This came from a github security advisory suggestion but makes sense given that this workflow dosen't need to push content back.
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This iterates on https://github.com/openedx/edx-platform/pull/36089, which
logged us into DockerHub during unit tests in order to reduce how often
DockerHub rate-limits us.
Forks will fail to log into DockerHub unless the fork owner configures their
own DockerHub creds. This PR is an attempt to make it so that unit tests don't
fail when DockerHub login fails.
We're being rate limited by dockerhub for pulling too many images in CI.
There isn't a greate solution for caching images for GH actions, but in
theory we should have less strict limits as an authenticated user.
BREAKING CHANGE: Removes all remaining Paver commands including
`pavelib/prereqs.py:*` and `pavelib/assets.py:*`.
BREAKING CHANGE: Removes `./manage.py [lms|cms] compile_sass`, which
was just a wrapper around Paver commands.
BREAKING CHANGE: Removes paver.txt. Operators should install testing.txt
instead.
Part of: https://github.com/openedx/edx-platform/issues/34467
Unclear if there was a change in the focal repositories
or if there was an issue with something else. The noble
repositories don't support 7.0, so we're stuck here
until we upgrade to 8.0.
Operators Note: In newer versions of ubuntu the MD4 hashing algorithm
is disabled by default. To enable it the openssl config needs to be
updated in a manner similar to what's being done here. Alternatively,
you can set the `FEATURES['ENABLE_BLAKE2B_HASHING']` setting to `True`
which will switch to a newer hashing algorithm where MD4 was previously
used.
Because this hashing is being used as a part of the edx-platform caching
mechanism, this will effectively clear the cache for the items that use
this hash. The will impact any items where the cache key might have been
too big to store in memcache so it's hard to predict exactly which items
will be impacted.
BREAKING CHANGE: See the operator note above for more details as this
may break for users transitioning from Ubuntu 20.04 to newer versions.
This code does not have any dependencies that are specific to any specific
version of ubuntu. So instead of testing on a specific version and then needing
to do work to keep the versions up-to-date, we switch to the ubuntu-latest
target which should be sufficient for testing purposes.
This work is being done as a part of https://github.com/openedx/platform-roadmap/issues/377
closes https://github.com/openedx/edx-platform/issues/35314
When a shard of unit-tests.yml fails, we want the `success` job to be
maked "Failed" (not "Skipped"). That's because "Failed" blocks the PR
from merging, whereas "Skipped" does not. This change ensures that
`success` always runs to completion rather than being cancelled as soon
as a unit test shard fails or is cancelled.
From https://github.com/marketplace/actions/alls-green#options:
> Important: For this to work properly, it is a must to have the job always run,
> otherwise GitHub will make it skipped when any of the dependencies fail. In
> some contexts, skipped is interpreted as success which may lead to undersired,
> unobvious and even dangerous (as in security breach "dangerous") side-effects.
Closes https://github.com/openedx/edx-platform/issues/34789
