package.json requirements.txt flyway
The Federal Election Commission (FEC) releases information to the public about money that's raised and spent in federal elections — that's elections for US President, Senate, and House of Representatives.
Are you interested in seeing how much money a candidate raised? Or spent? How much debt they took on? Who contributed to their campaign? The FEC is the authoritative source for that information.
The new FEC.gov aims to make campaign finance information more accessible (and understandable) to all users.
This repository, openFEC, is home to the FEC’s API
All FEC repositories:
- FEC: a general discussion forum. We compile feedback from the FEC.gov feedback widget here, and this is the best place to submit general feedback.
- openFEC: the first RESTful API for the Federal Election Commission
- fec-cms: this project's content management system (CMS)
- fec-proxy: this is a lightweight app that coordinates the paths between the web app and CMS
We welcome you to explore, make suggestions, and contribute to our code.
- Read our contributing guidelines. Then, file an issue or submit a pull request.
- If you'd rather send us an email, we're thrilled to hear from you!
- Follow our Set up instructions to run the apps on your computer.
We are always trying to improve our documentation. If you have suggestions or run into problems please file an issue!
-
Ensure you have the following requirements installed:
-
Python (the latest 3.10 release, which includes
pip
and a built-in version ofvirtualenv
calledvenv
). -
The latest long term support (LTS) or stable release of Node.js (which includes npm)
-
PostgreSQL (the latest 13 release).
- Read a Mac OSX tutorial
- Read a Windows tutorial
- Read a Linux tutorial (or follow your OS package manager)
-
Elastic Search 7.x (instructions here)
-
Flyway 11.0.0 (homebrew instructions)
-
After downloading, create a .toml file in the following location:
flyway-11.0.0/conf/flyway.toml
and set the flyway environment variablesenvironment
,url
,user
,password
andlocations
as[environments.local] url = "jdbc:postgresql://localhost:5432/cfdm_test" user = "<your local database username>" password = "<your local database password>" [flyway] environment = "local" locations = ["filesystem:/Users/<user>/<project>/api/openFEC/data/migrations"]
to enable connection to a local database (e.g.,
cfdm_test
from Create a test database, below) and specify the location of the database migration files (SQL)
-
-
See Database migrations for more information on installing and configuring flyway
-
-
Set up your Node environment— learn how to do this with our Javascript Ecosystem Guide.
-
Set up your Python environment— learn how to do this with our Python Ecosystem Guide.
-
Clone this repository.
Use pip
to install the Python dependencies:
pip install -r requirements.txt
pip install -r requirements-dev.txt
Use npm
to install JavaScript dependencies:
nvm use --lts
npm install
npm run build
This repo includes optional post-merge and post-checkout hooks to ensure that
dependencies are up to date. If enabled, these hooks will update Python
dependencies on checking out or merging changes to requirements.txt
. To
enable the hooks, run:
invoke add_hooks
To disable, run:
invoke remove_hooks
In order to run tests locally, you'll need a test database.
To create the test database, run:
createdb cfdm_unit_test
Before you can run this project locally, you'll need a development database.
To create the development database, run:
createdb cfdm_test
Set the environment variable SQLA_SAMPLE_DB_CONN to point to this database, using:
export SQLA_SAMPLE_DB_CONN="postgresql://<username>:<password>@localhost:<port - default is 5432>/cfdm_test"
Load our sample data into the development database (cfdm_test
) by running:
invoke create_sample_db
This will run flyway
migrations on the empty database to create the schema, and then load sample data into this database from data/sample_db.sql
.
Note: FEC members can set the SQL connection to one of the RDS boxes with:
export SQLA_CONN=<psql:address-to-box>
Warning: never perform 'update all' when pointing to an RDS box via the SQLA_CONN env var
Note: An additional setting for connecting to and utilizing mirrors/replica boxes can also be set with:
export SQLA_FOLLOWERS=<psql:address-to-replica-box-1>[,<psql:address-to-replica-box-2>,...]
Note: This is a comma separated (with no spaces) string that contains one or more connection strings to any replicas/mirrors that are setup.
Reach out to a team member to get the actual addresses for all of these connections.
-
Run:
export FEC_WEB_DEBUG=true
This shows error details and more verbose request logging.
-
Run:
export FEC_API_URL=http://localhost:5000 export FEC_CMS_URL=http://localhost:8000
These are the default URLs to the other local FEC applications. For complete set-up instructions, explore our documentation for fec-cms.
