Release 0.30.7 #2108
Open
Release 0.30.7 #2108
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency @mui/lab to v6.0.0-beta.28 * update lockfile --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: shankar ambady <[email protected]>
* Update dependency @sentry/nextjs to v9 * update lockfile --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: shankar ambady <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Update dependency @dnd-kit/sortable to v10 * updating lockfile --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: shankar ambady <[email protected]>
* workaround for mui select focusVisible issue tmp * use legend for checkboxfield overall description * make focus outlines a bit more visible * add a comment about the typecasting
* Fix SCIM view tests * Fix user migrations for scim fields
* add MITOL_LOGOUT_SUFFIX to github actions * add dockerfile build arg * fix typo
* switch to using next_run * adding test * adding fallback for missing next runs * adding test * checking published * fixing test flakiness
* serialize contentfiles like we do with learning resources * fixing contentfile serialization * optimize loop and data fetch Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * fixing n+1 queries * adding block id to embedded metadata * adding block id as filter parameter * regenerate spec * fixing test: * some consolidation --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* make LinkAdapter use shallow * tie AskTim to drawer query param * display syllabus chat based on query param
* fix: env based _JAVA_OPTIONS for opensearch container
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
#2094) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* if the "next" query string value is sent to the logout view, pass that along to keycloak as "post_logout_redirect_uri" instead of settings.LOGOUT_REDIRECT_URL * sanitize the url before allowing redirect
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 13777606 | Triggered | Generic Private Key | 131c04e | config/keycloak/tls/tls.key.default | View secret |
| 13777608 | Triggered | Generic High Entropy Secret | 131c04e | config/keycloak/realms/default-realm.json | View secret |
| 13777609 | Triggered | Generic Password | 131c04e | config/keycloak/realms/default-realm.json | View secret |
| 13777610 | Triggered | Generic High Entropy Secret | 131c04e | config/keycloak/realms/default-realm.json | View secret |
| 10259317 | Triggered | Generic Password | 131c04e | docker-compose.services.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hello @odlbot, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
Summary of Changes
This pull request represents a release (0.30.7) and includes a variety of fixes, dependency updates, and improvements across the MIT Learn platform. Key areas of focus include SCIM integration, APISIX/Keycloak authentication, and accessibility enhancements. Several dependency updates are included, along with updates to Heroku deployment workflows and Dockerfile configurations.
Highlights
- SCIM Integration: Several fixes related to SCIM (System for Cross-domain Identity Management) have been implemented, including fixes for startIndex parsing, casing of the sort field, user search URL, user migrations, and view tests. SCIM fields have also been added to the User model.
- APISIX/Keycloak Authentication: This release introduces APISIX integration and includes a new README with instructions for authenticating via local Keycloak and APISIX containers. Changes also include the addition of
MITOL_API_LOGOUT_SUFFIXto GitHub Actions and the removal of the 'next' prefix from the app origin. - Dependency Updates: Multiple dependencies have been updated, including codecov/codecov-action, ruff, opensearchproject/opensearch docker tag, litellm, @dnd-kit/sortable, akhileshns/heroku-deploy digest, @sentry/nextjs, @mui/lab, and tldextract.
- Workflow and Dockerfile Improvements: Updates to CI and production workflows include the addition of a comment in release actions about spaces, removal of an erroneous space, addition of a comma between build args, and updates to Heroku deploy actions. The Dockerfile has been modified to create the staticfiles directory recursively.
- Accessibility and Other Fixes: Accessibility improvements have been implemented, and a fix has been added to handle the 'next' query string parameter in CustomLogoutView. Additionally, a fix has been implemented for environment-based _JAVA_OPTIONS for the Opensearch container and for the Opensearch container on ARM64-based architectures.
Changelog
Click here to see the changelog
- .github/workflows/ci.yml
- Updated codecov/codecov-action to v5.4.0.
- Removed 'next' prefix from ORIGIN environment variable.
- .github/workflows/production.yml
- Updated akhileshns/heroku-deploy digest.
- Added MITOL_API_LOGOUT_SUFFIX to environment variables.
- Added NEXT_PUBLIC_MITOL_API_LOGOUT_SUFFIX to build args.
- .github/workflows/release-candidate.yml
- Updated akhileshns/heroku-deploy digest.
- Removed 'next' prefix from ORIGIN environment variable.
- Added MITOL_API_LOGOUT_SUFFIX to environment variables.
- Added NEXT_PUBLIC_MITOL_API_LOGOUT_SUFFIX to build args.
- .pre-commit-config.yaml
- Added exclusion rules for keycloak TLS and realm config files.
- .secrets.baseline
- Added exclusion rule for keycloak TLS files.
- Dockerfile
- Changed mkdir to mkdir -p for staticfiles directory.
- README-keycloak.md
- Added a new README file with instructions on authenticating via local Keycloak and APISIX containers.
