Merge pull request #8 from usegalaxy-au/dev

Lab engine updates
usegalaxy-au · Nov 7, 2024 · 02c25c0 · 02c25c0
2 parents d71ecf3 + cd8d3a7
commit 02c25c0
Show file tree

Hide file tree

Showing 9 changed files with 60 additions and 25 deletions.
diff --git a/.github/workflows/django-tests.yml b/.github/workflows/django-tests.yml
@@ -29,14 +29,28 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
+
+    - name: Check if event is a push to PR branch
+      id: check_event
+      run: |
+        if [ "${{ github.event_name }}" == "push" ] && [ "${{ github.head_ref }}" != "" ]; then
+          echo "Skipping duplicate workflow run for push to PR branch."
+          exit 78  # Exit with neutral status to mark as skipped
+        fi
+
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v3
       with:
         python-version: ${{ matrix.python-version }}
+      if: success()
+
     - name: Install Dependencies
+      if: success()
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements.txt
+
     - name: Run Tests
+      if: success()
       run: |
         cd app && python manage.py test
diff --git a/ansible/roles/galaxy_labs_engine/defaults/main.yml b/ansible/roles/galaxy_labs_engine/defaults/main.yml
@@ -4,6 +4,10 @@ labs_engine_repo: https://github.com/usegalaxy-au/galaxy-labs-engine.git
 labs_engine_branch: main
 labs_engine_docker_image: neoformit/galaxy-labs-engine:latest
 
+# Rate limit requests by IP address to stop bot attacks
+# 10 r/min allows a user to reload a labs page every 6 seconds
+nginx_limit_requests_per_minute: 10
+
 project_root: /home/ubuntu/labs-engine
 config_root: /home/ubuntu/config
 django_root: "{{ project_root }}/app"

diff --git a/ansible/roles/galaxy_labs_engine/tasks/certbot.yml b/ansible/roles/galaxy_labs_engine/tasks/certbot.yml
@@ -48,6 +48,14 @@
       register: certbot_certificates
       tags: certbot
 
+    - name: setup certbot renew cron job
+      cron:
+        name: "certbot-renew"
+        minute: "0"
+        hour: "0"
+        job: "docker compose --profile certbot run --rm certbot renew"
+      tags: certbot
+
   always:
     - name: run docker compose down
       shell: >

diff --git a/ansible/roles/galaxy_labs_engine/tasks/main.yml b/ansible/roles/galaxy_labs_engine/tasks/main.yml
@@ -38,7 +38,7 @@
 
 - name: obtain initial SSL certificate with certbot
   include_tasks: certbot.yml
-  when: certbot_certificates.stat.exists == false
+  when: certbot_ssl and certbot_certificates.stat.exists is false
   tags: certbot
 
 - name: template webserver configuration
@@ -130,13 +130,15 @@
     - init
     - django
 
-- name: setup certbot renew cron job
-  cron:
-    name: "certbot-renew"
-    minute: "0"
-    hour: "0"
-    job: "docker compose --profile certbot run --rm certbot renew"
-  tags: certbot
+- name: Django clear cache
+  shell: >
+    docker compose --profile prod run --rm
+    labs-engine
+    python manage.py shell -c
+    "from django.core.cache import cache; cache.clear()"
+  args:
+    chdir: "{{ config_root }}"
+  tags: clear_cache
 
 - name: enable labs_engine socket
   ansible.builtin.systemd:

diff --git a/ansible/roles/galaxy_labs_engine/templates/nginx.conf.j2 b/ansible/roles/galaxy_labs_engine/templates/nginx.conf.j2
@@ -1,9 +1,17 @@
 {% if certbot_certificates.stat.exists %}# Server config for {{ inventory_hostname }} in docker
 
+
+{% if nginx_limit_requests_per_minute %}
+# Define a zone to store client IP rate data, 1MB can store data for about 16,000 IPs
+limit_req_zone $binary_remote_addr zone=one:10m rate={{ nginx_limit_requests_per_minute }}r/m;
+{% endif %}
+
+
 upstream {{ docker_container_name }} {
     server {{ docker_container_name }}:8000;
 }
 