Note: If you modify your local environment to run these applications at a different address, be sure to update these environment variables to match.
-
If you do not login to CloudFoundry with SSO (single sign-on), run:
export FEC_WEB_USERNAME=<username_of_your_choosing> export FEC_WEB_PASSWORD=<password_of_your_choosing>
Create these account credentials to gain full access to the application. You can set them to any username and password of your choosing.
Note: FEC team members will also have additional environment variables to set up. Please reach out to a team member for detailed information.
-
If you are using database replicas/mirrors you can also restrict connections to them to be asynchronous tasks only by running:
export SQLA_RESTRICT_FOLLOWER_TRAFFIC_TO_TASKS=enabled
Follow these steps every time you want to work on this project locally.
-
Set the FLASK_APP environment variable to specify how to load the application. Flask is used when running the project locally, so you will want to turn the debugger on as well. If you'd like to run in development mode (reloader will trigger whenever your code or imported modules change and debugger is on by default) you can set FLASK_ENV=development. Pyenv-dotenv should set these for you automatically by reading .flaskenv.
export FLASK_APP=webservices.rest export FLASK_DEBUG=1
-
If you are using the legal search portion of the site, you will need Elastic Search running. Navigate to the installation folder (eg.,
elasticsearch-7.4
) and run:cd bin ./elasticsearch
-
Start the web server:
flask run
or
python cli.py run
-
View your local version of the site at http://localhost:5000.
We use Celery to schedule periodic tasks— for example, refreshing materialized views and updating incremental aggregates. We use Redis as the Celery message broker.
To work with Celery and Redis locally, install Redis and start a Redis server. By default,
we connect to Redis at redis://localhost:6379
; if Redis is running at a different URL,
set the FEC_REDIS_URL
environment variable.
Note: Both the API and Celery worker must have access to the relevant environment variables and services (PostgreSQL, S3).
Running Redis and Celery locally:
redis-server
celery --app webservices.tasks worker
celery --app webservices.tasks beat
We are using a customized 2.x version of swagger-ui to display our API developer documentation.
The base template for swagger-ui is located at webservices/templates/swagger-ui.html
. The {{ specs_url }}
template variable points to http://localhost:5000/swagger
that is the swagger spec file for FEC specific model definitions and schema. Compiled and vendor assets are served from static/swagger-ui/
.
The swagger-ui package is within the swagger-ui
directory. The hbs
folder contains handlebars templates with customizations, as do the files contained in the js
and less
folders. However, the js/swagger-client.js
is the base v2.1.32 swager-ui file.
All these files are then built and compiled via the npm run build
command that runs Gulp tasks. Any modification should be done in the files in swagger-ui
that will then be compiled and served in the static/swagger-ui/
folder.
This repo uses pytest.
If the test database server is not the default local Postgres instance, indicate it using:
export SQLA_TEST_CONN=<psql:address-to-box>
The connection URL has to strictly adhere to the structure postgresql://<username>:<password>@<hostname>:<port>/<database_name>
. Note that the database_name should be specified explicitly, unlike URLs for SQLAlchemy connections.
Start the elasticsearch server locally:
./elasticsearch
Running the tests:
pytest
Running only the pep8 linting:
pytest --linting
Running the tests without pep8 linting:
pytest --no-linting
If you add new tables to the data, you'll need to generate a new subset for testing.
We have used this nifty subsetting tool: rdbms-subsetter. Though it may be easier to add some sample data manually.
To build a new test subset, first delete and recreate the test database:
dropdb cfdm_test
createdb cfdm_test
Now use the build_test
invoke task to populate the new database with the new subset:
invoke build_test <source> postgresql://:@/cfdm_test
where source
is a valid PostgreSQL connection string.
To update the version-controlled test subset after rebuilding, run:
invoke dump postgresql://:@/cfdm_test data/subset.dump
If you haven't used Cloud Foundry in other projects, you'll need to install the Cloud Foundry CLI.
Before deploying, install version 7 of the Cloud Foundry CLI:
-
Read Cloud Foundry documentation to install version 7 of the Cloud Foundry CLI.
-
Set environment variables used by the deploy script:
export FEC_CF_USERNAME=<your_cf_username> export FEC_CF_PASSWORD=<your_cf_password>
If these variables aren't set, you'll be prompted for your Cloud Foundry credentials when you deploy the app.
To deploy to Cloud Foundry, run:
invoke deploy
The deploy
task will detect the appropriate Cloud Foundry space based the current branch. You can override this with the optional --space
flag. For example:
invoke deploy --space dev
This command will explicitly target the dev
space.
To run migrations with a manual deploy, run:
invoke deploy --space dev --migrate-database
On Cloud Foundry, we use the aws-elasticache-redis service. For more information about plan names, see the cloud.gov aws-elasticache-redis documentation
The Redis service can be created as follows:
cf create-service aws-elasticache-redis <plan_name> fec-elasticache-redis
cf target -s dev
cf cups fec-creds-dev -p '{"SQLA_CONN": "..."}'
To stand up a user-provided credential service that supports both the API and the webapp, ensure that the following keys are set:
- SQLA_CONN
- FEC_WEB_API_KEY
- FEC_WEB_API_KEY_PUBLIC
- FEC_GITHUB_TOKEN
- WRITE_AUTHORIZED_TOKENS
Deploys of a single app can be performed manually by targeting the env/space, and specifying the corresponding manifest, as well as the app you want, like so:
cf target -o [dev|stage|prod] && cf push -f manifest_<[dev|stage|prod]>.yml [api|web]
Note: Performing a deploy in this manner will result in a brief period of downtime.
There may be a time when you need to run a command remotely, e.g., a management command to update database schemas. Cloud Foundry currently doesn't support a way of connecting to an app that is running directly, so you need to deploy a one-off app specifically for running commands instead.
To accomplish this, follow these steps:
-
Make sure you're pointing to the correct target space:
cf target -o fec -s <dev | stage | prod>
-
Create a new app manifest for this one-off app (choose whatever file name you wish, ending with the
.yml
extension):cf create-app-manifest api -p <one-off-app-manifest-filename.yml>
-
Open the newly created one-off app manifest file and add/modify the following YAML properties to it (be sure to maintain all of the other existing properties):
name: one-off-app-name command: "<your command here, e.g., python cli.py refresh_materialized> && sleep infinity" no-route: true
Note: the
&& sleep infinity
part is needed as the end of the command you specify so that Cloud Foundry doesn't attempt to redeploy the app once the command finishes. -
Using the same app name you just specified in the custom manifest file, push your application to Cloud Foundry:
cf push <one-off-app-name> -f <one-off-app-manifest-filename.yml>
Once the app is pushed, you can also tail the logs to make see when the command finishes:
cf logs <one-off-app-name>
When the command you want to run finishes, be sure to stop and delete the app to free resources in Cloud Foundry:
cf stop <one-off-app-name>
cf delete <one-off-app-name>
One other thing you may want to consider doing is adding explicit log statements or an email notification to whatever command you are running so that you know for sure when the command finishes (or errors out). However, please do not check in these custom modifications.
Note: We hope to have a better way of accomplishing this in the future.
Likely only useful for FEC team members
You can SSH directly into the running app container to help troubleshoot or inspect things with the instance(s). Run the following command:
cf ssh <app name>
Where is the name of the application instance you want to connect to. Once you are logged into the remote secure shell, you'll also want to run this command to setup the shell environment correctly:
. /home/vcap/app/bin/cf_env_setup.sh
More information about using SSH with cloud.gov can be found in the cloud.gov SSH documentation.
If you're preparing a release to production, you should also create a changelog. The preferred way to do this is using the changelog generator.
Once installed, run:
github_changelog_generator --since-tag <last public-relase> --t <your-gh-token>
When this finishes, commit the log to the release.
We use git-flow for naming and versioning conventions. Both the API and web app are continuously deployed through Circle CI accordingly.
-
Developer creates a feature branch and pushes to
origin
:git flow feature start my-feature git push origin feature/my-feature
-
Reviewer merges feature branch into
develop
via GitHub -
[auto]
develop
is deployed todev
-
Developer makes sure their local master and develop branches are up to date:
git checkout develop git pull git checkout master git pull
-
Developer creates a hotfix branch, commits changes, and makes a PR to the
master
branch:git flow hotfix start my-hotfix git push origin hotfix/my-hotfix
-
Reviewer merges hotfix branch into
develop
andmaster
and pushes toorigin
:git flow hotfix finish my-hotfix git checkout develop git push origin develop
-
develop
is deployed todev
. Make sure the build passes before deploying tomaster
.git checkout master git push origin master --follow-tags
-
master
is deployed toprod
-
Developer creates a release branch and pushes to
origin
:git flow release start my-release git push origin release/my-release
-
[auto]
release/my-release
is deployed tostage
-
Issue a pull request to master, tag reviewer(s)
-
Review of staging
-
Check if there are any SQL files changed. Depending on where the changes are, you may need to run migrations. Ask the person who made the change what, if anything, you need to run.
-
Make sure your pull request has been approved
-
Make sure local laptop copies of
master
,develop
, andrelease/[release name]
github branches are up-to-date by checking them out and usinggit pull
for each branch. -
Rebuild candidate release branch, i.e.,
release/public-YYYYMMDD
, in staging environment, and verify there are no errors and that build passes. -
Developer merges release branch into
master
(and backmerges intodevelop
) and pushes to origin:git config --global push.followTags true git flow release finish my-release
You'll need to save several merge messages, and add a tag message which is named the name of the release (eg., public-beta-20170118). Check to see what
git branch
returns. If it shows you are onmaster
, ignore the next step for checking out and pushing todevelop
.git checkout develop git push origin develop
Watch the develop build on Circle and make sure it passes. Now you are ready to push to prod (:tada:).
git checkout master git log # make sure tag for release is present git push origin master --follow-tags
Watch Circle to make sure it passes, then test the production site manually to make sure everything looks ok.
-
master
is deployed toprod
-
develop
is deployed todev
This section covers a few topics we think might help developers after setup.
The staging and production environments use the API Umbrella for
rate limiting, authentication, caching, and HTTPS termination and redirection. Both
environments use the FEC_API_USE_PROXY
flag to reject requests that are not routed
through the API Umbrella.
All API responses are set to expire after one hour (Cache-Control: public, max-age=3600
).
In production, the API Umbrella will check this response header
and cache responses for the specified interval, such that repeated requests to a given
endpoint will only reach the Flask application once. This means that responses may be
stale for up to an hour following the nightly refresh of the materialized views.
The production and staging environments use relational database service (RDS) instances that receive streaming updates from the FEC database. The development environment uses a separate RDS instance created from a snapshot of the production instance.
Incrementally-updated aggregates and materialized views are updated nightly; see
webservices/tasks/refresh.py
for details. When the nightly update finishes, logs and error reports are slacked to the team.
The materialized views are manually refreshed when something needs to be removed or updated on the website (data section) on-demand.
-
Log in to CloudFoundry (Resource)
-
Select the ${cf_space} space
-
Run this command:
cf run-task api --command "python cli.py refresh_materialized" --name refresh_mv
-
Check status of task:
cf tasks api
-
Open a terminal to tail the logs:
cf logs api | grep "Refreshing"
-
View logs using kibana
Reference Wiki Elasticsearch 7.x.0 management instruction
There are some management commands to manage (display, create, delete, restore...) repository, index and snapshot on Elasticsearch.
More information is available by invoking each of these commands with a --help
option. These commands can be run as cf tasks on cloud.gov
, e.g.,
cf run-task api --command "python cli.py display_repositories" -m 2G --name display_repositories
cf run-task api --command "python cli.py configure_snapshot_repository <repo_name>" -m 4G --name configure_snapshot_repository
cf run-task api --command "python cli.py delete_repository <repo_name>" -m 4G --name delete_repository
We have three indexes for FEC legal documents, that are defined in INDEX_DICT 1) CASE_INDEX includes DOCUMENT_TYPE=('statutes','murs','adrs','admin_fines') current mur only. 2) AO_INDEX includes DOCUMENT_TYPE=('advisory_opinions') 3) ARCH_MUR_INDEX includes DOCUMENT_TYPE=('murs'), archived mur only
cf run-task api --command "python cli.py display_index_alias" -m 2G --name display_index_alias
cf run-task api --command "python cli.py create_index <index_name>" -m 2G --name create_index
cf run-task api --command "python cli.py delete_index <index_name>" -m 2G --name delete_index
cf run-task api --command "python cli.py display_mapping <index_name>" -m 2G --name display_mapping
cf run-task api --command "python cli.py update_mapping_and_reload_legal_data <index_name>" -m 4G --name update_mapping_and_reload_legal_data
This command is typically used when there is a schema change. A swapping index (XXXX_SWAP_INDEX) is built and populated in the background. When ready, the swapping index is moved to the current index (XXXX_INDEX) with short downtime)<5 mins>.
