Ckan 211

[hcvdwerf]

Summary by Sourcery

Upgrade CKAN to version 2.11.1 and update the configuration for cron, supervisord, and the harvester.

Enhancements:

• Set the Beaker secret key using the SECRET_KEY environment variable.
• Remove the installation of local extensions and related configuration.
• Remove the update of test-core.ini settings.
• Update the cron configuration to run as the ckan user.

Build:

• Update the Dockerfile to use CKAN 2.11.1 and install cron and Supervisor.
• Update the supervisord configuration to include a new section for CKAN and manage the harvester processes.
• Add a setup script for the harvester to configure its options.
• Update the start script to use the new CKAN and Python executables.

CI:

• Update the docker-compose file to use the new CKAN version and configuration.
• Add new volumes for pip cache, site packages, local binaries, and the home directory.
• Update the health check URL.

Tests:

• Remove test configurations from the start script.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades CKAN to version 2.11.1, updates configurations for CKAN, supervisord, and docker-compose, and removes the vocabulary upload script.

State diagram for CKAN container startup process

stateDiagram-v2
    [*] --> CheckDB: Start
    CheckDB --> InitDB: DB Check
    InitDB --> UpdatePlugins: DB Init
    UpdatePlugins --> UpdateDatabase: Configure Plugins
    UpdateDatabase --> InitHarvestDB: Update DB Schema
    InitHarvestDB --> CheckSolr: Init Harvest DB
    CheckSolr --> CreateAdmin: Solr Check
    CreateAdmin --> Running: Create Sysadmin
    Running --> [*]: Stop

Loading

File-Level Changes

Change	Details	Files
Upgrade CKAN to 2.11.1 and update Dockerfile	Updated the base image to ckan/ckan-base:2.11.1. Installed cron and postgres client. Created log directories for CKAN harvester. Updated ownership and permissions for relevant directories and files. Applied patches to CKAN core and extensions.	ckan/Dockerfile
Update docker-compose configuration	Added volumes for pip cache, site packages, local bin, and home directory. Configured health checks and dependencies. Updated ports and environment variables.	docker-compose.yml
Update supervisord configuration	Updated the supervisord configuration to include configuration files from /etc/supervisor/conf.d/*.conf Corrected executable paths in supervisord configuration.	ckan/config/supervisord.conf
Update start script	Corrected executable paths. Simplified plugin installation process. Removed debugpy installation from start script. Updated the start command to use the correct executable path.	ckan/setup/start_ckan_development.sh
Update prerun script	Updated database initialization and upgrade process. Updated plugin loading process. Updated storage directory ownership and permissions.	ckan/setup/prerun.py
Remove vocabulary upload script and associated files	Removed vocabulary upload script and associated files to streamline the setup process.	ckan/docker-entrypoint.d/common_vocabulary_tags.csv ckan/docker-entrypoint.d/common_vocabulary_tags.csv.license ckan/docker-entrypoint.d/cp_env_to_cron_env.sh ckan/docker-entrypoint.d/upload_vocabulary.sh postgresql/docker-entrypoint-initdb.d/2_setup_test_databases.sh
Update cron environment configuration	Updated cron configuration for CKAN harvester.	ckan/config/crontab
Update README and other files	Updated documentation and environment files to reflect the changes made in the pull request.	README.md .env ckan/Dockerfile.dev
Add setup harvester script	Added a script to set up the CKAN harvester and configure its options.	ckan/docker-entrypoint.d/setup_harvester.sh

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @hcvdwerf - I've reviewed your changes and found some issues that need to be addressed.

Blocking issues:

• Avoid hardcoding the POSTGRES_PASSWORD in the .env file. (link)
• Avoid hardcoding the CKAN_DB_PASSWORD in the .env file. (link)
• Avoid hardcoding the CKAN_SYSADMIN_PASSWORD in the .env file. (link)
• Avoid hardcoding the CKAN_SMTP_PASSWORD in the .env file. (link)

Overall Comments:

• The change from db upgrade to db init in prerun.py is potentially dangerous - db init will try to initialize a fresh database which could cause problems on existing installations. Please verify if this should be db upgrade instead.

Here's what I looked at during the review

• 🟢 General issues: all looks good
• 🔴 Security: 4 blocking issues
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[kburger]

Cleaning logs every day might hinder any debugging when issues arise. Is there a need for this schedule, or can we move to a "once a week" schedule?

[hcvdwerf]

pas het aan

[kburger]

Is this new config needed for the supervisor to function? If so, did the prev version not need it?

[hcvdwerf]

Is necessary for specific supervisor configuration. Before it was part of docker image

[kburger]

Running bin/compose build locally fails on this line. When changing to RUN pip3 install -e git+https://github.com/CivityNL/[email protected]#egg=ckanext-scheming[requirements] it does seem to work.

We need to investigate what the differences are between release-3.0.0-civity, release-3.0.0-civity-1, and release-3.0.0-civity-2.

[agjharms]

This URL seems to point to the branch release-3.0.0-civity, in which there were changes on January 8. If we pin this to commit e7a0b22, so git+https://github.com/CivityNL/ckanext-scheming.git@e7a0b22#egg=ckanext-scheming[requirements], the Docker image does build and also produces a running CKAN instance.

[hcvdwerf]

I will open a new ticket by civity and will change it to release-3.0.0-civity-1 for now. Out of scope for CKAN 2.11 migration

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud