A web application for managing user experiments for Mozilla Firefox.
Перейти к файлу
dependabot[bot] 63a07414f8
chore(deps): Bump micromatch from 4.0.5 to 4.0.8 in /demo-app/frontend (#11258)
Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5
to 4.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/micromatch/releases">micromatch's
releases</a>.</em></p>
<blockquote>
<h2>4.0.8</h2>
<p>Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We
consider the issues low-priority, so even if you see automated scanners
saying otherwise, don't be scared.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md">micromatch's
changelog</a>.</em></p>
<blockquote>
<h2>[4.0.8] - 2024-08-22</h2>
<ul>
<li>backported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch</li>
</ul>
<h2>[4.0.7] - 2024-05-22</h2>
<ul>
<li>this is basically v4.0.5, with some README updates</li>
<li><strong>it is vulnerable to CVE-2024-4067</strong></li>
<li>Updated braces to v3.0.3 to avoid CVE-2024-4068</li>
<li>does NOT break API compatibility</li>
</ul>
<h2>[4.0.6] - 2024-05-21</h2>
<ul>
<li>Added <code>hasBraces</code> to check if a pattern contains
braces.</li>
<li>Fixes CVE-2024-4067</li>
<li><strong>BREAKS API COMPATIBILITY</strong></li>
<li>Should be labeled as a major release, but it's not.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8bd704ec0d"><code>8bd704e</code></a>
4.0.8</li>
<li><a
href="a0e68416a4"><code>a0e6841</code></a>
run verb to generate README documentation</li>
<li><a
href="4ec288484f"><code>4ec2884</code></a>
Merge branch 'v4' into hauserkristof-feature/v4.0.8</li>
<li><a
href="03aa805217"><code>03aa805</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/micromatch/issues/266">#266</a>
from hauserkristof/feature/v4.0.8</li>
<li><a
href="814f5f70ef"><code>814f5f7</code></a>
lint</li>
<li><a
href="67fcce6a10"><code>67fcce6</code></a>
fix: CHANGELOG about braces &amp; CVE-2024-4068, v4.0.5</li>
<li><a
href="113f2e3fa7"><code>113f2e3</code></a>
fix: CVE numbers in CHANGELOG</li>
<li><a
href="d9dbd9a266"><code>d9dbd9a</code></a>
feat: updated CHANGELOG</li>
<li><a
href="2ab13157f4"><code>2ab1315</code></a>
fix: use actions/setup-node@v4</li>
<li><a
href="1406ea38f3"><code>1406ea3</code></a>
feat: rework test to work on macos with node 10,12 and 14</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=micromatch&package-manager=npm_and_yarn&previous-version=4.0.5&new-version=4.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-29 18:01:02 +00:00
.circleci chore(ci): Change ios integration tests to run off of upstream trigger (#11254) 2024-08-29 17:29:18 +00:00
.github chore(project): Update CODEOWNERS (#11210) 2024-08-21 14:46:44 +00:00
application-services chore(nimbus): Update application-services (#11256) 2024-08-28 23:33:03 +00:00
cirrus feat(cirrus): Send preview flag in telemetry data (#11228) 2024-08-28 20:27:31 +00:00
demo-app chore(deps): Bump micromatch from 4.0.5 to 4.0.8 in /demo-app/frontend (#11258) 2024-08-29 18:01:02 +00:00
docs docs(cirrus): Cirrus QA strategy (#10902) 2024-07-02 22:33:24 +00:00
experimenter chore(ci): Change ios integration tests to run off of upstream trigger (#11254) 2024-08-29 17:29:18 +00:00
kinto fix #7879 bug(project): update remote settings configuration (#7871) 2022-10-24 16:13:30 -04:00
nginx fix #8360 feat(nimbus): Change root folder app to experimenter (#8375) 2023-03-08 13:36:51 -08:00
schemas chore(schemas): create RandomizationUnit enum (#11245) 2024-08-27 20:30:47 +00:00
scripts fix #9156 feat(schemas): typescript schema generation and npm publish (#9157) 2023-08-11 20:56:49 +00:00
.dockerignore fix #9466 chore(project): add top level dockerignore (#9468) 2023-09-21 16:49:50 +00:00
.env.integration-tests test(cirrus): Cirrus preview flag (#11167) 2024-08-26 15:56:27 +00:00
.env.sample test(cirrus): Cirrus preview flag (#11167) 2024-08-26 15:56:27 +00:00
.env.test test(cirrus): Cirrus preview flag (#11167) 2024-08-26 15:56:27 +00:00
.git-blame-ignore-revs Move legacy UI to its new home in preparation for Nimbus UI work (#3534) 2020-09-24 11:00:48 -04:00
.gitignore chore(schemas): add dupe validation to jetstream stat results schema (#10044) 2024-01-16 14:10:59 +00:00
.mailmap chore(project): Add .mailmap (#10972) 2024-07-09 15:14:15 +00:00
CODE_OF_CONDUCT.md Rename master to main fixes #2949 (#2950) 2020-06-30 13:52:09 -04:00
LICENSE Initial commit 2016-10-20 14:42:32 -04:00
Makefile chore(project): Change fenix integration tests to run off of upstream trigger. (#11233) 2024-08-27 20:41:33 +00:00
PULL_REQUEST_TEMPLATE.md chore(nimbus): Update PR template to include fixes (#9845) 2023-11-28 18:37:16 +00:00
README.md feat(nimbus): add capability to run integration tests outside of docker container (#10596) 2024-05-03 20:06:50 +00:00
contributing.md chore(project): update commit message guide (#9735) 2023-11-16 16:06:13 +00:00
docker-compose-cirrus.yml refactor(project): Update docker-compose files to use depends_on (#10649) 2024-05-03 15:46:17 +00:00
docker-compose-integration-test.yml feat(nimbus): add capability to run integration tests outside of docker container (#10596) 2024-05-03 20:06:50 +00:00
docker-compose-legacy.yml fix #8360 feat(nimbus): Change root folder app to experimenter (#8375) 2023-03-08 13:36:51 -08:00
docker-compose-prod.yml refactor(project): Update docker-compose files to use depends_on (#10649) 2024-05-03 15:46:17 +00:00
docker-compose-test.yml refactor(project): Update docker-compose files to use depends_on (#10649) 2024-05-03 15:46:17 +00:00
docker-compose.yml chore(nimbus): setup webpack for nimbus_ui_new (#10834) 2024-06-13 17:57:54 +00:00

README.md

Mozilla Experimenter

CircleCI Status

Experimenter is a platform for managing experiments in Mozilla Firefox.

Check out the 🌩 Nimbus Documentation Hub or go to the repository that house those docs.

Link Prod Staging Local Dev (Default)
Legacy Home experimenter.services.mozilla.com stage.experimenter.nonprod.dataops.mozgcp.net https://localhost
Nimbus Home /nimbus /nimbus /nimbus
Nimbus REST API /api/v6/experiments/ /api/v6/experiments/ /api/v6/experiments/
GQL Playground /api/v5/nimbus-api-graphql /api/v5/nimbus-api-graphql /api/v5/nimbus-api-graphql
Remote Settings remote-settings.mozilla.org/v1/admin remote-settings.allizom.org/v1/admin http://localhost:8888/v1/admin

Installation

General Setup

  1. Prerequisites

    On all platforms:

    On Linux:

    On MacOS:

    • Install Docker
      • Adjust resource settings
        • CPU: Max number of cores
        • Memory: 50% of system memory
        • Swap: Max 4gb
        • Disk: 100gb+
    • Install yarn

    On Windows:

    • Install WSL on Windows
      • Download from Microsoft store. Or

      • Download within Powershell.

          Open PowerShell as administrator.
          Run `wsl --install` to install wsl.
          Run `wsl --list --online` to see list of available Ubuntu distributions.
          Run `wsl --install -d <distroname>` to install a particular distribution e.g `wsl --install -d Ubuntu-22.04`.
        
      • After installation, press Windows Key and search for Ubuntu. Open it and set up username and password.

    • Download and Install Docker
      • Restart System after Installation.
      • Open Docker and go to settings.
      • Go to settings -> Resources -> WSL Integration and activate Ubuntu.
      • Click the activate and restart button to save your change.
    • Install Make and Git
      • Open the ubuntu terminal
      • You should install make using this command sudo apt-get update && sudo apt install make in the ubuntu terminal. This is necessary for the make secretkey command and other commands.
      • Ensure git is available by running git --version. If it's not recognized, install git using sudo apt install git
  2. Clone the repo

    git clone <your fork>
    
  3. Copy the sample env file

    cp .env.sample .env
    
  4. Set DEBUG=True for local development

    vi .env
    
  5. Create a new secret key and put it in .env

    make secretkey
    

    vi .env

    ...
    SECRETKEY=mynewsecretkey
    ...
    
