Conversation
This pull request introduces several significant changes focused on improving code quality, security, and automation in the project. The main highlights are the addition of new GitHub Actions workflows for deployment and branch protection, a refactor and consolidation of dependency management in the API, and the cleanup of legacy or unused scripts and modules.
CI/CD and Branch Protection Automation:
Added a new GitHub Actions workflow (.github/workflows/CD-workflow.yml) that automates the continuous deployment process. This workflow checks out the repository, sets up Docker Buildx, prepares environment files, and rebuilds/redeploys the Docker stack on pushes to the main branch.
Introduced a new branch gatekeeper workflow (.github/workflows/check-merge-rules.yml) to enforce that only the dev branch or branches starting with hotfix can be merged into main, enhancing branch protection.
Minor update to existing branch check workflow (.github/workflows/check-branch.yml) by removing a redundant echo statement for cleaner output.
API Dependency and Security Refactoring:
Replaced the legacy api/src/core/deps.py with a new, more robust api/src/core/dependencies.py. The new module uses stricter token verification (via JWKS), introduces URL-safe realm handling, and provides improved dependency injection patterns for database sessions and realm extraction.
Removed the unused or legacy api/src/core/org_manager.py module, which previously handled Keycloak operations for org managers. Its removal suggests a shift toward a more centralized or secure approach for these operations.
Codebase Cleanup and Maintenance:
Deleted the api/fetch_defaults.py and api/reproduce_issue.py scripts, indicating they are no longer needed for the current workflow or have been superseded by other mechanisms.
Cleaned up the database initialization logic in api/src/core/db.py by removing unnecessary model import comments and obsolete test code for sending profiles.
CI/CD and Workflow Automation
Added a new CD workflow for automated Docker-based deployment on main branch pushes (.github/workflows/CD-workflow.yml).
Introduced a branch gatekeeper workflow to restrict merges into main to only dev or hotfix branches (.github/workflows/check-merge-rules.yml).
Minor cleanup in branch check workflow for clearer output (.github/workflows/check-branch.yml).
API Dependency and Security Improvements
Replaced api/src/core/deps.py with api/src/core/dependencies.py, improving token verification, dependency injection, and security for realm extraction.
Removed api/src/core/org_manager.py, consolidating or deprecating legacy Keycloak management logic.
General Cleanup
Deleted legacy scripts: api/fetch_defaults.py and api/reproduce_issue.py.
Cleaned up database initialization and removed obsolete test code in api/src/core/db.py.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.