Skip to content

Use read-only SQLite connection for Flask app #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Ulthran wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Use read-only SQLite connection for Flask app #59

Ulthran wants to merge 1 commit into from

Conversation

@Ulthran
Copy link
Contributor

@Ulthran Ulthran commented Dec 1, 2025

Summary

  • switch the default SQLite connection string to use a read-only URI when no environment configuration is provided
  • skip automatic table creation when the database connection is configured in read-only mode

Testing

  • pytest (fails: ModuleNotFoundError: No module named 'flask_sqlalchemy')

Codex Task

Copilot AI review requested due to automatic review settings December 1, 2025 22:21
@codecov
Copy link

codecov bot commented Dec 1, 2025

Codecov Report

❌ Patch coverage is 40.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.26%. Comparing base (f85a7f9) to head (708acb4).

Files with missing lines Patch % Lines
sample_registry/app.py 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master      #59      +/-   ##
==========================================
- Coverage   64.30%   64.26%   -0.05%     
==========================================
  Files           8        8              
  Lines         706      708       +2     
==========================================
+ Hits          454      455       +1     
- Misses        252      253       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI reviewed Dec 1, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR attempts to switch the default SQLite database connection to read-only mode when no SAMPLE_REGISTRY_DB_URI environment variable is provided, and prevents automatic table creation when the database is in read-only mode.

Key changes:

  • Modified the default SQLite URI to include mode=ro parameter for read-only access
  • Added conditional logic to skip db.create_all() in Flask app when read-only mode is detected

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
sample_registry/__init__.py Changes default SQLite connection URI to use read-only mode with URI parameters
sample_registry/app.py Adds conditional check to skip table creation when database URI contains mode=ro

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

sample_registry/__init__.py
f"sqlite:///{Path(__file__).parent.parent.resolve()}/sample_registry.sqlite3"
)
db_path = Path(__file__).parent.parent.resolve() / "sample_registry.sqlite3"
SQLALCHEMY_DATABASE_URI = f"sqlite:///file:{db_path}?mode=ro&uri=true"
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SQLite URI format is incorrect. When using file: prefix with an absolute path, the format should be file:///path (three slashes), not file:/path (one slash). However, the simpler and more reliable approach is to omit the file: prefix entirely.

Change to:

SQLALCHEMY_DATABASE_URI = f"sqlite:///{db_path}?mode=ro&uri=true"

This format works correctly with SQLAlchemy's SQLite dialect where:

  • sqlite:/// indicates an absolute path
  • ?mode=ro&uri=true passes the read-only mode to SQLite with URI interpretation enabled
Suggested change
SQLALCHEMY_DATABASE_URI = f"sqlite:///file:{db_path}?mode=ro&uri=true"
SQLALCHEMY_DATABASE_URI = f"sqlite:///{db_path}?mode=ro&uri=true"

Copilot uses AI. Check for mistakes.
sample_registry/app.py
Comment on lines +42 to +43
if "mode=ro" not in SQLALCHEMY_DATABASE_URI:
db.create_all()
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The read-only mode detection using string matching ("mode=ro" not in SQLALCHEMY_DATABASE_URI) is fragile and could break if:

  1. The URI format uses mode=RO (uppercase)
  2. The environment variable provides a different database type that doesn't support this parameter
  3. The URI uses URL encoding where mode=ro appears as mode%3Dro

Consider a more robust approach:

if "mode=ro" not in SQLALCHEMY_DATABASE_URI.lower() and "readonly" not in SQLALCHEMY_DATABASE_URI.lower():
    db.create_all()

Or better yet, use a dedicated configuration flag:

# In __init__.py
DB_READ_ONLY = "mode=ro" in SQLALCHEMY_DATABASE_URI

# In app.py
from sample_registry import DB_READ_ONLY
if not DB_READ_ONLY:
    db.create_all()

Copilot uses AI. Check for mistakes.
sample_registry/__init__.py
f"sqlite:///{Path(__file__).parent.parent.resolve()}/sample_registry.sqlite3"
)
db_path = Path(__file__).parent.parent.resolve() / "sample_registry.sqlite3"
SQLALCHEMY_DATABASE_URI = f"sqlite:///file:{db_path}?mode=ro&uri=true"
Copy link

Copilot AI Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Making the default database read-only will break all library CLI commands that need write access (e.g., register_run, register_sample, unregister_samples, etc.). These commands use the session and engine created in __init__.py, which will now be read-only by default.

According to the README, the default behavior is to "automatically create" the database if it doesn't exist, but read-only mode prevents creation and writes.

If the goal is to make only the Flask web app read-only by default while keeping write functionality for CLI tools, consider:

  1. Keeping the default connection as read-write
  2. Adding a separate configuration for the Flask app (e.g., FLASK_READ_ONLY environment variable)
  3. Or documenting that users must set SAMPLE_REGISTRY_DB_URI for any write operations

Otherwise, this is a breaking change that should be clearly documented.

Suggested change
SQLALCHEMY_DATABASE_URI = f"sqlite:///file:{db_path}?mode=ro&uri=true"
SQLALCHEMY_DATABASE_URI = f"sqlite:///file:{db_path}?mode=rwc&uri=true"

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ulthran