lukas/uis-cloud-computing
1
0
Fork 0
mirror of https://github.com/dat515-2025/Group-8.git synced 2026-03-22 15:12:08 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: lukas:e460f647b2d5d3135dfd4b1e1190e5c2827ad026
Branches Tags
lukas:main lukas:merge/core_simplificcation lukas:test_arm_build lukas:51-refactor-project-structure lukas:merge/update_workers lukas:merge/email_sender lukas:merge/prometheus_custom_metrics lukas:add_more_tests lukas:merge/prometheus_metrics lukas:merge/csas_scraping lukas:30-create-tests-and-set-up-a-github-pipeline lukas:merge/fix_react_oauth lukas:merge/frontend_basics lukas:merge/deployment_envs lukas:20-create-a-controller-layer-on-backend-side lukas:merge/database_backups lukas:merge/oauth lukas:merge/basic_database_structure lukas:11-update-deployment lukas:merge/cloudflare-deploy lukas:merge/pr_deploy_test lukas:merge/background-worker lukas:merge/refactor_migrations
...
compare: lukas:4c9879cebfa73e07f68db7adce58774a6df4942a
Branches Tags
lukas:main lukas:merge/core_simplificcation lukas:test_arm_build lukas:51-refactor-project-structure lukas:merge/update_workers lukas:merge/email_sender lukas:merge/prometheus_custom_metrics lukas:add_more_tests lukas:merge/prometheus_metrics lukas:merge/csas_scraping lukas:30-create-tests-and-set-up-a-github-pipeline lukas:merge/fix_react_oauth lukas:merge/frontend_basics lukas:merge/deployment_envs lukas:20-create-a-controller-layer-on-backend-side lukas:merge/database_backups lukas:merge/oauth lukas:merge/basic_database_structure lukas:11-update-deployment lukas:merge/cloudflare-deploy lukas:merge/pr_deploy_test lukas:merge/background-worker lukas:merge/refactor_migrations

17 Commits
e460f647b2 ... 4c9879cebf

Author SHA1 Message Date
ribardej
4c9879cebf fix(tests): finally fixed the test DB deployment :} 2025-10-29 20:04:50 +01:00
ribardej
d9c562f867 fix(tests): fixed testing DB deployment v9 :O 2025-10-29 20:01:21 +01:00
ribardej
dddca9d805 fix(tests): fixed testing DB deployment v8 :D 2025-10-29 19:57:20 +01:00
ribardej
483a859b4b fix(tests): fixed testing DB deployment v7 2025-10-29 19:53:26 +01:00
ribardej
7529c9b265 fix(tests): fixed testing DB deployment v6 2025-10-29 19:45:08 +01:00
ribardej
2ca8a3b576 Merge remote-tracking branch 'origin/main' into 33-frontend-looks-like-logged-in-even-after-token-expires 
# Conflicts:
#	.github/workflows/run-tests.yml
 2025-10-29 14:54:01 +01:00
ribardej
52f6bd6a53 fix(tests): fixed testing DB deployment v5 2025-10-29 14:43:26 +01:00
Lukáš Trkan
d8ea25943c feat(code): remove sentry debug endpoint 2025-10-29 14:32:25 +01:00
Lukáš Trkan
06dcccb321 fix(tests): add missing dependencies 2025-10-29 14:28:25 +01:00
Lukáš Trkan
e916a57e4e fix(tests): move requirements.txt 2025-10-29 14:25:18 +01:00
Lukáš Trkan
7d2e94e683 feat(database): add encryption key 2025-10-29 14:23:14 +01:00
ribardej
55f8e38376 fix(tests): fixed testing DB deployment v4 2025-10-29 14:20:20 +01:00
Lukáš Trkan
3348e0a035 feat(database): encrypt transactions data 2025-10-29 14:17:53 +01:00
ribardej
542b05d541 fix(tests): fixed testing DB deployment v3 2025-10-29 14:11:43 +01:00
ribardej
65957d78ec fix(tests): fixed testing DB deployment 2025-10-29 14:07:06 +01:00
ribardej
edb4dfd147 fix(tests): fixed testing DB deployment 2025-10-29 13:50:04 +01:00
ribardej
cf1d520a30 feat(tests): added testing DB 2025-10-29 13:42:01 +01:00
16 changed files with 117 additions and 159 deletions
Expand all files Collapse all files

