Tomorrow a Django security update is expected (3.2.11). I will be applying it to Maple semi-manually as I have usually done (for example: Django 2.2.19 security update). In the past, people have mentioned automating this process somehow.
Is anyone interested in trying this? It wouldn’t be for tomorrow’s patch, but the idea keeps coming up, so maybe in time for the next one?
Will be looking at this with @Maksim_Sokolskiy. What time works for you Tuesday 8th of Feb?
On Tuesday we successfully updated Django to 3.2.14 3.2.12 on the maple release branch.
A couple of things we had to figure out on the fly during the process:
Going forward, we’re looking to automate this process using GitHub actions. The process will still require a manual “approval” step where one (or two) BTR members will need to review the changes made before they get pushed.
I think the next step for us is to figure out how to create a GitHub action flow with a manual step in the middle. What do you think @Maksim_Sokolskiy?
In the repo-tools repo is a “clone_org” command which clones entire organizations, with some options. It doesn’t yet have a way to limit to repos that need tagging.
But: do you need to clone the repos? Maybe I’m forgetting, but I thought tag_release worked entirely on the GitHub API and not with local repos.
It’s not about tagging a release but for security patching flow. So we need to have all repos in place to commit new things. And yes - also understood the clone_org do the thing after seeing this PR feat(clone_org): a --forks-only flag by nedbat · Pull Request #259 · openedx/repo-tools · GitHub
Don’t yet dive into this. Will try to re-do the flow and analyse what had happed. (we had a lot of deleted .pyc files in the edx-app-ios repo and gittreeif commited it w/o any questions).
It’s totally it - we will try to automate the flow in GitHub Actions with one extra step to confirm all commits are going to be pushed.