cf run-task api --command "python cli.py initialize_legal_data <index_name>" -m 4G --name initialize_legal_data
This command is used to initialize the legal data with downtime (15mins ~ 2+ hours) by an index.
cf run-task api --command "python cli.py reload_all_data_by_index ao_index" -m 4G --name reload_all_data_by_index_ao
The progress of these tasks can be monitored using, e.g.,
cf logs api | grep <some key word>
cf run-task api --command "python cli.py load_advisory_opinions [FROM_AO_NO]" -m 4G --name load_advisory_opinions
cf run-task api --command "python cli.py load_current_murs [MUR_NO]" -m 4G --name load_current_murs
cf run-task api --command "python cli.py load_adrs [ADR_NO]" -m 4G --name load_adrs
cf run-task api --command "python cli.py load_admin_fines [AF_NO]" --name load_admin_fines
cf run-task api --command "python cli.py load_statutes" --name load_statutes
(load one arch_mur):
cf run-task api --command "python cli.py load_archived_murs [MUR_NO]" --name upload_one_arch_mur
(load all arch_mur):
cf run-task api --command "python cli.py load_archived_murs" --name upload_arch_mur
The OpenFEC API is a Flask application deployed using the gunicorn WSGI server behind
an nginx reverse proxy. Static files are compressed and served directly through nginx;
dynamic content is routed to the Flask application via proxy_pass
. The entire application
is served through the API Umbrella, which handles API keys,
caching, and rate limiting.
Sorting fields include a compound index on on the filed to sort and a unique field. Because in cases where there were large amounts of data that had the same value that was being evaluated for sort, the was not a stable sort view for results and the results users received were inconsistent, some records given more than once, others given multiple times.
Database mirrors/replicas are supported by the API if the SQLA_FOLLOWERS
is set to one or more valid connection strings. By default, setting this environment variable will shift all read
operations to any mirrors/replicas that are available (and randomly choose one to target per request if there are more than one).
You can optionally choose to restrict traffic that goes to the mirrors/replicas to be the asynchronous tasks only by setting the SQLA_RESTRICT_FOLLOWER_TRAFFIC_TO_TASKS
environment variable to something that will evaluate to True
in Python (simply using True
as the value is fine). If you do this, you can also restrict which tasks are supported on the mirrors/replicas. Supported tasks are configured by adding their fully qualified names to the app.config['SQLALCHEMY_FOLLOWER_TASKS']
list in order to allow them. By default, only the download
task is enabled.
flyway
is the tool used for database migration.
It is recommended that you install flyway using homebrew: brew install flyway
All database schema modification code is checked into version control in the directory data/migrations
in the form of SQL files that follow a strict naming convention - V<version_number>__<descriptive_name>.sql
. flyway
also maintains a table in the target database called flyway_schema_history
which tracks the migration versions that have already been applied.
flyway
supports the following commands:
info
compares the migration SQL files and the tableflyway_schema_history
and reports on migrations that have been applied and those that are pending.migrate
compares the migration SQL files and the tableflyway_schema_history
and runs those migrations that are pending.baseline
modifies theflyway_schema_history
table to indicate that the database has already been migrated to a baseline version.repair
repairs theflyway_schema_history
table. Removes any failed migrations on databases.
For more information, see Flyway documentation.
Tests that require the database will automatically run flyway
migrations as long as flyway
is in PATH
.
flyway is installed in CircleCI
. During the deployment step, CircleCI
invokes flyway
to migrate the target database (depending on the target space). For this to work correctly, connection URLs for the target databases have to be stored as environment variables in CircleCI under the names FEC_MIGRATOR_SQLA_CONN_DEV
, FEC_MIGRATOR_SQLA_CONN_STAGE
and FEC_MIGRATOR_SQLA_CONN_PROD
. The connection URL has to strictly adhere to the structure postgresql://<username>:<password>@<hostname>:<port>/<database_name>
. Note that the database_name should be specified explicitly, unlike URLs for SQLAlchemy connections.
You may need to run flyway
manually in order to test migrations locally, or to troubleshoot migrations in production. There are 2 required parameters:
-url
specifies the database URL. This is a JDBC URL of the formjdbc:postgresql://<hostname>:<port>/<database>?user=<username>&password=<password>
.-locations
specifies the directory where the migrations are stored. This is a value of the formfilesystem:<directory-path>
. In our case, if run from the project root, it would be-locations=filesystem:data/migration
.