Merge pull request #1553 from ScilifelabDataCentre/dev

New release v2.8.0 - No more Python 3.7

Author: i-oden

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# Team Hermes are the owners of all files in this repository
+* @ScilifelabDataCentre/teamhermes

.github/workflows/docker-compose-tests.yml

@@ -22,7 +22,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run tests against database container
-        run: docker-compose -f docker-compose.yml -f tests/docker-compose-test.yml up --build --exit-code-from backend
+        run: docker compose -f docker-compose.yml -f tests/docker-compose-test.yml up --build --exit-code-from backend
 
       - name: Setup upterm session
         uses: lhotari/action-upterm@v1

.github/workflows/publish_and_trivyscan.yml

@@ -15,7 +15,6 @@
 name: Publish to GHCR (+ Trivy scan)
 on:
   workflow_dispatch:
-    branches: [dev]
   pull_request:
   push:
     branches:
@@ -24,7 +23,56 @@ on:
   release:
     types: [published]
 jobs:
+  build_tech_overview:
+    name: Build technical overview
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      - name: Build tech overview PDF
+        uses: docker://pandoc/latex:3.2
+        with:
+          entrypoint: /bin/sh
+          args: >-
+            -c "
+            tlmgr update --self &&
+            tlmgr install cm-super fontaxes lato pdflscape xkeyval &&
+            updmap-sys &&
+            pandoc
+            --output=dds_web/static/dds-technical-overview.pdf
+            doc/technical-overview.md
+            "
+      - name: Upload technical overview PDF
+        uses: actions/upload-artifact@v4
+        with:
+          name: technical-overview-pdf
+          path: dds_web/static/dds-technical-overview.pdf
+  build_troubleshooting:
+    name: Build troubleshooting guide
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      - name: Build troubleshooting guide
+        uses: docker://pandoc/latex:3.2
+        with:
+          entrypoint: /bin/sh
+          args: >-
+            -c "
+            tlmgr update --self &&
+            tlmgr install cm-super fontaxes lato xkeyval &&
+            updmap-sys &&
+            pandoc
+            --output=dds_web/static/dds-troubleshooting.pdf
+            doc/troubleshooting.md
+            "
+      - name: Upload troubleshooting PDF
+        uses: actions/upload-artifact@v4
+        with:
+          name: troubleshooting-pdf
+          path: dds_web/static/dds-troubleshooting.pdf
   push_to_registry:
+    needs: [build_tech_overview, build_troubleshooting]
     if: github.repository == 'ScilifelabDataCentre/dds_web'
     name: Push image
     runs-on: ubuntu-latest
@@ -37,23 +85,33 @@ jobs:
       cancel-in-progress: true
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Log in to Github Container Repository
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Download technical overview PDF
+        uses: actions/download-artifact@v4
+        with:
+          name: technical-overview-pdf
+          path: dds_web/static/dds-technical-overview.pdf
+      - name: Download troubleshooting PDF
+        uses: actions/download-artifact@v4
+        with:
+          name: troubleshooting-pdf
+          path: dds_web/static/dds-troubleshooting.pdf
       - name: Docker metadata
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             ghcr.io/scilifelabdatacentre/dds-backend
       - name: Ensure lowercase name
         run: echo IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
       - name: Build for scan
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           file: Dockerfiles/backend.Dockerfile
           context: .
@@ -67,7 +125,7 @@ jobs:
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"
       - name: Upload Trivy scan results to Github Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results.sarif"
           category: trivy-build

.github/workflows/trivy-scan-branch.yml

@@ -31,7 +31,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results.sarif"
           category: trivy

.github/workflows/trivy-scheduled-dev.yml

@@ -6,10 +6,7 @@
 # ---------------------------------
 name: Trivy - ghcr image scan - dev
 on:
-  workflow_dispatch:
-    branches:
-      - dev
-  schedule:
+  schedule: # Since dev is the default branch of the repo don't specify
     - cron: "0 9,12,15 * * *"
 jobs:
   scan:
@@ -26,15 +23,15 @@ jobs:
         run: echo REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr "[:upper:]" "[:lower:]") >> $GITHUB_ENV
 
       - name: Run Trivy on latest dev image
-        uses: aquasecurity/trivy-action@0.7.1
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:dev"
           format: "sarif"
           output: "trivy-results-dev.sarif"
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to dev branch GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results-dev.sarif"
           category: trivy-dev

.github/workflows/trivy-scheduled-master.yml

@@ -6,9 +6,6 @@
 # ---------------------------------
 name: Trivy - ghcr image scan - master
 on:
-  workflow_dispatch:
-    branches:
-      - master
   schedule:
     - cron: "0 7,15 * * *"
 jobs:
@@ -28,15 +25,15 @@ jobs:
         run: echo REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr "[:upper:]" "[:lower:]") >> $GITHUB_ENV
 
       - name: Run Trivy on latest release image
-        uses: aquasecurity/trivy-action@0.7.1
+        uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:latest"
           format: "sarif"
           output: "trivy-results-master.sarif"
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to master branch GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: "trivy-results-master.sarif"
           category: trivy-master

.prettierignore

@@ -1,3 +1,6 @@
 *.html
 dds_web/static/css
 dds_web/static/node_modules
+# Would like to enable this but prettier isn't correctly formatting grid tables for pandoc
+# We need grid table markdown due to having tables with multi-column/row spans
+doc/technical-overview.md

CHANGELOG.rst

@@ -1,6 +1,22 @@
 Changelog
 ==========
 
+.. _2.8.0:
+
+2.8.0 - 2024-09-24
+~~~~~~~~~~~~~~~~~~~~~~~
+
+- New features:
+    - Technical Overview and Troubleshooting updated and made available as pdf.
+    - Added Flask command for updating units quota.
+- Dependencies:
+    - `certifi` from `2023.07.22` to `2024.7.4`
+    - `requests` from `2.31.0` to `2.32.0`
+    - `wrapt` from `1.13.3` to `1.14.0`
+- Dependencies (tests):
+    - `pyfakefs` from `4.5.5` to `5.3.0`
+- Update base image for the docker containers from `python:3.11-alpine` to `python:3.12-alpine`
+
 .. _2.7.1:
 
 2.7.1 - 2024-06-26

Dockerfiles/backend.Dockerfile

@@ -3,7 +3,7 @@
 #############################
 
 # Set official image -- parent image
-FROM python:3.11-alpine as base
+FROM python:3.12-alpine as base
 
 ARG USERNAME=dds-user
 ARG USER_UID=1001

Dockerfiles/cli.Dockerfile

@@ -1,5 +1,5 @@
 # Set official image
-FROM python:3.11-alpine as base
+FROM python:3.12-alpine as base
 
 # Update and upgrade
 RUN apk update && apk upgrade