* access policy: Improve the rendering
* access policy: Comment the old content until it is addressed
* Minor fix around HTML comment
Co-authored-by: Steve Jalim <steve@stevejalim.net>
* Adding cdn tests
Using a cdn mark to allow skipping or only running the cdn tests
uses ssllabs to get the tls/cipher information
That can be fairly slow, so trying to ensure it only happens once per run - so caching to a json file
* migrating existing tests into the functional area
* formatting failed in circle
* Move Bedrock to pip-compile-multi for easier Python dependency management
This changeset adds tooling to ease dependency management and also rationalises
our requirements files.
Before, we were just using hashin to manually hash pinned deps straight into a requirements file
Now we're using pip-compile-multi, which sits on top of pip-tools to do this.
We now get:
* Simpler syntax for adding and pinning dependencies via *.in files
* Automatic hash generation when the *.txt requirements files are produced
The dependency compilation/update tooling runs in a Docker container, so will be compatible
with the deployed service's containers.
We're also rationalising the existing split of dependency files:
* base -> being retired and used as the basis for prod requirements
* migration -> being retired and the two deps still useful to us (for moz-l10n-lint)
added to dev deps
* dev -> now extends from the prod requirements. We're not too concerned about image
size for dev and test builds
* prod -> still exists, but includes the base deps
* docs -> still exists as a standalone file, but also follows the "*.in"-file pattern
* Regenerate dependency files using pip-compile-multi
Note that to avoid clashes, the following balances were made:
* Keep meinheld at the lower version used in prod.txt, not the dev.txt one -- for now at least
* Downgrade Markdown to 3.3 to avoid a clash over importlib-metadata version
* Remove importlib-metadata==4.10.1 altogether as a hard pin and let pip-compile-multi work out the best fit
* Update docs to reference pip-compile-multi, replacing now-redundant notes on hashin
* Update Dockerfile to copy over and use freshly recut dependency files
* Attempting to tune deps to allow local builds to work, not just Docker ones
* Update pip-compile-multi config to inject a custom header that explains how to rebuild reqs
* Update Bedrock to use Python 3.9
* Update base images
* Update CI
* Update dependencies to make install run -- this involved manually using hashin to upgrade two hashed deps (greenlet and meinheld) then re-running make compile-requirements to update the top-level hash in prod.txt. It's a bit of a chicken-and-egg situation when the deps are built/re-locked in a container but you can't build the container itself unless the deps are viable, but it worked
* Upgrade everett in order to remove configobj, which is redundant and causing local install issues on MacOS M1
* Drop backports.cached-property and typed-ast from dev reqs because we don't need them on 3.9
* Update docs with local-installation guidance for pyenv and pyenv-virtualenv
* Remove 'upgrade requirements' option
Given that the --upgrade flag is implicitly / by-default true with
pip-compile-multi anyway, plus the fact we're hard-pininng everything,
there's no point having an explicit 'upgrade' path - so let's remove it
* Docs tweak to suggest simpler virtualenv name
* Update help option in Makefile
* Pin version of pip in the compile-requirements script
When unpinned, the build suddenly broke, so we're keeping it under strict
limits for now
* Upgrade Django to 2.2.27
* Upgrade newrelic package to latest, incl py3.9 support
* Switch to Python 3.9 Debian bullseye image, from buster
* Rationalise dependency input files to remove over-pinned subdeps
When we moved from hand-managed requirements.txt files, we were taking on files
that had literally every dependency and thier sub-deps in them. We don't want
the input (*.in) files to reference those subdeps, so this changeset tries to
thin things out and remove them
Note that the diff shows this was successful - there are very few changes to
the dependencies being mentioned in the output *.txt files, and the ones that
are there are all deliberate changes (eg removing 'pbr')
* Drop unused tenacity dep, bump APScheduler and link to a Python 3.9-patched version of mdx-outline
* Add --require-hashes option to pip usage in Dockerfile
It's implicitly set because the reqs files feature --hash=XXX
but better to be explicit
* Drop what appear to be redundant top-level dev dependencies
regex, pep8 and wcwidth appear to be subdeps that don't need pinning.
The others appear to not be in used, based on a search of the codebase.
Tests till pass
* Thin out some unnecessary top-level deps in prod.in
- funcsigs - old backport, redundant
- lxml - over-pinned subdep of BeautifulSoup?
- typing_extensions - over-pinned subdep
- zipp - over-pinned subdep
* Cap pip version to 21 for pip-compile-multi for now
* Reinstate lxml as a first-class dep: BeautifulSoup needs it as a user-specified parser
* Fix typo in pip-compile-multi header
* Hard-pin latest working combo of pip + pip-tools in compile-requirements.sh
* Update docs explaining why we're using 3.9.10 locally
* 9575: Expand test coverage for some of firefox_details to check both three and two-digit major version numbers
* 9575: Minor test expansion for three-digit FF
* 9575: More small FF100 test expansions - iOS and Android
* 9575: More small FF100 test expansions - releasenotes models
* 9575: More small FF100 test expansions - releasenotes listing/index view
dependabot[bot]
Alex Gibson
Sylvestre Ledru
Ayushsunny
maureenlholland
Alan
Paul McLanahan
Benjamin Beurdouche
Steve Jalim
Craig Cook
Ed Lee
Rob Hudson
maureenlholland