chore(deps): update zricethezav/gitleaks docker tag to v8.18.4 (#27)

Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>

.drone.yml

@@ -1,70 +0,0 @@
----
-kind: pipeline
-type: docker
-name: default
-steps:
-
-
-  - name: docker_build_and_push_selfhosted
-    image: plugins/docker
-    settings:
-      dockerfile: Dockerfile
-      repo: registry.mgrote.net/python-api-server
-      registry: registry.mgrote.net
-      tags:
-        - ${DRONE_COMMIT_SHA:0:8}
-        - ${DRONE_COMMIT_BRANCH}
-        - latest
-    when:
-      event:
-        exclude:
-          - pull_request
-          - tag
-
-
-  - name: docker_build_and_push_dockerhub
-    image: plugins/docker
-    settings:
-      username:
-        from_secret: DOCKERHUB_USER
-      password:
-        from_secret: DOCKERHUB_PASS
-      dockerfile: Dockerfile
-      repo: quotengrote/python-api-server
-      tags:
-        - ${DRONE_COMMIT_SHA:0:8}
-        - ${DRONE_COMMIT_BRANCH}
-        - latest
-    when:
-      event:
-        exclude:
-          - pull_request
-          - tag
-
-
-  - name: docker_build_and_push_selfhosted_tag
-    image: plugins/docker
-    settings:
-      dockerfile: Dockerfile
-      repo: registry.mgrote.net/python-api-server
-      registry: registry.mgrote.net
-      tags:
-        - $DRONE_TAG
-    when:
-      event:
-        - tag
-
-  - name: docker_build_and_push_dockerhub_tag
-    image: plugins/docker
-    settings:
-      username:
-        from_secret: DOCKERHUB_USER
-      password:
-        from_secret: DOCKERHUB_PASS
-      dockerfile: Dockerfile
-      repo: quotengrote/python-api-server
-      tags:
-        - $DRONE_TAG
-    when:
-      event:
-        - tag

.woodpecker/build.yml

@@ -0,0 +1,61 @@
+---
+depends_on:
+  - lint
+
+clone:
+  git:
+    image: "woodpeckerci/plugin-git:2.5.0"
+    settings:
+      depth: 9999 # wird benötigt um die Commits zählen zu können
+      lfs: false
+      partial: false
+
+steps:
+  set_variables:
+    image: "registry.mgrote.net/allzweckcontainer:latest"
+    commands:
+      # set version
+      - |
+        MAJOR="1"
+        MINOR="1"
+        PATCH="$(git rev-list --count "$CI_COMMIT_BRANCH")"
+        VERSION="v$MAJOR.$MINOR.$PATCH"
+        if [ "$CI_COMMIT_BRANCH" != "main" ] && [ "$CI_COMMIT_BRANCH" != "master" ]; then
+            VERSION=$VERSION-dev
+        fi
+        echo "VERSION=$VERSION" >> .variables
+      # set date
+      - |
+        DATE=$(date --iso-8601=seconds)
+        echo "DATE=$DATE" >> .variables
+    when:
+      - event: [push, pull_request, cron]
+        evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
+
+  build_and_push: # damit dieser Step laufen kann muss das Repo in der Woodpecker-GUI "privilegiert" sein
+    image: "docker:26.1.4"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    commands:
+      - cat .variables
+      - source .variables
+      # https://unix.stackexchange.com/questions/748633/error-multiple-platforms-feature-is-currently-not-supported-for-docker-driver
+      - docker buildx create --use --platform=linux/amd64 --name multi-platform-builder
+      - docker buildx inspect --bootstrap
+      - |
+        docker buildx build \
+        --platform=linux/amd64 \
+        --push \
+        --tag registry.mgrote.net/${CI_REPO_NAME}:${CI_COMMIT_SHA:0:8} \
+        --tag registry.mgrote.net/${CI_REPO_NAME}:${CI_COMMIT_BRANCH} \
+        --tag registry.mgrote.net/${CI_REPO_NAME}:latest \
+        --tag registry.mgrote.net/${CI_REPO_NAME}:$VERSION \
+        --label org.opencontainers.image.url=$CI_REPO_URL \
+        --label org.opencontainers.image.source=$CI_REPO_URL \
+        --label org.opencontainers.image.revision=$CI_COMMIT_SHA \
+        --label org.opencontainers.image.created=$DATE \
+        --file Dockerfile .
+    when:
+      - event: [push, pull_request, cron]
+        evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
+...

