Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PyPI package event notification feature #5714

Closed
vishleshp opened this issue Apr 18, 2019 · 14 comments
Closed

PyPI package event notification feature #5714

vishleshp opened this issue Apr 18, 2019 · 14 comments
Labels
feature request good first issue This issue is ideal for first-time contributors! help needed We'd love volunteers to advise on or help fix/implement this.

Comments

@vishleshp
Copy link

vishleshp commented Apr 18, 2019
edited by di

What's the problem this feature will solve?
It seems deleting a pypi package is possible - How to remove a package from Pypi

This can cause problems if multiple team members have access to PyPI account holding the PyPI package and permissions. A person can accidentally delete a package if a person don't know dependent packages using the specific versions of a particular package.

It would be great if pypi starts supporting notifications feature where PyPI can send a notification if someone performs delete operation.

Also, in addition, it would be great to have notification when someone performs a upload of new package in PyPI repo, everyone receives notification.

Describe the solution you'd like

Basic ask:
It would be great if PyPI starts supporting notifications feature where PyPI can send a notification if someone performs delete operation.
Good to have:
It would be great to have notification when someone performs a upload of new package in PyPI repo, everyone receives notification.

Additional context
https://stackoverflow.com/questions/55710802/how-to-protect-pypi-package-from-being-deleted
@di di changed the title Pypi package event notification feature PyPI package event notification feature Apr 30, 2019
@di di added the good first issue This issue is ideal for first-time contributors! label May 4, 2019
@brainwane
Copy link
Contributor

My gut tells me we should implement this with or after #5863, and that it might in fact be blocked on #5863.

@brainwane brainwane added the blocked Issues we can't or shouldn't get to yet label May 16, 2019
@brainwane
Copy link
Contributor

Yup: to do this the right way, we should wait till we have #5863 implemented, so we can draw on the event logging and use it to trigger this notification.

@brainwane brainwane added help needed We'd love volunteers to advise on or help fix/implement this. and removed blocked Issues we can't or shouldn't get to yet labels Aug 15, 2019
@brainwane
Copy link
Contributor

Now unblocked! See #5863 for related issues and requests for notifications of specific kinds of events, and #6339 for events currently being logged.

This was referenced Aug 15, 2019
Open
Closed
@calvin
Copy link
Contributor

calvin commented Sep 13, 2019

What would be the notification medium? Email?

@vishleshpatel
Copy link

@calvin email shall be sufficient. Even better if SMS can be added too.

@calvin
Copy link
Contributor

calvin commented Sep 14, 2019

Scope:

  • Send a email notification to all collaborators when new version of the package is uploaded.
  • Send a email notification to all collaborators when a version is deleted.
  • Send a email notification to all collaborators when a file from a version is deleted.
  • Send a email notification to all collaborators when the project is deleted.

@MVrachev
Copy link
Contributor

MVrachev commented Dec 2, 2019

@calvin are you working on this?

If not, I want to work on that issue.

@MVrachev
Copy link
Contributor

MVrachev commented Dec 9, 2019
edited

I will work on this.
First I plan to implement email notifications to all contributors when

  • project was deleted
  • a version of a project was deleted

Then probably I will work on the rest of the features.

MVrachev added a commit to MVrachev/warehouse that referenced this issue Dec 9, 2019
@MVrachev
Add templates of removal of a pkg/pkg release
6fa91f0 
This commit is a first part of implementing
issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Dec 9, 2019
@MVrachev
Add templates of removal of a pkg/pkg release
c0c3e42 
This commit is a first part of implementing
issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Dec 9, 2019
@MVrachev
Add templates of removal of a pkg/pkg release
18c8e53 
This commit is the first part of implementing
issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
@MVrachev MVrachev mentioned this issue Dec 9, 2019
Merged
MVrachev added a commit to MVrachev/warehouse that referenced this issue Dec 9, 2019
@MVrachev
Add templates of removal of a pkg/pkg release
217a29b 
This commit is the first part of implementing
issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Dec 9, 2019
@MVrachev
Add templates of removal of a pkg/pkg release
9a22e56 
This commit is the first part of implementing
issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
@MVrachev
Copy link
Contributor

How can I test this feature locally?

I didn't succeed with trying:

  1. I created a new build with my changes.
  2. Then I used make serve and make initdb
  3. I logged in with the ewdurbin profile.
  4. In Account options, I added my email address.
  5. From the logs, it seems that the email was successfully sent.
  6. Then I looked at my profile and I didn't saw any email from Warehouse...
    Checked multiple times with 2 different email addresses.

@ewdurbin
Copy link
Member

ewdurbin commented Dec 20, 2019
edited

@MVrachev local development environment for warehouse does not deliver emails to the internet. instead, the emails are accepted by the development SMTP service stand-in and will appear in the docker logs.

That's not the most friendly, we should probably look into replacing this stand-in with something like MailHog.

