Merge branch 'master' into pr/fix/documentation-haml

ncbo · Nov 29, 2022 · 13df5ce · 13df5ce
2 parents a5a2277 + 64742d1
commit 13df5ce
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 6 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,85 @@
+# Workflow for deploying ontologies_api to stage/prod systems via capistrano.
+# This workflow runs after a successeful execution of the unit test workflow and it
+# can also be triggered manually.
+#
+# Required github secrets:
+#
+# CONFIG_REPO - github repo containing config and customizations for the API. Format 'author/private_config_repo'
+# it is used for getting capistrano deployment configuration for stages on the github actions runner and
+# PRIVATE_CONFIG_REPO env var is constructed from it which is used by capistrano on the remote servers for pulling configs.
+#
+# GH_PAT - github Personal Access Token for accessing PRIVATE_CONFIG_REPO
+#
+# SSH_JUMPHOST - ssh jump/proxy host though which deployments have to though if app servers are hosted on private network.
+#
+# DEPLOY_ENC_KEY - key for decrypting deploymnet ssh key residing in config/deploy_id_rsa_enc (see miloserdow/capistrano-deploy)
+# this SSH key is used for accessing jump host, UI nodes, and private github repo.
+
+name: Capistrano Deployment
+# Controls when the action will run.
+on:
+  # Trigger deployment to staging after unit test action completes
+  workflow_run:
+    workflows: ["Ruby Unit Tests"]
+    types:
+      - completed
+    branches: [master, develop]
+  # Allows running this workflow manually from the Actions tab
+  workflow_dispatch:
+    branches: [master, develop]
+    inputs:
+      BRANCH:
+        description: 'Branch/tag to deploy'
+        default: develop
+        required: true
+      environment:
+        description: 'target environment to deploy to'
+        type: choice
+        options:
+          - staging
+          - production
+        default: staging
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    # run deployment only if "Ruby Unit Tests" workflow completes sucessefully
+    if: ${{ github.event.workflow_run.conclusion == 'success' }} 
+    env:
+      BUNDLE_WITHOUT: default #install gems required primarily for the deployment in order to speed this workflow
+      PRIVATE_CONFIG_REPO: ${{ format('git@github.com:{0}.git', secrets.CONFIG_REPO) }}
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+    - name: set branch/tag and environment to deploy from inputs
+      run: |
+        # workflow_dispatch default input doesn't get set on push so we need to set defaults
+        # via shell parameter expansion
+        # https://dev.to/mrmike/github-action-handling-input-default-value-5f2g
+        USER_INPUT_BRANCH=${{ inputs.branch }}
+        echo "BRANCH=${USER_INPUT_BRANCH:-develop}" >> $GITHUB_ENV
+        USER_INPUT_ENVIRONMENT=${{ inputs.environment }}
+        echo "TARGET=${USER_INPUT_ENVIRONMENT:-staging}" >> $GITHUB_ENV
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v3
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.7.6 # Not needed with a .ruby-version file
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: get-deployment-config
+      uses: actions/checkout@v3
+      with:
+        repository: ${{ secrets.CONFIG_REPO }} # repository containing deployment settings
+        token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
+        path:  deploy_config
+    - name: copy-deployment-config
+      run:  cp -r deploy_config/ontologies_api/* .
+    # add ssh hostkey so that capistrano doesn't complain
+    - name: Add jumphost's hostkey to Known Hosts
+      run: |
+        mkdir -p ~/.ssh
+        ssh-keyscan -H ${{ secrets.SSH_JUMPHOST }} > ~/.ssh/known_hosts
+      shell: bash
+    - uses: miloserdow/capistrano-deploy@master
+      with:
+        target: ${{ env.TARGET }} # which environment to deploy
+        deploy_key: ${{ secrets.DEPLOY_ENC_KEY }} # Name of the variable configured in Settings/Secrets of your github project
diff --git a/Gemfile b/Gemfile
@@ -50,10 +50,13 @@ gem 'ontologies_linked_data', github: 'ncbo/ontologies_linked_data', branch: 'ma
 gem 'sparql-client', github: 'ncbo/sparql-client', branch: 'master'
 
 group :development do
+  # bcrypt_pbkdf and ed35519 is required for capistrano deployments when using ed25519 keys; see https://github.com/miloserdow/capistrano-deploy/issues/42
+  gem 'bcrypt_pbkdf', '>= 1.0', '< 2.0', require: false
   gem 'capistrano', '~> 3', require: false
   gem 'capistrano-bundler', require: false
   gem 'capistrano-locally', require: false
   gem 'capistrano-rbenv', require: false
+  gem 'ed25519', '>= 1.2', '< 2.0', require: false
   gem 'pry'
   gem 'shotgun', github: 'palexander/shotgun', branch: 'ncbo'
 end

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -15,7 +15,7 @@ GIT
 
 GIT
   remote: https://github.com/ncbo/ncbo_annotator.git
-  revision: 57204d8e54432ba660af4c49806e2a3019a23fa2
+  revision: 71d41e3afb35dafe29abfb6d9becaadc725bad36
   branch: master
   specs:
     ncbo_annotator (0.0.1)
@@ -109,6 +109,7 @@ GEM
       sshkit (>= 1.6.1, != 1.7.0)
     backports (3.23.0)
     bcrypt (3.1.18)
+    bcrypt_pbkdf (1.1.0)
     bigdecimal (1.4.2)
     builder (3.2.4)
     capistrano (3.17.1)
@@ -131,6 +132,7 @@ GEM
     docile (1.4.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
+    ed25519 (1.3.0)
     faraday (1.10.2)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
@@ -330,12 +332,14 @@ PLATFORMS
 
 DEPENDENCIES
   activesupport (~> 3.0)
+  bcrypt_pbkdf (>= 1.0, < 2.0)
   bigdecimal (= 1.4.2)
   capistrano (~> 3)
   capistrano-bundler
   capistrano-locally
   capistrano-rbenv
   cube-ruby
+  ed25519 (>= 1.2, < 2.0)
   faraday (~> 1.9)
   ffi
   goo!
@@ -377,4 +381,4 @@ DEPENDENCIES
   unicorn-worker-killer
 
 BUNDLED WITH
-   2.3.20
+   2.3.23
diff --git a/config/deploy.rb b/config/deploy.rb
@@ -1,6 +1,6 @@
 # config valid only for Capistrano 3
 
-APP_PATH = '/srv/ncbo'
+APP_PATH = '/srv/ontoportal'
 
 set :application, 'ontologies_api'
 set :repo_url, "https://github.com/ncbo/#{fetch(:application)}.git"
@@ -77,7 +77,7 @@
 
 namespace :deploy do
 
-  desc 'Incorporate the bioportal_conf private repository content'
+  desc 'Incorporate the private repository content'
   # Get cofiguration from repo if PRIVATE_CONFIG_REPO env var is set
   # or get config from local directory if LOCAL_CONFIG_PATH env var is set
   task :get_config do

diff --git a/controllers/ontology_analytics_controller.rb b/controllers/ontology_analytics_controller.rb
@@ -7,6 +7,7 @@ class OntologyAnalyticsController < ApplicationController
   namespace "/analytics" do
 
     get do
+      expires 86400, :public
       year = year_param(params)
       error 400, "The year you supplied is invalid. Valid years start with 2 and contain 4 digits." if params["year"] && !year
       month = month_param(params)
@@ -24,6 +25,7 @@ class OntologyAnalyticsController < ApplicationController
   namespace "/ontologies/:acronym/analytics" do
 
     get do
+      expires 86400, :public
       ont = Ontology.find(params["acronym"]).first
       error 404, "No ontology exists with the acronym: #{params["acronym"]}" if ont.nil?
       analytics = ont.analytics

diff --git a/controllers/ontology_submissions_controller.rb b/controllers/ontology_submissions_controller.rb
@@ -93,15 +93,16 @@ class OntologySubmissionsController < ApplicationController
       submission_attributes = [:submissionId, :submissionStatus, :uploadFilePath, :pullLocation]
       included = Ontology.goo_attrs_to_load.concat([submissions: submission_attributes])
       ont = Ontology.find(acronym).include(included).first
-      ont.bring(:viewingRestriction) if ont.bring?(:viewingRestriction)
       error 422, "You must provide an existing `acronym` to download" if ont.nil?
+      ont.bring(:viewingRestriction) if ont.bring?(:viewingRestriction)
       check_access(ont)
       ont_restrict_downloads = LinkedData::OntologiesAPI.settings.restrict_download
       error 403, "License restrictions on download for #{acronym}" if ont_restrict_downloads.include? acronym
       submission = ont.submission(params['ontology_submission_id'].to_i)
       error 404, "There is no such submission for download" if submission.nil?
       file_path = submission.uploadFilePath
-
+      # handle edge case where uploadFilePath is not set
+      error 422, "Upload File Path is not set for this submission" if file_path.to_s.empty?
       download_format = params["download_format"].to_s.downcase
       allowed_formats = ["csv", "rdf"]
       if download_format.empty?

diff --git a/test/controllers/test_ontology_submissions_controller.rb b/test/controllers/test_ontology_submissions_controller.rb
@@ -125,6 +125,10 @@ def test_download_submission
     # Clear restrictions on downloads
     LinkedData::OntologiesAPI.settings.restrict_download = []
     # see also test_ontologies_controller::test_download_ontology
+
+    # Test downloads of nonexistent ontology
+    get "/ontologies/BOGUS66/submissions/55/download"
+    assert_equal(422, last_response.status, "failed to handle downloads of nonexistent ontology" + get_errors(last_response))
   end
 
   def test_download_ontology_submission_rdf