diff --git a/docs/faq.rst b/docs/faq.rst
index 52a99467c..9f0b52a7d 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -22,6 +22,6 @@ TODO
Why doesn't this follow the layout from Two Scoops of Django?
-------------------------------------------------------------
-You may notice that some elements of this project do not exactly match what we describe in chapter 3 of `Two Scoops of Django 1.11`_. The reason for that is this project, amongst other things, serves as a test bed for trying out new ideas and concepts. Sometimes they work, sometimes they don't, but the end result is that it won't necessarily match precisely what is described in the book I co-authored.
+You may notice that some elements of this project do not exactly match what we describe in chapter 3 of `Two Scoops of Django 3.x`_. The reason for that is this project, amongst other things, serves as a test bed for trying out new ideas and concepts. Sometimes they work, sometimes they don't, but the end result is that it won't necessarily match precisely what is described in the book I co-authored.
-.. _Two Scoops of Django 1.11: https://www.feldroy.com/collections/django/products/two-scoops-of-django-1-11
+.. _Two Scoops of Django 3.x: https://www.feldroy.com/books/two-scoops-of-django-3-x
diff --git a/docs/index.rst b/docs/index.rst
index da5186487..70daa1852 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -28,6 +28,7 @@ Contents
faq
troubleshooting
contributing
+ maintainer-guide
Indices and tables
------------------
diff --git a/docs/maintainer-guide.md b/docs/maintainer-guide.md
new file mode 100644
index 000000000..9baac688a
--- /dev/null
+++ b/docs/maintainer-guide.md
@@ -0,0 +1,104 @@
+# Maintainer guide
+
+This document is intended for maintainers of the template.
+
+## Automated updates
+
+We use 2 separate services to keep our dependencies up-to-date:
+
+- Dependabot, which manages updates of Python deps of the template, GitHub actions, npm packages and Docker images.
+- PyUp, which manages the Python deps for the generated project.
+
+We don't use Dependabot for the generated project deps because our requirements files are templated, and Dependabot fails to parse them. PyUp is -AFAIK- the only service out there that supports having Jinja tags in the requirements file.
+
+Updates for the template should be labelled as `project infrastructure` while the ones about the generated project should be labelled as `update`. This is use to work in conjunction with our changelog script (see later).
+
+## Automation scripts
+
+We have a few workflows which have been automated over time. They usually run using GitHub actions and might need a few small manual actions to work nicely. Some have a few limitations which we should document here.
+
+### CI
+
+`ci.yml`
+
+The CI workflow tries to cover 2 main aspects of the template:
+
+- Check all combinations to make sure that valid files are generated with no major linting issues. Issues which are fixed by an auto-formatter after generation aren't considered major, and only aim for best effort. This is under the `test` job.
+- Run more in-depth tests on a few combinations, by installing dependencies, running type checker and the test suite of the generated project. We try to cover docker (`docker` job) and non-docker (`bare` job) setups.
+
+We also run the deployment checks, but we don't do much more beyond that for testing the production setup.
+
+### Django issue checker
+
+`django-issue-checker.yml`
+
+This workflow runs daily, on schedule, and checks if there is a new major version of Django (not in the pure SemVer sense) released that we are not running, and list our dependencies compatibility.
+
+For example, at time of writing, we use Django 4.2, but the latest version of Django is 5.0, so the workflow created a ["Django 5.0" issue](https://github.com/cookiecutter/cookiecutter-django/issues/4724) in GitHub, with a compatibility table and keeps it up to date every day.
+
+#### Limitations
+
+Here are a few current and past limitations of the script
+
+- When a new dependency is added to the template, the script fails to update an existing issue
+- Not sure what happens when a deps is removed
+- ~~Unable to parse classifiers without minor version~~
+- ~~Creates an issue even if we are on the latest version~~
+
+### Issue manager
+
+`issue-manager.yml`
+
+A workflow that uses [Sebastian Ramirez' issue-manager](https://github.com/tiangolo/issue-manager) to help us automate issue management. The tag line from the repo explains it well:
+
+> Automatically close issues or Pull Requests that have a label, after a custom delay, if no one replies back.
+
+It runs on a schedule as well as when some actions are taken on issues and pull requests.
+
+We wait 10 days before closing issues, and we have a few customised reasons, which are configured in the workflow itself. The config should be fairly self-explanatory.
+
+### Pre-commit auto-update
+
+`pre-commit-autoupdate.yml`
+
+Run daily, to do `pre-commit autoupdate` on the template as well as the generated project, and opens a pull request with the changes.
+
+#### Limitations
+
+- The PR is open as GitHub action which means that CI does NOT run. The documentation for create-pull-request action [explains why](https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs).
+- Some hooks are also installed as local dependencies (via `requirements/local.txt`), but these are updated separately via PyUP.
+
+### Update changelog
+
+`update-changelog.yml`
+
+Run daily at 2AM to update our changelog and create a GitHub release. This runs a custom script which:
+
+- List all pull requests merged the day before
+- The release name is calendar based, so `YYYY.MM.DD`
+- For each PR:
+ - Get the PR title to summarize the change
+ - Look at the PR labels to classify it in a section of the release notes:
+ - anything labelled `project infrastructure` is excluded
+ - label `update` goes in section "Updated"
+ - label `bug` goes in section "Fixed"
+ - label `docs` goes in section "Documentation"
+ - Default to section "Changed"
+
+With that in mind, when merging changes, it's a good idea to set the labels and rename the PR title to give a good summary of the change, in the context of the changelog.
+
+#### Limitations
+
+- Dependabot updates for npm & Docker have a verbose title, try to rename them to be more readable: `Bump webpack-dev-server from 4.15.1 to 5.0.2 in /{{cookiecutter.project_slug}}` -> `Bump webpack-dev-server to 5.0.2`
+- ~~Dependencies updates for the template repo (tox, cookiecutter, etc...) don't need to appear in changelog, and need to be labelled as `project infrastructure` manually. By default, they come from PyUp labelled as `update`.~~
+
+### Update contributors
+
+`update-contributors.yml`
+
+Runs on each push to master branch. List the 5 most recently merged pull requests and extract their author. If any of the authors is a new one, updates the `.github/contributors.json`, regenerate the `CONTRIBUTORS.md` from it, and push back the changes to master.
+
+#### Limitations
+
+- If you merge a pull request from a new contributor, and merge another one right after, the push to master will fail as the remote will be out of date.
+- If you merge more than 5 pull requests in a row like this, the new contributor might fail to be added.
diff --git a/requirements.txt b/requirements.txt
index 138744a26..4fcc7bb8c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@ binaryornot==0.4.4
# Code quality
# ------------------------------------------------------------------------------
-ruff==0.2.2
+ruff==0.3.0
django-upgrade==1.16.0
djlint==1.34.1
pre-commit==3.6.2
@@ -12,7 +12,7 @@ pre-commit==3.6.2
# Testing
# ------------------------------------------------------------------------------
tox==4.13.0
-pytest==8.0.1
+pytest==8.1.0
pytest-xdist==3.5.0
pytest-cookies==0.7.0
pytest-instafail==0.5.0
diff --git a/scripts/update_contributors.py b/scripts/update_contributors.py
index 09a7082c0..7f7b48d76 100644
--- a/scripts/update_contributors.py
+++ b/scripts/update_contributors.py
@@ -40,8 +40,8 @@ def iter_recent_authors():
"""
Fetch users who opened recently merged pull requests.
- Use Github API to fetch recent authors rather than
- git CLI to work with Github usernames.
+ Use GitHub API to fetch recent authors rather than
+ git CLI to work with GitHub usernames.
"""
repo = Github(login_or_token=GITHUB_TOKEN, per_page=5).get_repo(GITHUB_REPO)
recent_pulls = repo.get_pulls(state="closed", sort="updated", direction="desc").get_page(0)
diff --git a/setup.py b/setup.py
index 62b38573d..6e1ea0727 100644
--- a/setup.py
+++ b/setup.py
@@ -5,7 +5,7 @@ except ImportError:
from distutils.core import setup
# We use calendar versioning
-version = "2024.02.21"
+version = "2024.03.03"
with open("README.md") as readme_file:
long_description = readme_file.read()
diff --git a/{{cookiecutter.project_slug}}/.devcontainer/devcontainer.json b/{{cookiecutter.project_slug}}/.devcontainer/devcontainer.json
index 7fcd62872..e16d06a20 100644
--- a/{{cookiecutter.project_slug}}/.devcontainer/devcontainer.json
+++ b/{{cookiecutter.project_slug}}/.devcontainer/devcontainer.json
@@ -35,7 +35,7 @@
"analysis.typeCheckingMode": "basic",
"defaultInterpreterPath": "/usr/local/bin/python",
"editor.codeActionsOnSave": {
- "source.organizeImports": true
+ "source.organizeImports": "always"
},
"editor.defaultFormatter": "charliermarsh.ruff",
"languageServer": "Pylance",
@@ -54,8 +54,7 @@
// python
"ms-python.python",
"ms-python.vscode-pylance",
- "ms-python.isort",
- "ms-python.black-formatter",
+ "charliermarsh.ruff",
// django
"batisteo.vscode-django"
]
diff --git a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
index 1d06c042f..d95f5390d 100644
--- a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
+++ b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
@@ -35,7 +35,7 @@ repos:
# Run the Ruff linter.
- repo: https://github.com/astral-sh/ruff-pre-commit
- rev: v0.2.2
+ rev: v0.3.0
hooks:
# Linter
- id: ruff
diff --git a/{{cookiecutter.project_slug}}/compose/production/django/Dockerfile b/{{cookiecutter.project_slug}}/compose/production/django/Dockerfile
index fb7fec50f..8c000016a 100644
--- a/{{cookiecutter.project_slug}}/compose/production/django/Dockerfile
+++ b/{{cookiecutter.project_slug}}/compose/production/django/Dockerfile
@@ -117,7 +117,7 @@ COPY --chown=django:django . ${APP_HOME}
{%- endif %}
# make django owner of the WORKDIR directory as well.
-RUN chown django:django ${APP_HOME}
+RUN chown -R django:django ${APP_HOME}
USER django
diff --git a/{{cookiecutter.project_slug}}/config/settings/base.py b/{{cookiecutter.project_slug}}/config/settings/base.py
index 55a064e74..b7eb7e80f 100644
--- a/{{cookiecutter.project_slug}}/config/settings/base.py
+++ b/{{cookiecutter.project_slug}}/config/settings/base.py
@@ -84,6 +84,7 @@ THIRD_PARTY_APPS = [
"crispy_bootstrap5",
"allauth",
"allauth.account",
+ "allauth.mfa",
"allauth.socialaccount",
{%- if cookiecutter.use_celery == 'y' %}
"django_celery_beat",
diff --git a/{{cookiecutter.project_slug}}/package.json b/{{cookiecutter.project_slug}}/package.json
index efa2136e5..9ca728208 100644
--- a/{{cookiecutter.project_slug}}/package.json
+++ b/{{cookiecutter.project_slug}}/package.json
@@ -31,7 +31,7 @@
"webpack": "^5.65.0",
"webpack-bundle-tracker": "^3.0.1",
"webpack-cli": "^5.0.1",
- "webpack-dev-server": "^4.6.0",
+ "webpack-dev-server": "^5.0.2",
"webpack-merge": "^5.8.0"
},
"engines": {
diff --git a/{{cookiecutter.project_slug}}/requirements/base.txt b/{{cookiecutter.project_slug}}/requirements/base.txt
index f090018ef..3aad4c947 100644
--- a/{{cookiecutter.project_slug}}/requirements/base.txt
+++ b/{{cookiecutter.project_slug}}/requirements/base.txt
@@ -11,13 +11,13 @@ argon2-cffi==23.1.0 # https://github.com/hynek/argon2_cffi
{%- if cookiecutter.use_whitenoise == 'y' %}
whitenoise==6.6.0 # https://github.com/evansd/whitenoise
{%- endif %}
-redis==5.0.1 # https://github.com/redis/redis-py
+redis==5.0.2 # https://github.com/redis/redis-py
{%- if cookiecutter.use_docker == "y" or cookiecutter.windows == "n" %}
hiredis==2.3.2 # https://github.com/redis/hiredis-py
{%- endif %}
{%- if cookiecutter.use_celery == "y" %}
celery==5.3.6 # pyup: < 6.0 # https://github.com/celery/celery
-django-celery-beat==2.5.0 # https://github.com/celery/django-celery-beat
+django-celery-beat==2.6.0 # https://github.com/celery/django-celery-beat
{%- if cookiecutter.use_docker == 'y' %}
flower==2.0.1 # https://github.com/mher/flower
{%- endif %}
@@ -28,12 +28,12 @@ uvicorn[standard]==0.27.1 # https://github.com/encode/uvicorn
# Django
# ------------------------------------------------------------------------------
-django==4.2.10 # pyup: < 5.0 # https://www.djangoproject.com/
+django==4.2.11 # pyup: < 5.0 # https://www.djangoproject.com/
django-environ==0.11.2 # https://github.com/joke2k/django-environ
django-model-utils==4.4.0 # https://github.com/jazzband/django-model-utils
-django-allauth==0.61.1 # https://github.com/pennersr/django-allauth
+django-allauth[mfa]==0.61.1 # https://github.com/pennersr/django-allauth
django-crispy-forms==2.1 # https://github.com/django-crispy-forms/django-crispy-forms
-crispy-bootstrap5==2023.10 # https://github.com/django-crispy-forms/crispy-bootstrap5
+crispy-bootstrap5==2024.2 # https://github.com/django-crispy-forms/crispy-bootstrap5
{%- if cookiecutter.frontend_pipeline == 'Django Compressor' %}
django-compressor==4.4 # https://github.com/django-compressor/django-compressor
{%- endif %}
diff --git a/{{cookiecutter.project_slug}}/requirements/local.txt b/{{cookiecutter.project_slug}}/requirements/local.txt
index 8225dab0f..4acd2c4dd 100644
--- a/{{cookiecutter.project_slug}}/requirements/local.txt
+++ b/{{cookiecutter.project_slug}}/requirements/local.txt
@@ -15,7 +15,7 @@ watchfiles==0.21.0 # https://github.com/samuelcolvin/watchfiles
# ------------------------------------------------------------------------------
mypy==1.7.1 # https://github.com/python/mypy
django-stubs[compatible-mypy]==4.2.7 # https://github.com/typeddjango/django-stubs
-pytest==8.0.1 # https://github.com/pytest-dev/pytest
+pytest==8.1.0 # https://github.com/pytest-dev/pytest
pytest-sugar==1.0.0 # https://github.com/Frozenball/pytest-sugar
{%- if cookiecutter.use_drf == "y" %}
djangorestframework-stubs[compatible-mypy]==3.14.5 # https://github.com/typeddjango/djangorestframework-stubs
@@ -28,8 +28,8 @@ sphinx-autobuild==2024.2.4 # https://github.com/GaretJax/sphinx-autobuild
# Code quality
# ------------------------------------------------------------------------------
-ruff==0.2.2 # https://github.com/astral-sh/ruff
-coverage==7.4.1 # https://github.com/nedbat/coveragepy
+ruff==0.3.0 # https://github.com/astral-sh/ruff
+coverage==7.4.3 # https://github.com/nedbat/coveragepy
djlint==1.34.1 # https://github.com/Riverside-Healthcare/djLint
pre-commit==3.6.2 # https://github.com/pre-commit/pre-commit
diff --git a/{{cookiecutter.project_slug}}/requirements/production.txt b/{{cookiecutter.project_slug}}/requirements/production.txt
index 4d96e86e1..d813a8fc4 100644
--- a/{{cookiecutter.project_slug}}/requirements/production.txt
+++ b/{{cookiecutter.project_slug}}/requirements/production.txt
@@ -8,7 +8,7 @@ psycopg[c]==3.1.18 # https://github.com/psycopg/psycopg
Collectfast==2.2.0 # https://github.com/antonagestam/collectfast
{%- endif %}
{%- if cookiecutter.use_sentry == "y" %}
-sentry-sdk==1.40.5 # https://github.com/getsentry/sentry-python
+sentry-sdk==1.40.6 # https://github.com/getsentry/sentry-python
{%- endif %}
{%- if cookiecutter.use_docker == "n" and cookiecutter.windows == "y" %}
hiredis==2.3.2 # https://github.com/redis/hiredis-py
diff --git a/{{cookiecutter.project_slug}}/runtime.txt b/{{cookiecutter.project_slug}}/runtime.txt
index 1f79d441f..cf3b80423 100644
--- a/{{cookiecutter.project_slug}}/runtime.txt
+++ b/{{cookiecutter.project_slug}}/runtime.txt
@@ -1 +1 @@
-python-3.11.7
+python-3.11.8
diff --git a/{{cookiecutter.project_slug}}/webpack/dev.config.js b/{{cookiecutter.project_slug}}/webpack/dev.config.js
index 8276c3489..7c774185e 100644
--- a/{{cookiecutter.project_slug}}/webpack/dev.config.js
+++ b/{{cookiecutter.project_slug}}/webpack/dev.config.js
@@ -6,13 +6,16 @@ module.exports = merge(commonConfig, {
devtool: 'inline-source-map',
devServer: {
port: 3000,
- proxy: {
- {%- if cookiecutter.use_docker == 'n' %}
- '/': 'http://0.0.0.0:8000',
- {%- else %}
- '/': 'http://django:8000',
- {%- endif %}
- },
+ proxy: [
+ {
+ context: ['/'],
+ {%- if cookiecutter.use_docker == 'n' %}
+ target: 'http://0.0.0.0:8000',
+ {%- else %}
+ target: 'http://django:8000',
+ {%- endif %}
+ },
+ ],
client: {
overlay: {
errors: true,
diff --git a/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/templates/account/account_inactive.html b/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/templates/account/account_inactive.html
deleted file mode 100644
index a9112cf09..000000000
--- a/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/templates/account/account_inactive.html
+++ /dev/null
@@ -1,12 +0,0 @@
-{% raw %}{% extends "account/base.html" %}
-
-{% load i18n %}
-
-{% block head_title %}
- {% translate "Account Inactive" %}
-{% endblock head_title %}
-{% block inner %}
-
{% translate "The following e-mail addresses are associated with your account:" %}
-
- {% else %}
-
- {% translate "Warning:" %} {% translate "You currently do not have any e-mail address set up. You should really add an e-mail address so you can receive notifications, reset your password, etc." %}
-
- {% if confirmation %}
- {% user_display confirmation.email_address.user as user_display %}
-
- {% blocktranslate with confirmation.email_address.email as email %}Please confirm that {{ email }} is an e-mail address for user {{ user_display }}.{% endblocktranslate %}
-
- {% get_providers as socialaccount_providers %}
- {% if socialaccount_providers %}
-
- {% translate "Please sign in with one of your existing third party accounts:" %}
- {% if ACCOUNT_ALLOW_REGISTRATION %}
- {% blocktranslate trimmed %}
- Or, sign up
- for a {{ site_name }} account and sign in below:
- {% endblocktranslate %}
- {% endif %}
-
-
-
- {% include "socialaccount/snippets/provider_list.html" with process="login" %}
-
-
{% translate "or" %}
-
- {% include "socialaccount/snippets/login_extra.html" %}
- {% else %}
- {% if ACCOUNT_ALLOW_REGISTRATION %}
-
- {% blocktranslate trimmed %}
- If you have not created an account yet, then please
- sign up first.
- {% endblocktranslate %}
-
- {% if token_fail %}
- {% url 'account_reset_password' as passwd_reset_url %}
-
- {% blocktranslate %}The password reset link was invalid, possibly because it has already been used. Please request a new password reset.{% endblocktranslate %}
-
- {% blocktranslate %}We have sent an e-mail to you for verification. Follow the link provided to finalize the signup process. Please contact us if you do not receive it within a few minutes.{% endblocktranslate %}
-
- {% blocktranslate %}This part of the site requires us to verify that
-you are who you claim to be. For this purpose, we require that you
-verify ownership of your e-mail address. {% endblocktranslate %}
-
-
- {% blocktranslate %}We have sent an e-mail to you for
-verification. Please click on the link inside this e-mail. Please
-contact us if you do not receive it within a few minutes.{% endblocktranslate %}
-