From 58fb5be7316d0f02e6ddf06e1ba3fe8987d64915 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 01/17] feature: create a rock for the application --- .gitignore | 4 ++++ rockcraft.yaml | 42 ++++++++++++++++++++++++++++++++++++++++++ security.txt | 3 +++ 3 files changed, 49 insertions(+) create mode 100644 rockcraft.yaml create mode 100644 security.txt diff --git a/.gitignore b/.gitignore index 0528c369f5..ed3a53bf4f 100644 --- a/.gitignore +++ b/.gitignore @@ -70,3 +70,7 @@ coverage/ .webcache_blog/ .coverage cypress/screenshots/ + +# Charming artifacts +*.charm +*.rock diff --git a/rockcraft.yaml b/rockcraft.yaml new file mode 100644 index 0000000000..6cf93c4d0f --- /dev/null +++ b/rockcraft.yaml @@ -0,0 +1,42 @@ +name: snapcraft-io +base: bare +build-base: ubuntu@22.04 +version: "0.1" +summary: Rocked snapcraft.io +description: | + This is the rockcraft for the snapcraft.io website. +platforms: + amd64: + arm64: + +extensions: + - flask-framework + +parts: + build-ui: + plugin: nil + source: . + source-type: local + build-snaps: + - node/22/stable + override-build: | + set -eux + # install dependencies + npm install -g yarn + yarn install + # build the UI + yarn run build + # mkdir -p "$CRAFT_PART_INSTALL/flask/app" + # cp -r static "$CRAFT_PART_INSTALL/flask/app/" + flask-framework/install-app: + after: + - build-ui + prime: + - flask/app/.env + - flask/app/app.py + - flask/app/webapp + - flask/app/templates + - flask/app/static + - flask/app/redirects.yaml + - flask/app/security.txt + - flask/app/robots.txt diff --git a/security.txt b/security.txt new file mode 100644 index 0000000000..297fe8cc45 --- /dev/null +++ b/security.txt @@ -0,0 +1,3 @@ +Contact: mailto:security@ubuntu.com +Expires: 2025-08-01T00:00:00.000Z +Preferred-Languages: en From c9304b4e71136347bfe5987c597f5b0db305b154 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 02/17] feature: create charm for deployment --- app.py | 15 ++++++++++++ charm/.gitignore | 10 ++++++++ charm/README.md | 55 ++++++++++++++++++++++++++++++++++++++++++ charm/charmcraft.yaml | 24 ++++++++++++++++++ charm/requirements.txt | 2 ++ charm/src/charm.py | 28 +++++++++++++++++++++ 6 files changed, 134 insertions(+) create mode 100644 app.py create mode 100644 charm/.gitignore create mode 100644 charm/README.md create mode 100644 charm/charmcraft.yaml create mode 100644 charm/requirements.txt create mode 100755 charm/src/charm.py diff --git a/app.py b/app.py new file mode 100644 index 0000000000..4ffb8f4f21 --- /dev/null +++ b/app.py @@ -0,0 +1,15 @@ +# This file serves as an entry point for the rock image. It is required by the PaaS app charmer. +# The flask application must be defined in this file under the variable name `app`. +# See - https://documentation.ubuntu.com/rockcraft/en/latest/reference/extensions/flask-framework/ +import os +import logging + +# canonicalwebteam.flask-base requires SECRET_KEY to be set, this must be done before importing the app +os.environ["SECRET_KEY"] = os.environ["FLASK_SECRET_KEY"] + +# disable talisker logger, as it is not used in this application and clutters logs +logging.getLogger("talisker.context").disabled = True + +from webapp.app import create_app + +app = create_app() \ No newline at end of file diff --git a/charm/.gitignore b/charm/.gitignore new file mode 100644 index 0000000000..4b851d2e2d --- /dev/null +++ b/charm/.gitignore @@ -0,0 +1,10 @@ +venv/ +build/ +*.charm +.tox/ +.coverage +__pycache__/ +*.py[cod] +.idea +.vscode/ +lib/ \ No newline at end of file diff --git a/charm/README.md b/charm/README.md new file mode 100644 index 0000000000..9c2b5f41ea --- /dev/null +++ b/charm/README.md @@ -0,0 +1,55 @@ +# The Charm for the snapcraft.io website + +This charm was created using the [PaaS App Charmer](https://juju.is/docs/sdk/paas-charm) + +## Local development + +To work on this charm locally, you first need to set up an environment, follow [this section](https://juju.is/docs/sdk/write-your-first-kubernetes-charm-for-a-flask-app#heading--set-things-up) of the tutorial. + +Then, you can run the following command to pack and upload the rock: + +```bash +rockcraft pack +rockcraft.skopeo --insecure-policy copy --dest-tls-verify=false oci-archive:snapcraft-io*.rock docker://localhost:32000/snapcraft-io:1 +``` + +This will pack the application into a [rock](https://documentation.ubuntu.com/rockcraft/en/latest/explanation/rocks/) (OCI image) and upload it to the local registry. + +You can deploy the charm locally with: + +```bash +cd charm +charmcraft fetch-libs +charmcraft pack +juju deploy ./*.charm --resource flask-app-image=localhost:32000/snapcraft-io:1 +``` + +This will deploy the charm with the rock image you just uploaded attached as a resource. + +once `juju status` reports the charm as `active`, you can test the webserver: + +```bash +curl {IP_OF_SNAPCRAFT_IO_UNIT}:8000 +``` + +to connect using a browser, the easiest way is to integrate with `nginx-ingress-integrator`: + +```bash +juju deploy nginx-ingress-integrator --trust +juju config nginx-ingress-integrator service-hostname=snapcraft.local path-routes=/ +juju integrate nginx-ingress-integrator snapcraft-io +``` + +You can then add `snapcraft.local` to your `/etc/hosts` file with the IP of the multipass vm: + +```bash +multipass ls # Get the IP of the VM +echo "{IP_OF_VM} snapcraft.local" | sudo tee -a /etc/hosts +``` + +> Note: login will not work using this setup, if you'd like to access publisher pages, change the domain to `staging.snapcraft.io`, but make sure to remove the line from `/etc/hosts/` after you're done. + + +## Design Decisions: +- To keep the codebase clean and charm libraries updated, they are only fetched before packing the charm in the [Github Actions workflow](https://github.com/canonical/snapcraft.io/blob/main/.github/workflows/publish_charm.yaml#L25). +- As all our work is open source, the charm is publicly available on [snapcraft](https://charmhub.io/snapcraft-io), the rock image is also included as a resource. This significantly simplifies deployment. diff --git a/charm/charmcraft.yaml b/charm/charmcraft.yaml new file mode 100644 index 0000000000..8f9dde3d21 --- /dev/null +++ b/charm/charmcraft.yaml @@ -0,0 +1,24 @@ +name: snapcraft-io + +type: charm + +bases: + - build-on: + - name: ubuntu + channel: "22.04" + run-on: + - name: ubuntu + channel: "22.04" + +summary: The charm for the snapcraft.io website + +description: The charm for the snapcraft.io website, built with the PaaS app charmer + +extensions: + - flask-framework + +requires: + tracing: + interface: tracing + optional: true + limit: 1 diff --git a/charm/requirements.txt b/charm/requirements.txt new file mode 100644 index 0000000000..d58a30c218 --- /dev/null +++ b/charm/requirements.txt @@ -0,0 +1,2 @@ +ops ~= 2.17 +paas-charm>=1.0,<2 diff --git a/charm/src/charm.py b/charm/src/charm.py new file mode 100755 index 0000000000..da39b38be7 --- /dev/null +++ b/charm/src/charm.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python3 + +"""Flask Charm entrypoint.""" + +import logging +import typing + +import ops + +import paas_charm.flask + +logger = logging.getLogger(__name__) + + +class CharmCharm(paas_charm.flask.Charm): + """Flask Charm service.""" + + def __init__(self, *args: typing.Any) -> None: + """Initialize the instance. + + Args: + args: passthrough to CharmBase. + """ + super().__init__(*args) + + +if __name__ == "__main__": + ops.main(CharmCharm) From d0880ba1133821dad3316fbd1ad21599922245ce Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 03/17] feature: github actions for rock test on PR and deploy --- .github/workflows/deploy.yaml | 51 +++++++++++++++++++++++++++++++++++ .github/workflows/pr.yml | 14 ++++++++++ 2 files changed, 65 insertions(+) create mode 100644 .github/workflows/deploy.yaml diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 0000000000..1dbcd68708 --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,51 @@ +name: Pack and Deploy + +on: + push: + branches: + - main + - staging + - charmed-snapcraft-io # TODO: REMOVE THIS + workflow_dispatch: + inputs: + environment: + description: 'Environment (Production or Staging)' + required: true + type: choice + options: + - Production + - Staging +jobs: + setup: + runs-on: ubuntu-latest + environment: ${{ github.event.inputs.environment != '' && github.event.inputs.environment || (github.ref == 'refs/heads/main' && 'Production' || 'Staging') }} + outputs: + charm_name: ${{ steps.setup-vars.outputs.charm_name }} + channel: ${{ steps.setup-vars.outputs.channel }} + juju_controller_name: ${{ steps.setup-vars.outputs.juju_controller_name }} + juju_model_name: ${{ steps.setup-vars.outputs.juju_model_name }} + environment: ${{ steps.setup-vars.outputs.environment }} + steps: + - name: setup vars + id: setup-vars + run: | + echo "charm_name=${{ vars.CHARM_NAME }}" >> $GITHUB_OUTPUT + echo "channel=${{ vars.CHANNEL }}" >> $GITHUB_OUTPUT + echo "juju_controller_name=${{ vars.JUJU_CONTROLLER_NAME }}" >> $GITHUB_OUTPUT + echo "juju_model_name=${{ vars.JUJU_MODEL_NAME }}" >> $GITHUB_OUTPUT + echo "environment=${{ github.event.inputs.environment != '' && github.event.inputs.environment || (github.ref == 'refs/heads/main' && 'Production' || 'Staging') }}" >> $GITHUB_OUTPUT + + deploy: + needs: setup + name: Deploy + uses: canonical/webteam-devops/.github/workflows/deploy.yaml@main + with: + environment: ${{ needs.setup.outputs.environment }} + charm_name: ${{ needs.setup.outputs.charm_name }} + channel: ${{ needs.setup.outputs.channel }} + juju_controller_name: ${{ needs.setup.outputs.juju_controller_name }} + juju_model_name: ${{ needs.setup.outputs.juju_model_name }} + secrets: + VAULT_APPROLE_ROLE_ID: ${{ secrets.VAULT_APPROLE_ROLE_ID }} + VAULT_APPROLE_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }} + CHARMHUB_TOKEN: ${{ secrets.CHARMHUB_TOKEN }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 43da5d43ca..2c84bf2fb7 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -74,6 +74,20 @@ jobs: docker run --network="host" -v .:/app cypress/base:22.18.0 \ bash "-c" "cd /app && npx cypress install && yarn run test-e2e" + pack-rock: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup LXD + uses: canonical/setup-lxd@main + + - name: Setup rockcraft + run: sudo snap install rockcraft --classic + + - name: Pack rock + run: rockcraft pack + lint-python: runs-on: ubuntu-latest permissions: From 3c508ee0595cbaa497992a5f96aba26fdd807a56 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 04/17] fix: copy static files correctly in rockcraft config --- rockcraft.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rockcraft.yaml b/rockcraft.yaml index 6cf93c4d0f..4dcb4438b6 100644 --- a/rockcraft.yaml +++ b/rockcraft.yaml @@ -26,8 +26,8 @@ parts: yarn install # build the UI yarn run build - # mkdir -p "$CRAFT_PART_INSTALL/flask/app" - # cp -r static "$CRAFT_PART_INSTALL/flask/app/" + mkdir -p "$CRAFT_PART_INSTALL/flask/app" + cp -r static "$CRAFT_PART_INSTALL/flask/app/" flask-framework/install-app: after: - build-ui @@ -36,7 +36,7 @@ parts: - flask/app/app.py - flask/app/webapp - flask/app/templates - - flask/app/static + # - flask/app/static # it already gets copied in the build-ui step - flask/app/redirects.yaml - flask/app/security.txt - flask/app/robots.txt From a86691627044917d01d6424d32abdad71836a9fa Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 05/17] fix: cleanup before merging into deploy branches --- .github/workflows/deploy.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 1dbcd68708..45741fa66b 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -5,7 +5,6 @@ on: branches: - main - staging - - charmed-snapcraft-io # TODO: REMOVE THIS workflow_dispatch: inputs: environment: From fcc8c67a6e18f191f0e06f9d163d2bd7f4504c78 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 06/17] fix: add deleted.yaml to rock --- rockcraft.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/rockcraft.yaml b/rockcraft.yaml index 4dcb4438b6..8fbfebc1e1 100644 --- a/rockcraft.yaml +++ b/rockcraft.yaml @@ -37,6 +37,7 @@ parts: - flask/app/webapp - flask/app/templates # - flask/app/static # it already gets copied in the build-ui step + - flask/app/deleted.yaml - flask/app/redirects.yaml - flask/app/security.txt - flask/app/robots.txt From 0030ae3de85175c452f1ae752faf8aa7a60da4a6 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 07/17] fix: disable charm tracing interface --- charm/charmcraft.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/charm/charmcraft.yaml b/charm/charmcraft.yaml index 8f9dde3d21..8aa317b5fb 100644 --- a/charm/charmcraft.yaml +++ b/charm/charmcraft.yaml @@ -17,8 +17,8 @@ description: The charm for the snapcraft.io website, built with the PaaS app cha extensions: - flask-framework -requires: - tracing: - interface: tracing - optional: true - limit: 1 +# requires: +# tracing: +# interface: tracing +# optional: true +# limit: 1 From 413a234de974aca6ee8e4a8392c282564eeb39e1 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 08/17] fix: rename charm class --- charm/src/charm.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/charm/src/charm.py b/charm/src/charm.py index da39b38be7..0694563ff8 100755 --- a/charm/src/charm.py +++ b/charm/src/charm.py @@ -12,7 +12,7 @@ logger = logging.getLogger(__name__) -class CharmCharm(paas_charm.flask.Charm): +class SnapcraftCharm(paas_charm.flask.Charm): """Flask Charm service.""" def __init__(self, *args: typing.Any) -> None: @@ -25,4 +25,5 @@ def __init__(self, *args: typing.Any) -> None: if __name__ == "__main__": - ops.main(CharmCharm) + ops.main(SnapcraftCharm) + From a2b44d0d3e0a7c2c6ea84f9b178d2a9990eaf19a Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 09/17] fix: update PaaS charm link --- charm/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charm/README.md b/charm/README.md index 9c2b5f41ea..28fd55b133 100644 --- a/charm/README.md +++ b/charm/README.md @@ -1,6 +1,6 @@ # The Charm for the snapcraft.io website -This charm was created using the [PaaS App Charmer](https://juju.is/docs/sdk/paas-charm) +This charm was created using the [PaaS App Charmer](https://canonical-12-factor-app-support.readthedocs-hosted.com/latest/) ## Local development From 99d5d0ad1f8e80243b0db8f393c3bc8b17bef67a Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 10/17] fix: added env variables to charmcraft.yaml --- charm/charmcraft.yaml | 79 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 75 insertions(+), 4 deletions(-) diff --git a/charm/charmcraft.yaml b/charm/charmcraft.yaml index 8aa317b5fb..e057f83f22 100644 --- a/charm/charmcraft.yaml +++ b/charm/charmcraft.yaml @@ -4,11 +4,11 @@ type: charm bases: - build-on: - - name: ubuntu - channel: "22.04" + - name: ubuntu + channel: "22.04" run-on: - - name: ubuntu - channel: "22.04" + - name: ubuntu + channel: "22.04" summary: The charm for the snapcraft.io website @@ -17,6 +17,77 @@ description: The charm for the snapcraft.io website, built with the PaaS app cha extensions: - flask-framework +config: + options: + sentry-dsn: + description: "" + type: string + + environment: + description: "" + default: "production" + type: string + + marketo-client-id: + description: "" + type: string + + marketo-client-secret: + description: "" + type: string + + github-client-id: + description: "" + type: string + + github-client-secret: + description: "" + type: string + + github-snapcraft-user-token: + description: "" + type: string + + github-snapcraft-bot-user-token: + description: "" + type: string + + github-webhook-secret: + description: "" + type: string + + github-webhook-host-url: + description: "" + type: string + + lp-api-username: + description: "" + type: string + + lp-api-token: + description: "" + type: string + + lp-api-token-secret: + description: "" + type: string + + youtube-api-key: + description: "" + type: string + + discourse-api-key: + description: "" + type: string + + discourse-api-username: + description: "" + type: string + + dns-verification-salt: + description: "" + type: string + # requires: # tracing: # interface: tracing From 5d93e46a01097603bd1128435ee134bf87d10de9 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 11/17] fix: import webapp.config at the top of app module --- webapp/app.py | 1 + 1 file changed, 1 insertion(+) diff --git a/webapp/app.py b/webapp/app.py index 00082e7764..3345286582 100644 --- a/webapp/app.py +++ b/webapp/app.py @@ -11,6 +11,7 @@ import sentry_sdk from canonicalwebteam.flask_base.app import FlaskBase +import webapp.config from webapp.blog.views import init_blog from webapp.docs.views import init_docs from webapp.extensions import csrf From bc4d1796f1a2f9eb6bd75e659cc63e0c0c2cec1e Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 12/17] chore: remove unused env var --- konf/site.yaml | 5 ----- konf/staging-api.snapcraft.io.yaml | 5 ----- webapp/config.py | 5 ----- 3 files changed, 15 deletions(-) diff --git a/konf/site.yaml b/konf/site.yaml index 226322f8ee..66cd2d883d 100644 --- a/konf/site.yaml +++ b/konf/site.yaml @@ -21,11 +21,6 @@ env: &env key: marketo_client_secret name: snapcraft-io - - name: SEARCH_API_KEY - secretKeyRef: - key: google-custom-search-key - name: google-api - - name: GITHUB_CLIENT_ID secretKeyRef: key: github-client-id diff --git a/konf/staging-api.snapcraft.io.yaml b/konf/staging-api.snapcraft.io.yaml index d11d145abc..999073e9fb 100644 --- a/konf/staging-api.snapcraft.io.yaml +++ b/konf/staging-api.snapcraft.io.yaml @@ -33,11 +33,6 @@ env: key: marketo_client_secret name: snapcraft-io - - name: SEARCH_API_KEY - secretKeyRef: - key: google-custom-search-key - name: google-api - - name: LP_API_USERNAME secretKeyRef: key: lp-api-username diff --git a/webapp/config.py b/webapp/config.py index 24dc1ee7c3..32242945ad 100644 --- a/webapp/config.py +++ b/webapp/config.py @@ -37,9 +37,4 @@ class ConfigurationError(Exception): CONTENT_DIRECTORY = {"PUBLISHER_PAGES": "store/content/publishers/"} -# Docs search -SEARCH_API_KEY = os.getenv("SEARCH_API_KEY") -SEARCH_API_URL = "https://www.googleapis.com/customsearch/v1" -SEARCH_CUSTOM_ID = "009048213575199080868:i3zoqdwqk8o" - APP_NAME = "snapcraft" From f577bb5ad953e7397931ecaaf87a2a817886c470 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 13/17] chore: env vars descriptions --- charm/charmcraft.yaml | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/charm/charmcraft.yaml b/charm/charmcraft.yaml index e057f83f22..89f66ddbee 100644 --- a/charm/charmcraft.yaml +++ b/charm/charmcraft.yaml @@ -20,7 +20,7 @@ extensions: config: options: sentry-dsn: - description: "" + description: "Sentry Data Source Name for the project" type: string environment: @@ -29,47 +29,47 @@ config: type: string marketo-client-id: - description: "" + description: "Marketo API client ID" type: string marketo-client-secret: - description: "" + description: "Marketo API client secret" type: string github-client-id: - description: "" + description: "GitHub OAuth application ID for prompting users for access to their repositories" type: string github-client-secret: - description: "" + description: "GitHub OAuth application client secret for prompting users for access to their repositories" type: string github-snapcraft-user-token: - description: "" + description: "GitHub application token for automated builds" type: string github-snapcraft-bot-user-token: - description: "" + description: "GitHub application token for CVE data" type: string github-webhook-secret: - description: "" + description: "Secret salt used for signing automated build webhooks" type: string github-webhook-host-url: - description: "" + description: "URL of the automated build webhooks' host" type: string lp-api-username: - description: "" + description: "Launchpad API username" type: string lp-api-token: - description: "" + description: "Launchpad API token" type: string lp-api-token-secret: - description: "" + description: "Launchpad API secret" type: string youtube-api-key: @@ -88,6 +88,22 @@ config: description: "" type: string + login-url: + description: "Base URL for SSO login redirects" + default: "https://login.ubuntu.com" + type: string + + bsi-url: + description: "" + default: "https://build.snapcraft.io" + type: string + + snapstore-dashboard-api-url: + description: "Base URL for SCA backend" + default: "https://dashboard.snapcraft.io/" + type: string + + # requires: # tracing: # interface: tracing From 45cf1861e57b9162aa9b426700a58bb90b7891ce Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 14/17] fix: lining, duplicate import --- webapp/app.py | 1 - 1 file changed, 1 deletion(-) diff --git a/webapp/app.py b/webapp/app.py index 3345286582..00082e7764 100644 --- a/webapp/app.py +++ b/webapp/app.py @@ -11,7 +11,6 @@ import sentry_sdk from canonicalwebteam.flask_base.app import FlaskBase -import webapp.config from webapp.blog.views import init_blog from webapp.docs.views import init_docs from webapp.extensions import csrf From 5cf5982a1b6c10066c13f32cf4509215107425ac Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 15/17] fix: reduce token permissions in github workflows --- .github/workflows/deploy.yaml | 5 +++++ .github/workflows/pr.yml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 45741fa66b..e6705b9140 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -17,6 +17,8 @@ on: jobs: setup: runs-on: ubuntu-latest + permissions: + contents: read environment: ${{ github.event.inputs.environment != '' && github.event.inputs.environment || (github.ref == 'refs/heads/main' && 'Production' || 'Staging') }} outputs: charm_name: ${{ steps.setup-vars.outputs.charm_name }} @@ -38,6 +40,9 @@ jobs: needs: setup name: Deploy uses: canonical/webteam-devops/.github/workflows/deploy.yaml@main + permissions: + contents: read + deployments: write with: environment: ${{ needs.setup.outputs.environment }} charm_name: ${{ needs.setup.outputs.charm_name }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 2c84bf2fb7..365a2ed07e 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -76,6 +76,8 @@ jobs: pack-rock: runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@v4 From 240e856f2c77807101ec15c151114ec6d9106fee Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 16/17] force deploy --- charm/charmcraft.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charm/charmcraft.yaml b/charm/charmcraft.yaml index 89f66ddbee..cb79d1856c 100644 --- a/charm/charmcraft.yaml +++ b/charm/charmcraft.yaml @@ -103,7 +103,6 @@ config: default: "https://dashboard.snapcraft.io/" type: string - # requires: # tracing: # interface: tracing From 9d045389cdbcc5266e83945a1f6851f135b84197 Mon Sep 17 00:00:00 2001 From: Eduard M <4310497+edisile@users.noreply.github.com> Date: Mon, 13 Oct 2025 17:04:01 +0200 Subject: [PATCH 17/17] fix: workflow permissions --- .github/workflows/deploy.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index e6705b9140..d17e47809f 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -43,6 +43,7 @@ jobs: permissions: contents: read deployments: write + packages: write with: environment: ${{ needs.setup.outputs.environment }} charm_name: ${{ needs.setup.outputs.charm_name }}