Merge remote-tracking branch 'origin/master'

.github/workflows/ci.yml

@@ -6,115 +6,42 @@ on:
   pull_request:
 
 concurrency:
-  group: ci-${{ github.head_ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 env:
-  PYTHONUNBUFFERED: 1
   FORCE_COLOR: 1 # colored output by pytest etc.
-  CLICOLOR_FORCE: 1 # colored output by ruff
 
-permissions:
-  contents: read
+permissions: {} # Set permissions at the job level.
 
 jobs:
 
-  # TODO: disable docs build until decision is made
-
-  # docs:
-  #   runs-on: ubuntu-22.04
-  #   steps:
-  #   - uses: actions/checkout@v4
-  #   - name: Set up Python 3.11
-  #     uses: actions/setup-python@v5
-  #     with:
-  #       python-version: '3.11'
-  #   - name: Cache python dependencies
-  #     uses: actions/cache@v4
-  #     with:
-  #       path: ~/.cache/pip
-  #       key: pip-docs-${{ hashFiles('pyproject.toml') }}
-  #       restore-keys: |
-  #         pip-docs-
-  #   - name: Install python dependencies
-  #     run: |
-  #       python -m pip install .[docs]
-  #       python -m pip show fuji
-  #   - name: Build documentation
-  #     env:
-  #       READTHEDOCS: 'True'
-  #     run: |
-  #       # TODO: add W flag back after fixing warnings
-  #       SPHINXOPTS='-n' make -C docs html
-
   lint:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - uses: actions/checkout@v4
-    - name: Cache python dependencies
-      uses: actions/cache@v4
-      with:
-        path: |
-          ~/.cache/pip
-          ~/.cache/pre-commit
-        key: lint-${{ hashFiles('.pre-commit-config.yaml', 'pyproject.toml') }}
-        restore-keys: |
-          lint-
     - name: Set up Python 3.11
       uses: actions/setup-python@v5
       with:
         python-version: '3.11'
-    - run: |
-        python -m pip install --upgrade pip setuptools wheel
-        python -m pip install hatch
-    - run: hatch run lint
+        cache: pip
+    - uses: pre-commit/[email protected]
+      with:
+        extra_args: --all-files --color=always
 
   tests:
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: write
+    runs-on: ubuntu-24.04
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python 3.11
       uses: actions/setup-python@v5
       with:
         python-version: '3.11'
         cache: pip
-    - name: Install python dependencies
-      run: |
-        python -m pip install --upgrade pip setuptools wheel
-        python -m pip install --upgrade hatch
+    - run: |
+        python -m pip install --upgrade pip
+        python -m pip install hatch
     - name: Run test suite with coverage
-      run: hatch run cov-ci
-    - name: Upload test results
-      if: always()
-      uses: actions/upload-artifact@v4
-      with:
-        name: test-results
-        retention-days: 1
-        path: pytest-junit.xml
-    - name: Upload coverage results
-      if: always()
-      uses: actions/upload-artifact@v4
-      with:
-        name: coverage-results
-        retention-days: 1
-        path: pytest-cobertura.xml
-    - run: rm ./reports/coverage/.gitignore
-    - name: Generate coverage badge
-      if: github.ref == 'refs/heads/master'
-      run: hatch run cov-badge
-    - name: Deploy reports to GitHub Pages
-      if: github.ref == 'refs/heads/master'
-      uses: JamesIves/github-pages-deploy-action@65b5dfd4f5bcd3a7403bbc2959c144256167464e # v4.5.0
-      with:
-        folder: ./reports
-
-  event_file:
-    runs-on: ubuntu-22.04
-    steps:
-    - uses: actions/upload-artifact@v4
-      with:
-        name: event-file
-        retention-days: 1
-        path: ${{ github.event_path }}
+      run: hatch run cov --cov-report=xml
+    - name: Upload coverage data to coveralls.io
+      uses: coverallsapp/github-action@643bc377ffa44ace6394b2b5d0d3950076de9f63 # v2.3.0

.gitignore

@@ -29,7 +29,8 @@ fuji_server/helper/catalogue_helper_google_datasearch_copy.py
 fuji_server/helper/create_google_cache_db_copy.py
 
 # private config
-fuji_server/config/github.cfg
+fuji_server/config/github.ini
+fuji_server/data/github_api_tokens.txt
 
 # Created by https://www.gitignore.io/api/python,linux,macos
 

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.5.0
+  rev: v4.6.0
   hooks:
   - id: end-of-file-fixer
     exclude_types: [svg]
@@ -15,7 +15,7 @@ repos:
   - id: file-contents-sorter
     files: ^fuji_server\/data\/.*.txt$
 - repo: https://github.com/macisamuele/language-formatters-pre-commit-hooks
-  rev: v2.12.0
+  rev: v2.13.0
   hooks:
   - id: pretty-format-ini
     args: [--autofix]
@@ -24,14 +24,14 @@ repos:
   - id: pretty-format-yaml
     args: [--autofix, --indent, '2']
 - repo: https://github.com/Lucas-C/pre-commit-hooks
-  rev: v1.5.4
+  rev: v1.5.5
   hooks:
   - id: insert-license
     types: [python]
     args: [--license-filepath=docs/license_header.txt]
     exclude: docs
 - repo: https://github.com/astral-sh/ruff-pre-commit
-  rev: v0.1.11
+  rev: v0.5.1
   hooks:
   - id: ruff
     args: [--fix, --show-fixes, --exit-non-zero-on-fix]

CONTRIBUTING.md

@@ -9,7 +9,7 @@ You can contribute in many ways:
 
 ### Report Bugs
 
-Report bugs at https://github.com/pangaea-data-publisher/fuji/issues.
+Report bugs at <https://github.com/pangaea-data-publisher/fuji/issues>.
 
 If you are reporting a bug, please include:
 
@@ -33,7 +33,7 @@ articles, and such.
 
 ### Submit Feedback
 
-The best way to send feedback is to file an issue at https://github.com/pangaea-data-publisher/fuji/issues.
+The best way to send feedback is to file an issue at <https://github.com/pangaea-data-publisher/fuji/issues>.
 
 If you are proposing a feature:
 
@@ -46,7 +46,7 @@ If you are proposing a feature:
 
 Ready to contribute?
 
