Update container builds.

FREVA-CLINT · Aug 19, 2024 · 6dcc78d · 6dcc78d
1 parent 6dfa432
commit 6dcc78d
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 47 deletions.
diff --git a/.github/workflows/build_containers.yml b/.github/workflows/build_containers.yml
@@ -68,7 +68,7 @@ jobs:
           tags: |
             ghcr.io/freva-clint/freva-deployment:${{ steps.repository.outputs.tag }}
             ghcr.io/freva-clint/freva-deployment:latest
-          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/ppc64le,linux/i386
+          platforms: linux/amd64
 
   build-and-push-vault-image:
     runs-on: ubuntu-latest

diff --git a/assets/share/freva/deployment/playbooks/web-server-playbook.yml b/assets/share/freva/deployment/playbooks/web-server-playbook.yml
@@ -1,24 +1,4 @@
 ---
-- name: Adding web secrets to the vault
-  hosts: vault
-  become: "{{ vault_ansible_become_user is defined and vault_ansible_become_user != '' }}"
-  vars:
-    ansible_python_interpreter: "{{ vault_ansible_python_interpreter }}"
-    become: "{{ vault_ansible_become_user is defined and vault_ansible_become_user != '' }}"
-  tasks:
-    - name: Copying docker/podman wrapper script
-      copy:
-        src: "{{ asset_dir }}/scripts/docker-or-podman"
-        dest: /tmp/docker-or-podman
-        mode: "0775"
-    - name: Deleting tmporary files
-      file:
-        path: "{{item}}"
-        state: absent
-      with_items:
-        - /tmp/create_systemd.py
-        - /tmp/docker-or-podman
-
 - name: Creating web config on the core directory
   hosts: core
   become: "{{ core_ansible_become_user is defined and core_ansible_become_user != '' }}"

diff --git a/assets/share/freva/deployment/vault/Dockerfile b/assets/share/freva/deployment/vault/Dockerfile
@@ -9,7 +9,7 @@ ENV VERSION=$VERSION
 ENV HOME=/vault
 COPY runserver.py /bin/runserver.py
 COPY add-vault-secret /bin/add-vault-secret
-RUN apk add --update --no-cache gcc musl-dev python3-dev libffi-dev build-base
+RUN apk add --update --no-cache gcc musl-dev python3-dev py3-pip libffi-dev build-base
 RUN set -ex &&\
     mkdir -p /opt/vault && chown -R vault:vault /opt/vault &&\
     chmod +x /bin/runserver.py /bin/add-vault-secret &&\
@@ -18,9 +18,8 @@ RUN set -ex &&\
 COPY --chown=vault:vault vault-server-tls.hcl /opt/vault/
 COPY --chown=vault:vault policy-file.hcl /opt/vault/
 
-RUN python3 -m ensurepip
-RUN pip3 install --no-cache-dir --upgrade pip setuptools &&\
-    pip3 install --no-cache-dir hvac requests pyopenssl fastapi uvicorn &&\
+RUN python3 -m pip install --break-system-packages --no-cache-dir --upgrade pip setuptools &&\
+    python3 -m pip install --break-system-packages --no-cache-dir hvac requests pyopenssl fastapi uvicorn &&\
     rm -rf /root/.cache/pip /var/cache/apk/* /tmp/*
 
 EXPOSE 5002

diff --git a/assets/share/freva/deployment/vault/runserver.py b/assets/share/freva/deployment/vault/runserver.py
@@ -99,9 +99,7 @@ def _auth_vault(self) -> None:
     def update_secret(self, path: str, **secret: str) -> None:
         """Update or create a secret."""
         self._auth_vault()
-        self.client.secrets.kv.v1.create_or_update_secret(
-            path=path, secret=secret
-        )
+        self.client.secrets.kv.v1.create_or_update_secret(path=path, secret=secret)
 
     def get_secret(self, path: str) -> Optional[Dict[str, str]]:
         """Get the secretes of a path."""
@@ -125,19 +123,13 @@ def token(self) -> str:
     def init_vault(cls) -> KeyType:
         """Setup a fresh vault."""
         if cls.client.sys.is_initialized() is False:
-            keys = cls.client.sys.initialize(
-                cls.secret_shares, cls.secret_threshold
-            )
+            keys = cls.client.sys.initialize(cls.secret_shares, cls.secret_threshold)
             keys.pop("keys_base64", "")
             keys["token"] = keys.pop("root_token")
             KEY_FILE.parent.mkdir(exist_ok=True, parents=True)
-            KEY_FILE.write_bytes(
-                base64.b64encode(json.dumps(keys).encode("utf-8"))
-            )
+            KEY_FILE.write_bytes(base64.b64encode(json.dumps(keys).encode("utf-8")))
         elif not KEY_FILE.is_file():
-            logger.critical(
-                "Vault is initialized but the key file does not exist"
-            )
+            logger.critical("Vault is initialized but the key file does not exist")
             return {"token": "", "keys": []}
         return cast(
             KeyType,
@@ -196,7 +188,7 @@ async def get_vault_status() -> JSONResponse:
 
 @app.post("/vault/{path}", tags=["Secrets"])
 async def update_secret(
-    path: Annotated[str, Path(description="Secret location.", example="test")],
+    path: Annotated[str, Path(description="Secret location.", examples="test")],
     secret: Annotated[
         Optional[str],
         Query(
@@ -207,24 +199,22 @@ async def update_secret(
                 "key=value. Multiple secrets are ',' "
                 "comma separated."
             ),
-            example="foo=bar,hoo=rohoo",
+            examples="foo=bar,hoo=rohoo",
         ),
     ] = None,
     admin_pw: Annotated[
         Optional[str],
         Header(
             alias="password",
             description="Give the pre defined admin password.",
-            example="password",
+            examples="password",
             tile="Password",
         ),
     ] = None,
 ) -> JSONResponse:
     """Update or create a secret."""
     if path == "test":
-        return JSONResponse(
-            {"message": "success"}, status_code=status.HTTP_201_CREATED
-        )
+        return JSONResponse({"message": "success"}, status_code=status.HTTP_201_CREATED)
     if admin_pw != os.environ.get("ROOT_PW"):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
@@ -258,14 +248,14 @@ async def read_secret(
         str,
         Path(
             description="The name of the k/v secrets path",
-            example="data",
+            examples="data",
         ),
     ],
     public_key: Annotated[
         str,
         Path(
             description="hexdigest representation of the sha512 freva public key.",
-            example="foo",
+            examples="foo",
         ),
     ],
 ) -> JSONResponse:

diff --git a/src/freva_deployment/ui/deployment_tui/main_window.py b/src/freva_deployment/ui/deployment_tui/main_window.py
@@ -13,11 +13,17 @@
 import appdirs
 import npyscreen
 import tomlkit
+
 from freva_deployment.utils import asset_dir, config_dir, load_config
 
 from .base import BaseForm, selectFile
-from .deploy_forms import (CoreScreen, DBScreen, FrevaRestScreen, RunForm,
-                           WebScreen)
+from .deploy_forms import (
+    CoreScreen,
+    DBScreen,
+    FrevaRestScreen,
+    RunForm,
+    WebScreen,
+)
 
 
 def interrupt(*args: Any) -> None: