mirror of
https://github.com/resf/distro-tools.git
synced 2024-12-04 18:56:56 +00:00
Initial commit
This commit is contained in:
commit
6d955c9925
1
.bazelignore
Normal file
1
.bazelignore
Normal file
@ -0,0 +1 @@
|
||||
node_modules
|
35
.bazelrc
Normal file
35
.bazelrc
Normal file
@ -0,0 +1,35 @@
|
||||
# Java
|
||||
test --test_env='LC_ALL=en_US.UTF-8'
|
||||
test --test_env='LANG=en_US.UTF-8'
|
||||
test --jvmopt='-Dsun.jnu.encoding=UTF-8'
|
||||
test --jvmopt='-Dfile.encoding=UTF-8'
|
||||
build --test_env='LC_ALL=en_US.UTF-8'
|
||||
build --jvmopt='-Dsun.jnu.encoding=UTF-8'
|
||||
build --jvmopt='-Dfile.encoding=UTF-8'
|
||||
build --test_env='LANG=en_US.UTF-8'
|
||||
test --test_env=PATH
|
||||
|
||||
build --java_language_version=11
|
||||
test --java_language_version=11
|
||||
|
||||
# C++
|
||||
build --client_env=CC=clang
|
||||
build --copt=-DGRPC_BAZEL_BUILD
|
||||
build --cxxopt='-std=c++14'
|
||||
build --action_env=GRPC_BAZEL_RUNTIME=1
|
||||
build --define=use_fast_cpp_protos=true
|
||||
|
||||
# Just build tests when testing
|
||||
test --build_tests_only
|
||||
|
||||
build --incompatible_strict_action_env=true
|
||||
|
||||
# Minimize what is downloaded
|
||||
build:inmemory --experimental_inmemory_jdeps_files
|
||||
build:inmemory --experimental_inmemory_dotd_files
|
||||
|
||||
# Minimize what is downloaded
|
||||
build:toplevel --config=inmemory
|
||||
build:toplevel --experimental_remote_download_outputs=toplevel
|
||||
|
||||
build --stamp=true
|
1
.bazelversion
Normal file
1
.bazelversion
Normal file
@ -0,0 +1 @@
|
||||
5.4.0
|
1
.clang-format
Normal file
1
.clang-format
Normal file
@ -0,0 +1 @@
|
||||
BasedOnStyle: Google
|
1
.env
Normal file
1
.env
Normal file
@ -0,0 +1 @@
|
||||
DATABASE_URL="postgres://postgres:postgres@localhost:5432/apollo2development?sslmode=disable"
|
8
.gitignore
vendored
Normal file
8
.gitignore
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
.idea
|
||||
.ijwb
|
||||
/.*.venv
|
||||
.venv
|
||||
*.pyc
|
||||
bazel-*
|
||||
__pycache__
|
||||
node_modules
|
4
.prettierrc
Normal file
4
.prettierrc
Normal file
@ -0,0 +1,4 @@
|
||||
{
|
||||
"tabWidth": 2,
|
||||
"singleQuote": true
|
||||
}
|
432
.pylintrc
Normal file
432
.pylintrc
Normal file
@ -0,0 +1,432 @@
|
||||
# This Pylint rcfile contains a best-effort configuration to uphold the
|
||||
# best-practices and style described in the Google Python style guide:
|
||||
# https://google.github.io/styleguide/pyguide.html
|
||||
#
|
||||
# Its canonical open-source location is:
|
||||
# https://google.github.io/styleguide/pylintrc
|
||||
|
||||
[MASTER]
|
||||
|
||||
# Files or directories to be skipped. They should be base names, not paths.
|
||||
ignore-paths=third_party
|
||||
|
||||
# Files or directories matching the regex patterns are skipped. The regex
|
||||
# matches against base names, not paths.
|
||||
ignore-patterns=^third_party/.*$,
|
||||
^generated/.*$
|
||||
|
||||
# Pickle collected data for later comparisons.
|
||||
persistent=no
|
||||
|
||||
# List of plugins (as comma separated values of python modules names) to load,
|
||||
# usually to register additional checkers.
|
||||
load-plugins=tortoise.contrib.pylint
|
||||
|
||||
# Use multiple processes to speed up Pylint.
|
||||
jobs=4
|
||||
|
||||
# Allow loading of arbitrary C extensions. Extensions are imported into the
|
||||
# active Python interpreter and may run arbitrary code.
|
||||
unsafe-load-any-extension=no
|
||||
|
||||
|
||||
[MESSAGES CONTROL]
|
||||
|
||||
# Only show warnings with the listed confidence levels. Leave empty to show
|
||||
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
|
||||
confidence=
|
||||
|
||||
# Enable the message, report, category or checker with the given id(s). You can
|
||||
# either give multiple identifier separated by comma (,) or put this option
|
||||
# multiple time (only on the command line, not in the configuration file where
|
||||
# it should appear only once). See also the "--disable" option for examples.
|
||||
#enable=
|
||||
|
||||
# Disable the message, report, category or checker with the given id(s). You
|
||||
# can either give multiple identifiers separated by comma (,) or put this
|
||||
# option multiple times (only on the command line, not in the configuration
|
||||
# file where it should appear only once).You can also use "--disable=all" to
|
||||
# disable everything first and then reenable specific checks. For example, if
|
||||
# you want to run only the similarities checker, you can use "--disable=all
|
||||
# --enable=similarities". If you want to run only the classes checker, but have
|
||||
# no Warning level messages displayed, use"--disable=all --enable=classes
|
||||
# --disable=W"
|
||||
disable=abstract-method,
|
||||
apply-builtin,
|
||||
arguments-differ,
|
||||
attribute-defined-outside-init,
|
||||
backtick,
|
||||
bad-option-value,
|
||||
basestring-builtin,
|
||||
buffer-builtin,
|
||||
c-extension-no-member,
|
||||
consider-using-enumerate,
|
||||
cmp-builtin,
|
||||
cmp-method,
|
||||
coerce-builtin,
|
||||
coerce-method,
|
||||
delslice-method,
|
||||
div-method,
|
||||
duplicate-code,
|
||||
eq-without-hash,
|
||||
execfile-builtin,
|
||||
file-builtin,
|
||||
filter-builtin-not-iterating,
|
||||
fixme,
|
||||
getslice-method,
|
||||
global-statement,
|
||||
hex-method,
|
||||
idiv-method,
|
||||
implicit-str-concat,
|
||||
import-error,
|
||||
import-self,
|
||||
import-star-module-level,
|
||||
inconsistent-return-statements,
|
||||
input-builtin,
|
||||
intern-builtin,
|
||||
invalid-str-codec,
|
||||
locally-disabled,
|
||||
long-builtin,
|
||||
long-suffix,
|
||||
map-builtin-not-iterating,
|
||||
misplaced-comparison-constant,
|
||||
missing-function-docstring,
|
||||
missing-module-docstring,
|
||||
missing-class-docstring,
|
||||
metaclass-assignment,
|
||||
next-method-called,
|
||||
next-method-defined,
|
||||
no-absolute-import,
|
||||
no-else-break,
|
||||
no-else-continue,
|
||||
no-else-raise,
|
||||
no-else-return,
|
||||
no-init, # added
|
||||
no-member,
|
||||
no-name-in-module,
|
||||
no-self-use,
|
||||
nonzero-method,
|
||||
oct-method,
|
||||
old-division,
|
||||
old-ne-operator,
|
||||
old-octal-literal,
|
||||
old-raise-syntax,
|
||||
parameter-unpacking,
|
||||
print-statement,
|
||||
raising-string,
|
||||
range-builtin-not-iterating,
|
||||
raw_input-builtin,
|
||||
rdiv-method,
|
||||
reduce-builtin,
|
||||
relative-import,
|
||||
reload-builtin,
|
||||
round-builtin,
|
||||
setslice-method,
|
||||
signature-differs,
|
||||
standarderror-builtin,
|
||||
suppressed-message,
|
||||
sys-max-int,
|
||||
too-few-public-methods,
|
||||
too-many-ancestors,
|
||||
too-many-arguments,
|
||||
too-many-boolean-expressions,
|
||||
too-many-branches,
|
||||
too-many-instance-attributes,
|
||||
too-many-locals,
|
||||
too-many-nested-blocks,
|
||||
too-many-public-methods,
|
||||
too-many-return-statements,
|
||||
too-many-statements,
|
||||
trailing-newlines,
|
||||
unichr-builtin,
|
||||
unicode-builtin,
|
||||
unnecessary-pass,
|
||||
unpacking-in-except,
|
||||
useless-else-on-loop,
|
||||
useless-object-inheritance,
|
||||
useless-suppression,
|
||||
using-cmp-argument,
|
||||
wrong-import-order,
|
||||
xrange-builtin,
|
||||
zip-builtin-not-iterating,
|
||||
|
||||
|
||||
[REPORTS]
|
||||
|
||||
# Set the output format. Available formats are text, parseable, colorized, msvs
|
||||
# (visual studio) and html. You can also give a reporter class, eg
|
||||
# mypackage.mymodule.MyReporterClass.
|
||||
output-format=text
|
||||
|
||||
# Tells whether to display a full report or only the messages
|
||||
reports=no
|
||||
|
||||
# Python expression which should return a note less than 10 (10 is the highest
|
||||
# note). You have access to the variables errors warning, statement which
|
||||
# respectively contain the number of errors / warnings messages and the total
|
||||
# number of statements analyzed. This is used by the global evaluation report
|
||||
# (RP0004).
|
||||
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
|
||||
|
||||
# Template used to display messages. This is a python new-style format string
|
||||
# used to format the message information. See doc for all details
|
||||
#msg-template=
|
||||
|
||||
|
||||
[BASIC]
|
||||
|
||||
# Good variable names which should always be accepted, separated by a comma
|
||||
good-names=main,_
|
||||
|
||||
# Bad variable names which should always be refused, separated by a comma
|
||||
bad-names=
|
||||
|
||||
# Colon-delimited sets of names that determine each other's naming style when
|
||||
# the name regexes allow several styles.
|
||||
name-group=
|
||||
|
||||
# Include a hint for the correct naming format with invalid-name
|
||||
include-naming-hint=no
|
||||
|
||||
# List of decorators that produce properties, such as abc.abstractproperty. Add
|
||||
# to this list to register other decorators that produce valid properties.
|
||||
property-classes=abc.abstractproperty,cached_property.cached_property,cached_property.threaded_cached_property,cached_property.cached_property_with_ttl,cached_property.threaded_cached_property_with_ttl
|
||||
|
||||
# Regular expression matching correct function names
|
||||
function-rgx=^(?:(?P<exempt>setUp|tearDown|setUpModule|tearDownModule)|(?P<camel_case>_?[A-Z][a-zA-Z0-9]*)|(?P<snake_case>_?[a-z][a-z0-9_]*))$
|
||||
|
||||
# Regular expression matching correct variable names
|
||||
variable-rgx=^[a-z][a-z0-9_]*$
|
||||
|
||||
# Regular expression matching correct constant names
|
||||
const-rgx=^(_?[A-Z][A-Z0-9_]*|__[a-z0-9_]+__|_?[a-z][a-z0-9_]*)$
|
||||
|
||||
# Regular expression matching correct attribute names
|
||||
attr-rgx=^_{0,2}[a-z][a-z0-9_]*$
|
||||
|
||||
# Regular expression matching correct argument names
|
||||
argument-rgx=^[a-z][a-z0-9_]*$
|
||||
|
||||
# Regular expression matching correct class attribute names
|
||||
class-attribute-rgx=^(_?[A-Z][A-Z0-9_]*|__[a-z0-9_]+__|_?[a-z][a-z0-9_]*)$
|
||||
|
||||
# Regular expression matching correct inline iteration names
|
||||
inlinevar-rgx=^[a-z][a-z0-9_]*$
|
||||
|
||||
# Regular expression matching correct class names
|
||||
class-rgx=^_?[A-Z][a-zA-Z0-9]*$
|
||||
|
||||
# Regular expression matching correct module names
|
||||
module-rgx=^(_?[a-z][a-z0-9_]*|__init__|__main__)$
|
||||
|
||||
# Regular expression matching correct method names
|
||||
method-rgx=(?x)^(?:(?P<exempt>_[a-z0-9_]+__|runTest|setUp|tearDown|setUpTestCase|tearDownTestCase|setupSelf|tearDownClass|setUpClass|(test|assert)_*[A-Z0-9][a-zA-Z0-9_]*|next)|(?P<camel_case>_{0,2}[A-Z][a-zA-Z0-9_]*)|(?P<snake_case>_{0,2}[a-z][a-z0-9_]*))$
|
||||
|
||||
# Regular expression which should only match function or class names that do
|
||||
# not require a docstring.
|
||||
no-docstring-rgx=(__.*__|main|test.*|.*test|.*Test)$
|
||||
|
||||
# Minimum line length for functions/classes that require docstrings, shorter
|
||||
# ones are exempt.
|
||||
docstring-min-length=10
|
||||
|
||||
|
||||
[TYPECHECK]
|
||||
|
||||
# List of decorators that produce context managers, such as
|
||||
# contextlib.contextmanager. Add to this list to register other decorators that
|
||||
# produce valid context managers.
|
||||
contextmanager-decorators=contextlib.contextmanager,contextlib2.contextmanager
|
||||
|
||||
# Tells whether missing members accessed in mixin class should be ignored. A
|
||||
# mixin class is detected if its name ends with "mixin" (case insensitive).
|
||||
ignore-mixin-members=yes
|
||||
|
||||
# List of module names for which member attributes should not be checked
|
||||
# (useful for modules/projects where namespaces are manipulated during runtime
|
||||
# and thus existing member attributes cannot be deduced by static analysis. It
|
||||
# supports qualified module names, as well as Unix pattern matching.
|
||||
ignored-modules=
|
||||
|
||||
# List of class names for which member attributes should not be checked (useful
|
||||
# for classes with dynamically set attributes). This supports the use of
|
||||
# qualified names.
|
||||
ignored-classes=optparse.Values,thread._local,_thread._local
|
||||
|
||||
# List of members which are set dynamically and missed by pylint inference
|
||||
# system, and so shouldn't trigger E1101 when accessed. Python regular
|
||||
# expressions are accepted.
|
||||
generated-members=
|
||||
|
||||
|
||||
[FORMAT]
|
||||
|
||||
# Maximum number of characters on a single line.
|
||||
max-line-length=160
|
||||
|
||||
# TODO(https://github.com/PyCQA/pylint/issues/3352): Direct pylint to exempt
|
||||
# lines made too long by directives to pytype.
|
||||
|
||||
# Regexp for a line that is allowed to be longer than the limit.
|
||||
ignore-long-lines=(?x)(
|
||||
^\s*(\#\ )?<?https?://\S+>?$|
|
||||
^\s*(from\s+\S+\s+)?import\s+.+$)