-You need Python 3.8+ and [hatch](https://github.com/pypa/hatch). You can install it globally with [pipx](https://github.com/pypa/pipx):
+You need Python 3.11+ and [hatch](https://github.com/pypa/hatch). You can install it globally with [pipx](https://github.com/pypa/pipx):
 
 ```console
 $ pipx install hatch
@@ -69,7 +69,6 @@ Here's how to set up F-UJI for local development.
     ```console
     $ cd fuji
     $ hatch shell
-    $ pre-commit install
     ```
 4. Create a branch for local development:
     ```console
@@ -84,7 +83,7 @@ Here's how to set up F-UJI for local development.
     $ hatch run test
     ```
 
-6. Commit your changes and push your branch to GitHub::
+6. Commit your changes and push your branch to GitHub:
     ```console
     $ git add .
     $ git commit -m "Your detailed description of your changes."
@@ -100,8 +99,8 @@ Before you submit a pull request, check that it meets these guidelines:
 1. The pull request should include tests.
 2. If the pull request adds functionality, the docs should be updated. Put
    your new functionality into a function with a docstring.
-3. The pull request should work for Python >= 3.8. Check
-   https://github.com/pangaea-data-publisher/fuji/pulls
+3. The pull request should work for Python >= 3.11. Check
+   <https://github.com/pangaea-data-publisher/fuji/pulls>
    and make sure that all the tests pass.
 
 ## Tips

README.md

@@ -4,10 +4,10 @@ Developers: [Robert Huber](mailto:[email protected]), [Anusuriya Devaraju](mailto:
 Thanks to [Heinz-Alexander Fuetterer](https://github.com/afuetterer) for his contributions and his help in cleaning up the code.
 
 [![CI](https://github.com/pangaea-data-publisher/fuji/actions/workflows/ci.yml/badge.svg)](https://github.com/pangaea-data-publisher/fuji/actions/workflows/ci.yml)
-[![Coverage](https://pangaea-data-publisher.github.io/fuji/coverage/coveragebadge.svg)](https://pangaea-data-publisher.github.io/fuji/coverage/)
+[![Coverage](https://coveralls.io/repos/github/pangaea-data-publisher/fuji/badge.svg?branch=master)](https://coveralls.io/github/pangaea-data-publisher/fuji?branch=master)
 
 [![Publish Docker image](https://github.com/pangaea-data-publisher/fuji/actions/workflows/publish-docker.yml/badge.svg)](https://github.com/pangaea-data-publisher/fuji/actions/workflows/publish-docker.yml)
-[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.4063720.svg)](https://doi.org/10.5281/zenodo.4063720)
+[![DOI](https://zenodo.org/badge/DOI/10.5281/zenodo.11084909.svg)](https://doi.org/10.5281/zenodo.11084909)
 
 ## Overview
 
@@ -102,6 +102,28 @@ If you receive the exception `urllib2.URLError: <urlopen error [SSL: CERTIFICATE
 
 F-UJI is using [basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), so username and password have to be provided for each REST call which can be configured in `fuji_server/config/users.py`.
 
+#### GitHub API
+
+F-UJI can optionally use the GitHub API to evaluate software repositories hosted on GitHub.
+Unauthorised requests to the GitHub API are subject to a very low rate limit however, so it's recommended to authenticate using a personal access token.
+
+To create an access token, log into your GitHub account and navigate to <https://github.com/settings/tokens>, either by clicking on the link or through Settings -> Developer Settings -> Personal access tokens -> Tokens (classic). Next, click "Generate new token" and select "Generate new token (classic)" from the drop-down menu.
+
+Write the purpose of the token into the "Note" field (for example, *F-UJI deployment*) and set a suitable expiration date. Leave all the checkboxes underneath *unchecked*.
+
+> Note: When the token expires, you will receive an e-mail asking you to renew it if you still need it. The e-mail will provide a link to do so, and you will only need to change the token in the f-uji configuration as described below to continue using it. Setting no expiration date for a token is thus not recommended.
+
+When you click "Generate new token" at the bottom of the page, the new token will be displayed. Make a note of it now.
+
+To use F-UJI with a single access token, open [`fuji_server/config/github.ini`](./fuji_server/config/github.ini) locally and set `token` to the token you just created. When F-UJI receives an evaluation request that uses the GitHub API, it will run this request authenticated as your account.
+
+If you still run into rate limiting issues, you can use multiple GitHub API tokens.
+These need to be generated by different GitHub accounts, as the rate limit applies to the user, not the token.
+F-UJI will automatically switch to another token if the rate limit is near.
+To do so, create a local file in [`fuji_server/data/`](./fuji_server/data/), called e.g. `github_api_tokens.txt`. Put all API tokens in that file, one token on each line. Then, open [`fuji_server/config/github.ini`](./fuji_server/config/github.ini) locally and set `token_file` to the absolute path to your local API token file.
+
+> Note: If you push a change containing a GitHub API token, GitHub will usually recognise this and invalidate the token immediately. You will need to regenerate the token. Please take care not to publish your API tokens anywhere. Even though they have very limited scope if you leave all the checkboxes unchecked during creation, they can allow someone else to run a request in your name.
+
 ## Development
 
 First, make sure to read the [contribution guidelines](./CONTRIBUTING.md).
@@ -140,6 +162,7 @@ server {
     location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
+        fastcgi_read_timeout 3600s;
      }
 
     location ~ /\.ht {
@@ -210,6 +233,11 @@ The multiple test methods within an evaluator also check whether their specific
 For each metric, the maturity is determined as the maximum of the maturity associated with each passed test.
 This means that if a test indicating maturity 3 is passed and one indicating maturity 2 is not passed, the metric will still be shown to be fulfilled with maturity 3.
 
+### Community specific metrics
+
+Some, not all, metrics can be configured using the following guidelines:
+[Metrics configuration guide](https://github.com/pangaea-data-publisher/fuji/blob/master/metrics_configuration.md)
+
 ### Updates to the API
 
 Making changes to the API requires re-generating parts of the code using Swagger.