.woodpecker/lint.yml

@@ -0,0 +1,41 @@
+---
+steps:
+  gitleaks:
+    image: zricethezav/gitleaks:v8.18.4
+    commands:
+      - gitleaks detect --no-git --verbose --source $CI_WORKSPACE
+    when:
+      - event: [push, pull_request, cron]
+        evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
+
+  hadolint:
+    image: pipelinecomponents/hadolint:0.26.3
+    commands:
+      - hadolint Dockerfile
+    when:
+      - event: [push, pull_request, cron]
+        evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
+
+  pylint:
+    image: "registry.mgrote.net/pylint:master"
+    commands:
+      - pip3 install --no-cache-dir --break-system-packages -r requirements.txt
+      - pylint app.py
+    when:
+      - event: [push, pull_request, cron]
+        evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
+
+  shellcheck:
+    image: koalaman/shellcheck-alpine:v0.10.0
+    commands:
+      - |
+        find . -type f -not -path './.git/*' -not -path './collections/*' -exec file {} \; | while IFS= read -r line; do
+          if echo "$line" | grep -q "shell script"; then
+            file_path=$(echo "$line" | awk -F':' '{print $1}')
+            shellcheck "$file_path"
+          fi
+        done
+    when:
+      - event: [push, pull_request, cron]
+        evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
+...

Dockerfile

@@ -1,22 +1,18 @@
-FROM ubuntu:focal
+FROM alpine:3.20.0
 
-# deaktiviert Nachfragen beim installieren von Paketen
-ENV DEBIAN_FRONTEND=noninteractive
-
-# hadolint ignore=DL3008,DL3028,DL4006
-RUN apt-get update && \
-   	apt-get -y --no-install-recommends install \
-		python3-pip curl && \
-		apt-get clean && \
-	  rm -rf /var/lib/apt/lists/* /var/tmp/* /tmp/*
+# hadolint ignore=DL3018
+RUN apk add --no-cache \
+		py3-pip \
+    curl
 
 WORKDIR /app
 
+COPY templates/file_list.html ./templates/
 COPY requirements.txt .
 COPY app.py .
 COPY gunicorn_config.py .
 
-RUN pip install --no-cache-dir -r requirements.txt
+RUN pip install --no-cache-dir --break-system-packages -r requirements.txt
 
 EXPOSE 5000
 

README.md

@@ -1,7 +1,8 @@
 # python-api-server
 
-a small flask-application for storing and downloading stuff like small binaries
+[![status-badge](https://ci.mgrote.net/api/badges/5/status.svg)](https://ci.mgrote.net/repos/5)
 
+a small flask-application for storing and downloading stuff like small binaries
 
 ## Variables
 
@@ -11,94 +12,34 @@ a small flask-application for storing and downloading stuff like small binaries
 
 ## Example Docker-Compose
 
-see [docker-compose.yml](./docker-compose.yml)
+```yaml
+version: '3'
+services:
+  python-api-server:
+    container_name: httpd-api
+    image: quotengrote/python-api-server:v2
+    ports:
+      - "5040:5000"
+    volumes:
+      - uploads:/uploads
+    environment:
+      # FLASK_DEBUG: 1 # for debugging
+      # FLASK_APP: app # for debugging
+      MAX_CONTENT_LENGTH: 10
+      UPLOAD_DIRECTORY: /uploads
+      AUTH_TOKEN: myuploadtoken
+      ENABLE_WEBSERVER: true # if enabled a list of files can be viewed in a webbrowser (see screenshot)
+
+volumes:
+  uploads:
+
+```
+
+### ENABLE_WEBSERVER Screenshot
+
+
+![](./assets/screenshot_webui.png)
 
 ## API-Endpoints
 
-### /list
-
-#### input
-
-```bash
-curl -H "token: myuploadtoken" http://docker10.host.lan:5040/list | jq
-```
-
-#### output
-
-```bash
-{
-  "files": [
-    {
-      "last_modified": "2023-04-13 11:43:51",
-      "name": "file1",
-      "size": 1034
-    },
-    {
-      "last_modified": "2023-04-13 11:53:59",
-      "name": "file2",
-      "size": 5
-    },
-    {
-      "last_modified": "2023-04-13 12:41:18",
-      "name": "file3",
-      "size": 3478
-    }
-  ]
-}
-```
-
-### /upload
-
-If a existing file has the same name as the newly uploaded file, it will be overwritten.
-
-#### input
-
-```bash
-curl -X POST -H "token: myuploadtoken" -F "file=@tests/file" http://docker10.host.lan:5040/upload | jq
-```
-
-#### output
-
-```bash
-{
-  "success": "File 'file' successfully uploaded"
-}
-```
-
-### /download
-
-#### input
-
-```bash
-wget http://docker10.host.lan:5040/download/file
-```
-
-### /delete
-
-#### input
-
-```bash
-curl -X DELETE -H "token: myuploadtoken" http://docker10.host.lan:5040/delete/file | jq
-```
-
-#### output
-
-```bash
-{
-  "success": "File 'file' successfully deleted"
-}
-```
-
-### /health
-
-#### input
-
-```bash
-curl http://docker10.host.lan:5040/health
-```
-
-#### output
-
-```bash
-OK
-```
+- see [Flasgger](https://github.com/flasgger/flasgger): ``http://<host>:5040/apidocs/``

app.py

@@ -1,26 +1,82 @@
+ # pylint: disable=C0114
 import os
 import re
-import uuid
-from flask import Flask, request, jsonify, send_from_directory
 import datetime
+from flask import Flask, request, jsonify, send_from_directory, render_template
+from flasgger import Swagger
 
