Conversation
* Update controller.py * Create pr_build.yml * Create release-main.yml * Create manual-build.yml * Update db.py * Update controller.py * Update db.py * Update pr_build.yml * Update controller.py * Update controller.py * add GHA test.yml, codeql, and dependabot.yml (#136) * mongo7 upgrade * upgrade pymongo to 4.7.2 * update python to 3.9.19 * update Makefile and run_tests.sh scripts * update submodules * fix gradle not found * start nms service with docker-compose * update nms submodule to the latest * install docker-compose in GHA * switch catalog mongo7 port to 27018 * fix mongo port * fix mongo port mapping * set admin_users * check admin users * shut down NMS service properly * fix nms curl * update mock_auth service * update the commit * Update test.cfg.example * Update test.cfg.example * Update core_registration_test.py * update message * test method_spec_admin_users * test simple_good_repo old commit * test register hack * remove jars nms submodules * update Dockerfile * remove kbapi_common submodule * fix deprecated mongo auth * remove all submodules in catalog * create MongoClient through passing in params * add a comment for mock_auth server.py * simplify code * adjust params in MongoClient * add debug log messages in list_user_favorites func * try reinitiate mongoclient * update __init__ in db.py file * fix typo * add check_db_schema * add boolean flag for schema check * collection direct call * remove debugging message * display catalog version * fix failed unit test in startup_test.py * trigger lazy load collection * clean up files * remove comments from Makefile * validate Install Docker Compose step in ci * use docker compose * map NMS to the local port 27018 * Add a clearer comment for the environment variable in test.yml * move env to jobs level * add more comments in server.py * add more comments in db.py * remove check_db_schema related functions * revert back changes * move self._db_schema_checked flag outside function * refactor _create_indexes function * encapsulate create_indexes in the DBIndexes class * add comment at the top of server.py file * refactor db.py file * add flag for mongo client * update wrapper function * add initialize_mongo_client function manually * add _close_mongo_client function * try run tests without a lock * revert self.lock changes * Recreate the database and collection handles after reinitializing the client * revert back tests * remove decorator related code * add comment why need to manually close mongoclient * update comments * refactor the db.py and add comments for docker-compose file * add a comment for _ensure_mongo_connection function * Clarify the comments in the db.py and docker-compose.yml files * remove NarrativeMethodStore section and update the test instructions in the test/test.cfg.example file * expound on the explanation * fix c&p error * fix typos and clarify comments * make sure NMS is clean after each test * remove uwsgi from dockerfile * add Pipenv and Pipenv.lock files * upload Pipfiles * add missing lib pyyaml * move semantic_version to packages * fix mongo_authMechanism name * add retrywrites param * move release notes from README.md to RELEASE_NOTES.md * removed mongodb-retrywrites from test.cfg.example * add tests for retryWrites * fix format * add print meesage to verify retryWrites setting * remove print * fix typo in README.md * uncomment trivy-scan --------- Co-authored-by: Boris <[email protected]> Co-authored-by: Sijie Xiang <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+19
to
+90
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - python-version: '3.9.19' | ||
| mongo-version: '3.6' | ||
| - python-version: '3.9.19' | ||
| mongo-version: '7.0.4' | ||
| services: | ||
| mongo: | ||
| image: mongo:${{matrix.mongo-version}} | ||
| ports: | ||
| - 27017:27017 | ||
| options: --name mongo${{matrix.mongo-version}} | ||
|
|
||
| env: | ||
| KBASE_CI_TOKEN: ${{ secrets.KBASE_CI_TOKEN }} | ||
| # This env var is also used in the catalog test docker compose file for starting NMS | ||
| ADMIN_USER: ${{ secrets.KBASE_BOT_USER_CI }} | ||
|
|
||
| steps: | ||
| - name: Repo checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: ${{matrix.python-version}} | ||
|
|
||
| - name: Install dependencies and set up test config | ||
| shell: bash | ||
|
|
||
| run: | | ||
|
|
||
| # test mongo connection | ||
| curl http://localhost:27017 | ||
| returncode=$? | ||
| if [ $returncode != 0 ]; then exit $returncode; fi | ||
|
|
||
| # set HOMEDIR | ||
| export HOMEDIR=`pwd` | ||
|
|
||
| # move to parent dir to install binaries etc | ||
| cd .. | ||
|
|
||
| # setup kb-sdk | ||
| mkdir -p $(pwd)/bin | ||
| docker run ghcr.io/kbase/kb_sdk_patch-develop:br-0.0.4 genscript > $(pwd)/bin/kb-sdk | ||
| chmod 755 $(pwd)/bin/kb-sdk | ||
| export PATH=$(pwd)/bin:$PATH | ||
|
|
||
| # install catalog dependencies | ||
| cd $HOMEDIR | ||
| python -m pip install --upgrade pip | ||
| pip install pipenv | ||
| pipenv sync --system --dev | ||
|
|
||
| # setup test config | ||
| cp -n test/test.cfg.example test/test.cfg | ||
| sed -i "s#^nms-admin-token.*#nms-admin-token=$KBASE_CI_TOKEN#" test/test.cfg | ||
| sed -i "s#^method-spec-admin-users.*#method-spec-admin-users=$ADMIN_USER#" test/test.cfg | ||
|
|
||
| - name: Run tests | ||
| shell: bash | ||
| run: make test | ||
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v4 | ||
| with: | ||
| token: ${{ secrets.CODECOV_TOKEN }} | ||
| fail_ci_if_error: true |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
The best way to fix the problem is to add a permissions block at the root level (before jobs:) of the workflow YAML file (.github/workflows/test.yml). This block should specify the least privileges necessary for all jobs in the workflow. From the workflow steps shown, only read access to repository contents is necessary (contents: read). No additional write permissions (for issues, pull-requests, etc.) or access to other scopes appear to be required. This fix should be implemented by inserting the following block immediately after the workflow name (name: KBase Catalog test, line 1) and before the on: block (line 3):
permissions:
contents: readNo new imports or dependencies are required for this change.
Suggested changeset
1
.github/workflows/test.yml
| @@ -1,5 +1,8 @@ | ||
| name: KBase Catalog test | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| pull_request: | ||
| types: |
Copilot is powered by AI and may make mistakes. Always verify output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
D->M