Merge branch 'main' into spike/no-cache-morecast-2

.github/workflows/deployment.yml

@@ -43,7 +43,7 @@ jobs:
         shell: bash
         run: |
           oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
-          GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=web DOCKER_FILE=Dockerfile.web PATH_BC=openshift/templates/build.web.bc.yaml SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}" ARTIFACTORY_SVCACCT_TOKEN="${{ secrets.ARTIFACTORY_SVCACCT_TOKEN}}" bash openshift/scripts/oc_build.sh ${SUFFIX} apply
+          GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=web DOCKER_FILE=Dockerfile.web PATH_BC=openshift/templates/build.web.bc.yaml SENTRY_AUTH_TOKEN="${{ secrets.SENTRY_AUTH_TOKEN }}" bash openshift/scripts/oc_build.sh ${SUFFIX} apply
 
   build-api-image:
     name: Build API Image
@@ -61,7 +61,7 @@ jobs:
         shell: bash
         run: |
           oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TOOL_TOKEN }}"
-          GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=api ARTIFACTORY_PYPI_USERNAME=${{ secrets.ARTIFACTORY_PYPI_USERNAME }} ARTIFACTORY_PYPI_PASSWORD=${{ secrets.ARTIFACTORY_PYPI_PASSWORD }} bash openshift/scripts/oc_build.sh ${SUFFIX} apply
+          GIT_BRANCH=${GITHUB_HEAD_REF} MODULE_NAME=api bash openshift/scripts/oc_build.sh ${SUFFIX} apply
   # TODO: Delete once pmtiles has run for some time
   # build-tileserv-image:
   #   name: Build tileserv Image
@@ -249,7 +249,7 @@ jobs:
       - name: ZAP Scan
         uses: zaproxy/[email protected]
         with:
-          target: "https://wps-pr-${{ github.event.number }}.apps.silver.devops.gov.bc.ca"
+          target: "https://wps-pr-${{ github.event.number }}-e1e498-dev.apps.silver.devops.gov.bc.ca"
           rules_file_name: ".zap/rules.tsv"
           # Do not return failure on warnings - TODO: this has to be resolved!
           cmd_options: "-I"
@@ -294,67 +294,3 @@ jobs:
         run: |
           oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_DEV_TOKEN }}"
           PROJ_TARGET="e1e498-dev" PROJ_TOOLS="e1e498-tools" PROJ_DEV="e1e498-dev" bash openshift/scripts/oc_provision_c_haines_cronjob.sh ${SUFFIX} apply
-
-  prepare-test-database:
-    name: Prepare Test Database
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Set Variables
-        shell: bash
-        run: |
-          echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
-
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Deploy PostGIS instance
-        shell: bash
-        run: |
-          oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TEST_TOKEN }}"
-          EPHEMERAL_STORAGE=True PROJ_TARGET=e1e498-test APP_USER="wps" IMAGE_STREAM_NAMESPACE=e1e498-tools bash openshift/scripts/oc_provision_db.sh ${SUFFIX} apply
-
-  deploy-test:
-    name: Deploy to Test
-    if: github.triggering_actor != 'renovate'
-    needs: [build-api-image, build-web-image, prepare-test-database]
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Set Variables
-        shell: bash
-        run: |
-          echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
-
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Deploy API to Test
-        shell: bash
-        run: |
-          oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TEST_TOKEN }}"
-          MODULE_NAME=api PROJ_TARGET="e1e498-test" ENVIRONMENT="-test" VANITY_DOMAIN="${SUFFIX}-test-psu.apps.silver.devops.gov.bc.ca" SECOND_LEVEL_DOMAIN="apps.silver.devops.gov.bc.ca" USE_WFWX="True" bash openshift/scripts/oc_deploy.sh ${SUFFIX} apply
-
-      # Just run 1/3 EnvCan cronjobs so there's some model data in DB for comparison against P3 actuals and forecasts
-      # Don't need all model data
-      - name: Environment Canada RDPS cronjob (Donald)
-        shell: bash
-        run: |
-          oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TEST_TOKEN }}"
-          PROJ_TARGET="e1e498-test" bash openshift/scripts/oc_provision_ec_rdps_cronjob.sh ${SUFFIX} apply
-
-  test-configure-nats-server-name:
-    name: Configure nats server name in test
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Set Variables
-        shell: bash
-        run: |
-          echo "SUFFIX=pr-${{ github.event.number }}" >> $GITHUB_ENV
-
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Configure
-        shell: bash
-        run: |
-          oc login "${{ secrets.OPENSHIFT_CLUSTER }}" --token="${{ secrets.OC4_TEST_TOKEN }}"
-          PROJ_TARGET="e1e498-test" bash openshift/scripts/oc_provision_nats_server_config.sh ${SUFFIX} apply

