PR for new qmpy version V1.5 - last upgrade before cloud transitioning

.dockerignore

@@ -0,0 +1,68 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.cache
+nosetests.xml
+coverage.xml
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# Rope
+.ropeproject
+
+# Django stuff:
+*.log
+*.pot
+
+# Sphinx documentation is needed 
+# to be included unlike in .gitignore
+#
+# Because, symlinks does not work 
+# inside docker as of Docker v20.10.12
+#docs/_build/
+
+# Linux tempfiles
+*.swp
+
+# Django migrations
+*/migrations
+
+# Implementation Secrets
+.env
+
+# Git-related
+.git*

.env.example

@@ -0,0 +1,114 @@
+#################################################################################
+# This is an example file with all the required environment variables to 
+# create the ".env" file. For security reasons, ".env" is not included in 
+# version control (see .gitignore) and thus, not pushed to GitHub.
+#
+# Steps to follow:
+#
+#     Step 1: Copy this file (".env.example") to a new file named ".env" in 
+#             this directory.
+#
+#     Step 2: Close this file (".env.example") and open the new file (".env")
+#             and proceed to the Step 3 from ".env".
+#
+#     Step 3: Modify the environment values below to match your system and 
+#             configuration.
+#
+#     Step 4: Save this ".env" file.
+#
+################################################################################
+
+# Database-related variables.
+#
+#     Make sure to set them to match your MySQL DB configuration.
+#     See their usage in qmpy/db/settings.py file. 
+#     In short, they are used to define Django's DATABASES dictionary
+OQMD_DB_name=qmdb
+OQMD_DB_user=root
+OQMD_DB_pswd=secret
+OQMD_DB_host=127.0.0.1
+OQMD_DB_port=3306
+
+
+# Web-hosting related variables
+#
+#     The "OQMD_WEB_hosts" variable holds comma-separated hostnames that are
+#     to be included in Django's ALLOWED_HOSTS tag. 
+#     See qmpy/qmpy/db/settings.py file.
+#
+#     Set OQMD_WEB_debug=True only when the server is not in production.
+#     OQMD_WEB_debug=False prints too many details during error enounters -> high security risk
+OQMD_WEB_hosts=0.0.0.0,example.com,localhost,127.0.0.1,www.example.com
+OQMD_WEB_debug=False
+
+
+# REST API-related variables
+#     These values are required to make queries from the /api/search page
+#     Regular REST API from /optimade/ and /oqmdapi/ pages would work fine even without these
+#     These values should match the host:port values provided in server hosting command
+#     Eg: 
+#         A server hosted using "python manage.py runserver example.com:8888" should
+#         have OQMD_REST_baseURL='http://example.com:8888'
+OQMD_REST_baseURL="http://127.0.0.1:8000"
+
+
+# Static file storage-related variables
+#     These values are used in qmpy/db/settings.py file.
+#     The correct values for your implementation depends on where the static files are stored
+#     for your server.
+#
+#     "OQMD_STATIC_root" and "OQMD_STATIC_url" are assigned to Django's STATIC_ROOT 
+#     and STATIC_URL respectively.
+#     https://docs.djangoproject.com/en/2.2/ref/contrib/staticfiles/#settings
+#
+#     OQMD_USE_CDN refers to whether CDN-hosted JS files are to be loaded instead of
+#     local static JS files
+#     Used in qmpy/templatetags/custom_filters.py
+OQMD_STATIC_root=/static/
+OQMD_STATIC_url=/static/
+OQMD_USE_CDN=True
+
+# Secret Key for signing cookies, hash generation and some authentication in Django.
+#
+# It's more significant in Django servers where the user authentication 
+# is required, unlike oqmd.org
+# 
+#    More details: 
+#        https://docs.djangoproject.com/en/2.2/ref/settings/#secret-key
+#
+#    You can simply generate a 50 character key anytime.
+#        https://github.com/django/django/blob/stable/2.2.x/django/core/management/utils.py#L76
+#    The key given is randomly generated, but not used in any of our servers:
+OQMD_DJANGO_secretkey='48o2)h#gwow!iyg&__4d%zkv8v&h=n!sv)0rvj$*1yj8tw0riu'
+
+# URL of the PHP server to do CORS operations for JSMOL.
+# More details:
+#        https://wiki.jmol.org/index.php/Jmol_JavaScript_Object/Info
+#
+# According to the official docs, if you can't host a php server,
+# it is fine to set the value as:
+#        https://chemapps.stolaf.edu/jmol/jsmol/php/jsmol.php
+
+JSMOL_serverURL='/static/js/jsmol/php/jsmol.php'
+
+
+
+# Redis cache server - optional
+# _____________________________
+# Currently (as of March, 2022), Redis is used in OQMD only for 
+# storing data to do custom structure visualization. 
+# Leave this section commented - just like this, if you don't 
+# have a redis server running.
+#
+# If you wanna use Redis with qmpy,
+# first install and start a redis server in your machine:
+#         https://redis.io/docs/getting-started/
+# Now install redis's python handler in qmpy's python environment:
+#         pip install redis
+
+# Once the redis dependency is installed and the server is running,
+# uncomment the lines below and set the correct Redis server host and port
+
+#REDIS_SERVER_HOST=127.0.0.1
+#REDIS_SERVER_PORT=6379
+

.github/workflows/ci.yml

@@ -0,0 +1,71 @@
+# OQMD CI workflow
+name: qmpy ci workflow
+
+on:
+  pull_request:
+    branches:
+      - master
+      - develop
+  push:
+    branches:
+      - master
+
+jobs:
+  health-check-job: # running basic health checks
+    runs-on: ubuntu-latest # currently testing out only in ubuntu
+    env:
+      QMPY_ENV_FILEPATH: .env.example
+    services:
+      mysql: # latest mysql image is tested
+        image: mysql
+        env: 
+          MYSQL_ROOT_PASSWORD: secret
+          MYSQL_DATABASE: qmdb
+          MYSQL_USER: qmpy_user
+          MYSQL_PASSWORD: secret
+        ports:
+          - 3306:3306 # exposing the default 3306 port
+        # mysql healthcheck
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Cache dependency 
+        uses: actions/cache@v2
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+      - name: Install Graphviz
+        run: sudo apt-get install -y graphviz graphviz-dev
+      - name: Setup python environment # Need to change this section after Python version upgrades
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.9'
+      - name: Check Python version 
+        run: python --version
+      - name: Install qmpy
+        run: python setup.py install
+      - name: Set ENV
+        run: echo "QMPY_ENV_FILEPATH=${GITHUB_WORKSPACE}/.env.example" >> $GITHUB_ENV
+      - name: Make Migrations
+        run: python manage.py makemigrations auth qmpy contenttypes sites
+        working-directory: qmpy/db
+      - name: Run Migrations
+        run: python manage.py migrate
+        working-directory: qmpy/db
+      - name: Run Tests
+        run: python manage.py test qmpy
+        working-directory: qmpy/db
+
+        # Container-related
+      - name: Build dev docker image
+        run: docker build . --file dockerfiles/Dockerfile.debug -t qmpy_debug
+      - name: Build a production docker image
+        run: docker build . --file dockerfiles/Dockerfile.gunicorn -t qmpy_deploy
+      - name: Run the dev server in a container
+        run: docker run -dp 8000:8000 qmpy_debug
+
+      # OPTIMADE validator action may be implemented later
+

.github/workflows/codeql.yaml

@@ -0,0 +1,39 @@
+# CodeQL (from LGTM) Action to perform semantic code analysis 
+# https://github.com/github/codeql-action
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+

.gitignore

@@ -56,3 +56,7 @@ docs/_build/
 
 # Django migrations
 */migrations
+
+# Implementation Secrets
+.env
+cloudbuild.yaml

.pre-commit-config.yaml

@@ -0,0 +1,7 @@
+repos:
+-   repo: https://github.com/psf/black
+    rev: 22.1.0
+    hooks:
+    - id: black
+      language: python
+      files: \.py$

SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Support for Vulnerability Fixes
+
+Due to the very limited availability of resources from our side, we're currently able to 
+provide only annual updates, and only on the master branch. The pip pckages are updated less
+frequently. 
+The dependent packages are recommended to be installed from `requirements.txt` than from
+`requirements-pinned.txt` whenever possible to get the latest patched versions.
+
+## Reporting a Vulnerability
+
+A vulnerability can be reported either via Github Discussions or as an Issue. Please make sure 
+to add appropriate tags, if applicable, and any suggestions on how to fix this vulenrability
+would also be highly appreciated.
+We would act on the problem as soon as possible, based on its severity.