Merge branch 'main' into dark-mode

.devcontainer/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.9-slim as main
+FROM python:3.12-slim as main
 
 # use a non-root user (https://code.visualstudio.com/remote/advancedcontainers/add-nonroot-user)
 ARG USERNAME=hedy
@@ -48,4 +48,4 @@ RUN pip3 install --no-cache-dir -r /tmp/requirements.txt
 COPY --from=node_builder /app/node_modules /var/tmp/node_modules
 
 EXPOSE 8080
-ENV SHELL /bin/bash
+ENV SHELL /bin/bash

.github/workflows/autoapprove.yml

@@ -0,0 +1,20 @@
+# Automatically approve certain Pu
+# which will be auto-approved.
+name: Autoapprove
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  auto-approve:
+    if: |
+      github.event.pull_request.user.login == 'weblate' ||
+      contains(github.event.pull_request.labels.*.name, 'translations')
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    steps:
+    - uses: hmarr/[email protected]
+      with:
+        github-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/build-offline.yml

@@ -0,0 +1,59 @@
+name: Build offline Hedy
+on:
+  # Can be run on-demand
+  workflow_dispatch: {}
+
+  # Runs when 'deploy to prod' runs
+  workflow_run:
+    workflows: ["Deploy to hedy.org"]
+    types: [requested]
+    branches:
+      - 'main'
+
+jobs:
+  build:
+    runs-on: windows-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.9
+        cache: 'pip'
+    - name: Set up NodeJS 18
+      uses: actions/setup-node@v3
+      with:
+        node-version: 18
+        cache: 'npm'
+    - name: 'Install npx'
+      run: npm install -g npx
+    - run: pip install -r requirements.txt
+      name: 'Python requirements'
+    - run: doit run _offline
+    - name: Smoke test the build
+      run: cd dist && offlinehedy/run-hedy-server --smoketest
+
+    - uses: fregante/daily-version-action@v2
+      name: Create tag if necessary
+      id: daily-version
+
+    - name: Create zip file
+      # Because we're on Windows
+      run: |
+        cd dist/offlinehedy &&  Compress-Archive -Path . -Destination ../../offlinehedy-${{ steps.daily-version.outputs.version }}.zip
+
+
+    - if: steps.daily-version.outputs.created
+      name: Create Release
+      uses: shogo82148/actions-create-release@v1
+      id: create_release
+      with:
+        tag_name: ${{ steps.daily-version.outputs.version }}
+        generate_release_notes: true
+
+    - name: Upload Assets
+      if: steps.daily-version.outputs.created
+      uses: shogo82148/actions-upload-release-asset@v1
+      with:
+        upload_url: ${{ steps.create_release.outputs.upload_url }}
+        asset_path: '*.zip'

.github/workflows/cypresstests.yml

@@ -19,10 +19,10 @@ jobs:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - name: Set up Python 3.9
+    - name: Set up Python 3.12
       uses: actions/setup-python@v4
       with:
-        python-version: 3.9
+        python-version: 3.12
     - name: Install Python dependencies
       run: |
         python3 -m pip install --upgrade pip

.github/workflows/deploy-to-alpha-manually.yml

@@ -0,0 +1,13 @@
+name: Manually deploy to Alpha
+on:
+  workflow_dispatch: {}
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: akhileshns/[email protected] # This is the action
+        with:
+          heroku_api_key: ${{secrets.HEROKU_API_KEY}}
+          heroku_app_name: hedy-alpha
+          heroku_email: [email protected]

.github/workflows/deploy-to-alpha.yml

@@ -1,5 +1,6 @@
 name: Automatically deploy to Alpha
 on:
+
   # Run this AFTER the unit test job finishes
   workflow_run:
     # Must be the same as in unittests.yml, cypresstests.yml

.github/workflows/deploy-to-prod.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Restrict who can run this workflow
-      - if: github.actor != 'Felienne'
+      - if: github.actor != 'Felienne' && github.actor != 'jpelay'
         run: |
           echo "You must be Felienne to run this workflow :D" >&2
           exit 1
@@ -17,3 +17,9 @@ jobs:
           heroku_api_key: ${{secrets.HEROKU_API_KEY}}
           heroku_app_name: hedy-beta
           heroku_email: [email protected]
+      - name: "Send message on Discord"
+        if: success()
+        uses: discord-actions/message@v2
+        with:
+          webhookUrl: ${{ secrets.DISCORD_WEBHOOK }}
+          message: "Deployed to hedy.org"