- README.md
- Updated README to point to separate keycloak readme.
- RELEASE.rst
- Added release notes for version 0.30.7.
- authentication/views.py
- Handled 'next' query string parameter in CustomLogoutView.
- Added sanitize_redirect to CustomLogoutView
- config/apisix/apisix.yaml
- Added apisix configuration file
- config/apisix/config.yaml
- Added apisix configuration file
- config/apisix/debug.yaml
- Added apisix configuration file
- config/keycloak/providers/README.md
- Added keycloak configuration file
- config/keycloak/realms/default-realm.json
- Added keycloak configuration file
- config/keycloak/tls/README.md
- Added keycloak configuration file
- config/keycloak/tls/tls.crt
- Added keycloak configuration file
- config/keycloak/tls/tls.crt.default
- Added keycloak configuration file
- config/keycloak/tls/tls.key
- Added keycloak configuration file
- config/keycloak/tls/tls.key.default
- Added keycloak configuration file
- config/litellm_config.yml
- Removed litellm configuration file
- config/nginx.conf.erb
- Increased nginx header size limit to 12k.
- config/postgres/init-keycloak.sql
- Added keycloak database initialization script.
- docker-compose.litellm.yml
- Removed litellm docker compose file
- docker-compose.opensearch.base.yml
- Updated Opensearch image tag to v2.19.1.
- Added _JAVA_OPTIONS env variable
- docker-compose.services.yml
- Added keycloak and apisix services
- Added postgres config volume
- Removed restart policy from qdrant
- docker-compose.yml
- Added env files to docker compose
- env/backend.env
- Changed MITOL_COOKIE_NAME to mitlearn
- env/backend.local.example.env
- Added APISIX/Keycloak settings
- env/frontend.env
- Added NEXT_PUBLIC_MITOL_API_LOGOUT_SUFFIX
- env/shared.env
- Added MITOL_API_LOGOUT_SUFFIX
- Added APISIX and Keycloak ports
- env/shared.local.example.env
- Added MITOL_NEW_USER_LOGIN_URL
- frontends/api/src/generated/v0/api.ts
- Added edx_block_id to VectorContentFilesSearchApi
- frontends/main/Dockerfile.web
- Added NEXT_PUBLIC_MITOL_API_LOGOUT_SUFFIX
- frontends/main/package.json
- Updated @sentry/nextjs to v9.0.0
- frontends/main/src/app-pages/ChatPage/ChatPage.tsx
- Added credentials: 'include' to fetch options
- frontends/main/src/app-pages/ChatSyllabusPage/ChatSyllabusPage.tsx
- Added credentials: 'include' to fetch options
- frontends/main/src/app-pages/DashboardPage/DashboardPage.tsx
- Added focus-visible style to TabsContainer
- frontends/main/src/common/metadata.ts
- Updated RESOURCE_DRAWER_QUERY_PARAM import to RESOURCE_DRAWER_PARAMS
- frontends/main/src/common/urls.ts
- Added MITOL_API_LOGOUT_SUFFIX
- Updated LOGOUT url
- Added RECOMMENDER_QUERY_PARAM and RESOURCE_DRAWER_PARAMS
- frontends/main/src/page-components/AiChat/AiChatWithEntryScreen.tsx
- Added data-testid to EntryScreen
- frontends/main/src/page-components/AiChat/AiRecommendationBotDrawer.tsx
- Refactored AiRecommendationBotDrawer to use RoutedDrawer
- Added RECOMMENDER_QUERY_PARAM import
- frontends/main/src/page-components/LearningResourceDrawer/LearningResourceDrawer.test.tsx
- Updated RESOURCE_DRAWER_QUERY_PARAM import to RESOURCE_DRAWER_PARAMS
- Added tests for chatExpanded and syllabus param
- frontends/main/src/page-components/LearningResourceDrawer/LearningResourceDrawer.tsx
- Updated RESOURCE_DRAWER_QUERY_PARAM import to RESOURCE_DRAWER_PARAMS
- Added chatExpanded prop to DrawerContent
- Added logic to handle syllabus param
- frontends/main/src/page-components/LearningResourceDrawer/useResourceDrawerHref.ts
- Updated RESOURCE_DRAWER_QUERY_PARAM import to RESOURCE_DRAWER_PARAMS
- frontends/main/src/page-components/LearningResourceExpanded/AiChatSyllabusSlideDown.test.tsx
- Added open prop to AiChatSyllabusSlideDown
- frontends/main/src/page-components/LearningResourceExpanded/AiChatSyllabusSlideDown.tsx
- Added open prop and toggleChat function
- frontends/main/src/page-components/LearningResourceExpanded/LearningResourceExpanded.test.tsx
- Added chatExpanded prop to setup function
- Added tests for chatExpanded and syllabus param
- frontends/main/src/page-components/LearningResourceExpanded/LearningResourceExpanded.tsx
- Added chatExpanded prop and logic to handle syllabus param
- frontends/main/src/page-components/ResourceCard/ResourceCard.test.tsx
- Updated RESOURCE_DRAWER_QUERY_PARAM import to RESOURCE_DRAWER_PARAMS
- frontends/ol-components/package.json
- Updated @dnd-kit/sortable to v10.0.0
- Updated @mui/lab to v6.0.0-beta.28
