feat: Upgrade to Sumac

CHANGELOG.md

@@ -19,6 +19,21 @@ instructions, because git commits are used to generate release notes:
 
 <!-- scriv-insert-here -->
 
+<a id='changelog-19.0.0'></a>
+## v19.0.0 (2024-10-23)
+
+- 💥 [Deprecation] Drop support for python 3.8 and set Python 3.9 as the minimum supported python version. (by @Faraz32123)
+- 💥[Improvement] Rename Tutor's two branches (by @DawoudSheraz):
+  * Rename **master** to **release**, as this branch runs the latest official Open edX release tag.
+  * Rename **nightly** to **main**, as this branch runs the Open edX master branches, which are the basis for the next Open edX release.
+- 💥[Feature] Upgrade to Sumac. (by @Faraz32123)
+- [BugFix] Uwsgi workers wasn't starting properly using `UWSGI_WORKERS` flag, passing the value directly fixes the issue. (by @Faraz32123)
+- 💥[Feature] Update Credentials Image to use Ubuntu `24.04` as base OS. (by @Faraz32123)
+  - Add `mime-support` alternatives that are `media-types mailcap`.
+  - Update `python-openssl` to `python3-openssl`.
+- [Bugfix] Fix legacy warnings during Docker build. (by @regisb)
+
+
 <a id='changelog-18.0.0'></a>
 ## v18.0.0 (2024-06-07)
 

README.rst

@@ -38,7 +38,7 @@ For Copying programs that user make in `Discovery plugin <https://github.com/ove
 Using Django Admin
 ~~~~~~~~~~~~~~~~~~
 
-The credentials user interface will be available at http://credentials.local.edly.io for a local instance, and at ``CREDENTIALS_HOST`` (by  default: ``http(s)://credentials.<your lms host>``) in production. In order to run commands from the UI login with an admin user at: http://credentials.local.edly.io/admin/. User should be able to authenticate with the same username and password that he used for his lms.
+The credentials user interface will be available at http://credentials.local.openedx.io for a local instance, and at ``CREDENTIALS_HOST`` (by  default: ``http(s)://credentials.<your lms host>``) in production. In order to run commands from the UI login with an admin user at: http://credentials.local.openedx.io/admin/. User should be able to authenticate with the same username and password that he used for his lms.
 User can also create superuser for credentials using the below command
 ::
 
@@ -91,7 +91,7 @@ Application Third party authentication
 Learner Record UI configuration
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The Learner Record is configurable dynamically via runtime configuration.  To change any of the variables below, go to your LMS's Django admin Site Configuration page (for instance, http://local.edly.io/admin/site_configuration/siteconfiguration/) and add or modify corresponding JSON dict entries in the appropriate site:
+The Learner Record is configurable dynamically via runtime configuration.  To change any of the variables below, go to your LMS's Django admin Site Configuration page (for instance, http://local.openedx.io/admin/site_configuration/siteconfiguration/) and add or modify corresponding JSON dict entries in the appropriate site:
 
 - ``SUPPORT_URL_LEARNER_RECORDS`` (default: ``""``): the URL the learner is taken to when clicking the "read more in our records help area" link.
 

changelog.d/20240621_170044_regis.md

@@ -1 +0,0 @@
-- [Bugfix] Fix legacy warnings during Docker build. (by @regisb)

changelog.d/20241111_171418_faraz.maqsood_remove_py38_references.md

@@ -1 +0,0 @@
-- 💥 [Deprecation] Drop support for python 3.8 and set Python 3.9 as the minimum supported python version. (by @Faraz32123)

changelog.d/20241119_124240_dawoud.sheraz_branch_rename.md

@@ -1,3 +0,0 @@
-- 💥[Improvement] Rename Tutor's two branches (by @DawoudSheraz):
-  * Rename **master** to **release**, as this branch runs the latest official Open edX release tag.
-  * Rename **nightly** to **main**, as this branch runs the Open edX master branches, which are the basis for the next Open edX release.

setup.py

@@ -44,8 +44,8 @@ setup(
     packages=find_packages(exclude=["tests*"]),
     include_package_data=True,
     python_requires=">=3.9",
-    install_requires=["tutor>=18.0.0,<19.0.0", "tutor-discovery>=18.0.0,<19.0.0", "tutor-mfe>=18.0.0,<19.0.0"],
+    install_requires=["tutor>=19.0.0,<20.0.0", "tutor-discovery>=19.0.0,<20.0.0", "tutor-mfe>=19.0.0,<20.0.0"],
-    extras_require={"dev": ["tutor[dev]>=18.0.0,<19.0.0"]},
+    extras_require={"dev": ["tutor[dev]>=19.0.0,<20.0.0"]},
     entry_points={"tutor.plugin.v1": ["credentials = tutorcredentials.plugin"]},
     classifiers=[
         "Development Status :: 5 - Production/Stable",

tutorcredentials/__about__.py

@@ -1 +1 @@
-__version__ = "18.0.0"
+__version__ = "19.0.0"

tutorcredentials/templates/credentials/build/credentials/Dockerfile

@@ -1,8 +1,12 @@
 # syntax=docker/dockerfile:1
 ###### Minimal image with base system requirements for most stages
-FROM docker.io/ubuntu:20.04 AS minimal
+FROM docker.io/ubuntu:24.04 AS minimal
 
 ENV DEBIAN_FRONTEND=noninteractive
+
+# Delete default UID=1000 `ubuntu` user to ensure we can use id 1000 for app user
+RUN userdel -r ubuntu
+
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
     apt update && \
@@ -11,7 +15,6 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
 ENV LC_ALL=en_US.UTF-8
 {{ patch("credentials-dockerfile-minimal") }}
 
-
 ###### Install python with pyenv in /opt/pyenv and create virtualenv in /openedx/venv
 FROM minimal AS python
 # https://github.com/pyenv/pyenv/wiki/Common-build-problems#prerequisites
@@ -19,7 +22,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked apt update && \
     apt install -y libssl-dev zlib1g-dev libbz2-dev \
     libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev \
-    xz-utils tk-dev libffi-dev liblzma-dev python-openssl git
+    xz-utils tk-dev libffi-dev liblzma-dev python3-openssl git
 
 # Install pyenv
 # https://www.python.org/downloads/
@@ -36,6 +39,9 @@ RUN $PYENV_ROOT/versions/$PYTHON_VERSION/bin/python -m venv /openedx/venv
 
 ###### Checkout credentials
 FROM minimal AS code
+# Below warnings will occurr due to the variable name(have word "credentials" in it).
+# - SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "CREDENTIALS_REPOSITORY") (line 41)
+# - SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "CREDENTIALS_VERSION") (line 42)
 ARG CREDENTIALS_REPOSITORY="{{ CREDENTIALS_REPOSITORY }}"
 ARG CREDENTIALS_VERSION="{{ CREDENTIALS_REPOSITORY_VERSION }}"
 RUN mkdir -p /openedx/credentials && \
@@ -64,7 +70,7 @@ RUN --mount=type=cache,target=/openedx/.cache/pip,sharing=shared pip install \
     # https://pypi.org/project/setuptools/
     # https://pypi.org/project/pip/
     # https://pypi.org/project/wheel/
-    setuptools==69.1.1 pip==24.0 wheel==0.43.0
+    setuptools==75.1.0 pip==24.2 wheel==0.44.0
 
 # Install base requirements
 RUN --mount=type=cache,target=/openedx/.cache/pip,sharing=shared pip install -r requirements/production.txt
@@ -74,7 +80,7 @@ RUN --mount=type=cache,target=/openedx/.cache/pip,sharing=shared pip install \
     # Use redis as a django cache https://pypi.org/project/django-redis/
     django-redis==5.4.0 \
     # uwsgi server https://pypi.org/project/uWSGI/
-    uwsgi==2.0.24
+    uwsgi==2.0.27
 
 {{ patch("credentials-dockerfile-post-python-requirements") }}
 
@@ -102,7 +108,7 @@ FROM minimal AS production
 # Install system requirements
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked apt update \
-    && apt install -y libxml2 libmysqlclient-dev mime-support
+    && apt install -y libxml2 libmysqlclient-dev media-types mailcap
 
 # From then on, run as unprivileged "app" user
 ARG APP_USER_ID=1000
@@ -110,7 +116,7 @@ RUN if [ "$APP_USER_ID" = 0 ]; then echo "app user may not be root" && false; fi
 RUN useradd --home-dir /openedx --create-home --shell /bin/bash --uid ${APP_USER_ID} app
 USER ${APP_USER_ID}
 
-# change file ownership to the new app user
+# Change file ownership to the new app user
 COPY --chown=app:app --from=code /openedx/credentials /openedx/credentials
 COPY --chown=app:app --from=python /opt/pyenv /opt/pyenv
 COPY --chown=app:app --from=python-requirements /openedx/venv /openedx/venv
@@ -129,6 +135,8 @@ RUN python manage.py compilemessages
 
 # Setup minimal yml config file, which is required by production settings
 RUN echo "{}" > /openedx/config.yml
+# Below warning will occurr due to the variable name(have word "credentials" in it).
+# - SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "CREDENTIALS_CFG") (line 136)
 ENV CREDENTIALS_CFG=/openedx/config.yml
 
 {{ patch("credentials-dockerfile-pre-assets") }}
@@ -152,13 +160,13 @@ EXPOSE 8000
 ###### Final image with production cmd
 FROM production AS final
 
-CMD uwsgi \
+CMD ["uwsgi", \
-    --static-map /static=/openedx/credentials/credentials/assets \
+    "--static-map", "/static=/openedx/credentials/credentials/assets", \
-    --static-map /media=/openedx/credentials/credentials/media \
+    "--static-map", "/media=/openedx/credentials/credentials/media", \
-    --http 0.0.0.0:8000 \
+    "--http", "0.0.0.0:8000", \
-    --thunder-lock \
+    "--thunder-lock", \
-    --single-interpreter \
+    "--single-interpreter", \
-    --enable-threads \
+    "--enable-threads", \
-    --processes=${UWSGI_WORKERS:-2} \
+    "--processes=2", \ 
-    --buffer-size=8192 \
+    "--buffer-size=8192", \
-    --wsgi-file credentials/wsgi.py
+    "--wsgi-file", "credentials/wsgi.py"]