fix non-reproducible builds re dependencies

.github/workflows/main.yml

@@ -0,0 +1,91 @@
+name: Build
+
+on:
+  pull_request:
+  push:
+    branches: [master]
+    tags:
+      - "*"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+   build_docker:
+    name: build docker
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to ghcr
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+        id: extract_branch
+
+      - name: Docker fe-meta
+        id: fe-meta
+        uses: docker/metadata-action@v4
+        env:
+          DOCKER_METADATA_PR_HEAD_SHA: true
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          tags: |
+            type=raw,value=${{ steps.extract_branch.outputs.branch }},enable=${{ github.ref != 'refs/heads/master' && steps.extract_branch.outputs.branch != '' }},prefix=fe-
+            type=semver,pattern={{raw}},prefix=fe-
+            type=raw,value=fe-latest,enable=${{ github.ref == 'refs/heads/master' }}
+
+      - name: Build and push fe
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: frontend/Dockerfile
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.fe-meta.outputs.tags }}
+          platforms: linux/amd64
+
+      - name: Docker be-meta
+        id: be-meta
+        uses: docker/metadata-action@v4
+        env:
+          DOCKER_METADATA_PR_HEAD_SHA: true
+        with:
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          tags: |
+            type=raw,value=${{ steps.extract_branch.outputs.branch }},enable=${{ github.ref != 'refs/heads/master' && steps.extract_branch.outputs.branch != '' }},prefix=be-
+            type=semver,pattern={{raw}},prefix=be-
+            type=raw,value=be-latest,enable=${{ github.ref == 'refs/heads/master' }}
+
+      - name: Build and push be
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: backends/Dockerfile
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.be-meta.outputs.tags }}
+          platforms: linux/amd64

README.md

@@ -1,3 +1,21 @@
+> This project is unmaintained.
+>
+> It should not be run exposed to the Internet or placed behind a secure
+> reverse proxy with authentication in front.
+>
+> All versions are pinned so that the `Dockerfile` should build. For a
+> working example please see `docker-compose.yml`.
+>
+> Graphs cannot be imported via the user interface.
+> However the database can be backed up
+> (`docker compose exec ore-db pg_dump -U ore -d ore > backup.sql`)
+> and restored
+> (`docker-compose exec -T ore-db psql -U ore -d ore < backup.sql`).
+> For this, make sure to remember your username.
+> If the database is already used, it can be dropped by running
+> `docker-compose exec ore-db dropdb -U ore ore` and recreated empty by
+> running `docker-compose exec ore-db createdb -U ore ore`.
+
 [![Build Status](https://travis-ci.org/troeger/fuzzed.svg?branch=master)](https://travis-ci.org/troeger/fuzzed)
 [![Security Status](https://pyup.io/repos/github/troeger/fuzzed/shield.svg)]( https://pyup.io/repos/github/troeger/fuzzed/)
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/troeger/fuzzed/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/troeger/fuzzed/?branch=master)

backends/Dockerfile

@@ -0,0 +1,23 @@
+# Dockerfile for ORE backend
+
+FROM ubuntu:xenial
+
+RUN apt-get update \
+    && apt-get install -y texlive \
+    && rm -rf /var/lib/apt/lists/* 
+
+    RUN apt-get update \
+    && apt-get install -y libpq-dev python python-pip libboost-dev libboost-graph-dev libboost-date-time-dev libboost-system-dev libboost-filesystem-dev libboost-program-options-dev cmake gcc libxerces-c-dev xsdcxx \
+    && rm -rf /var/lib/apt/lists/* 
+
+RUN pip install requests==2.23.0 certifi==2020.6.20
+
+WORKDIR /ore-back/
+COPY backends/ /ore-back/
+COPY common/ /ore-common/
+
+RUN cmake .
+RUN make -j
+
+EXPOSE 8000
+CMD ["python", "daemon.py"]

docker-compose.dev.yml

@@ -0,0 +1,53 @@
+version: '3'
+
+services:
+  ore-db-dev:
+    image: postgres:9
+    container_name: ore-db-dev
+    environment:
+      POSTGRES_PASSWORD: ore
+      POSTGRES_USER: ore
+      POSTGRES_DB: ore
+    volumes:
+      - postgres-volume-dev:/var/lib/postgresql/data
+
+  ore-front-dev:
+    image: ghcr.io/osmhpi/fuzzed:fe-latest
+    container_name: ore-front-dev
+    command:  sh -c '/ore-front/manage.py migrate && ./manage.py runserver 0.0.0.0:8000'
+    build:
+      context: .
+      dockerfile: ./frontend/Dockerfile
+    environment:
+      ORE_BACKEND_DAEMON: http://ore-back-dev:8000
+      ORE_SERVER_URL: http://ore-front-dev:8000
+      ORE_SERVER: ore-front-dev
+      ORE_DB_NAME: ore
+      ORE_DB_USER: ore
+      ORE_DB_PASSWORD: ore
+      ORE_DB_HOST: ore-db-dev
+      DJANGO_CONFIGURATION: Dev
+      ORE_SECRET_KEY: 1234
+      ORE_DEV_LOGIN: 1
+    ports:
+      - 8000:8000
+    depends_on:
+      - ore-db-dev
+      - ore-back-dev
+    volumes:
+      - ./frontend:/ore-front
+      - ./common:/ore-common
+
+  ore-back-dev: # to build docker compose exec ore-back-dev cmake . && make
+    image: ghcr.io/osmhpi/fuzzed:be-latest
+    container_name: ore-back-dev
+    build:
+      context: .
+      dockerfile: ./backends/Dockerfile
+    volumes:
+      - ./backends:/ore-back
+      - ./common:/ore-common
+      - /ore-back/lib
+
+volumes:
+  postgres-volume-dev:

docker-compose.yml

@@ -1,48 +1,47 @@
 version: '3'
 
 services:
-  ore-db-dev:
+  ore-db:
     image: postgres:9
-    container_name: ore-db-dev
+    container_name: ore-db
     environment:
       POSTGRES_PASSWORD: ore
       POSTGRES_USER: ore
       POSTGRES_DB: ore
+    restart: always
     volumes:
-      - postgres-volume:/var/lib/postgresql/data  
-  ore-front-dev:
-    image: ore-front-dev
-    container_name: ore-front-dev
-    build: 
+      - postgres-volume:/var/lib/postgresql/data
+
+  ore-front:
+    image: ghcr.io/osmhpi/fuzzed:fe-latest
+    container_name: ore-front
+    build:
       context: .
-      dockerfile: ./frontend/docker/Dockerfile.development
+      dockerfile: ./frontend/Dockerfile
+    restart: always
     environment:
-      ORE_BACKEND_DAEMON: http://ore-back-dev:8000
-      ORE_SERVER_URL: http://ore-front-dev:8000
-      ORE_SERVER: ore-front-dev
-      ORE_DB_NAME: ore 
-      ORE_DB_USER: ore 
-      ORE_DB_PASSWORD: ore 
-      ORE_DB_HOST: ore-db-dev
-    tty: true
+      ORE_BACKEND_DAEMON: http://ore-back:8000
+      ORE_SERVER_URL: http://ore-front:8000
+      ORE_SERVER: ore-front # this adds a host to allowed hosts
+      ORE_DB_NAME: ore
+      ORE_DB_USER: ore
+      ORE_DB_PASSWORD: ore
+      ORE_DB_HOST: ore-db
+      ORE_SECRET_KEY: change-me-to-something-random-and-very-secret
+      ORE_DEV_LOGIN: 1
     ports:
       - 8000:8000
     depends_on:
-      - ore-db-dev
-      - ore-back-dev
-    volumes:
-      - ./frontend:/ore-front
-      - ./common:/ore-common 
-  ore-back-dev:
-    image: ore-back-dev
-    container_name: ore-back-dev
-    build: 
+      - ore-db
+      - ore-back
+
+  ore-back:
+    image: ghcr.io/osmhpi/fuzzed:be-latest
+    container_name: ore-back
+    restart: always
+    build:
       context: .
-      dockerfile: ./backends/docker/Dockerfile.development
-    tty: true
-    volumes:
-      - ./backends:/ore-back 
-      - ./common:/ore-common 
+      dockerfile: ./backends/Dockerfile
 
 volumes:
   postgres-volume:

frontend/Dockerfile

@@ -0,0 +1,22 @@
+# Dockerfile for ORE web application
+
+FROM ubuntu:bionic
+
+ENV DJANGO_CONFIGURATION=Production
+ENV DEBIANFRONTEND=nointeractive
+
+# Prepare Ansible environment
+RUN apt-get update \
+    && apt-get install -y python python-pip git nodejs \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN pip install PyXB==1.2.6 defusedxml==0.7.1 psycopg2-binary==2.8.6 django==1.8.18 python-social-auth==0.2.21 python-openid==2.2.5 python-oauth2==1.1.1 django-require==1.0.11 django-robots==3.1.0 django-configurations==2.0 requests_oauthlib==1.1.0 uwsgi==2.0.18
+
+RUN pip install git+https://github.com/django-tastypie/django-tastypie.git@256ebe1de9a78dfb5d4d6e938b813cf4c5c4ac1b
+
+WORKDIR /ore-front
+COPY frontend/ /ore-front
+
+ENV PYTHONUNBUFFERED 1
+EXPOSE 8000
+CMD sh -c '/ore-front/manage.py collectstatic -v3 --noinput && /ore-front/manage.py migrate && uwsgi --http 0.0.0.0:8000 --wsgi-file ore/wsgi.py --static-map /static/=/ore-front/ore/static-release/'