#dev-contrib

Doesn't look cramped on mobile either

(I now fixed the typos I made there...)

Hello!

Recently joined to this server and started to read all necessary introduction stuffs and guides. While I was reading a "Help Channels" guide, I noticed typo: instead of "quality", there is "quailty".

When I had finished to read this guide, I went to read a "Contributing" guide and all related pages:

1. Contributing Guidelines
2. Style Guide
3. Issues
4. Pull Requests
5. Contributing to Site

Then I checked similar issues and PRs and found closed one: PR 1483. I noticed that there's no refer to an issue, but in the "Contributing" guide is telling:

The first step to any new contribution is an issue describing a problem with the current codebase or proposing a new feature. All the open issues are viewable on the GitHub repositories, for instance here is the issues page for Sir Lancebot. If you have something that you want to implement open a new issue to present your idea. Otherwise, you can browse the unassigned issues and ask to be assigned to one that you're interested in, either in the comments on the issue or in the #dev-contrib channel on Discord.

A question here is how to do correctly? Make an issue and then a PR that closing this issue or without the issue? Thanks in advance!

UPD: fixed a grammar error

Hey! For a simple change like fixing a typo you can make a PR directly. You can also create an issue if you want, it doesn't matter.

For more complex changes it's always good to open an issue first, so we can confirm it's a change we want and discuss it before you spend time implementing it.

Would embed with title: "Go-to resources for beginners" read any better?

well, Go-to beginners resources sounds wrong, I think that's supposed to be Go-to beginner resources like fix error suggested. Your suggestion is also nice though

Another typo there... Yes it was supposed to be Go-to beginner resources

@cursive relic left you a comment on the draft PR~

Thx for the update, it is looking really nice! Here's the older vs the one you posted on the github side-by-side

I'm wondering about the title, There's the one that fix error suggested: "Go-to beginner resources", then the "Resources to Learn Python" and I had thought for "Go-to resources for beginners". What would be the most appropriate for the embed to describe it's purpose/(content)? (or any other that's not there yet)

I like the new format there

Other than the title (not sure what to pick there), IMO it is starting to look good

Go with fix's suggestion, it's clear and straight to the point

sounds good! I'll fix my repo and try to work this to open PR tomorrow 😄

bot#3479 opened!

yippee

Out of interest: What's slorb?

(Oh, that's from kat? I don't get the joke)

I'm curious about that as well, but forgot to ask about it, idk

succint list of resources for beginners

whenever a core dev merges in the new tag, I can write up and post a changelog for it

morged

!slorb

Thank you again for getting this PR done! pygen appreciates it

has been changelogged

@celest charm would you be opposed if I turned your one pinned message into a proper page on the pydis website? I really like how you break it up of "new to programming" vs "new to python" and I think it would be a nice place to be able to link out to in general

Glad to be of help 😄 , and thanks to all for feedback along the way!

is anybody here familiar with how to set up an lsp/linting to work with the CPython source code (I'm using clangd)?

is it possible to generate a compile_commands.json with the project?

I'm not opposed to it

This channel is for discussing projects specific to this server, like @stable mountain. You should ask in #internals-and-peps

sorry, thanks

btw this is still in the wrong channel, but if anybody was interested, bear works great

how to save this message

!help bookmark

.help bookmark

It's the 'bookmark' command that should let you do that

you can reply to that message and run it

or use the app commands available when you long press that msg

or you can copy the text and save it to a text file

.bm

Hi I have a PR https://github.com/python/cpython/pull/133276/
How can I get a reviewer (it's in the http module)?

This is the wrong channel. This channel is for projects specific to Python Discord. You can ask in #internals-and-peps

@patent pivot let me know whenever you get the chance to take a look at my PR again. No rush, but ping me when you do as I dont want to miss it.

Mine too 🙂

I will try get to them when I can -- there are other core devs as well, I'm in an incredibly busy period with work unfortunately

It's okay, I understand and appreciate it. It's just I wanted to let know that PR is ready for review. You can review in your convenience 😇

clicked wrong channel

hi, could i be assigned to sir-lancebot#1491 ? there has been no PR of the issue and its been essentially dormant for the past year

Hey, I’m planning to work on this — anyone want to team up? - https://github.com/python-discord/bot/issues/3458

We should actually close that ticket, it's been decided that we want to bring cban back.

oh ok

why isn't the leveling code in the source ?

don't see any leveling commits on April 1 st

looks like it's in sir robin?

yeah, most events go in sir-robin, as that's the events bot

april foolks

Why not use the open trivia db?

what's your github username?

feel free to suggest this in an issue on the sir-lancebot repo

😭 lmao saw the announcement 3 days later. Still though, some people have the role, what's that about?

sorry for taking a while to respond, my github username is asterized

you need to post a comment on the issue, otherwise i cant assign you i think

I noticed that on the paste service, shift+tab does not work, and just does the tab action of indenting instead.

done!

assigned

Hi! We use pinnwand for our paste service if you wanted to raise an issue/pull request!

Hey everyone! 👋 I'm planning to contribute a 2048 game cog to Sir Lancebot and wanted to give a heads up before I open an issue. If anyone would like to review it or help me out with it let me know and we can work on it together!

