Skip to content

Commit

Permalink
Merge branch 'staging' into stable
Browse files Browse the repository at this point in the history
  • Loading branch information
abompard committed Jul 21, 2021
2 parents 6d3c36d + 0b2cf02 commit ee5abd4
Show file tree
Hide file tree
Showing 94 changed files with 29,586 additions and 1,937 deletions.
22 changes: 22 additions & 0 deletions .github/workflows/dependabot-approve.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Auto-approve Dependabot PRs
on:
schedule:
- cron: "7 * * * *"
workflow_dispatch:

permissions:
contents: read
pull-requests: write

jobs:
auto-approve:
name: Auto-approve minor and patch updates
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: koj-co/dependabot-pr-action@master
with:
token: ${{ secrets.GITHUB_TOKEN }}
approve-minor: true
approve-patch: true

15 changes: 15 additions & 0 deletions .mergify.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
pull_request_rules:

- name: Automatic merge on approval
actions:
merge:
Expand Down Expand Up @@ -28,3 +29,17 @@ pull_request_rules:
- status-success=DCO
- status-success=CI on f32
- status-success=CI on f33

- name: Automatic merge Dependabot PRs
actions:
merge:
method: rebase
rebase_fallback: null
strict: true
conditions:
- label!=WIP
- author=dependabot[bot]
- approved-reviews-by=github-actions[bot]
- status-success=DCO
- status-success=CI on f32
- status-success=CI on f33
72 changes: 72 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
repos:
# - repo: https://github.com/asottile/pyupgrade
# rev: v2.15.0
# hooks:
# - id: pyupgrade
# args:
# - --py36-plus

- repo: https://github.com/psf/black
rev: 21.5b2
hooks:
- id: black
language_version: python3
args: ["-c"]

- repo: https://github.com/pycqa/flake8
rev: 3.9.2
hooks:
- id: flake8

- repo: https://github.com/pycqa/isort
rev: 5.8.0
hooks:
- id: isort
args: ["-c"]

- repo: https://github.com/Lucas-C/pre-commit-hooks-bandit
rev: v1.0.5
hooks:
- id: python-bandit-vulnerability-check
alias: bandit
args: ["-r", "noggin/", "-x", "noggin/tests/", "-ll"]
# - repo: local
# hooks:
# - id: bandit-local
# name: bandit
# entry: bandit
# args: ["-r", "noggin/", "-x", "noggin/tests/", "-ll"]
# pass_filenames: false
# language: system

- repo: https://github.com/myint/rstcheck
rev: 3f92957
hooks:
- id: rstcheck
args: ["-r", "docs"]
additional_dependencies: [sphinx]

- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
rev: v1.2.1
hooks:
- id: python-safety-dependencies-check
alias: safety
additional_dependencies: ["poetry"]
# - repo: local
# hooks:
# - id: safety-local
# name: safety
# entry: safety
# args: [check, --full-report]
# language: system
# pass_filenames: false


- repo: local
hooks:
- id: liccheck
name: liccheck
entry: ./devel/run-liccheck.sh
files: "(pyproject.toml|poetry.lock)"
pass_filenames: false
language: script
1 change: 1 addition & 0 deletions Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Vagrant.configure(2) do |config|
freeipa.vm.hostname = "ipa.noggin.test"
freeipa.hostmanager.aliases = ("kerberos.noggin.test")
freeipa.vm.synced_folder '.', '/vagrant', disabled: true
freeipa.vm.synced_folder ".", "/home/vagrant/noggin", type: "sshfs"

freeipa.vm.provider :libvirt do |libvirt|
libvirt.cpus = 2
Expand Down
2 changes: 1 addition & 1 deletion devel/ansible/roles/common/vars/main.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
ipa_admin_user: admin
ipa_admin_password: adminPassw0rd!
krb_master_password: adminPassw0rd!
krb_main_password: adminPassw0rd!
krb_realm: NOGGIN.TEST
2 changes: 1 addition & 1 deletion devel/ansible/roles/freeipa/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
changed_when: "False"

- name: install freeipa server
shell: umask 022; ipa-server-install -a {{ ipa_admin_password }} --hostname=ipa.noggin.test -r {{ krb_realm }} -p {{ krb_master_password }} -n noggin.test -U
shell: umask 022; ipa-server-install -a {{ ipa_admin_password }} --hostname=ipa.noggin.test -r {{ krb_realm }} -p {{ krb_main_password }} -n noggin.test -U

