Merge branch 'main' into live

zestedesavoir · Mar 23, 2024 · f1193b2 · f1193b2
2 parents 0eff021 + c7d1922
commit f1193b2
Show file tree

Hide file tree

Showing 40 changed files with 271 additions and 217 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,3 +1,4 @@
+---
 exclude_paths:
   - .github/
 skip_list:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,7 @@
+---
 repos:
   - repo: https://github.com/ansible-community/ansible-lint.git
-    rev: v6.21.1
+    rev: v24.2.1 # doit aussi être mis à jour dans requirements.txt
     hooks:
       - id: ansible-lint
         files: \.(yaml|yml)$
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -2,10 +2,11 @@ GEM
   remote: https://rubygems.org/
   specs:
     bcrypt_pbkdf (1.1.0)
+    bigdecimal (3.1.7)
     builder (3.2.4)
-    chef-utils (18.3.0)
+    chef-utils (18.4.12)
       concurrent-ruby
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.2.3)
     ed25519 (1.3.0)
     erubi (1.12.0)
     ffi (1.16.3)
@@ -18,7 +19,7 @@ GEM
     kitchen-ansible (0.56.0)
       net-ssh (>= 3)
       test-kitchen (>= 1.4)
-    kitchen-docker (2.13.0)
+    kitchen-docker (3.0.0)
       test-kitchen (>= 1.0.0)
     license-acceptance (2.1.13)
       pastel (~> 0.7)
@@ -29,7 +30,7 @@ GEM
     logging (2.3.1)
       little-plugger (~> 1.1)
       multi_json (~> 1.14)
-    mixlib-install (3.12.27)
+    mixlib-install (3.12.30)
       mixlib-shellout
       mixlib-versioning
       thor
@@ -39,10 +40,11 @@ GEM
     multi_json (1.15.0)
     net-scp (4.0.0)
       net-ssh (>= 2.6.5, < 8.0.0)
-    net-ssh (7.2.0)
+    net-ssh (7.2.1)
     net-ssh-gateway (2.0.0)
       net-ssh (>= 4.0.0)
-    nori (2.6.0)
+    nori (2.7.0)
+      bigdecimal
     pastel (0.8.0)
       tty-color (~> 0.5)
     rexml (3.2.6)
@@ -53,7 +55,7 @@ GEM
       unicode-display_width (>= 1.5, < 3.0)
       unicode_utils (~> 1.4)
     strings-ansi (0.2.0)
-    test-kitchen (3.5.0)
+    test-kitchen (3.6.0)
       bcrypt_pbkdf (~> 1.0)
       chef-utils (>= 16.4.35)
       ed25519 (~> 1.2)
@@ -67,7 +69,7 @@ GEM
       winrm (~> 2.0)
       winrm-elevated (~> 1.0)
       winrm-fs (~> 1.1)
-    thor (1.2.2)
+    thor (1.3.1)
     tomlrb (2.0.3)
     tty-box (0.7.0)
       pastel (~> 0.8)
@@ -82,7 +84,7 @@ GEM
       tty-cursor (~> 0.7)
       tty-screen (~> 0.8)
       wisper (~> 2.0)
-    tty-screen (0.8.1)
+    tty-screen (0.8.2)
     unicode-display_width (2.5.0)
     unicode_utils (1.4.0)
     winrm (2.3.6)
@@ -106,12 +108,12 @@ GEM
     wisper (2.0.1)
 
 PLATFORMS
-  ruby
+  x86_64-linux
 
 DEPENDENCIES
   kitchen-ansible
   kitchen-docker
   test-kitchen
 
 BUNDLED WITH
-   1.17.3
+   2.4.20
diff --git a/docs/install.md b/docs/install.md
@@ -35,5 +35,5 @@ bundle install
 
 Pour lancer les tests:
 ```shell
-bundle exec kitchen test
+LANG=C.UTF-8 bundle exec kitchen test
 ```
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
@@ -1,3 +1,4 @@
+---
 workdir: /opt/zds
 rundir: "{{ workdir }}/run"
 appdir: "{{ workdir }}/app"

diff --git a/group_vars/beta/vars.yml b/group_vars/beta/vars.yml
@@ -1,3 +1,4 @@
+---
 # For a PR: pull/xxxx/head
 # For a branch or a tag: just its name
 appversion: release_v30.6
@@ -12,8 +13,8 @@ munin_certificate:
   cert: /etc/letsencrypt/live/munin.beta.zestedesavoir.com/fullchain.pem
   key: /etc/letsencrypt/live/munin.beta.zestedesavoir.com/privkey.pem
 very_top_banner:
-  background_color: '#800'
-  border_color: '#450000'
-  color: 'white'
-  message: 'Version bêta (Préparation version 30.6)'
-  slug: 'version-beta'
+  background_color: "#800"
+  border_color: "#450000"
+  color: white
+  message: Version bêta
+  slug: version-beta
diff --git a/group_vars/production/vars.yml b/group_vars/production/vars.yml
@@ -1,3 +1,4 @@
+---
 appversion: v30.6-ostara
 env: prod
 public: true

diff --git a/group_vars/test/vars.yml b/group_vars/test/vars.yml
@@ -1,5 +1,9 @@
+---
+# Load a specific zds configuration to make it work in Vagrant, and it is also
+# what is executed on GitHub Actions
+
 appversion: dev
-env: prod
+env: vagrant
 http_host: false
 sentry_dsn: ""
 mysql:

diff --git a/playbook.yml b/playbook.yml
@@ -1,3 +1,4 @@
+---
 - name: deploy zds-site
   hosts: app
   become: true

diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1,3 @@
-ansible==8.5.0
-pre-commit==3.5.0
+ansible==9.3.0
+ansible-lint==24.2.1  # doit aussi être mis à jour dans .pre-commit-config.yaml
+pre-commit==3.6.2
diff --git a/roles/app/defaults/main.yml b/roles/app/defaults/main.yml
@@ -1,4 +1,5 @@
-apprepo: "https://github.com/zestedesavoir/zds-site.git"
+---
+apprepo: https://github.com/zestedesavoir/zds-site.git
 env: dev
 secrets: []
 zmarkdown_sentry_dsn: ""

diff --git a/roles/app/files/vagrant.py b/roles/app/files/vagrant.py
@@ -0,0 +1,5 @@
+from .prod import *
+
+# Required in Vagrant since Django 4
+# (see https://docs.djangoproject.com/en/5.0/releases/4.0/#csrf-trusted-origins-changes-4-0)
+CSRF_TRUSTED_ORIGINS = ["http://127.0.0.1:8080", "http://localhost:8080"]
diff --git a/roles/app/tasks/fixtures.yml b/roles/app/tasks/fixtures.yml
@@ -1,3 +1,4 @@
+---
 - name: install requirements in virtualenv to load fixtures
   become: true
   become_user: "{{ appuser }}"
@@ -6,14 +7,14 @@
     virtualenv: "{{ virtualenv }}"
     virtualenv_command: /usr/bin/python3 -m venv
 
-- name: load fixtures  # noqa no-changed-when
+- name: load fixtures # noqa no-changed-when
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.shell: >
     if [ ! -e {{ appdir }}/.loaded_fixtures ]; then \
-      /opt/zds/wrapper loaddata {{ appdir }}/fixtures/*.yaml &&
-      /opt/zds/wrapper load_factory_data {{ appdir }}/fixtures/advanced/aide_tuto_media.yaml &&
-      /opt/zds/wrapper load_fixtures --size=low --all &&
+      {{ workdir }}/wrapper loaddata {{ appdir }}/fixtures/*.yaml &&
+      {{ workdir }}/wrapper load_factory_data {{ appdir }}/fixtures/advanced/aide_tuto_media.yaml &&
+      {{ workdir }}/wrapper load_fixtures --size=low --all &&
       touch {{ appdir }}/.loaded_fixtures &&
-      /opt/zds/wrapper es_manager index_all; \
+      {{ workdir }}/wrapper es_manager index_all; \
     fi
diff --git a/roles/app/tasks/geodata.yml b/roles/app/tasks/geodata.yml
@@ -1,3 +1,4 @@
+---
 - name: Create Geodata folder
   ansible.builtin.file:
     path: "{{ appdir }}/geodata"
@@ -18,14 +19,14 @@
   tags:
     - bootstrap
 
-- name: Initial download of GeoLite data  # noqa command-instead-of-shell no-changed-when
+- name: Initial download of GeoLite data # noqa command-instead-of-shell no-changed-when
   ansible.builtin.shell: "{{ workdir }}/update-geolite.sh"
   tags:
     - bootstrap
 
 - name: Setup cron to daily update GeoLite data
   ansible.builtin.cron:
-    name: "Update GeoLite data"
+    name: Update GeoLite data
     special_time: daily
     job: "{{ workdir }}/update-geolite.sh"
   tags:

diff --git a/roles/app/tasks/main.yml b/roles/app/tasks/main.yml
@@ -1,3 +1,4 @@
+---
 # Basic dependencies installation
 