+
 server {
     # redirect www to non-www
     server_name www.{{ inventory_hostname }};
@@ -51,6 +59,9 @@ server {
         proxy_hide_header     X-Frame-Options;
         proxy_read_timeout    600;  # seconds
         client_max_body_size  1000m;
+        {% if nginx_limit_requests_per_minute %}
+        limit_req zone=one burst=5 nodelay;
+        {% endif %}
     }
 
     listen 443 ssl;
@@ -64,7 +75,6 @@ server {
 # Server config for certbot
 
 server {
-
     listen 80;
     server_name {{ inventory_hostname }};
 
@@ -78,5 +88,4 @@ server {
             return 301 https://$host$request_uri;
         }
     }
-
 }
diff --git a/app/app/settings/dev.py b/app/app/settings/dev.py
@@ -5,16 +5,11 @@
 
 # flake8: noqa
 
-import os
-
 from .base import *
-from .log import config
 
 
 DEBUG = True
 
-LOGGING = config.configure_logging(LOG_ROOT)
-
 INTERNAL_IPS = [
     "127.0.0.1",
 ]
diff --git a/app/app/settings/log/config.py b/app/app/settings/log/config.py
@@ -1,6 +1,7 @@
 """Logging configuration."""
 
 import re
+import os
 from django.template.base import VariableDoesNotExist
 
 
@@ -15,6 +16,12 @@
 ]
 
 
+log_levels = {
+    'console': os.getenv('LOG_LEVEL_CONSOLE', 'INFO'),
+    'cache': os.getenv('LOG_LEVEL_CACHE', 'INFO'),
+}
+
+
 def filter_exc_by_type(record):
     """Exclude blacklisted exception types."""
     if record.exc_info:
@@ -33,7 +40,7 @@ def filter_exc_by_pattern(record):
     return True
 
 
-def configure_logging(log_root, levels):
+def configure_logging(log_root):
     """Return logging configuration."""
     return {
         'version': 1,
@@ -76,7 +83,7 @@ def configure_logging(log_root, levels):
             },
             'cache_file': {
                 'delay': True,
-                'level': levels.get('cache', 'INFO'),
+                'level': log_levels.get('cache', 'INFO'),
                 'class': 'logging.handlers.RotatingFileHandler',
                 'maxBytes': 1000000,  # 1MB ~ 20k rows
                 'backupCount': 1,
@@ -110,7 +117,7 @@ def configure_logging(log_root, levels):
             },
             'console': {
                 'class': 'logging.StreamHandler',
-                'level': levels.get('console', 'INFO'),
+                'level': log_levels.get('console', 'INFO'),
                 'formatter': 'verbose',
             },
         },

diff --git a/app/app/settings/prod.py b/app/app/settings/prod.py
@@ -17,12 +17,7 @@
 
 DEBUG = False
 
-log_levels = {
-    'console': os.getenv('LOG_LEVEL_CONSOLE', 'INFO'),
-    'cache': os.getenv('LOG_LEVEL_CACHE', 'INFO'),
-}
-
-LOGGING = config.configure_logging(LOG_ROOT, log_levels)
+LOGGING = config.configure_logging(LOG_ROOT)
 
 ADMIN_NAME = os.getenv('ADMIN_NAME', 'Admin')
 ADMIN_EMAIL = os.getenv('ADMIN_EMAIL',

diff --git a/app/labs/templates/labs/components/accordion.html b/app/labs/templates/labs/components/accordion.html
@@ -39,6 +39,7 @@ <h2 class="accordion-header" id="{{ section.id }}-{{ tab_id }}-{{ forloop.counte
                 title="{{ item.button_tip|default:'Run tool' }}"
                 data-bs-toggle="tooltip"
                 data-bs-placement="left"
+                target="_blank"
               >
                 {% if item.button_icon %}
                 <span class="material-icons">{{ item.button_icon|iconkey }}</span>
@@ -54,7 +55,7 @@ <h2 class="accordion-header" id="{{ section.id }}-{{ tab_id }}-{{ forloop.counte
               <a
                 href="{{ item.view_link }}"
                 class="btn btn-galaxy"
-                {% if item.view_link|first != '/' %}target="_blank"{% endif %}
+                target="_blank"
                 {% if item.view_tip %}
                 title="{{ item.view_tip }}"
                 data-bs-toggle="tooltip"