- name: get freeipa-fas
git:
Expand Down
37 changes: 22 additions & 15 deletions devel/ansible/roles/freeipa/templates/create_dummy_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,21 +31,21 @@ def rando(percentage):
groups["sysadmin-" + word] = 5
groups["z-git-" + word] = 5

ipa = python_freeipa.ClientLegacy(host="ipa.noggin.test", verify_ssl="/etc/ipa/ca.crt")
ipa = python_freeipa.ClientMeta(host="ipa.noggin.test", verify_ssl="/etc/ipa/ca.crt")
ipa.login("{{ ipa_admin_user }}", "{{ ipa_admin_password }}")

untouched_ipa = python_freeipa.ClientLegacy(
untouched_ipa = python_freeipa.ClientMeta(
host="ipa.noggin.test", verify_ssl="/etc/ipa/ca.crt"
)

ipa._request("fasagreement_add", "FPCA", {"description": "This ia the FPCA agreement"})
ipa._request("fasagreement_add", "FPCA", {"description": "This is the FPCA agreement"})

for group in groups.keys():
print(f"adding group: {group}")
ipa.group_add(group, f"A group for {group}", fasgroup=True)
ipa.group_add(group, o_description=f"A group for {group}", fasgroup=True)
ipa._request("fasagreement_add_group", "FPCA", {"group": group})

ipa.group_add("general", "A group for general stuff", fasgroup=True)
ipa.group_add("general", o_description="A group for general stuff", fasgroup=True)


for x in range(100):
Expand All @@ -57,11 +57,11 @@ def rando(percentage):
try:
ipa.user_add(
username,
firstName,
lastName,
fullname,
disabled=False,
user_password=USER_PASSWORD,
o_givenname=firstName,
o_sn=lastName,
o_cn=fullname,
o_nsaccountlock=False,
o_userpassword=USER_PASSWORD,
fasircnick=[username, username + "_"],
faslocale="en-US",
fastimezone="Australia/Brisbane",
Expand All @@ -78,17 +78,24 @@ def rando(percentage):
ipa._request("fasagreement_add_user", "FPCA", {"user": username})
has_signed_fpca = True
else:
ipa.group_add_member("general", username)
ipa.group_add_member("general", o_user=username)

# add to groups
for groupname, chance in groups.items():
if rando(chance) and has_signed_fpca:
ipa.group_add_member(groupname, username)
ipa.group_add_member(groupname, o_user=username)
# add member manager (sponsor)
if rando(30):
ipa._request(
"group_add_member_manager", groupname, {"user": username}
)
ipa.group_add_member_manager(groupname, o_user=username)

except python_freeipa.exceptions.FreeIPAError as e:
print(e)


# Create the stage user managers role and assign it to the infra group
ipa.privilege_add("Stage User Managers", o_description="Manage registering users in Noggin")
for perm in ("System: Read Stage Users", "System: Modify Stage User", "System: Remove Stage User"):
ipa.privilege_add_permission("Stage User Managers", o_permission=perm)
ipa.role_add("Stage User Managers", o_description="Manage registering users in Noggin")
ipa.role_add_privilege("Stage User Managers", o_privilege="Stage User Managers")
ipa.role_add_member("Stage User Managers", o_group="infra")
1 change: 1 addition & 0 deletions devel/ansible/roles/noggin/files/noggin.service
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Wants=network-online.target
Environment=FLASK_APP=/home/vagrant/noggin/noggin/app.py
Environment=NOGGIN_CONFIG_PATH=/home/vagrant/noggin.cfg
Environment=FLASK_DEBUG=1
Environment=PYTHONUNBUFFERED=1
User=vagrant
WorkingDirectory=/home/vagrant/noggin/noggin
ExecStart=poetry run flask run -h 0.0.0.0
Expand Down
15 changes: 15 additions & 0 deletions devel/run-liccheck.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/bin/bash

trap 'rm -f "$TMPFILE"' EXIT

set -e

TMPFILE=$(mktemp -t noggin-requirements-XXXXXX.txt)

