/schematic/api/poetry.lock @@ -4574,4 +4574,4 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p [metadata] lock-version = "2.0" python-versions = "3.10.13" -content-hash = "85ba3925db5b8a24cdbf77f036d68e9ee0613258ea44f7374ba58b8472fd2ee0" +content-hash = "6363b8509c424e4d21e1529d5a8115101f3cbc03b5790240b683172e7da48b64" diff --git a/docker/schematic/services/api.yml b/docker/schematic/services/api.yml index b2896019c4..b00b23d56f 100644 --- a/docker/schematic/services/api.yml +++ b/docker/schematic/services/api.yml @@ -10,7 +10,7 @@ services: networks: - schematic ports: - - '7080:7080' + - '7443:7443' # depends_on: # openchallenges-config-server: # condition: service_healthy From 49b10646f7b6850a81913c464ad27aa88491e1d2 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Mar 2024 21:36:05 +0000 Subject: [PATCH 36/42] add dhparam.pem --- apps/schematic/api/Dockerfile | 2 +- apps/schematic/api/dhparam.pem | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 apps/schematic/api/dhparam.pem diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index b8e63202cd..2237b2f355 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -31,7 +31,7 @@ RUN apt update \ # add dhparam.pem # dhparam.pem was used in ssl-params.conf -RUN openssl dhparam -out /etc/ssl/dhparam.pem 4096 +COPY ./dhparam.pem /etc/ssl/dhparam.pem # copy all nginx config files WORKDIR ${NGINX_CONFIG} diff --git a/apps/schematic/api/dhparam.pem b/apps/schematic/api/dhparam.pem new file mode 100644 index 0000000000..71901dec86 --- /dev/null +++ b/apps/schematic/api/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEAwzcUARDhjqW74+OsC8quGIJhkuL60o9GHuR3feEOky1cY1D/Qm0I +s32FFsm5PutkJ6ZUFf86Uae+ARrQlsidsryHF+bHZpIBe12h/4pcQhH9ghdmHcq6 +lqJiD55Gb+uzqe/rmOCInEjl7WXxLvYDzndRbP9gY7I5tVQCdfMTYm7ZYK+Xt53X +ufIkwwkxj3qXimFIEeTJEqK837u7VM9Q5H+nZR+W/lAw8IvYp3wH3IrOmBflWBi/ +AaHCemd+gwaS8nZFrNSWffOd9Gg+tuFehlnCSMb4FudEbLk+AyvDAq1RMI1bH1SO ++go/i/iX3u616eXi83/U7JUMNj655Iyoc5F02GlDjyvRRauV50S4nIB7t/mxgGEZ +B7C1wce23PwhsRLxsT5xlti7T3QWgvO0w/P+jnCvwfyu9jUzP87qozAYAV8jCMzx +Henya27o3Qewhr6IuMm7tqo5Bz28AJMm+/DL+XQfF4ceP4XzA4OJVKfQzDKXh4PI +BSw8qY85esWJ3yQjwITygdOMHIxRVQA7Et7kKee3D3iDKeHdRu1m4hLtqRbHesrc +QMdhbZBW6WwYQPeqDhkYKBFbAFrrQHkNAOsduq6/OpWoOuu4yL4K4Sfkd8wQ/3At +e6lfZimHDEHlCIfKM3+MS91zkeOHlBVFVI+H2LiBk6tVcPm1hSK9c+sCAQI= +-----END DH PARAMETERS----- From 9ad465b5f426eeb979821b6bd6f2dbd0654862b9 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Mar 2024 21:37:59 +0000 Subject: [PATCH 37/42] rename script --- apps/schematic/api/{debug.py => debug_key_cert.py} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename apps/schematic/api/{debug.py => debug_key_cert.py} (100%) diff --git a/apps/schematic/api/debug.py b/apps/schematic/api/debug_key_cert.py similarity index 100% rename from apps/schematic/api/debug.py rename to apps/schematic/api/debug_key_cert.py From eda99f2288b11a1d35bfbcf3989c71b94b40faab Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Mar 2024 22:03:35 +0000 Subject: [PATCH 38/42] update ReadMe --- apps/schematic/api/README.md | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/apps/schematic/api/README.md b/apps/schematic/api/README.md index e3f8116c2b..164cad65c4 100644 --- a/apps/schematic/api/README.md +++ b/apps/schematic/api/README.md @@ -11,29 +11,24 @@ This example uses the [Connexion](https://github.com/zalando/connexion) library Python 3.5.2+ ## Usage -To run the server, please execute the following from the root directory: - +To run the server, please execute the following from folder `apps/schematic/api`: ``` -pip3 install -r requirements.txt -python3 -m schematic_api +poetry shell ``` - -and open your browser to here: +To install dependencies: ``` -http://localhost:8080/v1/ui/ +poetry install ``` - -Your OpenAPI definition lives here: +And run schematic APIs: ``` -http://localhost:8080/v1/openapi.json +python3 -m schematic-api ``` +and open your browser to here: -To launch the integration tests, use tox: ``` -sudo pip install tox -tox +http://127.0.0.1:7080/api/v1/ui/ ``` ## Running with Docker @@ -41,9 +36,16 @@ tox To run the server on a Docker container, please execute the following from the root directory: ```bash +# Get the correct Python version +nx prepare schematic-api + +# You only need to run this command one time +# This step adds SSL private key and certificate as environment variable in .env file +python3 apps/schematic/api/prepare_key_certificate.py + # building the image -docker build -t schematic_api . +nx build-image schematic-api # starting up a container -docker run -p 8080:8080 schematic_api +nx serve-detach schematic-api ``` \ No newline at end of file From b6986457d0ea68ce3e0150ff85b4f64ae3545fd4 Mon Sep 17 00:00:00 2001 From: linglp Date: Wed, 13 Mar 2024 22:12:58 +0000 Subject: [PATCH 39/42] change copy statement --- apps/schematic/api/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index 2237b2f355..a10eb476f6 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -31,7 +31,7 @@ RUN apt update \ # add dhparam.pem # dhparam.pem was used in ssl-params.conf -COPY ./dhparam.pem /etc/ssl/dhparam.pem +COPY dhparam.pem /etc/ssl/dhparam.pem # copy all nginx config files WORKDIR ${NGINX_CONFIG} From 397553c22ef3568283951c8211449f271b053324 Mon Sep 17 00:00:00 2001 From: linglp Date: Thu, 14 Mar 2024 15:26:02 +0000 Subject: [PATCH 40/42] update documentation --- apps/schematic/api/README.md | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/apps/schematic/api/README.md b/apps/schematic/api/README.md index 164cad65c4..2260bc1dd3 100644 --- a/apps/schematic/api/README.md +++ b/apps/schematic/api/README.md @@ -1,16 +1,6 @@ -# OpenAPI generated server +# Run Schematic APIs -## Overview -This server was generated by the [OpenAPI Generator](https://openapi-generator.tech) project. By using the -[OpenAPI-Spec](https://openapis.org) from a remote server, you can easily generate a server stub. This -is an example of building a OpenAPI-enabled Flask server. - -This example uses the [Connexion](https://github.com/zalando/connexion) library on top of Flask. - -## Requirements -Python 3.5.2+ - -## Usage +## Running without Docker To run the server, please execute the following from folder `apps/schematic/api`: ``` poetry shell @@ -36,7 +26,7 @@ http://127.0.0.1:7080/api/v1/ui/ To run the server on a Docker container, please execute the following from the root directory: ```bash -# Get the correct Python version +# Prepare the development environment of the project with nx prepare schematic-api. This will create a venv and install all the Python dependencies. nx prepare schematic-api # You only need to run this command one time @@ -46,6 +36,11 @@ python3 apps/schematic/api/prepare_key_certificate.py # building the image nx build-image schematic-api -# starting up a container +# Start the containerized REST API with: nx serve-detach schematic-api -``` \ No newline at end of file +``` +You could open your browser here: +``` +https://localhost:7443/api/v1/ui/ +``` +Note: When the OpenAPI description has changed, regenerate the REST API with nx run schematic-api:generate \ No newline at end of file From fbbb74b92aa5934048d07e9eafe66200e4a41a20 Mon Sep 17 00:00:00 2001 From: linglp Date: Thu, 14 Mar 2024 15:48:22 +0000 Subject: [PATCH 41/42] consolidate statements in dockerfile --- apps/schematic/api/Dockerfile | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/apps/schematic/api/Dockerfile b/apps/schematic/api/Dockerfile index a10eb476f6..5877b90159 100644 --- a/apps/schematic/api/Dockerfile +++ b/apps/schematic/api/Dockerfile @@ -38,15 +38,13 @@ WORKDIR ${NGINX_CONFIG} COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf ./ # copy to use custom uwsgi.ini -WORKDIR /app -COPY ./uwsgi.ini ./ +COPY uwsgi.ini /app/uwsgi.ini # copy files relevant for schematic apis -WORKDIR /app/app -COPY schematic_api ./schematic_api -COPY pyproject.toml poetry.lock ./ +COPY schematic_api pyproject.toml poetry.lock /app/app/ # install dependencies +WORKDIR /app/app RUN pip install poetry \ && poetry config --local virtualenvs.create false \ && poetry run pip install "cython<3.0.0" \ @@ -54,8 +52,8 @@ RUN pip install poetry \ && poetry install --with prod --no-root --no-interaction --no-ansi # Update file permission -RUN mkdir /root/.synapseCache -RUN mkdir /app/app/manifests +RUN mkdir /root/.synapseCache /app/app/manifests + # temporary here to ensure .synapseCache is not empty RUN echo "This is a test file." > /root/.synapseCache/test.txt # temporary here until we move .synapseCache to a different path @@ -66,6 +64,7 @@ WORKDIR ${ROOT} COPY ./uwsgi-nginx-entrypoint.sh ./entrypoint2.sh COPY ./uwsgi-nginx-entrypoint.sh ./uwsgi-nginx-entrypoint2.sh COPY ./save_key_certificate.py ./save_key_certificate.py + RUN chmod +x uwsgi-nginx-entrypoint2.sh RUN chmod +x entrypoint2.sh RUN chown -R nginx /uwsgi-nginx-entrypoint2.sh From 766e233d74109887dd07efa8f6128e32276f0884 Mon Sep 17 00:00:00 2001 From: linglp Date: Thu, 14 Mar 2024 15:52:22 +0000 Subject: [PATCH 42/42] update doc --- apps/schematic/api/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/schematic/api/README.md b/apps/schematic/api/README.md index 2260bc1dd3..9aad77535c 100644 --- a/apps/schematic/api/README.md +++ b/apps/schematic/api/README.md @@ -43,4 +43,4 @@ You could open your browser here: ``` https://localhost:7443/api/v1/ui/ ``` -Note: When the OpenAPI description has changed, regenerate the REST API with nx run schematic-api:generate \ No newline at end of file +Note: When the OpenAPI description has changed, regenerate the REST API with nx run schematic-api:generate. Also, `dhparam.pem` was generated by using command: `RUN openssl dhparam -out dhparam.pem 4096`. If there's an issue with the `dhparam.pem` in the future, please re run the command. \ No newline at end of file