Feature bad designator cloudsql

jobs/bad-designation-notifier/.env.sample

@@ -1,9 +1,8 @@
 # NameX DB
-NAMEX_DATABASE_HOST=
-NAMEX_DATABASE_NAME=
-NAMEX_DATABASE_PASSWORD=
-NAMEX_DATABASE_PORT=
-NAMEX_DATABASE_USERNAME=
+DATABASE_NAME=
+DATABASE_USERNAME=
+DATABASE_INSTANCE_CONNECTION_NAME=
+DATABASE_SCHEMA=
 
 # Email Service
 EMAIL_RECIPIENTS=

jobs/bad-designation-notifier/Dockerfile

@@ -1,5 +1,4 @@
-FROM python:3.12.2
-USER root
+FROM python:3.12-slim AS development_build
 
 ARG VCS_REF="missing"
 ARG BUILD_DATE="missing"
@@ -8,7 +7,8 @@ ENV VCS_REF=${VCS_REF}
 ENV BUILD_DATE=${BUILD_DATE}
 
 LABEL org.label-schema.vcs-ref=${VCS_REF} \
-      org.label-schema.build-date=${BUILD_DATE}
+      org.label-schema.build-date=${BUILD_DATE} \
+      vendor="BCROS"
 
 USER root
 
@@ -18,65 +18,70 @@ ARG APP_ENV \
   GID=1000
 
 ENV APP_ENV=${APP_ENV} \
-    # python:
-    PYTHONFAULTHANDLER=1 \
-    PYTHONUNBUFFERED=1 \
-    PYTHONHASHSEED=random \
-    PYTHONDONTWRITEBYTECODE=1 \
-    # pip:
-    PIP_NO_CACHE_DIR=1 \
-    PIP_DISABLE_PIP_VERSION_CHECK=1 \
-    PIP_DEFAULT_TIMEOUT=100 \
-    PIP_ROOT_USER_ACTION=ignore \
-    # poetry:
-    POETRY_VERSION=1.3.2 \
-    POETRY_NO_INTERACTION=1 \
-    POETRY_VIRTUALENVS_CREATE=false \
-    POETRY_CACHE_DIR='/var/cache/pypoetry' \
-    POETRY_HOME='/usr/local'
+  # python:
+  PYTHONFAULTHANDLER=1 \
+  PYTHONUNBUFFERED=1 \
+  PYTHONHASHSEED=random \
+  PYTHONDONTWRITEBYTECODE=1 \
+  # pip:
+  PIP_NO_CACHE_DIR=1 \
+  PIP_DISABLE_PIP_VERSION_CHECK=1 \
+  PIP_DEFAULT_TIMEOUT=100 \
+  PIP_ROOT_USER_ACTION=ignore \
+  # poetry:
+  POETRY_VERSION=2.1.3 \
+  POETRY_NO_INTERACTION=1 \
+  POETRY_VIRTUALENVS_CREATE=false \
+  POETRY_CACHE_DIR='/var/cache/pypoetry' \
+  POETRY_HOME='/usr/local'
 
 SHELL ["/bin/bash", "-eo", "pipefail", "-c"]
 
-# Install system dependencies
 RUN apt-get update && apt-get upgrade -y \
-    && apt-get install --no-install-recommends -y \
-       bash \
-       brotli \
-       build-essential \
-       curl \
-       gettext \
-       git \
-       libpq-dev \
-       wait-for-it \
-    && curl -sSL 'https://install.python-poetry.org' | python - \
-    && poetry --version \
-    && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
-    && apt-get clean -y && rm -rf /var/lib/apt/lists/*
-
-# Setup the application directory
+  && apt-get install --no-install-recommends -y \
+    bash \
+    brotli \
+    build-essential \
+    curl \
+    gettext \
+    git \
+    libpq-dev \
+    wait-for-it \
+  && curl -sSL 'https://install.python-poetry.org' | python - \
+  && poetry --version \
+  # Cleaning cache:
+  && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
+  && apt-get clean -y && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /code
+
 RUN groupadd -g "${GID}" -r web \
-    && useradd -d '/code' -g web -l -r -u "${UID}" web \
-    && chown web:web -R '/code'
+  && useradd -d '/code' -g web -l -r -u "${UID}" web \
+  && chown web:web -R '/code'
 
-# Copy the application code and scripts
 COPY --chown=web:web . /code
-RUN chmod 755 /code/run.sh
 
-# Echo the current Poetry configuration
-RUN echo "Checking Poetry configurations..." \
-    && poetry config --list
-
-# Initialize project and install dependencies
+COPY --chown=web:web ./run.sh /code/run.sh
+RUN chmod 755 /code/run.sh
+# Project initialization:
 RUN --mount=type=cache,target="$POETRY_CACHE_DIR" \
-    echo "Installing dependencies under APP_ENV=$APP_ENV..." \
-    && poetry run pip install -U pip \
-    && poetry install $(if [ -z ${APP_ENV+x} ] || [ "$APP_ENV" = 'production' ]; then echo '--only main'; fi) \
+  echo "$APP_ENV" \
+  && poetry version \
+  && poetry config installer.max-workers 1 \
+  # Install deps:
+  && poetry run pip install -U pip \
+  && poetry install \
+    $(if [ -z ${APP_ENV+x} ] | [ "$APP_ENV" = 'production' ]; then echo '--only main'; fi) \
     --no-interaction --no-ansi
 
-# Switch to the non-root user
+# Running as non-root user:
 USER web
 
+# Stage 2: Production image (lighter)
+FROM development_build AS production_build
+COPY --chown=web:web . /code
+RUN chmod -R 755 /code/run.sh
+
 EXPOSE 8080
 
 CMD [ "/bin/sh", "/code/run.sh" ]

jobs/bad-designation-notifier/Makefile

@@ -14,7 +14,7 @@ install: ## Install Python dependencies in a virtual environment
 	test -f $(VENV_DIR)/bin/activate || python3.12 -m venv $(VENV_DIR) ;\
 	. $(VENV_DIR)/bin/activate ;\
 	pip install poetry ;\
-	poetry install --no-dev
+	poetry install
 
 #################################################################################
 # Clean                                                                         #
@@ -68,7 +68,7 @@ push: build ## Push the Docker container to the registry
 # Run                                                                           #
 #################################################################################
 run: ## Run the project locally
-	. $(VENV_DIR)/bin/activate && poetry run python src/app.py
+	. $(VENV_DIR)/bin/activate && poetry run python3.12 src/app.py
 
 #################################################################################
 # Self-Documenting Commands                                                     #

jobs/bad-designation-notifier/devops/vaults.gcp.env

@@ -1,11 +1,11 @@
-NAMEX_DATABASE_UNIX_SOCKET="op://database/$APP_ENV/namex-db-gcp/DATABASE_UNIX_SOCKET"
-NAMEX_DATABASE_NAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_NAME"
-NAMEX_DATABASE_PASSWORD="op://database/$APP_ENV/namex-db-gcp/DATABASE_PASSWORD"
-NAMEX_DATABASE_PORT="op://database/$APP_ENV/namex-db-gcp/DATABASE_PORT"
-NAMEX_DATABASE_USERNAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_USERNAME"
+DATABASE_NAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_NAME"
+DATABASE_USERNAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_USERNAME"
+DATABASE_INSTANCE_CONNECTION_NAME="op://database/$APP_ENV/namex-db-gcp/DATABASE_INSTANCE_CONNECTION_NAME"
+DATABASE_SCHEMA="op://database/$APP_ENV/namex-db-gcp/DATABASE_SCHEMA"
 EMAIL_RECIPIENTS="op://namex/$APP_ENV/bad-designation-notifier/DAILY_REPORT_RECIPIENTS"
 NOTIFY_API_URL="op://API/$APP_ENV/notify-api/NOTIFY_API_URL"
 NOTIFY_API_VERSION="op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION"
 KEYCLOAK_AUTH_TOKEN_URL="op://keycloak/$APP_ENV/base/KEYCLOAK_AUTH_TOKEN_URL"
 KEYCLOAK_CLIENT_ID="op://keycloak/$APP_ENV/entity-service-account/ENTITY_SERVICE_ACCOUNT_CLIENT_ID"
-KEYCLOAK_CLIENT_SECRET="op://keycloak/$APP_ENV/entity-service-account/ENTITY_SERVICE_ACCOUNT_CLIENT_SECRET"
+KEYCLOAK_CLIENT_SECRET="op://keycloak/$APP_ENV/entity-service-account/ENTITY_SERVICE_ACCOUNT_CLIENT_SECRET"
+VPC_CONNECTOR="op://CD/$APP_ENV/base/VPC_CONNECTOR"