Skip to content

Commit

Permalink
Merge pull request #98 from lsst-sqre:tickets/DM-45563
Browse files Browse the repository at this point in the history
DM-45563: Get JupyterHub XSRF token from each redirect hop
  • Loading branch information
jonathansick authored Aug 2, 2024
2 parents 94f0cff + 13c7980 commit 7858d60
Show file tree
Hide file tree
Showing 17 changed files with 1,510 additions and 978 deletions.
17 changes: 10 additions & 7 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
name: CI

env:
# Current supported Python version. For applications, there is generally no
# reason to support multiple Python versions, so all actions are run with
# this version. Quote the version to avoid interpretation as a floating
# point number.
PYTHON_VERSION: "3.12"

"on":
merge_group: {}
pull_request: {}
Expand Down Expand Up @@ -28,7 +35,7 @@ jobs:
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
python-version: ${{ env.PYTHON_VERSION }}

- name: Run pre-commit
uses: pre-commit/action@v3.0.1
Expand All @@ -37,19 +44,15 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10

strategy:
matrix:
python:
- "3.12"

steps:
- uses: actions/checkout@v4

- name: Run tox
uses: lsst-sqre/run-tox@v1
with:
python-version: ${{ matrix.python }}
python-version: ${{ env.PYTHON_VERSION }}
tox-envs: "py,coverage-report,typing"
tox-requirements: requirements/tox.txt

build:
runs-on: ubuntu-latest
Expand Down
33 changes: 0 additions & 33 deletions .github/workflows/dependencies.yaml

This file was deleted.

12 changes: 10 additions & 2 deletions .github/workflows/docs.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
name: Docs

env:
# Current supported Python version. For applications, there is generally no
# reason to support multiple Python versions, so all actions are run with
# this version. Quote the version to avoid interpretation as a floating
# point number.
PYTHON_VERSION: "3.12"

"on":
push:
branches:
Expand All @@ -23,16 +30,17 @@ jobs:
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
python-version: ${{ env.PYTHON_VERSION }}

- name: Install graphviz and ImageMagick
run: sudo apt-get install graphviz imagemagick

- name: Run tox
uses: lsst-sqre/run-tox@v1
with:
python-version: "3.12"
python-version: ${{ env.PYTHON_VERSION }}
tox-envs: "docs"
tox-requirements: requirements/tox.txt

- name: Upload documentation
uses: lsst-sqre/ltd-upload@v1
Expand Down
35 changes: 21 additions & 14 deletions .github/workflows/periodic-ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,13 @@

name: Periodic CI

env:
# Current supported Python version. For applications, there is generally no
# reason to support multiple Python versions, so all actions are run with
# this version. Quote the version to avoid interpretation as a floating
# point number.
PYTHON_VERSION: "3.12"

"on":
schedule:
- cron: "0 12 * * 1"
Expand All @@ -15,32 +22,32 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 10

strategy:
matrix:
python:
- "3.12"

steps:
- uses: actions/checkout@v4

# Use the oldest supported version of Python to update dependencies,
# not the matrixed Python version, since this accurately reflects
# how dependencies should later be updated.
- name: Run neophile
uses: lsst-sqre/run-neophile@v1
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
mode: update
python-version: ${{ env.PYTHON_VERSION }}

- name: Update dependencies
run: |
pip install --upgrade uv
uv venv
source .venv/bin/activate
make update-deps
shell: bash

- name: Run tests in tox
uses: lsst-sqre/run-tox@v1
with:
python-version: ${{ matrix.python }}
python-version: ${{ env.PYTHON_VERSION }}
tox-envs: "lint,typing,py"
tox-requirements: requirements/tox.txt
use-cache: false

- name: Report status
if: always()
if: failure()
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
Expand Down
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ repos:
- id: trailing-whitespace

- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.5.5
rev: v0.5.6
hooks:
- id: ruff
args: [--fix, --exit-non-zero-on-fix]
Expand Down
14 changes: 14 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,20 @@

<!-- scriv-insert-here -->

<a id='changelog-0.12.1'></a>

## 0.12.1 (2024-08-02)

### Bug fixes

- When logging into JupyterHub, a Noteburst now looks for XRSF tokens from each redirect.

### Other changes

- Adopt `ruff-shared.toml` from https://github.com/lsst/templates
- Adopt uv for dependency management and resolution.
- Adopt explicit ASGITransport for setting up test HTTPX client.

<a id='changelog-0.12.0'></a>

## 0.12.0 (2024-05-15)
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
# - Runs a non-root user.
# - Sets up the entrypoint and port.

FROM python:3.12.2-slim-bullseye as base-image
FROM python:3.12.3-slim-bullseye as base-image

# Update system packages
COPY scripts/install-base-packages.sh .
Expand Down
62 changes: 38 additions & 24 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,34 +1,48 @@
# The dependencies need --allow-unsafe because kubernetes-asyncio and
# (transitively) pre-commit depends on setuptools, which is normally not
# allowed to appear in a hashed dependency file.
.PHONY: help
help:
@echo "Make targets for example"
@echo "make init - Set up dev environment"
@echo "make run - Start a local development instance"
@echo "make update - Update pinned dependencies and run make init"
@echo "make update-deps - Update pinned dependencies"
@echo "make update-deps-no-hashes - Pin dependencies without hashes"

.PHONY: init
init:
pip install --upgrade uv
uv pip install -r requirements/main.txt -r requirements/dev.txt \
-r requirements/tox.txt
uv pip install --editable .
rm -rf .tox
uv pip install --upgrade pre-commit
pre-commit install

