Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge export, log and proxy repositories #1675

Merged
merged 522 commits into from
Dec 13, 2023
Merged

Merge export, log and proxy repositories #1675

merged 522 commits into from
Dec 13, 2023

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Dec 11, 2023
edited by zenmonkeykstop
Loading

Description

This begins implementing the SecureDrop Workstation component monorepo, as discussed in https://github.com/freedomofpress/securedrop-engineering/pull/32.

Test Plan

  • CI passes, except proxy bookworm jobs (because of pyyaml)
  • "Required" job names are updated by infra
  • Visual review & team thumbs-up

Post-merge tasks

emkll and others added 30 commits March 23, 2020 12:38
@emkll
Merge pull request #61 from freedomofpress/logging
1240998 
logging audit
@emkll
application/x-desktop -> open-in-dvm
ad40a19
@emkll
Adds view-only parameter to open-in-dvm.desktop
5e2955d 
Ensures changes to a file opened in a dvm are not copied back to the calling vm
@emkll
securedrop-export 0.2.2
ee0e73a
@conorsch
Merge pull request #60 from freedomofpress/961-desktop-files
dfe96e9 
Update mimeapps for securedrop-export, securedrop-export 0.2.2
@redshiftzero
Merge pull request #54 from freedomofpress/docs-fix-readme
bdaff89 
Update description in README to mirror current implementation
@emkll
securedrop-export 0.2.3
98ace34
@conorsch
Merge pull request #63 from freedomofpress/export-023
4fde17b 
securedrop-export 0.2.3
@kushaldas
Fixes#68 uses incoming timeout value from JSON
4bfc44e 
Now we are using the incoming timeout value from the JSON input.
@rmol
Increase the proxy's default timeout
bcfa19f 
Increase the default Requests connection and read timeout from ten to
120 seconds.
@sssoleileraaa
Merge pull request #70 from freedomofpress/increase-default-timeout
35cbb4f 
Increase the proxy's default timeout
@emkll
securedrop-proxy 0.2.1
d970746
@redshiftzero
Merge pull request #71 from freedomofpress/release-0.2.1
6218f74 
securedrop-proxy 0.2.1
@emkll
Update pyyaml to 5.3.1
0151103 
Addresses CVE-2020-1747
@emkll
Update to PyYAML 5.3.1 in build-requirements
cb4b5ab 
Use the wheel hosted on pip mirror
@kushaldas
Merge pull request #73 from freedomofpress/pyyaml-531
714159d 
Update PyYAML to 5.3.1
@sssoleileraaa
Merge pull request #69 from freedomofpress/use_proper_timeout
d78144a 
Uses incoming timeout value from JSON
@redshiftzero
securedrop-proxy 0.3.0
200c194
@rmol
Merge pull request #74 from freedomofpress/release/0.3.0
ffa4cb3 
securedrop-proxy 0.3.0
@rmol
Add the fixture for test_json_response_with_timeout
c24a7a7
@kushaldas
Fixes #57 runs black & isort for code formatting
f9bcbd3 
To have latest black, we need updated typed-ast,
for that we have to upgrade mypy too, and for mypy
upgrade to work, we had to upgrade the mypy-extensions.

It first runs isort to check if it passes, and then
it runs black. Both uses 100 as line length.

setup.py marks Python version as >= 3.7 as we are testing
and running the code only on 3.7 on Debian Buster.

Also contains the formatting change in proxy.py for black
check to run sucessfully on CI.
@kushaldas
Auto fixes from isort and black
787844d
@kushaldas
Adds a .git-blame-ignore-revs file
32e6271 
It adds a configuration file to skip the previous commmit
which has isort and black formatting changes.

```
git config blame.ignoreRevsFile .git-blame-ignore-revs
````

After one executes the above command, `git blame` does not show
details for the formatting commit.
@rmol
Merge pull request #61 from freedomofpress/run_black_run_in_ci_and_on…
f6c2f9a 
…_dev

Fixes #57 runs black & isor for code formatting check
@redshiftzero
Merge pull request #75 from freedomofpress/add-timeout-fixture
683ba7b 
Add the fixture for test_json_response_with_timeout
@emkll
Create codeql-analysis.yml
bf75744
@eloquence
Use qubesdb-read instead of gethostname
00d5ba1 
This prevents misidentification of Whonix VMs, which always use
'host' as the hostname.
@zenmonkeykstop
Updated dependencies to clear safety checks
df49576 
- updated urllib3 from 1.25.8 to 1.25.10
- updated pip-tools to >=5.0.0 to clear pip-related error
- Updated Makefile to pin pip and setuptools in dev requirements
@zenmonkeykstop
updated urllib3 and requests in build requirements
c2b295a
@emkll
Merge pull request #76 from freedomofpress/safety-update-urllib3
9fef2d8 
Updated dependencies to clear safety checks
eaon and others added 18 commits August 1, 2023 12:31
@eaon @legoktm
Bump certifi dev dependency due to removal of root certificate
cf8bf95
@legoktm
Merge pull request #123 from freedomofpress/bump-certifi
3c10e04 
Bump certifi dev dependency due to removal of root certificate
@legoktm
Use types-redis<4, drop cryptography and other dev dependencies
bcc250b 
We're still using redis==3.3.11, so we should be pulling in those type
stubs and not the ones for v4. Coincidentally, those stubs also happen
to not have dependencies on cryptography and types-pyOpenSSL, which is
very nice.

Refs <GHSA-jm77-qphf-c4w8>.
@rocodes
Merge pull request #40 from freedomofpress/bump-cryptography
487707a 
Use types-redis<4, drop cryptography and other dev dependencies
@eloquence @legoktm
Switch dependency management to Poetry
ed54ff4
@eloquence @legoktm
Update CircleCI config to use Poetry
2891a69 
We're installing the Poetry system package on Debian Bookworm -- that's
generally a preferable strategy going forward, and in fact, pip
will error out if you attempt to install it from PyPI. This
necessitates some conditional logic we can drop once we move fully
to Bookworm.
@legoktm
Merge pull request #122 from freedomofpress/only-poetry
91056fd 
Use Poetry for dependency management
@legoktm
Migrate dependency management to poetry
21545a0 
Switch dependency management to use poetry, which is much nicer than
pip-tools. This is largely based off of
<freedomofpress/securedrop-proxy#122> and
applies the same changes to the Makefile and CI.
@legoktm
Migrate dependency management to poetry
5b2f653 
Switch dependency management to use poetry, which is much nicer than
pip-tools. This is largely based off of
<freedomofpress/securedrop-proxy#122> and
applies the same changes to the Makefile and CI.
@rocodes
Merge pull request #41 from freedomofpress/only-poetry
29810a7 
Migrate dependency management to poetry
@rocodes
Merge pull request #127 from freedomofpress/only-poetry
cbc20cd 
Migrate dependency management to poetry
@legoktm
Move client files into client/ folder
9973f9e
@legoktm
Move export files into export/ folder
c519b08
@legoktm
Merge branch 'main' of https://github.com/freedomofpress/securedrop-e…
342c002 
…xport
@legoktm
Move log files into log/ folder
5a01a42
@legoktm
Merge branch 'main' of https://github.com/freedomofpress/securedrop-log
325241c
@legoktm
Move proxy files into proxy/ folder
1666d1e
@legoktm
Merge branch 'main' of https://github.com/freedomofpress/securedrop-p…
4e87906 
…roxy
@legoktm legoktm requested a review from a team as a code owner December 11, 2023 22:32
@legoktm
Merge CircleCI manifests into one
aed4155 
This is a very naive complete merge by prefixing anchors and job names
with component names. De-duplication and consolidation will happen in
future commits.
@legoktm legoktm mentioned this pull request Dec 11, 2023
Merged
@legoktm
Copy link
Member Author

legoktm commented Dec 12, 2023

CI failures for proxy on bookworm are expected, the one that isn't is proxy_check-python-security-bullseye: it's because there are 2 urllib3 security issues - they don't affect us, so we just need to suppress them, either in this PR or as a follow-up.

zenmonkeykstop
zenmonkeykstop approved these changes Dec 13, 2023
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For now, individual packages can be built via PKG_PATH=<clientsrcpath>/<whatever> make securedrop-<whatever>, so 👍 from me on the merge! Versioning unification and build logic can follow after.

@legoktm
Add a short README that covers the monorepo
24dd559 
The language is roughly taken from the client README.
@zenmonkeykstop zenmonkeykstop merged commit fde9306 into main Dec 13, 2023
33 of 38 checks passed
@zenmonkeykstop zenmonkeykstop deleted the monorepo branch December 13, 2023 20:42
@cfm cfm mentioned this pull request Apr 4, 2024
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.