# Note: we can't use poetry export because it isn't smart enough with conditional dependencies:
# flake8 requires importlib_metadata on python < 3.8, so it's not installed, but it's exported
# and liccheck crashes on packages listed in the req file but not installed.
# poetry export --dev -f requirements.txt -o $TMPFILE

poetry run pip freeze --exclude-editable --isolated > $TMPFILE
poetry run liccheck -r $TMPFILE
2 changes: 1 addition & 1 deletion docs/contributing.rst
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ When cutting a new release, follow these steps:
#. Run ``poetry install`` to update the version in the metadata
#. Add missing authors to the release notes fragments by changing to the ``news`` directory and
running the ``get-authors.py`` script, but check for duplicates and errors
#. Generate the release notes by running ``towncrier`` (in the base directory)
#. Generate the release notes by running ``poetry run towncrier`` (in the base directory)
#. Adjust the release notes in ``docs/release_notes.rst``.
#. Generate the docs with ``tox -e docs`` and check them in ``docs/_build/html``.
#. Commit the changes
Expand Down
20 changes: 20 additions & 0 deletions docs/installation.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,23 @@ Installation
============

.. note:: **TODO**: Cover end-user installation here.


IPA settings
============

If you want to be able to manage registering users, you need to setup the corresponding role and privilege in IPA.

First, create a privilege containing the permissions needed to manage stage users::

ipa privilege-add "Stage User Managers" --desc "Manage registering users in Noggin"
ipa privilege-add-permission "Stage User Managers" --permissions "System: Read Stage Users" --permissions "System: Modify Stage User" --permissions "System: Remove Stage User"

Then, create a role associated with this privilege::

ipa role-add "Stage User Managers" --desc "Manage registering users in Noggin"
ipa role-add-privilege "Stage User Managers" --privileges "Stage User Managers"

Finally, if your administrators group is called ``sysadmin``, give people in the ``sysadmin`` group the role to manage registering users::

ipa role-add-member "Stage User Managers" --groups sysadmin
46 changes: 46 additions & 0 deletions docs/release_notes.rst
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,50 @@ Release notes

.. towncrier release notes start
v1.3.0
======

Released on 2021-07-21.

Features
^^^^^^^^

* Add a page to manage registering users (:pr:`672`).
* Allow template override with a custom directory, see the
``TEMPLATES_CUSTOM_DIRECTORIES`` configration value (:pr:`701`).
* Allow users to declare their Matrix IDs in addition to the IRC nicknames
(:issue:`248`).
* Display on users' profiles the agreements they have signed (:issue:`576`).
* Validate email addresses when changed in the ``mail`` or ``rhbz_mail``
attributes (:issue:`610`).
* Allow users to select multiple pronouns (:issue:`646`).

Bug Fixes
^^^^^^^^^

* Don't tell users signing up that their username is already taken when it can
be the email address (:pr:`665`).
* Add the ``for`` attribute to checkbox labels (:issue:`658`).

Development Improvements
^^^^^^^^^^^^^^^^^^^^^^^^

* Start using `pre-commit <https://pre-commit.com/>`_ to run the simple
checkers (linters, formatters, security checks). Run ``poetry install`` to
install the new dependencies, and then run ``pre-commit install`` to setup
the git hook. Also add the `safety <https://pyup.io/safety/>`_ tool
(:pr:`659`).

Contributors
^^^^^^^^^^^^

Many thanks to the contributors of bug reports, pull requests, and pull request
reviews for this release:

* Aurélien Bompard
* Calvin Goodale


v1.2.0
======
Released on 2021-05-18.
Expand All @@ -14,6 +58,8 @@ Features

* Display the version in the page footer (:issue:`592`).
* Allow sponsors to resign from their position in the group (:issue:`599`).
* Disallow login and register with mixed-case usernames (:issue:`594`).
* Add information in the validation email (:issue:`629`).

Bug Fixes
^^^^^^^^^
Expand Down
1 change: 0 additions & 1 deletion news/573.bug

This file was deleted.

1 change: 0 additions & 1 deletion news/592.feature

This file was deleted.

1 change: 0 additions & 1 deletion news/593.bug

This file was deleted.

1 change: 0 additions & 1 deletion news/599.feature

This file was deleted.

4 changes: 3 additions & 1 deletion news/_template.rst → news/_template.rst.j2
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@
{%- endif -%}
{%- endmacro -%}

{{ top_line }}
{{ top_underline * ((top_line)|length)}}

Released on {{ versiondata.date }}.
This is a {major|feature|bugfix} release that adds [short summary].

{% for section, _ in sections.items() %}
{% set underline = underlines[0] %}{% if section %}{{section}}
{{ underline * section|length }}{% set underline = underlines[1] %}
Expand Down
Loading

0 comments on commit ee5abd4

Please sign in to comment.