Add wizard and pgweb

.github/workflows/docker-publish.yml

@@ -1,10 +1,4 @@
 name: Docker
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
 on:
   schedule:
     - cron: '0 8 * * 0'
@@ -18,79 +12,47 @@ on:
 env:
   # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}
 
 
 jobs:
   build:
 
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - context: db
+            image: ghcr.io/ninanor/seabird-dbmate
+          - context: wizard
+            image: ghcr.io/ninanor/seabird-wizard
+          - context: nginx
+            image: ghcr.io/ninanor/seabird-nginx
     permissions:
       contents: read
       packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
-        with:
-          cosign-release: 'v1.13.1'
-
-
-      # Workaround: https://github.com/docker/build-push-action/issues/461
-      - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
+      - name: Log in to the Container registry
         uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
         uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ matrix.image }}
 
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
       - name: Build and push Docker image
-        id: build-and-push
         uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
         with:
-          context: db
-          push: ${{ github.event_name != 'pull_request' }}
+          context: ${{ matrix.context }}
+          push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          COSIGN_EXPERIMENTAL: "true"
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}

docker-compose.yml

@@ -17,7 +17,25 @@ services:
       PGRST_DB_URI: "postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres"
       PGRST_JWT_SECRET: ${JWT_SECRET}
       PGRST_DB_ANON_ROLE: web_anon
+  wizard:
+    build:
+      context: wizard
+    environment:
+      OPENREFINE_URL: https://openrefine.nina.no
+      OPENREFINE_PUBLIC_URL: http://openrefine.nina.no
+      POSTGREST_URL: http://postgrest:3000
+      POSTGREST_TOKEN: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2ODUyMDYxNjAsInJvbGUiOiJ3cml0ZXIifQ.dPKc0F8lG8-Kd9PVgotUpbmsH4bBWFQpp_epZCcAQMk"
+      LOGGING: DEBUG
+    tty: true
+    stdin_open: true
+  pgweb:
+    image: sosedoff/pgweb:latest
+    environment:
+      PGWEB_DATABASE_URL: postgres://postgres:${POSTGRES_PASSWORD}@postgres:5432/postgres?sslmode=disable
+      WAIT_FOR: postgres:5432
+  nginx:
+    build: nginx
     ports:
-      - 3000:3000
+      - 8000:80
 volumes:
   pgdata:

nginx/Dockerfile

@@ -0,0 +1,3 @@
+FROM nginx:1.23
+
+COPY default.conf.template /etc/nginx/templates/default.conf.template

nginx/default.conf.template

@@ -0,0 +1,50 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+server {
+    listen       80;
+    resolver     127.0.0.11;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    client_max_body_size 300m;
+
+    proxy_set_header   X-Real-IP            $remote_addr;
+    proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+    proxy_set_header   X-Forwarded-Proto    $scheme;
+    proxy_set_header   X-NginX-Proxy        true;
+    proxy_set_header   Host                 $http_host;
+    proxy_set_header   Upgrade              $http_upgrade;
+    proxy_set_header   Cookie               $http_cookie;
+    proxy_redirect     off;
+
+    location = / {
+        set $upstream http://wizard:8000/;
+        proxy_pass $upstream;
+        proxy_http_version 1.1;
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    location ~ ^/postgrest(/?)(.*) {
+        set $upstream http://postgrest:3000/$2;
+        proxy_pass $upstream;
+    }
+
+    location ~ ^/pgweb(/?)(.*) {
+        set $upstream http://pgweb:8081/$2;
+        proxy_pass $upstream;
+    }
+}

wizard/.pdm-python

@@ -0,0 +1 @@
+/home/francesco.frassinell/Code/seabird_gps_database/wizard/.venv/bin/python

wizard/.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+repos:
+- repo: https://github.com/psf/black
+  rev: 22.12.0
+  hooks:
+  - id: black
+  - id: black-jupyter
+- repo: https://github.com/pycqa/isort
+  rev: 5.11.4
+  hooks:
+  - id: isort
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.3.0
+  hooks:
+  - id: check-added-large-files
+  - id: check-yaml
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
+- repo: https://github.com/charliermarsh/ruff-pre-commit
+  rev: v0.0.190
+  hooks:
+  - id: ruff

wizard/Dockerfile

@@ -0,0 +1,15 @@
+FROM python:3.11
+
+RUN --mount=type=cache,target=/root/.cache/pdm \
+    python3 -m pip install pdm
+
+WORKDIR /app
+COPY pyproject.toml pdm.lock .
+
+RUN --mount=type=cache,target=/root/.cache/pdm \
+    pdm install --no-self
+
+COPY wizard.py .
+
+EXPOSE 8000/TCP
+CMD ["pdm", "run", "./wizard.py"]