Merge branch 'master' into delete-old-files

Author: mishaschwartz

.bumpversion.toml

@@ -1,5 +1,5 @@
 [tool.bumpversion]
-current_version = "2.18.2"
+current_version = "2.21.0"
 commit = true
 tag = false
 tag_name = "{new_version}"

.github/workflows/greetings.yml

@@ -6,14 +6,14 @@ jobs:
   greeting:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/first-interaction@753c925c8d1ac6fede23781875376600628d9b5d # v3.0.0
+    - uses: actions/first-interaction@1c4688942c71f71d4f5502a26ea67c331730fa4d # v3.1.0
       with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        issue-message: >
+        repo_token: ${{ secrets.GITHUB_TOKEN }}
+        issue_message: >
           Thanks for submitting an issue.
 
           Please make sure to provide enough details for us to be able to replicate your issue or understand your question.
-        pr-message: >
+        pr_message: >
           Thanks for submitting a PR.
 
           Make sure you have looked at [CONTRIBUTING](https://github.com/bird-house/birdhouse-deploy/blob/master/CONTRIBUTING.rst) guidelines.

.github/workflows/label.yml

@@ -20,6 +20,6 @@ jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+    - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/tests.yml

@@ -15,11 +15,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Set up Python3
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: "3.11"
           cache: 'pip'

CHANGES.md

@@ -8,7 +8,7 @@ override BIRDHOUSE_MAKE_DIR := $(shell realpath -P $$(dirname $(BIRDHOUSE_MAKE_C
 # Generic variables
 override SHELL       := bash
 override APP_NAME    := birdhouse-deploy
-override APP_VERSION := 2.18.2
+override APP_VERSION := 2.21.0
 
 # utility to remove comments after value of an option variable
 override clean_opt = $(shell echo "$(1)" | $(_SED) -r -e "s/[ '$'\t'']+$$//g")

Makefile

@@ -18,13 +18,13 @@ for a full-fledged production platform.
     * - citation
       - | |citation|
 
-.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/2.18.2.svg
+.. |commits-since| image:: https://img.shields.io/github/commits-since/bird-house/birdhouse-deploy/2.21.0.svg
     :alt: Commits since latest release
-    :target: https://github.com/bird-house/birdhouse-deploy/compare/2.18.2...master
+    :target: https://github.com/bird-house/birdhouse-deploy/compare/2.21.0...master
 
-.. |latest-version| image:: https://img.shields.io/badge/tag-2.18.2-blue.svg?style=flat
+.. |latest-version| image:: https://img.shields.io/badge/tag-2.21.0-blue.svg?style=flat
     :alt: Latest Tag
-    :target: https://github.com/bird-house/birdhouse-deploy/tree/2.18.2
+    :target: https://github.com/bird-house/birdhouse-deploy/tree/2.21.0
 
 .. |readthedocs| image:: https://readthedocs.org/projects/birdhouse-deploy/badge/?version=latest
     :alt: ReadTheDocs Build Status (latest version)

README.rst

@@ -1 +1 @@
-2.18.2 2025-09-24T23:23:18Z
+2.21.0 2026-01-27T20:49:01Z

RELEASE.txt

@@ -42,19 +42,20 @@ Options:
   -L, --log-level {DEBUG|INFO|WARN|ERROR}                 Set log level, default is INFO
 "
 
-CONFIGS_USAGE="USAGE: $THIS_BASENAME [${THIS_BASENAME} options] configs [-h|--help] [-d|--default] {[-p|--print-config-command] | [-c|--command command] | [--print-log-command]}"
+CONFIGS_USAGE="USAGE: $THIS_BASENAME [${THIS_BASENAME} options] configs [-h|--help] [-b|--basic] {[-p|--print-config-command] | [-c|--command command] | [--print-log-command]}"
 CONFIGS_HELP="$CONFIGS_USAGE
 
 Load or execute commands in the Birdhouse configuration environment.
 
 Options:
   -h, --help                   Print this message and exit
-  -d, --default                Only load/print a command for the default configuration settings, not those specified by the local environment file
+  -b, --basic                  Only load/print a command for the basic configuration settings, not those specified by additional components
   -p, --print-config-command   Print a command that can be used to load configuration settings as environment variables
   -c, --command string         Execute the given command after loading configuration settings
   --print-log-command          Print a command that can be used to load the 'log' function used by birdhouse
 Deprecated Options:
   -q, --quiet                  Suppress stdout when loading configuration settings for the '--command' option. [DEPRECATED: use the --quiet option directly under birdhouse instead]
+  -d, --default                Same as the --basic flag. [DEPRECATED: use the --basic flag instead]
 
 Example Usage:
 
@@ -254,12 +255,20 @@ parse_multiple_short_flags() {
 parse_configs_args() {
   case "$1" in
     -d|--default)
+      source_log
+      log WARN "DEPRECATED: the '${THIS_BASENAME} configs --default' flag is deprecated use the --basic flag instead"
+      shift
+      parse_configs_args --basic "$@"
+      ;;
+    -b|--basic)
       READ_CONFIGS_CMD=read_basic_configs_only
       shift
       parse_configs_args "$@"
       ;;
     -q|--quiet)
       CONFIGS_QUIET=True
+      source_log
+      log WARN "DEPRECATED: the '${THIS_BASENAME} configs --quiet' flag is deprecated use the '${THIS_BASENAME} --quiet' flag instead"
       shift
       parse_configs_args "$@"
       ;;
@@ -335,6 +344,16 @@ source_env() {
   fi
 }
 
+# Source the birdhouse logging environment. This will only work the first time it is
+# called so that it can be called multiple times within the same process without
+# triggering a re-read of the configuration settings every time.
+source_log() {
+  if [ "$_BIRDHOUSE_LOG_ENV_ALREADY_SOURCED" != "true" ]; then
+    eval "$(print_log_command no-suffix)"
+    _BIRDHOUSE_LOG_ENV_ALREADY_SOURCED=true
+  fi
+}
+
 # Ensure that the birdhouse stack is running.
 # If the stack is not running, this will raise a log ERROR message and exit.
 ensure_birdhouse_running() {
@@ -358,13 +377,7 @@ check_backup_create_args() {
       "BIRDHOUSE_BACKUP_VOLUME must be specified." \
       "${BACKUP_CREATE_USAGE}"
   fi
-  [ -n "${BIRDHOUSE_BACKUP_RESTORE_SNAPSHOT}" ] || \
-  [ "${BIRDHOUSE_BACKUP_NO_RESTIC}" = 'true' ] || \
-    log_error_help \
-      'Use the -s|--snapshot option to specify a snapshot to restore with restic or --no-restic to employ BIRDHOUSE_BACKUP_VOLUME directly.' \
-      "${BACKUP_CREATE_USAGE}"
   if
-    [ -z "${BIRDHOUSE_BACKUP_RESTORE_SNAPSHOT}" ] && \
     [ "${BIRDHOUSE_BACKUP_NO_RESTIC}" = 'true' ] && \
     [ $(echo "${BIRDHOUSE_BACKUP_VOLUME}" | grep -c '/' || true) -eq 0 ]; then
       log WARN \
@@ -380,6 +393,11 @@ check_backup_restore_args() {
       "BIRDHOUSE_BACKUP_VOLUME must be specified." \
       "${BACKUP_RESTORE_USAGE}"
   fi
+  [ -n "${BIRDHOUSE_BACKUP_RESTORE_SNAPSHOT}" ] || \
+  [ "${BIRDHOUSE_BACKUP_NO_RESTIC}" = 'true' ] || \
+    log_error_help \
+      'Use the -s|--snapshot option to specify a snapshot to restore with restic or --no-restic to restore from BIRDHOUSE_BACKUP_VOLUME directly.' \
+      "${BACKUP_CREATE_USAGE}"
   if [ "${BIRDHOUSE_BACKUP_NO_RESTIC}" = 'true' ]; then
     if [ $(echo "${BIRDHOUSE_BACKUP_VOLUME}" | grep -c '/' || true) -eq 0 ]; then
       log WARN \

bin/birdhouse

@@ -106,11 +106,19 @@ This will source the ``env.local`` file, apply the appropriate variable substitu
 ".template", and run ``docker-compose`` with all the command line arguments after the ``compose`` argument.
 See `env.local.example <env.local.example>`_ (:download:`download </birdhouse/env.local.example>`) for more details on what can go into the ``env.local`` file.
 
+Most variables that can be set in the local environment file (``env.local`` by default) can also be specified as environment variables when running ``bin/birdhouse`` 
+commands. Environment variables will take precedence over those specified in the ``env.local`` file.
+
 If the file `env.local` is somewhere else, symlink it here, next to `docker-compose.yml <docker-compose.yml>`_ (:download:`download </birdhouse/docker-compose.yml>`) because many scripts assume this location.
+If autodeploy scheduler job is enabled, the folder containing the `env.local` file needs to be added to `BIRDHOUSE_AUTODEPLOY_EXTRA_REPOS`.
 
 To follow infrastructure-as-code, it is encouraged to source control the above
 `env.local` file and any override needed to customized this Birdhouse deployment
-for your organization.  For an example of possible override, see how the `emu service <optional-components/emu/docker-compose-extra.yml>`_ (:download:`download </birdhouse/optional-components/emu/docker-compose-extra.yml>`)
+for your organization.  Note this `env.local` file might contains **sensitive**
+infos like passwords so it should be in a limitted access private source control
+repo, idealy not on the internet.
+
+For an example of possible override, see how the `emu service <optional-components/emu/docker-compose-extra.yml>`_ (:download:`download </birdhouse/optional-components/emu/docker-compose-extra.yml>`)
 (`README <optional-components/README.rst#emu-wps-service-for-testing>`_) can be optionally added to the deployment via the `override mechanism <https://docs.docker.com/compose/extends/>`_.
 Ouranos specific override can be found in this `birdhouse-deploy-ouranos <https://github.com/bird-house/birdhouse-deploy-ouranos>`_ repo.
 
@@ -346,6 +354,36 @@ not able to access protected URLs:
   not be fully functional when self-signed certificates are enabled. For example, accessing other components through
   the JupyterLab interface may fail with an ``SSLError``.
 
+Docker rootless configuration
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you are using `Docker Rootless Mode <https://docs.docker.com/engine/security/rootless/>`_ on your machine,
+you *might* need to execute the following command to allow the `proxy` (Nginx) service to connect to the relevant
+HTTP ports.
+
+.. code-block:: shell
+    sudo sysctl -w net.ipv4.ip_unprivileged_port_start=80
+
+Notably, this could be required when encountering errors such as the following when invoking ``bin/birdhouse compose up -d``.
+
+.. code-block:: text
+    Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint proxy
+
+.. warning::
+    Using the ``sysctl`` call grants access to any user able to interact with the machine's IP which could cause security concerns.
+    Developers should decide whether this approach suits their needs, or if other solutions should be explored.
+    However, alternatives (some shown below) have not been fully tested and therefore provide no guarantee to work out of the box
+    with the current deployment configurations and utilities.
+
+.. todo::
+    Evaluate alternative strategies to limit ports exposure.
+
+.. code-block:: shell
+    sudo setcap cap_net_bind_service=ep $(which rootlesskit)
+
+.. code-block:: shell
+    sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
+
 Development and testing
 -----------------------
 
@@ -378,7 +416,7 @@ To run the tests:
 
 Some tests require internet access (to access JSON schemas used to validate
 JSON structure). If you need to run tests offline, you can skip the tests that
-require internet access by using the `-k 'not online'` pytest option.
+require internet access by using the ``-k 'not online'`` pytest option.
 
 Alternatively, testing-related targets are available via the `Makefile <../Makefile>`_: