6
0
mirror of https://github.com/ChristianLight/tutor.git synced 2025-01-25 06:18:23 +00:00

100 Commits

Author SHA1 Message Date
DawoudSheraz
0ba4a22786 v18.0.0 upgrade to redwood 2024-06-19 22:56:13 +02:00
Régis Behmo
eb0660a55a chore: upgrade jinja2,black,requests,idna,cryptography
Address several security issues raised by Dependabot.
2024-06-10 17:19:42 +02:00
hinakhadim
e0a39fe45d fix: Add tutor-indigo in plugins file for tutor[full] 2024-03-26 14:37:03 +01:00
Régis Behmo
208937d9d3 chore: upgrade cryptography in dev
Fix vulnerabilities:
https://github.com/overhangio/tutor/security/dependabot/33
https://github.com/overhangio/tutor/security/dependabot/34
2024-02-19 09:21:38 +01:00
Abdul-Muqadim-Arbisoft
d99b2feeb3 fix: remove pkg_resources for python 3.12 compatibility
pkg_resources is available in python 3.12 only if setuptools is
explicitely installed, which is not always the case. We fix that by
replacing all usage of pkg_resources with importlib_resources and
importlib_metadata.

Close #966
2024-02-09 22:06:30 +01:00
Régis Behmo
94d5afa637 fix: security issues with jinja2 and pycryptodome
See:
https://github.com/overhangio/tutor/security/dependabot/32
https://github.com/overhangio/tutor/security/dependabot/29
2024-01-22 13:16:08 +01:00
Régis Behmo
68203f47be fix: RsaKey.dq attribute error
Running `tutor config save` with an outdated version of pycryptodome was
failing with the following error:

    Error: Missing configuration value: 'Crypto.PublicKey.RSA.RsaKey object' has no attribute 'dq'

This is because the "dq" attribute was only introduced in pycryptodome
3.17.0: https://www.pycryptodome.org/src/changelog#january-2023

To resolve this issue we bump the minimum requirements.

Close #962
2023-12-19 09:32:19 +01:00
Régis Behmo
0ccf48690a feat: upgrade to quince 2023-12-11 20:41:32 +01:00
Régis Behmo
b1a581d98a chore: upgrade cryptography package
See https://github.com/overhangio/tutor/pull/951
2023-11-29 09:30:14 +01:00
Régis Behmo
7d1a6fff6e chore: upgrade urllib3
See https://github.com/overhangio/tutor/pull/924
2023-10-18 09:24:43 +02:00
Régis Behmo
1c31d30e66 chore: upgrade urllib3
https://github.com/overhangio/tutor/pull/911
2023-10-03 06:58:25 +02:00
dependabot[bot]
c594817743 chore(deps): bump cryptography from 41.0.3 to 41.0.4 in /requirements
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 41.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-22 08:37:19 +02:00
Régis Behmo
72906bff8d feat: add cairn to the official list of plugins
This change means that cairn will be automatically installed whenever we
run:

    pip install tutor[full]

or whenever we run the tutor binary.
2023-09-07 19:16:53 +02:00
Régis Behmo
7e443ac40d chore: upgrade reqs
Now that sphinx_rtd support docutils>=0.19 we can drop that max version
requirement. But we need to limit sphinx max version because they
removed python 3.8 support before EOL.
2023-08-29 15:53:27 +02:00
Régis Behmo
8de5edfab7 chore: upgrade cryptography in dev
See: https://github.com/overhangio/tutor/security/dependabot/18
2023-08-03 11:13:45 +02:00
Régis Behmo
97d9f5a75c chore: upgrade certifi
Fix minor vulnerability:
https://github.com/overhangio/tutor/security/dependabot/17
2023-07-31 09:23:01 +02:00
Régis Behmo
faf43bd3b0 chore: actually do upgrade cryptography req
See: https://github.com/overhangio/tutor/security/dependabot/14
2023-07-21 12:45:29 +02:00
Régis Behmo
68a995cee7 chore: upgrade cryptography requirement
Apply security update:
https://github.com/overhangio/tutor/security/dependabot/14
2023-07-21 12:11:36 +02:00
Régis Behmo
11b2091e32 depr: halt compatibility with python 3.7 2023-06-14 19:40:58 +02:00
Régis Behmo
b3c3c4a2cc feat: upgrade to Palm
Among other changes: ORA2 file uploads were stored in a folder named
"SET-ME-PLEASE (ex.  bucket-name)" (sigh). With this change, the folder
should be automatically renamed to "openedxuploads". This issue has been
occuring since June 2019... (sigh²)

Close #707
2023-06-14 19:40:58 +02:00
Régis Behmo
fb15f21bf5 chore: upgrade requirements
Resolve vulnerability detected in this automated PR:
https://github.com/overhangio/tutor/pull/840
2023-06-06 15:30:37 +02:00
Régis Behmo
d91a49e65d chore: upgrade requirements 2023-02-27 08:41:08 +01:00
Régis Behmo
bda4e0a71c chore: upgrade reqs for python 3.7
Unfortunately, previous reqs upgrade was not compatible with python 3.7
because isort dropped support for that "almost EOL" version:
https://github.com/PyCQA/isort/pull/2064
2023-02-09 12:13:24 +01:00
Régis Behmo
7b718f6e78 chore: upgrade requirements
Cryptography in particular needs to be upgraded to 39.0.1:
https://github.com/overhangio/tutor/security/dependabot/7
https://github.com/overhangio/tutor/security/dependabot/8

Black upgrade caused minor spacing changes.
2023-02-09 12:07:09 +01:00
Régis Behmo
561460ec7f chore: upgrade to mypy 1.0.0
Now that mypy 1.0.0 is out, we can get add some elegant type aliases for
filter and action callback functions.
2023-02-09 11:55:06 +01:00
Régis Behmo
71ed7a8618 feat: refactor hooks API for simplification
The hooks API had several issues which are summarized in this comment:
https://github.com/openedx/wg-developer-experience/issues/125#issuecomment-1313553526

1. "consts" was a bad name
2. "hooks.filters" and "hooks.Filters" could easily be confused
3. docs made it difficult to understand that plugin developers should use the catalog

To address these issues, we:

1. move "consts.py" to "catalog.py"
2. Remove "hooks.actions", "hooks.filters", "hooks.contexts" from the API.
3. re-organize the docs and give better usage examples in the catalog.

This change is a partial fix for https://github.com/openedx/wg-developer-experience/issues/125
2023-01-31 10:17:58 +01:00
Régis Behmo
8f2df6a842 ci: better github release management with scriv
In scriv 1.1.0 the GitHub release description can be templated:
https://github.com/nedbat/scriv/issues/61
https://github.com/nedbat/scriv/releases/tag/1.1.0

This means that we can finally get rid of our ugly scripts to generate the
release description \o/
2023-01-17 12:12:10 +01:00
Régis Behmo
3ce022bee4 fix: "TypeError: Parameters to Generic[...]" error
People running typing-extensions==3.10 faced this error for just any tutor command:

    $ tutor version
    ...
    Traceback (most recent call last):
      File "/usr/local/bin/tutor", line 5, in <module>
        from tutor.commands.cli import main
      File "/usr/local/lib/python3.8/dist-packages/tutor/commands/cli.py", line 7, in <module>
        from tutor import exceptions, fmt, hooks, utils
      File "/usr/local/lib/python3.8/dist-packages/tutor/hooks/__init__.py", line 7, in <module>
        from . import actions, contexts, filters, priorities
      File "/usr/local/lib/python3.8/dist-packages/tutor/hooks/actions.py", line 18, in <module>
        class ActionCallback(Contextualized, t.Generic[P]):
      File "/usr/lib/python3.8/typing.py", line 261, in inner
        return func(*args, **kwds)
      File "/usr/lib/python3.8/typing.py", line 890, in __class_getitem__
        raise TypeError(
    TypeError: Parameters to Generic[...] must all be type variables

We fix this error by requiring a more recent version of typing-extensions.

See: https://discuss.openedx.org/t/tutor-v15-python-error-when-running-on-quickstart/8910/2
2022-12-13 08:02:15 +01:00
Régis Behmo
c26999ec65 feat: upgrade to olive 2022-12-12 16:55:07 +01:00
Overhang.IO
67e8f52cd6 Merge remote-tracking branch 'origin/master' into nightly 2022-11-28 10:11:21 +00:00
Régis Behmo
5929ecbc2e fix: TemplateSyntaxError with old jinja2
The following syntax is only supported in jinja2>=2.10:

    {% set jwt_rsa_key | rsa_import_key %}{{ JWT_RSA_PRIVATE_KEY }}{% endset %}

Thus, we bump the minimal working version of jinja2 in the base requirements.

See discussion: https://discuss.openedx.org/t/error-while-tutor-local-quickstart/8796
2022-11-28 10:03:59 +01:00
Régis Behmo
c06ac5b020 Merge branch 'master' into nightly 2022-11-24 17:27:47 +01:00
Régis Behmo
c886b72ae7 docs: migrate to scriv to manage changelog
Changelog management was starting to be a hassle:

- there were conflicts every time a PR was merged
- there were conflicts every time we merged the nightly branch in the new
  release branch, or vice versa.

Now, all changelog entries are stored as separate files in changelog.d,
including nightly. Nightly entries will be collected for every major release.
2022-11-24 16:15:15 +01:00
Overhang.IO
87e5bb7025 Merge remote-tracking branch 'origin/master' into nightly 2022-11-23 18:19:35 +00:00
Régis Behmo
e63d5c32e3 fix: minimum click version is 8.0
An issue was reported here: https://app.slack.com/client/T02SNA1T6/CGE253B7V

CompletionItem was introduced in 8.0, so click needs to be upgraded when
we `pip install tutor`.
2022-11-23 18:24:05 +01:00
Overhang.IO
17028c5c63 Merge remote-tracking branch 'origin/master' into nightly 2022-11-21 10:18:43 +00:00
Régis Behmo
986c3e2305 chore: upgrade requirements 2022-11-21 10:10:07 +01:00
Régis Behmo
d7c667835a Merge branch 'master' into nightly 2022-11-15 16:59:19 +01:00
Régis Behmo
33e4f33afe feat: strongly typed hooks
Now that the mypy bugs have been resolved, we are able to define more precisely
and cleanly the types of Actions and Filters.

Moreover, can now strongly type named actions and hooks (in consts.py). With
such a strong typing, we get early alerts of hooks called with incorrect
arguments, which is nothing short of awesome :)

This change breaks the hooks API by removing the `context=...` argument. The
reason for that is that we cannot insert arbitrary arguments between `P.args,
P.kwargs`: https://peps.python.org/pep-0612/#the-components-of-a-paramspec

> A function declared as def inner(a: A, b: B, *args: P.args, **kwargs:
> P.kwargs) -> R has type Callable[Concatenate[A, B, P], R]. Placing
> keyword-only parameters between the *args and **kwargs is forbidden.

Getting the documentation to build in nitpicky mode is quite difficult... We
need to add `nitpick_ignore` to the docs conf.py, otherwise sphinx complains
about many missing class references. This, despite upgrading almost all doc
requirements (except docutils).
2022-11-15 14:58:36 +01:00
Régis Behmo
883b358427 Merge branch 'master' into nightly 2022-10-03 15:13:53 +02:00
Régis Behmo
020f6d1137 depr: richie plugin is no longer official
The richie plugin was transferred to the openfun GitHub org. As a consequence,
it is no longer part of the list of official plugins.

See: https://github.com/overhangio/tutor-contrib-richie/pull/5
2022-09-30 12:09:31 +02:00
Overhang.IO
a7da98acc1 Merge remote-tracking branch 'origin/master' into nightly 2022-09-29 12:51:30 +00:00
Régis Behmo
dbb528aba4 chore: partial reqs upgrade
Oauthlib upgrade was suggested by dependabot:
https://github.com/overhangio/tutor/pull/723/files

We did not perform a full upgrade because sphinx-rtd-theme does not support
docutils 0.19, yet: https://github.com/readthedocs/sphinx_rtd_theme/issues/1323
2022-09-29 13:55:09 +02:00
Régis Behmo
4af9fed338 Merge branch 'master' into nightly 2022-06-09 20:01:26 +02:00
Régis Behmo
c4388e134c v14.0.0: upgrade to Nutmeg
- 💥 [Feature] Upgrade to Nutmeg: (by @regisb)
    - 💥 [Feature] Persistent grades are now enabled by default.
    - [Bugfix] Remove edX references from bulk emails ([issue](https://github.com/openedx/build-test-release-wg/issues/100)).
    - [Improvement] For Tutor Nightly (and only Nightly), official plugins are now installed from their nightly branches on GitHub instead of a version range on PyPI. This will allow Nightly users to install all official plugins by running ``pip install -e ".[full]"``.
    - [Bugfix] Start MongoDB when running migrations, because a new data migration fails if MongoDB is not running
2022-06-09 19:18:20 +02:00
Régis Behmo
f147fa93f1 Merge branch 'master' into nightly 2022-04-15 16:07:33 +02:00
Régis Behmo
15b219e235 feat: migrate to plugins.v1 with filters & actions
This is a very large refactoring which aims at making Tutor both more
extendable and more generic. Historically, the Tutor plugin system was
designed as an ad-hoc solution to allow developers to modify their own
Open edX platforms without having to fork Tutor. The plugin API was
simple, but limited, because of its ad-hoc nature. As a consequence,
there were many things that plugin developers could not do, such as
extending different parts of the CLI or adding custom template filters.

Here, we refactor the whole codebase to make use of a generic plugin
system. This system was inspired by the Wordpress plugin API and the
Open edX "hooks and filters" API. The various components are added to a
small core thanks to a set of actions and filters. Actions are callback
functions that can be triggered at different points of the application
lifecycle. Filters are functions that modify some data. Both actions and
filters are collectively named as "hooks". Hooks can optionally be
created within a certain context, which makes it easier to keep track of
which application created which callback.

This new hooks system allows us to provide a Python API that developers
can use to extend their applications. The API reference is added to the
documentation, along with a new plugin development tutorial.

The plugin v0 API remains supported for backward compatibility of
existing plugins.

Done:
- Do not load commands from plugins which are not enabled.
- Load enabled plugins once on start.
- Implement contexts for actions and filters, which allow us to keep track of
  the source of every hook.
- Migrate patches
- Migrate commands
- Migrate plugin detection
- Migrate templates_root
- Migrate config
- Migrate template environment globals and filters
- Migrate hooks to tasks
- Generate hook documentation
- Generate patch reference documentation
- Add the concept of action priority

Close #499.
2022-04-15 15:30:54 +02:00
Kyle McCormick
698f49854d build: NIGHTLY ONLY: install nightly branches of official plugins
For Tutor Nightly (and only Nightly), official plugins are now installed
from their nightly branches on GitHub instead of a version range on
PyPI. This will allow Nightly users to install all official plugins by
running:

    pip install -e ".[full]"

Notes:
  * We use the syntax `EGG @ git+REPO@nightly` because the
    more common syntax of `git+REPO@nightly#egg=EGG` does not work
    when supplied to setup.py's extras_require.
  * Unlike other plugins, tutor-license is still installed from PyPI,
    but without any version constraint. This is because tutor-license
    is a simple, closed-source plugin which activates Wizard edition
    for subscribers. It should be available in Nightly but doesn't
    need to be installed from its own bleeding-edge branch.
  * Unlike most nightly commits, this commit should NOT ever be
    reflected on master. When it comes time to merge nightly into
    master during the release of Nutmeg, this commit will need to
    be manually reverted from master.
  * Documentation updates have been made separately so that they
    can be merged into master.
2022-04-11 18:49:45 +02:00
Régis Behmo
89520c016f chore: upgrade mypy
As a consequence, we need to resolve a typing issue.
2022-02-21 10:59:53 +01:00
alex.soh
72843c06f9 refactor: add code coverage, cover CLI commands with tests 2022-01-04 13:40:33 +01:00