23
.github/workflows/deploy-pr.yaml vendored
View File

@@ -12,25 +12,7 @@ jobs:
test: test:
name: Run Python Tests name: Run Python Tests
if: github.event.action != 'closed' if: github.event.action != 'closed'
runs-on: ubuntu-latest uses: ./.github/workflows/run-tests.yml
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Run tests with pytest
run: pytest
working-directory: ./7project/backend
build: build:
if: github.event.action != 'closed' if: github.event.action != 'closed'
@@ -118,7 +100,8 @@ jobs:
--set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \ --set frontend_domain_scheme="$FRONTEND_DOMAIN_SCHEME" \
--set image.digest="$DIGEST" \ --set image.digest="$DIGEST" \
--set-string rabbitmq.password="$RABBITMQ_PASSWORD" \ --set-string rabbitmq.password="$RABBITMQ_PASSWORD" \
--set-string database.password="$DB_PASSWORD" --set-string database.password="$DB_PASSWORD" \
--set-string database.encryptionSecret="$PR"
- name: Post preview URLs as PR comment - name: Post preview URLs as PR comment
uses: actions/github-script@v7 uses: actions/github-script@v7

22
.github/workflows/deploy-prod.yaml vendored
View File

@@ -23,26 +23,7 @@ concurrency:
jobs: jobs:
test: test:
name: Run Python Tests name: Run Python Tests
if: github.event.action != 'closed' uses: ./.github/workflows/run-tests.yml
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Run tests with pytest
run: pytest
working-directory: ./7project/backend
build: build:
name: Build and push image (reusable) name: Build and push image (reusable)
@@ -130,3 +111,4 @@ jobs:
--set-string oauth.csas.clientId="$CSAS_CLIENT_ID" \ --set-string oauth.csas.clientId="$CSAS_CLIENT_ID" \
--set-string oauth.csas.clientSecret="$CSAS_CLIENT_SECRET" \ --set-string oauth.csas.clientSecret="$CSAS_CLIENT_SECRET" \
--set-string sentry_dsn="$SENTRY_DSN" \ --set-string sentry_dsn="$SENTRY_DSN" \
--set-string database.encryptionSecret="${{ secrets.PROD_DB_ENCRYPTION_KEY }}"

