ASGI support for the Tartiflette GraphQL engine

tartiflette

Last update: Dec 27, 2022

Related tags

GraphQL python graphql http async websocket asgi starlette

Overview

tartiflette-asgi is a wrapper that provides ASGI support for the Tartiflette Python GraphQL engine.

It is ideal for serving a GraphQL API over HTTP, or adding a GraphQL API endpoint to an existing ASGI application (e.g. FastAPI, Starlette, Quart, etc).

Full documentation is available at: https://tartiflette.github.io/tartiflette-asgi

Requirements

tartiflette-asgi is compatible with:

Python 3.6, 3.7 or 3.8.
Tartiflette 1.x.

Quickstart

First, install Tartiflette's external dependencies, as explained in the Tartiflette tutorial.

Then, you can install Tartiflette and tartiflette-asgi using pip:

pip install tartiflette "tartiflette-asgi==0.*"

You'll also need an ASGI web server. We'll use Uvicorn here:

pip install uvicorn

Create an application that exposes a TartifletteApp instance:

from tartiflette import Resolver
from tartiflette_asgi import TartifletteApp

@Resolver("Query.hello")
async def hello(parent, args, context, info):
    name = args["name"]
    return f"Hello, {name}!"

sdl = "type Query { hello(name: String): String }"
app = TartifletteApp(sdl=sdl, path="/graphql")

Save this file as graphql.py, then start the server:

uvicorn graphql:app

Make an HTTP request containing a GraphQL query:

curl http://localhost:8000/graphql -d '{ hello(name: "Chuck") }' -H "Content-Type: application/graphql"

You should get the following JSON response:

{ "data": { "hello": "Hello, Chuck!" } }

To learn more about using tartiflette-asgi, head to the documentation: https://tartiflette.github.io/tartiflette-asgi

Contributing

Want to contribute? Awesome! Be sure to read our Contributing guidelines.

Changelog

Changes to this project are recorded in the changelog.

License

MIT

Comments

`tartiflette-starlette` vs `tartiflette-aiohttp`

Both tartiflette-starlette and tartiflette-aiohttp pursue the same goal: provide an HTTP transport layer for Tartiflette.

Currently, the Tartiflette docs and repo officially recommend tartiflette-aiohttp.

While I think tartiflette-aiohttp is pretty cool, I have some doubts about its potential as far as integrating into other systems. It seems to me aiohttp applications are "proprietary" and don't rely on a widely accepted standard (maybe I'm wrong, please correct me if that's the case). On the other hand, ASGI is now a standard — it's used everywhere in the Python async web ecosystem and it allows libraries to integrate with one another using a single unified language.

For this reason, I would be fine with (if not in favor of) gradually shifting to tartiflette-starlette as the official recommendation for Tartiflette-over-HTTP — once it reaches a stable enough state.

If we were to do this, I think we should reconsider the decision we took to rename it from tartiflette-asgi (see #4). IMO this name (tartiflette-asgi) better reflects why this library was built and why users would want to use it, instead of how it achieves that goal (i.e. using Starlette).

@tsunammis @abusi Happy to discuss this with you!
question

opened by florimondmanca 11
Tartiflette 0.12 compatibility
Problem description

Note: tartiflette-starlette is currently pinned to tartiflette<0.11.

I noticed that Tartiflette 0.11 was out, and there are a few changes.

The major one I see is that engine creation is now asynchronous and must be done via create_engine().

This means that the current engine parameter to TartifletteApp() isn't appropriate anymore, because we can't create a raw Engine anymore (at least not in a sync context which is typically where the app is registered).

Alternatives

First, options previously delegated to Engine must now be handled by TartifletteApp. This can be done in two ways:

Create new keyword parameters on TartifletteApp (similar to what tartiflette-aiohttp currently does things), store them and then pass them to create_engine().

Provide an Engine helper and pass its kwargs down to create_engine().

Supported keyword arguments should be at least sdl, schema_name and modules (IMO). Supporting all those supported by create_engine() would be best.

I personally prefer 2) because it keeps things organized and is more explicit/IDE-friendly.

