Merge branch 'main' of https://github.com/codecov/codecov-api into staging

Author: rohitvinnakota-codecov

.github/workflows/ci.yml

@@ -49,15 +49,15 @@ jobs:
   test:
     name: Test
     needs: [build]
-    uses: codecov/gha-workflows/.github/workflows/[email protected].26
+    uses: codecov/gha-workflows/.github/workflows/[email protected].27
     secrets: inherit
     with:
       repo: ${{ vars.CODECOV_IMAGE_V2 || 'codecov/self-hosted-api' }}
 
   build-self-hosted:
     name: Build Self Hosted API
     needs: [build, test]
-    uses: codecov/gha-workflows/.github/workflows/[email protected].26
+    uses: codecov/gha-workflows/.github/workflows/[email protected].27
     secrets: inherit
     with:
       repo: ${{ vars.CODECOV_IMAGE_V2 || 'codecov/self-hosted-api' }}
@@ -66,7 +66,7 @@ jobs:
     name: Push Staging Image
     needs: [build, test]
     if: ${{ github.event_name == 'push' && github.event.ref == 'refs/heads/staging' && github.repository_owner == 'codecov' }}
-    uses: codecov/gha-workflows/.github/workflows/[email protected].26
+    uses: codecov/gha-workflows/.github/workflows/[email protected].27
     secrets: inherit
     with:
       environment: staging
@@ -76,7 +76,7 @@ jobs:
     name: Push Production Image
     needs: [build, test]
     if: ${{ github.event_name == 'push' && github.event.ref == 'refs/heads/main' && github.repository_owner == 'codecov' }}
-    uses: codecov/gha-workflows/.github/workflows/[email protected].26
+    uses: codecov/gha-workflows/.github/workflows/[email protected].27
     secrets: inherit
     with:
       environment: production
@@ -87,7 +87,7 @@ jobs:
     needs: [build-self-hosted, test]
     secrets: inherit
     if: ${{ github.event_name == 'push' && github.event.ref == 'refs/heads/main' && github.repository_owner == 'codecov' }}
-    uses: codecov/gha-workflows/.github/workflows/[email protected].26
+    uses: codecov/gha-workflows/.github/workflows/[email protected].27
     with:
       push_rolling: true
       repo: ${{ vars.CODECOV_IMAGE_V2 || 'codecov/self-hosted-api' }}

api/public/v2/component/views.py

@@ -1,6 +1,9 @@
+from typing import Any
+
 from drf_spectacular.types import OpenApiTypes
 from drf_spectacular.utils import OpenApiParameter, extend_schema
 from rest_framework import viewsets
+from rest_framework.request import Request
 from rest_framework.response import Response
 
 from api.public.v2.component.serializers import ComponentSerializer
@@ -34,7 +37,7 @@ class ComponentViewSet(viewsets.ViewSet, RepoPropertyMixin):
     permission_classes = [RepositoryArtifactPermissions]
 
     @extend_schema(summary="Component list")
-    def list(self, request, *args, **kwargs):
+    def list(self, request: Request, *args: Any, **kwargs: Any) -> Response:
         """
         Returns a list of components for the specified repository
         """

billing/helpers.py

@@ -1,4 +1,5 @@
 from django.conf import settings
+from django.db.models import QuerySet
 from shared.plan.constants import ENTERPRISE_CLOUD_USER_PLAN_REPRESENTATIONS
 
 from codecov_auth.models import Owner
@@ -8,3 +9,17 @@ def on_enterprise_plan(owner: Owner) -> bool:
     return settings.IS_ENTERPRISE or (
         owner.plan in ENTERPRISE_CLOUD_USER_PLAN_REPRESENTATIONS.keys()
     )
+
+
+def get_all_admins_for_owners(owners: QuerySet[Owner]):
+    admin_ids = set()
+    for owner in owners:
+        if owner.admins:
+            admin_ids.update(owner.admins)
+
+        # Add the owner's email as well - for user owners, admins is empty.
+        if owner.email:
+            admin_ids.add(owner.ownerid)
+
+    admins: QuerySet[Owner] = Owner.objects.filter(pk__in=admin_ids)
+    return admins

billing/views.py

@@ -1,6 +1,6 @@
 import logging
 from datetime import datetime
-from typing import List
+from typing import Any, List
 
 import stripe
 from django.conf import settings
@@ -12,6 +12,7 @@
 from rest_framework.views import APIView
 from shared.plan.service import PlanService
 
+from billing.helpers import get_all_admins_for_owners
 from codecov_auth.models import Owner
 from services.task.task import TaskService
 
@@ -66,17 +67,7 @@ def invoice_payment_failed(self, invoice: stripe.Invoice) -> None:
         self._log_updated(list(owners))
 
         # Send failed payment email to all owner admins
-
-        admin_ids = set()
-        for owner in owners:
-            if owner.admins:
-                admin_ids.update(owner.admins)
-
-            # Add the owner's email as well - for user owners, admins is empty.
-            if owner.email:
-                admin_ids.add(owner.ownerid)
-
-        admins: QuerySet[Owner] = Owner.objects.filter(pk__in=admin_ids)
+        admins = get_all_admins_for_owners(owners)
 
         task_service = TaskService()
         card = (
@@ -102,6 +93,15 @@ def invoice_payment_failed(self, invoice: stripe.Invoice) -> None:
                     **template_vars,
                 )
 
+        # temporary just making sure these look okay in the real world
+        task_service.send_email(
+            to_addr="[email protected]",
+            subject="Your Codecov payment failed",
+            template_name="failed-payment",
+            name="spalmurray-codecov",
+            **template_vars,
+        )
+
     def customer_subscription_deleted(self, subscription: stripe.Subscription) -> None:
         log.info(
             "Customer Subscription Deleted - Setting free plan and deactivating repos for stripe customer",
@@ -410,7 +410,7 @@ def checkout_session_completed(
 
         self._log_updated([owner])
 
-    def post(self, request: HttpRequest, *args, **kwargs) -> Response:
+    def post(self, request: HttpRequest, *args: Any, **kwargs: Any) -> Response:
         if settings.STRIPE_ENDPOINT_SECRET is None:
             log.critical(
                 "Stripe endpoint secret improperly configured -- webhooks will not be processed."

codecov_auth/authentication/repo_auth.py

@@ -1,6 +1,6 @@
 import json
 import logging
-from typing import List
+from typing import Any, Dict, List, Optional, Tuple
 from uuid import UUID
 
 from django.core.exceptions import ObjectDoesNotExist
@@ -10,6 +10,7 @@
 from jwt import PyJWTError
 from rest_framework import authentication, exceptions, serializers
 from rest_framework.exceptions import NotAuthenticated
+from rest_framework.response import Response
 from rest_framework.views import exception_handler
 from shared.django_apps.codecov_auth.models import Owner
 
@@ -32,7 +33,9 @@
 log = logging.getLogger(__name__)
 
 
-def repo_auth_custom_exception_handler(exc, context):
+def repo_auth_custom_exception_handler(
+    exc: Exception, context: Dict[str, Any]
+) -> Response:
     """
     User arrives here if they have correctly supplied a Token or the Tokenless Headers,
     but their Token has not matched with any of our Authentication methods. The goal is to
@@ -60,17 +63,17 @@ def repo_auth_custom_exception_handler(exc, context):
 
 
 class LegacyTokenRepositoryAuth(RepositoryAuthInterface):
-    def __init__(self, repository, auth_data):
+    def __init__(self, repository: Repository, auth_data: Dict[str, Any]) -> None:
         self._auth_data = auth_data
         self._repository = repository
 
-    def get_scopes(self):
+    def get_scopes(self) -> List[TokenTypeChoices]:
         return [TokenTypeChoices.UPLOAD]
 
-    def get_repositories(self):
+    def get_repositories(self) -> List[Repository]:
         return [self._repository]
 
-    def allows_repo(self, repository):
+    def allows_repo(self, repository: Repository) -> bool:
         return repository in self.get_repositories()
 
 
@@ -79,17 +82,17 @@ class OIDCTokenRepositoryAuth(LegacyTokenRepositoryAuth):
 
 
 class TableTokenRepositoryAuth(RepositoryAuthInterface):
-    def __init__(self, repository, token):
+    def __init__(self, repository: Repository, token: RepositoryToken) -> None:
         self._token = token
         self._repository = repository
 
-    def get_scopes(self):
+    def get_scopes(self) -> List[str]:
         return [self._token.token_type]
 
-    def get_repositories(self):
+    def get_repositories(self) -> List[Repository]:
         return [self._repository]
 
-    def allows_repo(self, repository):
+    def allows_repo(self, repository: Repository) -> bool:
         return repository in self.get_repositories()
 
 
@@ -98,10 +101,10 @@ def __init__(self, token: OrganizationLevelToken) -> None:
         self._token = token
         self._org = token.owner
 
-    def get_scopes(self):
+    def get_scopes(self) -> List[str]:
         return [self._token.token_type]
 
-    def allows_repo(self, repository):
+    def allows_repo(self, repository: Repository) -> bool:
         return repository.author.ownerid == self._org.ownerid
 
     def get_repositories_queryset(self) -> QuerySet:
@@ -120,18 +123,20 @@ class TokenlessAuth(RepositoryAuthInterface):
     def __init__(self, repository: Repository) -> None:
         self._repository = repository
 
-    def get_scopes(self):
+    def get_scopes(self) -> List[TokenTypeChoices]:
         return [TokenTypeChoices.UPLOAD]
 
