Move sponsors to DB #9512
Move sponsors to DB #9512
Conversation
warehouse/cli/sponsors.py
Outdated
| params["color_logo_url"] = img | ||
| params["white_logo_url"] = f"white/{img}" |
There was a problem hiding this comment.
@ewdurbin as you've comment, I'm adding the URLs directly, but I don't think we can totally rely on current URLs in Pypi. I mean, take a look at current Google's logo URL:
https://pypi.org/static/images/sponsors/color/google.62f52fb9.png
It has this hash 62f52fb9 suffix that I'm assuming it changes every deploy. So, how can we define the URLs here?
Also, what do you think about the directory structure I proposed: having the colored logo in a directory and all the white logos should be placed in the white children directory with the same file name.
There was a problem hiding this comment.
That hash is stable as long as pypi-theme doesn't change (and it won't since we broke the hosted private index when we turned off support for non SNI clients 😂 😬 😭 )
There was a problem hiding this comment.
I don't have a good amount of time to review in depth, but I'm not sure if a directory structure is strictly necessary.
Unless there's a good reason for it, I would presume we'll just take whatever image is uploaded, discard the name, and toss it in a static assets bucket under sponsor-logos/{UUID}.png
I added #noqa for a few of the activity strings from the sponsors.
I'm used to use direnv to configure env variables. I had to create it to always have WAREHOUSE_IPYTHON_SHELL enabled.
|
Hey everyone, I did some progress with this! As you can see, I changed the From what I've saw in the code, I feel that the I don't think it'll be, but I fell more comfortable asking before coding since I'm new in the project. (please, do not consider the failing tests because I'm still under seeking for solutions mode. I'll work on them once I know my suggestions are valid alternatives) |
I think that the CSI approach has merit, and shows significant consideration on your part to note the additional query necessary on every request to render sponsor information throughout the site. But I think the query for fetching sponsor name, description, inclusion areas (footer/sidebar), and logo url should be fairly lightweight and doable in a single sub millisecond query for each request. Given that, I the caveat of requiring JS to show our sponsor information might be worth making the trade off of adding a new query to every request. It's also more simple :) |
|
Note: We should ensure that we sanitize (for JavaScript an any esoteric tags/properties) any strings submitted via Admin before displaying on PyPI.org. This will ensure that even a hijacked Admin/Moderator/Sponsor Coordinator account won't result in an XSS for PyPI. |
warehouse/migrations/versions/590c513f1c74_new_psf_staff_boolean_flag.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
We reviewed this together on a call to finish our the last few details and get it shippable.
There is one remaining task to enable image uploads that will be handled in a follow-on Pull Request.
Thank you for the thorough work here @berinhard!
| xz -d -f -k dev/$(DB).sql.xz --stdout | docker-compose run --rm web psql -h db -d warehouse -U postgres -v ON_ERROR_STOP=1 -1 -f - | ||
| docker-compose run --rm web python -m warehouse db upgrade head | ||
| $(MAKE) reindex | ||
| docker-compose run web python -m warehouse sponsors populate-db |
There was a problem hiding this comment.
Do we have a plan to run this in production?
As an aside, this is a lot of work for something we only need once. Wow!
There was a problem hiding this comment.
Yes, this will be run then axed.
warehouse/accounts/__init__.py
Outdated
|
|
||
| # user must have base admin access if any admin permission | ||
| if principals: | ||
| principals.append("group:with_admin_access") |
There was a problem hiding this comment.
This name confused me a bit because of our existing "admins" group, maybe something like:
| principals.append("group:with_admin_access") | |
| principals.append("group:with_admin_dashboard_access") |
?
There was a problem hiding this comment.
Makes sense! Fixed in 384278a
|
Not sure why, but my last build failed but I'm not sure how to fix it. I'm still confused with the dependency management tools we're using. I tried to update the The error from CI is: But I'm not sure what went wrong =S |
|
dang, looks like we're hitting the google api dependency breakage again 😵 |
|
Not sure if this is related, but they've released a new package version 1 hour ago: https://pypi.org/project/google-api-core/#history |
|
Technically not The solution is to upgrade to the latest version. |
|
Right, not blaming the app itself, to rephrase, once again struck by pypa/pip#9644, which is triggered by google-api dependency. (our only with extras) |
|
aight! let's rebase and ship this! |
The underlying datatype for URLType is `Text` and we don't use any of the functionality from the type at all. Introduced in pypi#9512 We don't need to carry the library any further. Signed-off-by: Mike Fiedler <[email protected]>
4 participants
@ewdurbin and @dstufft I'm opening this draft PR so we can async talk about the progress of #9503.
Right now this PR introduces:
Sponsormodel;I'll add inline comments with specific questions I have.