From 7a1863317ae3e24b6fb640c0447d3857149b6139 Mon Sep 17 00:00:00 2001
From: Nicolas Giard <github@ngpixel.com>
Date: Tue, 18 Jun 2024 18:46:03 -0400
Subject: [PATCH 1/9] chore: Update k8s/datatracker.yaml

---
 k8s/datatracker.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/k8s/datatracker.yaml b/k8s/datatracker.yaml
index ee8248927..8603d0c50 100644
--- a/k8s/datatracker.yaml
+++ b/k8s/datatracker.yaml
@@ -64,6 +64,9 @@ spec:
           env:
             - name: "CONTAINER_ROLE"
               value: "datatracker"
+            # ensures the pod gets recreated on every deploy:
+            - name: "DEPLOY_UID"
+              value: "$DEPLOY_UID"
           envFrom:
             - configMapRef:
                 name: django-config

From bd3364bbd2b15f788fa245f5b5cbaae748406c31 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 19:35:23 -0400
Subject: [PATCH 2/9] chore(deps): bump docker/build-push-action from 5 to 6
 (#7547)

* chore(deps): bump docker/build-push-action from 5 to 6

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: disable docker build summary

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
---
 .github/workflows/build-base-app.yml          | 4 +++-
 .github/workflows/build-celery-worker.yml     | 4 +++-
 .github/workflows/build-mq-broker.yml         | 4 +++-
 .github/workflows/build.yml                   | 4 +++-
 .github/workflows/dev-assets-sync-nightly.yml | 4 +++-
 5 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-base-app.yml b/.github/workflows/build-base-app.yml
index 85842d9dc..3995b4b49 100644
--- a/.github/workflows/build-base-app.yml
+++ b/.github/workflows/build-base-app.yml
@@ -34,7 +34,9 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker Build & Push
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      env:
+        DOCKER_BUILD_NO_SUMMARY: true
       with:
         context: .
         file: docker/base.Dockerfile
diff --git a/.github/workflows/build-celery-worker.yml b/.github/workflows/build-celery-worker.yml
index 9c37d02ce..d14e4f2c8 100644
--- a/.github/workflows/build-celery-worker.yml
+++ b/.github/workflows/build-celery-worker.yml
@@ -35,7 +35,9 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker Build & Push
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      env:
+        DOCKER_BUILD_NO_SUMMARY: true
       with:
         context: .
         file: dev/celery/Dockerfile
diff --git a/.github/workflows/build-mq-broker.yml b/.github/workflows/build-mq-broker.yml
index ba935405f..8c6f1e6ae 100644
--- a/.github/workflows/build-mq-broker.yml
+++ b/.github/workflows/build-mq-broker.yml
@@ -37,7 +37,9 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Docker Build & Push
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      env:
+        DOCKER_BUILD_NO_SUMMARY: true
       with:
         context: .
         file: dev/mq/Dockerfile
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5d5233656..e42685678 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -240,7 +240,9 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Build Release Docker Image
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
+      env:
+        DOCKER_BUILD_NO_SUMMARY: true
       with:
         context: .
         file: dev/build/Dockerfile
diff --git a/.github/workflows/dev-assets-sync-nightly.yml b/.github/workflows/dev-assets-sync-nightly.yml
index bfb50bd41..a7fe67f01 100644
--- a/.github/workflows/dev-assets-sync-nightly.yml
+++ b/.github/workflows/dev-assets-sync-nightly.yml
@@ -39,7 +39,9 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker Build & Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
+        env:
+          DOCKER_BUILD_NO_SUMMARY: true
         with:
           context: .
           file: dev/shared-assets-sync/Dockerfile

From b9be2536cc9bd2e85d462064ad43c107033ae625 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Jun 2024 19:36:30 -0400
Subject: [PATCH 3/9] chore(deps): bump codecov/codecov-action from 4.4.1 to
 4.5.0 (#7548)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.1 to 4.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.4.1...v4.5.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 1c44bb6f2..616ffdcc6 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -59,7 +59,7 @@ jobs:
         path: geckodriver.log
 
     - name: Upload Coverage Results to Codecov
-      uses: codecov/codecov-action@v4.4.1
+      uses: codecov/codecov-action@v4.5.0
       with:
         files: coverage.xml
         