  6. Run tests

    make check
    
  7. Setup the database

    make refresh
    

Fully Dockerized Setup (continuation from General Setup 1-7)

  1. Run a dev instance

    make up
    
  2. Navigate to it and add an SSL exception to your browser

    https://localhost/
    

Semi Dockerized Setup (continuation from General Setup 1-7)

One might choose the semi dockerized approach for:

  1. faster startup/teardown time (not having to rebuild/start/stop containers)
  2. better IDE integration

Notes:

Semi Dockerized Setup Steps
  1. Pre reqs macOS instructions:

    brew install postgresql llvm openssl yarn
    
    echo 'export PATH="/usr/local/opt/llvm/bin:$PATH"' >> ~/.bash_profile
    export LIBRARY_PATH=$LIBRARY_PATH:/usr/local/opt/openssl/lib/
    

    Ubuntu 20.04 instructions:

    # general deps (also see `poetry` link above)
    sudo apt install postgresql llvm openssl yarn
    
    # add'l deps* for poetry / python setup
    sudo apt install libpq5=12.9-0ubuntu0.20.04.1
    sudo apt install libpq-dev
    

    *Notes

    • the specific libpq5 version shown here is required for libpq-dev at time of writing
    • poetry install (next step) requires python 3.9, but there are multiple options for resolving this, see here
  2. Install dependencies

    source .env
    
    cd experimenter
    poetry install # see note above
    
    yarn install
    
  3. env values

    .env (set at root):
    DEBUG=True
    DB_HOST=localhost
    HOSTNAME=localhost
    
  4. Start postgresql, redis, autograph, kinto

    make up_db (from project root)
    
  5. Django app

    # in experimenter
    
    poetry shell
    
    yarn workspace @experimenter/nimbus-ui build
    yarn workspace @experimenter/core build
    
    # run in separate shells (`poetry shell` in each)
    yarn workspace @experimenter/nimbus-ui start
    ./manage.py runserver 0.0.0.0:7001
    

Pro-tip: we have had at least one large code refactor. You can ignore specific large commits when blaming by setting the Git config's ignoreRevsFile to .git-blame-ignore-revs:

git config blame.ignoreRevsFile .git-blame-ignore-revs

VSCode setup

  1. If using VSCode, configure workspace folders

    • Add /experimenter/ and /experimenter/experimenter folders to your workspace (File -> Add Folder to Workspace -> path/to/experimenter/experimenter)

    • From the /experimenter/experimenter folder, run yarn install

      • Make sure you are using the correct version of node

        node -v

      • Troubleshooting:

Google Credentials for Jetstream

On certain pages an API endpoint is called to receive experiment analysis data from Jetstream to display visualization tables. To see experiment visualization data, you must provide GCP credentials.

  1. Prequisites

    • Install GCP CLI
      • Follow the instructions here
      • Project: moz-fx-data-experiments
    • Verify/request project permissions
      • Check if you already have access to the storage bucket here
      • If needed, ask in #nimbus-dev for a project admin to grant storage.objects.list permissions on the moz-fx-data-experiments project
  2. Authorize CLI with your account

    • make auth_gcloud
      • this will save your credentials locally to a well-known location for use by any library that requests ADC
      • Note: if this returns Error saving Application Default Credentials: Unable to write file [...]: [Errno 21] Is a directory: ..., delete the directory and try again (rm -rf ~/.config/gcloud)
  3. The next time you rebuild the docker-compose environment, your credentials will be loaded as a volume

    • Note that this will require the existing volume to be removed (hint: run make refresh)
  4. (optional) Verify access

    • make refresh
    • make bash
    • ./manage.py shell
      • from django.core.files.storage import default_storage
        default_storage.listdir('/')
        
      • Confirm this second command prints a list instead of an error

Google Cloud Bucket for Media Storage

We support user uploads of media (e.g. screenshots) for some features.

In local development, the default is to store these files in /experimenter/media using Django's FileSystemStorage class and the MEDIA_ROOT and MEDIA_URL settings.

In production, a GCP bucket and credentials are required.

The bucket name is configured with the UPLOADS_GS_BUCKET_NAME setting. For example:

UPLOADS_GS_BUCKET_NAME=nimbus-experimenter-media-dev-uploads

For local testing of a production-like environment, The credentials should be configured as described in the previous section on Google Credentials for Jetstream.

In the real production deployment, credentials are configured via workload identity in Google Kubernetes Engine.

Usage

Experimenter uses docker for all development, testing, and deployment.

Building

make build

Build the application container by executing the build script

make compose_build

Build the supporting services (nginx, postgresql) defined in the compose file

make ssl

Create dummy SSL certs to use the dev server over a locally secure connection. This helps test client behaviour with a secure connection. This task is run automatically when needed.

make kill

Stop and delete all docker containers. WARNING: this will remove your database and all data. Use this to reset your dev environment.

make migrate

Apply all django migrations to the database. This must be run after removing database volumes before starting a dev instance.

make load_dummy_experiments

Populates the database with dummy experiments of all types/statuses using the test factories

make refresh

Run kill, migrate, load_locales_countries load_dummy_experiments. Useful for resetting your dev environment when switching branches or after package updates.

Running a dev instance

Enabling Cirrus

Cirrus is required to run and test web application experiments locally. It is disabled by default. To enable Cirrus run:

export CIRRUS=1

This will be done automatically for any Cirrus related make commands.

make up

Start a dev server listening on port 80 using the Django runserver. It is useful to run make refresh first to ensure your database is up to date with the latest migrations and test data.

make up_db

Start postgresql, redis, autograph, kinto on their respective ports to allow running the Django runserver and yarn watchers locally (non containerized)

make up_django

Start Django runserver, Celery worker, postgresql, redis, autograph, kinto on their respective ports to allow running the yarn watchers locally (non containerized)

make up_detached

Start all containers in the background (not attached to shell). They can be stopped using make kill.

make update_kinto

Pull in the latest Kinto Docker image. Kinto is not automatically updated when new versions are available, so this command can be used occasionally to stay in sync.

Running tests and checks

make check

Run all test and lint suites, this is run in CI on all PRs and deploys.

Helpful UI Testing Tips

If you have a test failing to find an element (or finding too many, etc.) and the DOM is being cut off in the console output, you can increase how much is printed by locally editing the DEBUG_PRINT_LIMIT=7000 in the Makefile (line starts with JS_TEST_NIMBUS_UI).

make py_test

Run only the python test suite.

make bash

Start a bash shell inside the container. This lets you interact with the containerized filesystem and run Django management commands.

Helpful Python Tips

You can run the entire python test suite without coverage using the Django test runner:

./manage.py test

For faster performance you can run all tests in parallel:

./manage.py test --parallel

You can run only the tests in a certain module by specifying its Python import path:

./manage.py test experimenter.experiments.tests.api.v5.test_serializers

For more details on running Django tests refer to the Django test documentation

To debug a test, you can use ipdb by placing this snippet anywhere in your code, such as within a test method or inside some application logic:

import ipdb
ipdb.set_trace()

Then invoke the test using its full path:

./manage.py test experimenter.some_module.tests.some_test_file.SomeTestClass.test_some_thing

And you will enter an interactive iPython shell at the point where you placed the ipdb snippet, allowing you to introspect variables and call methods

For coverage you can use pytest, which will run all the python tests and track their coverage, but it is slower than using the Django test runner:

pytest --cov --cov-report term-missing

You can also enter a Python shell to import and interact with code directly, for example:

./manage.py shell

And then you can import and execute arbitrary code:

from experimenter.experiments.models import NimbusExperiment
from experimenter.experiments.tests.factories import NimbusExperimentFactory
from experimenter.kinto.tasks import nimbus_push_experiment_to_kinto

experiment = NimbusExperimentFactory.create_with_status(NimbusExperiment.Status.DRAFT, name="Look at me, I'm Mr Experiment")
nimbus_push_experiment_to_kinto(experiment.id)
Helpful Yarn Tips

You can also interact with the yarn commands, such as checking TypeScript for Nimbus UI:

yarn workspace @experimenter/nimbus-ui lint:tsc

Or the test suite for Nimbus UI:

yarn workspace @experimenter/nimbus-ui test:cov

For a full reference of all the common commands that can be run inside the container, refer to this section of the Makefile

make integration_test_legacy

Run the integration test suite for experimenter inside a containerized instance of Firefox. You must also be already running a make up dev instance in another shell to run the integration tests.

make FIREFOX_VERSION integration_test_nimbus

Run the integration test suite for nimbus inside a containerized instance of Firefox. You must also be already running a make up dev instance in another shell to run the integration tests.

FIREFOX_VERSION should either be nimbus-firefox-release or nimbus-firefox-beta. If you want to run your tests against nightly, please set the variable UPDATE_FIREFOX_VERSION to true and include it in the make command.

make FIREFOX_VERSION integration_test_nimbus_rust

Run the Nimbus SDK integration tests, which tests the advanced targeting configurations against the Nimbus SDK.

FIREFOX_VERSION should either be nimbus-firefox-release or nimbus-firefox-beta. If you want to run your tests against nightly, please set the variable UPDATE_FIREFOX_VERSION to true and include it in the make command.

make FIREFOX_VERSION integration_vnc_up

First start a prod instance of Experimenter with:

make refresh&&make up_prod_detached

Then start the VNC service:

make FIREFOX_VERSION integration_vnc_up

Then open your VNC client (Safari does this on OSX or just use VNC Viewer) and open vnc://localhost:5900 with password secret. Right click on the desktop and select Applications > Shell > Bash and enter:

cd experimenter
sudo apt get update
sudo apt install tox
chmod a+rwx tests/integration/.tox
tox -c tests/integration/ -e integration-test-nimbus

This should run the integration tests and watch them run in a Firefox instance you can watch and interact with.

To use NoVNC, navgate to this url http://localhost:7902 with the password secret. Then you can follow the same steps as above.

Running Integration tests locally

  1. Install geckodriver and have it available in your path. You should be able to run geckodriver --version from your command line. On MacOS you can do brew install geckodriver if you have homebrew installed.
  2. Add your Firefox install to your path. You should be able to run firefox --version from your command line.
alias firefox="path-to/firefox"

Example for macos add this to your ~/.zshrc file:

alias firefox="/Applications/Firefox.app/Contents/MacOS/firefox"
  1. Setup experimenter:
make refresh build_integration_test SKIP_DUMMY=1 up_prod_detached

Navigate with your browser to https://localhost/nimbus to confirm everything is working. 4. Install tox:

pip install tox
  1. Run the Integration Tests using tox:
tox -c experimenter/tests/integration -e integration-test-nimbus-local
  • To run a specific test:
tox -c experimenter/tests/integration -e integration-test-nimbus-local -- -k "test_name_here[WITH_CLIENT]

Firefox should pop up and start running through your test! You can change the firefox version the tests run on by copying the path of the firefox-bin and adding it to the firefox_options fixture in the tests/integration/nimbus/conftest.py file:

firefox_options.binary = "path/to/firefox-bin"

Integration Test options

  • TOX_ARGS: Tox commandline variables.
  • PYTEST_ARGS: Pytest commandline variables.

An example using PYTEST_ARGS to run one test.

make integration_test_legacy PYTEST_ARGS="-k test_addon_rollout_experiment_e2e"

Note: You need the following firefox version flag when running integration tests

FIREFOX_VERSION=nimbus-firefox-release

An example for above:

make FIREFOX_VERSION=nimbus-firefox-release integration_test_nimbus PYTEST_ARGS=ktest_rollout_create_and_update

make integration_sdk_shell

This builds and sets up the mobile sdk for use in testing.

Testing Tools

Targeting test tool

Navigate to experimenter/tests/tools

To test a targeting expression, first add an app context named app_context.json to the experimenter/tests/tools directory.

You can then invoke the script with the --targeting-string flag:

python sdk_eval_check.py --targeting-string "(app_version|versionCompare('106.*') <= 0) && (is_already_enrolled)"

The script should return the results, either True, False, or an error.

Note that you can change the app_context live, and run the script again after.

Accessing Remote Settings locally

In development you may wish to approve or reject changes to experiments as if they were on Remote Settings. You can do so here: http://localhost:8888/v1/admin/

There are three accounts you can log into Kinto with depending on what you want to do:

  • admin / admin - This account has permission to view and edit all of the collections.
  • experimenter / experimenter - This account is used by Experimenter to push its changes to Remote Settings and mark them for review.
  • review / review - This account should generally be used by developers testing the workflow, it can be used to approve/reject changes pushed from Experimenter.

The admin and review credentials are hard-coded here, and the experimenter credentials can be found or updated in your .env file under KINTO_USER and KINTO_PASS.

Any change in remote settings requires two accounts:

  • One to make changes and request a review
  • One to review and approve/reject those changes

Any of the accounts above can be used for any of those two roles, but your local Experimenter will be configured to make its changes through the experimenter account, so that account can't also be used to approve/reject those changes, hence the existence of the review account.

For more detailed information on the Remote Settings integration please see the Kinto module documentation.

Frontend

Experimenter has two front-end UIs:

  • core is the legacy UI used for Experimenter intake which will remain until nimbus-ui supersedes it
  • nimbus-ui is the Nimbus Console UI for Experimenter that is actively being developed

Learn more about the organization of these UIs here.

Also see the nimbus-ui README for relevent Nimbus documentation.

API

API documentation can be found here

Contributing

Please see our Contributing Guidelines

License

Experimenter uses the Mozilla Public License