Bodhi 3.13.0 released

This is a feature release.

Deprecations

• Authentication with OpenID is deprecated (#1180).
• bodhi-untag-branched is deprecated (#1197).
• The Update's title field is deprecated (#1542).
• Integration with pkgdb is deprecated (#1970).
• Support for Python 2 is deprecated (#1871 and #2856).
• The /masher/ view is deprecated (#2024).
• bodhi-monitor-composes is deprecated (#2171).
• The stacks feature is deprecated (#2241).
• bodhi-manage-releases is deprecated (#2420).
• Anonymous comments are deprecated (#2700).
• The ci_url attribute on Builds is deprecated (#2782).
• The active_releases query parameter on the Updates query URL is deprecated (#2815).
• Support for fedmsg is deprecated (#2838).
• Support for Bodhi 1's URL scheme is deprecated (#2869 and #2903).
• The /admin/ API is deprecated (#2899).
• The fedmsg UI integration is deprecated (#2913).
• CVE support is deprecated (#2915).

Dependency changes

• Bodhi no longer requires iniparse (a910b61).
• Bodhi now requires fedora_messaging (e30c5f2).

Server upgrade instructions

This release contains database migrations. To apply them, run:

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Features

• A new bodhi-shell CLI is included with the server package that initialized a Python shell
  with some handy aliases that are useful for debugging Bodhi (#1792).
• Updates that obsolete security updates will now be set as security updates themselves
  (#1798)
• The CLI no longer crashes when creating multiple buildroot overrides in one command
  (#2031).
• The CLI can now display information about waivers (#2267).
• Releases can now be marked as not being composed by Bodhi, which will be useful if we want to use
  Bodhi to tag builds into releases without composing those releases, e.g., Fedora Rawhide
  (#2317).
• BuildrootOverrides are now prevented for builds that fail the test gating status (#2537).
• The web interface now displays instructions for installing updates (#2799).
• The CLI now has flags that allow users to override the OpenID API URL to use. This is useful
  for deployments that aren't for Fedora and also for developers, who can use it to authenticate
  against a different OpenID server than Fedora's production instance (Fedora's staging instance is
  nice to use for this) (#2820).
• The web UI search box uses a slightly longer delay before issuing the search request
  (51c2fa8).
• Messages can now be published by fedora_messaging, a replacement for fedmsg
  (e30c5f2).
• Associating updates with private Bugzilla tickets is now handled gracefully (7ac316a).

Bug fixes

• The bodhi-approve-testing CLI script is now more resilient against failures (#1016).
• The update edit page will return a HTTP 403 instead of a HTTP 400 if a user tries to edit an
  update they don't have permissions to edit (#1737).
• The bodhi CLI now has a --wait flag when creating BuildrootOverrides that will cause
  bodhi to wait on Koji to finish adding the override to the buildroot before exiting
  (#1807).
• The waive button is now displayed on locked updates (#2271).
• Editing an update with the CLI no longer sets the type back to the default of bugfix
  (#2528).
• bodhi-approve-testing now sets up a log handler (#2698).
• Some missing commands were added to the bodhi man page (1e6c259).
• A formatting issue was fixed in the command line client (996b4ec).

Development improvements

• bodhi-ci now has an integration test suite that launches a live Bodhi server, some of its
  network dependencies, and tests it with some web and CLI requests (2430433).
• bodhi-ci's status report now displays the run time for finished tasks (26af5ef).
• bodhi-ci now prints a continuous status report, which is helpful in knowing what it is
  currently doing (f3ca62a).
• We now do type checking enforcement on bodhi-ci (2c07005).

Contributors

The following developers contributed to Bodhi 3.13.0:

• Aurélien Bompard
• Jeremy Cline
• Mattia Verga
• Ryan Lerch
• Sebastian Wojciechowski
• Vismay Golwala
• Randy Barlow

Bodhi 3.12.0 released

This is a small feature release.

Server upgrade instructions

No special actions are needed when applying this update.

Features

• Add a new bugzilla_api_key setting so that Bodhi can authenticate with an API key instead of
  a username and password. It is hoped that this will solve an issue Bodhi has been experiencing
  with Red Hat's Bugzilla instance since it upgraded to version 5, where Bodhi is often told it
  needs to log in to Bugzilla when making changes to issues (#2827).
• Logging around Bodhi's use of the Bugzilla API is expanded (#2831).

Contributors

The following developers contributed to Bodhi 3.12.0:

• Randy Barlow

Bodhi 3.11.3 released

This is a bugfix release.

Server upgrade instructions

No special actions are needed when applying this update.

Bug fixes

• Correctly handle multiple builds with the search form in the new update JavaScript web UI code
  (#2791).

Contributors

The following developers contributed to Bodhi 3.11.3:

• Mattia Verga

Bodhi 3.11.2 released

This is a bugfix release, addressing an issue that was solved incorrectly with 3.11.1.

Server upgrade instructions

No special actions are needed when applying this update.

Bug fixes

• Correctly catch http.client.IncompleteRead while Composing and retry (#2758).

Contributors

The following developers contributed to Bodhi 3.11.2:

• Randy Barlow

Bodhi 3.11.1 released

This is a bugfix release, addressing a few issues with running Bodhi under Python 3.

Server upgrade instructions

No special actions are needed when applying this update.

Bug fixes

• Pass the correct type, str, to smtplib.SMTP.sendmail() for its to and from address
  parameters (#2756).
• Allow EnumSymbols to be sorted (#2757).
• Catch http.client.IncompleteRead while Composing and retry (#2758).
• Correctly handle timestamps from Koji (#2768).
• Do not reverse the logout/reboot options in the web UI on Python 3 (#2778).
• The captcha now works under Python 3 (#2786).

Contributors

The following developers contributed to Bodhi 3.11.1:

• Patrick Uiterwijk
• Randy Barlow

Bodhi 3.11.0 released

Dependency changes

• Bodhi now fully supports Python 3.
• Bodhi now works with markdown 3 and click 7.
• Bodhi no longer requires pyramid_tm.

Server upgrade instructions

This release contains database migrations. To apply them, run:

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Features

• It is now possible to query update by more fields: alias, approved-before,
  modified-before, pushed-before, active-releases, severity, and
  submitted-before, and the fields are documented in the bindings (#181).
• It is now possible to query by update title (#251).
• It is now possible to filter comments, updates, and overrides with multiple users at once
  (#2489).
• The bodhi releases subcommand now has a list feature (#2536).
• A new compose state was added for waiting on the mirrors to sync updated repositories
  (#2550).
• A new server CLI script called bodhi-sar has been added to retrieve personally identifiable
  information from Bodhi (#2553).
• The waive subcommand is now documented in the bodhi man page (#2610).
• bodhi-push now has a --yes/-y flag (#2635).
• The composes and releases subcommands are now documented in the bodhi man page
  (#2642).
• The composer now logs more information when items are missing from the generated repomd.xml
  file (#2643).
• The comment submit button now renders more clearly on some browsers (#2649).
• Bodhi is now able to determine container repository names from Koji metadata, instead of
  hard coding it (#2658).
• The bodhi CLI's pagination features are now documented (#2663).
• There is now a bodhi composes info subcommand (#2683).

Bug fixes

• Bodhi now disallows empty comments (#2009).
• bodhi-check-policies now sets up a log handler to silence warnings (#2156).
• The test_gating_status is now set back to waiting when updates are waived (#2364).
• Bugzilla permission errors should not cause error e-mails to be sent anymore (#2431).
• The waive button is now only displayed if there are failed tests to waive (#2545).
• Correctly handle unicode characters in update notes in the CLI (#2546).
• The test waiver dialog now shows the test case name (#2571).
• Examples were corrected in the bodhi CLI help text and man page
  (#2640 and #2641).
• The new update web form received a number of improvements and bug fixes. Builds and bugs lists are
  refreshed every time a new package is selected in the input field. Manual added bugs and builds
  are not added to the lists if they are already present after having been retrieved from package
  selection. When an error in AJAX query occurs it is now displayed as an error message. AJAX
  queries now have a timeout. And we now avoid form submit when pressing Enter while entering text
  in the package text input field (#2648).
• A misleading composer log entry was corrected (#2667).
• An incorrect error message was corrected (#2703).

Development improvements

• Bodhi's CI job now reports each test as an individual GitHub status line, which makes it much
  easier to identify the cause of test failures when they occur (#2584).
• Due to the above, Mergify is now configured to only enforce passing tests on branched releases,
  since Rawhide failures are often not due to pull request patches (#2594).
• Use update.get_url() to generate comments URL (#2596).
• Unnecessary repetition was removed from the BugTracker class (#2607).
• A typo was fixed in the docstring of Bugzilla.get_url() (#2608).
• CI now uses the Jenkins Pipeline plugin, which allows us to run the CI jobs much more efficiently,
  and only requires a single node to parallelize the tasks (#2609).
• A new development tool, devel/ci/bodhi-ci, was created to replace devel/run_tests.sh
  as the CI test running tool. It is designed to be useful to developers for running the CI suite
  locally, and has help text to guide you in usage (#2616).
• Do not expose the Duffy key in CI logs (#2617).
• Use markdown's Extension API to register FFMarkdown instead of an undocumented internal API. This
  allows Bodhi to work with markdown-3.0.0 (#2618).
• Explicitly name the skopeo-lite src/dest_creds parameters. Also fix two unit tests for
  click-7.0.0. This allows Bodhi to work with click-7.0.0 (#2621).
• Some docstrings were corrected (#2680, #2682, and #2689).
• Upgraded to Mergify 2 (#2686).
• Bodhi's tests now run about 40% faster (#2687).

Contributors

The following developers contributed to Bodhi 3.11.0:

• Mattia Verga
• Owen W. Taylor
• Patrick Uiterwijk
• Ryan Lerch
• Sebastian Wojciechowski
• sedrubal
• Randy Barlow

Bodhi 3.10.1 released

This release fixes a crash while composing modular repositories (#2631).

Bodhi 3.10.0 released

Dependency changes

The composer now requires hawkey.

Server upgrade instructions

This release contains database migrations. To apply them, run::

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Features

• It is no longer an error if a developer tries to create an override for a build that already had
  an override. Instead, Bodhi helpfully edits the old override automatically (#2030).
• The UI displays the date that expired overrides became expired (#2136).
• Security updates now require severity to be set (#2206).
• The Waiver UI now gives the user more context (#2270 and #2363).
• The CLI can be used to edit Release mail templates (#2475).
• A new clean_old_composes setting allows admins to disable the automatic compose cleanup
  feature that was new in Bodhi 3.9.0 (#2561).
• The API can filter releases by state (beb69a0).
• The CLI now has a --debug flag on a couple of commands (1bd7617).
• The bindings have some debug level logging when retrieving Greenwave status (b55fa45).
• The UI now makes it clear that only authenticated users can leave karma on updates
  (3b551c3).
• Bodhi can now manage Flatpaks (1a6c4e8).
• Bodhi now ships a /usr/bin/bodhi-skopeo-lite, which is intended to be an alternative for use
  with the skopeo.cmd setting. It allows for multi-arch containers and Flatpaks to be managed by
  Bodhi (a0496fc).
• The composer now uses librepo/hawkey to do much more extensive testing on the produced yum
  repositories to ensure they are valid (7dda554).

Bug fixes

• More space was added around some buttons so they don't touch on small screens (#1902).
• The bodhi releases subcommands no longer prompt for password when not necessary
  (#2496).
• The submit feedback button now appears on low resolution screens (#2509).
• Articles were fixed in a tooltip on the update page (075f8a9).
• The CLI can again display missing required tests (cf75ff8).
• Fix a failure that sometimes occurred when editing multi-build updates (d997ed4).
• Unknown Koji tags will no longer cause an Exception when creating new updates
  (78dd4aa).

Development improvements

• Line test coverage has reached 100% (2477fc8).
• A fake Pungi is used in the Vagrant environment to speed up vagrant up (1b4f5fc).
• No tests are skipped on Python 3 anymore (44d46e3).

Contributors

The following developers contributed to Bodhi 3.10.0:

• Anatoli Babenia
• Clement Verna
• Mattia Verga
• Owen W. Taylor
• Patrick Uiterwijk
• Pierre-Yves Chibon
• Ralph Bean
• Rick Elrod
• Vismay Golwala
• Randy Barlow

Bodhi 3.9.0 released

Server upgrade instructions

This release contains database migrations. To apply them, run::

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Deprecation

bodhi-manage-releases is now deprecated. The bodhi CLI now has a releases section
that performs the tasks that bodhi-manage-releases is used for.

Dependency changes

• Cornice must now be at least version 3.1.0 (#2286).
• Greenwave is now a required service for Bodhi deployments that wish to continue displaying test
  results in the UI (#2370).

Features

• Bodhi now comments in the same POST as status changes on Bugzilla comments (#336).
• The RSS feeds now have titles (#1119).
• bodhi-clean-old-mashes is automatically run after each successful compose (#1304).
• The bodhi CLI can now edit releases' pending_signing_tag fields (#1337).
• White space is stripped when searching for packages or updates (#2046).
• Severity is displayed in the web UI (#2108).
• Bugzilla bugs are sorted by number on the update bugs tab (#2222).
• The web UI now queries Greenwave with each page load to display the test gating status, rather
  than displaying the cached value from Bodhi's database. This allows users to see the current
  status of their update from Greenwave's perspective. This change also causes Bodhi to retrieve the
  test results from Greenwave rather than from ResultsDB, which means the test results tab now shows
  the same test results that influence the gating decision (#2370, #2393, and
  #2425)
• The waiver API is now documented (#2390).
• The CLI and bindings can now paginate results when querying updates and overrides (#2405).
• The bodhi CLI can now manage releases (#2419).
• Comments have a mouse hoverover for timestamps (60e2cdd).
• The compose is now skipped if the repo is already staged (9d94edb).
• Update statuses have a descriptive tooltip in the web UI (40d0422).
• A new /updates/{id}/get-test-results :doc:../server_api/updates API endpoint was added
  that can retrieve the test results for an update from Greenwave (9631a9b).
• API users can specify which results they'd like to waive in the waiver API (7d51ee5).
• Update CI status is now displayed in the CLI (4ab03af).
• The CLI can now waive test results (833a9c1).

Bug fixes

• Do not alter Bugzilla tickets that are not related to an approved product (#1043 and
  #2336).
• Only comments after the most recent karma reset event are considered for critpath karma
  (#1996).
• The homepage now uses correct link for critical path updates (#2094).
• Bug and test case karma is now correctly registered (#2130, #2189, and
  #2456).
• The web UI no longer uses a hardcoded Koji URL, and gets it from the new koji_web_url
  setting instead (#2182).
• The Bodhi CLI will no longer reset unedited fields to their defaults when editing updates
  (#2208).
• Return a helpful error when notes are not supplied when creating an update (#2214).
• Removed a conflicting HTTPForbidden handler (#2258).
• The RSS view for an update now works when the update has comments with no text (#2314).
• Composes that fail the sanity check are now thrown out (#2374).
• The uniqueness constraint on e-mail was dropped since it was not useful and did cause occasional
  problems (#2387).
• e-mail templates are no longer hardcoded and are now stored on the filesystem (#2396).
• Failure to act on private Bugzilla tickets is no longer logged at error level (#2431).
• Block quotes are now correctly styled (fd843a4).
• The validators will no longer report spurious errors due to previously failed validations
  (5241205).

Development improvements

• Python 2 line test coverage was raised to 99% (#2409).
• The development build system now implements the addTag and deleteTag calls (4787a3e).
• The querystring validator is now used from Cornice (f9900c0).
• The tests now initialize the BodhiClient with a username so the tests will pass when there is a
  cached username (such as on a Fedora system that has Bodhi credentials) (773232b).
• A new subclass of webtest.TestApp was created so tests would pass on Python 3
  (847873f).
• devel/Vagrantfile.example was renamed to Vagrantfile (e985fa3).
• The tests now pass on systems that don't use UTC (6354367).
• Python 3 line test coverage was significantly increased, up to 98%.
• A few warnings have been fixed.

Contributors

The following developers contributed to Bodhi 3.9.0:

• Clement Verna
• Eli Young
• Lumir Balhar
• Mattia Verga
• Miro Hrončok
• Owen W. Taylor
• Patrick Uiterwijk
• Pierre-Yves Chibon
• Ralph Bean
• Vismay Golwala
• Randy Barlow

Bodhi 3.8.1 released

Bug

• Fix two incompatibilities with Python 3.7 (#2436 and #2438).

Contributor

Thanks to Miro Hrončok for fixing these issues.