- Updated @mui/material and @mui/system to ^6.4.5
- frontends/ol-components/src/components/Checkbox/Checkbox.tsx
- Added focus-visible style to checkbox input
- frontends/ol-components/src/components/Checkbox/CheckboxChoiceField.tsx
- Added component="legend" to Label
- frontends/ol-components/src/components/Link/Link.tsx
- Refactored Link component to use LinkAdapter
- frontends/ol-components/src/components/LinkAdapter/LinkAdapter.tsx
- Added LinkAdapter component
- frontends/ol-components/src/components/RoutedDrawer/RoutedDrawer.tsx
- Added documentation to RoutedDrawer
- frontends/ol-components/src/components/SelectField/SelectField.test.tsx
- Added tests for Select component
- frontends/ol-components/src/components/SelectField/SelectField.tsx
- Added workaround for MUI Select focus issue
- frontends/ol-components/src/components/SimpleSelect/SimpleSelect.tsx
- Removed MenuItem with display: none
- frontends/ol-components/src/components/ThemeProvider/ThemeProvider.tsx
- Updated LinkAdapter import
- frontends/ol-utilities/package.json
- Updated @dnd-kit/sortable to v10.0.0
- learning_resources/models.py
- Updated for_serialization to prefetch more related objects
- main/factories.py
- Added scim_external_id and scim_username to UserFactory
- main/middleware/apisix_user.py
- Added ApisixUserMiddleware
- main/middleware/apisix_user_test.py
- Added tests for ApisixUserMiddleware
- main/settings.py
- Updated VERSION to 0.30.7
- Added ApisixUserMiddleware to MIDDLEWARE
- Added Keycloak API settings
- openapi/specs/v0.yaml
- Added edx_block_id to VectorContentFilesSearchApi
- poetry.lock
- Updated dependencies
- pyproject.toml
- Updated dependencies
- scim/adapters.py
- Updated SCIMUser adapter to use User model fields
- Updated meta and to_dict methods to use User model fields
- Updated from_dict method to populate User model fields
- Updated handle_add method to update User model fields
- scim/constants.py
- Added SORT_MAPPING and VALID_SORTS constants
- scim/urls.py
- Added re_path for users-search
- scim/views.py
- Added SearchView for /.search endpoint
- scim/views_test.py
- Updated tests to use User model fields
- Added large_user_set fixture
- Added tests for user search endpoint
- users/admin.py
- Added UserAdmin for User model
- users/migrations/0004_add_scim_and_timestamp_fields.py
- Added scim and timestamp fields to User model
- users/migrations/0005_set_user_scim_id.py
- Added migration to set user SCIM ID
- users/models.py
- Updated User model to inherit from AbstractSCIMUserMixin
- vector_search/constants.py
- Added edx_block_id to QDRANT_RESOURCE_PARAM_MAP
- vector_search/serializers.py
- Added edx_block_id to ContentFileVectorSearchRequestSerializer
- vector_search/tasks.py
- Updated start_embed_resources and embed_learning_resources_by_id to use next_run or latest run
- vector_search/tasks_test.py
- Added tests for embedded content from next run and latest run
- vector_search/utils.py
- Updated _process_content_embeddings to use QDRANT_CONTENT_FILE_PARAM_MAP
- Updated _content_file_vector_hits to include all Contentfile metadata to chunk responses
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Trivia time!
What is the origin of the name 'Heroku', the cloud platform used for deploying the backend and frontend?
Click here for the answer
The name 'Heroku' is a portmanteau of 'heroic' and 'haiku'. It was chosen to reflect the platform's ease of use and elegant design.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Code Review
This pull request updates the project to version 0.30.7 and includes several fixes and updates. The changes seem straightforward, but I have a few observations.
Summary of Findings
- Version Consistency: The version number should be consistent across all relevant files (e.g.,
RELEASE.rstandmain/settings.py).
Merge Readiness
The pull request seems generally ready for merging, but I recommend ensuring that the version number is updated consistently across all relevant files. I am unable to directly approve this pull request, and recommend that others review and approve this code before merging. Given the low severity of the comments, this can be merged after the version consistency is addressed.
odlbot
added
waiting for checkboxes
all checkboxes checked
and removed
deploying to rc
waiting for checkboxes
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Nathan Levesque
Carey P Gumaer
Matt Bertrand
Chris Chudzicki
renovate[bot]
Arslan Ashraf
Shankar Ambady