Merge branch 'main' into feat/environment-document-identity-overrides

Author: khvn26

.github/workflows/api-audit.yml

@@ -17,13 +17,14 @@ jobs:
       - name: Cloning repo
         uses: actions/checkout@v4
 
-      - name: Set up Python 3.11
+      - name: Set up Python 3.12
         uses: actions/setup-python@v5
         with:
-          python-version: '3.11'
+          python-version: '3.12'
 
+      # Ignore CVE-2023-6129 as per https://github.com/pyca/pyopenssl/issues/1300
       - name: Run Audit
         run: |
           make install
           poetry self add poetry-audit-plugin==0.4.0
-          poetry audit
+          poetry audit --ignore-code=CVE-2023-6129

.github/workflows/api-merge.yml

@@ -23,11 +23,6 @@ jobs:
         ports: ['5432:5432']
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
 
-    strategy:
-      max-parallel: 2
-      matrix:
-        python-version: ['3.10', '3.11']
-
     steps:
       - name: Cloning repo
         uses: actions/checkout@v4
@@ -37,7 +32,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: 3.12
           cache: 'poetry'
 
       - name: Install Dependencies
@@ -66,7 +61,7 @@ jobs:
       - name: Upload Coverage
         uses: codecov/codecov-action@v4
         env:
-          PYTHON: ${{ matrix.python-version }}
+          PYTHON: '3.12'
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           env_vars: PYTHON

.github/workflows/api-pull-request.yml

@@ -32,11 +32,6 @@ jobs:
         ports: ['5432:5432']
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
 
-    strategy:
-      max-parallel: 2
-      matrix:
-        python-version: ['3.10', '3.11', '3.12']
-
     steps:
       - name: Cloning repo
         uses: actions/checkout@v4
@@ -46,7 +41,7 @@ jobs:
 
       - uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: 3.12
           cache: 'poetry'
 
       - name: Install Dependencies
@@ -75,7 +70,7 @@ jobs:
       - name: Upload Coverage
         uses: codecov/codecov-action@v4
         env:
-          PYTHON: ${{ matrix.python-version }}
+          PYTHON: 3.12
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           env_vars: PYTHON

.github/workflows/api-tests-with-private-packages.yml

@@ -34,11 +34,6 @@ jobs:
         ports: ['5432:5432']
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
 
-    strategy:
-      max-parallel: 4
-      matrix:
-        python-version: ['3.10', '3.11']
-
     steps:
       - name: Cloning repo
         uses: actions/checkout@v4
@@ -47,7 +42,7 @@ jobs:
         run: pipx install poetry
       - uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: '3.12'
           cache: 'poetry'
 
       - name: Install Dependencies

.github/workflows/update-flagsmith-environment.yml

@@ -19,10 +19,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Python 3.11
+      - name: Set up Python 3.12
         uses: actions/setup-python@v5
         with:
-          python-version: 3.11
+          python-version: 3.12
           cache: pip
 
       - name: Install Dependencies

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "2.107.4"
+  ".": "2.109.0"
 }