Next, we're going to have to defer engine creation/"cooking" to when the app starts up. This can be implemented with Starlette's Lifespan helper.

Additional context

0.11 (Changelog)

https://tartiflette.io/docs/api/engine

enhancement maintenance dependencies
opened by florimondmanca 8
Documentation site

All documentation for this package currently lives in the README of this repo. I think it's okay, but READMEs tend to be hard to read and navigate as soon as you have more than an installation/quickstart/learn more structure.

I'm considering building a simple docs site with MkDocs. It recently acquired autodoc features, which I think is an extra nice thing to have/try out.

We can setup MkDocs independently, and then see if we add the current docs or review them first before deploying the new docs site.

The only unknown here is hosting. GitHub Pages seems like a sensible solution (in particular because MkDocs has built-in support for deploying to GitHub Pages).

@tsunammis / @abusi Are we OK with hosting the docs site at https://tartiflette.github.io/tartiflette-asgi? I don't think there's any setup or steps required on your side, just making sure the Tartiflette org doesn't already have a docs hosting solution in place.
docs

opened by florimondmanca 7

issues running example

I am trying to get the example set up in react-example, but am running into some issues.

When running the example tartiflette app, I get:

>> uvicorn server.asgi:app --reload
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
INFO: Started reloader process [13587]
Process SpawnProcess-1:
Traceback (most recent call last):
  File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
    self.run()
  File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
    self._target(*self._args, **self._kwargs)
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/uvicorn/main.py", line 304, in run
    loop.run_until_complete(self.serve(sockets=sockets))
  File "uvloop/loop.pyx", line 1451, in uvloop.loop.Loop.run_until_complete
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/uvicorn/main.py", line 311, in serve
    config.load()
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/uvicorn/config.py", line 179, in load
    self.loaded_app = import_from_string(self.app)
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/uvicorn/importer.py", line 20, in import_from_string
    module = importlib.import_module(module_str)
  File "/usr/lib/python3.7/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
  File "<frozen importlib._bootstrap>", line 983, in _find_and_load
  File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 728, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "./server/asgi.py", line 2, in <module>
    from .app import app
  File "./server/app.py", line 3, in <module>
    from tartiflette_starlette import TartifletteApp
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/tartiflette_starlette/__init__.py", line 1, in <module>
    from .app import TartifletteApp
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/tartiflette_starlette/app.py", line 5, in <module>
    from .graphql import GraphQLHandler
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/tartiflette_starlette/graphql.py", line 18, in <module>
    with open(os.path.join(CURDIR, "graphiql.html")) as tpl_file:
FileNotFoundError: [Errno 2] No such file or directory: '/home/csmith/git/react-example/venv/lib/python3.7/site-packages/tartiflette_starlette/graphiql.html'

I add the graphiql.html file by copying and pasting its contents.

Then I get:

>> uvicorn server.asgi:app --reload
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
INFO: Started reloader process [13898]
Process SpawnProcess-1:
Traceback (most recent call last):
  File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
    self.run()
  File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
    self._target(*self._args, **self._kwargs)
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/uvicorn/main.py", line 304, in run
    loop.run_until_complete(self.serve(sockets=sockets))
  File "uvloop/loop.pyx", line 1451, in uvloop.loop.Loop.run_until_complete
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/uvicorn/main.py", line 311, in serve
    config.load()
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/uvicorn/config.py", line 179, in load
    self.loaded_app = import_from_string(self.app)
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/uvicorn/importer.py", line 20, in import_from_string
    module = importlib.import_module(module_str)
  File "/usr/lib/python3.7/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1006, in _gcd_import
  File "<frozen importlib._bootstrap>", line 983, in _find_and_load
  File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 677, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 728, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "./server/asgi.py", line 5, in <module>
    configure(app, settings)
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/bocadillo/config.py", line 102, in configure
    plugin(app)
  File "/home/csmith/git/react-example/venv/lib/python3.7/site-packages/bocadillo/plugins.py", line 46, in use_providers
    app.on("startup", STORE.enter_session)
AttributeError: 'TartifletteApp' object has no attribute 'on'
INFO: Stopping reloader process [13898]