 - name: install app dependencies
@@ -10,13 +11,13 @@
       - libffi-dev
       - libssl-dev
       - libmariadb-dev
-      - autoconf  # for gulp-imagemin Node.js package
-      - automake  # for gulp-imagemin Node.js package
-      - rustc  # for cryptography Python package
-      - optipng  # for easy-thumbnails Python package
-      - jpegoptim  # for easy-thumbnails Python package
-      - memcached  # for cache storage in prod configuration
-      - pkg-config  # for mysqlclient since version 2.2.0
+      - autoconf # for gulp-imagemin Node.js package
+      - automake # for gulp-imagemin Node.js package
+      - rustc # for cryptography Python package
+      - optipng # for easy-thumbnails Python package
+      - jpegoptim # for easy-thumbnails Python package
+      - memcached # for cache storage in prod configuration
+      - pkg-config # for mysqlclient since version 2.2.0
     state: present
     cache_valid_time: 3600
   tags:
@@ -36,7 +37,7 @@
     name: "{{ appuser }}"
     shell: /bin/false
     home: "{{ workdir }}"
-    comment: "Zeste de Savoir"
+    comment: Zeste de Savoir
   tags:
     - bootstrap
 
@@ -137,11 +138,11 @@
     state: link
   with_items:
     - src: "{{ appdir }}/errors"
-      dest: "errors"
+      dest: errors
     - src: "{{ datadir }}/media"
-      dest: "media"
+      dest: media
     - src: "{{ datadir }}/static"
-      dest: "static"
+      dest: static
   tags:
     - bootstrap
 
@@ -156,16 +157,25 @@
 
 - name: create robots.txt in webroot for beta
   ansible.builtin.copy:
-    src: "robots-deny.txt"
+    src: robots-deny.txt
     dest: "{{ webroot }}/robots.txt"
     mode: u=rw,g=r,o=r
   when: env == "beta"
   tags:
     - bootstrap
 
+- name: install Vagrant settings
+  ansible.builtin.copy:
+    src: vagrant.py
+    dest: "{{ appdir }}/zds/settings/vagrant.py"
+    mode: u=rw,g=r,o=r
+  when: env == "vagrant"
+  tags:
+    - bootstrap
+
 # Installation of backend, frontend and zmd dependencies
 
-- name: update pip in virtualenv  # some dependencies (like rust ones) require a recent pip
+- name: update pip in virtualenv # some dependencies (like rust ones) require a recent pip
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.pip:
@@ -205,8 +215,8 @@
   become_user: "{{ appuser }}"
   ansible.builtin.lineinfile:
     path: "{{ virtualenv }}/lib/python3.11/site-packages/elasticsearch_dsl/{{ item }}"
-    regexp: "^import collections$"
-    line: "import collections.abc as collections"
+    regexp: ^import collections$
+    line: import collections.abc as collections
     firstmatch: true
   with_items:
     - search.py
@@ -228,7 +238,7 @@
   tags:
     - bootstrap
 
-- name: install frontend  # noqa no-changed-when
+- name: install frontend # noqa no-changed-when
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.command: yarn install --frozen-lockfile
@@ -250,7 +260,7 @@
 
 # Frontend building
 
-- name: build frontend  # noqa no-changed-when
+- name: build frontend # noqa no-changed-when
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.command: npm run build
@@ -264,7 +274,7 @@
   become: true
   become_user: "{{ appuser }}"
   environment:
-    DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
+    DJANGO_SETTINGS_MODULE: zds.settings.{{ env }}
     ZDS_CONFIG: "{{ workdir }}/config.toml"
   community.general.django_manage:
     app_path: "{{ appdir }}"
@@ -281,7 +291,7 @@
   become: true
   become_user: "{{ appuser }}"
   environment:
-    DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
+    DJANGO_SETTINGS_MODULE: zds.settings.{{ env }}
     ZDS_CONFIG: "{{ workdir }}/config.toml"
   community.general.django_manage:
     app_path: "{{ appdir }}"
@@ -306,7 +316,7 @@
   become: true
   become_user: "{{ appuser }}"
   environment:
-    DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
+    DJANGO_SETTINGS_MODULE: zds.settings.{{ env }}
     ZDS_CONFIG: "{{ workdir }}/config.toml"
   community.general.django_manage:
     app_path: "{{ appdir }}"
@@ -321,7 +331,7 @@
   become: true
   become_user: "{{ appuser }}"
   environment:
-    DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
+    DJANGO_SETTINGS_MODULE: zds.settings.{{ env }}
     ZDS_CONFIG: "{{ workdir }}/config.toml"
   community.general.django_manage:
     app_path: "{{ appdir }}"
@@ -336,7 +346,7 @@
 - name: create services and timers files
   ansible.builtin.template:
     src: templates/{{ item }}.j2
-    dest: "/etc/systemd/system/{{ item }}"
+    dest: /etc/systemd/system/{{ item }}
     mode: u=rw,g=r,o=r
   with_items:
     - zmd.service
@@ -418,8 +428,8 @@
 
 - name: create /root/bin/service-zds.sh
   ansible.builtin.copy:
-    src: "service-zds.sh"
-    dest: "/root/bin/service-zds.sh"
+    src: service-zds.sh
+    dest: /root/bin/service-zds.sh
     mode: u=rwx,g=,o=
   tags:
     - bootstrap