Merge branch 'onaio:main' into main

Author: skngetich

.dockerignore

@@ -0,0 +1,19 @@
+# ignore everthing
+**
+# allow the following
+!onadata
+!requirements
+!manage.py
+!LICENSE
+!pyproject.toml
+!setup.cfg
+!setup.py
+!uwsgi.ini
+!extras
+!Makefile
+!docs
+
+# we finally again ignore the following from the folders allowed above
+**/*tests
+**/*test
+**/*__pycache__

.github/workflows/ci.yml

@@ -1,7 +1,9 @@
 name: CI
 on:
-  - push
-  - pull_request
+  pull_request:
+    branches: ["main"]
+  push:
+    branches: ["main"]
 concurrency:
   group: ci-${{ github.workflow }}-${{ github.actor }}-${{ github.sha }}
   cancel-in-progress: true
@@ -21,7 +23,7 @@ jobs:
       - name: Setup python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.9
+          python-version: "3.10"
           architecture: "x64"
           cache: "pip"
           cache-dependency-path: |
@@ -38,6 +40,7 @@ jobs:
       - name: Install Pip requirements
         run: |
           pip install -U pip
+          pip install wheel
           pip install -r requirements/base.pip
           pip install -r requirements/dev.pip
           pip install -r requirements/azure.pip
@@ -82,7 +85,7 @@ jobs:
       - name: Setup python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.9
+          python-version: "3.10"
           architecture: "x64"
           cache: "pip"
           cache-dependency-path: |
@@ -139,7 +142,7 @@ jobs:
       - name: Setup python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.9
+          python-version: "3.10"
           architecture: "x64"
           cache: "pip"
           cache-dependency-path: |
@@ -181,11 +184,9 @@ jobs:
       - name: Build Docker image
         uses: docker/build-push-action@v3
         with:
-          context: ./docker/onadata-uwsgi
-          file: ./docker/onadata-uwsgi/Dockerfile
+          context: .
+          file: ./docker/onadata-uwsgi/Dockerfile.ubuntu
           platforms: linux/amd64
-          build-args: |
-            release_version=${{ github.head_ref || github.base_ref || env.version }}
           push: false
           tags: |
             onaio/onadata:${{ github.head_ref || github.base_ref || env.version }}
@@ -238,7 +239,7 @@ jobs:
           echo "SUMMARY=$summary" >> $GITHUB_ENV
 
       - name: Send Slack Notification
-        uses: slackapi/slack-github-action@v1.19.0
+        uses: slackapi/slack-github-action@v1.23.0
         if: github.event_name == 'push'
         with:
           payload: |

.github/workflows/docker-image-build.yml

@@ -8,11 +8,6 @@ on:
     branches:
       - "main"
   workflow_dispatch:
-      inputs:
-          versionTag:
-              description: "Version Tag"
-              required: true
-              default: ''
 
 jobs:
   main:
@@ -29,12 +24,12 @@ jobs:
 
       - name: Get the version
         id: get-version
-        if: github.event.inputs.versionTag == '' && github.event_name != 'push'
+        if: github.event_name != 'push' && github.event_name != 'workflow_dispatch'
         run: echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
 
       - name: Get the branch name
         id: get-branch-name
-        if: github.event_name == 'push'
+        if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
         run: echo "version=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
 
       - name: Login to DockerHub
@@ -55,15 +50,14 @@ jobs:
         id: docker_build
         uses: docker/build-push-action@v2
         with:
-          context: ./docker/onadata-uwsgi
-          file: ./docker/onadata-uwsgi/Dockerfile
+          context: .
+          file: ./docker/onadata-uwsgi/Dockerfile.ubuntu
           platforms: linux/amd64,linux/arm64
           build-args: |
-            release_version=${{ github.event.inputs.versionTag || env.version }}
             optional_packages=PyYAML django-redis
           push: true
           tags: |
-            onaio/onadata:${{ github.event.inputs.versionTag || env.version }}
+            onaio/onadata:${{ env.version || github.ref_name }}
 
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/ecr-image-build.yml

@@ -7,35 +7,26 @@ on:
   push:
     branches:
       - "main"
+      - "*-rc"
   workflow_dispatch:
-      inputs:
-          versionTag:
-              description: "Version Tag"
-              required: true
-              default: ''
+    buildAlpine:
+      description: Whether to build an Alpine based image
+      required: false
+      type: boolean
+      default: false
 
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Get the version
-        id: get-version
-        if: github.event.inputs.versionTag == '' && github.event_name != 'push'
-        run: echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
-
-      - name: Get the branch name
-        id: get-branch-name
-        if: github.event_name == 'push'
-        run: echo "version=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
+        uses: docker/setup-buildx-action@v2
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
@@ -57,29 +48,62 @@ jobs:
           mkdir -p ~/.ssh
           ssh-keyscan github.com > ~/.ssh/known_hosts
 
-      - name: Build and push
-        id: docker-build
+      - name: Get the version
+        id: get-version
+        if: github.event_name != 'push'
+        run: echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+
+      - name: Get the branch name
+        id: get-branch-name
+        if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+        run: echo "version=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
+
+      - name: (Ubuntu) Build and push
+        id: docker-build-ubuntu
         uses: docker/build-push-action@v2
         with:
-          context: ./docker/onadata-uwsgi
-          file: ./docker/onadata-uwsgi/Dockerfile
+          context: .
+          file: ./docker/onadata-uwsgi/Dockerfile.ubuntu
           platforms: linux/amd64
+          cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version }}
+          cache-to: type=inline
           ssh: |
             default=/tmp/ssh-agent.sock
           build-args: |
-            release_version=${{ github.event.inputs.versionTag || env.version }}
             optional_packages=PyYAML django-redis ${{ secrets.ECR_OPTIONAL_PACKAGES }}
           push: true
           tags: |
-            ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ github.event.inputs.versionTag || env.version }}
+            ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version || github.ref_name }}
+
+      - name: (Alpine) Build and push
+        id: docker-build-alpine
+        uses: docker/build-push-action@v2
+        if: github.event.inputs.buildAlpine
+        with:
+          context: .
+          file: ./docker/onadata-uwsgi/Dockerfile.alpine
+          platforms: linux/amd64
+          cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version }}
+          cache-to: type=inline
+          ssh: |
+            default=/tmp/ssh-agent.sock
+          build-args: |
+            optional_packages=PyYAML django-redis ${{ secrets.ECR_OPTIONAL_PACKAGES }}
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version || github.ref_name }}-alpine
+
+      - name: (Ubuntu) Image digest
+        run: echo ${{ steps.docker-build-ubuntu.outputs.digest }}
 
-      - name: Image digest
-        run: echo ${{ steps.docker-build.outputs.digest }}
+      - name: (Alpine) Image digest
+        if: github.event.inputs.buildAlpine
+        run: echo ${{ steps.docker-build-alpine.outputs.digest }}
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ github.event.inputs.versionTag || env.version }}
+          image-ref: ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version || github.ref_name }}
           format: 'sarif'
           output: 'trivy-results.sarif'
 
@@ -91,7 +115,7 @@ jobs:
       - name: Run Trivy vulnerability scanner for Slack
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ github.event.inputs.versionTag || env.version }}
+          image-ref: ${{ steps.login-ecr.outputs.registry }}/onaio/onadata:${{ env.version || github.ref_name }}
           format: json
           output: 'trivy-results.json'
 
@@ -105,11 +129,11 @@ jobs:
           echo "SUMMARY=$summary" >> $GITHUB_ENV
 
       - name: Send Slack Notification
-        uses: slackapi/slack-github-action@v1.19.0
+        uses: slackapi/slack-github-action@v1.23.0
         with:
           payload: |
             {
-              "text": "Trivy scan results for ${{ github.event.inputs.versionTag || steps.get-version-release.outputs.VERSION || github.base_ref }}",
+              "text": "Trivy scan results for ${{ env.version || github.ref_name }}",
               "blocks": [
                 {
                   "type": "section",
@@ -122,7 +146,7 @@ jobs:
                   "type": "section",
                   "text": {
                     "type": "mrkdwn",
-                    "text": "View scan results: https://github.com/${{ github.repository }}/security."
+                    "text": "View scan results: https://github.com/${{ github.repository }}/security/code-scanning?query=branch:${{ env.version || github.ref_name }}+is:open++"
                   }
                 }
               ]

.pylintrc

@@ -15,7 +15,7 @@ ignore-patterns=
 
 # Python code to execute, usually for sys.path manipulation such as
 # pygtk.require().
-#init-hook=
+init-hook="from pylint.config import find_pylintrc; import os, sys; sys.path.append(os.path.dirname(find_pylintrc()))"
 
 # Use multiple processes to speed up Pylint.
 jobs=1

CHANGES.rst

@@ -3,6 +3,55 @@ Changelog for Onadata
 
 ``* represents releases that introduce new migrations``
 
+v3.9.0(2023-05-02)
+-----------------
+
+- Add azure token to media files urls
+  `PR #2388 <https://github.com/onaio/onadata/pull/2388>`
+  [@ciremusyoka]
+- Pass user-provided values as parameters
+  `PR #2394 <https://github.com/onaio/onadata/pull/2394>`
+  [@KipSigei]
+- Handle scenario where an inactive user is part of an Organization
+  `PR #2374 <https://github.com/onaio/onadata/pull/2374>`
+  [@DavisRayM]
+- Dependabot updates
+  `PR #2397 <https://github.com/onaio/onadata/pull/2397>`
+  [@KipSigei]
+- Allow authenticated users to download public form exports
+  `PR #2396 <https://github.com/onaio/onadata/pull/2396>`
+  [@ciremusyoka]
+- Update savreaderwriter version
+  `PR #2399 <https://github.com/onaio/onadata/pull/2399>`
+  [@DavisRayM]
+- ignore .python-version
+  `PR #2402 <https://github.com/onaio/onadata/pull/2402>`
+  [@kelvin-muchiri]
+- fix bug NoneType object has no attribute push
+  `PR #2403 <https://github.com/onaio/onadata/pull/2403>`
+  [@kelvin-muchiri]
+- Fix IndexError exception raised when comparing functions
+  `PR #2408 <https://github.com/onaio/onadata/pull/2403>`
+  [@DavisRayM]
+- Bump base image
+  [@DavisRayM]
+  `PR #2409 <https://github.com/onaio/onadata/pull/2409>`
+- Add statistics endpoint for actstream actions
+  `PR #2390 <https://github.com/onaio/onadata/pull/2390>`
+  [@DavisRayM]
+- Prevent numeric usernames on user creation
+  [@KipSigei]
+  `PR #2407 <https://github.com/onaio/onadata/pull/2407>`
+- Assign default team project role to users
+  `PR #2401 <https://github.com/onaio/onadata/pull/2401>`
+  [@DavisRayM]
+- [SAV Exports] Ensure duplicate metadata fields are handled accordingly
+  `PR #2412 <https://github.com/onaio/onadata/pull/2412>`
+  [@DavisRayM]
+- Strengthen password standards for users
+  `PR #2414 <https://github.com/onaio/onadata/pull/2414>`
+  [@DavisRayM]
+
 v3.8.6(2023-03-07)
 ------------------
 - Handle cases of duplicate metadata fields within exports