diff --git a/CHANGELOG.md b/CHANGELOG.md
index d3e1f9e..6406e10 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,21 @@ instructions, because git commits are used to generate release notes:
+
+## v19.0.0 (2024-10-23)
+
+- 💥 [Deprecation] Drop support for python 3.8 and set Python 3.9 as the minimum supported python version. (by @Faraz32123)
+- 💥[Improvement] Rename Tutor's two branches (by @DawoudSheraz):
+ * Rename **master** to **release**, as this branch runs the latest official Open edX release tag.
+ * Rename **nightly** to **main**, as this branch runs the Open edX master branches, which are the basis for the next Open edX release.
+- 💥[Feature] Upgrade to Sumac. (by @Faraz32123)
+- [BugFix] Uwsgi workers wasn't starting properly using `UWSGI_WORKERS` flag, passing the value directly fixes the issue. (by @Faraz32123)
+- 💥[Feature] Update Credentials Image to use Ubuntu `24.04` as base OS. (by @Faraz32123)
+ - Add `mime-support` alternatives that are `media-types mailcap`.
+ - Update `python-openssl` to `python3-openssl`.
+- [Bugfix] Fix legacy warnings during Docker build. (by @regisb)
+
+
## v18.0.0 (2024-06-07)
diff --git a/README.rst b/README.rst
index f109051..d27cc21 100644
--- a/README.rst
+++ b/README.rst
@@ -38,7 +38,7 @@ For Copying programs that user make in `Discovery plugin ``) in production. In order to run commands from the UI login with an admin user at: http://credentials.local.edly.io/admin/. User should be able to authenticate with the same username and password that he used for his lms.
+The credentials user interface will be available at http://credentials.local.openedx.io for a local instance, and at ``CREDENTIALS_HOST`` (by default: ``http(s)://credentials.``) in production. In order to run commands from the UI login with an admin user at: http://credentials.local.openedx.io/admin/. User should be able to authenticate with the same username and password that he used for his lms.
User can also create superuser for credentials using the below command
::
@@ -91,7 +91,7 @@ Application Third party authentication
Learner Record UI configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-The Learner Record is configurable dynamically via runtime configuration. To change any of the variables below, go to your LMS's Django admin Site Configuration page (for instance, http://local.edly.io/admin/site_configuration/siteconfiguration/) and add or modify corresponding JSON dict entries in the appropriate site:
+The Learner Record is configurable dynamically via runtime configuration. To change any of the variables below, go to your LMS's Django admin Site Configuration page (for instance, http://local.openedx.io/admin/site_configuration/siteconfiguration/) and add or modify corresponding JSON dict entries in the appropriate site:
- ``SUPPORT_URL_LEARNER_RECORDS`` (default: ``""``): the URL the learner is taken to when clicking the "read more in our records help area" link.
diff --git a/changelog.d/20240621_170044_regis.md b/changelog.d/20240621_170044_regis.md
deleted file mode 100644
index d7d2eb7..0000000
--- a/changelog.d/20240621_170044_regis.md
+++ /dev/null
@@ -1 +0,0 @@
-- [Bugfix] Fix legacy warnings during Docker build. (by @regisb)
diff --git a/changelog.d/20241111_171418_faraz.maqsood_remove_py38_references.md b/changelog.d/20241111_171418_faraz.maqsood_remove_py38_references.md
deleted file mode 100644
index 8b70c7b..0000000
--- a/changelog.d/20241111_171418_faraz.maqsood_remove_py38_references.md
+++ /dev/null
@@ -1 +0,0 @@
-- 💥 [Deprecation] Drop support for python 3.8 and set Python 3.9 as the minimum supported python version. (by @Faraz32123)
diff --git a/changelog.d/20241119_124240_dawoud.sheraz_branch_rename.md b/changelog.d/20241119_124240_dawoud.sheraz_branch_rename.md
deleted file mode 100644
index fb6e264..0000000
--- a/changelog.d/20241119_124240_dawoud.sheraz_branch_rename.md
+++ /dev/null
@@ -1,3 +0,0 @@
-- 💥[Improvement] Rename Tutor's two branches (by @DawoudSheraz):
- * Rename **master** to **release**, as this branch runs the latest official Open edX release tag.
- * Rename **nightly** to **main**, as this branch runs the Open edX master branches, which are the basis for the next Open edX release.
\ No newline at end of file
diff --git a/setup.py b/setup.py
index 4522042..9136d05 100644
--- a/setup.py
+++ b/setup.py
@@ -44,8 +44,8 @@ def load_about():
packages=find_packages(exclude=["tests*"]),
include_package_data=True,
python_requires=">=3.9",
- install_requires=["tutor>=18.0.0,<19.0.0", "tutor-discovery>=18.0.0,<19.0.0", "tutor-mfe>=18.0.0,<19.0.0"],
- extras_require={"dev": ["tutor[dev]>=18.0.0,<19.0.0"]},
+ install_requires=["tutor>=19.0.0,<20.0.0", "tutor-discovery>=19.0.0,<20.0.0", "tutor-mfe>=19.0.0,<20.0.0"],
+ extras_require={"dev": ["tutor[dev]>=19.0.0,<20.0.0"]},
entry_points={"tutor.plugin.v1": ["credentials = tutorcredentials.plugin"]},
classifiers=[
"Development Status :: 5 - Production/Stable",
diff --git a/tutorcredentials/__about__.py b/tutorcredentials/__about__.py
index c6a8b8e..0122a6f 100644
--- a/tutorcredentials/__about__.py
+++ b/tutorcredentials/__about__.py
@@ -1 +1 @@
-__version__ = "18.0.0"
+__version__ = "19.0.0"
diff --git a/tutorcredentials/templates/credentials/build/credentials/Dockerfile b/tutorcredentials/templates/credentials/build/credentials/Dockerfile
index d5f5557..10338c1 100644
--- a/tutorcredentials/templates/credentials/build/credentials/Dockerfile
+++ b/tutorcredentials/templates/credentials/build/credentials/Dockerfile
@@ -1,8 +1,12 @@
# syntax=docker/dockerfile:1
###### Minimal image with base system requirements for most stages
-FROM docker.io/ubuntu:20.04 AS minimal
+FROM docker.io/ubuntu:24.04 AS minimal
ENV DEBIAN_FRONTEND=noninteractive
+
+# Delete default UID=1000 `ubuntu` user to ensure we can use id 1000 for app user
+RUN userdel -r ubuntu
+
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt update && \
@@ -11,7 +15,6 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
ENV LC_ALL=en_US.UTF-8
{{ patch("credentials-dockerfile-minimal") }}
-
###### Install python with pyenv in /opt/pyenv and create virtualenv in /openedx/venv
FROM minimal AS python
# https://github.com/pyenv/pyenv/wiki/Common-build-problems#prerequisites
@@ -19,7 +22,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked apt update && \
apt install -y libssl-dev zlib1g-dev libbz2-dev \
libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev \
- xz-utils tk-dev libffi-dev liblzma-dev python-openssl git
+ xz-utils tk-dev libffi-dev liblzma-dev python3-openssl git
# Install pyenv
# https://www.python.org/downloads/
@@ -36,6 +39,9 @@ RUN $PYENV_ROOT/versions/$PYTHON_VERSION/bin/python -m venv /openedx/venv
###### Checkout credentials
FROM minimal AS code
+# Below warnings will occurr due to the variable name(have word "credentials" in it).
+# - SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "CREDENTIALS_REPOSITORY") (line 41)
+# - SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "CREDENTIALS_VERSION") (line 42)
ARG CREDENTIALS_REPOSITORY="{{ CREDENTIALS_REPOSITORY }}"
ARG CREDENTIALS_VERSION="{{ CREDENTIALS_REPOSITORY_VERSION }}"
RUN mkdir -p /openedx/credentials && \
@@ -64,7 +70,7 @@ RUN --mount=type=cache,target=/openedx/.cache/pip,sharing=shared pip install \
# https://pypi.org/project/setuptools/
# https://pypi.org/project/pip/
# https://pypi.org/project/wheel/
- setuptools==69.1.1 pip==24.0 wheel==0.43.0
+ setuptools==75.1.0 pip==24.2 wheel==0.44.0
# Install base requirements
RUN --mount=type=cache,target=/openedx/.cache/pip,sharing=shared pip install -r requirements/production.txt
@@ -74,7 +80,7 @@ RUN --mount=type=cache,target=/openedx/.cache/pip,sharing=shared pip install \
# Use redis as a django cache https://pypi.org/project/django-redis/
django-redis==5.4.0 \
# uwsgi server https://pypi.org/project/uWSGI/
- uwsgi==2.0.24
+ uwsgi==2.0.27
{{ patch("credentials-dockerfile-post-python-requirements") }}
@@ -102,7 +108,7 @@ FROM minimal AS production
# Install system requirements
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked apt update \
- && apt install -y libxml2 libmysqlclient-dev mime-support
+ && apt install -y libxml2 libmysqlclient-dev media-types mailcap
# From then on, run as unprivileged "app" user
ARG APP_USER_ID=1000
@@ -110,7 +116,7 @@ RUN if [ "$APP_USER_ID" = 0 ]; then echo "app user may not be root" && false; fi
RUN useradd --home-dir /openedx --create-home --shell /bin/bash --uid ${APP_USER_ID} app
USER ${APP_USER_ID}
-# change file ownership to the new app user
+# Change file ownership to the new app user
COPY --chown=app:app --from=code /openedx/credentials /openedx/credentials
COPY --chown=app:app --from=python /opt/pyenv /opt/pyenv
COPY --chown=app:app --from=python-requirements /openedx/venv /openedx/venv
@@ -129,6 +135,8 @@ RUN python manage.py compilemessages
# Setup minimal yml config file, which is required by production settings
RUN echo "{}" > /openedx/config.yml
+# Below warning will occurr due to the variable name(have word "credentials" in it).
+# - SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "CREDENTIALS_CFG") (line 136)
ENV CREDENTIALS_CFG=/openedx/config.yml
{{ patch("credentials-dockerfile-pre-assets") }}
@@ -152,13 +160,13 @@ EXPOSE 8000
###### Final image with production cmd
FROM production AS final
-CMD uwsgi \
- --static-map /static=/openedx/credentials/credentials/assets \
- --static-map /media=/openedx/credentials/credentials/media \
- --http 0.0.0.0:8000 \
- --thunder-lock \
- --single-interpreter \
- --enable-threads \
- --processes=${UWSGI_WORKERS:-2} \
- --buffer-size=8192 \
- --wsgi-file credentials/wsgi.py
+CMD ["uwsgi", \
+ "--static-map", "/static=/openedx/credentials/credentials/assets", \
+ "--static-map", "/media=/openedx/credentials/credentials/media", \
+ "--http", "0.0.0.0:8000", \
+ "--thunder-lock", \
+ "--single-interpreter", \
+ "--enable-threads", \
+ "--processes=2", \
+ "--buffer-size=8192", \
+ "--wsgi-file", "credentials/wsgi.py"]