2
0
mirror of https://github.com/inventree/InvenTree.git synced 2025-10-26 02:47:41 +00:00
Commit Graph

63 Commits

Author SHA1 Message Date
Matthias Mair
a02d1011e7 chores(backend): bump various deps (#10624)
* bump various deps

* align helpers deps

* revert allauth change

* fix style

* bump allauth too

* bum api version as there is a small allauth change
2025-10-21 06:54:40 +11:00
Oliver
f9ce9e20b2 Fixes for SITE_URL validity checks (#10619)
* [docker] Allow HTTPS port to be specified for Caddy proxy

* Fix naming collision for INVENTREE_WEB_PORT

* Push InvenTree version first

* Adjust Caddyfile

- Change backup server

* Fix docstring

* Tweak for site URL check:

- Ignore port if SITE_LAX_PROTOCOL_CHECK is set
- Invert logic for readability

* Additional checks for port mismatch

* Adjust middleware checks

- Allow for less strict checking of CSRF_TRUSTED_ORIGINS

* Slight refactor
2025-10-20 16:05:37 +11:00
Oliver
946d4358c3 Tweak docker setup (#10490)
- Set default forwarding values
2025-10-05 22:05:16 +11:00
Matthias Mair
16e8f27872 bump contianer / dev dependencies too (#10472)
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2025-10-04 22:00:14 +10:00
Matthias Mair
c9e74c5910 Adress minor dep issues (#10359)
* fix django version

* bump @vanilla-extract/vite-plugin to adress https://github.com/inventree/InvenTree/security/dependabot/226
2025-09-20 09:13:02 +10:00
Matthias Mair
f0beb4a426 fix a few docker security holes (#10260)
* fix no-cache statements

* fix possible security escape

* fix possible globbing

* merge statements that belong together

* pin image
2025-09-04 09:02:17 +10:00
Oliver
085381fa70 Debian docker image (#10227)
* Debian docker image

- Swap from alpine to debian slim-trixie
- Refactor Dockerfile
- Optimize image size
- Reduce @vitejs/plugin-react version

* Remove commented-out lines

* Ensure invoke is installed

* Adjust Dockerfile

* Actually build the python libs

* Adjust dockerfile

* Install git in dev image

* Tweaks
2025-09-03 17:05:03 +10:00
Oliver
e9b8c264b1 Update dockerfile (#10225)
* Update dockerfile

Updated dockerfile to provide support for new node LTS

* Tweak plugin-react version

* Fix Dockerfile
2025-08-25 22:50:39 +10:00
Daniil Chudo
669a155467 fix: The function should return early when in Docker environment (#10178)
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2025-08-18 11:16:28 +10:00
Matthias Mair
6cb9327a1c chore(backend): bump deps (#10154)
* bump backend devs

* bump helper-deps
2025-08-17 07:04:44 +10:00
Matthias Mair
df6965088f bump backend deps (#10003) 2025-07-11 08:44:33 +10:00
Matthias Mair
370baeff8b fix instrumentation code (#9872) 2025-06-26 16:51:50 +10:00
Matthias Mair
797b5f57b0 feat(backend): improve worker tracing (#9808)
* feat(backend): improve worker log

* refactor tracing details

* add tracing to gunicorn setup

* add sqlite tracing

* add system metrics

* instument wsgi

* make dbengine better accessible

* fix instruction

* instrument worker

* track task scheduling

* trace common tasks

* patch in support for django q

* trace various tasks

* add trcing for other dbs

* ignore coverage on tracing stuff

* more ignorance
2025-06-20 09:47:28 +10:00
Matthias Mair
25d13b4201 chore(backend): remove constraints (#9748)
* remove constraints

* general dep bump

* bump opentelemetry
2025-06-08 09:22:10 +10:00
Oliver
a63efc4089 Docker tweaks (#9738)
* Tweak docker compose file

