Migration updates for CKAN 2.11 and Python 3.10

Author: A-Souhei

.gitmodules

@@ -46,3 +46,13 @@
 [submodule "ckan-extensions/ckanext-validation"]
     path = submodules/ckanext-validation
 	url = git@github.com:fjelltopp/ckanext-validation.git
+[submodule "submodules/ckanext-authz-service"]
+	path = submodules/ckanext-authz-service
+	url = https://github.com/datopian/ckanext-authz-service.git
+[submodule "submodules/ckanext-pages"]
+	path = submodules/ckanext-pages
+	url = https://github.com/ckan/ckanext-pages.git
+[submodule "submodules/ckanext-saml2auth"]
+	path = submodules/ckanext-saml2auth
+	url = https://github.com/fjelltopp/ckanext-saml2auth.git
+	branch = toavina/ckan-2.11-migration

Pipfile

@@ -45,7 +45,6 @@ webassets = "==2.0"
 webencodings = "==0.5.1"
 werkzeug = {version = "==3.0.6", extras = ["watchdog"]}
 "zope.interface" = "==6.4.post2"
-
 # Submodules
 ckanext-auth = {editable = true, path = "./submodules/ckanext-auth"}
 ckanext-authz-service = {editable = true, path = "./submodules/ckanext-authz-service"}
@@ -60,15 +59,14 @@ ckanext-validation = {editable = true, path = "./submodules/ckanext-validation"}
 ckanext-blob-storage = {editable = true, path = "./submodules/ckanext-blob-storage"}
 ckanext-ytp-request = {editable = true, path = "./submodules/ckanext-ytp-request"}
 ckanext-fork = {editable = true, path = "./submodules/ckanext-fork"}
+ckanext-saml2auth = {editable = true, path = "./submodules/ckanext-saml2auth"}
 ckan = {editable = true, path = "./submodules/ckan"}
 # end of submodules
-
 # Additional CKAN extensions (local submodule)
 ckanext-pages = {editable = true, path = "./submodules/ckanext-pages"}
-
 # Additional ADX dependencies
 ckanapi = "==4.3"
-ckanext-saml2auth = "==1.3.0"
+pysaml2 = ">=6.5.1,<7.4"
 "repoze.who" = "==2.3"
 importlib-resources = "*"
 cffi = "==1.14.5"
@@ -90,7 +88,7 @@ jsonschema = "==3.2.0"
 charset-normalizer = "==3.3.2"
 python-dotenv = "==1.0.0"
 python-jose = "==3.3.0"
-setuptools = "==58.1.0"
+setuptools = ">=65.0.0"
 raven = "==6.10.0"
 tableschema = "==1.20.2"
 frictionless = ">=5.0.0,<6.0.0"