.PHONY: run
run:
tox run -e run

.PHONY: update
update: update-deps init

.PHONY: update-deps
update-deps:
pip install --upgrade pip-tools pip setuptools
pip-compile --upgrade --resolver=backtracking --build-isolation \
--allow-unsafe --generate-hashes \
pip install --upgrade uv
uv pip install --upgrade pre-commit
pre-commit autoupdate
uv pip compile --upgrade --generate-hashes \
--output-file requirements/main.txt requirements/main.in
pip-compile --upgrade --resolver=backtracking --build-isolation \
--allow-unsafe --generate-hashes \
uv pip compile --upgrade --generate-hashes \
--output-file requirements/dev.txt requirements/dev.in
uv pip compile --upgrade --generate-hashes \
--output-file requirements/tox.txt requirements/tox.in

# Useful for testing against a Git version of Safir.
.PHONY: update-deps-no-hashes
update-deps-no-hashes:
pip install --upgrade pip-tools pip setuptools
pip-compile --upgrade --resolver=backtracking --build-isolation \
--allow-unsafe \
pip install --upgrade uv
uv pip compile --upgrade \
--output-file requirements/main.txt requirements/main.in
pip-compile --upgrade --resolver=backtracking --build-isolation \
--allow-unsafe \
uv pip compile --upgrade \
--output-file requirements/dev.txt requirements/dev.in

.PHONY: init
init:
pip install --editable .
pip install --upgrade -r requirements/main.txt -r requirements/dev.txt
rm -rf .tox
pip install --upgrade tox tox-docker
pre-commit install

.PHONY: update
update: update-deps init
uv pip compile --upgrade \
--output-file requirements/tox.txt requirements/tox.in
94 changes: 2 additions & 92 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -96,106 +96,16 @@ skip_fragments = "_template.md.jinja"
# Reference for settings: https://beta.ruff.rs/docs/settings/
# Reference for rules: https://beta.ruff.rs/docs/rules/
[tool.ruff]
exclude = [
"docs/**",
]
line-length = 79
target-version = "py312"

[tool.ruff.lint]
ignore = [
"ANN101", # self should not have a type annotation
"ANN102", # cls should not have a type annotation
"ANN401", # sometimes Any is the right type
"ARG001", # unused function arguments are often legitimate
"ARG002", # unused method arguments are often legitimate
"ARG005", # unused lambda arguments are often legitimate
"BLE001", # we want to catch and report Exception in background tasks
"C414", # nested sorted is how you sort by multiple keys with reverse
"D102", # sometimes we use docstring inheritence
"D104", # don't see the point of documenting every package
"D105", # our style doesn't require docstrings for magic methods
"D106", # Pydantic uses a nested Config class that doesn't warrant docs
"D205", # our documentation style allows a folded first line
"EM101", # justification (duplicate string in traceback) is silly
"EM102", # justification (duplicate string in traceback) is silly
"FBT003", # positional booleans are normal for Pydantic field defaults
"FIX002", # point of a TODO comment is that we're not ready to fix it
"G004", # forbidding logging f-strings is appealing, but not our style
"RET505", # disagree that omitting else always makes code more readable
"PLR0911", # often many returns is clearer and simpler style
"PLR0913", # factory pattern uses constructors with many arguments
"PLR2004", # too aggressive about magic values
"PLW0603", # yes global is discouraged but if needed, it's needed
"S105", # good idea but too many false positives on non-passwords
"S106", # good idea but too many false positives on non-passwords
"S107", # good idea but too many false positives on non-passwords
"S603", # not going to manually mark every subprocess call as reviewed
"S607", # using PATH is not a security vulnerability
"SIM102", # sometimes the formatting of nested if statements is clearer
"SIM117", # sometimes nested with contexts are clearer
"TCH001", # we decided to not maintain separate TYPE_CHECKING blocks
"TCH002", # we decided to not maintain separate TYPE_CHECKING blocks
"TCH003", # we decided to not maintain separate TYPE_CHECKING blocks
"TID252", # if we're going to use relative imports, use them always
"TRY003", # good general advice but lint is way too aggressive
"TRY301", # sometimes raising exceptions inside try is the best flow

# The following settings should be disabled when using ruff format
# per https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules
"W191",
"E111",
"E114",
"E117",
"D206",
"D300",
"Q000",
"Q001",
"Q002",
"Q003",
"COM812",
"COM819",
"ISC001",
"ISC002",
]
select = ["ALL"]
extend = "ruff-shared.toml"

[tool.ruff.lint.per-file-ignores]
[tool.ruff.lint.extend-per-file-ignores]
"src/noteburst/handlers/**" = [
"D103", # FastAPI handlers should not have docstrings
"D401", # FastAPI handler docstrings may be API docs
]
"tests/**" = [
"C901", # tests are allowed to be complex, sometimes that's convenient
"D101", # tests don't need docstrings
"D103", # tests don't need docstrings
"PLR0915", # tests are allowed to be long, sometimes that's convenient
"PT012", # way too aggressive about limiting pytest.raises blocks
"S101", # tests should use assert
"S106", # tests are allowed to hard-code dummy passwords
"SLF001", # tests are allowed to access private members
"T201", # tests are allowed to use print
]

[tool.ruff.lint.isort]
known-first-party = ["noteburst", "tests"]
split-on-trailing-comma = false

# These are too useful as attributes or methods to allow the conflict with the
# built-in to rule out their use.
[tool.ruff.lint.flake8-builtins]
builtins-ignorelist = [
"all",
"any",
"help",
"id",
"list",
"type",
]

[tool.ruff.lint.flake8-pytest-style]
fixture-parentheses = false
mark-parentheses = false

[tool.ruff.lint.pydocstyle]
convention = "numpy"
Loading

0 comments on commit 7858d60

Please sign in to comment.