Skip to content

use cloudsql (#1931) #1932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bolyachevets merged 1 commit into from
Nov 17, 2025
Merged

use cloudsql (#1931) #1932

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 14 additions & 15 deletions jobs/notebook-report/.env.smample
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,16 @@
export NAMEX_DATABASE_USERNAME=
export NAMEX_DATABASE_PASSWORD=
export NAMEX_DATABASE_NAME=
export NAMEX_DATABASE_HOST=
export NAMEX_DATABASE_PORT=
DATABASE_NAME=
DATABASE_USERNAME=
DATABASE_INSTANCE_CONNECTION_NAME=
DATABASE_SCHEMA=

export APP_FILE=
export DAILY_REPORT_RECIPIENTS= #- comma separated without any space between recipient emails
export WEEKLY_REPORT_NAMEX_RECIPIENTS= #- comma separated without any space between recipient emails
export WEEK_REPORT_DATE= #- e.g [0,1] means running on Monday and Tuesday
export ERROR_EMAIL_RECIPIENTS= #- comma separated without any space between recipient emails
export ENVIRONMENT=
APP_FILE=
DAILY_REPORT_RECIPIENTS= #- comma separated without any space between recipient emails
WEEKLY_REPORT_NAMEX_RECIPIENTS= #- comma separated without any space between recipient emails
WEEK_REPORT_DATE= #- e.g [0,1] means running on Monday and Tuesday
ERROR_EMAIL_RECIPIENTS= #- comma separated without any space between recipient emails
ENVIRONMENT=

export NOTIFY_API_URL=
export KEYCLOAK_CLIENT_ID=
export KEYCLOAK_CLIENT_SECRET=
export KEYCLOAK_AUTH_TOKEN_URL=
NOTIFY_API_URL=
KEYCLOAK_CLIENT_ID=
KEYCLOAK_CLIENT_SECRET=
KEYCLOAK_AUTH_TOKEN_URL=
89 changes: 47 additions & 42 deletions jobs/notebook-report/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
FROM python:3.12.2
USER root
FROM python:3.12-slim AS development_build

ARG VCS_REF="missing"
ARG BUILD_DATE="missing"
Expand All @@ -8,38 +7,38 @@ ENV VCS_REF=${VCS_REF}
ENV BUILD_DATE=${BUILD_DATE}

LABEL org.label-schema.vcs-ref=${VCS_REF} \
org.label-schema.build-date=${BUILD_DATE}
org.label-schema.build-date=${BUILD_DATE} \
vendor="BCROS"

USER root

ARG APP_ENV \
# Needed for fixing permissions of files created by Docker:
UID=1000 \
GID=1000
# Needed for fixing permissions of files created by Docker:
UID=1000 \
GID=1000

ENV APP_ENV=${APP_ENV} \
# python:
PYTHONFAULTHANDLER=1 \
PYTHONUNBUFFERED=1 \
PYTHONHASHSEED=random \
PYTHONDONTWRITEBYTECODE=1 \
# pip:
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1 \
PIP_DEFAULT_TIMEOUT=100 \
PIP_ROOT_USER_ACTION=ignore \
# poetry:
POETRY_VERSION=1.3.2 \
POETRY_NO_INTERACTION=1 \
POETRY_VIRTUALENVS_CREATE=false \
POETRY_CACHE_DIR='/var/cache/pypoetry' \
POETRY_HOME='/usr/local'
# python:
PYTHONFAULTHANDLER=1 \
PYTHONUNBUFFERED=1 \
PYTHONHASHSEED=random \
PYTHONDONTWRITEBYTECODE=1 \
# pip:
PIP_NO_CACHE_DIR=1 \
PIP_DISABLE_PIP_VERSION_CHECK=1 \
PIP_DEFAULT_TIMEOUT=100 \
PIP_ROOT_USER_ACTION=ignore \
# poetry:
POETRY_VERSION=2.1.3 \
POETRY_NO_INTERACTION=1 \
POETRY_VIRTUALENVS_CREATE=false \
POETRY_CACHE_DIR='/var/cache/pypoetry' \
POETRY_HOME='/usr/local'

SHELL ["/bin/bash", "-eo", "pipefail", "-c"]

