Apply our pyramid-app cookiecutter to this project

.cookiecutter/cookiecutter.json

@@ -0,0 +1,38 @@
+{
+  "template": "https://github.com/hypothesis/cookiecutters",
+  "checkout": null,
+  "directory": "pyramid-app",
+  "ignore": [
+    "Dockerfile",
+    "lms/app.py",
+    "tests/unit/lms/app_test.py",
+    "lms/pshell.py",
+    "tests/functional/app_test.py",
+    "bin/make_devdata"
+  ],
+  "extra_context": {
+    "name": "LMS",
+    "package_name": "lms",
+    "slug": "lms",
+    "short_description": "An app for integrating Hypothesis with Learning Management Systems (LMS's).",
+    "python_version": "3.8.12",
+    "port": "8001",
+    "github_owner": "hypothesis",
+    "visibility": "public",
+    "copyright_holder": "Hypothesis",
+    "dependabot_pip_interval": "monthly",
+    "dependabot_npm_interval": "monthly",
+    "dependabot_docker_interval": "monthly",
+    "devdata": "yes",
+    "frontend": "yes",
+    "__frontend_typechecking": "yes",
+    "postgres": "yes",
+    "docker": "yes",
+    "__postgres_port": "5433",
+    "__docker_namespace": "hypothesis",
+    "__docker_network": "lms_default",
+    "__github_url": "https://github.com/hypothesis/lms",
+    "__hdev_project_type": "application",
+    "__copyright_year": "2017"
+  }
+}

.cookiecutter/includes/.github/workflows/ci.yml

@@ -0,0 +1,27 @@
+BDD_Tests:
+  name: BDD Tests
+  runs-on: ubuntu-latest
+  services:
+    postgres:
+      image: postgres:11.5-alpine
+      ports:
+      - 5433:5432
+  steps:
+    - uses: actions/checkout@v3
+    - name: Install Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.8'
+    - name: Cache the .tox dir
+      uses: actions/cache@v3
+      with:
+        path: .tox
+        key: bddtests-${{ runner.os }}-tox-${{ hashFiles('tox.ini') }}-${{ hashFiles('requirements/*') }}
+        restore-keys: |
+          bddtests-${{ runner.os }}-tox-
+    - name: Create test database
+      run: psql -U postgres -h localhost -p 5433 -c 'CREATE DATABASE lms_bddtests'
+    - run: yarn install --frozen-lockfile
+    - run: yarn build
+    - run: python -m pip install 'tox<4'
+    - run: tox -e bddtests

.cookiecutter/includes/README/head.md

@@ -0,0 +1,4 @@
+See also:
+
+* [Configuration](docs/configuration.md) - Details of environment variables and setup
+* [Setting up a region](docs/setting-up-a-region.md) - How to setup a new geographic region

.cookiecutter/includes/README/tail.md

@@ -0,0 +1,46 @@
+### Using self signed certificates with HTTPS
+
+By default `make dev` runs the web application on two ports: 8001 for HTTP and 48001 for HTTPS with a self-signed certificate.
+
+Using HTTPS is required in most LMS's for LTI 1.3 and for example in D2L it's required for any usage of their API in all LTI versions.
+
+To use HTTPS you'll need to instruct your browser to trust the self-signed certificate.
+
+In Chrome you can do do this with the following flag:
+
+
+<chrome://flags/#allow-insecure-localhost>
+
+
+### Bypassing the browser's "unsafe scripts" (mixed content) blocking
+
+If you use our hosted Canvas instance at <https://hypothesis.instructure.com/>
+to test your local dev instance of the app you'll get "unsafe scripts" or "mixed content"
+warnings from your browser. This is because hypothesis.instructure.com uses https but your
+local dev app, which is running in an iframe in hypothesis.instructure.com, only uses http.
+
+You'll see a blank iframe in Canvas where the app should be, along with a warning about
+"trying to launch insecure content" like this:
+
+!["Trying to launch insecure content" error](docs/images/trying-to-launch-insecure-content.png "'Trying to launch insecure content' error")
+
+If you open the browser's developer console you should see an error message like:
+
+    Mixed Content: The page at 'https://hypothesis.instructure.com/...' was loaded over HTTPS,
+    but requested an insecure form action 'http://localhost:8001/...'. This request has been
+    blocked; the content must be served over HTTPS.
+
+Fortunately you can easily bypass this mixed content blocking by your browser.
+You should also see an "Insecure content blocked" icon in the top right of the location bar:
+
+!["Insecure content blocked" dialog](docs/images/insecure-content-blocked.png "'Insecure content blocked' dialog")
+
+Click on the <samp>Load unsafe scripts</samp> link and the app should load successfully.
+
+## Overview and code design
+
+There are three presentations for developers that describe what the Hypothesis LMS app is and how it works. The **speaker notes** in these presentations also contain additional notes and links:
+
+1. [LMS App Demo & Architecture](https://docs.google.com/presentation/d/1eRMjS5B8Yja6Aupp8oKi-UztIJ9_8KRViSc6OMDLfMY/)
+2. [LMS App Code Design Patterns](https://docs.google.com/presentation/d/1AWcDoHaV9aAvInefR54SJepZiNM08Zou9jxNssccw3c/)
+3. [Speed Grader Workshop](https://docs.google.com/presentation/d/1TJF9SXRMbtHCPnkD9sy-TXe_u55--zYt6veVW0M6leA/) (about the design of the first version of our Canvas Speed Grader support)