-app = Flask(__name__)
+app = Flask(__name__, template_folder='templates')
+swagger = Swagger(app)
 app.config['UPLOAD_DIRECTORY'] = os.environ.get('UPLOAD_DIRECTORY', '/uploads')
-app.config['MAX_CONTENT_LENGTH'] = int(os.environ.get('MAX_CONTENT_LENGTH', '5')) * 1024 * 1024  # in MB
+app.config['MAX_CONTENT_LENGTH'] = int(os.environ.get('MAX_CONTENT_LENGTH', '5')) * 1024 * 1024  # in MB # pylint: disable=C0301
+app.config['ENABLE_WEBSERVER'] = os.getenv('ENABLE_WEBSERVER', 'True').lower() == 'true'
+
 
 VALID_FILENAME_REGEX = r'^[a-zA-Z0-9\-_\.]+$'
 
 AUTH_TOKEN = os.environ.get('AUTH_TOKEN', 'myuploadtoken')
 
-def is_valid_filename(filename):
+def is_valid_filename(filename): # pylint: disable=C0116
     return bool(re.match(VALID_FILENAME_REGEX, filename))
 
+if app.config['ENABLE_WEBSERVER']:
+    @app.route('/', methods=['GET'])
+    def file_list():
+        """
+        Endpoint for displaying a list of files in the upload directory.
+        """
+        files = []
+        for filename in os.listdir(app.config['UPLOAD_DIRECTORY']):
+            file_path = os.path.join(app.config['UPLOAD_DIRECTORY'], filename)
+            if os.path.isfile(file_path):
+                stats = os.stat(file_path)
+                size = stats.st_size
+                last_modified = datetime.datetime.fromtimestamp(stats.st_mtime).strftime('%Y-%m-%d %H:%M:%S') # pylint: disable=C0301
+                files.append({
+                    'name': filename,
+                    'size': size,
+                    'last_modified': last_modified
+                })
+
+        return render_template('file_list.html', files=files)
+
 @app.route('/health', methods=['GET'])
 def health_check():
+    """
+    Endpoint for health check.
+    ---
+    responses:
+        200:
+            description: OK
+    """
     return 'OK'
 
 @app.route('/upload', methods=['POST'])
 def upload_file():
+    """
+    Endpoint for uploading files.
+    Filename can only contain alphanumeric characters, hyphens, underscores, and periods.
+    If the filename is the same as an existing file, this file will be overwritten.
+    ---
+    parameters:
+        - name: file
+          in: formData
+          type: file
+          required: true
+          description: The file to upload.
+        - name: token
+          in: header
+          type: string
+          required: true
+          description: Authentication token.
+    responses:
+        200:
+            description: File uploaded successfully.
+        400:
+            description: Bad request.
+        401:
+            description: Unauthorized.
+    """
     if 'file' not in request.files:
         return jsonify({'error': 'No file part in the request'}), 400
 
@@ -35,14 +91,29 @@ def upload_file():
         return jsonify({'error': 'No file selected for upload'}), 400
 
     if not is_valid_filename(file.filename):
-        return jsonify({'error': 'Invalid filename. Only alphanumeric characters, hyphens, underscores, and periods are allowed.'}), 400
+        return jsonify({'error': 'Invalid filename. Only alphanumeric characters, hyphens, underscores, and periods are allowed.'}), 400 # pylint: disable=C0301
 
     filename = file.filename
     file.save(os.path.join(app.config['UPLOAD_DIRECTORY'], filename))
-    return jsonify({'success': 'File \'{}\' successfully uploaded'.format(filename)})
+    return jsonify({'success': 'File \'{}\' successfully uploaded'.format(filename)}) # pylint: disable=C0209
 
 @app.route('/download/<filename>', methods=['GET'])
 def download_file(filename):
+    """
+    Endpoint for downloading files.
+    ---
+    parameters:
+        - name: filename
+          in: path
+          type: string
+          required: true
+          description: The name of the file to download.
+    responses:
+        200:
+            description: File downloaded successfully.
+        404:
+            description: File not found.
+    """
     try:
         return send_from_directory(app.config['UPLOAD_DIRECTORY'], filename)
     except FileNotFoundError:
@@ -50,6 +121,28 @@ def download_file(filename):
 