66
.github/workflows/run-tests.yml vendored
View File

@@ -2,54 +2,60 @@ name: Run Python Tests
permissions: permissions:
contents: read contents: read
# -----------------
# --- Triggers ----
# -----------------
# This section defines when the workflow will run.
on: on:
# Run on every push to the 'main' branch workflow_call:
push:
branches: [ "main", "30-create-tests-and-set-up-a-github-pipeline" ]
# Also run on every pull request that targets the 'main' branch
pull_request:
branches: [ "main" ]
# -----------------
# ------ Jobs -----
# -----------------
# A workflow is made up of one or more jobs that can run in parallel or sequentially.
jobs: jobs:
# A descriptive name for your job
build-and-test: build-and-test:
# Specifies the virtual machine to run the job on. 'ubuntu-latest' is a common and cost-effective choice.
runs-on: ubuntu-latest runs-on: ubuntu-latest
# ----------------- services:
# ----- Steps ----- mariadb:
# ----------------- image: mariadb:11.4
# A sequence of tasks that will be executed as part of the job. env:
MARIADB_ROOT_PASSWORD: rootpw
MARIADB_DATABASE: group_project
MARIADB_USER: appuser
MARIADB_PASSWORD: apppass
ports:
- 3306:3306
options: >-
--health-cmd="mariadb-admin ping -h 127.0.0.1 -u root -prootpw --silent"
--health-interval=5s
--health-timeout=2s
--health-retries=20
env:
MARIADB_HOST: 127.0.0.1
MARIADB_PORT: "3306"
MARIADB_DB: group_project
MARIADB_USER: appuser
MARIADB_PASSWORD: apppass
steps: steps:
# Step 1: Check out your repository's code
# This action allows the workflow to access your code.
- name: Check out repository code - name: Check out repository code
uses: actions/checkout@v4 uses: actions/checkout@v4
# Step 2: Set up the Python environment
# This action installs a specific version of Python on the runner.
- name: Set up Python 3.11 - name: Set up Python 3.11
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with:
python-version: '3.11' # Use the Python version that matches your project python-version: '3.11'
- name: Add test dependencies to requirements
run: |
echo "pytest==8.4.2" >> ./7project/backend/requirements.txt
echo "pytest-asyncio==1.2.0" >> ./7project/backend/requirements.txt
# Step 3: Install project dependencies
# Runs shell commands to install the libraries listed in your requirements.txt.
- name: Install dependencies - name: Install dependencies
run: | run: |
python -m pip install --upgrade pip python -m pip install --upgrade pip
pip install -r requirements.txt pip install -r ./7project/backend/requirements.txt
- name: Run Alembic migrations
run: |
alembic upgrade head
working-directory: ./7project/backend
# Step 4: Run your tests!
# Executes the pytest command to run your test suite.
- name: Run tests with pytest - name: Run tests with pytest
run: pytest run: pytest
working-directory: ./7project/backend working-directory: ./7project/backend

3
7project/backend/alembic/env.py
View File

@@ -25,7 +25,8 @@ if not DATABASE_URL:
SYNC_DATABASE_URL = DATABASE_URL.replace("+asyncmy", "+pymysql") SYNC_DATABASE_URL = DATABASE_URL.replace("+asyncmy", "+pymysql")
ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost" host_env = os.getenv("MARIADB_HOST", "localhost")
ssl_enabled = host_env not in {"localhost", "127.0.0.1"}
connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {} connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}
def run_migrations_offline() -> None: def run_migrations_offline() -> None:

47
7project/backend/alembic/versions/2025_10_29_1326-46b9e702e83f_add_encrypted_type.py Normal file
View File

@@ -0,0 +1,47 @@
"""Add encrypted type
Revision ID: 46b9e702e83f
Revises: 1f2a3c4d5e6f
Create Date: 2025-10-29 13:26:24.568523
"""
from typing import Sequence, Union
import sqlalchemy_utils
from alembic import op
import sqlalchemy as sa
from sqlalchemy.dialects import mysql
# revision identifiers, used by Alembic.
revision: str = '46b9e702e83f'
down_revision: Union[str, Sequence[str], None] = '1f2a3c4d5e6f'
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None
def upgrade() -> None:
"""Upgrade schema."""
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column('transaction', 'amount',
existing_type=mysql.FLOAT(),
type_=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
existing_nullable=False)
op.alter_column('transaction', 'description',
existing_type=mysql.VARCHAR(length=255),
type_=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
existing_nullable=True)
# ### end Alembic commands ###
def downgrade() -> None:
"""Downgrade schema."""
# ### commands auto generated by Alembic - please adjust! ###
op.alter_column('transaction', 'description',
existing_type=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
type_=mysql.VARCHAR(length=255),
existing_nullable=True)
op.alter_column('transaction', 'amount',
existing_type=sqlalchemy_utils.types.encrypted.encrypted_type.EncryptedType(),
type_=mysql.FLOAT(),
existing_nullable=False)
# ### end Alembic commands ###

4
7project/backend/app/app.py
View File

@@ -124,10 +124,6 @@ async def root():
async def authenticated_route(user: User = Depends(current_active_verified_user)): async def authenticated_route(user: User = Depends(current_active_verified_user)):
return {"message": f"Hello {user.email}!"} return {"message": f"Hello {user.email}!"}
@fastApi.get("/sentry-debug")
async def trigger_error():
division_by_zero = 1 / 0
@fastApi.get("/debug/scrape/csas/all", tags=["debug"]) @fastApi.get("/debug/scrape/csas/all", tags=["debug"])
async def debug_scrape_csas_all(): async def debug_scrape_csas_all():

3
7project/backend/app/core/db.py
View File

@@ -19,7 +19,8 @@ from app.models.user import User
from app.models.transaction import Transaction from app.models.transaction import Transaction
from app.models.categories import Category from app.models.categories import Category
ssl_enabled = os.getenv("MARIADB_HOST", "localhost") != "localhost" host_env = os.getenv("MARIADB_HOST", "localhost")
ssl_enabled = host_env not in {"localhost", "127.0.0.1"}
connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {} connect_args = {"ssl": {"ssl": True}} if ssl_enabled else {}
engine = create_async_engine( engine = create_async_engine(

10
7project/backend/app/models/transaction.py
View File

@@ -1,15 +1,21 @@
import os
from fastapi_users_db_sqlalchemy import GUID from fastapi_users_db_sqlalchemy import GUID
from sqlalchemy import Column, Integer, String, Float, ForeignKey, Date, func from sqlalchemy import Column, Integer, String, Float, ForeignKey, Date, func
from sqlalchemy.orm import relationship from sqlalchemy.orm import relationship
from sqlalchemy_utils import EncryptedType
from sqlalchemy_utils.types.encrypted.encrypted_type import FernetEngine
from app.core.base import Base from app.core.base import Base
from app.models.categories import association_table from app.models.categories import association_table
SECRET_KEY = os.environ.get("DB_ENCRYPTION_KEY", "localdev")
class Transaction(Base): class Transaction(Base):
__tablename__ = "transaction" __tablename__ = "transaction"
id = Column(Integer, primary_key=True, autoincrement=True) id = Column(Integer, primary_key=True, autoincrement=True)
amount = Column(Float, nullable=False) amount = Column(EncryptedType(Float, SECRET_KEY, engine=FernetEngine), nullable=False)
description = Column(String(length=255), nullable=True) description = Column(EncryptedType(String(length=255), SECRET_KEY, engine=FernetEngine), nullable=True)
date = Column(Date, nullable=False, server_default=func.current_date()) date = Column(Date, nullable=False, server_default=func.current_date())
user_id = Column(GUID, ForeignKey("user.id"), nullable=False) user_id = Column(GUID, ForeignKey("user.id"), nullable=False)

1
7project/backend/requirements.txt
View File

@@ -54,6 +54,7 @@ sentry-sdk==2.42.0
six==1.17.0 six==1.17.0
sniffio==1.3.1 sniffio==1.3.1
SQLAlchemy==2.0.43 SQLAlchemy==2.0.43
SQLAlchemy-Utils==0.42.0
starlette==0.48.0 starlette==0.48.0
tomli==2.2.1 tomli==2.2.1
typing-inspection==0.4.1 typing-inspection==0.4.1

5
7project/backend/tests/test_integration_app.py
View File

@@ -14,11 +14,6 @@ def test_authenticated_route_requires_auth(client):
assert resp.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN) assert resp.status_code in (status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN)
def test_sentry_debug_raises_exception(client):
with pytest.raises(ZeroDivisionError):
client.get("/sentry-debug")
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_create_and_get_category(fastapi_app, test_user): async def test_create_and_get_category(fastapi_app, test_user):
# Use AsyncClient for async tests # Use AsyncClient for async tests

2
7project/backend/tests/test_unit_user_service.py
View File

@@ -19,7 +19,7 @@ def test_get_oauth_provider_known_unknown():
def test_get_jwt_strategy_lifetime(): def test_get_jwt_strategy_lifetime():
strategy = user_service.get_jwt_strategy() strategy = user_service.get_jwt_strategy()
assert strategy is not None assert strategy is not None
# Basic smoke check: strategy has a lifetime set to 3600 # Basic smoke check: strategy has a lifetime set to 604800
assert getattr(strategy, "lifetime_seconds", None) in (604800,) assert getattr(strategy, "lifetime_seconds", None) in (604800,)

