[WIP] Add script and tests for moving a batched request to a stable request

[crungehottman]

This will require a cron job added to https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bodhi2/backend/tasks/main.yml

- name: bodhi-dequeue-stable cron job.
  cron: name="bodhi-dequeue-stable" weekday="1" hour="6" minute=0 user="apache"
        job="/usr/bin/bodhi-dequeue-stable /etc/bodhi/production.ini > /dev/null"
        cron_file=bodhi-dequeue-stable-job
  when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
  tags:
  - config
  - bodhi
  - cron

Note: Monday was arbirtarily suggested following #1157. Times are arbirtrarily selected as well and will likely require review/further discussion.

[centos-ci]

This pull request fails CI testing. Please review the Jenkins job.

[bowlofeggs]

It looks like CI failed due to the conflict. Jenkins attempts to rebase all PRs on the develop branch before testing so that we can know the PR was tested against the latest commits.

Can you rebase your branch on develop to resolve the conflicts?

[bowlofeggs]

Just a few initial thoughts. Please do rebase your pull request, and I'll give some more feedback after that!

[bowlofeggs]

For PEP-8, there should be a space between the sys import and the click import, since sys is in the standard library and click is a third party library.

[bowlofeggs]

@jeremycline recently made a cool way to get a query object that will allow you to drop the db = Session() line above and convert this line to be:

batches = models.Update.query.filter_by(request=models.UpdateRequest.batched).all()

It's a little simpler.

[bowlofeggs]

I saw in the models.py code above that it was doing something like this:

self.set_request(db, UpdateRequest.stable, agent)
self.request = models.UpdateRequest.stable

The second line of that seemed a little redundant to me since set_request() seems to do what its name implies. Anyways, I think we probably do want to call set_request() since it does do a few things other than just setting the request.

I also just noted that set_request() currently wants the db Session object which I just advised you to get rid of. This leaves you with two choices: you can refactor set_request() so that it doesn't need the db Session, or you can ignore my previous advice and we can refactor set_request() another day. I'd advise keeping the concerns separate and refactoring another day.

[bowlofeggs]

This is a fine way to do it, but I'll mention that we also have a TransactionalSessionMaker that you can use to handle the db commit/rollback for you. Here's an example of using it:

initialize_db(config)
db_factory = transactional_session_maker()
with db_factory() as session:
    # Your code goes here, and the db_factory will automatically commit for you if no Exception is raised. It will also
    # automatically rollback if one is. Oh, and the ```session``` it gives you is the same thing as the ```db``` variable
    # you have defined, so that's handy too.

[bowlofeggs]

I recommend fixing this spelling error in a separate pull request. This way we can keep the concerns separate and make this PR focus only on making the batched stuff work. Also, the spelling error PR can help pad your GitHub stats ☺

[bowlofeggs]

I would expect that you would need to do another query to refresh the update. Does this line not raise an Exception? Usually sqlalchemy gets real upset if you use an object outside of the transaction it came from. You could/should probably put this line first:

update = self.db.query(models.Update).all()[0]

[bowlofeggs]

I noticed that there are some places where you added or statements between testing and batched, where I would expect batched to make more sense in comparison to stable than testing. However, my expectations could also be flawed. Do you remember why each of these testing lines were or'd with batched?

[centos-ci]

This pull request fails CI testing. Please review the Jenkins job.

[bowlofeggs]

The tests pass, but it appears we need a bit more coverage on a few lines:

$ diff-cover coverage.xml --compare-branch=origin/develop --fail-under=100
-------------
Diff Coverage
Diff: origin/develop...HEAD, staged and unstaged changes
-------------
bodhi/server/models.py (100%)
bodhi/server/scripts/dequeue_stable.py (72.2%): Missing lines 36-40
bodhi/server/validators.py (100%)
-------------
Total:   32 lines
Missing: 5 lines
Coverage: 84%
-------------
Failure. Coverage is below 100.0%.

[bowlofeggs]

Can you add a line at the end of your commit message that says

re #1157

? That will make it so your commit gets referenced on that ticket, but won't close the ticket when it is merged (since we'll have more to do after this). It's nice to be able to see the related work on the ticket.

Just a few more things to change and we'll be good on this one. This looks really good Caleigh, nice work!

[bowlofeggs]

I think we can delete this line since set_request sets the request to stable.

