This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 IT License.
Commissioned by & Data credits to
Current version was designed and developed in Italy by
A previous version had originally been developed by inkode
This repository contains source code for the backend components of the ARPAV-PPCV platform.
Its main goal is to serve climate-related data in the form of both historical observations and forecast models.
Briefly, the backend component consists of two main services:
The backend contains some additional services, which are used to support it and provide additional functionality, namely:
The main applications are launched by means of custom CLI commands. This CLI additionally provides a multitude of maintenance commands, such as upgrading the database schema, refreshing historical observations data, etc.
This is implemented in Python, using these main libraries and frameworks:
The primary means of installing the various backend components is by using docker compose. Use the compose.*
files
provided in the docker
directory.
For example, for development:
docker compose -f docker/compose.yaml -f compose.dev.yaml up -d
Standing up the various components without docker is also possible, check out the compose file for how to do it. The
main web application uses poetry, so installing it is just a matter
of doing poetry install
.
This application is configured via environment variables. By defaul all settings are prefixed with ARPAV_PPCV__
, but
this can also be modified if needed. The system recognizes the following environment variables:
ARPAV_PPCV__DEBUG
- (bool - False
) Whether the application runs in debug mode or not. Debug mode outputs more logging
information and can be slower. Additionally, it may leak sensitive data to the console. Use it only during developmentARPAV_PPCV__BIND_HOST
- (str - "127.0.0.1"
) Which host is allowed to make requests to the web application server.
When running under docker, be sure to set this to allow all hosts (*
).ARPAV_PPCV__BIND_PORT
- (int - 5001
) Which port is the web application server accepting requests on.ARPAV_PPCV__PUBLIC_URL
- (str - "http://localhost:5001"
) The public URL of the web application.ARPAV_PPCV__DB_DSN
- (pydantic.PostgresDsn - "postgresql://user:password@localhost:5432/arpav_ppcv"
) Connection
string to be used for accessing the backend database. This application only works with postgresql as the DB server.ARPAV_PPCV__TEST_DB_DSN
- (pydantic.PostgresDsn - None
) Connection string used to connect to the test database.
This is only needed for running the tests.ARPAV_PPCV__VERBOSE_DB_LOGS
- (bool - False
) Whether to output verbose logs related to database-related commands.
Use this only in development, as it will slow down the system.ARPAV_PPCV__CONTACT__NAME
- (str - "info@geobeyond.it"
)ARPAV_PPCV__CONTACT__URL
- (str - "http://geobeyond.it"
)ARPAV_PPCV__CONTACT__EMAIL
- (str - "info@geobeyond.it"
)ARPAV_PPCV__TEMPLATES_DIR
- (Path - "webapp/templates"
) Where to store custom templates. This is mainly useful
for development, so avoid modifying it.ARPAV_PPCV__STATIC_DIR
- (Path - "webapp/static"
) Where to store static files. This is mainly useful for
development, so avoid modifying it.ARPAV_PPCV__THREDDS_SERVER__BASE_URL
- (str - "http://localhost:8080/thredds"
) Base URL of the THREDDS serverARPAV_PPCV__THREDDS_SERVER__WMS_SERVICE_URL_FRAGMENT
- (str - "wms"
) URL fragment used by the THREDDS server's
WMS service. This is mainly useful for development, so avoid modifying it.ARPAV_PPCV__THREDDS_SERVER__NETCDF_SUBSET_SERVICE_URL_FRAGMENT
- (str - "ncss/grid"
) URL fragment used by the
THREDDS server's NetCDF subset service. This is mainly useful for development, so avoid modifying it.ARPAV_PPCV__THREDDS_SERVER__UNCERTAINTY_VISUALIZATION_SCALE_RANGE
- (tuple[float, float] - (0, 9)
) - Min, max
values for the uncertainty pattern used in the WMS uncertainty visualization display.ARPAV_PPCV__MARTIN_TILE_SERVER_BASE_URL
- (str - "http://localhost:3000") Base URL of the Martin vector tile server.ARPAV_PPCV__NEAREST_STATION_RADIUS_METERS
- (int - 10_000) Distance to use when looking for the nearest
observation station.ARPAV_PPCV__PREFECT__NUM_FLOW_RETRIES
- (int - 5) Number of times a prefect flow will retry when it failsARPAV_PPCV__PREFECT__FLOW_RETRY_DELAY_SECONDS
- (int - 5) How many seconds should prefect wait after retrying a failed flowARPAV_PPCV__PREFECT__NUM_TASK_RETRIES
- (int - 5) Number of times a prefect task will retry when it failsARPAV_PPCV__PREFECT__TASK_RETRY_DELAY_SECONDS
- (int - 5) How many seconds should prefect wait after retrying a failed taskARPAV_PPCV__PREFECT__OBSERVATION_STATIONS_REFRESHER_FLOW_CRON_SCHEDULE
- (str - "0 1 * * 1"
) Cron schedule for
running the flow that refreshes observation stations. The default value should be read like this: run once every week,
at 01:00 on MondayARPAV_PPCV__PREFECT__OBSERVATION_MONTHLY_MEASUREMENTS_REFRESHER_FLOW_CRON_SCHEDULE
- (str - "0 2 * * 1"
) Cron
schedule for running the flow that refreshes monthly measurements. The default value should be read like this: run
once every week, at 02:00 on MondayARPAV_PPCV__PREFECT__OBSERVATION_SEASONAL_MEASUREMENTS_REFRESHER_FLOW_CRON_SCHEDULE
- (str - "0 3 * * 1"
) Cron
schedule for running the flow that refreshes seasonal measurements. The default value should be read like this: run
once every week, at 03:00 on MondayARPAV_PPCV__PREFECT__OBSERVATION_YEARLY_MEASUREMENTS_REFRESHER_FLOW_CRON_SCHEDULE
- (str - "0 4 * * 1"
) Cron
schedule for running the flow that refreshes yearly measurements. The default value should be read like this: run
once every week, at 04:00 on MondayARPAV_PPCV__V2_API_MOUNT_PREFIX
- (str - "/api/v2") URL prefix of the web application API. Do not modify this unless
you know what you are doing, as other parts of the system rely on it.ARPAV_PPCV__LOG_CONFIG_FILE
- (Path - None
) - Path to the config file for the logging of the application.ARPAV_PPCV__SESSION_SECRET_KEY
- (str - "changeme"
) - Secret key used by starlette sessions. Set this to a big
random string.ARPAV_PPCV__ADMIN_USER__USERNAME
- (str - "arpavadmin"
) username of the admin userARPAV_PPCV__ADMIN_USER__PASSWORD
- (str - "arpavpassword"
) password of the admin user. Change it to a hard
to guess string.ARPAV_PPCV__ADMIN_USER__NAME
- (str - "Admin"
) Name for the admin user. It gets displayed on the admin section.ARPAV_PPCV__ADMIN_USER__AVATAR
- (str - None
) Optional URL for admin user's avatar image.ARPAV_PPCV__ADMIN_USER__COMPANY_LOGO_URL
- (str - None
) Optional URL for the admin user's company imageARPAV_PPCV__ADMIN_USER__ROLES
- (list[str] - ["read", "create", "edit", "delete", "action_make_published"]
) User
roles of the admin user. This is mainly useful for development, so avoid modifying it.ARPAV_PPCV__CORS_ORIGINS
- (list[str] - []
) Origins that are allowed to make cross-origin requests.ARPAV_PPCV__CORS_METHODS
- (list[str] - []
) Methods allowed for cross-origin requests.ARPAV_PPCV__ALLOW_CORS_CREDENTIALS
- (bool - False
) Whether to allow credentials on cross-origin requests.The CLI is named arpav-ppcv
. When running under docker compose, it can be used with the following incantation:
docker exec -ti arpav-ppcv-webapp-1 poetry run arpav-ppcv <sub-command>
There are numerous sub-commands and each may accept additional arguments, so please check the help of the sub-command
you want to run, by passing the --help
flag.
For example, running the web application server can be achieved with:
docker exec -ti poetry run arpav-ppcv run-server
When using the development docker compose file(s), the web application server is accessible at:
http://localhost:8877
The auto-generated API docs are accessible at the /api/v2/docs
endpoint
When using the development docker compose file(s), the admin section is available at:
http://localhost:8877/admin
dev environment is located at individual devs machine(s). In order to get a working dev deployment set up:
Ensure you have git
installed
Clone (or fork+clone) this repo to your local machine
Ensure you have docker installed
Run the following command:
docker compose -f docker/compose.yaml -f docker/compose.dev.yaml up -d
The system will eventually be initialized. Now bootstrap the system by running:
docker exec -ti arpav-ppcv-webapp-1 poetry run arpav-ppcv db upgrade
docker exec -ti arpav-ppcv-webapp-1 poetry run arpav-ppcv bootstrap municipalities
docker exec -ti arpav-ppcv-webapp-1 poetry run arpav-ppcv bootstrap observation-variables
docker exec -ti arpav-ppcv-webapp-1 poetry run arpav-ppcv bootstrap coverage-configuration-parameters
docker exec -ti arpav-ppcv-webapp-1 poetry run arpav-ppcv bootstrap coverage-configurations
If needed, you can download some NetCDF datasets from the remote THREDDS server by running
the arpav-ppcv dev import-thredds-datasets
command. Check its help for more detail. As an example:
# downloads all su30 netcdf datasets in order to use them in the dev environment
docker exec -ti arpav-ppcv-webapp-1 poetry run arpav-ppcv dev import-thredds-datasets \
https://thredds.arpa.veneto.it/thredds \
/home/appuser/data/datasets \
--name-filter su30
The system shall be available at
http://localhost:8877
Since this is a dev deployment, your local source code directory is mounted inside the container and you can modify it and have the web application server automatically reload. Look into the contents of the docker compose file(s) in order to check which env variables are set and how to further interact with the system
Build the docker image by running this command:
docker build --tag ghcr.io/geobeyond/arpav-ppcv-backend/arpav-ppcv-backend
If you want to build an image for the current branch, such as when you added a new third-party dependency as part of an ongoing task, add the branch name to the build image:
docker build --tag ghcr.io/geobeyond/arpav-ppcv-backend/arpav-ppcv-backend:$(git branch --show-current)
In order to use this custom named image on your local development, set the CURRENT_GIT_BRANCH
env variable before
launching the docker compose stack, i.e.:
export CURRENT_GIT_BRANCH=$(git branch --show-current)
docker compose -f docker/compose.yaml -f docker/compose.dev.yaml up -d
Deployments to the staging environment are automated and happen whenever a new docker image is published to the project's container registry. This is governed by a two-stage workflow, orchestrated via github actions:
main
branch, a new docker image is built and published to the container
registry;The strategy described above employs an installation of the webhook server, together with some custom deployment scripts.
Relevant places to look for configuration in the staging environment, in addition to the ${HOME}
directory:
/opt/traefik
/etc/system/system/docker.service.d
/etc/system/system/traefik.service
/etc/system/system/webhook.service
Deployments to the production environment are automated. They are based on git tags and are governed by a two-stage workflow, orchestrated via github actions:
The system has a set of automated tests which run whenever a new PR is submitted and also whenever a change is merged
to the repository's main
branch. This is triggered by means of a github actions workflow and uses
(dagger)[https://dagger.io/] for the actual testing pipeline. Running the same pipeline locally can be achieved by:
Running the following command:
dagger run poetry run python tests/ci/main.py \
--with-formatter \
--with-linter \
--with-tests
Testing uses these main additional libraries/frameworks:
In order to ensure a speedier cycle between making a PR and having the changes reviewed and merged, you can install pre-commit and enable the configuration provided in this repo. This will ensure that commits will be suitably formatted and checked and that when they are pushed to the official repo they will be in a clean state.
There is a github actions workflow that runs daily and checks the code for known vulnerabilities. This uses trivy. The vulnerability scan can also be run locally by using the command:
dagger run poetry run python tests/ci/main.py --with-security-scan