Output of pip freeze:

aiodine==1.2.5
bocadillo==0.15.0
certifi==2019.3.9
cffi==1.12.3
chardet==3.0.4
Click==7.0
h11==0.8.1
httptools==0.0.13
idna==2.8
Jinja2==2.10.1
lark-parser==0.6.4
MarkupSafe==1.1.1
pkg-resources==0.0.0
pycparser==2.19
python-multipart==0.0.5
pytz==2019.1
requests==2.21.0
six==1.12.0
starlette==0.12.0b3
tartiflette==0.8.9
tartiflette-starlette==0.1.0
typesystem==0.2.2
urllib3==1.24.2
uvicorn==0.7.0
uvloop==0.12.2
websockets==7.0
whitenoise==4.1.2

bug

opened by cs01 7

Release 0.11.0
0.11.0 - 2021-08-27

Added

Add official compatibility with Tartiflette 1.4.x. (Pull #153)

Changed

Update dependency on Starlette to 0.16.*. (Pull #154)

Refactor internal subscription streams (Pull #156)

Update httpx requirement to 0.19.* (Pull #159)
opened by aljinovic 6
Adapt Starlette doc usage according starlette v13

As far I understand, route decorator is on the way to be deprecated.

I have seen that starlette is freezed at starlette>=0.12,<0.13 hope this helps on the way to move ahead !
docs

opened by petrus-v 6
Incompatibility with Starlette 0.13

As demonstrated by #99, Starlette 0.13 was recently released and contains changes that break compatibility with tartiflette-asgi.

In particular, the (undocumented) Lifespan component was removed from starlette.routing, and the corresponding features were merged into Router, e.g. router.add_event_handler(...). (See: https://github.com/encode/starlette/pull/704)

We already use Router internally, so the fix would be to use the new methods on Router instead of the Lifespan component.

We could maintain backwards-compatibility with Starlette 0.12, but I'm not really for it (these are alpha/beta times, users should expect things to break).

So let's fix this and release in the next minor version. :+1:
bug good first issue dependencies

opened by florimondmanca 5
Internal Server Error when receiving invalid JSON.

When receiving invalid JSON and content type is "application/json" tartiflette-starlette returns a 500. This catches decode errors and now returns a 400.

opened by AutumnalDream 5

Graphiql broken in quickstart tutorial

Following the quickstart guide and navigating to http://localhost:8000 results in Graphiql crashing - it gets stuck on "Loading". The javascript error is as follows:

Uncaught DOMException: Failed to construct 'WebSocket': The URL 'ws://localhost:8000None' is invalid.
    at SubscriptionClient.connect (https://cdn.jsdelivr.net/npm/[email protected]/browser/client.js:1571:23)
    at new SubscriptionClient (https://cdn.jsdelivr.net/npm/[email protected]/browser/client.js:1314:18)
    at http://localhost:8000/:150:35

bug good first issue

opened by mikeyjkmo 5

Add support for starlette 0.16

Closed #157

Update requirements to support starlette 1.6. Type checks are failing, but are resolved in #150.

Minor adjustment required for test, due to the starlette 1.5 release: https://github.com/encode/starlette/releases/tag/0.15.0

TestClient.websocket_connect() now must be used as a context manager.

opened by siopaonow 4
Update tartiflette requirement from <1.3,>=1.0 to >=1.0,<1.4
Updates the requirements on tartiflette to permit the latest version.

Release notes

Sourced from tartiflette's releases.

