Merge pull request #1 from uc-cdis/feat/init

Feat/init

Author: Avantol13

.dockerignore

@@ -0,0 +1,5 @@
+# Ignore unnecessary files inside allowed directories
+# This should go after the allowed directories
+**/*.pyc
+**/*.egg-info
+**/__pycache__

.github/workflows/automation.yml

@@ -0,0 +1,117 @@
+# push will run on every pushed commit to any branch (so this will rerun the tests
+# once a branch gets merged to main in addition to any new commits on any branch)
+on: push
+
+name: Automation
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+jobs:
+  post-commit-check:
+    name: Post-Commit Validation of Pre-Commit Checks (Includes Linting)
+    uses: uc-cdis/.github/.github/workflows/pre_commit.yaml@fix/linting
+    with:
+      UV_VERSION: '0.10.9'
+      JUST_VERSION: '1.46.0'
+    secrets: inherit
+
+  security:
+    name: Security Pipeline
+    uses: uc-cdis/.github/.github/workflows/securitypipeline.yaml@master
+    with:
+       python-poetry: 'true'
+    secrets: inherit
+
+  unit-test:
+    name: Python Unit Test
+    # TODO: enable when security and post-commit work reliably
+    # needs: [ security, post-commit-check ]
+    runs-on: ubuntu-latest
+    env:
+      UV_VERSION: '0.10.9'
+      JUST_VERSION: '1.46.0'
+      PYTHON_VERSION: '3.13'
+      PGHOST: 'localhost'
+      PGPORT: 5432
+      PGUSER: 'postgres'
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Set up python
+        uses: actions/setup-python@v6
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: python info
+        run: python --version
+
+      - name: Install uv
+        run: |
+          curl -LsSf https://astral.sh/uv/${{ env.UV_VERSION }}/install.sh | sh
+
+      - uses: taiki-e/install-action@v2
+        with:
+          tool: just@${{ env.JUST_VERSION }}
+
+      - name: just setup
+        run: |
+          just setup
+
+      - name: just install
+        run: |
+          just install
+
+      - name: just test
+        run: |
+          just test
+
+  image-build-push-1:
+    name: Build Image and Push - Gen3 Embeddings
+    uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@fix/linting
+    needs: [post-commit-check, security, unit-test]
+    with:
+      BUILD_PLATFORMS: "linux/amd64"
+      DOCKERFILE_BUILD_CONTEXT: '.'
+      BUILD_ARGS: SERVICE_NAME=gen3_embeddings
+      OVERRIDE_REPO_NAME: gen3_embeddings
+    secrets:
+      ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+      ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+      QUAY_ROBOT_TOKEN: ${{ secrets.QUAY_ROBOT_TOKEN }}
+
+  image-build-push-2:
+    name: Build Image and Push - Gen3 Inference
+    uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@fix/linting
+    needs: [post-commit-check, security, unit-test]
+    with:
+      BUILD_PLATFORMS: "linux/amd64"
+      DOCKERFILE_BUILD_CONTEXT: '.'
+      BUILD_ARGS: SERVICE_NAME=gen3_inference
+      OVERRIDE_REPO_NAME: gen3_inference
+    secrets:
+      ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+      ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+      QUAY_ROBOT_TOKEN: ${{ secrets.QUAY_ROBOT_TOKEN }}
+
+  image-build-push-3:
+    name: Build Image and Push - Gen3 AI Model Repo
+    uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@fix/linting
+    needs: [post-commit-check, security, unit-test]
+    with:
+      BUILD_PLATFORMS: "linux/amd64"
+      DOCKERFILE_BUILD_CONTEXT: '.'
+      BUILD_ARGS: SERVICE_NAME=gen3_ai_model_repo
+      OVERRIDE_REPO_NAME: gen3_ai_model_repo
+    secrets:
+      ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+      ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+      QUAY_ROBOT_TOKEN: ${{ secrets.QUAY_ROBOT_TOKEN }}

.github/workflows/markdown_validation.yml

@@ -0,0 +1,16 @@
+name: Markdown validation
+
+on:
+  pull_request:
+    types:
+    - opened
+    - reopened
+    - synchronize
+    paths:
+    - .github/workflows/validate_markdown.yaml
+    - "**.md"
+
+jobs:
+  markdown_validation:
+    name: Markdown validation
+    uses: uc-cdis/.github/.github/workflows/validate_markdown.yaml@master

.gitignore

@@ -182,9 +182,9 @@ cython_debug/
 .abstra/
 
 # Visual Studio Code
-#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore
 #  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
-#  and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#  and can be added to the global gitignore or merged into this file. However, if you prefer,
 #  you could uncomment the following to ignore the entire vscode folder
 # .vscode/
 
@@ -205,3 +205,7 @@ cython_debug/
 marimo/_static/
 marimo/_lsp/
 __marimo__/
+
+
+# Other
+.DS_Store

.justfile_helpers.bash

@@ -0,0 +1,114 @@
+# setup some color to help differentiate between services and tool runs
+# should default to normal colors if terminal doesn't support
+is_tty() { [[ -t 1 ]] && [[ -t 0 ]]; }
+if is_tty; then
+    RED=$(tput setaf 1)
+    GREEN=$(tput setaf 2)
+    YELLOW=$(tput setaf 3)
+    BLUE=$(tput setaf 4)
+    PURPLE=$(tput setaf 5)
+    CYAN=$(tput setaf 6)
+    RESET=$(tput sgr0)
+else
+    RED='' GREEN='' YELLOW='' BLUE='' PURPLE='' CYAN='' RESET=''
+fi
+
+# utility for adding color and a border to a message
+print_header() {
+  local command=$1
+  local message_left=$2
+  local service=$3
+  local message_right=$4
+  local type=${5:-default}
+
+  local color
+  case "$type" in
+    error)   color="${RED}" ;;
+    success) color="${GREEN}" ;;
+    # anything else (default)
+    *)       color="${PURPLE}" ;;
+  # I hate bash syntax. esac...
+  esac
+
+  # fallback width
+  local cols=$(tput cols 2>/dev/null || echo 100)
+  if (( cols <= 0 )); then cols=100; fi
+
+  local visible_length=$(
+    echo -ne "$command$message_left$service$message_right" |
+    sed -r 's/\x1b\[[0-9;]*m//g' |
+    wc -c)
+
+  # dashes on each side
+  local left_dashes=$(( (cols - visible_length) / 2 ))
+  local message_right_dashes=$(( cols - visible_length - left_dashes ))
+
+  # print the dashes, the coloured parts, then the message_right-side dashes
+  printf '%b' "${color}"
+  printf '%*s' "$left_dashes" '' | tr ' ' '-'
+  printf '%b' " ${BLUE}$command ${color}$message_left ${CYAN}$service ${color}$message_right "
+  printf '%*s\n' "$message_right_dashes" '' | tr ' ' '-'
+  printf '%b' "${RESET}"
+}
+
+
+print_message() {
+  local message=$1
+  local type=${2:-info}
+
+  # Choose color based on type
+  local color
+  case "$type" in
+    error) color="${RED}" ;;
+    *)     color="${GREEN}" ;;  # anything else (info, success, etc.)
+  esac
+
+  # fallback width
+  local cols=$(tput cols 2>/dev/null || echo 100)
+  if (( cols <= 0 )); then cols=100; fi
+
+  local visible_length=$(
+    echo -ne "$message" |
+    sed -r 's/\x1b\[[0-9;]*m//g' |
+    wc -c
+  )
+  local left_spaces=$(( (cols - visible_length) / 2 ))
+  local right_spaces=$(( cols - visible_length - left_spaces ))
+
+  printf '%b' "${color}"
+  printf '%*s' "$left_spaces" '' | tr ' ' ' '
+  printf '%b' " ** $message ** "
+  printf '%*s\n' "$right_spaces" '' | tr ' ' ' '
+  printf '%b' "${RESET}"
+  echo
+}
+
+report_error_or_success() {
+  local status=$1
+  local command=$2
+  local message_left=$3
+  local service=$4
+  local message_right=$5
+
+  echo
+  if [ $status -ne 0 ]; then
+    print_header "$command" "ERROR: $message_left" "$service" "$message_right" "error"
+  else
+    print_header "$command" "SUCCESS: $message_left" "$service" "$message_right" "success"
+  fi
+  echo
+}
+
+report_error_if_failed() {
+  local status=$1
+  local command=$2
+  local message_left=$3
+  local service=$4
+  local message_right=$5
+
+  if [ $status -ne 0 ]; then
+    echo
+    print_header "$command" "ERROR: $message_left" "$service" "$message_right" "error"
+    echo
+  fi
+}

.pre-commit-config.yaml

@@ -0,0 +1,22 @@
+repos:
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ["--baseline", ".secrets.baseline"]
+        exclude: poetry.lock
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: no-commit-to-branch
+        args: [--branch, develop, --branch, master, --branch, main, --pattern, release/.*]
+  - repo: local
+    hooks:
+    -   id: lint
+        name: lint
+        entry: uv run just lint
+        language: python
+        types: [python]
+        pass_filenames: false

.python-version

@@ -0,0 +1 @@
+3.13