.github/workflows/integration.yml

@@ -63,7 +63,6 @@ jobs:
         if: steps.cache-venv.outputs.cache-hit != 'true'
         working-directory: ./api
         run: |
-          poetry config http-basic.psu ${{ secrets.ARTIFACTORY_PYPI_USERNAME }} ${{ secrets.ARTIFACTORY_PYPI_PASSWORD }}
           poetry run python -m pip install --upgrade pip
           poetry install
           poetry run python -m pip install gdal==$(gdal-config --version)
@@ -139,7 +138,6 @@ jobs:
         if: steps.cache-venv.outputs.cache-hit != 'true'
         working-directory: ./api
         run: |
-          poetry config http-basic.psu ${{ secrets.ARTIFACTORY_PYPI_USERNAME }} ${{ secrets.ARTIFACTORY_PYPI_PASSWORD }}
           poetry run python -m pip install --upgrade pip
           poetry install
           poetry run python -m pip install gdal==$(gdal-config --version)
@@ -175,7 +173,7 @@ jobs:
           poetry run coverage report
           poetry run coverage xml -o coverage-reports/coverage-report.xml
       - name: Archive coverage report (api)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: api-coverage-report
           path: ./api/coverage-reports/coverage-report.xml
@@ -191,8 +189,6 @@ jobs:
         with:
           # For sonar-scanner to work properly we can't use a shallow fetch.
           fetch-depth: 0
-      - name: Setup kernel for react, increase watchers
-        run: echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
         with:
@@ -207,19 +203,13 @@ jobs:
         run: corepack enable
       - name: use new yarn
         run: yarn set version berry
-      - name: Setup yarn for scoped artifactory packages
-        working-directory: ./web
-        run: yarn config set npmScopes.psu.npmRegistryServer https://artifacts.developer.gov.bc.ca/artifactory/api/npm/pe1e-psu-npm-local/ && yarn config set npmScopes.psu.npmAlwaysAuth true && yarn config set npmScopes.psu.npmAuthToken ${{ secrets.ARTIFACTORY_SVCACCT_TOKEN }}
       - name: Install node dependencies (web)
         working-directory: ./web
         if: steps.yarn-cache.outputs.cache-hit != 'true'
         run: yarn install
       - name: Lint (web)
         working-directory: ./web
         run: yarn run lint
-      # "Error: ENOSPC: System limit for number of file watchers reached" can be addressed
-      # with this: https://github.com/guard/listen/wiki/Increasing-the-amount-of-inotify-watchers#the-technical-details
-      # It seems unnecessary at the moment because tests pass anyway
       - name: Cypress tests with coverage (web)
         working-directory: ./web
         run: yarn run cypress:ci
@@ -229,9 +219,8 @@ jobs:
       - name: Merge and finalize test coverage (web)
         working-directory: ./web
         run: yarn run finalizeCoverage
-
       - name: Archive coverage report
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: web-coverage-report
           path: ./web/finalCoverage
@@ -244,7 +233,7 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@v4
       - name: Download all workflow run artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
       - name: Upload test coverage to Codecov
         uses: codecov/codecov-action@v4
         with:

.github/workflows/post_merge_integration.yml

@@ -60,9 +60,6 @@ jobs:
         with:
           path: ~/work/wps/wps/api/.venv
           key: ${{ runner.os }}-venv-poetry-1.6.1-${{ hashFiles('**/poetry.lock') }}
-      - name: Configure artifactory creds for poetry
-        working-directory: ./api
-        run: poetry config http-basic.psu ${{ secrets.ARTIFACTORY_PYPI_USERNAME }}  ${{ secrets.ARTIFACTORY_PYPI_PASSWORD }}
       - name: Install python dependencies using poetry (api)
         if: steps.cache-venv.outputs.cache-hit != 'true'
         working-directory: ./api
@@ -138,9 +135,6 @@ jobs:
         with:
           path: ~/work/wps/wps/api/.venv
           key: ${{ runner.os }}-venv-poetry-1.6.1-${{ hashFiles('**/poetry.lock') }}
-      - name: Configure artifactory creds for poetry
-        working-directory: ./api
-        run: poetry config http-basic.psu ${{ secrets.ARTIFACTORY_PYPI_USERNAME }}  ${{ secrets.ARTIFACTORY_PYPI_PASSWORD }}
       - name: Install python dependencies using poetry (api)
         if: steps.cache-venv.outputs.cache-hit != 'true'
         working-directory: ./api
@@ -174,7 +168,7 @@ jobs:
           poetry run coverage report
           poetry run coverage xml -o coverage-reports/coverage-report.xml
       - name: Archive coverage report (api)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: api-coverage-report
           path: ./api/coverage-reports/coverage-report.xml
@@ -206,9 +200,6 @@ jobs:
         run: corepack enable
       - name: use new yarn
         run: yarn set version berry
-      - name: Setup yarn for scoped artifactory packages
-        working-directory: ./web
-        run: yarn config set npmScopes.psu.npmRegistryServer https://artifacts.developer.gov.bc.ca/artifactory/api/npm/pe1e-psu-npm-local/ && yarn config set npmScopes.psu.npmAlwaysAuth true && yarn config set npmScopes.psu.npmAuthToken ${{ secrets.ARTIFACTORY_SVCACCT_TOKEN }}
       - name: Install node dependencies (web)
         working-directory: ./web
         if: steps.yarn-cache.outputs.cache-hit != 'true'
@@ -230,7 +221,7 @@ jobs:
         run: yarn run finalizeCoverage
 
       - name: Archive coverage report (web)
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: web-coverage-report
           path: ./web/finalCoverage
@@ -243,7 +234,7 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@v4
       - name: Download all workflow run artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
       - name: Upload test coverage to Codecov
         uses: codecov/codecov-action@v4
         with:

.github/workflows/renovate.yml

@@ -12,7 +12,7 @@ jobs:
       - name: Checkout
         uses: actions/[email protected]
       - name: Self-hosted Renovate
-        uses: renovatebot/[email protected].5
+        uses: renovatebot/[email protected].10
         with:
           configurationFile: renovate.json
           token: ${{ secrets.RENOVATE_TOKEN }}

.gitignore

@@ -74,11 +74,7 @@ web/typings/
 .yarn-integrity
 
 # dotenv environment variables file
-api/app/.env
-api/env/.env.test
-api/app/.env.docker
-web/.env
-tileserv/tools/.env
+**/.env
 
 # parcel-bundler cache (https://parceljs.org/)
 .cache

.vscode/launch.json

@@ -117,12 +117,19 @@
             "console": "integratedTerminal",
         },
         {
-            "name": "app.jobs.rdps_sfms ",
+            "name": "app.jobs.rdps_sfms",
             "type": "python",
             "request": "launch",
             "module": "app.jobs.rdps_sfms",
             "console": "integratedTerminal"
         },
+        {
+            "name": "local critical hours",
+            "type": "python",
+            "request": "launch",
+            "module": "app.auto_spatial_advisory.critical_hours",
+            "console": "integratedTerminal"
+        },
         {
             "name": "Chrome",
             "type": "pwa-chrome",

.vscode/settings.json

@@ -8,7 +8,6 @@
         ".github": false,
         "**/.pytest_cache": true,
         "**/__pycache__**": true,
-        "web/node_modules": true,
         "api/python_cache": true,
         "api/.venv": true
     },
@@ -66,11 +65,14 @@
         "Behaviour",
         "botocore",
         "cffdrs",
+        "colour",
         "cutline",
+        "CWFIS",
         "determinates",
         "excinfo",
         "fastapi",
         "FBAN",
+        "ffmc",
         "fireweather",
         "firezone",
         "GDPS",
@@ -87,6 +89,7 @@
         "HRDPS",
         "idir",
         "Indeterminates",
+        "Kamloops",
         "luxon",
         "maxx",
         "maxy",
@@ -107,13 +110,16 @@
         "PROJCS",
         "pydantic",
         "RDPS",
+        "reduxjs",
         "reproject",
         "rocketchat",
         "rollup",
+        "rtol",
         "sessionmaker",
         "sfms",
         "sqlalchemy",
         "starlette",
+        "testid",
         "tobytes",
         "upsampled",
         "uvicorn",

Dockerfile

@@ -2,8 +2,7 @@ ARG DOCKER_IMAGE=image-registry.openshift-image-registry.svc:5000/e1e498-tools/w
 # To build locally, point to a local base image you've already built (see openshift/wps-api-base)
 # e.g. : docker build --build-arg DOCKER_IMAGE=wps-api-base:my-tag .
 
-# Stage 1: Install Python packages, including internally published cffdrs. Installation from artifactory
-# requires a username/password which we don't want in our final image, so we use a multi-stage build. 
+# Stage 1: Install Python packages
 FROM ${DOCKER_IMAGE} AS builder
 
 # We don't want to run our app as root, so we define a worker user.
@@ -29,11 +28,6 @@ RUN python -m pip install --upgrade pip
 # Copy poetry files.
 COPY --chown=$USERNAME:$USERNAME ./api/pyproject.toml ./api/poetry.lock /app/
 
-ARG ARTIFACTORY_PYPI_USERNAME
-ARG ARTIFACTORY_PYPI_PASSWORD
-
-RUN poetry config http-basic.psu "$ARTIFACTORY_PYPI_USERNAME" "$ARTIFACTORY_PYPI_PASSWORD"
-
 # Install dependencies.
 RUN poetry install --without dev
 # Get a python binding for gdal that matches the version of gdal we have installed.

Dockerfile.web

@@ -6,30 +6,20 @@
 ARG NODE_OPTIONS="--v8-pool-size=4"
 
 # PHASE 1 - build frontend.
-# Pull from local registry - we can't pull from docker due to limits.
-# see https://catalog.redhat.com/software/containers/ubi9/nodejs-20/64770ac7a835530172eee6a9 for
-# details
-FROM registry.access.redhat.com/ubi9/nodejs-20 as static
-
+FROM node:20-alpine AS static
 # Switch to root user for package installs
 USER 0
+WORKDIR /app
 
 COPY web/package.json .
 COPY web/yarn.lock . 
 COPY web/.yarnrc.yml .
 # do install first so it will be cached
-RUN npm install -g --ignore-scripts corepack
-RUN corepack enable
-RUN yarn set version berry
-RUN yarn config set npmScopes.psu.npmRegistryServer https://artifacts.developer.gov.bc.ca/artifactory/api/npm/pe1e-psu-npm-local/
-RUN yarn config set npmScopes.psu.npmAlwaysAuth true 
-RUN yarn config set npmScopes.psu.npmAuthToken ${ARTIFACTORY_SVCACCT_TOKEN}
-RUN CYPRESS_INSTALL_BINARY=0 yarn install --immutable
+RUN corepack enable \
+    && yarn set version berry \
+    && CYPRESS_INSTALL_BINARY=0 yarn install --immutable
 COPY web .
-RUN yarn run build:prod
-
-# Remove sourcemaps after they've been uploaded to sentry
-RUN rm build/static/js/**.map
+RUN yarn run build:prod 
 
 # Switch back to default user
 USER 1001
@@ -42,7 +32,7 @@ FROM registry.access.redhat.com/ubi8/nginx-120
 ADD ./openshift/nginx.conf "${NGINX_CONF_PATH}"
 
 # Copy the static content:
-COPY --from=static /opt/app-root/src/build .
+COPY --from=static /app/build .
 
 EXPOSE 3000
 CMD nginx -g "daemon off;"