Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add published field to Release #17257

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Add published field to Release #17257

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
a45892a
Fix cherry-pick
warsaw Sep 21, 2024
831095a
Add `published` to the `ReleaseFactory`
alanbato May 2, 2022
5846e30
Add migrations
DarkaMaul Dec 6, 2024
60f4a01
Add a default value for Release.published field.
DarkaMaul Dec 9, 2024
60de6e8
Change to a boolean field
DarkaMaul Dec 10, 2024
d2438e8
Merge branch 'main' into dm/published-date
DarkaMaul Dec 10, 2024
a792738
Filter out unpublished releases
DarkaMaul Dec 10, 2024
76fd2e4
Merge branch 'main' into dm/published-date
DarkaMaul Dec 11, 2024
35395da
Merge branch 'main' into dm/published-date
woodruffw Dec 16, 2024
38221fb
Merge branch 'main' into dm/published-date
DarkaMaul Dec 18, 2024
1f9e954
Merge branch 'main' into dm/published-date
woodruffw Dec 26, 2024
07fcf1d
Merge branch 'main' into dm/published-date
DarkaMaul Jan 3, 2025
9e9bab6
Use a SQLAlchemy event
DarkaMaul Jan 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion tests/common/db/packaging.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,8 @@ class Meta:
lambda o: hashlib.blake2b(o.filename.encode("utf8"), digest_size=32).hexdigest()
)
upload_time = factory.Faker(
"date_time_between_dates", datetime_start=datetime.datetime(2008, 1, 1)
"date_time_between_dates",
datetime_start=datetime.datetime(2008, 1, 1),
)
path = factory.LazyAttribute(
lambda o: "/".join(
Expand Down
1 change: 1 addition & 0 deletions tests/unit/forklift/test_legacy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3613,6 +3613,7 @@ def test_upload_succeeds_creates_release(
else None
),
"uploaded_via_trusted_publisher": not test_with_user,
"published": True,
}

fileadd_event = {
Expand Down
16 changes: 16 additions & 0 deletions tests/unit/legacy/api/test_json.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,13 @@ def test_all_non_prereleases_yanked(self, monkeypatch, db_request):
db_request.matchdict = {"name": project.normalized_name}
assert json.latest_release_factory(db_request) == release

def test_with_unpublished(self, db_request):
project = ProjectFactory.create()
release = ReleaseFactory.create(project=project, version="1.0")
ReleaseFactory.create(project=project, version="2.0", published=False)
db_request.matchdict = {"name": project.normalized_name}
assert json.latest_release_factory(db_request) == release

def test_project_quarantined(self, monkeypatch, db_request):
project = ProjectFactory.create(
lifecycle_status=LifecycleStatus.QuarantineEnter
Expand Down Expand Up @@ -191,6 +198,15 @@ def test_renders(self, pyramid_config, db_request, db_session):
)
]

ReleaseFactory.create(
project=project,
version="3.1",
description=DescriptionFactory.create(
content_type=description_content_type
),
published=False,
)

for urlspec in project_urls:
label, _, purl = urlspec.partition(",")
db_session.add(
Expand Down
81 changes: 57 additions & 24 deletions tests/unit/packaging/test_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,19 @@ def test_only_yanked_release(self, monkeypatch, db_request):
assert resp is response
assert release_detail.calls == [pretend.call(release, db_request)]

def test_with_unpublished(self, monkeypatch, db_request):
project = ProjectFactory.create()
release = ReleaseFactory.create(project=project, version="1.0")
ReleaseFactory.create(project=project, version="1.1", published=False)

response = pretend.stub()
release_detail = pretend.call_recorder(lambda ctx, request: response)
monkeypatch.setattr(views, "release_detail", release_detail)

resp = views.project_detail(project, db_request)
assert resp is response
assert release_detail.calls == [pretend.call(release, db_request)]


class TestReleaseDetail:
def test_normalizing_name_redirects(self, db_request):
Expand Down Expand Up @@ -178,30 +191,45 @@ def test_normalizing_version_redirects(self, db_request):
def test_detail_rendered(self, db_request):
users = [UserFactory.create(), UserFactory.create(), UserFactory.create()]
project = ProjectFactory.create()
releases = [
ReleaseFactory.create(
project=project,
version=v,
description=DescriptionFactory.create(
raw="unrendered description",
html="rendered description",
content_type="text/html",
),
)
for v in ["1.0", "2.0", "3.0", "4.0.dev0"]
] + [
ReleaseFactory.create(
project=project,
version="5.0",
description=DescriptionFactory.create(
raw="plaintext description",
html="",
content_type="text/plain",
),
yanked=True,
yanked_reason="plaintext yanked reason",
)
]
releases = (
[
ReleaseFactory.create(
project=project,
version=v,
description=DescriptionFactory.create(
raw="unrendered description",
html="rendered description",
content_type="text/html",
),
)
for v in ["1.0", "2.0", "3.0", "4.0.dev0"]
]
+ [
ReleaseFactory.create(
project=project,
version="5.0",
description=DescriptionFactory.create(
raw="plaintext description",
html="",
content_type="text/plain",
),
yanked=True,
yanked_reason="plaintext yanked reason",
)
]
+ [
ReleaseFactory.create(
project=project,
version="5.1",
description=DescriptionFactory.create(
raw="unrendered description",
html="rendered description",
content_type="text/html",
),
published=False,
)
]
)
files = [
FileFactory.create(
release=r,
Expand All @@ -226,6 +254,7 @@ def test_detail_rendered(self, db_request):
"bdists": [],
"description": "rendered description",
"latest_version": project.latest_version,
# Non published version are not listed here
"all_versions": [
(r.version, r.created, r.is_prerelease, r.yanked, r.yanked_reason)
for r in reversed(releases)
Expand Down Expand Up @@ -324,6 +353,10 @@ def test_long_singleline_license(self, db_request):
"characters, it's really so lo..."
)

def test_created_with_published(self, db_request):
release = ReleaseFactory.create()
assert release.published is True


class TestPEP740AttestationViewer:

Expand Down
1 change: 1 addition & 0 deletions warehouse/forklift/legacy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -932,6 +932,7 @@ def file_upload(request):
else None
),
"uploaded_via_trusted_publisher": bool(request.oidc_publisher),
"published": True,
},
)

Expand Down
8 changes: 6 additions & 2 deletions warehouse/legacy/api/json.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,10 @@ def _json_data(request, project, release, *, all_releases):
)
)
.outerjoin(File)
.filter(Release.project == project)
.filter(
Release.project == project,
Release.published.is_(True),
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am very wary of this pattern, where the default gives us all releases and we have to manually filter those that are published. I think it's inevitable that we will miss this filter somewhere and this will result in the wrong releases being returned.

I think instead we need something that behaves like https://github.com/flipbit03/sqlalchemy-easy-softdelete, which makes all queries contain this filter by default, and requires manually querying for the unpublished releases instead.

(There is some additional discussion about this in #6091 because we have the same fundamental issue with any mechanics for soft deletes as well.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great call! I've updated the PR to use an SQLAlchemy event listener and intercept SELECT statements to rewrite them with an exclusion clause.

)

# If we're not looking for all_releases, then we'll filter this further
Expand Down Expand Up @@ -206,7 +209,8 @@ def latest_release_factory(request):
.filter(
Project.lifecycle_status.is_distinct_from(
LifecycleStatus.QuarantineEnter
)
),
Release.published.is_(True),
)
.order_by(
Release.yanked.asc(),
Expand Down
Loading