This came from a github security advisory suggestion but makes sense given that this workflow dosen't need to push content back.
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This iterates on https://github.com/openedx/edx-platform/pull/36089, which
logged us into DockerHub during unit tests in order to reduce how often
DockerHub rate-limits us.
Forks will fail to log into DockerHub unless the fork owner configures their
own DockerHub creds. This PR is an attempt to make it so that unit tests don't
fail when DockerHub login fails.
We're being rate limited by dockerhub for pulling too many images in CI.
There isn't a greate solution for caching images for GH actions, but in
theory we should have less strict limits as an authenticated user.
BREAKING CHANGE: Removes all remaining Paver commands including
`pavelib/prereqs.py:*` and `pavelib/assets.py:*`.
BREAKING CHANGE: Removes `./manage.py [lms|cms] compile_sass`, which
was just a wrapper around Paver commands.
BREAKING CHANGE: Removes paver.txt. Operators should install testing.txt
instead.
Part of: https://github.com/openedx/edx-platform/issues/34467
Unclear if there was a change in the focal repositories
or if there was an issue with something else. The noble
repositories don't support 7.0, so we're stuck here
until we upgrade to 8.0.
Operators Note: In newer versions of ubuntu the MD4 hashing algorithm
is disabled by default. To enable it the openssl config needs to be
updated in a manner similar to what's being done here. Alternatively,
you can set the `FEATURES['ENABLE_BLAKE2B_HASHING']` setting to `True`
which will switch to a newer hashing algorithm where MD4 was previously
used.
Because this hashing is being used as a part of the edx-platform caching
mechanism, this will effectively clear the cache for the items that use
this hash. The will impact any items where the cache key might have been
too big to store in memcache so it's hard to predict exactly which items
will be impacted.
BREAKING CHANGE: See the operator note above for more details as this
may break for users transitioning from Ubuntu 20.04 to newer versions.
This code does not have any dependencies that are specific to any specific
version of ubuntu. So instead of testing on a specific version and then needing
to do work to keep the versions up-to-date, we switch to the ubuntu-latest
target which should be sufficient for testing purposes.
This work is being done as a part of https://github.com/openedx/platform-roadmap/issues/377
closes https://github.com/openedx/edx-platform/issues/35314
When a shard of unit-tests.yml fails, we want the `success` job to be
maked "Failed" (not "Skipped"). That's because "Failed" blocks the PR
from merging, whereas "Skipped" does not. This change ensures that
`success` always runs to completion rather than being cancelled as soon
as a unit test shard fails or is cancelled.
From https://github.com/marketplace/actions/alls-green#options:
> Important: For this to work properly, it is a must to have the job always run,
> otherwise GitHub will make it skipped when any of the dependencies fail. In
> some contexts, skipped is interpreted as success which may lead to undersired,
> unobvious and even dangerous (as in security breach "dangerous") side-effects.
Closes https://github.com/openedx/edx-platform/issues/34789
This reverts commit 52adce48d1 because we were getting this in the build pipeline:
```
WARNING: lxml 5.2.1 does not provide the extra 'html-clean'
ERROR: Exception:
Traceback (most recent call last):
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_internal/cli/base_command.py", line 173, in _main
status = self.run(options, args)
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_internal/cli/req_command.py", line 203, in wrapper
return func(self, options, args)
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_internal/commands/install.py", line 315, in run
requirement_set = resolver.resolve(
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_internal/resolution/resolvelib/resolver.py", line 94, in resolve
result = self._result = resolver.resolve(
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_vendor/resolvelib/resolvers.py", line 472, in resolve
state = resolution.resolve(requirements, max_rounds=max_rounds)
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_vendor/resolvelib/resolvers.py", line 366, in resolve
failure_causes = self._attempt_to_pin_criterion(name)
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_vendor/resolvelib/resolvers.py", line 221, in _attempt_to_pin_criterion
satisfied = all(
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_vendor/resolvelib/resolvers.py", line 222, in <genexpr>
self._p.is_satisfied_by(requirement=r, candidate=candidate)
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_internal/resolution/resolvelib/provider.py", line 178, in is_satisfied_by
return requirement.is_satisfied_by(candidate)
File "/edx/app/edxapp/venvs/edxapp/lib/python3.8/site-packages/pip/_internal/resolution/resolvelib/requirements.py", line 84, in is_satisfied_by
assert candidate.name == self.name, (
AssertionError: Internal issue: Candidate is not for this requirement lxml[html-clean,html-clean] vs lxml[html-clean]
WARNING: You are using pip version 21.2.1; however, version 24.0 is available.
You should consider upgrading via the '/edx/app/edxapp/venvs/edxapp/bin/python -m pip install --upgrade pip' command.
```