1.3.0

[1.3.0] - 2020-12-08

Added

Setup a CodeQL analysis Github Action

ISSUE-457 - Add a coerce_list_concurrently parameter to create_engine, Engine.__init__ & Engine.cook to control whether or not output list should be coerced concurrently

ISSUE-457 - Add a concurrently parameter to both @Resolver & @Subscription in order to control whether or not the output list of the decorated field should be coerced concurrently

Fixed

Fix link issue on 1.2.0 changelog (thanks @mkniewallner)

Fix year reference for 1.2.0 changelog (thanks @garyd203)

Improve documentation (thanks @dkbarn)

Fix README.md typo (thanks @mazzi)

Add clarification on the breaking change on output list coercion introduced with the 1.2.0 version (thanks @garyd203)

ISSUE-457 - Output list are now coerced concurrently by default (breaking the change made on 1.2.0)

Changed

Upgrade black from 19.10b0 to 20.8b1

Upgrade isort from 4.3.21 to 5.6.4

Upgrade lark-parser from 0.8.5 to 0.11.1

Upgrade pylint from 2.5.2 to 2.6.0

Upgrade pytest-asyncio from 0.12.0 to 0.14.0

Upgrade pytest-cov from 2.8.1 to 2.10.1

Upgrade pytest-xdist from 1.32.0 to 2.1.0

Upgrade pytest from 5.4.1 to 6.1.2

Changelog

Sourced from tartiflette's changelog.

Tartiflette Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased]

Next

[Released]

[1.x.x]

[1.3.x]

1.3.0 - 2020-12-08

[1.2.x]

1.2.1 - 2020-05-06

1.2.0 - 2020-04-30

[1.1.x]

1.1.3 - 2020-02-18

1.1.2 - 2020-02-05

1.1.1 - 2019-10-10

1.1.0 - 2019-10-03

[1.0.x]

1.0.0 - 2019-09-20

[0.x.x]

[0.12.x]

0.12.5 - 2019-08-30

0.12.4 - 2019-08-08

0.12.3 - 2019-07-23

0.12.2 - 2019-07-18

0.12.1 - 2019-07-17

0.12.0 - 2019-07-03

[0.11.x] Brand new plugin approach (featured at the GraphQL Conf 2019)

0.11.2 - 2019-06-28

0.11.1 - 2019-06-18

0.11.0 - 2019-06-17

[0.10.x]

0.10.2 - 2019-06-11

0.10.1 - 2019-06-07

0.10.0 - 2019-05-13

[0.9.x]

0.9.0 - 2019-04-30

[0.8.x]

0.8.9 - 2019-04-23

0.8.8 - 2019-04-19

0.8.7 - 2019-04-18

0.8.6 - 2019-04-17

0.8.5 - 2019-04-16

Commits

20cb0d6 Merge pull request #460 from tartiflette/mra/release-1.3.0

0bea41e chore(setup): bump package version and update changelogs

2b544b1 doc: update the documentation to reflect changes made on output list coerce

b6f37d0 Merge pull request #459 from tartiflette/dependabot/pip/lark-parser-0.11.1

397feb5 Merge pull request #458 from tartiflette/ISSUE-457

4a86953 feat(coercer): handle list sequentially/concurrently coerced at engine level

ca81a38 chore(deps): bump lark-parser from 0.10.1 to 0.11.1

2a1142a feat(coercer): handle list sequentially/concurrently coerced at decorators level

fcdefb3 Merge pull request #455 from tartiflette/dependabot/pip/pytest-6.1.2

f2bfcd5 chore(deps-dev): bump pytest from 6.1.0 to 6.1.2

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 4
Bump black from 22.3.0 to 22.12.0
Bumps black from 22.3.0 to 22.12.0.

Release notes

Sourced from black's releases.

22.12.0

Preview style

Enforce empty lines before classes and functions with sticky leading comments (#3302)

Reformat empty and whitespace-only files as either an empty file (if no newline is present) or as a single newline character (if a newline is present) (#3348)

Implicitly concatenated strings used as function args are now wrapped inside parentheses (#3307)

Correctly handle trailing commas that are inside a line's leading non-nested parens (#3370)

Configuration

Fix incorrectly applied .gitignore rules by considering the .gitignore location and the relative path to the target file (#3338)

Fix incorrectly ignoring .gitignore presence when more than one source directory is specified (#3336)

Parser

Parsing support has been added for walruses inside generator expression that are passed as function args (for example, any(match := my_re.match(text) for text in texts)) (#3327).

Integrations

Vim plugin: Optionally allow using the system installation of Black via let g:black_use_virtualenv = 0(#3309)

22.10.0

Highlights

Runtime support for Python 3.6 has been removed. Formatting 3.6 code will still be supported until further notice.

Stable style

Fix a crash when # fmt: on is used on a different block level than # fmt: off (#3281)

Preview style

... (truncated)

Changelog

Sourced from black's changelog.

22.12.0

Preview style

Enforce empty lines before classes and functions with sticky leading comments (#3302)

Reformat empty and whitespace-only files as either an empty file (if no newline is present) or as a single newline character (if a newline is present) (#3348)

Implicitly concatenated strings used as function args are now wrapped inside parentheses (#3307)

Correctly handle trailing commas that are inside a line's leading non-nested parens (#3370)

Configuration

Fix incorrectly applied .gitignore rules by considering the .gitignore location and the relative path to the target file (#3338)

Fix incorrectly ignoring .gitignore presence when more than one source directory is specified (#3336)

Parser

Parsing support has been added for walruses inside generator expression that are passed as function args (for example, any(match := my_re.match(text) for text in texts)) (#3327).

Integrations

Vim plugin: Optionally allow using the system installation of Black via let g:black_use_virtualenv = 0(#3309)

22.10.0

Highlights

Runtime support for Python 3.6 has been removed. Formatting 3.6 code will still be supported until further notice.

Stable style

Fix a crash when # fmt: on is used on a different block level than # fmt: off (#3281)

... (truncated)

Commits

2ddea29 Prepare release 22.12.0 (#3413)

5b1443a release: skip bad macos wheels for now (#3411)

9ace064 Bump peter-evans/find-comment from 2.0.1 to 2.1.0 (#3404)

19c5fe4 Fix CI with latest flake8-bugbear (#3412)

d4a8564 Bump sphinx-copybutton from 0.5.0 to 0.5.1 in /docs (#3390)

2793249 Wordsmith current_style.md (#3383)

d97b789 Remove whitespaces of whitespace-only files (#3348)

c23a5c1 Clarify that Black runs with --safe by default (#3378)

8091b25 Correctly handle trailing commas that are inside a line's leading non-nested ...

ffaaf48 Compare each .gitignore found with an appropiate relative path (#3338)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Add CodeQL workflow for GitHub code scanning
Hi tartiflette/tartiflette-asgi!

This is a one-off automatically generated pull request from LGTM.com :robot:. You might have heard that we’ve integrated LGTM’s underlying CodeQL analysis engine natively into GitHub. The result is GitHub code scanning!

With LGTM fully integrated into code scanning, we are focused on improving CodeQL within the native GitHub code scanning experience. In order to take advantage of current and future improvements to our analysis capabilities, we suggest you enable code scanning on your repository. Please take a look at our blog post for more information.

This pull request enables code scanning by adding an auto-generated codeql.yml workflow file for GitHub Actions to your repository — take a look! We tested it before opening this pull request, so all should be working :heavy_check_mark:. In fact, you might already have seen some alerts appear on this pull request!

Where needed and if possible, we’ve adjusted the configuration to the needs of your particular repository. But of course, you should feel free to tweak it further! Check this page for detailed documentation.

Questions? Check out the FAQ below!

FAQ

Click here to expand the FAQ section

How often will the code scanning analysis run?

By default, code scanning will trigger a scan with the CodeQL engine on the following events:

On every pull request — to flag up potential security problems for you to investigate before merging a PR.

On every push to your default branch and other protected branches — this keeps the analysis results on your repository’s Security tab up to date.

Once a week at a fixed time — to make sure you benefit from the latest updated security analysis even when no code was committed or PRs were opened.

What will this cost?

Nothing! The CodeQL engine will run inside GitHub Actions, making use of your unlimited free compute minutes for public repositories.

What types of problems does CodeQL find?

The CodeQL engine that powers GitHub code scanning is the exact same engine that powers LGTM.com. The exact set of rules has been tweaked slightly, but you should see almost exactly the same types of alerts as you were used to on LGTM.com: we’ve enabled the security-and-quality query suite for you.