|
||||
|
||||
# Allow the body of an if to be on the same line as the test if there is no
|
||||
# else.
|
||||
single-line-if-stmt=yes
|
||||
|
||||
# Maximum number of lines in a module
|
||||
max-module-lines=99999
|
||||
|
||||
# String used as indentation unit. The internal Google style guide mandates 2
|
||||
# spaces. Google's externaly-published style guide says 4, consistent with
|
||||
# PEP 8. Here, we use 2 spaces, for conformity with many open-sourced Google
|
||||
# projects (like TensorFlow).
|
||||
indent-string=' '
|
||||
|
||||
# Number of spaces of indent required inside a hanging or continued line.
|
||||
indent-after-paren=4
|
||||
|
||||
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
|
||||
expected-line-ending-format=
|
||||
|
||||
|
||||
[MISCELLANEOUS]
|
||||
|
||||
# List of note tags to take in consideration, separated by a comma.
|
||||
notes=TODO
|
||||
|
||||
|
||||
[STRING]
|
||||
|
||||
# This flag controls whether inconsistent-quotes generates a warning when the
|
||||
# character used as a quote delimiter is used inconsistently within a module.
|
||||
check-quote-consistency=yes
|
||||
|
||||
|
||||
[VARIABLES]
|
||||
|
||||
# Tells whether we should check for unused import in __init__ files.
|
||||
init-import=no
|
||||
|
||||
# A regular expression matching the name of dummy variables (i.e. expectedly
|
||||
# not used).
|
||||
dummy-variables-rgx=^\*{0,2}(_$|unused_|dummy_)
|
||||
|
||||
# List of additional names supposed to be defined in builtins. Remember that
|
||||
# you should avoid to define new builtins when possible.
|
||||
additional-builtins=
|
||||
|
||||
# List of strings which can identify a callback function by name. A callback
|
||||
# name must start or end with one of those strings.
|
||||
callbacks=cb_,_cb
|
||||
|
||||
# List of qualified module names which can have objects that can redefine
|
||||
# builtins.
|
||||
redefining-builtins-modules=six,six.moves,past.builtins,future.builtins,functools
|
||||
|
||||
|
||||
[LOGGING]
|
||||
|
||||
# Logging modules to check that the string format arguments are in logging
|
||||
# function parameter format
|
||||
logging-modules=logging,absl.logging,tensorflow.io.logging
|
||||
|
||||
|
||||
[SIMILARITIES]
|
||||
|
||||
# Minimum lines number of a similarity.
|
||||
min-similarity-lines=4
|
||||
|
||||
# Ignore comments when computing similarities.
|
||||
ignore-comments=yes
|
||||
|
||||
# Ignore docstrings when computing similarities.
|
||||
ignore-docstrings=yes
|
||||
|
||||
# Ignore imports when computing similarities.
|
||||
ignore-imports=no
|
||||
|
||||
|
||||
[SPELLING]
|
||||
|
||||
# Spelling dictionary name. Available dictionaries: none. To make it working
|
||||
# install python-enchant package.
|
||||
spelling-dict=
|
||||
|
||||
# List of comma separated words that should not be checked.
|
||||
spelling-ignore-words=
|
||||
|
||||
# A path to a file that contains private dictionary; one word per line.
|
||||
spelling-private-dict-file=
|
||||
|
||||
# Tells whether to store unknown words to indicated private dictionary in
|
||||
# --spelling-private-dict-file option instead of raising a message.
|
||||
spelling-store-unknown-words=no
|
||||
|
||||
|
||||
[IMPORTS]
|
||||
|
||||
# Deprecated modules which should not be used, separated by a comma
|
||||
deprecated-modules=regsub,
|
||||
TERMIOS,
|
||||
Bastion,
|
||||
rexec,
|
||||
sets
|
||||
|
||||
# Create a graph of every (i.e. internal and external) dependencies in the
|
||||
# given file (report RP0402 must not be disabled)
|
||||
import-graph=
|
||||
|
||||
# Create a graph of external dependencies in the given file (report RP0402 must
|
||||
# not be disabled)
|
||||
ext-import-graph=
|
||||
|
||||
# Create a graph of internal dependencies in the given file (report RP0402 must
|
||||
# not be disabled)
|
||||
int-import-graph=
|
||||
|
||||
# Force import order to recognize a module as part of the standard
|
||||
# compatibility libraries.
|
||||
known-standard-library=
|
||||
|
||||
# Force import order to recognize a module as part of a third party library.
|
||||
known-third-party=enchant, absl
|
||||
|
||||
# Analyse import fallback blocks. This can be used to support both Python 2 and
|
||||
# 3 compatible code, which means that the block might have code that exists
|
||||
# only in one or another interpreter, leading to false positives when analysed.
|
||||
analyse-fallback-blocks=no
|
||||
|
||||
|
||||
[CLASSES]
|
||||
|
||||
# List of method names used to declare (i.e. assign) instance attributes.
|
||||
defining-attr-methods=__init__,
|
||||
__new__,
|
||||
setUp
|
||||
|
||||
# List of member names, which should be excluded from the protected access
|
||||
# warning.
|
||||
exclude-protected=_asdict,
|
||||
_fields,
|
||||
_replace,
|
||||
_source,
|
||||
_make
|
||||
|
||||
# List of valid names for the first argument in a class method.
|
||||
valid-classmethod-first-arg=cls,
|
||||
class_
|
||||
|
||||
# List of valid names for the first argument in a metaclass class method.
|
||||
valid-metaclass-classmethod-first-arg=mcs
|
||||
|
||||
|
||||
[EXCEPTIONS]
|
||||
|
||||
# Exceptions that will emit a warning when being caught. Defaults to
|
||||
# "Exception"
|
||||
overgeneral-exceptions=StandardError,
|
||||
Exception,
|
||||
BaseException
|
3
.style.yapf
Normal file
3
.style.yapf
Normal file
@ -0,0 +1,3 @@
|
||||
[style]
|
||||
based_on_style = facebook
|
||||
indent_width = 4
|
18
.vscode/settings.json
vendored
Normal file
18
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,18 @@
|
||||
{
|
||||
"python.analysis.extraPaths": [
|
||||
"bazel-bin",
|
||||
".venv/lib/python3.9/site-packages"
|
||||
],
|
||||
"protoc": {
|
||||
"options": ["--proto_path=third_party/googleapis"]
|
||||
},
|
||||
"python.linting.enabled": true,
|
||||
"python.linting.pylintEnabled": true,
|
||||
"python.formatting.provider": "yapf",
|
||||
"editor.tabSize": 2,
|
||||
"editor.insertSpaces": true,
|
||||
"editor.formatOnSave": true,
|
||||
"[python]": {
|
||||
"editor.tabSize": 4
|
||||
}
|
||||
}
|
2
.yapfignore
Normal file
2
.yapfignore
Normal file
@ -0,0 +1,2 @@
|
||||
generated/**/*.py
|
||||
third_party/**/*.py
|
79
BUILD.bazel
Normal file
79
BUILD.bazel
Normal file
@ -0,0 +1,79 @@
|
||||
load("@bazel_gazelle//:def.bzl", "gazelle", "gazelle_binary")
|
||||
load("@pypi//:requirements.bzl", "all_whl_requirements")
|
||||
load("@rules_python_gazelle_plugin//:def.bzl", "GAZELLE_PYTHON_RUNTIME_DEPS")
|
||||
load("@rules_python_gazelle_plugin//manifest:defs.bzl", "gazelle_python_manifest")
|
||||
load("@rules_python_gazelle_plugin//modules_mapping:def.bzl", "modules_mapping")
|
||||
load("@rules_python//python:defs.bzl", "py_runtime", "py_runtime_pair")
|
||||
load("@rules_python//python/pip_install:requirements.bzl", "compile_pip_requirements")
|
||||
load("@npm//:defs.bzl", "npm_link_all_packages")
|
||||
|
||||
# gazelle:prefix github.com/rocky-linux/peridot
|
||||
# gazelle:go_generate_proto false
|
||||
|
||||
# gazelle:python_library_naming_convention $package_name$_lib
|
||||
# gazelle:python_binary_naming_convention $package_name$
|
||||
# gazelle:map_kind py_binary py_binary @aspect_rules_py//py:defs.bzl
|
||||
# gazelle:map_kind py_library py_library @aspect_rules_py//py:defs.bzl
|
||||
|
||||
# gazelle:exclude *.venv
|
||||
# gazelle:exclude third_party/googleapis
|
||||
|
||||
# gazelle:resolve py grpc @pypi_grpcio//:pkg
|
||||
# gazelle:resolve py apollo.proto.v1.apollo_pb2_grpc //apollo/proto/v1:apollopb_py_pb2_grpc
|
||||
|
||||
gazelle_python_manifest(
|
||||
name = "gazelle_python_manifest",
|
||||
modules_mapping = ":modules_map",
|
||||
pip_repository_name = "pypi",
|
||||
requirements = "requirements_lock.txt",
|
||||
)
|
||||
|
||||
gazelle_binary(
|
||||
name = "gazelle_bin",
|
||||
languages = [
|
||||
"@bazel_gazelle//language/go",
|
||||
"@bazel_gazelle//language/proto",
|
||||
"@rules_python_gazelle_plugin//python",
|
||||
],
|
||||
)
|
||||
|
||||
gazelle(
|
||||
name = "gazelle",
|
||||
data = GAZELLE_PYTHON_RUNTIME_DEPS,
|
||||
gazelle = ":gazelle_bin",
|
||||
)
|
||||
|
||||
compile_pip_requirements(
|
||||
name = "requirements",
|
||||
extra_args = ["--allow-unsafe"],
|
||||
requirements_in = "requirements.txt",
|
||||
requirements_txt = "requirements_lock.txt",
|
||||
)
|
||||
|
||||
modules_mapping(
|
||||
name = "modules_map",
|
||||
wheels = all_whl_requirements,
|
||||
)
|
||||
|
||||
py_runtime(
|
||||
name = "container_py3_runtime",
|
||||
interpreter_path = "/usr/bin/python3",
|
||||
python_version = "PY3",
|
||||
)
|
||||
|
||||
py_runtime_pair(
|
||||
name = "container_py_runtime_pair",
|
||||
py2_runtime = None,
|
||||
py3_runtime = ":container_py3_runtime",
|
||||
)
|
||||
|
||||
toolchain(
|
||||
name = "container_py_toolchain",
|
||||
exec_compatible_with = [
|
||||
"@io_bazel_rules_docker//platforms:run_in_container",
|
||||
],
|
||||
toolchain = ":container_py_runtime_pair",
|
||||
toolchain_type = "@bazel_tools//tools/python:toolchain_type",
|
||||
)
|
||||
|
||||
npm_link_all_packages(name = "node_modules")
|
217
WORKSPACE
Normal file
217
WORKSPACE
Normal file
@ -0,0 +1,217 @@
|
||||
workspace(
|
||||
name = "depot",
|
||||
)
|
||||
|
||||
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
|
||||
|
||||
# Aspect Bazel Lib
|
||||
http_archive(
|
||||
name = "aspect_bazel_lib",
|
||||
sha256 = "79623d656aa23ad3fd4692ab99786c613cd36e49f5566469ed97bc9b4c655f03",
|
||||
strip_prefix = "bazel-lib-1.23.3",
|
||||
url = "https://github.com/aspect-build/bazel-lib/archive/refs/tags/v1.23.3.tar.gz",
|
||||
)
|
||||
|
||||
load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies", "register_copy_directory_toolchains", "register_copy_to_directory_toolchains")
|
||||
|
||||
aspect_bazel_lib_dependencies()
|
||||
|
||||
# Python
|
||||
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
|
||||
|
||||
http_archive(
|
||||
name = "aspect_rules_py",
|
||||
sha256 = "66da30b09cf47ee40f2ae1c46346cc9a412940965d04899bd68d06a9d3380085",
|
||||
strip_prefix = "rules_py-0.1.0",
|
||||
url = "https://github.com/aspect-build/rules_py/archive/refs/tags/v0.1.0.tar.gz",
|
||||
)
|
||||
|
||||
# Fetches the rules_py dependencies.
|
||||
# If you want to have a different version of some dependency,
|
||||
# you should fetch it *before* calling this.
|
||||
# Alternatively, you can skip calling this function, so long as you've
|
||||
# already fetched all the dependencies.
|
||||
load("@aspect_rules_py//py:repositories.bzl", "rules_py_dependencies")
|
||||
|
||||
http_archive(
|
||||
name = "rules_python",
|
||||
patch_args = ["-p1"],
|
||||
patch_cmds = ["""\
|
||||
cat >> python/BUILD.bazel <<EOF
|
||||
load("@bazel_skylib//:bzl_library.bzl", "bzl_library")
|
||||
bzl_library(
|
||||
name = "defs",
|
||||
srcs = [
|
||||
":bzl",
|
||||
"@bazel_tools//tools/python:srcs_version.bzl",
|
||||
"@bazel_tools//tools/python:utils.bzl",
|
||||
"@bazel_tools//tools/python:private/defs.bzl",
|
||||
"@bazel_tools//tools/python:toolchain.bzl",
|
||||
],
|
||||
visibility = ["//visibility:public"],
|
||||
)
|
||||
EOF
|
||||
"""],
|
||||
patches = ["//build/patches:0001-Fix-Quart-and-Hypercorn-failing-to-install-with-rule.patch"],
|
||||
sha256 = "8c15896f6686beb5c631a4459a3aa8392daccaab805ea899c9d14215074b60ef",
|
||||
strip_prefix = "rules_python-0.17.3",
|
||||
url = "https://github.com/bazelbuild/rules_python/archive/refs/tags/0.17.3.tar.gz",
|
||||
)
|
||||
|
||||
http_archive(
|
||||
name = "rules_python_gazelle_plugin",
|
||||
sha256 = "8c15896f6686beb5c631a4459a3aa8392daccaab805ea899c9d14215074b60ef",
|
||||
strip_prefix = "rules_python-0.17.3/gazelle",
|
||||
url = "https://github.com/bazelbuild/rules_python/archive/refs/tags/0.17.3.tar.gz",
|
||||
)
|
||||
|
||||
rules_py_dependencies()
|
||||
|
||||
# Load the Python toolchain for rules_docker
|
||||
register_toolchains("//:container_py_toolchain")
|
||||
|
||||
load("@rules_python//python:repositories.bzl", "python_register_toolchains")
|
||||
|
||||
python_register_toolchains(
|
||||
name = "python_toolchain",
|
||||
python_version = "3.9",
|
||||
)
|
||||
|
||||
load("@rules_python//python:pip.bzl", "pip_parse")
|
||||
load("@python_toolchain//:defs.bzl", "interpreter")
|
||||
|
||||
pip_parse(
|
||||
name = "pypi",
|
||||
python_interpreter_target = interpreter,
|
||||
requirements_lock = "//:requirements_lock.txt",
|
||||
)
|
||||
|
||||
load("@pypi//:requirements.bzl", "install_deps")
|
||||
|
||||
install_deps()
|
||||
|
||||
# Go
|
||||
http_archive(
|
||||
name = "io_bazel_rules_go",
|
||||
sha256 = "56d8c5a5c91e1af73eca71a6fab2ced959b67c86d12ba37feedb0a2dfea441a6",
|
||||
urls = [
|
||||
"https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.37.0/rules_go-v0.37.0.zip",
|
||||
"https://github.com/bazelbuild/rules_go/releases/download/v0.37.0/rules_go-v0.37.0.zip",
|
||||
],
|
||||
)
|
||||
|
||||
http_archive(
|
||||
name = "bazel_gazelle",
|
||||
sha256 = "448e37e0dbf61d6fa8f00aaa12d191745e14f07c31cabfa731f0c8e8a4f41b97",
|
||||
urls = [
|
||||
"https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.28.0/bazel-gazelle-v0.28.0.tar.gz",
|
||||
"https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.28.0/bazel-gazelle-v0.28.0.tar.gz",
|
||||
],
|
||||
)
|
||||
|
||||
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
|
||||
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
|
||||
|
||||
go_rules_dependencies()
|
||||
|
||||
go_register_toolchains(version = "1.19.5")
|
||||
|
||||
gazelle_dependencies()
|
||||
|
||||
# Python Gazelle
|
||||
|
||||
load("@rules_python//gazelle:deps.bzl", _py_gazelle_deps = "gazelle_deps")
|
||||
|
||||
_py_gazelle_deps()
|
||||
|
||||
# Docker
|
||||
http_archive(
|
||||
name = "io_bazel_rules_docker",
|
||||
sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf",
|
||||
urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
|
||||
)
|
||||
|
||||
load(
|
||||
"@io_bazel_rules_docker//repositories:repositories.bzl",
|
||||
container_repositories = "repositories",
|
||||
)
|
||||
|
||||
container_repositories()
|
||||
|
||||
load("@io_bazel_rules_docker//repositories:deps.bzl", container_deps = "deps")
|
||||
|
||||
container_deps()
|
||||
|
||||
# esbuild
|
||||
http_archive(
|
||||
name = "aspect_rules_esbuild",
|
||||
sha256 = "f05e9a53ae4b394ca45742ac35f7e658a8ba32cba14b5d531b79466ae86dc7f0",
|
||||
strip_prefix = "rules_esbuild-0.14.0",
|
||||
url = "https://github.com/aspect-build/rules_esbuild/archive/refs/tags/v0.14.0.tar.gz",
|
||||
)
