Skip to content

Commit

Permalink
Merge branch 'main' into OPS-2774/updating-can-http-schemas
Browse files Browse the repository at this point in the history
  • Loading branch information
rajohnson90 authored Sep 12, 2024
2 parents e161807 + 65c24d8 commit ed301c9
Show file tree
Hide file tree
Showing 57 changed files with 445 additions and 514 deletions.
22 changes: 11 additions & 11 deletions .github/actions/bump-and-tag/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .github/workflows/build_data_tools.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:

# https://github.com/docker/build-push-action/
- name: Build and push Docker image
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
context: "{{defaultContext}}:backend" # https://github.com/docker/build-push-action#git-context
push: true
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/security_semgrep.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
name: Semgrep Analyze
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep@sha256:fbec85506a68c10ded1be0523052f89c0674506e05e5764ee20376cd72ddcb76 # 1.47.0
image: returntocorp/semgrep@sha256:11be9038036e2e0ad072cabd08c1241920ebef1489b8a0b1696487c8264a7e65 # 1.47.0
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
Expand Down
51 changes: 30 additions & 21 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,33 @@ At a bare minimum, you need [Docker](https://www.docker.com) and
development, you will also need to install [Python](https://www.python.org), [Node.js](https://nodejs.org), and
[pre-commit](https://pre-commit.com/#installation).

## RSA Key Generation

The backend uses RSA keys to sign and verify JWTs. You can generate these keys by running the following commands...

```shell
mkdir ~/ops-keys
openssl genrsa -out ~/ops-keys/keypair.pem 2048
openssl rsa -in ~/ops-keys/keypair.pem -pubout -out ~/ops-keys/public.pem
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in ~/ops-keys/keypair.pem -out ~/ops-keys/private.pem
```

Then place the private/public keys in your shell environment...

```shell
export JWT_PRIVATE_KEY=$(cat ~/ops-keys/private.pem)
export JWT_PUBLIC_KEY=$(cat ~/ops-keys/public.pem)
```

Also, replace the public key file contents in the following locations...

```
cat ~/ops-keys/public.pem > ./public.pub
cat ~/ops-keys/public.pem > ./backend/ops_api/ops/static/public.pem
```

N.B. The public key files above are deprecated and will be replaced with the `JWT_PUBLIC_KEY` environment variable in the future.

## Install

### Backend
Expand Down Expand Up @@ -86,7 +113,7 @@ To run them...

```shell
cd ./backend/ops_api
pytest
pipenv run pytest
```

Note: All backend API endpoints have the ability to simulate an error response, for testing purposes for the frontend. This is accomplished
Expand Down Expand Up @@ -137,10 +164,8 @@ or Interactively via:
bun run test:e2e:interactive
```

The E2E uses it's own TEST keys for generating and validating JWT Signatures, as it bypasses any live OAuth providers.
The test-private-key is currently configured within the `cypress.config.js` directly (base64url encoded). The `backend`, then requires the test-public-key in order to validate the signatures of the JWT. This is configured within the `/ops/environment/local/e2e.py` (path); which points to the `/static/test-public-key.pem`.
These keys are ONLY used for End-to-end testing, and are not pushed to any LIVE system outside of local testing.
N.B. Running the E2E tests multiple times using the same containers and volumes can lead to unexpected results.
It is recommended to run `docker system prune --volumes` between test runs.

### Linting

Expand Down Expand Up @@ -203,26 +228,10 @@ TBD
TBD
~~This environment can be deployed to manually as well by authorized committers in the repository. You accomplish this by force pushingan existing commit to the `development` branch.~~

```shell
git branch -d development # deletes the development branch if it was already checked out locally
git checkout -b development
git push --force --set-upstream origin development
```

### Staging Environment
TBD
~~This environment can be deployed to by authorized committers in the repository. You accomplish this by force pushing an existing commit to the `staging` branch.~~

```shell
git branch -d staging # deletes the staging branch if it was already checked out locally
git checkout -b staging
git push --force --set-upstream origin staging
```

### Production Environment
TBD
Expand Down
4 changes: 2 additions & 2 deletions backend/ops_api/Pipfile
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ flask-jwt-extended = {extras = ["asymmetric_crypto"], version = "==4.6.0"}
authlib = "==1.3.2"
requests = "==2.32.3"
markupsafe = "==2.1.5"
flask-cors = "==4.0.2"
flask-cors = "==5.0.0"
psycopg2-binary = "==2.9.9"
gunicorn = "==22.0.0"
desert = "==2022.9.22"
marshmallow-enum = "==1.5.1"
marshmallow-dataclass = "==8.7.0"
marshmallow-dataclass = "==8.7.1"
sqlalchemy-continuum = "==1.4.2"
marshmallow-sqlalchemy = "==1.0.0"
azure-storage-blob = "==12.22.0"
Expand Down
Loading

0 comments on commit ed301c9

Please sign in to comment.