Hi all! I’m looking to contribute to an open-source or team project to further develop my expertise. I’m eager to learn new workflows and help solve interesting challenges.

What would you like to work on?

@terse prairie Hey Chris

Anything, that enhance my skill, which will come in handy in my future.

hey hello hi im 14 and im good with python

Uh someone just dm me the python app and can teach me

Please read the channel description. This is for Python Discord internal project discussions.

your own AI or using an API key?

Same goes for you, this is not the channel for that.

Hey, I don't quite understand could you explain? I was asking them a question about the project 🙂

Yes, don't. That project was off-topic for this channel, see the message below it.

The reply under it was someone looking to help?

I don't understand what your intending

Oh, I mean the one by @last patio. My intention is for you (and everyone else) to read the channel description and only write things here that related to contributing to the open source projects of this Discord server.

Oh sorry for my misunderstanding 🙂 for any further details about this please DM them to me to keep this clean and more professional

Hey ,
Just made a PR with a Bug Fix, when you get time would you be able to check it out for me? Thanks

https://github.com/python-discord/bot/pull/3496

or @oblique cairn

Please don't randomly tag people like that. Your message will be seen in due time regardless.

Oh ok sorry

@ocean sable after speaking with some core devs, I've put a temporary block on your GitHub account against our GitHub organisation, you've created 6 open PRs without addressing comments on previous ones for bugs that I don't know if we've ever experienced in production. This should've been raised as one issue with the reminder command that we could talk through and most likely group into one refactoring PR.

Unfortunately the way you've gone about things comes off at best spammy and at worst AI generated chaos. Please take some time to cool down, it's a temporary block. We haven't decided what to do with the 6 PRs now but we may ask you to condense all your reminder related issues into one PR.

Hey @patent pivot, would you be able to let me know how I could improve in future and not spam this time 🙂 Thanks

Hey everyone, Im going to be working on Issues and PR's for the main bot over the next few days, DM me if you would like to help me 🙂

please comment on the issues asking to claim them

don't just open PRs please

it's in that message, if you could check with us beforehand, all your PRs for the reminder command should be in one PR

hi, could someone review my PR at sir-lancebot#1743?

why am i not surprised that astral got bought by openAI :/
(posting here because virtually every* pydis project now uses uv/ruff/something from astral)

yeah, I'm not happy about that either. I feel like with the big AI companies trying hard to make a profit right now, astral's projects might soon go to shit

to be fair, anthropic bought npm competitor bun back around december, and i'm not sure it's fared worse for it

when are we doing the hatch migration gng

guix migration

👎

pip-compile migration

back to basics

apt install python-discord-py

I think it's pretty shameful that we tell people we write our own bots from scratch, but then use a third-party dependency manager

please hide this message from volcyy before he opens a 130k line PR that implements everything from stdlib

@toxic wren any core dev can assign issues, not just me as an fyi

@ocean sable we said we'd figure what to do with the open PRs before proceeding and that includes claiming new issues. I think we've settled on a solution: please can you take all the changes you've made to reminders from the 4 PRs and combine into 1 PR so that it can be reviewed, tested and merged as one unit of work. I'll close the 4 PRs now that we want turning into 1 PR.

also as mentioned there are some issues with the existing PRs incorporating other unrelated changes which need resolving

there are also outstanding review comments on the reminder PRs from myself (on #3500)

you were the only core dev in the thread and i didnt want to sub another one into the thread

the point is that you don't have to single out a specific core dev to ask those things to — dropping a message here is the preferred way of doing things (same reason we ask people to DM modmail instead of individual moderators)

it's no problem — just making sure it's known

So you would like me to create the one complete PR now?

Yes -- we'd like to see these PRs have their feedback addressed and be merged before assigning you new work

As mentioned you have had some feedback given on all your PRs now that you need to implement and push to them

Would appreciate a re-review on sir-lancebot#1690 and sir-lancebot#1694 whenever someone has the chance, thanks!

(What happened to Lance sending links to GitHub pages?)

sir-lancebot#1690

that seems odd

bot#123

python-discord/bot#123

huh

OH

lol

sir-lancebot#1690 sir-lancebot#1694

bot didn't have perms since we introduced aspiring contributor

Hey, I'm looking to add my wordle to the Sir-LanceBot what would be the best approach to doing this?

Should I make an issue, PR on the Github or talk about it in here first? Just trying to make sure I do it right this time 😛 Hope someone can help me out!

We just rejected a PR on sir-lancebot for a Wordle feature, there is an existing issue but it is not yet approved/discussed.

