build: address security vulnerabilty (#181)

* Upgrade due to sec vul

* Now we need to install docker-compose (before it was provided)

* Disable 2 pylint warnings

* Set the max line width to a 21st century number

* Add wait for port

* Remove the hyphen and replace it by a space

* Fix the pymongo version so it does not fail

* Fix the pymongo version so it does not fail

* Fix the mypy version

* Fix mypy (model.py) warnings

* Disable E501 error

Author: lvarin

.github/workflows/checks.yaml

@@ -45,14 +45,19 @@ jobs:
           pip install .
           pip install -r requirements_dev.txt
       - name: Deploy app
-        run: docker-compose up -d --build
+        run: docker compose up -d --build
       - name: Wait for app startup
-        run: sleep 20
+        run: |
+          for i in $(seq 1 24); do
+            sleep 5; curl localhost:8080 -so /dev/null && break;
+            docker compose ps;
+            echo "Retrying ($i) in 5 seconds...";
+          done
       - name: Run integration tests
         shell: bash
         run: pytest tests/test_integration
       - name: Tear down app
-        run: docker-compose down
+        run: docker compose down
   publish:
     name: Build and publish app image
     runs-on: ubuntu-latest

pro_tes/ga4gh/tes/models.py

@@ -38,7 +38,7 @@ class TesCreateTaskResponse(CustomBaseModel):
 
 class TesExecutor(CustomBaseModel):
     image: str = Field(
-        default=[""],
+        default="",
         description=(
             "Name of the container image. The string will be passed as        "
             "    the image\nargument to the containerization run command.     "
@@ -626,7 +626,7 @@ class TesTask(CustomBaseModel):
     )
     resources: Optional[TesResources] = None
     executors: list[TesExecutor] = Field(
-        default=[TesExecutor],
+        default=[TesExecutor()],
         description=(
             "An array of executors to be run. Each of the executors           "
             " will run one\nat a time sequentially. Each executor is a"

pro_tes/gunicorn.py

@@ -17,7 +17,7 @@
 forwarded_allow_ips = "*"  # pylint: disable=invalid-name
 
 # Set Gunicorn bind address
-bind = f"{app_config.server.host}:{app_config.server.port}"
+bind = f"{app_config.server.host}:{app_config.server.port}"  # pylint: disable=C0103  # noqa: E501
 
 # Source environment variables for Gunicorn workers
 raw_env = [

pro_tes/tasks/track_task_progress.py

@@ -26,7 +26,7 @@
     ignore_result=True,
     track_started=True,
 )
-def task__track_task_progress(  # pylint: disable=too-many-arguments
+def task__track_task_progress(  # pylint: disable=too-many-arguments,R0917
     self,  # pylint: disable=unused-argument
     worker_id: str,
     remote_host: str,

requirements.txt

@@ -2,11 +2,12 @@ celery-types>=0.20.0
 connexion>=2.11.2,<3
 foca>=0.12.1
 geopy>=2.2.0
-gunicorn>=20.1.0,<21
+gunicorn>=22
 ip2geotools>=0.1.6
 py-tes>=0.4.2
 pytest-ordering>=0.6
 types-PyYAML>=6.0.12
 types-requests>=2.28.5
 types-simplejson>=3.17.7
 types-urllib3>=1.26.17
+pymongo==4.8.0

requirements_dev.txt

@@ -7,5 +7,5 @@ mypy>=0.990
 pylint>=2.15.5
 pytest>=7.2.0
 python-semantic-release>=7.32.2
-mypy>=1.8.0
-types-python-dateutil>=2.8.19.20240106
+mypy==1.14.1
+types-python-dateutil>=2.8.19.20240106