MVrachev pushed a commit to MVrachev/warehouse that referenced this issue Jan 15, 2020
@di @MVrachev
Add email notication on package/release removal
f82fdec 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev pushed a commit to MVrachev/warehouse that referenced this issue Jan 15, 2020
@di @MVrachev
Add email notication on package/release removal
db8ce96 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Feb 1, 2020
@MVrachev
Add email notication on package/release removal
449418d 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Feb 1, 2020
@MVrachev
Add email notication on package/release removal
04c437e 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Feb 10, 2020
@MVrachev
Add email notication on package/release removal
7a0ea1f 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Feb 10, 2020
@MVrachev
Add email notication on package/release removal
9d33268 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Feb 18, 2020
@MVrachev
Add email notication on package/release removal
e62d613 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Feb 18, 2020
@MVrachev
Add email notication on package/release removal
18637f1 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Feb 25, 2020
@MVrachev
Add email notication on package/release removal
b7cd720 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
@MVrachev
Copy link
Contributor

The base work for

  • Send a email notification to all collaborators when a version is deleted.
  • Send a email notification to all collaborators when a version is deleted.

is completed by me in pr #7071

I plan to continue my work with:

  • Send a email notification to all collaborators when a file from a version is deleted.

After reading issue #997 I realized that
Send a email notification to all collaborators when new version of the package is uploaded is not so simple to be implemented if you want to do it the right way with option to opt out from those emails.

That's why I think Send a email notification to all collaborators when new version of the package is uploaded is shouldn't be considered as part of this issue.

@MVrachev
Copy link
Contributor

@calvin when you mentioned that it will be good to Send a email notification to all collaborators when a file from a version is deleted. what did you mean?

I find in the warehouse repository only delete_project_release_file function in the warehouse\manage\views.py file.
Do you mean that?

MVrachev added a commit to MVrachev/warehouse that referenced this issue Feb 28, 2020
@MVrachev
Add email notication on package/release removal
2b60238 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Mar 3, 2020
@MVrachev
Add email notication on package/release removal
8939292 
Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
ewdurbin pushed a commit that referenced this issue Mar 3, 2020
@MVrachev
Add email notification on project/release removal (#7071)
64b910f 
* Add email notication on package/release removal

Until now, where there are multiple contributors on a single
the project, if one of them deletes a release or the whole
project the other contributors don't get any notification,
which is problematic.

Connected with issue #5714.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>

* Use lower case for submitter role

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>

* Update messages.pot with remove emails

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Mar 5, 2020
@MVrachev
Add email templates for removed file from release
98d46ac 
Until now, when there are multiple contributors on a single
the project, if one of them deletes a file from certain release
the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
@MVrachev MVrachev mentioned this issue Mar 5, 2020
Merged
MVrachev added a commit to MVrachev/warehouse that referenced this issue Mar 5, 2020
@MVrachev
Add email templates for removed file from release
5a781a8 
Until now, when there are multiple contributors on a single
the project, if one of them deletes a file from certain release
the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Mar 9, 2020
@MVrachev
Add email templates for removed file from release
940cb19 
Until now, when there are multiple contributors on a single
the project, if one of them deletes a file from certain release
the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Mar 12, 2020
@MVrachev
Add email templates for removed file from release
a920b9b 
Until now, when there are multiple contributors on a single
the project, if one of them deletes a file from certain release
the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Mar 18, 2020
@MVrachev
Add email templates for removed file from release
c66ad74 
Until now, when there are multiple contributors on a single
the project, if one of them deletes a file from certain release
the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
MVrachev added a commit to MVrachev/warehouse that referenced this issue Mar 19, 2020
@MVrachev
Add email templates for removed file from release
4a25fc6 
Until now, when there are multiple contributors on a single
the project, if one of them deletes a file from certain release
the other contributors don't get any notification,
which is problematic.

Connected with issue pypi#5714

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
di pushed a commit that referenced this issue Mar 20, 2020
@MVrachev
Add email templates for removed file from release (#7498)
f8c866c 
Until now, when there are multiple contributors on a single
the project, if one of them deletes a file from certain release
the other contributors don't get any notification,
which is problematic.

Connected with issue #5714

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
@berinhard
Copy link
Contributor

Should this issue still be open? @vishleshp says at the issue description:

Basic ask:
It would be great if PyPI starts supporting notifications feature where PyPI can send a notification if someone performs delete operation.
Good to have:
It would be great to have notification when someone performs a upload of new package in PyPI repo, everyone receives notification.

I think #7071 and #7498 (thanks @MVrachev) already covers the basic part and #997 address what's left in a more detailed way. But I'm not sure if this issue also stands for a more generic and extensible notification system. Is that the case?

@di
Copy link
Member

di commented Dec 1, 2021

Yep, closing this.

@di di closed this as completed Dec 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request good first issue This issue is ideal for first-time contributors! help needed We'd love volunteers to advise on or help fix/implement this.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@calvin @berinhard @di @brainwane @ewdurbin @vishleshpatel @MVrachev @vishleshp