Again, I think we need to see through your reminder changes before it's reasonable to put even more PRs into the pipeline

i have created an issue with the reminder issues

yes, and it has been approved (with notes)

What are my next steps now? Would you like me to create a **PR **with the fixes?

if you think you have all the necessary information to then yes, the issue is approved & you have been assigned so you are free to open a PR

ooops did not realise components ping lol

sorry to everyone in #dev-info who got a mention

Its fine

comp v2 does as its a replacement for embeds, they're effectively legacy at this point (but won't ever be removed if we're honest)

tldr don't use embeds for new things if you can help it

damnit joe

That's about half as long as he's been alive!

what

I don't think that has any relation

mentioned in embeds don't ping users, mentions in components do

good morning team

are you ready to destroy all those who have wronged you in 2025 today

it was implemented in components v2 specifically as none of the comp v1 components support mentions

YES SIR!

please read this channel's description about allowed topics in this channel

@modirataurs

M-x send volcyy some chicken

no man I mean destroying all the bugs in our infrastructureo f course

Hi guys

Welcome to #dev-contrib
This channel is specifically meant to discuss contributing to our projects. If you're interested in that, please check out our projects on GitHub (https://github.com/python-discord/) and take note of the README and CONTRIBUTING documents in the root directory of most of our repositories. Our website also has a special section for contributing that contains guides that will help you set-up a development environment for some of our repositories. You can find it here: https://pythondiscord.com/pages/contributing/.

This looks great!

So is this kind of a replacement for dev conversations in #community-meta?

Oh hey, this is an open channel now

Interesting

that's right, @magic arch

we've had this channel for well over a year, actually, but it's been restricted to <@&295488872404484098>

so we've simply opened the channel up.

helps us be more transparant, and makes it easier to get into contributing to pydis.

Ah, makes sense

yay

I believe someone suggested it in #community-meta recently, and we discussed it in the staff meeting yesterday and decided it was a good idea

I forget whose suggestion it was, though

but whoever you are, thanks for that 👍

Wasn't me, but I think it's a good idea too :>

it was Numerlor

nice. thanks @brazen charm!

It'd be nice to have custom icons for superstarify modlogs

right now it just user the user update icon

There's currently not even a mod log for unsuperstarify

Was trying to think of an icon for that (and a colour, for that matter) and figured a custom icon would be good

Maybe they could both be gold, something like 🌟 or 🌠

or different colours to distinguish them, but which colours?

Turns out there are icons, just not being used and based on the old name

My lame 5 minute job

No more super secret channel then? 😄

@tawdry vapor I agree. I did make that hiphopified icon, I wasn't aware we weren't using it

but the idea of using a star might be more appropriate given its new name

I still have the psd somewhere that we used for the original icons, might be able to whip up a star icon very easily with the same dimensions and colors.

tbh we should have all those icons up on the branding repo

and the psd too

if you make a branding issue and assign it to me I can probably take care of that tonight or something

both the new icon and committing the old ones

Some of those icons used font-awesome icons, right?

all of them did

Can someone assign me on those issues please (they are linked): https://github.com/python-discord/bot/issues/364 and https://github.com/python-discord/site/issues/222 😄

okay, I'll assign it.

Thanks

BTW @crude gyro i got a bit confused in your issue https://github.com/python-discord/bot/issues/540 because you were talking about creating a STAFF_CHANNELS constant and using node anchors, this is what I did https://github.com/python-discord/bot/pull/547/, does it seem good to you?

yeah that looks reasonable.

good job

@hazy plover hi.

please direct python.sureis.sexy at our new servers. I'll DM you the IP.

done and doners.

Haha, I forgot about that

If both domains are on cloudflare though, you should be able to CNAME it? Even with CF's proxy

Even if they aren't both on cloudflare you can use a CNAME record afaik

Yeah but you can't do that if they use the CF proxy

Since you'll hit the proxy and it won't know what to do

They really block CNAMEs?

What's the point?

Anyway

Snekbox is broken

no, the site is just down for a bit

They don't block it, they just don't know what to do with it

Huh, just noticed this.

I wonder if font-awesome is injecting something.

oh no, duh, it's the youtube video

lol

If I'm making a form, it goes in forms/ under the app, right?

not sure with django, sorry

It's a project convention

yeah still not sure since i think lemon and volcyy are the main ones who decided any project structure stuff

Aha, okay

Well, I can always move it later

and i haven't personally looked at those things

only recently have i worked on site itself

Gotcha

so its all a new learning experience to me really

like, i can review html and css stuff easily

but project stuff i'd have to learn lol

hmmm snekbox isn't connecting

I'm still learning new stuff about Python in general tbh

discovered this yesterday with suppress(SocialAccount.DoesNotExist, DiscordUser.DoesNotExist):

er, two days ago

yeah

seen that in your diff

aww, you're reading my diffs

:>

i think you shared it with me to see possible solutions when we were talking about something

man, I probably did, my brain is shot today

haha

at any rate, i'm a bit head scratchy

Haha, okay, fair

!eval return 1

Sorry, an unexpected error occurred. Please let us know!

ClientConnectorError: Cannot connect to host snekbox.pythondiscord.com:443 ssl:None [Connect call failed ('172.104.139.207', 443)]

failing to connect

still down I guess

site is up though

docker is up

should be pointing to the right place

Did you move it to another server?

nope

only thing i did was disable the ssl on the server

They're not the same IP

I guess the latter is cloudflare

i'll check the dns i guess

yeah, that one is cloudflare

yep

its not proxied

snekbox probably shouldn't be proxied, yeah

i suspect the cloudflare ssl will fail without it

which is causing the above

!eval return 1

Sorry, an unexpected error occurred. Please let us know!