5
7project/charts/myapp-chart/templates/app-deployment.yaml
View File

@@ -101,6 +101,11 @@ spec:
secretKeyRef: secretKeyRef:
name: prod name: prod
key: SENTRY_DSN key: SENTRY_DSN
- name: DB_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: prod
key: DB_ENCRYPTION_KEY
livenessProbe: livenessProbe:
httpGet: httpGet:
path: / path: /

1
7project/charts/myapp-chart/templates/prod.yaml
View File

@@ -18,3 +18,4 @@ stringData:
RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }} RABBITMQ_PASSWORD: {{ .Values.rabbitmq.password | default "" | quote }}
RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }} RABBITMQ_USERNAME: {{ .Values.rabbitmq.username | quote }}
SENTRY_DSN: {{ .Values.sentry_dsn | quote }} SENTRY_DSN: {{ .Values.sentry_dsn | quote }}
DB_ENCRYPTION_KEY: {{ required "Set .Values.database.encryptionSecret" .Values.database.encryptionSecret | quote }}

5
7project/charts/myapp-chart/templates/worker-deployment.yaml
View File

@@ -80,3 +80,8 @@ spec:
secretKeyRef: secretKeyRef:
name: prod name: prod
key: CSAS_CLIENT_SECRET key: CSAS_CLIENT_SECRET
- name: DB_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: prod
key: DB_ENCRYPTION_KEY

1
7project/charts/myapp-chart/values.yaml
View File

@@ -75,3 +75,4 @@ database:
userName: app-demo-user userName: app-demo-user
secretName: app-demo-database-secret secretName: app-demo-database-secret
password: "" password: ""
encryptionSecret: ""

72
requirements.txt
View File

@@ -1,72 +0,0 @@
aio-pika==9.5.6
aiormq==6.8.1
aiosqlite==0.21.0
alembic==1.16.5
amqp==5.3.1
annotated-types==0.7.0
anyio==4.11.0
argon2-cffi==23.1.0
argon2-cffi-bindings==25.1.0
asyncmy==0.2.9
bcrypt==4.3.0
billiard==4.2.2
celery==5.5.3
certifi==2025.10.5
cffi==2.0.0
click==8.1.8
click-didyoumean==0.3.1
click-plugins==1.1.1.2
click-repl==0.3.0
cryptography==46.0.1
dnspython==2.7.0
email_validator==2.2.0
exceptiongroup==1.3.0
fastapi==0.117.1
fastapi-users==14.0.1
fastapi-users-db-sqlalchemy==7.0.0
greenlet==3.2.4
h11==0.16.0
httpcore==1.0.9
httptools==0.6.4
httpx==0.28.1
httpx-oauth==0.16.1
idna==3.10
iniconfig==2.3.0
kombu==5.5.4
makefun==1.16.0
Mako==1.3.10
MarkupSafe==3.0.2
multidict==6.6.4
packaging==25.0
pamqp==3.3.0
pluggy==1.6.0
prompt_toolkit==3.0.52
propcache==0.3.2
pwdlib==0.2.1
pycparser==2.23
pydantic==2.11.9
pydantic_core==2.33.2
Pygments==2.19.2
PyJWT==2.10.1
PyMySQL==1.1.2
pytest==8.4.2
pytest-asyncio==1.2.0
python-dateutil==2.9.0.post0
python-dotenv==1.1.1
python-multipart==0.0.20
PyYAML==6.0.2
six==1.17.0
sniffio==1.3.1
SQLAlchemy==2.0.43
starlette==0.48.0
tomli==2.2.1
typing-inspection==0.4.1
typing_extensions==4.15.0
tzdata==2025.2
uvicorn==0.37.0
uvloop==0.21.0
vine==5.1.0
watchfiles==1.1.0
wcwidth==0.2.14
websockets==15.0.1
yarl==1.20.1