.github/workflows/resolve-weblate-conflict.yml

@@ -0,0 +1,122 @@
+name: Resolve Weblate conflicts
+
+on:
+  workflow_dispatch: {}
+
+jobs:
+  resolve_weblate:
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      # Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
+      contents: write
+      # For commenting on a PR
+      pull-requests: write
+
+    steps:
+    - name: Check for presence of GitHub Token
+      id: secret
+      run: |
+        if [ ! -z "${{ secrets.HEDY_BOT_TOKEN }}" ]; then
+          echo "We have a token!"
+          echo "secret=${{ secrets.HEDY_BOT_TOKEN }}" >> $GITHUB_OUTPUT
+        else
+          echo "We do not have a token"
+          echo "secret=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT
+        fi
+
+    #----------------------------------------------------------------------
+    #  Checkout source
+    #
+    # We need to pass the token here -- the commit action below will not overwrite the token to push.
+    # This is necessary to bypass branch protection (which will disallow non-reviewed pushes otherwise)
+    #
+    # Make a distinction between Pull Request checkout and Push checkout. Push checkout
+    # works mostly automatically, but for PRs we must be very explicit to get the right
+    # branch and also support forks.
+    - uses: actions/checkout@v4
+      name: Checkout branch
+      with:
+        fetch-depth: 0
+        token: ${{ steps.secret.outputs.secret }}
+    - name: Configure Git identity
+      run: |
+        git config user.name github-actions[bot]
+        git config user.email 41898282+github-actions[bot]@users.noreply.github.com
+
+    #----------------------------------------------------------------------
+    #  Actual build
+
+    - name: Set up Python 3.12
+      uses: actions/setup-python@v1
+      with:
+        python-version: 3.12
+    - name: Install Python dependencies
+      run: |
+        python3 -m pip install --upgrade pip
+        pip3 install -r requirements.txt
+
+    - name: Install Weblate Client
+      run: pip install wlc
+    - name: Prepare client config
+      run: |
+        echo '[weblate]' >> .weblate
+        echo 'url = https://hosted.weblate.org/api/' >> .weblate
+        echo 'translation = hedy' >> .weblate
+        echo '[keys]' >> .weblate
+        echo 'https://hosted.weblate.org/api/ = ${{ secrets.WEBLATE_API_KEY }}' >> .weblate
+
+    #----------------------------------------------------------------------
+    #  Set up cache so that running snippet tests is somewhat cheap
+    - name: Calculate hedy cache key
+      run: "echo value=$(ls -1 hedy.py hedy_*.py grammars/* | sort | xargs tail -n 99999999 | sha256sum | cut -f 1 -d ' ') >> $GITHUB_OUTPUT"
+      id: hedy_cache_key
+    - name: Cache hedy test runs
+      uses: actions/cache@v3
+      with:
+        path: .test-cache
+        key: "hedy-test-cache-${{ steps.hedy_cache_key.outputs.value }}"
+
+    - name: Run weblate merge script
+      run: |
+        bash tools/merge-weblate-resolving-conflicts.sh
+
+    # The create-pull-request action wants to commit the changes, and wants to
+    # have them be on the main branch. Hence, move the current working tree to
+    # main (detach HEAD, move working tree, then reattach)
+    - name: Switch back to main
+      run: |
+        git checkout --detach
+        git reset --soft main
+        git checkout main
+
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v6
+      with:
+        token: ${{ steps.secret.outputs.secret }}
+        commit-message: 'Changes from Weblate repository'
+        title: 'Translations from Hosted Weblate'
+        body: >
+          This PR merges pending commits from the Weblate repository that are conflicting
+          with changes on `main`, while resolving conflicts in favor of the Weblate side.
+        labels: translations
+        branch: automatic/weblate-conflicts
+        delete-branch: true
+        base: main
+
+    # After we've created the PR, lock weblate and tell it to forget pending
+    # changes. The changes are now in the PR which will be merged in due time, and
+    # Weblate will be unlocked when the PR is merged.
+    - name: Prevent updates and merge conflicts until merged
+      run: |
+        # Have to lock each component individually. Not in the UI, but using the CLI we do.
+        for component in glossary adventures keywords quizzes commands client-messages web-texts webpages parsons tutorials slides; do
+          wlc lock hedy/$component
+        done
+
+        # On our repo, 'wlc reset' consistently times out the TCP connection after waiting
+        # for 5 minutes. The actual reset does seem to work, so we just don't wait for the
+        # command to finish, otherwise all our workflow executions show errors.
+        wlc reset &
+        sleep 10

.github/workflows/unittests.yml

@@ -17,10 +17,10 @@ jobs:
 
     steps:
     - uses: actions/checkout@v4
-    - name: Set up Python 3.9
+    - name: Set up Python 3.12
       uses: actions/setup-python@v4
       with:
-        python-version: 3.9
+        python-version: 3.12
         cache: 'pip'
     - name: Set up NodeJS 16
       uses: actions/setup-node@v3
@@ -37,22 +37,18 @@ jobs:
     - name: Prepare backend
       run: |
         doit run backend
+
+    # This code is also in 'update-javascript-on-main'
     - name: Calculate hedy cache key
-      run: "echo value=$(ls -1 hedy.py grammars/* | sort | xargs tail -n 99999999 | sha256sum | cut -f 1 -d ' ') >> $GITHUB_OUTPUT"
+      run: "echo value=$(ls -1 hedy.py hedy_*.py grammars/* | sort | xargs tail -n 99999999 | sha256sum | cut -f 1 -d ' ') >> $GITHUB_OUTPUT"
       id: hedy_cache_key
     - name: Cache hedy test runs
       uses: actions/cache@v3
       with:
         path: .test-cache
         key: "hedy-test-cache-${{ steps.hedy_cache_key.outputs.value }}"
-    - name: Run weblate tests
-      shell: pwsh
-      id: weblate_tests
-      if: ${{ github.event.pull_request.user.login == 'weblate' }}
-      run: |
-        build-tools/github/validate --weblate
-    - name: Run all tests
+
+    - name: Run all tests with caching
       shell: pwsh
-      if: ${{ ((github.event.pull_request.user.login != 'weblate') || github.event.label.name == 'force_tests') }}
       run: |
         build-tools/github/validate --all

.github/workflows/unlock-weblate.yml

@@ -0,0 +1,38 @@
+# Weblate is locked when a daily translations PR is created. Unlock Weblate
+# when that PR gets closed (either as merged or rejected).
+#
+# We do this to avoid conflicts.
+name: Unlock Weblate when PR is closed
+on:
+  pull_request_target:
+    types:
+      - closed
+
+jobs:
+  if_merged:
+    if:
+        github.event.pull_request.user.login == 'weblate' ||
+        contains(github.event.pull_request.labels.*.name, 'translations')
+    runs-on: ubuntu-latest
+    steps:
+    # These are all the same as in 'update-weblate.yml'
+    - name: Set up Python 3.12
+      uses: actions/setup-python@v1
+      with:
+        python-version: 3.12
+    - name: Install Weblate Client
+      run: pip install wlc
+    - name: Prepare client config
+      run: |
+        echo '[weblate]' >> .weblate
+        echo 'url = https://hosted.weblate.org/api/' >> .weblate
+        echo 'translation = hedy' >> .weblate
+        echo '[keys]' >> .weblate
+        echo 'https://hosted.weblate.org/api/ = ${{ secrets.WEBLATE_API_KEY }}' >> .weblate
+    - run: |
+        # Have to lock each component individually. Not in the UI, but using the CLI we do.
+        set -x
+        for component in glossary adventures keywords quizzes commands client-messages web-texts webpages parsons tutorials slides; do
+          wlc --debug unlock hedy/$component | sed 's/${{ secrets.WEBLATE_API_KEY }}/*****/g'
+        done
+        echo "All components unlocked!"