OpenUpSA · jbothma · Oct 27, 2025 · Oct 27, 2025 · Oct 27, 2025 · Oct 27, 2025
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,53 @@
+name: Run Tests
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres:15
+        env:
+          POSTGRES_DB: folio_test
+          POSTGRES_USER: admin
+          POSTGRES_PASSWORD: folio-db-pass-123
+        ports:
+          - 5435:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+
+    - name: Set environment variables
+      run: |
+        echo "DB_HOST=localhost" >> $GITHUB_ENV
+        echo "DB_PORT=5434" >> $GITHUB_ENV
+        echo "DB_NAME=folio" >> $GITHUB_ENV
+        echo "DB_USER=admin" >> $GITHUB_ENV
+        echo "DB_PASSWORD=folio-db-pass-123" >> $GITHUB_ENV
+
+    - name: Run tests
+      run: |
+        pytest -v
diff --git a/README.md b/README.md
@@ -26,4 +26,37 @@ Replace `<your-host>` and `<port>` with your deployment details.
 
 ## Proxy for Overture Services SONG and SCORE
 
-This service also acts as a proxy for the Overture services SONG and SCORE, facilitating secure and authenticated access to these services through Agari-Folio's permission system.
+This service also acts as a proxy for the Overture services SONG and SCORE, facilitating secure and authenticated access to these services through Agari-Folio's permission system.
+
+## Development
+
+### Install or upgrade dependencies:
+
+(Working in a python virtual environment is recommended)
+
+```
+pip install -U  --upgrade-strategy=eager requirements.txt
+```
+
+### Running the app
+
+Configure environment variables for accessing the backing services, e.g. using a .env file or direnv.
+
+See settings.py for the variables.
+
+Run a local server with
+
+```
+python app.py
+```
+
+### Tests
+
+Run tests using pytest:
+
+```
+pytest
+```
+
+It'll discover the tests in the `test` directory, e.g. modules beginning with `test_`. Reusable fixtures are generally defined in conftest.py.
+
diff --git a/__init__.py b/__init__.py
diff --git a/app.py b/app.py
@@ -1,9 +1,10 @@
 from flask import Flask,request
 from flask_restx import Api, Resource
-from auth import KeycloakAuth, require_auth, extract_user_info, require_permission, user_has_permission
+from auth import keycloak_auth, require_auth, extract_user_info, require_permission, user_has_permission
 from permissions import PERMISSIONS
 from database import get_db_cursor, test_connection
-import os
+from routes.templates import template_ns
+from settings import OVERTURE_SONG_URL, OVERTURE_SCORE_URL, PORT
 import json
 from datetime import datetime, date
 from decimal import Decimal
@@ -24,15 +25,8 @@ def default(self, obj):
 app = Flask(__name__)
 app.json_encoder = CustomJSONEncoder
 
-song = os.getenv('OVERTURE_SONG', 'http://song.local')
-score = os.getenv('OVERTURE_SCORE', 'http://score.local')
-
-keycloak_auth = KeycloakAuth(
-    keycloak_url=os.getenv('KEYCLOAK_URL', 'http://keycloak.local'),
-    realm=os.getenv('KEYCLOAK_REALM', 'agari'),
-    client_id=os.getenv('KEYCLOAK_CLIENT_ID', 'dms'),
-    client_secret=os.getenv('KEYCLOAK_CLIENT_SECRET', 'VDyLEjGR3xDQvoQlrHq5AB6OwbW0Refc')
-)
+song = OVERTURE_SONG_URL
+score = OVERTURE_SCORE_URL
 
 app.keycloak_auth = keycloak_auth
 
@@ -46,6 +40,9 @@ def default(self, obj):
 # Configure Flask-RESTX to use our custom JSON encoder
 app.config['RESTX_JSON'] = {'cls': CustomJSONEncoder}
 
+# Register template namespace
+api.add_namespace(template_ns)
+
 ##########################
 ### INFO
 ##########################
@@ -1472,5 +1469,4 @@ def post(self, study_id, analysis_id):
 
 
 if __name__ == '__main__':
-    port = int(os.getenv('PORT', 8000))
-    app.run(debug=True, host='0.0.0.0', port=port)
+    app.run(debug=True, host='0.0.0.0', port=PORT)
diff --git a/auth.py b/auth.py
@@ -4,6 +4,7 @@
 from flask import request, jsonify, current_app
 from jwt.exceptions import InvalidTokenError, ExpiredSignatureError
 from permissions import PERMISSIONS
+from settings import KEYCLOAK_URL, KEYCLOAK_REALM, KEYCLOAK_CLIENT_ID, KEYCLOAK_CLIENT_SECRET
 
 class KeycloakAuth:
     def __init__(self, keycloak_url, realm, client_id, client_secret):
@@ -776,4 +777,12 @@ def wrapper(*args, **kwargs):
                 return {'error': 'Permission denied', 'details': details}, 403
             return f(*args, **kwargs)
         return wrapper
-    return decorator
+    return decorator
+
+
+keycloak_auth = KeycloakAuth(
+    keycloak_url=KEYCLOAK_URL,
+    realm=KEYCLOAK_REALM,
+    client_id=KEYCLOAK_CLIENT_ID,
+    client_secret=KEYCLOAK_CLIENT_SECRET
+)
diff --git a/database.py b/database.py
@@ -1,16 +1,16 @@
-import os
 import psycopg2
 from psycopg2.extras import RealDictCursor
 from contextlib import contextmanager
 import logging
+from settings import DB_HOST, DB_PORT, DB_NAME, DB_USER, DB_PASSWORD
 
 # Database configuration
 DB_CONFIG = {
-    'host': os.getenv('DB_HOST', 'localhost'),
-    'port': os.getenv('DB_PORT', '5434'),
-    'database': os.getenv('DB_NAME', 'folio'),
-    'user': os.getenv('DB_USER', 'admin'),
-    'password': os.getenv('DB_PASSWORD', 'folio-db-pass-123')
+    'host': DB_HOST,
+    'port': DB_PORT,
+    'database': DB_NAME,
+    'user': DB_USER,
+    'password': DB_PASSWORD
 }
 
 # Configure logging

diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -0,0 +1,16 @@
+version: '3.8'
+
+services:
+  postgres:
+    image: postgres:15
+    environment:
+      POSTGRES_DB: folio_test
+      POSTGRES_USER: admin
+      POSTGRES_PASSWORD: folio-db-pass-123
+    ports:
+      - "5435:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U admin -d folio_test"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
diff --git a/permissions.py b/permissions.py
@@ -21,6 +21,12 @@
     "delete_pathogen": ["system-admin"],
     "view_pathogens": [],
 
+    # Template management
+    "create_template": ["system-admin"],
+    "edit_template": ["system-admin"],
+    "delete_template": ["system-admin"],
+    "view_templates": [],
+
     # Project management
     "create_project": ["system-admin", "agari-org-owner", "agari-org-admin"],
     "edit_projects": ["system-admin", "agari-org-owner", "agari-org-admin"],

diff --git a/requirements.txt b/requirements.txt
@@ -4,4 +4,6 @@ PyJWT==2.8.0
 cryptography==45.0.7
 requests==2.32.5
 psycopg2-binary==2.9.7
-python-dotenv==1.0.0
+python-dotenv==1.0.0
+minio==7.2.0
+pytest==7.4.3