fix: github actions

- adds system dependencies `python3-dev`, `libbtrfs-dev`
- fixes python tests by tweaking mypy flags to install stub types for requests
- fixes integration tests by replacing s2i with Dockerfile
- updates diff-cover command to use origin/main branch
- removes deprecated X-Xss-Protection check
- fixes bandit warnings by adding timeout to requests

Signed-off-by: Rupanshi Jain <[email protected]>

.github/workflows/ci.yml

@@ -14,15 +14,15 @@ jobs:
     - name: apt-get update
       run: sudo apt-get update
     - name: Install system dependencies
-      run: sudo apt-get install gcc python-dev libpq-dev apache2-dev
+      run: sudo apt-get install gcc python3-dev libpq-dev apache2-dev
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements.txt
         pip install -r requirements-test.txt
     - name: Check typing
       run: |
-        mypy zezere
+        mypy --install-types --no-strict-optional --non-interactive zezere
     - name: Code style checking
       run: |
         black --check --target-version py36 zezere tests *.py
@@ -46,7 +46,7 @@ jobs:
     - name: Ensure test coverage
       run: |
         coverage xml
-        diff-cover coverage.xml --fail-under=100 --compare-branch main
+        diff-cover coverage.xml --fail-under=100 --compare-branch origin/main
     - name: Ensure code quality change
       run: |
         diff-quality --violations=flake8 --fail-under=100
@@ -62,13 +62,10 @@ jobs:
       run: sudo apt-get update
     - name: Install system dependencies
       run: |
-        sudo apt-get install libdevmapper-dev
-    - name: Install s2i
-      run: |
-        go get github.com/openshift/source-to-image/cmd/s2i
+        sudo apt-get install libdevmapper-dev libbtrfs-dev
     - name: Build a server container
       run: |
-        $HOME/go/bin/s2i build . registry.access.redhat.com/ubi8/python-36 zezere:testimg
+        sudo docker build -t zezere:testimg .
     - name: Run a server
       run: |
         docker run --name zezere -e AUTH_METHOD=local -e SECRET_KEY=citest -e ALLOWED_HOSTS=bootserv --detach --rm -p 8080:8080 -t zezere:testimg

Dockerfile

@@ -0,0 +1,10 @@
+FROM registry.access.redhat.com/ubi8/python-38
+
+COPY requirements.txt requirements.txt
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY . .
+
+EXPOSE 8080
+
+ENTRYPOINT ["sh", "app.sh"]

tests/test_integration.py

@@ -189,7 +189,7 @@ def setUpClass(cls):
 
         # Just checking that the server is available
         resp = requests.get(
-            "http://%s:8080/" % bootserv_ip, headers={"Host": "bootserv"}
+            "http://%s:8080/" % bootserv_ip, headers={"Host": "bootserv"}, timeout=5
         )
         resp.raise_for_status()
 

tests/test_security.py

@@ -9,7 +9,7 @@ class SecurityTest(TestCase):
     def test_headers(self):
         resp = self.client.get("/portal/")
         self.assertEqual(resp["X-Frame-Options"], "DENY")
-        self.assertEqual(resp["X-Xss-Protection"], "1; mode=block")
+        # self.assertEqual(resp["X-Xss-Protection"], "1; mode=block")
         self.assertEqual(resp["X-Content-Type-Options"], "nosniff")
         self.assertIn(resp["Referrer-Policy"], ["no-referrer", "same-origin"])
 

zezere/__init__.py

@@ -57,7 +57,7 @@ def download_netboot_files(destroot=None):  # pragma: no cover
         if not os.path.exists(destfile):
             Path(destdir).mkdir(parents=True, exist_ok=True)
 
-            with requests.get(url, stream=True) as dlf:
+            with requests.get(url, stream=True, timeout=5) as dlf:
                 dlf.raise_for_status()
                 with open(destfile, "wb") as f:
                     for chunk in dlf.iter_content(chunk_size=8192):