ClientConnectorError: Cannot connect to host snekbox.pythondiscord.com:443 ssl:None [Connect call failed ('172.104.139.207', 443)]

said ssl None

so it's connecting direct to the server

and it's seeing no valid cert

which is true, we removed it

lol

443 is refusing connections

shouldn't be, it's open

hmmm

wonder what caused that

You're not like, using iptables to filter out connections from non-cloudflare addresses?

we have plain allow rules for both 443 and 80

we haven't added disallows based on ips

Port 80 is open

firefox just gives me a 404

at any rate, something is listening there

!eval print(1)

@glass pecan Your eval job has completed with return code 0.

1

\o/

i went the lazy route

i just proxied it

it seems like your problem must be on 443 then, yeah

mm

ideally you would have SSL between the server and Cloudflare too

we do

wait

no i don't

hmm yeah that's gotta be fixed

might be worth examining a sudo iptables -L

ok i think i see the issue

i suspect we need at the least a self signed cert to encrypt from server to cf

yes, you do

we removed our server certs lol

well yep that'd break it

however

you should have a valid cert on the server too

not self-signed

i don't like self signeds

and i don't think we need lets encrypt

you can either cron letsencrypt, but a better option is to use the acme module that salt has, since iirc you're using salt

what i could do is just use the cf origin ca cert we're allowed to use

it doesn't require renewing

I mean the whole point of doing this is to protect the traffic between your server and CF

using a publically available cert isn't going to do that

its not a public cert

you create one

hm, okay

ah, yeah, okay, I see

it's only trusted by CF

which is fine, we're going through cf for all the things now

although if you ever needed to turn off the proxy, you'd be doing all this again

that's fine, i don't think we'd have a reason to turn it off afaik

was it salt you were using, by the way? Or ansible?

salt

hold my beer

https://gitlab.com/gserv.me/salt/blob/master/init/nginx/glimglam.sls#L47

https://gitlab.com/gserv.me/salt/blob/master/etc/nginx/sites-enabled/archivesmc.com#L12

that's all there is to it

for a self-signed?

for letsencrypt

oh we already had lets encrypt all setup

why would you remove it in the first place, then?

i figured it wasn't required with cf, but since there is, i can quite literally just revert it and it would all be back how it is

however

I mean, I'd say LE is the best option for covering all your bases

that's what I do at least

probs i see no issue putting it back, it's a shame it didn't work out how i wanted it

lol

I don't see why we need to do that

the cf thing clearly works without a single cert on our server. just not for snekbox. so why not?

it works for snekbox

It works if the traffic is unencrypted, lemon

atm we're like this

so between cf and users, it's all https

but between cf and alpha, it's plain

yes.

to do this, we'd need a cert on the server

back when I first set up Glowstone, the community was actually asking how we had CF set up

why do we need to do that?

they were pretty rattled when I said there wasn't SSL at the origin

but it was like 3 minutes to set up, so

since we're handling auth tokens from Discord we probably do want that security

it's not entirely required to do full end to end encryption, but it's not a bad thing to have for completeness

can you guys explain exactly what the point is?

I think GDPR also mandates some form of encryption for the whole pipe, but I'm not 100% on that

I can tl;dr it if you like

so far all I'm hearing are these handwavy arguments.

the current setup as scragly has it means that traffic between the user and CF is encrypted - users are safe at coffee shops

traffic between CF and the webapp itself is not, so it's fairly simple to spy on that side

a bad actor sitting in the middle or somewhere along the way would be able to intercept that communication and grab stuff like oauth tokens from users

remember, "nobody is interested in that" and "it'll never happen to me" are the first step to a breach :>

yeah cause that's what I was gonna say.

okay so it's exposed to interception between cf and linode.

yes

which is a lot less likely the the other side of things, but it's still a thing

fair enough. guess we should secure that traffic too then.

it's probably worth noting that linode is a US company, and I wouldn't trust the US not to do interception

my point though is i don't see why i shouldn't just use the cf origin cert

You could do that

The only drawback really is if you ever need to turn off the proxy for any reason, it won't work

same if you need to access the webapp directly

i would have no idea why we'd need to disable the proxy

can you explain what that even means

I think a better question is why change it in the first place

because it's less to deal with on-server

no. we had good reasons to change it.

let's focus on the now please.

OK, well to explain that

CF does allow you to generate a security certificate that never needs to be renewed

you can use it to secure the traffic between CF and the origin, but it is untrusted by everyone but CF

so anything trying to access it directly - either by IP address or if the proxy was disabled - will reject it

of course that won't stop docker containers interacting locally though, since you can just use the local port

if you never plan on disabling the proxy then it might be okay, I think I would still prefer LE to be safe, and the CF cert does make debugging the port harder if you ever need to do that

it's up to your own use-cases really

yeah will have to think about it

RE allowing users to remove django accounts, I'm thinking of doing a GH style "type your username into the box to confirm"

that sound like a good idea?

sure that sounds good to me.

discord does it too

so it should be familiar.

Alright, sounds good

Progress.

nice

How much prose do you think there should be on the removal page?

I wrote like a couple paragraphs about what is and isn't removed, but I dunno

that's a lot of text

yeah, it is

that must be one of the longest delete messages that aren't about retaining users I have seen 😄

yeeeah

I'm not sure what to put here tbh

Just say that this action is irreversable and it will not delete things like infractions?

he is saying that

lol

haha

I mean delete the rest 😄

The permanent notice could be without the recreation info, and just say it is irreversible

:>

10/10 ship it

nah, I think I agree that it should be a lot shorter

looks ok to me

Could the for reference nick just be the default background text in the input line?

is it only infraction records we keep?

No

ah then that wording is all g to me

Basically this is entirely separate from anything the bot collects

actually we have a privacy page, I could just link that

Nothing about the fact that the data can't be recovered?

to be honest, right now there's almost no data to recover

but sure, I can add a sentence

by the way, I think the privacy page might be out of date

does not have any form of monetary income whatsoever

not relevant to privacy, but :>

can we agree that it's irreversible, not unreversible

yes

yes

Probably

also I don't care for the prose, I'd prefer if it was short and sweet. how does it look on github or discord when you delete stuff?

isn't it just a oneliner?

I expect they have a privacy page linked to at signup

okay, and we also have a privacy page.

Yep, so I can link to that

if we want to write at length about the privacy implications of deleting a user, I think we should just do that on the privacy page.

Yeah, that's a good point

and I don't think we need to link it on the delete page, either. again, nobody does that.

only users who are a member of this community can create an account on the site, and they've accepted the privacy policy already.

that's not true, but I've been planning on making that the case

I thought you already did but okay anyway that's the intended design.

ideally only users who are Developers.

It's on my list

cool cool.

well then, something closer to the github one would be fine by me.

Alright

I can make use of models basically anywhere, by the way, right?

sure. why not?

No reason in particular, some web frameworks don't allow that

are you asking if we want to keep model access within the parent app?

No, no

I'm just thinking I'll do it in the account adapter

should be fine.

Alright

that's like a 3-liner

should be fine

username, not account username

do we care about stopping people from just copying the username?

I assume not

no

nobody else does

ik, because i copy it everytime personally

yeah, I figured it wasn't really useful

lol

haha

you can prevent text selection but it's a bit inconsistent between browsers

it's just discouragement really

the your

Oh, good spot

A newline after the nick to keep it a bit more tidy?

I dunno, I think this looks okay

Just a thought, definetly better than the wall of text before

to confirm that you'd like to have your account removed - > to confirm that you'd like to delete your account?

Keep things simple?

I think mine is more correct, but I don't mind changing it to simplify

wonder if I can make a horizontal form with crispy-bulma

Oh and can you try to center the text inside the confirmation button?

do you mean, center the button?

isn't it?

Oh yeah

it is

looks centered to me.

Don't listen what I'm saying

In my mind the button had the same length than the text

lol, not sure I like it with everything centred

it's not bad, though

don't think the button fits in the center when it's alone

I don't like it centered like that

but I'm just me

yeah, I think I prefer it left as well

i don't like it centred as the input is left aligned

it feels out of place because there isn't much else on the page and you're missing it when going from left off of the input

What do you mean by horizontal, @molten bough?

The button at the right side?

With the label to the left of the input

oh, you can do that

with bulma

did we add that to crispy-bulma yet though?

I don't think so

oh, that I don't know

You have requested to delete the account with username lemon#0001.

Please note that this cannot be undone.

To verify that you'd like to remove your account, please type your username in the box below.

hardcode the username as well!

haha

I like that too

lemon#0001

did it delete

please don't delete me.

damn

just your account

add an easter egg

if you use lemon#0001 instead of your own name, you get redirected to a webpage of nothing but lemons face

haha

maybe later

any opinions on the text colour by the way? I made it black because the red is hard to read in a <code> but I'm no longer using that

seems fine

sokay with me.

:>

the space seems weird

seems k, only thing I'm not sure about is the giant input field

It can be less giant, it's just a centred column

Like.... maybe about 2/5ths that size

yeah. but I don't know if it would look better smaller either. though it might.

1/3rd or 2/5ths

That's my guess

it was at half, this is one-third

it'll be full-width on mobile though

Can you keep it left aligned on the center column?

Not sure what you mean by that

You mean left-align it to the message box above?

Like... the left margin of that box and all that is on th- yeah

That

hmm

I don't think so

maybe I could add a right margin to the column

or right padding, rather

it'd break on mobile though

I mean if it might comprom- yeah if that's the case then keeping it how it was might be a better option

keep it how it was.

Alright

here it is on mobile, for comparison

Is that the modified or the previous

they'd be the same

Gotcha

wow those logos at the bottom seem crappy in that screenshot

bold the cannot?

^

All caps as well maybe?

I understand, delete my account
DO IT, JUST DO IT!

Still doesn't quite stand out enough

nah don't caps it

no all caps please

wat

it stands out fine.

hahah

hahaha

Oh god yeah, I see what you mean about the django and the Bluma logos, Scrags

Love it

:>

The aliasing on those logos is really bizarre

it is pretty weird

yeah

this is firefox, linux

69.0.3

Is it different with Chrome?

no repro on chrome

Hmm

God I wish there was more of a standard...

sec

That's the biggest headache with web dev stuff

The Django logo isn't great on chrome too

insert xkcd here

i can't repro on ff either

Way better than it was

so its just me

That's an odd quirk, though

that django in yours akarys is acceptable

Yeah that at least has some anti-aliasing going on

yeah

but the Python Discord there isn't rendering the font properly

at least not smoothing

weird

it does alias better in chrome

Does FF not do any anti-aliasing?

chrome top

for reference, this is what i see

Chromium

firefox for me.

Well now they look normal...

ff

the bulma looks better in FF for me, django better in chrome

so it might be a system thing?

Possibly

most likely tbh

But even comparing the one on top of the other that g showed us it seems fine now

i could ... change them to svgs

It's the way of the future

just force client side rendering lol

no pngs for you!

anyways

aliasing seems to be turned on in FF here

wasn't meant to derail there

it's webgl though

that's all I can see

anyway, yeah

are we happy with this?

The letters in gdude#2002 look larger than the rest

they're both bold and monospace

maybe we bold all three words. cannot be undone.

bet Hemlock would like that.

haha

You're not wrong

looks good to me.

Yeah, that stands out a lot better

unit testing this will be an experience

haha

account deletion is a massive h1 looking thing.

yep, it's an h1

maybe h2.

This a technical term thing?

html header size.

header levels, they're actual html tags

Oh ner

Thought we were still on the testing thing

oh right

nah I'll figure that out

Yeah okay, I'm with you guys now

in bulma, they're based off of the class, though.

yeah, is-size-2

You can have a h1 with size 6

yeah

the actual header level matters for stuff like screen readers

but only that they're nested appropriately

OK, no news is good news, I'll get that committed

nice nice

well, after I lint

yes, linting is life

stares at Akarys

just look at the channel topic

lol

haha, yeah

I'm still sad that pycharm doesn't sort imports as it generates them

ctrl+alt+o to the rescue

yeah that does suck.

just be magic enough to not need it

you can have it do it at commit time at least

there's a checkbox in the commit window

orly

nice

I LOVE whoever set up that precommit part in the pipenv

That makes it so much easier

it was the other dude

pre-commit is awesome

although the pydis setup is weird

it makes sense to do it that way though

i don't see how it's weird

I think Mark did a bunch of work on that

ftr

mark is a machine

maybe ELA too

We have a lot of machines

hemachine

I'm like one of those

Like

I mean it's weird because usually you just let pre-commit manage the environment

Battery powered hand fans

but this is better, really

Yes, this basically ensures that our precommit and pipenv setups don't get out of sync

because that caused issues in the past

Yeah, I don't doubt it

so many environments in play

PyDis needs its own green party at this point

:>

Hmm coverage fail

yeah, that's fine

I knew that'd happen

You can do a local coverage test by using pipenv run coverage run manage.py followed by pipenv run coverage report -m if you like

I can't

o hwait

the only thing you tested was our patience.

you need to set-up the .env file for that

for whatever reason, not all your tests pass in my environment

so it points to the docker database

but I can run individual units just fine

hmm

oh wait, that was like a month ago

I forgot that was already fixed

anyway pycharm does coverage

thought you fixed that yeah.

you can get it working with CI=azure

😄

I have it set up with the same env vars I use to run it

:>

I had a weird thing yesterday: I had to uninstall and reinstall all of my Python versions. I kept getting weird errors when trying to mess with stuff in PyCharm

Works now, just so weird

That is pretty odd

I'm waiting for python 3.8 to come around and for manjaro to suddenly update python

and then I'll have to redo all my environments

hnng

By the way, what data should we expose to the user on their account?

lemon mentioned roles before, should we be showing infractions or anything?

Roles, Date Joined..... There really isn't much we store that would be interesting

are you sure it was roles and not group

I dunno, roles is what I wrote in the ticket

I don't think there's any use in hidden infractions showing up in the count since they're not really infractions

we don't want to make a whole profile thing, the only thing that's handy is showing the currently active django group for debugging

group is definitely what I meant.

okay, group then

other minor things may be interesting but nothing as major as infractions.

Alright

maybe have a uh

..

the fuck is it called

accordion?

with the debug info

I was just thinking like.. if you could think of other data similar to group that might be useful for debugging, essentially.

Alright

but I can't.

no need to hide it away in an accordian though

not if it's just one or two pieces of data, certainly.

i don't know what the user settings page would show currently

the focus of the page is just connections and account removal

I haven't written it yet

ok, so service connections is a section, name and group, delete account

connections, account removal, what group am I in, (whatever other account specific info is relevant)

yeah

if any

I can't think of much

nothing discordy.

api tokens?

neh.

nah

well then there you go.

if any == false

proceed

lol

haha

okay

I'll do the require-user-on-the-server-and-verified first

which reminds me

how should I store that?

like, the role to use for the check

role to use for the check? I'm confused.

the user and the roles are all in the database already

Well, we don't want people signing up unless they have the Developer role

but I need to pull the correct role somehow

flag on the role, maybe?

it's all in the db

Well yeah, but if the name or the ID of the role changes..

we can't really hardcode the ID anyway, since people need to run this thing for testing

You can also check against the position of their top role, I think

everyone is the lowest, anything higher than that should mean they have the developers role as well

muted?

muted is way higher

announcements?

