The buildah/buildah image has seen its last update 4 years ago.

Switch to the official Skopeo image instead.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Actually, using a dev suffix doesn't work and displaying it
as an example is quite confusing. So, let's drop it.

Also remove the old versioning scheme, used for the last time in 2018.

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

With task T10606, we make each instance of qa-report-app have its own
token. As such, these changes are needed to honor the new field

Should fix below exception:

```
Traceback (most recent call last):
  File "/app/./wait-for-db.py", line 27, in <module>
    main()
  File "/app/./wait-for-db.py", line 18, in main
    config.load_config_from_file(args.config)
  File "/app/config.py", line 817, in load_config_from_file
    self._instance = AppConfig.parse_obj(data)
  File "pydantic/main.py", line 526, in pydantic.main.BaseModel.parse_obj
  File "pydantic/env_settings.py", line 39, in pydantic.env_settings.BaseSettings.__init__
  File "pydantic/main.py", line 342, in pydantic.main.BaseModel.__init__
pydantic.error_wrappers.ValidationError: 1 validation error for AppConfig
qa-report-gitlab-token
  extra fields not permitted (type=value_error.extra)
```

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

In case of requesting an non existent test case the following exception is
triggered:

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/waitress/channel.py", line 428, in service
    task.service()
  File "/usr/local/lib/python3.9/dist-packages/waitress/task.py", line 168, in service
    self.execute()
  File "/usr/local/lib/python3.9/dist-packages/waitress/task.py", line 436, in execute
    app_iter = self.channel.server.application(environ, start_response)
  File "/usr/local/lib/python3.9/dist-packages/waitress/proxy_headers.py", line 64, in translate_proxy_headers
    return app(environ, start_response)
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1498, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1476, in wsgi_app
    response = self.handle_exception(e)
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1473, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 882, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 880, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 865, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
  File "/app/./webhook.py", line 292, in testcases_definition
    tc_file_data = testcases_table.get_tc_data(release, testcase + ".yaml")
  File "/app/data/testcases_table.py", line 184, in get_tc_data
    return self.get_index_files_data()[release][tc_file]
KeyError: 'iptables-nmap.yaml'

To avoid this type of messages handle gracefully the query for non existent
test cases.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Since LAVA 2024.05 the LAVA callback token is only placed in the headers,
by default in Authorization. Adapt the code to handle this upstream change
to allow callbacks to be processed.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

To reflect the deletion of internal images

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

No longer used, so removed to avoid confusion.

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

To reflect the addition of ARM flavours

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

ARM64 sometimes refers to "uboot" images and
sometimes to "rpi64", now the distinction is visible.

While doing that also add flavours for ARM although less
useful as we only provide one type of image for ARM.

Signed-off-by: Dylan Aïssi <dylan.aissi@collabora.com>

The fsGroup value was improperly configured in the Helm Chart and consequently discarded during deployment.
This adjustment now correctly assigns the `fsGroup` value in the appropriate section, ensuring proper configuration.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Andre Moreira Magalhaes authored 1 year ago and Andrej Shadura committed 1 year ago

This fixes an issue where the session cookies are shared between instances
when running multiple instances of the app under different URL prefixes.

Setting APPLICATION_ROOT (or SESSION_COOKIE_PATH) should limit the session
cookies to the configured URL prefix.

See https://flask.palletsprojects.com/en/3.0.x/config/#APPLICATION_ROOT

.

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Pablo Vigo Mas authored 1 year ago and Andrej Shadura committed 1 year ago

Checksum in annotations ensures that the pod restart when an object is
updated. Previosuly, checksums were not included when there were no other
annotations on the object, so they had no effect.
Instead, always include annotations with at least the checksums, so they
are be used regardless.

Fixes: 45bed51a ("Ensure the pod restarts when the K8s secret with the config is updated")

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Make the container run as user 1001 instead of user root.
Configure SecurityContext to deploy the service in k8s using this user ID.
Allow running the service with the least privilege.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 1 year ago and Andrej Shadura committed 1 year ago

Remove apt cache, disable pip cache to reduce the image size.

Signed-off-by: Pablo Vigo <pvigo@collabora.com>

Pablo Vigo Mas authored 1 year ago and Emanuele Aina committed 1 year ago

A new annotation was included adding the hash of the secret holding the
app configuration.

If the secret is updated, the hash will be different and the Pod will
be restarted automatically.

Signed-off-by: pvigo@collabora.com <pvigo@collabora.com>

Tweaking the lists of dependencies to spread over multiple lines, with
each entry on its own line, makes `git diff` work much better since
you can now spot what has actually changed with a single glance.

This commit does not otherwise introduce any functional change.

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Avoid Flask 3.0/Werkzeug 3.0 for now as they cause the unit tests
to fail:

    =================================== FAILURES ===================================
    ________________________ FunctionalTestCase.test_index _________________________
    self = <functional_test.FunctionalTestCase testMethod=test_index>
        def test_index(self):
            client = self.app.test_client()
            response = client.get('/')
            assert response.status_code == 200
            assert response.mimetype == 'text/html'
    >       assert response.charset == 'utf-8'
    E       AttributeError: 'WrapperTestResponse' object has no attribute 'charset'
    client     = <FlaskClient <Flask 'webhook'>>
    response   = <WrapperTestResponse streamed [200 OK]>
    self       = <functional_test.FunctionalTestCase testMethod=test_index>
    tests/functional_test.py:49: AttributeError
    ----------------------------- Captured stderr call -----------------------------

Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

This is necessary if the application is not served at the root.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

For tagged images, the URL to the image on images.apertis.org has to be
adapted because the images are copied to another folder once they are
tagged. This is necessary to keep them from being removed by the
clean-up process.

For releases, the version <DATE>.<TIME> is replaced by the release number
<YEAR>.<RELEASE>. E.g.: 20230524.1145 is replaced by v2023.1 and the
`daily` folder by the `release` folder.

For weeklies, only the `daily` folder is replaced by the `weekly`
folder.

Signed-off-by: Detlev Casanova <detlev.casanova@collabora.com>

Add LGPL 2.1  license file for this project.

Signed-off-by: Walter Lozano <walter.lozano@collabora.com>

Fix for:
  ValueError: Received unknown trusted_proxy_headers value
  (x-forwarded-prefix) expected one of x-forwarded-for,
  x-forwarded-host, forwarded, x-forwarded-proto,
  x-forwarded-port, x-forwarded-by.

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Though they are not used by tests atm, let's add them for consistency with the
main docker image.

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

The prefix can be configured via config file using the 'url-prefix' param.

Setting this to any value except the empty string (default) will cause the
WSGI SCRIPT_NAME value to be that value, minus any trailing slashes.

This also changes all links to endpoints to use `url_for` and thus respect the
url prefix set.

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Add timestamp/level to logging messages.

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

The deprecated Flask.before_first_request decorator was removed on
Flask 2.3.0 so let's stop using it.
See https://github.com/pallets/flask/issues/4605 and
https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-0

.

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Add --live-reload cmdline option to enable it (disabled by default).

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

We are dropping the IoT image, so let's stop displaying test results for it.

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>

Signed-off-by: Andre Moreira Magalhaes <andre.magalhaes@collabora.com>