[Backport] fix: bypass access checks when populating course blocks cache #36826
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Check Django Migrations | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
- master | |
jobs: | |
check_migrations: | |
name: check migrations | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-22.04] | |
python-version: | |
- "3.11" | |
# 'pinned' is used to install the latest patch version of Django | |
# within the global constraint i.e. Django==4.2.8 in current case | |
# because we have global constraint of Django<4.2 | |
django-version: ["pinned"] | |
mongo-version: | |
- "7" | |
mysql-version: ["8"] | |
services: | |
mongo: | |
image: mongo:${{ matrix.mongo-version }} | |
ports: | |
- 27017:27017 | |
# Note: Calling mongo here only works with mongo 4, in newer versions of mongo | |
# we'll have to use `mongosh`, hence the 'which mongosh mongo'. | |
options: >- | |
--health-cmd "$(which mongosh mongo) --quiet --eval 'db.runCommand(\"ping\")'" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 3 | |
mysql: | |
image: mysql:${{ matrix.mysql-version }} | |
ports: | |
- 3306:3306 | |
env: | |
MYSQL_DATABASE: "edxapp" | |
MYSQL_USER: "edxapp001" | |
MYSQL_PASSWORD: "password" | |
MYSQL_RANDOM_ROOT_PASSWORD: true | |
options: >- | |
--health-cmd "mysqladmin ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 3 | |
steps: | |
- name: Setup mongodb user | |
run: | | |
docker exec ${{ job.services.mongo.id }} mongosh edxapp --eval ' | |
db.createUser( | |
{ | |
user: "edxapp", | |
pwd: "password", | |
roles: [ | |
{ role: "readWrite", db: "edxapp" }, | |
] | |
} | |
); | |
' | |
- name: Verify mongo and mysql db credentials | |
run: | | |
mysql -h 127.0.0.1 -uedxapp001 -ppassword -e "select 1;" edxapp | |
docker exec ${{ job.services.mongo.id }} mongosh --host 127.0.0.1 --username edxapp --password password --eval 'use edxapp; db.adminCommand("ping");' edxapp | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Setup Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install system Packages | |
run: | | |
sudo apt-get update | |
make ubuntu-requirements | |
- name: Get pip cache dir | |
id: pip-cache-dir | |
run: | | |
echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT | |
- name: Cache pip dependencies | |
id: cache-dependencies | |
uses: actions/cache@v4 | |
with: | |
path: ${{ steps.pip-cache-dir.outputs.dir }} | |
key: ${{ runner.os }}-pip-${{ hashFiles('requirements/edx/development.txt') }} | |
restore-keys: ${{ runner.os }}-pip- | |
- name: Install Python dependencies | |
run: | | |
make dev-requirements | |
if [[ "${{ matrix.django-version }}" != "pinned" ]]; then | |
pip install "django~=${{ matrix.django-version }}.0" | |
pip check # fail if this test-reqs/Django combination is broken | |
fi | |
- name: list installed package versions | |
run: | | |
sudo pip freeze | |
- name: Run Tests | |
env: | |
LMS_CFG: lms/envs/minimal.yml | |
# This is from the LMS dir on purpose since we don't need anything different for the CMS yet. | |
STUDIO_CFG: lms/envs/minimal.yml | |
run: | | |
echo "Running the LMS migrations." | |
./manage.py lms migrate | |
echo "Running the CMS migrations." | |
./manage.py cms migrate | |
# This job aggregates test results. It's the required check for branch protection. | |
# https://github.com/marketplace/actions/alls-green#why | |
# https://github.com/orgs/community/discussions/33579 | |
success: | |
name: Migrations checks successful | |
if: always() | |
needs: | |
- check_migrations | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
# uses: re-actors/[email protected] | |
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe | |
with: | |
jobs: ${{ toJSON(needs) }} |