.cookiecutter/includes/conf/supervisord-dev.conf.json

@@ -0,0 +1,16 @@
+{
+  "programs": {
+    "web": {
+      "command": "gunicorn --bind :8001 --reload --timeout 0 --paste conf/development.ini"
+    },
+    "web-https": {
+      "command": "gunicorn --bind :48001 --reload --timeout 0 --paste conf/development.ini --certfile=.certificates/localhost/localhost.crt --keyfile=.certificates/localhost/localhost.key"
+    },
+    "worker": {
+      "command": "celery -A lms.tasks.celery:app worker --loglevel=INFO"
+    },
+    "assets": {
+      "command": "node_modules/.bin/gulp watch"
+    }
+  }
+}

.cookiecutter/includes/conf/supervisord.conf.json

@@ -0,0 +1,10 @@
+{
+  "programs": {
+    "web": {
+      "command": "newrelic-admin run-program gunicorn --paste conf/production.ini --bind 0.0.0.0:8001 --worker-tmp-dir /dev/shm"
+    },
+    "worker": {
+      "command": "newrelic-admin run-program celery -A lms.tasks.celery:app worker --loglevel INFO"
+    }
+  }
+}

.cookiecutter/includes/coverage/omit

@@ -0,0 +1,4 @@
+"lms/pshell.py",
+"lms/migrations/*",
+"lms/extensions/feature_flags/views/test.py",
+"lms/views/feature_flags_test.py",

.cookiecutter/includes/docker-compose/postgres.yml

@@ -0,0 +1,2 @@
+networks:
+  - dbs

.cookiecutter/includes/docker-compose/services.yml

@@ -0,0 +1,5 @@
+rabbit:
+ image: rabbitmq:3.6-management-alpine
+ ports:
+   - '127.0.0.1:5674:5672'
+   - '127.0.0.1:15674:15672'

.cookiecutter/includes/docker-compose/tail.yml

@@ -0,0 +1,6 @@
+networks:
+  # This external network allows FDW connections between H, LMS and report DBs.
+  # To avoid having unnecessary dependencies between the projects
+  # the network is created with `docker network crate dbs` in each project's Makefile (make services)
+  dbs:
+    external: true

.cookiecutter/includes/gitignore

@@ -0,0 +1,2 @@
+.certificates
+tests/bdd/steps/_compiled_feature_steps.py

.cookiecutter/includes/hacking/prerequisites.md

@@ -0,0 +1,7 @@
+* The LMS app integrates h, the Hypothesis client and Via, so you will need to
+  set up development environments for each of those before you can develop the
+  LMS app:
+
+  * https://h.readthedocs.io/en/latest/developing/install/
+  * https://h.readthedocs.io/projects/client/en/latest/developers/developing/
+  * https://github.com/hypothesis/via

.cookiecutter/includes/make_clean

@@ -0,0 +1 @@
+	@rm -f tests/bdd/steps/_compiled_feature_steps.py

.cookiecutter/includes/requirements/lint.in

@@ -0,0 +1 @@
+-r bddtests.txt

.cookiecutter/includes/requirements/prod.in

@@ -0,0 +1,28 @@
+aiohttp
+alembic
+celery
+data-tasks
+h-api
+h-assets
+h-pyramid-sentry
+h-vialib
+importlib_resources
+mailchimp-transactional
+marshmallow
+oauthlib
+pycryptodomex
+PyJWT[crypto]
+python-jose[crypto]
+pyramid-exclog
+pyramid-googleauth
+pyramid-jinja2
+pyramid-retry
+pyramid-services
+pyramid-tm
+requests
+requests-oauthlib
+sqlparse
+tabulate
+webargs
+xmltodict
+zope.sqlalchemy

.cookiecutter/includes/requirements/tests.in

@@ -0,0 +1 @@
+aioresponses

.cookiecutter/includes/tests/pylint/ignore-paths

@@ -0,0 +1 @@
+"tests/bdd/steps/_compiled_feature_steps.py"

.cookiecutter/includes/tox/allowlist_externals

@@ -0,0 +1 @@
+bddtests: sh

.cookiecutter/includes/tox/commands

@@ -0,0 +1,2 @@
+bddtests: sh bin/create-db lms_bddtests
+bddtests: behave {posargs:tests/bdd/}