I dunno if you still keep that one but we kept it on rejoins on the old site

can't get announcements without having accepted the rules.

we sync all the roles we have, but we don't necessarily reassign them on rejoin

so they just need to have more than @everyone

I like ves's idea. if they have any role other than everyone we're good.

len(roles) > 1

yes

works for me

do we sync everyone?

(sorry for interrupting but is there a way to disable the rest api token security so I can test if my new model work using simple request?)

yep

Hmm, that would mean that someone rejoining would pass without making it past checkpoint

Since they will get the muted role back

that's my concern, yeah

yeah

doesn't matter. they already accepted.

the first time.

additionally, another thought crossed my mind

@green oriole no idea what you mean akarys, but there's never a valid reason to remove the token

if we ever want to give users their infractions, if they're banned they won't be on the server

even in testing you can authenticate

the system already doesn't assign them any groups if they aren't here

still not clear on what you're asking

well, if you ever want to do stuff like infraction listing or ban appeals, if we prevent them from logging in when they're not on the server then they won't be able to do that

oh right, that's what you're saying.

yeah

I did think ahead a bit and they already have no perms if they're not on the server

why are we preventing them from logging in? I was talking about preventing them from creating an account

ah

aha

okay

although, if they have infractions and they never logged in on the site..

@green oriole I'm not sure why you'd need it, but you can delete API tokens in the admin site where you created the token.

well there won't be an account

I guess I could just check if they've ever been on the server at any point

then that's too bad. we don't want people signing up on the site who aren't in the community for privacy reasons. I want to be able to say "the privacy policy that applies to your site account was accepted when you typed !accept"

like, check the presence and roles but not in_guild

Both?

Or no wait

by presence I mean their Discord API user is in the db

Gooooootcha

Oh right, because we store the roles they had previously, right?

Right

Do we automatically reapply them?

Or only just Mutes

I'm not sure

just mutes and maybe announcements

not sure.

you lose admin if you leave, buddy

so don't even think about it.

haha

No point in testing it, got it

I have no idea what cog has that reassignment by the way

haha

verification maybe

not sure either.

nope

well, anyway

whats this

what do you think of that? prevent signup if the user's never joined the server, or if they only have @everyone?

I'd be verification or moderation

are you asking me or someone else

asking us all, scrugs

seems fine to me

seems reasonable to me. a user meeting those criteria will always have accepted the privacy policy

which works for me.

Do we still have a URL that redirects to the Discord invite?

actually that doesn't matter, vanity invite

just to link it in the message

infractions.py > on_member_join

that's reassignment

for mute

Is there a race condition there?

Since the on_member_join event of the syncer will sync roles on join, I think

So, it may remove the muted role from the db before it's reapplied

not sure, haven't checked, just a thought

don't think so, as i originally thought mute was excluded

Hi I am trying to run tests for python-discord/bot repo using pipenv run tests and I am getting this Error: the command tests could not be found within PATH or Pipfile's [scripts].

it's pipenv run test, I think

yep it's test

you can see it in the Pipfile for reference

I can add an alias for tests

pipenv run test gives no output on screen

That's odd

Uhm

did you install with --dev

did you install the pipenv ?

pipenv sync --dev should do it, since there's already a lock file

[atul] (09:06 PM ) bot $ pipenv sync --dev
Installing dependencies from Pipfile.lock (adde42)…
  🐍   ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 86/86 — 00:00:18
To activate this project's virtualenv, run pipenv shell.
Alternatively, run a command inside the virtualenv with pipenv run.
All dependencies are now up-to-date!

even after this pipenv run test gives no output on screen

I guess we don't really need the link

I'm not sure I'm happy to | safe messages

perhaps these messages should have a max-width as well

that'll do

verified working, anyway

yeah that last one looks good in the hood

That looks so weird with the hand

It's like some sort of biological experiment

If it had the outline it'd be less creepy

haha

Stick a fork in it, it's done

next up, connecting GH

Guys, I just created a Django model, everything seem fine, but can you please check I haven't done any mistakes please? https://github.com/python-discord/site/commit/34a43d1299404a9b5a39440fcb2089a956c0f529

Not able to test, still?

I tested it with manual request and it worked fine

Aha, well that's good

I just want to make sure I didn't do any stupid things 😄

Nothing jumps out, but there'll be a review later :>

when your PR is ready I mean

Okay cool

I can't access Azure

why do you need to?

Here, https://dev.azure.com/python-discord/Python Discord/_build?definitionId=2

You can access Azure, just not using the link Azure itself gives you in the embed

it's a pain

The link in the README on github is publically available

There has been a failed build just after I pushed (I just realized that it was probably gdude's build)

it was, yes

You don't have a PR open yet so yours won't build

Yeah

I won't get any error because I don't have any test for my model?

you will

We have a coverage requirement

Oh okay

Oh yeah 100% I just noticed

Let's do some more reverse engineering then 😄

OK, so I guess there must be a specific way to test a view that requires a login

let's see what the google says

https://docs.djangoproject.com/en/2.2/topics/testing/tools/#django.test.Client.force_login

you should be able to use that to test in a "forced logged in" state

hmm, okay

there's also a regular login to test the login process itself

the difference is that, for the former, you don't care about the log-in process

I will need to have a specific set of objects to test account deletion logic

but that's fine

hm, I wonder what the correct way to test the url of a redirect is

a reverse() gives you //pythondiscord.com/url

rather than the /url in the httpredirectresponse

are these tests removed now test_in_channel_check_for_correct_channel?