-    def allows_repo(self, repository):
+    def allows_repo(self, repository: Repository) -> bool:
         return repository in self.get_repositories()
 
     def get_repositories(self) -> List[Repository]:
         return [self._repository]
 
 
 class RepositoryLegacyQueryTokenAuthentication(authentication.BaseAuthentication):
-    def authenticate(self, request):
+    def authenticate(
+        self, request: HttpRequest
+    ) -> Optional[Tuple[RepositoryAsUser, LegacyTokenRepositoryAuth]]:
         token = request.GET.get("token")
         if not token:
             return None
@@ -150,22 +155,26 @@ def authenticate(self, request):
 
 
 class RepositoryLegacyTokenAuthentication(authentication.TokenAuthentication):
-    def authenticate_credentials(self, token):
+    def authenticate_credentials(
+        self, token: str
+    ) -> Optional[Tuple[RepositoryAsUser, LegacyTokenRepositoryAuth]]:
         try:
-            token = UUID(token)
-            repository = Repository.objects.get(upload_token=token)
+            token_uuid = UUID(token)
+            repository = Repository.objects.get(upload_token=token_uuid)
         except (ValueError, TypeError, Repository.DoesNotExist):
             return None  # continue to next auth class
         return (
             RepositoryAsUser(repository),
-            LegacyTokenRepositoryAuth(repository, {"token": token}),
+            LegacyTokenRepositoryAuth(repository, {"token": token_uuid}),
         )
 
 
 class RepositoryTokenAuthentication(authentication.TokenAuthentication):
     keyword = "Repotoken"
 
-    def authenticate_credentials(self, key):
+    def authenticate_credentials(
+        self, key: str
+    ) -> Optional[Tuple[RepositoryAsUser, TableTokenRepositoryAuth]]:
         try:
             token = RepositoryToken.objects.select_related("repository").get(key=key)
         except RepositoryToken.DoesNotExist:
@@ -182,7 +191,9 @@ def authenticate_credentials(self, key):
 
 
 class GlobalTokenAuthentication(authentication.TokenAuthentication):
-    def authenticate(self, request):
+    def authenticate(
+        self, request: HttpRequest
+    ) -> Optional[Tuple[RepositoryAsUser, LegacyTokenRepositoryAuth]]:
         global_tokens = get_global_tokens()
         token = self.get_token(request)
         using_global_token = token in global_tokens
@@ -219,7 +230,9 @@ def get_token(self, request: HttpRequest) -> str | None:
 
 
 class OrgLevelTokenAuthentication(authentication.TokenAuthentication):
-    def authenticate_credentials(self, key):
+    def authenticate_credentials(
+        self, key: str
+    ) -> Optional[Tuple[Owner, OrgLevelTokenRepositoryAuth]]:
         if is_uuid(key):  # else, continue to next auth class
             # Actual verification for org level tokens
             token = OrganizationLevelToken.objects.filter(token=key).first()
@@ -236,7 +249,9 @@ def authenticate_credentials(self, key):
 
 
 class GitHubOIDCTokenAuthentication(authentication.TokenAuthentication):
-    def authenticate_credentials(self, token):
+    def authenticate_credentials(
+        self, token: str
+    ) -> Optional[Tuple[RepositoryAsUser, OIDCTokenRepositoryAuth]]:
         if not token or is_uuid(token):
             return None  # continue to next auth class
 
@@ -283,7 +298,12 @@ def _get_info_from_request_path(
 
         return repo, commitid
 
-    def get_branch(self, request, repoid=None, commitid=None):
+    def get_branch(
+        self,
+        request: HttpRequest,
+        repoid: Optional[int] = None,
+        commitid: Optional[str] = None,
+    ) -> Optional[str]:
         if repoid and commitid:
             commit = Commit.objects.filter(
                 repository_id=repoid, commitid=commitid
@@ -299,7 +319,9 @@ def get_branch(self, request, repoid=None, commitid=None):
             else:
                 return body.get("branch")
 
-    def authenticate(self, request):
+    def authenticate(
+        self, request: HttpRequest
+    ) -> Tuple[RepositoryAsUser, TokenlessAuth]:
         repository, commitid = self._get_info_from_request_path(request)
 
         if repository is None or repository.private:
@@ -341,7 +363,12 @@ def _get_info_from_request_path(
             # Validate provider
             raise exceptions.AuthenticationFailed(self.auth_failed_message)
 
-    def get_branch(self, request, repoid=None, commitid=None):
+    def get_branch(
+        self,
+        request: HttpRequest,
+        repoid: Optional[int] = None,
+        commitid: Optional[str] = None,
+    ) -> str:
         body = json.loads(str(request.body, "utf8"))
 
         # If commit is not created yet (ie first upload for this commit), we just validate branch format.
@@ -419,7 +446,7 @@ class UploadTokenRequiredGetFromBodyAuthenticationCheck(
     then use the same authenticate() as parent class.
     """
 
-    def _get_git(self, validated_data):
+    def _get_git(self, validated_data: Dict[str, str]) -> Optional[str]:
         """
         BA sends this in as git_service, TA sends this in as service.
         Use this function so this Check class can be used by both views.

codecov_auth/commands/owner/interactors/get_uploads_number_per_user.py

@@ -1,3 +1,5 @@
+from typing import Optional
+
 from shared.plan.service import PlanService
 from shared.upload.utils import query_monthly_coverage_measurements
 
@@ -11,7 +13,7 @@
 
 class GetUploadsNumberPerUserInteractor(BaseInteractor):
     @sync_to_async
-    def execute(self, owner: Owner):
+    def execute(self, owner: Owner) -> Optional[int]:
         plan_service = PlanService(current_org=owner)
         monthly_limit = plan_service.monthly_uploads_limit
         if monthly_limit is not None: