Update database sql files

.github/workflows/build.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     services:
       mariadb:
-        image: mariadb:10.8
+        image: mariadb:10.6
         env:
           MYSQL_USER: test
           MYSQL_PASSWORD: test
@@ -28,7 +28,7 @@ jobs:
       - uses: shogo82148/actions-setup-mysql@v1
         with:
           distribution: 'mariadb'
-          mysql-version: '10.8'
+          mysql-version: '10.6'
           auto-start: false
       - name: Build database
         run: |
@@ -44,7 +44,7 @@ jobs:
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
-        if: github.ref == 'refs/heads/master'
+        if: github.ref == 'refs/heads/main'
         with:
             token: ${{ secrets.GITHUB_TOKEN }}
             commit-message: Update database sql files

Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/library/mariadb:10.10.3
+FROM docker.io/library/mariadb:10.6.19
 
 WORKDIR /ispyb
 

HISTORY.rst

@@ -5,6 +5,33 @@ History
 Unreleased / master
 -------------------
 
+4.3.0 (2024-12-05)
+-------------------
+
+Note: The schema files now include a command in the first line to set the sanbox
+mode which is incompatible with older clients. For more info and to disable, see:
+https://mariadb.org/mariadb-dump-file-compatibility-change/
+
+Admin: Changes to GitHub workflows as 'main' is now the default branch (previously 'master')
+
+New or modified tables and columns:
+
+- Add ``processingPipelineId`` column to the ``AutoProcProgram`` table
+- Add new boolean column ``deleted`` to the ``AutoProcProgramAttachment`` table
+- Add unique index on ``BLSample(containerId, location, subLocation)``
+- Update the ``ProcessedTomogram`` table comment
+
+Roles and permissions:
+
+- Add new grants for Expeye and combine grants into two roles instead of three
+- Add roles and grants for MaxScale
+- Add role with grants for fragment screening
+
+Scripts and data changes:
+
+- Trim trailing '1' in the ``SpaceGroup`` table's ``spaceGroupShortName`` column
+- Add scripts that can delete ``DataCollection`` and ``DataCollectionGroup`` rows and referenced rows in other tables
+
 4.2.1 (2024-08-19)
 -------------------
 

README.md

@@ -2,19 +2,19 @@
 
 # ispyb-database
 
-This package provides everything needed to create the Diamond flavour of the ISPyB database schema. As the schema evolves the update scripts will also be published here, so other users of the schema should be able to stay up-to-date.
+This repository provides everything needed to create the Diamond flavour of the ISPyB database schema. As the schema evolves the update scripts will also be published here, so other users of the schema should be able to stay up-to-date.
 
 ## Requirements
 
-* Server and a client packages of MariaDB 10.3 or later.
+* Server and a client packages of MariaDB 10.6 or later.
 * A Unix-like OS with `bash` shell.
 * The pandoc package (only required to build documentation at the end of the `build.sh` script.)
 * If binary logging is enabled in the DB system, then execute this before importing the test schema: `SET GLOBAL log_bin_trust_function_creators=ON;`
 
 ## Installation
 
-1. Install MariaDB. See the Wiki for ideas on how to install in a particular environment.
-2. Copy `.my.example.cnf` to `.my.cnf` and then edit that file to set the `user` and `password`, e.g. `user = root` and use the `password` you set when securing. Optionally, you can also set e.g. `host` and `port`.
+1. Install MariaDB. The Wiki has ideas on how to install in a particular environment, including OS packages or containers via the provided Dockerfile. If you use the container approach with the provided Dockerfile, then steps 2 and 3 below are done for you automatically.
+2. Copy `.my.example.cnf` to `.my.cnf` and then edit that file to set the `user` and `password`, e.g. `user = root` and correspond `password`. Optionally, you can also set e.g. `host` and `port`.
 3. In a test environment run the `build.sh` file. This creates the database schema and applies the grants as described in the "Schema" and "Grants" sections below.
 
 ### Schema
@@ -94,8 +94,8 @@ mariadb ispyb < grants/ispyb_web.sql
 ## Useful scripts
 
 * `build.sh`: Creates a development `ispyb_build` database and imports all the schema and grants files into it.
-* `release.sh`: Makes a release, see the Releasing section.
-* `bin/backup.sh`: Makes a backup of the development database.
+* `release.sh`: Makes a release, see the `RELEASE.md` file for details.
+* `bin/backup.sh`: Makes a backup of the development database, producing four files: `tables.sql`, `routines.sql`, `lookups.sql`, `data.sql`.
 * `bin/missed_updates.sh`: Generates a list of files in the `schemas/ispyb/updates/` folder that haven't been applied.
 * `bin/export_session.sh`: Exports a given session's database rows to SQL files. These can then easily be imported into an empty ispyb database. This can be used e.g. to create a single-session ISPyB/SynchWeb instance if combined with all the relevant data files and processing files for the session, and an instance of SynchWeb.
 

grants/ispyb_expeye.sql

@@ -10,9 +10,56 @@ GRANT ispyb_propagation TO ispyb_expeye_core_role;
 
 CREATE ROLE ispyb_expeye_acquisition_role;
 
-GRANT SELECT, INSERT, UPDATE ON RobotAction TO ispyb_expeye_acquisition_role;
-GRANT SELECT, INSERT, UPDATE ON GridInfo TO ispyb_expeye_acquisition_role;
-GRANT SELECT, INSERT, UPDATE ON DataCollection TO ispyb_expeye_acquisition_role;
+GRANT SELECT ON Proposal TO ispyb_expeye_acquisition_role;
+GRANT SELECT ON BLSession TO ispyb_expeye_acquisition_role;
 GRANT SELECT, INSERT, UPDATE ON DataCollectionGroup TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE ON DataCollection TO ispyb_expeye_acquisition_role;
 GRANT SELECT, INSERT, UPDATE ON Position TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON Shipping TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ShippingHasSession TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON Project_has_Shipping TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON LabContact TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON Dewar TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON DewarLocation TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON DewarLocationList TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON DewarRegistry TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON DewarRegistry_has_Proposal TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON DewarReport TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE ON DewarTransportHistory TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON Container TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ContainerInspection TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ContainerQueue TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ContainerQueueSample TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ContainerRegistry TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ContainerRegistry_has_Proposal TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ContainerReport TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON ContainerType TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE ON ContainerHistory TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT ON ProcessingPipeline TO ispyb_expeye_acquisition_role;
+GRANT SELECT ON ProcessingPipelineCategory TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON BLSample TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON BLSampleGroup TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON BLSampleGroup_has_BLSample TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON BLSubSample TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON Project_has_BLSample TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT ON Protein TO ispyb_expeye_acquisition_role;
+GRANT SELECT ON Crystal TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON XFEFluorescenceSpectrum TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT, INSERT, UPDATE, DELETE ON DiffractionPlan TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT ON ComponentType TO ispyb_expeye_acquisition_role;
+GRANT SELECT ON ComponentSubType TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE, DELETE ON Component_has_SubType TO ispyb_expeye_acquisition_role;
+
+GRANT SELECT, INSERT, UPDATE ON RobotAction TO ispyb_expeye_acquisition_role;
+GRANT SELECT, INSERT, UPDATE ON GridInfo TO ispyb_expeye_acquisition_role;
+
 GRANT ispyb_expeye_acquisition_role TO ispyb_expeye_core_role;

grants/ispyb_fragment_screening.sql

@@ -0,0 +1,32 @@
+-- Create the fragment screening application role.
+CREATE ROLE IF NOT EXISTS ispyb_fragment_screening;
+
+-- You must also create a database user and grant this role to them, e.g.
+-- CREATE USER fragment_screening_user@'%' IDENTIFIED BY 'the_password';
+-- GRANT ispyb_fragment_screening to fragment_screening_user@'%';
+-- SET DEFAULT ROLE ispyb_fragment_screening FOR fragment_screening_user@'%';
+
+-- Grants for ispyb_fragment_screening
+GRANT SELECT ON AutoProcIntegration TO 'ispyb_fragment_screening';
+GRANT SELECT ON AutoProcProgram TO 'ispyb_fragment_screening';
+GRANT SELECT ON AutoProcProgramAttachment TO 'ispyb_fragment_screening';
+GRANT SELECT ON AutoProcScaling TO 'ispyb_fragment_screening';
+GRANT SELECT ON AutoProcScalingStatistics TO 'ispyb_fragment_screening';
+GRANT SELECT ON AutoProcScaling_has_Int TO 'ispyb_fragment_screening';
+GRANT SELECT ON BLSampleImage TO 'ispyb_fragment_screening';
+GRANT SELECT ON BLSampleImageAutoScoreClass TO 'ispyb_fragment_screening';
+GRANT SELECT ON BLSampleImageScore TO 'ispyb_fragment_screening';
+GRANT SELECT ON BLSampleImage_has_AutoScoreClass TO 'ispyb_fragment_screening';
+GRANT SELECT ON BLSession TO 'ispyb_fragment_screening';
+GRANT SELECT ON BLSubSample TO 'ispyb_fragment_screening';
+GRANT SELECT ON Container TO 'ispyb_fragment_screening';
+GRANT SELECT ON ContainerInspection TO 'ispyb_fragment_screening';
+GRANT SELECT ON Crystal TO 'ispyb_fragment_screening';
+GRANT SELECT ON DataCollection TO 'ispyb_fragment_screening';
+GRANT SELECT ON ProcessingJob TO 'ispyb_fragment_screening';
+GRANT SELECT ON ProcessingJobParameter TO 'ispyb_fragment_screening';
+GRANT SELECT ON Proposal TO 'ispyb_fragment_screening';
+GRANT SELECT ON Protein TO 'ispyb_fragment_screening';
+GRANT SELECT, INSERT, UPDATE ON BLSample TO 'ispyb_fragment_screening';
+GRANT SELECT, INSERT, UPDATE ON BLSampleGroup TO 'ispyb_fragment_screening';
+GRANT SELECT, INSERT, UPDATE ON BLSampleGroup_has_BLSample TO 'ispyb_fragment_screening';

grants/maxscale.sql

@@ -0,0 +1,22 @@
+CREATE ROLE IF NOT EXISTS maxscale_role;
+CREATE ROLE IF NOT EXISTS maxmon_role;
+
+-- You must also create database users and grant these roles to them, e.g.
+-- CREATE USER maxscale_user@'%' IDENTIFIED BY 'the_password';
+-- CREATE USER maxmon_user@'%' IDENTIFIED BY 'the_password';
+-- GRANT maxscale_role to maxscale_user@'%';
+-- GRANT maxmon_role to maxmon_user@'%';
+-- SET DEFAULT ROLE maxscale_role FOR maxscale_user@'%';
+-- SET DEFAULT ROLE maxmon_role FOR maxmon_user@'%';
+
+GRANT SHOW DATABASES ON *.* TO maxscale_role;
+GRANT SELECT ON mysql.procs_priv TO maxscale_role;
+GRANT SELECT ON mysql.tables_priv TO maxscale_role;
+GRANT SELECT ON mysql.db TO maxscale_role;
+GRANT SELECT ON mysql.roles_mapping TO maxscale_role;
+GRANT SELECT ON mysql.columns_priv TO maxscale_role;
+GRANT SELECT ON mysql.proxies_priv TO maxscale_role;
+GRANT SELECT ON mysql.user TO maxscale_role;
+
+GRANT REPLICATION SLAVE, BINLOG MONITOR, SLAVE MONITOR ON *.* TO maxmon_role;
+GRANT SELECT ON mysql.user TO maxmon_role;