 @app.route('/delete/<filename>', methods=['DELETE'])
 def delete_file(filename):
+    """
+    Endpoint for deleting files.
+    ---
+    parameters:
+        - name: filename
+          in: path
+          type: string
+          required: true
+          description: The name of the file to delete.
+        - name: token
+          in: header
+          type: string
+          required: true
+          description: Authentication token.
+    responses:
+        200:
+            description: File deleted successfully.
+        401:
+            description: Unauthorized.
+        404:
+            description: File not found.
+    """
     if 'token' not in request.headers:
         return jsonify({'error': 'No token supplied'}), 401
 
@@ -61,10 +154,28 @@ def delete_file(filename):
         return jsonify({'error': 'File not found'}), 404
 
     os.remove(file_path)
-    return jsonify({'success': 'File \'{}\' successfully deleted'.format(filename)})
+    return jsonify({'success': 'File \'{}\' successfully deleted'.format(filename)}) # pylint: disable=C0209
+
 
 @app.route('/list', methods=['GET'])
 def list_files():
+    """
+    Endpoint for listing  files.
+    ---
+    parameters:
+        - name: token
+          in: header
+          type: string
+          required: true
+          description: Authentication token.
+    responses:
+        200:
+            description: Listed files successfully.
+        400:
+            description: Bad request.
+        401:
+            description: Unauthorized.
+    """
     if 'token' not in request.headers:
         return jsonify({'error': 'No token supplied'}), 401
 
@@ -77,7 +188,7 @@ def list_files():
         if os.path.isfile(file_path):
             stats = os.stat(file_path)
             size = stats.st_size
-            last_modified = datetime.datetime.fromtimestamp(stats.st_mtime).strftime('%Y-%m-%d %H:%M:%S')
+            last_modified = datetime.datetime.fromtimestamp(stats.st_mtime).strftime('%Y-%m-%d %H:%M:%S') # pylint: disable=C0301
             files.append({
                 'name': filename,
                 'size': size,

docker-compose.yml

@@ -1,18 +0,0 @@
-version: '3'
-services:
-  python-api-server:
-    container_name: httpd-api
-    image: quotengrote/python-api-server:latest
-    ports:
-      - "5040:5000"
-    volumes:
-      - uploads:/uploads
-    environment:
-      # FLASK_DEBUG: 1 # for debugging
-      # FLASK_APP: app # for debugging
-      MAX_CONTENT_LENGTH: 10
-      UPLOAD_DIRECTORY: /uploads
-      AUTH_TOKEN: myuploadtoken
-
-volumes:
-  uploads:

renovate.json

@@ -0,0 +1,13 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    ":dependencyDashboard",
+    ":semanticPrefixFixDepsChoreOthers",
+    ":ignoreModulesAndTests",
+    "group:monorepos",
+    "group:recommended",
+    "replacements:all",
+    "workarounds:all",
+    "mergeConfidence:all-badges"
+  ]
+}

requirements.txt

@@ -1,4 +1,5 @@
-Flask==2.0.1
-Flask-Cors==3.0.10
-gunicorn
-requests
+Flask==3.0.3
+Flask-Cors==4.0.1
+gunicorn==22.0.0
+requests==2.32.3
+flasgger==0.9.7.1

templates/file_list.html

@@ -0,0 +1,48 @@
+<!doctype html>
+<html>
+<head>
+    <title>File List</title>
+    <style>
+        table {
+            border-collapse: collapse;
+            width: 100%;
+        }
+
+        th, td {
+            text-align: left;
+            padding: 8px;
+            border-bottom: 1px solid #ddd;
+        }
+
+        tr:hover {
+            background-color: #f5f5f5;
+        }
+
+        th {
+            background-color: #4CAF50;
+            color: white;
+        }
+    </style>
+</head>
+<body>
+    <h1>File List</h1>
+    <table>
+        <thead>
+            <tr>
+                <th>Name</th>
+                <th>Size (KB)</th>
+                <th>Last Modified</th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for file in files %}
+            <tr>
+                <td><a href="{{ url_for('download_file', filename=file.name) }}">{{ file.name }}</a>
+                <td>{{ '%.2f' % (file.size / 1024) }} KB</td>
+                <td>{{ file.last_modified }}</td>
+            </tr>
+            {% endfor %}
+        </tbody>
+    </table>
+</body>
+</html>

tests.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+# shellcheck disable=all
 
 # führe Script nach Fehlern weiter aus
 set +e
@@ -7,7 +8,7 @@ RED="\e[31m"
 GREEN="\e[32m"
 ENDCOLOR="\e[0m"
 export TOKEN=myuploadtoken
-export URL="http://docker10.grote.lan:5040"
+export URL="http://docker10.mgrote.net:5040"
 
 mkdir -p tests