Do we have a more up to date config file for bot testing?

@austere veldt Not sure, I'll check. They shouldn't have, probably, but it may be they got stuck in limbo during the migration.

How did we agree to document arguments in docstrings again? Markdown list? Google style? (Image is Google style)

The structure of test repo got changed and in the file test_checks I don't see any test for in_channel_check. I have a PR around that, should I add the test?

@mellow hare There's probably been a few things that have been added. I can share mine if needed. You could also run a diff with yours against the default config to see what is missing

def test_in_channel_check_for_correct_channel(context):
    context.channel.id = 42
    assert checks.in_channel_check(context, context.channel.id)


def test_in_channel_check_for_incorrect_channel(context):
    context.channel.id = 42
    assert not checks.in_channel_check(context, context.channel.id + 10)

that's the old version

okay

Yeah I ended up doing the diff thing

Just gotta update it here in a bit

Just wanted to get through this PR

There's a config file pinned in #dev-core

It should be reasonably up to date

guess I'll stick with Markdown list for now

@molten bough Markdown for viewsets and the rest is not really following any popular style. Perhaps it's closer to how the standard library is documented if anything - using sentences/paragraphs to describe arguments. But you could still create a list if needed just using bullet points.

hmm, okay

@hardy gorge Should I add the test back?

These are the tests I want to add

def test_in_channel_check_for_correct_channel(context):
    context.channel.id = [42]
    assert checks.in_channel_check(context, *context.channel.id)


def test_in_channel_check_for_incorrect_channel(context):
    context.channel.id = [42 + 10]
    assert not checks.in_channel_check(context, *context.channel.id)

If that's not a good explanation you can try looking at existing doctsrings for some ideas.

@austere veldt We've migrated to unittest with the unittest specific assert methods, like self.assertFalse and self.assertTrue

But, sure, go ahead

Okay I can do that change and add my tests

Hmm apparently the tests try to do a request to staff.pythondiscord.com which doesn't work because it should request staff.pythondiscord.local

Do the tests not load the same config?

I dunno

Let me check

And you made sure to change the site domain in the config.yml?

That's one of the things I had to correct

There is no config.yml atm for the site repo, do I need to create it?

yeah, it's in the guide on the wiki

Oh okay I didn't checked the wiki

wait, what? You're only running the site's tests, right?

But the site is hosted on 0.0.0.0:8000 atm

So I changed it somewhere

Yep ves

Did you set the DEBUG flag in your environment variables?

site does not have a config.yml

oh right, site tests

No because DEBUG randomize the key, I just override ALLOWED_HOSTS in the env file

for the site, I have these env vars set:

DATABASE_URL=postgres://pysite:pysite@localhost:7777/pysite
SECRET_KEY=suitable-for-development-only
STATIC_ROOT=/tmp/django_static

I have the same plus ALLOWED_HOSTS

I'm using PyCharm's test runner though

You need to set PARENT_HOST then as well

I use pipenv run test

check settings.py, there are a number of things that change if you're in DEBUG mode

I'm not in debug mode

I wish debug didn't randomise the secret key

Specifically this:

if DEBUG:
    PARENT_HOST = env('PARENT_HOST', default='pythondiscord.local:8000')

    if ":" in PARENT_HOST:
        ALLOWED_HOSTS.append(PARENT_HOST.split(":", 1)[0])
    else:
        ALLOWED_HOSTS.append(PARENT_HOST)
else:
    PARENT_HOST = env('PARENT_HOST', default='pythondiscord.com')

it's annoying to be testing something and have to login again every time you change a file

wait arent we reading from enc

v

Actually we can change that

well yes, but it should still be unique per instance

The key is randomized if debug mode is on

so it'd need to save a dotfile somewhere or something

The key is not loaded from env in debug mode, yeah

Everyone use the suitable-for-dev... key

if DEBUG:
     # Removed intermediate lines
    SECRET_KEY = secrets.token_urlsafe(32)

I mean, if we are in debug mode we can still read it from the env

yes

it's just that it's not configured like that

Change it?

I think it will work without issue, but I'm not confident enough about our set-up to make that call

The prod server doesn't run in debug mode anyway?

@crude gyro According to git blame you specifically removed the hardcode secret key for debug mode

So, there must have been a reason

The commit message simply says Replacing hardcoded secret keys with token_urlsafe calls., so it doesn't give me the reason

uh.. when?

for what repo

Site

site in settings.py for DEBUG mode

haha, good placeholder

but.. why would you need that

otherwise you need to login after every change

since the secret_key would change on reload

oh. I thought settings would just be loaded once.

that's fine though, just change it back.

the old one was pretty good.

I don't think we even need a configurable one

I have no idea why I did it.

just a constant does the job for DEBUG

there must have been a reason

but, I can't think of one

was probably just a commit in a string of security related commits

would be interesting to see the neighboring commits. they're likely very similar, hopefully less bug introducing

or maybe I just wanted to use token_urlsafe for something cool

haha

okay

ah

It's the linter