.cookiecutter/includes/tox/passenv

@@ -0,0 +1,19 @@
+dev: FEATURE_FLAG_*
+dev: GOOGLE_CLIENT_ID
+dev: GOOGLE_DEVELOPER_KEY
+dev: ONEDRIVE_CLIENT_ID
+dev: ADMIN_AUTH_GOOGLE_CLIENT_ID
+dev: ADMIN_AUTH_GOOGLE_CLIENT_SECRET
+dev: H_CLIENT_ID
+dev: H_CLIENT_SECRET
+dev: H_JWT_CLIENT_ID
+dev: H_JWT_CLIENT_SECRET
+dev: MAILCHIMP_API_KEY
+dev: LMS_SECRET
+dev: VITALSOURCE_API_KEY
+dev: BLACKBOARD_API_CLIENT_ID
+dev: BLACKBOARD_API_CLIENT_SECRET
+dev: JSTOR_API_URL
+dev: JSTOR_API_SECRET
+dev: DISABLE_KEY_ROTATION
+dev: WEB_APP_URL

.cookiecutter/includes/tox/setenv

@@ -1 +1,19 @@
-SQLALCHEMY_SILENCE_UBER_WARNING=1
+bddtests: TEST_DATABASE_URL = {env:TEST_DATABASE_URL:postgresql://postgres@localhost:5433/lms_bddtests}
+dev,functests: H_FDW_DATABASE_URL = {env:H_FDW_DATABASE_URL:postgresql://lms-fdw:password@h_postgres_1:5432/postgres}
+dev: BROKER_URL = {env:BROKER_URL:amqp://guest:guest@localhost:5674//}
+dev: FEATURE_FLAGS_COOKIE_SECRET = {env:FEATURE_FLAGS_COOKIE_SECRET:notasecret}
+dev: FEATURE_FLAGS_ALLOWED_IN_COOKIE = {env:FEATURE_FLAGS_ALLOWED_IN_COOKIE:vitalsource}
+dev: H_AUTHORITY = {env:H_AUTHORITY:lms.hypothes.is}
+dev: H_API_URL_PUBLIC = {env:H_API_URL_PUBLIC:http://localhost:5000/api/}
+dev: H_API_URL_PRIVATE = {env:H_API_URL_PRIVATE:http://localhost:5000/api/}
+dev: MAILCHIMP_DIGESTS_SUBACCOUNT = {env:MAILCHIMP_DIGESTS_SUBACCOUNT:devdata}
+dev: MAILCHIMP_DIGESTS_EMAIL = {env:MAILCHIMP_DIGESTS_EMAIL:[email protected]}
+dev: MAILCHIMP_DIGESTS_NAME = {env:MAILCHIMP_DIGESTS_NAME:Hypothesis (Dev)}
+dev: OAUTH2_STATE_SECRET = {env:OAUTH2_STATE_SECRET:notasecret}
+dev: RPC_ALLOWED_ORIGINS = {env:RPC_ALLOWED_ORIGINS:http://localhost:5000}
+dev: VIA_URL = {env:VIA_URL:http://localhost:9083}
+dev: SESSION_COOKIE_SECRET = {env:SESSION_COOKIE_SECRET:notasecret}
+# Number of gunicorn workers: https://docs.gunicorn.org/en/stable/settings.html#worker-processes
+VIA_SECRET = not_a_secret
+FDW_USERS = {env:FDW_USERS:report-fdw}
+WEB_APP_URL=http://localhost:8001

.docker.env

@@ -0,0 +1,11 @@
+DATABASE_URL=postgresql://postgres@postgres/postgres \
+BROKER_URL=amqp://guest:guest@localhost:5674// \
+FEATURE_FLAGS_COOKIE_SECRET=notasecret \
+H_API_URL_PRIVATE=http://host.docker.internal:5000/api/ \
+H_API_URL_PUBLIC=http://localhost:5000/api/ \
+H_AUTHORITY=lms.hypothes.is \
+RPC_ALLOWED_ORIGINS=http://localhost:5000 \
+VIA_URL=http://localhost:9083 \
+VIA_SECRET=not_a_secret \
+SESSION_COOKIE_SECRET=notasecret \
+OAUTH2_STATE_SECRET=notasecret \

.github/dependabot.yml

@@ -1,26 +1,27 @@
 version: 2
 updates:
-
-- package-ecosystem: pip
+- package-ecosystem: "pip"
   directory: "/"
   schedule:
-    interval: daily
-    time: "10:00"
-  open-pull-requests-limit: 10
-
-- package-ecosystem: npm
+    interval: "monthly"
+    day: "sunday"
+    time: "00:00"
+    timezone: "Europe/London"
+- package-ecosystem: "npm"
   directory: "/"
   schedule:
-    interval: weekly
-    time: "10:00"
-  open-pull-requests-limit: 10
-
-- package-ecosystem: docker
+    interval: "monthly"
+    day: "sunday"
+    time: "00:00"
+    timezone: "Europe/London"
+- package-ecosystem: "docker"
   directory: "/"
   schedule:
-    interval: daily
-  open-pull-requests-limit: 10
+    interval: "monthly"
+    day: "sunday"
+    time: "00:00"
+    timezone: "Europe/London"
   ignore:
     # Only send PRs for patch versions of Python.
     - dependency-name: "python"
-      update-types: [ "version-update:semver-major", "version-update:semver-minor" ]
+      update-types: [ "version-update:semver-major", "version-update:semver-minor" ]