[bowlofeggs]

I think we can similarly delete this line.

[bowlofeggs]

Technically this event has also happened for the batched one in the else clause, so we can probably move this publish to be outside the if/else.

[bowlofeggs]

Let's add a Copyright claim here. Only, I'm not quite sure who to put as the Copyright holder. I started a thread on outreachy-list to ask. If you are on that list, perhaps you can use their feedback to know what to do here. Anyways, once we know who or what organization to give the Copyright to, let's do something like this here:

# -*- coding: utf-8 -*-
# Copyright © 2017 <copyright holder here>
#
# This file is part of Bodhi.
#

and then the rest of the header like you have it here.

[bowlofeggs]

According to Tony Sebro, you get to hold the copyright on this code (neat, huh? In most places, your employer would hold the copyright on code that you are paid to write so that's pretty cool I think). So you should do this in this file and the test file you wrote:

# -*- coding: utf-8 -*-
# Copyright © 2017 Caleigh Runge-Hottman
#
# This file is part of Bodhi.
#
<the rest of the file as you have it, including the GPL stuff>

[bowlofeggs]

Similarly, let's put a Copyright claim here.

[bowlofeggs]

Let's swap the ordering of these imports. For PEP-8, the first group is standard library stuff (like datetime), and the second group is third-party libraries (like click).

[bowlofeggs]

Let's drop this print statement.

[bowlofeggs]

Excellent!

[bowlofeggs]

You could also assert that result.output (I think it's output, but it might be a different attribute - but basically you can get whatever click wrote to the terminal…) is an expected value.

[bowlofeggs]

Let's add another 2 tests to this module:

1. One that asserts that security updates skip batched and go straight to stable when getting the right karma.
2. One that asserts that high severity updates skip batched and go straight to stable when getting the right karma.

I did a quick search and didn't see existing tests like the above, but it's possible I missed them.

[bowlofeggs]

Hi @crungehottman!

I apologize for missing these logic issues during my earlier reviews - not sure how I didn't notice them before. They should be pretty easy to fix though, let me know if you want me to explain any of them further!

[bowlofeggs]

There are two problems I see in this block. First, with Python's order of operations the and's are evaluated before the or. Thus, the above is logically this:

elif (self.status is UpdateStatus.testing and self.request is UpdateRequest.stable) or (UpdateRequest.batched and action is UpdateRequest.revoke):

Note that we only check the action on batched updates now, where I think the intention would be to also check it on stable updates.

Secondly, UpdateRequest.batched will evaluate as True here - I think the intention was probably to say self.request is UpdateRequest.batched.

This is probably a cleaner way to express the above:

elif self.status is UpdateStatus.testing and (self.request is UpdateRequest.stable or self.request is UpdateRequest.batched) and action is UpdateRequest.revoke:

We need the parenthesis around the or clause so that it evaluates before the and operators.

[bowlofeggs]

You could also replace (self.request is UpdateRequest.stable or self.request is UpdateRequest.batched) in my suggestion with self.request in (UpdateRequest.stable, UpdateRequest.batched), eliminating the or and maybe a little shorter too, like this:

elif self.status is UpdateStatus.testing and self.request in (UpdateRequest.stable, UpdateRequest.batched) and action is UpdateRequest.revoke:

[bowlofeggs]

The is operator doesn't quite work this way. I believe the above may always evaluate to False because UpdateRequest.stable or UpdateRequest.batched will evaluate to True, and then action is True will evaluate to False.

Probably we want this:

if action in (UpdateRequest.stable, UpdateRequest.batched) and self.critpath:

Or alternatively,

if (action is UpdateRequest.stable or action is UpdateRequest.batched) and self.critpath:

[bowlofeggs]

Similar problem here.

[bowlofeggs]

This one also has the problem - the or UpdateRequest.batched will become or True, which will make this if statement always be True. You can use the in trick I described above, or repeat the self.request is on the second clause.

[bowlofeggs]

Here's a stylistic suggestion that you can feel free to ignore - just something I find helpful when reading tests (it's certainly not a broader Python convention or anything, and again, you can keep it this way if you like this better):

I like to break my tests into three blocks usually, each block separated by a space. The first block I do things that set up the test, the second block (often just one line) executes the function/method being tested, and the third block has my assertions. So basically, to do that here you could stick an empty line above and block this runner.invoke() line.

Again, just a suggestion, feel free to leave it this way.

[bowlofeggs]

Nice tests!

[bowlofeggs]

Very nice Caleigh, this is coming along well!

I spent some time this morning looking for other places we might want to consider the new batched state, and I think I found a couple where we should also consider the new state.

1. In set_request() I think we should also check requirements on requests for batched.

2. In validate_request() I think we might want to consider the batched request to also be target = UpdateStatus.stable, because that code is ensuring that people don't promote builds that are older than what is already in the target.

[bowlofeggs]

I just noticed that we do need to add the dequeue_stable.py script to the setup.py entry_points so that the script gets generated. I think something like this should work:

bodhi-dequeue-stable = bodhi.server.scripts.dequeue_stable:dequeue_stable

[bowlofeggs]

We also need to initialize the buildsys here, otherwise the script gets an error:

[vagrant@bodhi-dev bodhi]$ bodhi-dequeue-stable 
Buildsys needs to be setup

Here's a patch that sets up the buildsys and also sets up the console script entry point:

diff --git a/bodhi/server/scripts/dequeue_stable.py b/bodhi/server/scripts/dequeue_stable.py
index 70d1ecd..4ca7d00 100644
--- a/bodhi/server/scripts/dequeue_stable.py
+++ b/bodhi/server/scripts/dequeue_stable.py
@@ -22,7 +22,7 @@ import sys
 
 import click
 
-from bodhi.server import config, models, Session, initialize_db
+from bodhi.server import buildsys, config, models, Session, initialize_db
 
 
 @click.command()
@@ -30,6 +30,7 @@ from bodhi.server import config, models, Session, initialize_db
 def dequeue_stable():
     """Convert all batched requests to stable requests."""
     initialize_db(config.config)
+    buildsys.setup_buildsystem(config.config)
     db = Session()
 
     try:
diff --git a/setup.py b/setup.py
index ba739ed..be5180a 100644
--- a/setup.py
+++ b/setup.py
@@ -154,6 +154,7 @@ setup(
     initialize_bodhi_db = bodhi.server.scripts.initializedb:main
     bodhi-babysit-ci = bodhi.server.scripts.babysit_ci:babysit
     bodhi-clean-old-mashes = bodhi.server.scripts.clean_old_mashes:clean_up
+    bodhi-dequeue-stable = bodhi.server.scripts.dequeue_stable:dequeue_stable
     bodhi-push = bodhi.server.push:push
     bodhi-expire-overrides = bodhi.server.scripts.expire_overrides:main
     bodhi-untag-branched = bodhi.server.scripts.untag_branched:main

With that patch I was able to see an update get to batched by me giving it karma, and then I was able to see it get to stable with the script. Very cool!

[TC01]

(I made this comment on the fedora devel list and was told to post it here).

It would be nice if new package updates were also sent directly to stable with something like or self.type is newpackage-- there isn't a compelling reason to batch new package updates (since they won't automatically get installed on an end-user system) and this way they don't get artificially made any slower than they already are, ensuring brand-new packages still get to users in a timely manner.

[bowlofeggs]

I think this suggestion makes sense. @crungehottman, if you can add one more if statement and one more test for new packages, that would be great!

[mattdm]

Many security updates are really of low priority, as they happen only in unlikely configurations or have extremely minor consequences. I think we want to batch these too. Given that the word "urgent" means what it does, it makes most sense to me to batch all updates (security or otherwise) unless marked urgent.

However, I'm very open to being convinced that we should include "important" security updates too. (One point in favor of this: GNOME Software's security update notifier claims that "important updates" are pending when there is a security update available.)

Additionally — and possibly a whole separate issue — I think we should force Severity to "unspecified" for New Package and Enhancement updates. Because, as Randy says, "This newpackage update is urgently severe! Have some severe new features!" is not really the... intent.

[bowlofeggs]

Cool, this looks great! I only found one minor thing to fix, and I also suggest writing one more test to ensure the "push to stable" button appears when an update is already batched.

I don't want to hold up this PR any longer for those two little changes so I'll go ahead and merge this. Can you send two new PRs for the minor fix and the one extra test?

Thanks, this is very good work @crungehottman!

[bowlofeggs]

Excellent, I think this addresses the feedback from the devel list.

[bowlofeggs]

We should correct this docblock to say "new package update" instead of security.