How do I upgrade my CodeQL engine?

No need! New versions of the CodeQL analysis are constantly deployed on GitHub.com; your repository will automatically benefit from the most recently released version.

The analysis doesn’t seem to be working

If you get an error in GitHub Actions that indicates that CodeQL wasn’t able to analyze your code, please follow the instructions here to debug the analysis.

How do I disable LGTM.com?

If you have LGTM’s automatic pull request analysis enabled, then you can follow these steps to disable the LGTM pull request analysis. You don’t actually need to remove your repository from LGTM.com; it will automatically be removed in the next few months as part of the deprecation of LGTM.com (more info here).

Which source code hosting platforms does code scanning support?

GitHub code scanning is deeply integrated within GitHub itself. If you’d like to scan source code that is hosted elsewhere, we suggest that you create a mirror of that code on GitHub.

How do I know this PR is legitimate?

This PR is filed by the official LGTM.com GitHub App, in line with the deprecation timeline that was announced on the official GitHub Blog. The proposed GitHub Action workflow uses the official open source GitHub CodeQL Action. If you have any other questions or concerns, please join the discussion here in the official GitHub community!

I have another question / how do I get in touch?

Please join the discussion here to ask further questions and send us suggestions!
opened by lgtm-com[bot] 0
Update httpx requirement from ==0.21.* to ==0.23.*
Updates the requirements on httpx to permit the latest version.

Release notes

Sourced from httpx's releases.

Version 0.23.0

0.23.0 (23rd May, 2022)

Changed

Drop support for Python 3.6. (#2097)

Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

Fix URL.copy_with for some oddly formed URL cases. (#2185)

Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)

Fix console markup escaping in command line client. (#1866)

When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)

Ensure that iter_bytes never yields zero-length chunks. (#2068)

Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)

When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)

Fix display of --proxies argument in the command line client help. (#2125)

Close responses when task cancellations occur during stream reading. (#2156)

Fix type error on accessing .request on HTTPError exceptions. (#2158)

Changelog

Sourced from httpx's changelog.

0.23.0 (23rd May, 2022)

Changed

Drop support for Python 3.6. (#2097)

Use utf-8 as the default character set, instead of falling back to charset-normalizer for auto-detection. To enable automatic character set detection, see the documentation. (#2165)

Fixed

Fix URL.copy_with for some oddly formed URL cases. (#2185)

Digest authentication should use case-insensitive comparison for determining which algorithm is being used. (#2204)

Fix console markup escaping in command line client. (#1866)

When files are used in multipart upload, ensure we always seek to the start of the file. (#2065)

Ensure that iter_bytes never yields zero-length chunks. (#2068)

Preserve Authorization header for redirects that are to the same origin, but are an http-to-https upgrade. (#2074)

When responses have binary output, don't print the output to the console in the command line client. Use output like <16086 bytes of binary data> instead. (#2076)

Fix display of --proxies argument in the command line client help. (#2125)

Close responses when task cancellations occur during stream reading. (#2156)

Fix type error on accessing .request on HTTPError exceptions. (#2158)

0.22.0 (26th January, 2022)

Added

Support for the SOCKS5 proxy protocol via the socksio package. (#2034)

Support for custom headers in multipart/form-data requests (#1936)

Fixed

Don't perform unreliable close/warning on __del__ with unclosed clients. (#2026)

Fix Headers.update(...) to correctly handle repeated headers (#2038)

0.21.3 (6th January, 2022)

Fixed

Fix streaming uploads using SyncByteStream or AsyncByteStream. Regression in 0.21.2. (#2016)

0.21.2 (5th January, 2022)

Fixed

HTTP/2 support for tunnelled proxy cases. (#2009)

Improved the speed of large file uploads. (#1948)

0.21.1 (16th November, 2021)

Fixed

The response.url property is now correctly annotated as URL, instead of Optional[URL]. (#1940)

... (truncated)

Commits

89cdd90 Version 0.23.0 (#2214)

1c33a28 Make charset auto-detection optional. (#2165)

940d61b Removed curio from async.md (#2240)

14a1704 Switch to explicit typing.Optional throughout (#2096)

9673a35 Drop async_generator requirement (#2228)

5eba32a Remove RequestBodyUnavailable from module docstring (#2226)

6f31bc4 Bump mkdocs-material from 8.1.4 to 8.2.14 (#2218)

c5eb4b8 Bump cryptography from 36.0.2 to 37.0.2 (#2217)

1a526cf Bump actions/checkout from 2 to 3 (#2216)

7a53543 Bump actions/setup-python from 1 to 3 (#2215)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0

aclose() exception in Uvicorn when subscription running

After less than 30 seconds of subscribing the Tartiflette ASGI implementation blows up with an exception.

I see this both with Altair and with a simple Python graphql_client-based client, so pretty sure this is Tartiflette not the client. The platform is Ubuntu focal, Python 3.8.12, with:

tartiflette==1.4.1
tartiflette-asgi==0.11.0
uvicorn==0.15.0
websockets==9.1

Note same issue also observed with uvicorn 0.17.0-post1 and websockets 10.1, though the error recovery appears a bit more graceful with the newer versions.

This is quite critical for us as our backend is all based on Tartiflette, and I cannot switch to another GraphQL server implementation due to core library conflicts with another major library in our stack.

2022-01-26 20:48:51,050 [Thread-7] - uvicorn.error - ERROR - Exception in ASGI application
Traceback (most recent call last):
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/uvicorn/protocols/websockets/websockets_impl.py", line 203, in run_asgi
    result = await self.app(self.scope, self.asgi_receive, self.asgi_send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/uvicorn/middleware/proxy_headers.py", line 75, in __call__
    return await self.app(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette/applications.py", line 112, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette/middleware/errors.py", line 146, in __call__
    await self.app(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette_exporter/middleware.py", line 101, in __call__
    await self.app(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette/exceptions.py", line 58, in __call__
    await self.app(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette/routing.py", line 656, in __call__
    await route.handle(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette/routing.py", line 408, in handle
    await self.app(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/tartiflette_asgi/_app.py", line 90, in __call__
    await self.app(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/tartiflette_asgi/_middleware.py", line 14, in __call__
    await self.app(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette/routing.py", line 656, in __call__
    await route.handle(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette/routing.py", line 315, in handle
    await self.app(scope, receive, send)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/starlette/endpoints.py", line 76, in dispatch
    await self.on_disconnect(websocket, close_code)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/tartiflette_asgi/_endpoints.py", line 116, in on_disconnect
    await self.protocol.on_disconnect(close_code)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/tartiflette_asgi/_subscriptions/impl.py", line 25, in on_disconnect
    await super().on_disconnect(close_code)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/tartiflette_asgi/_subscriptions/protocol.py", line 164, in on_disconnect
    await self._unsubscribe(opid)
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/tartiflette_asgi/_subscriptions/protocol.py", line 101, in _unsubscribe
    await subscription.aclose()
  File "/workspaces/serenity.core/venv/lib/python3.8/site-packages/tartiflette_asgi/_subscriptions/protocol.py", line 36, in aclose
    await self._agen.aclose()
RuntimeError: aclose(): asynchronous generator is already running

opened by kdowney-cloudwallcapital 0

Update pyee requirement from <8,>=6 to >=6,<10
Updates the requirements on pyee to permit the latest version.

Changelog

Sourced from pyee's changelog.

2022/01/18 Version 9.0.3

Improve type safety of EventEmitter#on, EventEmitter#add_listener and EventEmitter#listens_to by parameterizing the Handler

Minor fixes to documentation

2022/01/17 Version 9.0.2

Add tests_require to setup.py, fixing COPR build

Install as an editable package in environment.yml and requirements_docs.txt, fixing Conda workflows and ReadTheDocs respectively

2022/01/17 Version 9.0.1

Fix regression where EventEmitter#listeners began crashing when called with uninitialized listeners

2022/01/17 Version 9.0.0

Compatibility:

Drop 3.6 support

New features:

New EventEmitter.event_names() method (see PR #96)

Type annotations and type checking with pyright

Exprimental pyee.cls module exposing an @evented class decorator and a @on method decorator (see PR #84)

Moved/deprecated interfaces:

pyee.TwistedEventEmitter -> pyee.twisted.TwistedEventEmitter

pyee.AsyncIOEventEmitter -> pyee.asyncio.AsyncIOEventEmitter

pyee.ExecutorEventEmitter -> pyee.executor.ExecutorEventEmitter

pyee.TrioEventEmitter -> pyee.trio.TrioEventEmitter

Removed interfaces:

pyee.CompatEventEmitter

Documentation fixes:

Add docstring to BaseEventEmitter

Update docstrings to reference EventEmitter instead of BaseEventEmitter

... (truncated)

Commits

94a6d54 Release 9.0.3

d009957 Add a type parameter for Handler in on/add_listener/listens_to (#107)

8fc4276 Docs fixes

777bf44 Release 9.0.2

f5c9312 Add tests_require field (might fix COPR build?)

4d67d8a Minor fixes to environment.yml

b5df2d3 Make RTD install pyee itself

1abfc06 Release 9.0.1

794a201 fix: EventEmitter.listeners() should not throw on unknown listeners (#104)

aee3da9 Add requirements_docs.txt file for RTDs benefit

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependencies
opened by dependabot[bot] 0
Add support for GraphQL Multipart Uploads
Wondering if it would be in the scope of this library support for GraphQL Multipart Uploads as per: https://github.com/jaydenseric/graphql-multipart-request-spec? More than happy to give writing an implementation a go and submittined a PR.

Reference Python implementations:

https://github.com/strawberry-graphql/strawberry

https://github.com/lmcgartland/graphene-file-upload

enhancement
opened by siopaonow 5

Releases(0.12.0)

0.12.0(May 13, 2022)
0.12.0 - 2022-05-13

Added

Add support for variables in query parameters. (Pull #176)

Source code(tar.gz)
Source code(zip)

ASGI support for the Tartiflette GraphQL engine

Related tags

Overview

Requirements

Quickstart

Contributing

Changelog

License

Comments

0.11.0 - 2021-08-27

Added

Changed

1.3.0

[1.3.0] - 2020-12-08

Added

Fixed

Changed

Tartiflette Changelog

[Unreleased]

[Released]

22.12.0

Preview style

Configuration

Parser

Integrations

22.10.0

Highlights

Stable style

Preview style

22.12.0

Preview style

Configuration

Parser

Integrations

22.10.0

Highlights

Stable style

FAQ

How often will the code scanning analysis run?

What will this cost?

What types of problems does CodeQL find?

How do I upgrade my CodeQL engine?

The analysis doesn’t seem to be working

How do I disable LGTM.com?

Which source code hosting platforms does code scanning support?

How do I know this PR is legitimate?

I have another question / how do I get in touch?

Version 0.23.0

0.23.0 (23rd May, 2022)

Changed

Fixed

0.23.0 (23rd May, 2022)

Changed

Fixed

0.22.0 (26th January, 2022)

Added

Fixed

0.21.3 (6th January, 2022)

Fixed

0.21.2 (5th January, 2022)

Fixed

0.21.1 (16th November, 2021)

Fixed

2022/01/18 Version 9.0.3

2022/01/17 Version 9.0.2

2022/01/17 Version 9.0.1

2022/01/17 Version 9.0.0

Releases(0.12.0)

0.12.0(May 13, 2022)

0.12.0 - 2022-05-13

Added

Owner

tartiflette

ASGI support for the Tartiflette GraphQL engine

ASGI support for the Tartiflette GraphQL engine

A Python 3.6+ port of the GraphQL.js reference implementation of GraphQL.

GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations

This is a graphql api build using ariadne python that serves a graphql-endpoint at port 3002 to perform language translation and identification using deep learning in python pytorch.

A Django GraphQL Starter that uses graphene and graphene_django to interface GraphQL.

MGE-GraphQL is a Python library for building GraphQL mutations fast and easily