* Tweak docs

* Cleanup docker-compose file
2025-06-05 15:08:51 +10:00
Matthias Mair
7a984f831f bump backend deps (#9713)
* bump backend deps

* lower xmlsec to fix build

* add permament pin

* lower allauth as there are api changes

* unify dependabot config
2025-06-02 11:26:49 +10:00
Matthias Mair
d7c293788b fix(backend): ensure deps are coupled (#9649)
* fix(backend): ensure deps are coupled

* bump deps

* more constraints

* run dep resolver

* expand resolve even more

* lower lxml / xmlsec

* lower allauth
2025-05-10 22:39:07 +01:00
dependabot[bot]
d619932ae4 chore(deps): bump django from 4.2.20 to 4.2.21 in /src/backend (#9648)
* chore(deps): bump django from 4.2.20 to 4.2.21 in /src/backend

Bumps [django](https://github.com/django/django) from 4.2.20 to 4.2.21.
- [Commits](https://github.com/django/django/compare/4.2.20...4.2.21)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 4.2.21
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix req

* adjust setuptools to be equal

* ensure same version is used

* add missing constraint

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2025-05-09 07:44:57 +01:00
dependabot[bot]
964a14754e Bump the dependencies group across 1 directory with 2 updates (#9585)
* Bump the dependencies group across 1 directory with 2 updates

Bumps the dependencies group with 2 updates in the /src/backend directory: [django-q2](https://github.com/GDay/django-q2) and [sentry-sdk](https://github.com/getsentry/sentry-python).


Updates `django-q2` from 1.7.6 to 1.8.0
- [Release notes](https://github.com/GDay/django-q2/releases)
- [Changelog](https://github.com/django-q2/django-q2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/GDay/django-q2/compare/v1.7.6...v1.8.0)

Updates `sentry-sdk` from 2.26.1 to 2.27.0
- [Release notes](https://github.com/getsentry/sentry-python/releases)
- [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-python/compare/2.26.1...2.27.0)

---
updated-dependencies:
- dependency-name: django-q2
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: sentry-sdk
  dependency-version: 2.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix req

* sync setuptools

* Add missing API key - see https://github.com/inventree/InvenTree/actions/runs/14673293670/job/41184590051?pr=9585#step:5:1230

* fix this call too

* add an easier to debug assert

* ensure token is set

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2025-04-26 10:01:38 +10:00
Matthias Mair
8bb03b7afd feat(backend): add oauth2 (#9333)
* feat(backend): add oauth2

* fix import

* Add inventree roles

* refactor to make lookup more efficient

* fix single scope definitions

* cleanup

* fix schema

* reduce auth methods

* fix OAuth validator

* re-enable token and basic auth again

* Add models to role mapping

* change scope args

* add debug step for schema generation

* add oauth config for schema generation

* improve token -> permission mapping

* fix req

* extend checks to ensure normal auth also passes

* fix api version

* fix ignore

* fix rule name

* bump api version

* remove old modelref

* move scope definition

* make test results easier to work with

* add tests to ensure scopes are in sync with rulesets

* fix docstring

* fix various permissions and their mapping to oauth

* refactor

* simplify

* fix permission mapping

* ignore failure cases

* fix unauthenticated access

* flag oAuth2 till it is done

* Add OIDC support

* add RSA key generation and docs

* fix test

* move imports

* update ignore

* feat(backend): Add API Schema stats

* add scope stats

* fix name

* fix scope output

* feat(backend): test custom command

* add warning for unknown scopes

* reduce diff in launch.json

* cleanup  diff

* add error code for ruleset / scope issues

* update structure

* add oauth docs

* add experimetnal feature docs

* simplify metadata endpoint

* add importer model

* refactor(backend): simplify metadata endpoint

* fix imports

* simplify even more

* remove unneeded schema tooling

* fix permission mappings

* fix testing

* fix role calculations

* fix mapping

* remove importer change to unblock this

* remove importer scope everywhere

* fix merge conflict in test

* add missing models

* fix api version

* fix OASToken matcher

* revert permission class change

* reduce size of test log by writing schema

* fix permissions

* fix file path

* extend schema to remove need for TokenMatchesOASRequirements

* cleanup permissions file

* add base object permission
2025-04-18 19:27:32 +10:00
Matthias Mair
2712f30382 fix: ci security issues (#9451)
* fix possible code injection errors