From 74cdc1585309f86d4d43e236dba8903ccb394dd6 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Wed, 19 Jun 2024 15:43:43 -0300
Subject: [PATCH 4/9] ci: get registration API key from env (#7564)

---
 k8s/django-config.yaml | 2 ++
 k8s/settings_local.py  | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/k8s/django-config.yaml b/k8s/django-config.yaml
index 9ece6fa9e..eff4eb802 100644
--- a/k8s/django-config.yaml
+++ b/k8s/django-config.yaml
@@ -57,6 +57,8 @@ data:
     yeUc2Ykkwemt3U0IKcXZOVStxUldpK1lYcklUc2duOTIvZ1Z4WDVBb0swbitzNUx4
     N2ZwanhrQVJWaTY2U0Y2elRKblgKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
 
+  #DATATRACKER_REGISTRATION_API_KEY: "some-key"  # secret"
+
   # DATATRACKER_MEETECHO_API_BASE: "https://meetings.conf.meetecho.com/api/v1/"
   DATATRACKER_MEETECHO_CLIENT_ID: "this-is-the-meetecho-client-id"  # secret
   DATATRACKER_MEETECHO_CLIENT_SECRET: "this-is-the-meetecho-client-secret"  # secret
diff --git a/k8s/settings_local.py b/k8s/settings_local.py
index 8fd9530d7..84a76eb12 100644
--- a/k8s/settings_local.py
+++ b/k8s/settings_local.py
@@ -118,7 +118,10 @@ IANA_SYNC_PROTOCOLS_URL = "http://www.iana.org/protocols/"
 
 RFC_EDITOR_NOTIFICATION_URL = "http://www.rfc-editor.org/parser/parser.php"
 
-STATS_REGISTRATION_ATTENDEES_JSON_URL = 'https://registration.ietf.org/{number}/attendees/?apikey=redacted'
+_registration_api_key = os.environ.get("DATATRACKER_REGISTRATION_API_KEY", None)
+if _registration_api_key is None:
+    raise RuntimeError("DATATRACKER_REGISTRATION_API_KEY must be set")
+STATS_REGISTRATION_ATTENDEES_JSON_URL = f"https://registration.ietf.org/{{number}}/attendees/?apikey={_registration_api_key}"
 
 #FIRST_CUTOFF_DAYS = 12
 #SECOND_CUTOFF_DAYS = 12

From ad9fb85551a9f7a2f56c7b5250b8fe758ca54327 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Wed, 19 Jun 2024 18:24:45 -0300
Subject: [PATCH 5/9] ci: replace htpasswd2 with /bin/true (#7567)

---
 k8s/settings_local.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/k8s/settings_local.py b/k8s/settings_local.py
index 84a76eb12..3735fc4fe 100644
--- a/k8s/settings_local.py
+++ b/k8s/settings_local.py
@@ -130,7 +130,8 @@ STATS_REGISTRATION_ATTENDEES_JSON_URL = f"https://registration.ietf.org/{{number
 MEETING_MATERIALS_SUBMISSION_CUTOFF_DAYS = 26
 MEETING_MATERIALS_SUBMISSION_CORRECTION_DAYS = 54
 
-HTPASSWD_COMMAND = "/usr/bin/htpasswd2"
+# disable htpasswd by setting to a do-nothing command
+HTPASSWD_COMMAND = "/bin/true"
 
 _MEETECHO_CLIENT_ID = os.environ.get("DATATRACKER_MEETECHO_CLIENT_ID", None)
 _MEETECHO_CLIENT_SECRET = os.environ.get("DATATRACKER_MEETECHO_CLIENT_SECRET", None)

From a28bf984028ad51bf0b76c2a609d10076adb91de Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Thu, 20 Jun 2024 11:22:03 -0300
Subject: [PATCH 6/9] ci: writable /var/cache/xml2rfc

---
 k8s/datatracker.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/k8s/datatracker.yaml b/k8s/datatracker.yaml
index 8603d0c50..838ad9522 100644
--- a/k8s/datatracker.yaml
+++ b/k8s/datatracker.yaml
@@ -58,6 +58,8 @@ spec:
               mountPath: /a
             - name: dt-tmp
               mountPath: /tmp
+            - name: dt-xml2rfc-cache
+              mountPath: /var/cache/xml2rfc
             - name: dt-cfg
               mountPath: /workspace/ietf/settings_local.py
               subPath: settings_local.py
@@ -84,6 +86,9 @@ spec:
         - name: dt-tmp
           emptyDir:
             sizeLimit: "2Gi"
+        - name: dt-xml2rfc-cache
+          emptyDir:
+            sizeLimit: "2Gi"
         - name: dt-cfg
           configMap:
             name: files-cfgmap

From b3fb20cf97d153e97b9520f92fcf45b9d246a719 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Thu, 20 Jun 2024 11:27:21 -0300
Subject: [PATCH 7/9] ci: /var/cache/xml2rfc-cache for celery

---
 k8s/celery.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/k8s/celery.yaml b/k8s/celery.yaml
index e0e506269..f1abfda62 100644
--- a/k8s/celery.yaml
+++ b/k8s/celery.yaml
@@ -60,6 +60,8 @@ spec:
               mountPath: /a
             - name: dt-tmp
               mountPath: /tmp
+            - name: dt-xml2rfc-cache
+              mountPath: /var/cache/xml2rfc
             - name: dt-cfg
               mountPath: /workspace/ietf/settings_local.py
               subPath: settings_local.py
@@ -83,6 +85,9 @@ spec:
         - name: dt-tmp
           emptyDir:
             sizeLimit: "2Gi"
+        - name: dt-xml2rfc-cache
+          emptyDir:
+            sizeLimit: "2Gi"
         - name: dt-cfg
           configMap:
             name: files-cfgmap

From 66b30958785066a34e94cad5324ae1e63276fb16 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Thu, 20 Jun 2024 11:34:57 -0300
Subject: [PATCH 8/9] ci: writeable /home/datatracker

---
 k8s/celery.yaml      | 5 +++++
 k8s/datatracker.yaml | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/k8s/celery.yaml b/k8s/celery.yaml
index f1abfda62..dfb20fa40 100644
--- a/k8s/celery.yaml
+++ b/k8s/celery.yaml
@@ -60,6 +60,8 @@ spec:
               mountPath: /a
             - name: dt-tmp
               mountPath: /tmp
+            - name: dt-home
+              mountPath: /home/datatracker
             - name: dt-xml2rfc-cache
               mountPath: /var/cache/xml2rfc
             - name: dt-cfg
@@ -88,6 +90,9 @@ spec:
         - name: dt-xml2rfc-cache
           emptyDir:
             sizeLimit: "2Gi"
+        - name: dt-home
+          emptyDir:
+            sizeLimit: "2Gi"
         - name: dt-cfg
           configMap:
             name: files-cfgmap
diff --git a/k8s/datatracker.yaml b/k8s/datatracker.yaml
index 838ad9522..72e35b73d 100644
--- a/k8s/datatracker.yaml
+++ b/k8s/datatracker.yaml
@@ -58,6 +58,8 @@ spec:
               mountPath: /a
             - name: dt-tmp
               mountPath: /tmp
+            - name: dt-home
+              mountPath: /home/datatracker
             - name: dt-xml2rfc-cache
               mountPath: /var/cache/xml2rfc
             - name: dt-cfg
@@ -89,6 +91,9 @@ spec:
         - name: dt-xml2rfc-cache
           emptyDir:
             sizeLimit: "2Gi"
+        - name: dt-home
+          emptyDir:
+            sizeLimit: "2Gi"
         - name: dt-cfg
           configMap:
             name: files-cfgmap

From c8471d47d375b1c340fd92d4203d18acd2ab26d1 Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@staff.ietf.org>
Date: Fri, 21 Jun 2024 11:33:00 -0300
Subject: [PATCH 9/9] chore: remove is_secure() check (#7575)

---
 ietf/sync/views.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/ietf/sync/views.py b/ietf/sync/views.py
index da407e1ef..87447111f 100644
--- a/ietf/sync/views.py
+++ b/ietf/sync/views.py
@@ -52,9 +52,6 @@ def notify(request, org, notification):
     password = request.POST.get("password") or request.GET.get("password")
 
     if username != None and password != None:
-        if settings.SERVER_MODE == "production" and not request.is_secure():
-            permission_denied(request, "You must use HTTPS when sending username/password.")
-
         if not user.is_authenticated:
             try:
                 user = User.objects.get(username__iexact=username)