$title 'Consistency and vulnerability check for GMSPython' (GMSPYTHONCHECK,SEQ=140)

$onText
This model performs simple checks on the GMSPython
distribution shipped with GAMS regarding the package versions
of distributed files as well as the total disk size.
In addition, the conda environment used for assembling GMSPython
is checked for known vulnerabilities using pip-audit.

Contributor: Clemens Westphal, April 2020
$offText

$dropEnv PYTHONUSERBASE

* check disk size
$onEmbeddedCode Python:
import sys
import platform
import os
from importlib import metadata
def calcSize(path):
    total = 0
    for r, d, files in os.walk(path):
        if '__pycache__' in d:
            d.remove('__pycache__')
        for f in files:
            f = os.path.join(r, f)
            if not os.path.islink(f): # skip symlinks since os.path.getsize() returns the size of the file behind the link
                total += os.path.getsize(f)
    return total
$offEmbeddedCode

$onEmbeddedCode Python:
gmsPyDir = r'%gams.sysdir%GMSPython'
errors = []
if os.path.isdir(gmsPyDir):
    if platform.system() == 'Windows':
        expectedSize = 249000000
    elif platform.system() == 'Linux':
        if platform.machine() == 'x86_64':
            expectedSize = 322000000
        else:
            expectedSize = 257000000
    elif platform.system() == 'Darwin':
        if platform.machine() == 'x86_64':
            expectedSize = 331000000
        else:
            expectedSize = 220000000
    
    SizeLB = expectedSize*0.8
    SizeUB = expectedSize*1.2
    
    files = []
    for r, d, f in os.walk(gmsPyDir):
        if '__pycache__' in d:
            d.remove('__pycache__')
        files.append(f)
    files = [f for l in files for f in l]
    
    size = calcSize(gmsPyDir)
    
    if size < SizeLB or size > SizeUB:
        errors.append("Expected size of GMSPython to be between " + str(SizeLB) + " and " + str(SizeUB) + " but got " + str(size))
$offEmbeddedCode


* check redistributed packages
$onEmbeddedCode Python:
import platform
pyVersionExpected = '3.12.8'
pyVersion = str(sys.version_info.major) + '.' + str(sys.version_info.minor) + '.' + str(sys.version_info.micro)
if pyVersion != pyVersionExpected:
    errors.append("Expected Python version to be '{}', but found '{}'".format(pyVersionExpected, pyVersion))

with open(os.path.join(gmsPyDir, 'requirements.txt')) as f:
    for l in f.read().splitlines():
        try:
            m, v = l.split('==') # m=module, v=version
        except ValueError:
            m, link = map(str.strip, l.split("@")) # m=module, link=link -> e.g. numpy @ link
            v = link.split("-")[1] # e.g.: https://......./numpy-2.0.2-cp312.......
        m = m.lower()
        if m == 'et-xmlfile':
            m = 'et_xmlfile'
        elif m == 'python-dateutil':
            m = 'dateutil'
        elif m == 'pyyaml':
            m = 'yaml'
        elif m == 'sqlalchemy-access':
            m = 'sqlalchemy_access'
        elif m == 'pywin32':
            continue  # should be pywintypes, but that doesn't have __version__
        elif m == 'typing_extensions':
            continue  # doesn't have __version__
        elif m == 'tzdata':
            continue  # tzdata is a data-only package and can not be imported
        elif m == 'psycopg2-binary':
            m = 'psycopg2'

        try:
            module = __import__(m)
        except:
            errors.append("Could not import module '{}'".format(m))
        else:
            if m == 'pyodbc':
                mod_version = module.version
            elif m == 'markupsafe':
                mod_version = metadata.version(m)
            elif m == 'pymysql': # __version__ differs from VERSION
                mod_version = '.'.join([str(i) for i in module.VERSION][:3])
            else:
                mod_version = module.__version__
            if m == 'psycopg2': # '2.9.3 (dt dec pq3 ext lo64)' -> '2.9.3'
                mod_version = mod_version.split(' ')[0]
            if v != mod_version:
                errors.append("Expected '{}' version to be '{}', but found '{}'".format(m, v, mod_version))
$offEmbeddedCode


* Report errors regarding disk size or packages
$onEmbeddedCode Python:
if errors:
    gams.printLog("\nErrors:")
    for e in errors:
        gams.printLog(e)
    raise Exception("Errors have occurred. See the list above.")
$offEmbeddedCode

* Run pip-audit to check conda environment (gmspython) used for assembling GMSPython for vulnerabilities
* skip if no miniconda
$if not setenv MINICONDA $exit
* skip if not building master or distXX and FORCEPIPAUDIT not set
$if not setenv FORCEPIPAUDIT $if not %sysenv.GBRANCHNAME% == master $if not %sysenv.GBRANCHNAME% == dist%sysenv.GVERSIONMAJOR% $exit
* Default behavior for Python warnings to avoid conda warnings
$dropEnv PYTHONWARNINGS
$onEcho > run_pip_audit.sh
fail=0
unset PYTHONUSERBASE
eval "$($MINICONDA shell.bash hook)"
env=gmspython
[ -d ${GPORTBIN}/condaenvs/$env ] || exit 0
conda activate ${GPORTBIN}/condaenvs/$env
PYTHONUSERBASE=${GPORTBIN}/condaenvs/pythonuserbase/$env pip install pip-audit==2.7.3 --no-warn-script-location --user > /dev/null 2>&1 || { echo "Problems installing pip-audit in conda environment ${env}" ; exit 1; }
python -m pip_audit --cache-dir ./pip_audit_cache/$env --verbose > pip_audit.log 2>&1
let "fail = $?"
conda deactivate
conda deactivate
cp pip_audit.log "${GTESTDIR}/${MODTESTDIR}/pip_audit.log"
if grep -i 'Dependency not found' pip_audit.log | grep -v -i 'gamsapi'; then
    let "fail = 1"
fi
exit $fail
$offEcho

$call chmod +x ./run_pip_audit.sh
$call bash ./run_pip_audit.sh
$ifE errorlevel<>0 $abort "Failures running pip-audit. Inspect pip_audit.log for details."