CHANGELOG.md

@@ -1,5 +1,45 @@
 # Changelog
 
+## [2.109.0](https://github.com/Flagsmith/flagsmith/compare/v2.108.1...v2.109.0) (2024-04-23)
+
+
+### Features
+
+* Ability to customise default environments for new project ([#3655](https://github.com/Flagsmith/flagsmith/issues/3655)) ([cfb5748](https://github.com/Flagsmith/flagsmith/commit/cfb57484597274506f44c86ec4f089b1fe4c0f14))
+* Report database errors when waiting for database in entrypoint ([#3823](https://github.com/Flagsmith/flagsmith/issues/3823)) ([a66c262](https://github.com/Flagsmith/flagsmith/commit/a66c262bf169ed887418338efc735eee79884e87))
+* Show organisation name in header ([#3808](https://github.com/Flagsmith/flagsmith/issues/3808)) ([10b14fd](https://github.com/Flagsmith/flagsmith/commit/10b14fd6a73462305087832ed750752b3157be80))
+* Show organisation name in HTML title ([#3814](https://github.com/Flagsmith/flagsmith/issues/3814)) ([ccfe3c3](https://github.com/Flagsmith/flagsmith/commit/ccfe3c3ddea9cd7123e4576428c6a79c15ae5f5a))
+* stale flags (FE) ([#3606](https://github.com/Flagsmith/flagsmith/issues/3606)) ([424b754](https://github.com/Flagsmith/flagsmith/commit/424b754cbdfdb079c76de7c890848884402b6ed2))
+
+
+### Bug Fixes
+
+* archived persistence ([#3802](https://github.com/Flagsmith/flagsmith/issues/3802)) ([40363dc](https://github.com/Flagsmith/flagsmith/commit/40363dc8171520bee32227056c0496f283647b52))
+* broken link in New Segment modal ([#3820](https://github.com/Flagsmith/flagsmith/issues/3820)) ([97c5db7](https://github.com/Flagsmith/flagsmith/commit/97c5db7f9649077b230c19e67b2b4243d3478319))
+* master api key org api access ([#3817](https://github.com/Flagsmith/flagsmith/issues/3817)) ([cae2eac](https://github.com/Flagsmith/flagsmith/commit/cae2eacf2325cc3d6c4b6b590e3046fe0513844d))
+* Set error value from validation exception properly for feature seralizer ([#3809](https://github.com/Flagsmith/flagsmith/issues/3809)) ([18d8214](https://github.com/Flagsmith/flagsmith/commit/18d8214c760ee02a0b05ccc647868bbabc044a25))
+
+## [2.108.1](https://github.com/Flagsmith/flagsmith/compare/v2.108.0...v2.108.1) (2024-04-18)
+
+
+### Bug Fixes
+
+* prevent unauthorised remove-users access ([#3791](https://github.com/Flagsmith/flagsmith/issues/3791)) ([05353a5](https://github.com/Flagsmith/flagsmith/commit/05353a5fbe661d504abdede8875f450c4cc8dce5))
+
+## [2.108.0](https://github.com/Flagsmith/flagsmith/compare/v2.107.4...v2.108.0) (2024-04-17)
+
+
+### Features
+
+* Swagger schema for environment document ([#3789](https://github.com/Flagsmith/flagsmith/issues/3789)) ([dd89326](https://github.com/Flagsmith/flagsmith/commit/dd893262cff97a1b301a346737c106afc58bc146))
+
+
+### Bug Fixes
+
+* edge API not updated when versioned change request committed ([#3760](https://github.com/Flagsmith/flagsmith/issues/3760)) ([a7ee657](https://github.com/Flagsmith/flagsmith/commit/a7ee6578b5923c9f85527a022f88b1aaa0fe5a04))
+* handle InfluxDBError when writing data ([#3788](https://github.com/Flagsmith/flagsmith/issues/3788)) ([1eaa823](https://github.com/Flagsmith/flagsmith/commit/1eaa823d3b7a2167ba424c83838bb72a4b2ec7ad))
+* odd behaviour seen when using REPLICA_DATABASE_URLS ([#3771](https://github.com/Flagsmith/flagsmith/issues/3771)) ([ec9e8ab](https://github.com/Flagsmith/flagsmith/commit/ec9e8ab30d224042e1bc07c00355f7b3e1b3977a))
+
 ## [2.107.4](https://github.com/Flagsmith/flagsmith/compare/v2.107.3...v2.107.4) (2024-04-17)
 
 

api/.env-ci

@@ -1,4 +1,5 @@
 DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
 ANALYTICS_DATABASE_URL=postgres://postgres:postgres@localhost:5432/analytics
-PYTEST_ADDOPTS=--cov . --cov-report xml -n auto --dist worksteal
+PYTEST_ADDOPTS=--cov . --cov-report xml -n auto --dist worksteal --ci
 GUNICORN_LOGGER_CLASS=util.logging.GunicornJsonCapableLogger
+COVERAGE_CORE=sysmon

api/.env-local

@@ -1,4 +1,3 @@
 DATABASE_URL=postgresql://postgres:password@localhost:5432/flagsmith
 DJANGO_SETTINGS_MODULE=app.settings.local
 PYTEST_ADDOPTS=--cov . --cov-report html -n auto
-GUNICORN_LOGGER_CLASS=util.logging.GunicornJsonCapableLogger

api/Makefile

@@ -9,6 +9,8 @@ DOTENV_OVERRIDE_FILE ?= .env
 
 POETRY_VERSION ?= 1.8.2
 
+GUNICORN_LOGGER_CLASS ?= util.logging.GunicornJsonCapableLogger
+
 -include .env-local
 -include $(DOTENV_OVERRIDE_FILE)
 

api/api_keys/user.py

@@ -2,7 +2,7 @@
 
 from django.db.models import QuerySet
 
-from organisations.models import Organisation
+from organisations.models import Organisation, OrganisationRole
 from permissions.permission_service import (
     get_permitted_environments_for_master_api_key,
     get_permitted_projects_for_master_api_key,
@@ -35,9 +35,29 @@ def pk(self) -> str:
     def is_master_api_key_user(self) -> bool:
         return True
 
+    @property
+    def organisations(self) -> QuerySet[Organisation]:
+        return Organisation.objects.filter(id=self.key.organisation_id)
+
     def belongs_to(self, organisation_id: int) -> bool:
         return self.key.organisation_id == organisation_id
 
+    def is_organisation_admin(
+        self, organisation: typing.Union["Organisation", int]
+    ) -> bool:
+        org_id = organisation.id if hasattr(organisation, "id") else organisation
+        return self.key.is_admin and self.key.organisation_id == org_id
+
+    def get_organisation_role(self, organisation: Organisation) -> typing.Optional[str]:
+        if self.key.organisation_id != organisation.id:
+            return None
+
+        return (
+            OrganisationRole.ADMIN.value
+            if self.key.is_admin
+            else OrganisationRole.USER.value
+        )
+
     def is_project_admin(self, project: "Project") -> bool:
         return is_master_api_key_project_admin(self.key, project)
 

api/app/settings/common.py

@@ -125,6 +125,7 @@
     "permissions",
     "projects.tags",
     "api_keys",
+    "features.feature_external_resources",
     # 2FA
     "trench",
     # health check plugins
@@ -147,6 +148,7 @@
     "integrations.dynatrace",
     "integrations.flagsmith",
     "integrations.launch_darkly",
+    "integrations.github",
     # Rate limiting admin endpoints
     "axes",
     "telemetry",
@@ -887,6 +889,10 @@
 # Slack Integration
 SLACK_CLIENT_ID = env.str("SLACK_CLIENT_ID", default="")
 SLACK_CLIENT_SECRET = env.str("SLACK_CLIENT_SECRET", default="")
+# GitHub integrations
+GITHUB_PEM = env.str("GITHUB_PEM", default="")
+GITHUB_APP_ID: int = env.int("GITHUB_APP_ID", default=0)
+
 
 # MailerLite
 MAILERLITE_BASE_URL = env.str(
@@ -1037,29 +1043,7 @@
 HUBSPOT_IGNORE_DOMAINS = env.list("HUBSPOT_IGNORE_DOMAINS", [])
 HUBSPOT_IGNORE_DOMAINS_REGEX = env("HUBSPOT_IGNORE_DOMAINS_REGEX", "")
 HUBSPOT_IGNORE_ORGANISATION_DOMAINS = env.list(
-    "HUBSPOT_IGNORE_ORGANISATION_DOMAINS",
-    [
-        "126.com",
-        "163.com",
-        "aol.com",
-        "att.net",
-        "comcast.net",
-        "gmail.com",
-        "gmx.com",
-        "hotmail.com",
-        "icloud.com",
-        "live.com",
-        "mail.com",
-        "mail.ru",
-        "outlook.co.uk",
-        "outlook.com",
-        "protonmail.com",
-        "qq.com",
-        "sina.com",
-        "yahoo.com",
-        "yandex.com",
-        "zoho.com",
-    ],
+    "HUBSPOT_IGNORE_ORGANISATION_DOMAINS", []
 )
 
 # List of plan ids that support seat upgrades

api/app_analytics/influxdb_wrapper.py

@@ -4,6 +4,7 @@
 
 from django.conf import settings
 from influxdb_client import InfluxDBClient, Point
+from influxdb_client.client.exceptions import InfluxDBError
 from influxdb_client.client.write_api import SYNCHRONOUS
 from sentry_sdk import capture_exception
 from urllib3 import Retry
@@ -61,8 +62,12 @@ def add_data_point(self, field_name, field_value, tags=None):
     def write(self):
         try:
             self.write_api.write(bucket=settings.INFLUXDB_BUCKET, record=self.records)
-        except HTTPError:
-            logger.warning("Failed to write records to Influx.")
+        except (HTTPError, InfluxDBError) as e:
+            logger.warning(
+                "Failed to write records to Influx: %s",
+                str(e),
+                exc_info=e,
+            )
             logger.debug(
                 "Records: %s. Bucket: %s",
                 self.records,