Merge branch 'dev' into feature/APS-3966-sdx

Author: ikethecoder

.github/workflows/dev.yml

@@ -280,7 +280,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 2
+          fetch-depth: 2 
       - name: Check if build needed
         id: check
         run: |

.github/workflows/master.yml

@@ -65,6 +65,22 @@ jobs:
           poetry run coverage run --branch -m pytest -s -v
           poetry run coverage xml
 
+      - uses: actions/setup-python@v6
+        with:
+          python-version: "3.14"
+      - name: Test coverage for CSIT OAS Validation API
+        run: |
+          export PATH=/root/.local/bin:$PATH
+          sudo apt install -y nodejs npm
+          sudo npm install -g @stoplight/spectral-cli@6.14.2
+          cd microservices/csitOasValidationApi
+          poetry env use python3.14
+          poetry install --no-root
+          ./checkout-ruleset-tags.sh ruleset_tag_cache || true
+          export GITHUB_TAG_CACHE_PATH="$(realpath -m ./ruleset_tag_cache)"
+          poetry run coverage run --branch -m pytest -s -v
+          poetry run coverage xml
+
       - name: SonarCloud Scan
         uses: sonarsource/sonarcloud-github-action@master
         env:
@@ -81,54 +97,66 @@ jobs:
           echo "Got tag name ${{ steps.release.outputs.tag_name }}"
           echo "Got release version ${{ steps.release.outputs.version }}"
 
-      - name: Create gwa-api docker image related to the release
-        uses: docker/build-push-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
-          registry: docker.pkg.github.com
-          username: $GITHUB_ACTOR
+          registry: ghcr.io
+          username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-          repository: bcgov/gwa-api/gwa-gateway-api
-          path: microservices/gatewayApi
-          dockerfile: microservices/gatewayApi/Dockerfile
+          logout: false
+      - name: Create gwa-api docker image related to the release
+        uses: docker/build-push-action@v5
+        with:
+          context: microservices/gatewayApi
+          file: microservices/gatewayApi/Dockerfile
           push: true
-          tags: ${{ steps.release.outputs.tag_name }}
-          tag_with_sha: false
+          tags: ghcr.io/bcgov/gwa-api/gwa-gateway-api:${{ steps.release.outputs.tag_name }}
+          labels: |
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
 
       - name: Create gwa-kube-api docker image related to the release
-        uses: docker/build-push-action@v1
+        uses: docker/build-push-action@v5
         with:
-          registry: docker.pkg.github.com
-          username: $GITHUB_ACTOR
-          password: ${{ secrets.GITHUB_TOKEN }}
-          repository: bcgov/gwa-api/gwa-kube-api
-          path: microservices/kubeApi
-          dockerfile: microservices/kubeApi/Dockerfile
+          context: microservices/kubeApi
+          file: microservices/kubeApi/Dockerfile
           push: true
-          tags: ${{ steps.release.outputs.tag_name }}
-          tag_with_sha: false
+          tags: ghcr.io/bcgov/gwa-api/gwa-kube-api:${{ steps.release.outputs.tag_name }}
+          labels: |
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
 
       - name: Create gwa-scheduler docker image related to the release
-        uses: docker/build-push-action@v1
+        uses: docker/build-push-action@v5
         with:
-          registry: docker.pkg.github.com
-          username: $GITHUB_ACTOR
-          password: ${{ secrets.GITHUB_TOKEN }}
-          repository: bcgov/gwa-api/gwa-scheduler
-          path: microservices/gatewayJobScheduler
-          dockerfile: microservices/gatewayJobScheduler/Dockerfile
+          context: microservices/gatewayJobScheduler
+          file: microservices/gatewayJobScheduler/Dockerfile
           push: true
-          tags: ${{ steps.release.outputs.tag_name }}
-          tag_with_sha: false
+          tags: ghcr.io/bcgov/gwa-api/gwa-scheduler:${{ steps.release.outputs.tag_name }}
+          labels: |
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
 