# Install system dependencies
RUN apt-get update && apt-get upgrade -y \
&& apt-get install --no-install-recommends -y \
&& apt-get install --no-install-recommends -y \
bash \
brotli \
build-essential \
Expand All @@ -48,35 +47,41 @@ RUN apt-get update && apt-get upgrade -y \
git \
libpq-dev \
wait-for-it \
&& curl -sSL 'https://install.python-poetry.org' | python - \
&& poetry --version \
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*
&& curl -sSL 'https://install.python-poetry.org' | python - \
&& poetry --version \
# Cleaning cache:
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& apt-get clean -y && rm -rf /var/lib/apt/lists/*

# Setup the application directory
WORKDIR /code

RUN groupadd -g "${GID}" -r web \
&& useradd -d '/code' -g web -l -r -u "${UID}" web \
&& chown web:web -R '/code'
&& useradd -d '/code' -g web -l -r -u "${UID}" web \
&& chown web:web -R '/code'

# Copy the application code and scripts
COPY --chown=web:web . /code
RUN chmod 755 /code/run.sh

# Echo the current Poetry configuration
RUN echo "Checking Poetry configurations..." \
&& poetry config --list

# Initialize project and install dependencies
COPY --chown=web:web ./run.sh /code/run.sh
RUN chmod 755 /code/run.sh
# Project initialization:
RUN --mount=type=cache,target="$POETRY_CACHE_DIR" \
echo "Installing dependencies under APP_ENV=$APP_ENV..." \
&& poetry run pip install -U pip \
&& poetry install $(if [ -z ${APP_ENV+x} ] || [ "$APP_ENV" = 'production' ]; then echo '--only main'; fi) \
echo "$APP_ENV" \
&& poetry version \
&& poetry config installer.max-workers 1 \
# Install deps:
&& poetry run pip install -U pip \
&& poetry install \
$(if [ -z ${APP_ENV+x} ] | [ "$APP_ENV" = 'production' ]; then echo '--only main'; fi) \
--no-interaction --no-ansi

# Switch to the non-root user
# Running as non-root user:
USER web

# Stage 2: Production image (lighter)
FROM development_build AS production_build
COPY --chown=web:web . /code
RUN chmod -R 755 /code/run.sh

EXPOSE 8080

CMD [ "/bin/sh", "/code/run.sh" ]
10 changes: 5 additions & 5 deletions jobs/notebook-report/devops/vaults.gcp.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
NAMEX_DATABASE_UNIX_SOCKET="op://database/$APP_ENV/namex-db-gcp/DATABASE_UNIX_SOCKET"
NAMEX_DATABASE_NAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_NAME"
NAMEX_DATABASE_PASSWORD="op://database/$APP_ENV/namex-db-gcp/DATABASE_PASSWORD"
NAMEX_DATABASE_PORT="op://database/$APP_ENV/namex-db-gcp/DATABASE_PORT"
NAMEX_DATABASE_USERNAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_USERNAME"
DATABASE_NAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_NAME"
DATABASE_USERNAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_USERNAME"
DATABASE_INSTANCE_CONNECTION_NAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_INSTANCE_CONNECTION_NAME"
DATABASE_SCHEMA="op://database/$APP_ENV/namex-db-gcp/DATABASE_SCHEMA"
APP_FILE="op://namex/$APP_ENV/notebook-report/APP_FILE"
DAILY_REPORT_RECIPIENTS="op://namex/$APP_ENV/notebook-report/DAILY_REPORT_RECIPIENTS"
WEEKLY_REPORT_NAMEX_RECIPIENTS="op://namex/$APP_ENV/notebook-report/WEEKLY_REPORT_NAMEX_RECIPIENTS"
Expand All @@ -14,3 +13,4 @@ NOTIFY_API_VERSION="op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION"
KEYCLOAK_AUTH_TOKEN_URL="op://keycloak/$APP_ENV/base/KEYCLOAK_AUTH_TOKEN_URL"
KEYCLOAK_CLIENT_ID="op://keycloak/$APP_ENV/entity-service-account/ENTITY_SERVICE_ACCOUNT_CLIENT_ID"
KEYCLOAK_CLIENT_SECRET="op://keycloak/$APP_ENV/entity-service-account/ENTITY_SERVICE_ACCOUNT_CLIENT_SECRET"
VPC_CONNECTOR="op://CD/$APP_ENV/base/VPC_CONNECTOR"
Loading
Loading