Pipfile.lock

@@ -141,6 +141,16 @@ git submodule foreach "git checkout development|| :"
 git submodule foreach "git pull || :"
 ```
 
+## Cleaning build artifacts
+
+If you encounter issues with `pipenv lock` failing due to permission errors on `.egg-info` directories (especially after running containers as root), you can clean these build artifacts:
+
+```shell
+adx clean
+```
+
+This command will remove all `.egg-info` directories from the submodules, using `sudo` if necessary when files are owned by root.
+
 ## Using a fake SMTP server
 
 We're using [rnwood/smtp4dev](https://github.com/rnwood/smtp4dev) to "fake" an SMTP service, it's deployed as part of docker compose - smtp container. It catches all the emails sent to it, accepts any credentials. Emails can be viewed via a web console available at port 5555, so if your local environment uses "adr.local" as a host name you can access at [http://adr.local:5555/](http://adr.local:5555/).

README.md

@@ -140,6 +140,13 @@ actions['test'].add_argument(
     const=""
 )
 
+actions['clean'] = subparsers.add_parser(
+    'clean',
+    description='Clean up build artifacts like egg-info directories from submodules.',
+    help='Clean up build artifacts like egg-info directories from submodules.'
+)
+actions['clean'].set_defaults(func=util.clean_build_artifacts)
+
 parser.add_argument(
     "-log",
     "--log",

adx

@@ -22,8 +22,6 @@ RUN update-locale LANG=${LC_ALL}
 ## Install required system packages
 RUN apt-get -q -y update \
     && apt-get -q -y install \
-        python-wheel-common \
-        python3-distutils \
         libpq-dev \
         libxml2-dev \
         libxslt-dev \
@@ -39,11 +37,10 @@ RUN apt-get -q -y update \
         xmlsec1 \
         jq \
         supervisor \
-        jq \
     && apt-get -q clean \
     && rm -rf /var/lib/apt/lists/*
 RUN pip3 install pipenv
-RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install nodejs npm -y && npm version
+RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - && apt-get install nodejs -y && npm version
 RUN npm install --global yarn
 RUN mkdir -p /var/lib/ckan/resources && chmod 777 -R /var/lib/ckan
 

ckan/Dockerfile

@@ -124,10 +124,10 @@ ckan.redis.url = redis://redis:6379/1
 #   Add ``resource_proxy`` to enable resorce proxying and get around the
 #   same origin policy
 # Note: Plugins to the left take precendence over plugins to the right!!! Opposite to what you might expect.
-ckan.plugins = unaids fork scheming_datasets blob_storage saml2auth emailasusername restricted authz_service stats
-  text_view image_view unaids_recline_view recline_graph_view recline_map_view recline_grid_view
-  resource_proxy geo_view pdf_view datastore datapusher geojson_view
-  validation ytp_request pages dhis2harvester_plugin dhis2_pivot_tables_harvester harvest sentry versions
+ckan.plugins = activity unaids fork scheming_datasets blob_storage saml2auth emailasusername restricted authz_service stats
+  text_view image_view unaids_recline_view
+  resource_proxy datastore datapusher
+  validation ytp_request pages dhis2harvester_plugin dhis2_pivot_tables_harvester harvest versions
   auth
 
 ckanext.blob_storage.storage_service_url=http://adr.local/giftless
@@ -202,7 +202,7 @@ ckan.harvest.mq.port=6379
 ckan.harvest.mq.redis_db=2
 # Define which views should be created by default
 # (plugins must be loaded in ckan.plugins)
-ckan.views.default_views = geojson_view unaids_recline_view pdf_view image_view text_view
+ckan.views.default_views = unaids_recline_view image_view text_view
 
 # Customize which text formats the text_view plugin will show
 ckan.preview.json_formats = json
@@ -273,6 +273,7 @@ ckan.max_resource_size = 256
 
 ckan.datapusher.formats = csv xls xlsx tsv application/csv application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet geojson
 ckan.datapusher.url = http://datapusher:8800/
+ckan.datapusher.api_token = dev-datapusher-token-change-in-production
 ckan.datapusher.assume_task_stale_after = 3600
 
 # Resource Proxy settings

ckan/adx_config.ini

@@ -75,4 +75,14 @@ chmod -R 777 /usr/lib/adx/submodules/ckanext-unaids/ckanext/unaids/assets/build
 set_environment
 echo "CKAN bootstrapping finished, environment ready"
 
+# Initialize CKAN database and run plugin migrations
+echo "Initializing CKAN database..."
+ckan --config="$CONFIG" db init || echo "CKAN database already initialized"
+
+echo "Running database migrations for plugins..."
+ckan --config="$CONFIG" db upgrade -p pages || echo "Warning: ckanext-pages migration failed or already applied"
+ckan --config="$CONFIG" versions initdb || echo "Warning: ckanext-versions initdb failed or already applied"
+ckan --config="$CONFIG" validation init-db || echo "Warning: ckanext-validation init-db failed or already applied"
+ckan --config="$CONFIG" unaids initdb || echo "Warning: ckanext-unaids initdb failed or already applied"
+
 exec "$@"

ckan/ckan-entrypoint-adx.sh

@@ -1,4 +1,4 @@
-FROM postgres:12-bullseye
+FROM postgres:16
 MAINTAINER Fjelltopp
 
 RUN apt-get update \

db/Dockerfile

@@ -11,10 +11,17 @@ services:
   ckan:
     container_name: ckan
     image: ghcr.io/fjelltopp/adx_develop/ckan_base:${CKAN_IMAGE_TAG}
+    build:
+      context: ./ckan
+      dockerfile: Dockerfile
     deploy:
       resources:
         limits:
           memory: 6G
+    depends_on:
+      - db
+      - solr
+      - redis
     links:
       - db
       - solr
@@ -56,6 +63,9 @@ services:
   supervisor:
     container_name: supervisor
     image: ghcr.io/fjelltopp/adx_develop/ckan_base:${CKAN_IMAGE_TAG}
+    build:
+      context: ./ckan
+      dockerfile: Dockerfile
     depends_on:
       - ckan
     environment: