Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
33 changes: 31 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,40 @@ jobs:
- name: Run flake8
run: flake8 services/flask-backend/app/ tests/smoke/ --count --select=E9,F63,F7,F82 --show-source

test-webui:
name: Test WebUI (Lint, TypeCheck, Build)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

- name: Set up Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: '22'
cache: 'npm'
cache-dependency-path: services/webui/package-lock.json

- name: Install dependencies
working-directory: services/webui
run: npm ci

- name: Run ESLint
working-directory: services/webui
run: npm run lint

- name: Run TypeCheck
working-directory: services/webui
run: npm run typecheck

- name: Build WebUI
working-directory: services/webui
run: npm run build

test:
name: Run Tests
runs-on: ubuntu-latest
needs: lint
needs: [lint, test-webui]
steps:
- name: Checkout code
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
Expand Down Expand Up @@ -296,7 +326,6 @@ jobs:
docker build \
-f services/webui/Dockerfile \
-t current-webui:ci \
--build-arg NODE_AUTH_TOKEN="${{ secrets.NODE_AUTH_TOKEN }}" \
.

- name: Load images into kind
Expand Down
7 changes: 7 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -209,3 +209,10 @@ cython_debug/
marimo/_static/
marimo/_lsp/
__marimo__/

# Node.js / npm
node_modules/
*.tgz
# Vendored until @penguintechinc/react-libs is published to public npm (TODO: FC2)
!services/webui/penguintechinc-react-libs-1.1.5.tgz
.npmrc
13 changes: 12 additions & 1 deletion k8s/helm/flask-backend/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Create a default fully qualified app name.
Create chart name and version as used by the chart label.
*/}}
{{- define "flask-backend.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- printf "%s-%s" .Chart.Name .Chart.AppVersion | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Expand Down Expand Up @@ -58,3 +58,14 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{/*
Return the secret name for credentials (either existing or chart-rendered)
*/}}
{{- define "flask-backend.secretName" -}}
{{- if .Values.existingSecret }}
{{- .Values.existingSecret }}
{{- else }}
{{- printf "%s-secret" (include "flask-backend.fullname" .) }}
{{- end }}
{{- end }}
25 changes: 24 additions & 1 deletion k8s/helm/flask-backend/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,13 @@ spec:
- name: flask-backend
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.image.digest }}
# Pull by digest when specified (production)
image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}"
{{- else }}
# Pull by tag (development)
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
Expand All @@ -53,7 +59,24 @@ spec:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- toYaml .Values.env | nindent 12 }}
{{- range .Values.env }}
- name: {{ .name }}
{{- if .value }}
value: {{ .value | quote }}
{{- else if .valueFrom }}
valueFrom:
{{- if .valueFrom.secretKeyRef }}
secretKeyRef:
# Use existingSecret if provided; otherwise use chart-rendered secret
name: {{ include "flask-backend.secretName" $ }}
key: {{ .valueFrom.secretKeyRef.key }}
{{- else if .valueFrom.configMapKeyRef }}
configMapKeyRef:
name: {{ .valueFrom.configMapKeyRef.name }}
key: {{ .valueFrom.configMapKeyRef.key }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
Expand Down
2 changes: 2 additions & 0 deletions k8s/helm/flask-backend/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -10,3 +11,4 @@ data:
{{- range $key, $value := .Values.secretData }}
{{ $key }}: {{ $value | b64enc | quote }}
{{- end }}
{{- end }}
7 changes: 6 additions & 1 deletion k8s/helm/flask-backend/values-prod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,12 @@ replicaCount: 3

image:
repository: current/flask-backend
tag: latest
tag: "" # Must be set by CI/Renovate
digest: "sha256:PIN_ME" # TODO(pin): CI to replace with actual digest

# Use external secret in production (secrets managed separately from Helm)
# Set to the name of a pre-existing secret with keys: secret-key, password-salt, db-user, db-pass, license-key
existingSecret: "current-backend-secrets"

resources:
limits:
Expand Down
9 changes: 7 additions & 2 deletions k8s/helm/flask-backend/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ image:
repository: current/flask-backend
pullPolicy: IfNotPresent
tag: latest
digest: "" # Set by CI/Renovate for prod; when set, image is pulled by digest instead of tag

# Use external secret for sensitive credentials in prod
# Set to the name of an existing secret; if empty, chart renders secretData inline
existingSecret: ""

imagePullSecrets: []
nameOverride: ""
Expand Down Expand Up @@ -81,12 +86,12 @@ env:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: flask-backend-secret
name: flask-backend-secret # Updated by deployment template to use existingSecret if set
key: secret-key
- name: SECURITY_PASSWORD_SALT
valueFrom:
secretKeyRef:
name: flask-backend-secret
name: flask-backend-secret # Updated by deployment template to use existingSecret if set
key: password-salt
- name: DB_TYPE
valueFrom:
Expand Down
13 changes: 12 additions & 1 deletion k8s/helm/go-backend/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Create a default fully qualified app name.
Create chart name and version as used by the chart label.
*/}}
{{- define "go-backend.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- printf "%s-%s" .Chart.Name .Chart.AppVersion | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Expand Down Expand Up @@ -58,3 +58,14 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{/*
Return the secret name for credentials (either existing or chart-rendered)
*/}}
{{- define "go-backend.secretName" -}}
{{- if .Values.existingSecret }}
{{- .Values.existingSecret }}
{{- else }}
{{- printf "%s-secret" (include "go-backend.fullname" .) }}
{{- end }}
{{- end }}
25 changes: 24 additions & 1 deletion k8s/helm/go-backend/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,13 @@ spec:
- name: go-backend
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.image.digest }}
# Pull by digest when specified (production)
image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}"
{{- else }}
# Pull by tag (development)
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
Expand All @@ -53,7 +59,24 @@ spec:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- toYaml .Values.env | nindent 12 }}
{{- range .Values.env }}
- name: {{ .name }}
{{- if .value }}
value: {{ .value | quote }}
{{- else if .valueFrom }}
valueFrom:
{{- if .valueFrom.secretKeyRef }}
secretKeyRef:
# Use existingSecret if provided; otherwise use chart-rendered secret
name: {{ include "go-backend.secretName" $ }}
key: {{ .valueFrom.secretKeyRef.key }}
{{- else if .valueFrom.configMapKeyRef }}
configMapKeyRef:
name: {{ .valueFrom.configMapKeyRef.name }}
key: {{ .valueFrom.configMapKeyRef.key }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
Expand Down
2 changes: 2 additions & 0 deletions k8s/helm/go-backend/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -10,3 +11,4 @@ data:
{{- range $key, $value := .Values.secretData }}
{{ $key }}: {{ $value | b64enc | quote }}
{{- end }}
{{- end }}
7 changes: 6 additions & 1 deletion k8s/helm/go-backend/values-prod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,12 @@ replicaCount: 3

image:
repository: current/go-backend
tag: latest
tag: "" # Must be set by CI/Renovate
digest: "sha256:PIN_ME" # TODO(pin): CI to replace with actual digest

# Use external secret in production (secrets managed separately from Helm)
# Set to the name of a pre-existing secret with keys: db-user, db-pass, license-key
existingSecret: "current-backend-secrets"

resources:
limits:
Expand Down
5 changes: 5 additions & 0 deletions k8s/helm/go-backend/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ image:
repository: current/go-backend
pullPolicy: IfNotPresent
tag: latest
digest: "" # Set by CI/Renovate for prod; when set, image is pulled by digest instead of tag

# Use external secret for sensitive credentials in prod
# Set to the name of an existing secret with keys: db-user, db-pass, license-key
existingSecret: ""

imagePullSecrets: []
nameOverride: ""
Expand Down
6 changes: 6 additions & 0 deletions k8s/helm/webui/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,13 @@ spec:
- name: webui
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- if .Values.image.digest }}
# Pull by digest when specified (production)
image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}"
{{- else }}
# Pull by tag (development)
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
Expand Down
3 changes: 2 additions & 1 deletion k8s/helm/webui/values-prod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ replicaCount: 3

image:
repository: current/webui
tag: latest
tag: "" # Must be set by CI/Renovate
digest: "sha256:PIN_ME" # TODO(pin): CI to replace with actual digest

resources:
limits:
Expand Down
1 change: 1 addition & 0 deletions k8s/helm/webui/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ image:
repository: current/webui
pullPolicy: IfNotPresent
tag: latest
digest: "" # Set by CI/Renovate for prod; when set, image is pulled by digest instead of tag

imagePullSecrets: []
nameOverride: ""
Expand Down
1 change: 0 additions & 1 deletion node_modules/.bin/acorn

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/baseline-browser-mapping

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/browserslist

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/conc

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/concurrently

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/create-jest

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/eslint

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/eslint-config-prettier

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/esparse

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/esvalidate

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/import-local-fixture

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/jest

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/js-yaml

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/jsesc

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/json5

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/mime

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/node-which

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/nodemon

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/nodetouch

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/parser

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/playwright

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/playwright-core

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/prettier

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/resolve

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/semver

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/tree-kill

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/ts-node

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/ts-node-cwd

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/ts-node-esm

This file was deleted.

1 change: 0 additions & 1 deletion node_modules/.bin/ts-node-script

This file was deleted.

Loading