Updated files and patched dependencies

[carloscumpian]

Changes:

Python 3.12 Upgrade ✅

• Upgraded from Python 3.9.21 to Python 3.12.12
  • Dockerfiles/Dockerfile.dss
  • .travis.yml
  • Pipfile
• Fixed async/await syntax (removed deprecated @asyncio.coroutine)
  • detect_secrets_stream/scan_worker/app.py
  • detect_secrets_stream/scan_worker/diffscanworker.py
• Updated 26+ packages for CVE fixes
  • Pipfile
  • Dockerfiles/Dockerfile.dss
• All services running with Python 3.12
  • tested w/ steps in: https://github.com/IBM/detect-secrets-stream/tree/main/kustomize_envs/dev#local-end-2-end-test

Package Updates ✅

• Pipfile
  • ibm-db: 3.2.6 → 3.2.7
  • gevent: 23.9.1 → 24.11.1
  • pipenv: 2018.11.26 → 2024.4.0
  • dss: 0.13.1+ibm.62.dss → 0.13.1+ibm.64.dss
• detect-secrets pre-commit: 0.13.1+ibm.55.dss → 0.13.1+ibm.64.dss

Platform Compatibility ✅

• ⚠️ Added FROM --platform=linux/amd64 to Dockerfile (We can remove this for testing in .travis.yml and GHA as I don't think its needed outside of local tests due to M1/M2 chips)
  • Resolves ibm-db Linux ARM64 incompatibility
  • Works on Mac M1/M2 (via Rosetta 2), Travis CI, GitHub Actions, and production

Deployment Verification ✅

• All 5 pods running (gd-ingest, gd-revoker, postgres, scan-worker, vault)
• Container structure tests: PASSED (2/2)
• Health checks: All services operational
• Vault: Initialized, unsealed, read/write working
• Port forwarding: Active on all services

Pre-commit Hook Fixed ✅

• Updated .pre-commit-config.yaml to use detect-secrets 0.13.1+ibm.64.dss
• Version warning eliminated
• Pre-commit hooks working correctly

Vault Configuration ✅

• sleep 3 kept in vault_init.sh - was timing out when testing, but should be able to be removed if needed (only 3 secs)
• added echos for testing, but can also be removed if not wanted/needed

Documentation ✅

• Updated kustomize_envs/dev/README.md with additional testing procedures
• Added verification commands for all services

[carloscumpian]

.flake8 - added ignore = E231,E126,E223,E226,E241,E272,E702,W503,W504,N818 since it was giving out errors about whitespace that wasn't needed.

example https:// it was giving warning due it wanting a space between : and /

[carloscumpian]

• added an exclude to org_set_controller_test.py under hooks: id: add-trailing comma since it was trying to add a comma that wasn't needed

[carloscumpian]

• added --platform=linux/amd64 - this was mostly due to a local issue I was having - doesn't seem that it hurts Travis/GHA, but from looking around we can take it off since it should build with either one
• added python3-dev libev-dev libc-ares-dev && \ - newer version of gevent needed additional packages, but haven't tested removing them
• added RUN PIP_USER=1 PIP_IGNORE_INSTALLED=1 pip install certifi==2024.12.14 typing-extensions==4.12.2 packaging==24.2 zope.interface==7.2 zope.event==5.0
  The above packages were being skipping when going through line 30

[carloscumpian]

Added double quotes due to Travis CI complaining about them
The hook was incorrectly converting f'text {dict[\"key\"]}' to f'text {dict['key']}' which is a syntax error. The proper format is f\"text {dict['key']}\" with double quotes outside and single quotes for dict key access inside the f-string." python format doc

[carloscumpian]

same as dockerfile above, local issue with my M1 chip
buildArgs: BUILDPLATFORM: linux/amd64

[krkazmier]

as long as the local tests passed with ingesting and building, this looks good to me! i don't know how much adding linux/amd64 in places will affect this though. After this is merged these changes will need to staged against the ibm-cloud-secrets-manager branch and we can work together to do local testing for that before proceeding with creating a new release/image