       - name: Create gwa-compatibility-api docker image related to the release
-        uses: docker/build-push-action@v1
+        uses: docker/build-push-action@v5
         with:
-          registry: docker.pkg.github.com
-          username: $GITHUB_ACTOR
-          password: ${{ secrets.GITHUB_TOKEN }}
-          repository: bcgov/gwa-api/gwa-compatibility-api
-          path: microservices/compatibilityApi
-          dockerfile: microservices/compatibilityApi/Dockerfile
+          context: microservices/compatibilityApi
+          file: microservices/compatibilityApi/Dockerfile
+          push: true
+          tags: ghcr.io/bcgov/gwa-api/gwa-compatibility-api:${{ steps.release.outputs.tag_name }}
+          labels: |
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}
+
+      - name: Create gwa-csit-oas-validation-api docker image related to the release
+        uses: docker/build-push-action@v5
+        with:
+          context: microservices/csitOasValidationApi
+          file: microservices/csitOasValidationApi/Dockerfile
           push: true
-          tags: ${{ steps.release.outputs.tag_name }}
-          tag_with_sha: false
+          tags: ghcr.io/bcgov/gwa-api/gwa-csit-oas-validation-api:${{ steps.release.outputs.tag_name }}
+          labels: |
+            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+            org.opencontainers.image.revision=${{ github.sha }}

.python-version

@@ -0,0 +1 @@
+3.14.0

microservices/csitOasValidationApi/.gitignore

@@ -0,0 +1,139 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+ruleset_tag_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/

microservices/csitOasValidationApi/Dockerfile

@@ -0,0 +1,66 @@
+# BUILD STAGE
+FROM python:3.14.2-alpine3.23 AS builder
+
+WORKDIR /build
+
+# Install build dependencies
+RUN apk add --no-cache build-base libffi-dev openssl curl git bash nodejs npm
+
+RUN python -m pip install --upgrade pip
+
+# Install Spectral CLI (required for validation)
+RUN npm install -g @stoplight/spectral-cli@6.14.2
+
+# Install Poetry
+RUN cd /tmp && \
+    curl -sSL https://install.python-poetry.org > get-poetry.py && \
+    POETRY_HOME=/opt/poetry python get-poetry.py --version 1.8.2 && \
+    cd /usr/local/bin && \
+    ln -s /opt/poetry/bin/poetry && \
+    poetry config virtualenvs.create false
+
+# Install Python dependencies
+COPY pyproject.toml /tmp/
+COPY poetry.lock /tmp/
+RUN cd /tmp && poetry install --no-root --no-dev
+
+# Retrieve and cache the ruleset
+COPY checkout-ruleset-tags.sh /build/
+RUN chmod +x /build/checkout-ruleset-tags.sh && \
+    mkdir -p /build/ruleset_tag_cache && \
+    /build/checkout-ruleset-tags.sh /build/ruleset_tag_cache
+
+# RUNTIME STAGE
+FROM python:3.14.2-alpine3.23
+
+WORKDIR /app
+
+# Install only runtime dependencies
+# nodejs is needed for Spectral CLI to run
+RUN apk add --no-cache libffi openssl nodejs
+
+# Copy Python packages from builder
+COPY --from=builder /usr/local/lib/python3.14/site-packages /usr/local/lib/python3.14/site-packages
+
+# Copy Python entry point scripts (uvicorn, etc.) but exclude build tools
+# First, copy all scripts, then we'll remove poetry if it exists
+COPY --from=builder /usr/local/bin /usr/local/bin
+RUN rm -f /usr/local/bin/poetry 2>/dev/null || true
+
+# Copy Spectral CLI from builder
+COPY --from=builder /usr/local/lib/node_modules /usr/local/lib/node_modules
+COPY --from=builder /usr/local/bin/spectral /usr/local/bin/spectral
+
+# Copy ruleset cache from builder
+COPY --from=builder /build/ruleset_tag_cache /app/ruleset_tag_cache
+
+# Copy application code
+COPY . /app
+
+RUN chmod +x /app/entrypoint.sh
+
+ENV GITHUB_TAG_CACHE_PATH=/app/ruleset_tag_cache
+
+EXPOSE 8080
+
+ENTRYPOINT ["./entrypoint.sh"]