|
||||
|
||||
######################
|
||||
# rules_esbuild setup #
|
||||
######################
|
||||
|
||||
# Fetches the rules_esbuild dependencies.
|
||||
# If you want to have a different version of some dependency,
|
||||
# you should fetch it *before* calling this.
|
||||
# Alternatively, you can skip calling this function, so long as you've
|
||||
# already fetched all the dependencies.
|
||||
load("@aspect_rules_esbuild//esbuild:dependencies.bzl", "rules_esbuild_dependencies")
|
||||
|
||||
rules_esbuild_dependencies()
|
||||
|
||||
# Fetch and register node, if you haven't already
|
||||
load("@rules_nodejs//nodejs:repositories.bzl", "nodejs_register_toolchains")
|
||||
|
||||
nodejs_register_toolchains(
|
||||
name = "node",
|
||||
node_version = "18.11.0",
|
||||
)
|
||||
|
||||
load("@aspect_rules_js//npm:npm_import.bzl", "npm_translate_lock")
|
||||
|
||||
npm_translate_lock(
|
||||
name = "npm",
|
||||
npmrc = "//:.npmrc",
|
||||
pnpm_lock = "//:pnpm-lock.yaml",
|
||||
verify_node_modules_ignored = "//:.bazelignore",
|
||||
)
|
||||
|
||||
load("@npm//:repositories.bzl", "npm_repositories")
|
||||
|
||||
npm_repositories()
|
||||
|
||||
# Register a toolchain containing esbuild npm package and native bindings
|
||||
load("@aspect_rules_esbuild//esbuild:repositories.bzl", "esbuild_register_toolchains")
|
||||
|
||||
esbuild_register_toolchains(
|
||||
name = "esbuild",
|
||||
esbuild_version = "0.16.7",
|
||||
)
|
||||
|
||||
register_copy_directory_toolchains()
|
||||
|
||||
register_copy_to_directory_toolchains()
|
||||
|
||||
# Copybara
|
||||
http_archive(
|
||||
name = "com_github_google_copybara",
|
||||
sha256 = "5ad1e07646025d69818cffd29a6b4869861242a0b4659570a222efe0a018c879",
|
||||
strip_prefix = "copybara-2fc63380448609af90b5c2a46fd0f8655377cba5",
|
||||
url = "https://github.com/google/copybara/archive/2fc63380448609af90b5c2a46fd0f8655377cba5.zip",
|
||||
)
|
||||
|
||||
load("@com_github_google_copybara//:repositories.bzl", "copybara_repositories")
|
||||
|
||||
copybara_repositories()
|
||||
|
||||
load("@com_github_google_copybara//:repositories.maven.bzl", "copybara_maven_repositories")
|
||||
|
||||
copybara_maven_repositories()
|
||||
|
||||
load("@com_github_google_copybara//:repositories.go.bzl", "copybara_go_repositories")
|
||||
|
||||
copybara_go_repositories()
|
0
apollo/BUILD.bazel
Normal file
0
apollo/BUILD.bazel
Normal file
18
apollo/README.md
Normal file
18
apollo/README.md
Normal file
@ -0,0 +1,18 @@
|
||||
# Apollo
|
||||
|
||||
Errata mirroring and publishing system
|
||||
|
||||
# Features
|
||||
|
||||
* Mirror advisories published by Red Hat
|
||||
* Supports EUS
|
||||
* Supports x86_64, aarch64, ppc64, ppc64le and s390x
|
||||
* Create custom advisories
|
||||
* CVE indexer and lifecycle tracker (Only Red Hat Security Data API for now)
|
||||
* Publish updateinfo to RPM repositories
|
||||
* Support for Peridot and Koji build systems
|
||||
|
||||
# Requirements
|
||||
* Redis
|
||||
* PostgreSQL
|
||||
* Gunicorn
|
22
apollo/cveindexer/BUILD.bazel
Normal file
22
apollo/cveindexer/BUILD.bazel
Normal file
@ -0,0 +1,22 @@
|
||||
load("@aspect_rules_py//py:defs.bzl", "py_binary", "py_library")
|
||||
|
||||
py_binary(
|
||||
name = "cveindexer",
|
||||
srcs = ["__main__.py"],
|
||||
imports = ["../.."],
|
||||
main = "__main__.py",
|
||||
visibility = ["//:__subpackages__"],
|
||||
deps = [
|
||||
":cveindexer_lib",
|
||||
"//common:common_lib",
|
||||
"@pypi_click//:pkg",
|
||||
"@pypi_temporalio//:pkg",
|
||||
],
|
||||
)
|
||||
|
||||
py_library(
|
||||
name = "cveindexer_lib",
|
||||
srcs = ["temporal.py"],
|
||||
imports = ["../.."],
|
||||
visibility = ["//:__subpackages__"],
|
||||
)
|
39
apollo/cveindexer/__main__.py
Normal file
39
apollo/cveindexer/__main__.py
Normal file
@ -0,0 +1,39 @@
|
||||
"""
|
||||
Apollo CVE Indexer
|
||||
|
||||
Only indexes Red Hat advisory CVEs for now.
|
||||
"""
|
||||
import asyncio
|
||||
|
||||
from temporalio.worker import Worker
|
||||
import click
|
||||
|
||||
from common.database import Database
|
||||
from common.info import Info
|
||||
from common.temporal import Temporal
|
||||
|
||||
from apollo.cveindexer.temporal import TASK_QUEUE
|
||||
|
||||
|
||||
async def run():
|
||||
db = Database(True)
|
||||
await db.init(["apollo.db"])
|
||||
|
||||
temporal = Temporal(True)
|
||||
await temporal.connect()
|
||||
|
||||
worker = Worker(
|
||||
temporal.client, task_queue=TASK_QUEUE, workflows=[], activities=[]
|
||||
)
|
||||
|
||||
await worker.run()
|
||||
|
||||
|
||||
@click.command()
|
||||
def main():
|
||||
Info("apollocveindexer", "apollo2")
|
||||
asyncio.run(run())
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
1
apollo/cveindexer/temporal.py
Normal file
1
apollo/cveindexer/temporal.py
Normal file
@ -0,0 +1 @@
|
||||
TASK_QUEUE = "v2-cveindexer"
|
9
apollo/db/BUILD.bazel
Normal file
9
apollo/db/BUILD.bazel
Normal file
@ -0,0 +1,9 @@
|
||||
load("@aspect_rules_py//py:defs.bzl", "py_library")
|
||||
|
||||
py_library(
|
||||
name = "db_lib",
|
||||
srcs = ["__init__.py"],
|
||||
imports = ["../.."],
|
||||
visibility = ["//:__subpackages__"],
|
||||
deps = ["@pypi_tortoise_orm//:pkg"],
|
||||
)
|
356
apollo/db/__init__.py
Normal file
356
apollo/db/__init__.py
Normal file
@ -0,0 +1,356 @@
|
||||
import datetime
|
||||
|
||||
from tortoise.models import Model
|
||||
from tortoise import fields
|
||||
|
||||
|
||||
class Code(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
archived_at = fields.DatetimeField(null=True)
|
||||
code = fields.CharField(max_length=255, unique=True)
|
||||
description = fields.TextField()
|
||||
|
||||
supported_products: fields.ReverseRelation["SupportedProduct"]
|
||||
|
||||
class Meta:
|
||||
table = "codes"
|
||||
|
||||
|
||||
class SupportedProduct(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
eol_at = fields.DatetimeField(null=True)
|
||||
name = fields.CharField(max_length=255, unique=True)
|
||||
variant = fields.CharField(max_length=255)
|
||||
code = fields.ForeignKeyField(
|
||||
"models.Code",
|
||||
related_name="supported_products",
|
||||
)
|
||||
vendor = fields.TextField()
|
||||
|
||||
rh_mirrors: fields.ReverseRelation["SupportedProductsRhMirror"]
|
||||
advisory_packages: fields.ReverseRelation["AdvisoryPackage"]
|
||||
advisory_affected_products: fields.ReverseRelation["AdvisoryAffectedProduct"
|
||||
]
|
||||
|
||||
class Meta:
|
||||
table = "supported_products"
|
||||
|
||||
|
||||
class RedHatIndexState(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
last_indexed_at = fields.DatetimeField(null=True)
|
||||
|
||||
class Meta:
|
||||
table = "red_hat_index_state"
|
||||
|
||||
|
||||
class RedHatAdvisory(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
red_hat_issued_at = fields.DatetimeField()
|
||||
name = fields.CharField(max_length=255, unique=True)
|
||||
synopsis = fields.TextField()
|
||||
description = fields.TextField()
|
||||
kind = fields.CharField(max_length=255)
|
||||
severity = fields.CharField(max_length=255)
|
||||
topic = fields.TextField()
|
||||
|
||||
packages: fields.ReverseRelation["RedHatAdvisoryPackage"]
|
||||
cves: fields.ReverseRelation["RedHatAdvisoryCVE"]
|
||||
bugzilla_tickets: fields.ReverseRelation["RedHatAdvisoryBugzillaBug"]
|
||||
affected_products: fields.ReverseRelation["RedHatAdvisoryAffectedProduct"]
|
||||
rpm_rh_overrides: fields.ReverseRelation["SupportedProductsRpmRhOverride"]
|
||||
rh_blocks: fields.ReverseRelation["SupportedProductsRhBlock"]
|
||||
published_advisories: fields.ReverseRelation["Advisory"]
|
||||
|
||||
class Meta:
|
||||
table = "red_hat_advisories"
|
||||
|
||||
class PydanticMeta:
|
||||
exclude = ("rpm_rh_overrides", "rh_blocks", "published_advisories")
|
||||
|
||||
|
||||
class RedHatAdvisoryPackage(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
red_hat_advisory = fields.ForeignKeyField(
|
||||
"models.RedHatAdvisory",
|
||||
related_name="packages",
|
||||
)
|
||||
nevra = fields.TextField()
|
||||
|
||||
class Meta:
|
||||
table = "red_hat_advisory_packages"
|
||||
unique_together = ("red_hat_advisory_id", "nevra")
|
||||
|
||||
|
||||
class RedHatAdvisoryCVE(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
red_hat_advisory = fields.ForeignKeyField(
|
||||
"models.RedHatAdvisory",
|
||||
related_name="cves",
|
||||
)
|
||||
cve = fields.TextField()
|
||||
cvss3_scoring_vector = fields.TextField(null=True)
|
||||
cvss3_base_score = fields.TextField(null=True)
|
||||
cwe = fields.TextField(null=True)
|
||||
|
||||
class Meta:
|
||||
table = "red_hat_advisory_cves"
|
||||
unique_together = ("red_hat_advisory_id", "cve")
|
||||
|
||||
|
||||
class RedHatAdvisoryBugzillaBug(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
red_hat_advisory = fields.ForeignKeyField(
|
||||
"models.RedHatAdvisory",
|
||||
related_name="bugzilla_tickets",
|
||||
)
|
||||
bugzilla_bug_id = fields.TextField()
|
||||
description = fields.TextField(null=True)
|
||||
|
||||
class Meta:
|
||||
table = "red_hat_advisory_bugzilla_bugs"
|
||||
unique_together = ("red_hat_advisory_id", "bugzilla_bug_id")
|
||||
|
||||
|
||||
class RedHatAdvisoryAffectedProduct(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
red_hat_advisory = fields.ForeignKeyField(
|
||||
"models.RedHatAdvisory",
|
||||
related_name="affected_products",
|
||||
)
|
||||
variant = fields.TextField()
|
||||
name = fields.TextField()
|
||||
major_version = fields.IntField()
|
||||
minor_version = fields.IntField(null=True)
|
||||
arch = fields.TextField()
|
||||
|
||||
class Meta:
|
||||
table = "red_hat_advisory_affected_products"
|
||||
unique_together = (
|
||||
"red_hat_advisory_id", "variant", "name", "major_version",
|
||||
"minor_version", "arch"
|
||||
)
|
||||
|
||||
|
||||
class User(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
archived_at = fields.DatetimeField(null=True)
|
||||
email = fields.CharField(max_length=255, unique=True)
|
||||
password = fields.CharField(max_length=255)
|
||||
name = fields.CharField(max_length=255)
|
||||
role = fields.CharField(max_length=255)
|
||||
|
||||
class Meta:
|
||||
table = "users"
|
||||
|
||||
class PydanticMeta:
|
||||
exclude = ("password", )
|
||||
|
||||
|
||||
class Settings(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
name = fields.CharField(max_length=255, unique=True)
|
||||
value = fields.TextField()
|
||||
|
||||
class Meta:
|
||||
table = "settings"
|
||||
|
||||
|
||||
class SupportedProductsRhMirror(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
supported_product = fields.ForeignKeyField(
|
||||
"models.SupportedProduct",
|
||||
related_name="rh_mirrors",
|
||||
)
|
||||
name = fields.CharField(max_length=255)
|
||||
match_variant = fields.CharField(max_length=255)
|
||||
match_major_version = fields.IntField()
|
||||
match_minor_version = fields.IntField(null=True)
|
||||
match_arch = fields.CharField(max_length=255)
|
||||
|
||||
rpm_repomds: fields.ReverseRelation["SupportedProductsRpmRepomd"]
|
||||
rpm_rh_overrides: fields.ReverseRelation["SupportedProductsRpmRhOverride"]
|
||||
rh_blocks: fields.ReverseRelation["SupportedProductsRhBlock"]
|
||||
advisory_packages: fields.ReverseRelation["AdvisoryPackage"]
|
||||
|
||||
class Meta:
|
||||
table = "supported_products_rh_mirrors"
|
||||
|
||||
|
||||
class SupportedProductsRpmRepomd(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
supported_products_rh_mirror = fields.ForeignKeyField(
|
||||
"models.SupportedProductsRhMirror",
|
||||
related_name="rpm_repomds",
|
||||
)
|
||||
production = fields.BooleanField()
|
||||
arch = fields.CharField(max_length=255)
|
||||
url = fields.TextField()
|
||||
debug_url = fields.TextField()
|
||||
source_url = fields.TextField()
|
||||
repo_name = fields.CharField(max_length=255)
|
||||
|
||||
class Meta:
|
||||
table = "supported_products_rpm_repomds"
|
||||
|
||||
|
||||
class SupportedProductsRpmRhOverride(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
supported_products_rh_mirror = fields.ForeignKeyField(
|
||||
"models.SupportedProductsRhMirror",
|
||||
related_name="rpm_rh_overrides",
|
||||
)
|
||||
red_hat_advisory = fields.ForeignKeyField(
|
||||
"models.RedHatAdvisory",
|
||||
related_name="rpm_rh_overrides",
|
||||
)
|
||||
|
||||
class Meta:
|
||||
table = "supported_products_rpm_rh_overrides"
|
||||
|
||||
|
||||
class SupportedProductsRhBlock(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
supported_products_rh_mirror = fields.ForeignKeyField(
|
||||
"models.SupportedProductsRhMirror",
|
||||
related_name="rh_blocks",
|
||||
)
|
||||
red_hat_advisory = fields.ForeignKeyField(
|
||||
"models.RedHatAdvisory",
|
||||
related_name="rh_blocks",
|
||||
)
|
||||
|
||||
class Meta:
|
||||
table = "supported_products_rh_blocks"
|
||||
|
||||
|
||||
class Advisory(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
created_at = fields.DatetimeField(auto_now_add=True)
|
||||
updated_at = fields.DatetimeField(auto_now=True, null=True)
|
||||
published_at = fields.DatetimeField()
|
||||
name = fields.CharField(max_length=255, unique=True)
|
||||
synopsis = fields.TextField()
|
||||
description = fields.TextField()
|
||||
kind = fields.CharField(max_length=255)
|
||||
severity = fields.CharField(max_length=255)
|
||||
topic = fields.TextField()
|
||||
red_hat_advisory = fields.ForeignKeyField(
|
||||
"models.RedHatAdvisory",
|
||||
related_name="published_advisories",
|
||||
)
|
||||
|
||||
packages: fields.ReverseRelation["AdvisoryPackage"]
|
||||
cves: fields.ReverseRelation["AdvisoryCVE"]
|
||||
fixes: fields.ReverseRelation["AdvisoryFix"]
|
||||
affected_products: fields.ReverseRelation["AdvisoryAffectedProduct"]
|
||||
|
||||
class Meta:
|
||||
table = "advisories"
|
||||
|
||||
|
||||
class AdvisoryPackage(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
advisory = fields.ForeignKeyField(
|
||||
"models.Advisory",
|
||||
related_name="packages",
|
||||
)
|
||||
nevra = fields.TextField()
|
||||
checksum = fields.TextField()
|
||||
checksum_type = fields.CharField(max_length=255)
|
||||
module_context = fields.TextField(null=True)
|
||||
module_name = fields.TextField(null=True)
|
||||
module_stream = fields.TextField(null=True)
|
||||
module_version = fields.TextField(null=True)
|
||||
repo_name = fields.TextField()
|
||||
package_name = fields.TextField()
|
||||
product_name = fields.TextField()
|
||||
supported_products_rh_mirror = fields.ForeignKeyField(
|
||||
"models.SupportedProductsRhMirror",
|
||||
related_name="advisory_packages",
|
||||
)
|
||||
supported_product = fields.ForeignKeyField(
|
||||
"models.SupportedProduct",
|
||||
related_name="advisory_packages",
|
||||
)
|
||||
|
||||
class Meta:
|
||||
table = "advisory_packages"
|
||||
unique_together = ("advisory_id", "nevra")
|
||||
|
||||
|
||||
class AdvisoryCVE(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
advisory = fields.ForeignKeyField(
|
||||
"models.Advisory",
|
||||
related_name="cves",
|
||||
)
|
||||
cve = fields.TextField()
|
||||
cvss3_scoring_vector = fields.TextField(null=True)
|
||||
cvss3_base_score = fields.TextField(null=True)
|
||||
cwe = fields.TextField(null=True)
|
||||
|
||||
class Meta:
|
||||
table = "advisory_cves"
|
||||
unique_together = ("advisory_id", "cve")
|
||||
|
||||
|
||||
class AdvisoryFix(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
advisory = fields.ForeignKeyField(
|
||||
"models.Advisory",
|
||||
related_name="fixes",
|
||||
)
|
||||
ticket_id = fields.TextField()
|
||||
source = fields.TextField()
|
||||
description = fields.TextField(null=True)
|
||||
|
||||
class Meta:
|
||||
table = "advisory_fixes"
|
||||
unique_together = ("advisory_id", "ticket_id")
|
||||
|
||||
|
||||
class AdvisoryAffectedProduct(Model):
|
||||
id = fields.BigIntField(pk=True)
|
||||
advisory = fields.ForeignKeyField(
|
||||
"models.Advisory",
|
||||
related_name="affected_products",
|
||||
)
|
||||
variant = fields.TextField()
|
||||
name = fields.TextField()
|
||||
major_version = fields.IntField()
|
||||
minor_version = fields.IntField(null=True)
|
||||
arch = fields.TextField()
|
||||
supported_product = fields.ForeignKeyField(
|
||||
"models.SupportedProduct",
|
||||
related_name="advisory_affected_products",
|
||||
)
|
||||
|
||||
class Meta:
|
||||
table = "advisory_affected_products"
|
||||
unique_together = (
|
||||
"advisory_id",
|
||||
"variant",
|
||||
"name",
|
||||
"major_version",
|
||||
"minor_version",
|
||||
"arch",
|
||||
)
|
13
apollo/db/serialize/BUILD.bazel
Normal file
13
apollo/db/serialize/BUILD.bazel
Normal file
@ -0,0 +1,13 @@
|
||||
load("@aspect_rules_py//py:defs.bzl", "py_library")
|
||||
|
||||
py_library(
|
||||
name = "serialize_lib",
|
||||
srcs = ["__init__.py"],
|
||||
imports = ["../../.."],
|
||||
visibility = ["//:__subpackages__"],
|
||||
deps = [
|
||||
"//apollo/db:db_lib",
|
||||
"@pypi_pydantic//:pkg",
|
||||
"@pypi_tortoise_orm//:pkg",
|
||||
],
|
||||
)
|
102
apollo/db/serialize/__init__.py
Normal file
102
apollo/db/serialize/__init__.py
Normal file
@ -0,0 +1,102 @@
|
||||
import datetime
|
||||
from typing import Optional
|
||||
|
||||
from tortoise.contrib.pydantic import pydantic_model_creator, pydantic_queryset_creator
|
||||
from pydantic import BaseModel
|
||||
|
||||
from apollo import db
|
||||
|
||||
RedHatAdvisoryCVE_Pydantic = pydantic_model_creator(
|
||||
db.RedHatAdvisoryCVE,
|
||||
name="RedHatAdvisoryCVE",
|
||||
)
|
||||
RedHatAdvisoryBugzillaBug_Pydantic = pydantic_model_creator(
|
||||
db.RedHatAdvisoryBugzillaBug,
|
||||
name="RedHatAdvisoryBugzillaBug",
|
||||
)
|
||||
RedHatAdvisoryAffectedProduct_Pydantic = pydantic_model_creator(
|
||||
db.RedHatAdvisoryAffectedProduct,
|
||||
name="RedHatAdvisoryAffectedProduct",
|
||||
)
|
||||
RedHatAdvisoryPackage_Pydantic = pydantic_model_creator(
|
||||
db.RedHatAdvisoryPackage,
|
||||
name="RedHatAdvisoryPackage",
|
||||
)
|
||||
RedHatAdvisory_Pydantic = pydantic_model_creator(
|
||||
db.RedHatAdvisory,
|
||||
name="RedHatAdvisory",
|
||||
)
|
||||
|
||||
AdvisoryCVE_Pydantic = pydantic_model_creator(
|
||||
db.AdvisoryCVE,
|
||||
name="AdvisoryCVE",
|
||||
)
|
||||
AdvisoryFix_Pydantic = pydantic_model_creator(
|
||||
db.AdvisoryFix,
|
||||
name="AdvisoryFix",
|
||||
)
|
||||
AdvisoryAffectedProduct_Pydantic = pydantic_model_creator(
|
||||
db.AdvisoryAffectedProduct,
|
||||
name="AdvisoryAffectedProduct",
|
||||
)
|
||||
AdvisoryPackage_Pydantic = pydantic_model_creator(
|
||||
db.AdvisoryPackage,
|
||||
name="AdvisoryPackage",
|
||||
)
|
||||
Advisory_Pydantic = pydantic_model_creator(
|
||||
db.Advisory,
|
||||
name="Advisory",
|
||||
exclude=(
|
||||
"red_hat_advisory",
|
||||
"packages.supported_product",
|
||||
"packages.supported_product_id",
|
||||
"packages.supported_products_rh_mirror",
|
||||
"packages.supported_products_rh_mirror_id",
|
||||
"cves.advisory",
|
||||
"cves.advisory_id",
|
||||
"fixes.advisory",
|
||||
"fixes.advisory_id",
|
||||
"affected_products.advisory",
|
||||
"affected_products.advisory_id",
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
# Legacy API models
|
||||
# pylint: disable=invalid-name
|
||||
class Advisory_Pydantic_V2_Fix(BaseModel):
|
||||
ticket: str
|
||||
sourceBy: str
|
||||
sourceLink: str
|
||||
description: str
|
||||
|
||||
|
||||
class Advisory_Pydantic_V2_CVE(BaseModel):
|
||||
name: str
|
||||
sourceBy: str
|
||||
sourceLink: str
|
||||
cvss3ScoringVector: str
|
||||
cvss3BaseScore: str
|
||||
cwe: str
|
||||
|
||||
|
||||
class Advisory_Pydantic_V2(BaseModel):
|
||||
type: str
|
||||
shortCode: str
|
||||
name: str
|
||||
synopsis: str
|
||||
severity: str
|
||||
topic: str
|
||||
description: str
|
||||
solution: Optional[str]
|
||||
affectedProducts: list[str]
|
||||
fixes: list[Advisory_Pydantic_V2_Fix]
|
||||
cves: list[Advisory_Pydantic_V2_CVE]
|
||||
references: list[str]
|
||||
publishedAt: datetime.datetime
|
||||
rpms: dict[str, list[str]]
|
||||
rebootSuggested: bool
|
||||
buildReferences: list[str]
|
||||
|
||||
class Config:
|
||||
orm_mode = True
|
272
apollo/migrations/20230128201227_init.sql
Normal file
272
apollo/migrations/20230128201227_init.sql
Normal file
@ -0,0 +1,272 @@
|
||||
-- migrate:up
|
||||
create table codes (
|
||||
id bigserial primary key,
|
||||
created_at timestamptz not null default now(),
|
||||
updated_at timestamptz,
|
||||
archived_at timestamp,
|
||||
code text not null,
|
||||
description text not null
|
||||
);
|
||||
|
||||
create table supported_products (
|
||||
id bigserial primary key,
|
||||
created_at timestamptz not null default now(),
|
||||
updated_at timestamptz,
|
||||
eol_at timestamptz,
|
||||
variant text not null,
|
||||
name text not null unique,
|
||||
vendor text not null,
|
||||
code_id bigint references codes(id)
|
||||
);
|
||||
create index supported_products_eol_atx on supported_products(eol_at);
|
||||
create index supported_products_variantx on supported_products(variant);
|
||||
create index supported_products_namex on supported_products(name);
|
||||
|
||||
create table red_hat_index_state (
|
||||
id bigserial primary key,
|
||||
last_indexed_at timestamptz
|
||||
);
|
||||
|
||||
create table red_hat_advisories (
|
||||
id bigserial primary key,
|
||||
created_at timestamptz not null default now(),
|
||||
updated_at timestamptz,
|
||||
red_hat_issued_at timestamptz not null,
|
||||
name text not null unique,
|
||||
synopsis text not null,
|
||||
description text not null,
|
||||
kind text not null,
|
||||
severity text not null,
|
||||
topic text not null
|
||||
);
|
||||
create index red_hat_advisories_red_hat_issued_atx on red_hat_advisories(red_hat_issued_at);
|
||||
create index red_hat_advisories_namex on red_hat_advisories(name);
|
||||
create index red_hat_advisories_synopsisx on red_hat_advisories(synopsis);
|
||||
create index red_hat_advisories_kindx on red_hat_advisories(kind);
|
||||
create index red_hat_advisories_severityx on red_hat_advisories(severity);
|
||||
|
||||
create table red_hat_advisory_packages (
|
||||
id bigserial primary key,
|
||||
red_hat_advisory_id bigint references red_hat_advisories(id) on delete cascade,
|
||||
nevra text not null,
|
||||
|
||||
unique (red_hat_advisory_id, nevra)
|
||||
);
|
||||
create index red_hat_advisory_packages_nevrax on red_hat_advisory_packages(nevra);
|
||||
|
||||
create table red_hat_advisory_cves (
|
||||
id bigserial primary key,
|
||||
red_hat_advisory_id bigint references red_hat_advisories(id) on delete cascade,
|
||||
cve text not null,
|
||||
cvss3_scoring_vector text,
|
||||
cvss3_base_score text,
|
||||
cwe text,
|
||||
|
||||
unique (red_hat_advisory_id, cve)
|
||||
);
|
||||
create index red_hat_advisory_cvex on red_hat_advisory_cves(cve);
|
||||
|
||||
create table red_hat_advisory_bugzilla_bugs (
|
||||
id bigserial primary key,
|
||||
red_hat_advisory_id bigint references red_hat_advisories(id) on delete cascade,
|
||||
bugzilla_bug_id text not null,
|
||||
description text not null,
|
||||
|
||||
unique (red_hat_advisory_id, bugzilla_bug_id)
|
||||
);
|
||||
create index red_hat_advisory_bugzilla_bugs_bugzilla_bug_idx on red_hat_advisory_bugzilla_bugs(bugzilla_bug_id);
|
||||
|
||||
create table red_hat_advisory_affected_products (
|
||||
id bigserial primary key,
|
||||
red_hat_advisory_id bigint references red_hat_advisories(id) on delete cascade,
|
||||
variant text not null,
|
||||
name text not null,
|
||||
major_version numeric not null,
|
||||
minor_version numeric,
|
||||
arch text not null,
|
||||
|
||||
unique (red_hat_advisory_id, variant, name, major_version, minor_version, arch)
|
||||
);
|
||||
create index red_hat_advisory_affected_products_variantx on red_hat_advisory_affected_products(variant);
|
||||
create index red_hat_advisory_affected_products_namex on red_hat_advisory_affected_products(name);
|
||||
create index red_hat_advisory_affected_products_major_versionx on red_hat_advisory_affected_products(major_version);
|
||||
create index red_hat_advisory_affected_products_minor_versionx on red_hat_advisory_affected_products(minor_version);
|
||||
create index red_hat_advisory_affected_products_archx on red_hat_advisory_affected_products(arch);
|
||||
create unique index red_hat_advisory_affected_products_variant_namex on red_hat_advisory_affected_products(red_hat_advisory_id, variant, name, major_version, minor_version, arch) where minor_version is not null;
|
||||
create unique index red_hat_advisory_affected_products_variant_namenx on red_hat_advisory_affected_products(red_hat_advisory_id, variant, name, major_version, minor_version, arch) where minor_version is null;
|
||||