* pin n
2025-04-04 09:04:06 +11:00
Oliver
b116e09717 Docker updates (#9414)
* Typo fix

* Examples to .env file
2025-03-31 07:45:53 +11:00
Oliver
99ec486b79 [Docker] Update node version (#9383)
* Update node version

* Install nvm

* Use n instead of nvm

* Use same approach in devcontainer

* nvm -> npm

* Split commands

* Fix typo

* Workaround : install bash

* Tweak playwright tests

* Bump number of retries

* Update deps

* Only one worker

* SEcurity fix

* Adjust
2025-03-27 01:25:58 +11:00
Matthias Mair
9bc0d599bc chore: improve ci security (#9384)
* pin docker files

* pin github actions

* enforce hashes that are already present

* run style checks on cicd changes
2025-03-26 13:04:45 +11:00
Matthias Mair
2bc2cb6363 chore: bump container deps (#9329) 2025-03-18 08:08:48 +11:00
Oliver
191c0b1007 Docker Compose Fix (#9311)
* Fix postgres version in docker-compose file

- Pin to version 16
- Compatible with the alpine image

* Add check for backup and restore procedures
2025-03-16 10:43:40 +11:00
Oliver
15ad62494f [Docker] Alpine image fix (#9118)
* Revert to alpine3:20 / postgres:16

* Remove old hack

- No longer needed as we are using python 3.11

* Update package requirements for devcontainer

Also fixes some docker warnings from the alpine Dockerfile

* Specify SITE_URL

* Reduce log output during docker image testing
2025-02-21 18:02:39 +11:00
Oliver
6f939931ca Docker postgres fix (#9041)
* Update docker image

- Move from alpine 3.19 to alpine 3.21
- Move from postgres13_client to postgres17_client

* Update docker-compose file

- Move from postgres:13 to postgres:16
- Move from redis:7.0 to redis:7-alpine

* Update docs

* Update docker docs

* Separate Dockerfile for devcontainer

- Debian based (python3.11-bookworm)
- Install essential system packages

* Instal postgres client

* Further devcontainer updates

- Bump postgresql image from 13 to 15
- Store psql data in the dev/psql directory
- Install required frontend packages

* Use --host mode for frontend server

* Tweak devcontainer docs

* Bump pre commit config file

* Revert "Bump pre commit config file"

This reverts commit bbfd875ac8.
2025-02-15 08:00:12 +11:00
Matthias Mair
73b46c1c15 bump python deps (#9032) 2025-02-05 09:20:29 +11:00
Matthias Mair
c57b51cb0e chore(backend): bump deps (#8905)
* bump backend reqs

* raq down cryptography

* fix req

* bump api version
2025-01-19 17:50:22 +11:00
Matthias Mair
64b9365947 chore: bump pre commit (#8904)
* bump pre-commit

* auto-fixes

* ignore error

* fix a few more issues

* fix pattern
2025-01-18 09:38:00 +11:00
Oliver
0614f01247 Docker fix (#8835)
* Fix server command in Dockerfile

* Ensure invoke is installed into the venv

* Run extra check in docker build step

* Improve documentation

* Intercept ModuleNotFoundError

- Clear error message

* Docs updates

* Add extra check to dev docker build

* Cleanup tasks.py

* Prevent double activation of venv

* Change order of operations

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
2025-01-06 09:46:16 +11:00
Oliver
decccf8163 Fix for buggy Caddyfile (#8830) 2025-01-05 22:18:24 +11:00
Oliver
74cd0b9aed Update .env file (#8799)
* Update .env file

- No functional changes
- Improved file comments

* Update .env

Improved comment
2024-12-31 14:44:34 +11:00
Oliver
ecc1c937ed Caddyfile documentation (#8798)
* basic mixin file

* Add basic check for model type support

* Enhanced documentation for Caddyfile

* Additional documentation around proxy server

* Remove code from other PR
2024-12-31 13:35:51 +11:00
Matthias Mair
dd83735710 Fix vulnerable dependencies (#8655)
* bump container reqs

* bump vul frontend dep

* fix tests
2024-12-12 08:38:11 +11:00
Matthias Mair
594dc49b84 Bump backend deps (#8559)
* bump backend deps

* bump api
2024-11-26 09:25:06 +11:00
Matthias Mair
0f194af585 Fix spelling of InvenTree in code base (#8561)
* fix spelling of InvenTree in code

* fix spelling in frontend
2024-11-26 08:29:47 +11:00
Oliver
33a686ace8 Enable redis by default for docker setup (#8501)
* Enable redis by default for docker setup

* Bring cache up before server
2024-11-17 00:14:30 +11:00
Matthias Mair
8d27144f78 bump container deps (#8337) 2024-10-23 09:52:35 +11:00
Oliver
d75ef7c9c9 Revert int.worker to worker (#8126)
- Prevent existing docker compose installs from breaking
2024-09-16 11:07:24 +10:00
Matthias Mair
e3205184be Add namespaces to tasks (#7904)
* Namespaces for invoke tasks
Fixes #7852

* adjust various places that call re-namespaced tasks

* use full invoke command
easier for future refactors

* fix call name

* move worker to int

* adapt calls in tasks

* fix changed path

* ignore localhost links

* Avoid using internal names
2024-09-05 13:04:57 +10:00
Matthias Mair
d647471588 Chore: Bump python requirements (#7961)
* bump requirements

* lower bound on pydyf
2024-08-23 23:03:31 +00:00
Oliver
70a52c9385 Update default fonts for docker image (#7881)
* Update default fonts for docker image

Ref: https://github.com/inventree/InvenTree/issues/7737

* Remove extra fonts from Dockerfile
2024-08-14 21:16:07 +10:00
Matthias Mair
41f6dd69b8 Adjust docker labels to modern OCI schema (#7773)
* adapt namespace

* add new labels

* make baseimage available for labels

* remove unneeded ending

* ensure image name is correct for ghcrio

* ensure the right outputs are used

* fix reference

* fix assigment

* only push docker reg image if authd

* swith back to env

this gets provided by the version ci script

* make repo targets changeable

* make readable

* revert ghcr.io change
2024-08-11 11:03:18 +10:00
dependabot[bot]
a5564090bb Bump django from 4.2.14 to 4.2.15 in /src/backend (#7827)
* Bump django from 4.2.14 to 4.2.15 in /src/backend

Bumps [django](https://github.com/django/django) from 4.2.14 to 4.2.15.
- [Commits](https://github.com/django/django/compare/4.2.14...4.2.15)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix formatting

* bump everywhere

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2024-08-08 17:17:51 +10:00
Josip Medved
c33e91a42b Removed obsoleted version element from docker-compose examples (#7760) 2024-07-30 21:12:02 +10:00
Oliver
d5afc37264 Revert postgres version to 13 (#7717)
* Adjust playwright test

* Update docker compose for devcontainer

* Revert docker container changes

* Update notes

* Revert base alpine version
2024-07-24 11:02:25 +10:00
Matthias Mair
0effb44402 Bump docker image alpine base from 3.18 to 3.20 (#7699)
* bump docker image from 3.18 to 3.20

* bump postgres from 13 to 14
2024-07-22 07:46:41 +10:00
Matthias Mair
dae173e84c Bump development deps (#7606)
* bump pre-commit

* add config for codespell

* re-add hashes
2024-07-18 09:53:17 +10:00