#dev-contrib

yeah that does not sound safe.

One sec

It is in #dev-log

this is a less embarassing example haha

now, it's not necessarily unsafe and I haven't been able to break it myself, but as xx says, user input to a state machine is not a fun game to play

The implementation I proposed is easy to do with no changes to snekbox itself, can just send the code over and print JSON or something to get info back out easily

https://github.com/python-discord/bot/pull/952

we used the regex module which does prevent catastrophic backtracking & has a timeout, but I don't think we should hedge our bets on it

so the proposal now is to move it to snekbox and write a template which just runs a regex parse in python eval

I'd be surprised of the stdlib implementation wasn't safe tbh

It isn't

and I'm proposing we ditch the regex module and switch back to re, because I want to be able to catastrophically backtrack in snekbox

Would be moot if it is or isn't if it's run inside snekbox

@green oriole it isn't, look at the PR

import re
pattern = r"(\w+)\*([\w\s]+)*/$"
re_compiled = re.compile(pattern)
results = re_compiled.search('COPRO*HORIZON 2000                 HOR')
print(results.groups())

infinite loop, 100% cpu

Well, outside of backtracking

right, but backtracking is unsafe lol

I mean, a timeout is enough

Sure but why take that risk

you were talking about re, which does not have a timeout

Especially when we have a way to properly contain it (through snekbox)

regex is safer, yes, it has a timeout, but I'm still not 100% trusting

We can cancel asyncio coroutine

Hm, it would actually make sense to backtrack catastrophically in the command. Because using regex will give unexpected surprises when the user runs the regexp with re.

Especially when we have a way to properly contain it
@mellow hare still can't react, but

But yeah, I do think snekbox is the solution

yeah, I really want to be able to break the regex

okay, so. I'm not comfortable with us merging any public function that allows unsandboxed evaluation of expressions, I don't care what package we use for it.

I want it to crash and timeout

Is there any way to isolate this totally inside bot?

if it's staff only, I'd be less fuzzed.

we have the technology, might as well use it

we want to be able to demonstrate to users that specifically crafted regular expressions break completely

@cold moon not really

so, moving to 🐍 📫 then

we have the technology
We can rebuild him....

Maybe we could take that as an opportunity to make generic snekbox templates, like the tag system

snekbox sounds okay, if snekbox dies there's no funeral

yep

snekbox has all the relevant limitations on there and a max of 2 concurrent evals

@celest charm idunno if you're just going to be passing it to the eval endpoint or what, but if you're adding a separate endpoint for snekbox, I'm also implementing Unix command execution as another one

2 concurrent evals per what?

@clever wraith no extra executor, just a template ran in the python executor

@green oriole globally

you can check out my branch if you want to see how i've done it (so far) for some resemblence of consistency, if that makes sense

ah, sure

snekbox will not run more than two evals at once

the unix command execution is still on? there's been significant concerns about it.

has there?

oh?

yes but I'm not sure if they've been voiced in here.

NsJail is rock solid though

well, i'd like to hear them

yeah, i wasn't aware of it either, should probably go on the PR https://github.com/python-discord/snekbox/pull/71

I think I said as much

when I saw them

I feel like I'd want snekbox on another machine if it had command execution, even with nsjail

It's a tricky vector

nsjail chroot + docker, mind you

It is in another container already, we have two isolations

I don't think an additional endpoint is worth the time when the python code eval is there and reflects re directly.
Can construct some sort of "API" in the template it have it future proof without changes to the template

the overall concern is "how can we possibly make this secure, and is that worth it when the feature is baarely in our scope anyway?"

There are docker escapes though

But no NsJail escape

Not yet.

Most people can execute Unix commands on their devices now, right?

well we don't particularly want people breaking the sandboxes all the time, either

@molten bough We could be pulling our hair out worrying about the future possibilities

even if they can't escape

But I'm starting to lean towards lemon's side

of course I think NsJail can also be escaped, and docker from that. Is someone who's capable of doing that going to be time spending time breaking a bot on Discord? @molten bough

There are plenty of resources that can help folks with regex.

@mellow hare this isn't about regex now, this is about the UNIX command executor

I mean I don't see why someone with the knowledge wouldn't try, a lot of people had fun trying to before haha

My mistake

regex is safe since it has the same sandboxing as current python eval, unix would allow for shell commands to be ran

there's still a hard pid, memory, time limit

Ah, okay, I'm on the same page now. Why was there a push for this?

it's not "unrestricted linux box" per se

It really doesn't seem in scope

but if people are concerned, I'll just drop it

@clever wraith wanted to do it and it seems like a neat feature.

but there are concerns and I do think they are valid.

not to be a party pooper

@clever wraith It's not a criticism towards you or the idea, just might not be the right place for it

It definitely sounds useful, it just feels tricky to ensure

the risk is probably very low

possibly zero.

no, i understand the concerns, perfectly valid

but the consequences if someone did break out? it could destroy us.

I'll just close the PR, haven't had time to work on it in a month anyways haha

maybe if, like gdude said, we had the whole sandbox on a second server

but that's not in our infrastructure budget atm

Maybe we could allow that for staff members.

You could do what some IRC bots do

Do we still have bravo?

I don't think that would be something that's particularly used over here except a few of the topical channels

Run stuff on free Google cloud instances

"but the consequences if someone did break out? it could destroy us." my god that's dramatic

no, we don't have bravo

Gotcha

yeah i could just spin up a super limited ec2 instance which will accept fed in commands and has zero IAM role perms

so you kind of just let it die if it dies

or at least it's ok if that happens

I don't really want this to introduce more infrastructure changes

we have backups and stuff, it's not a big deal. I'm worried about data protection.

assuming no one manages to somehow XSS-style attack back into whatever the bot prints

I've closed the PR, too much hassle for too little benefit as people said

alright @clever wraith, thanks.

sorry for the time wasted

@dull jetty the "xss" side of things is already taken care of by the same mechanism as !e

Still no news from the repl.it team on an API I take it?

I doubt we'd move even if there was.

more work to move than to stay

@crude gyro time which i have enjoyed spending is not time wasted :)

works fine.

Yeah I guess that's true

And if they decide to shut down their API again, we're in an awkward position

They didn't actually shut it down, you just can't sign up for it

They're remaking it

oh

or at least it's ok if that happens
@dull jetty

it is fine if the server dies, we will spin up a new one in no time. but if someone had actual access to it, we could be in trouble.

I don't want to go into details on why.

@crude gyro that wasn't the proposal from seagull, seagull was proposing additional infra to handle evaluations away from our server

so that's why I'm cagy about eval

oh right, maybe I misread that.

but again on the infra point, we don't have a big devops team, we'd rather keep things sweet and simple

yep yep.

on the regex point, moving it to the python evaluator sounds like a good plan

yep. works for me.

Would it be horrendous to use the Snekbox cog directly? Or do I just copy the interaction?

I don't think it would be bad assuming it would be beneficial

using snekbox directly doesn't sound unpleasant, but maybe it should be considered to move utilities out into a snekbox utils file

though there's no reason to go through it whole since it has a lot of sanitization

There's only one function you need

upload_code() iirc

All the rest is just formatting

yes

    async def post_eval(self, code: str) -> dict:
        """Send a POST request to the Snekbox API to evaluate code and return the results."""
        url = URLs.snekbox_eval_api
        data = {"input": code}
        async with self.bot.http_session.post(url, json=data, raise_for_status=True) as resp:
            return await resp.json()

I think the function that send over to snekbox isn't really that big

yeah

This one yeah

Maybe I can just copy it for now, and we'll move the snekbox utils into a separate file.

Or should I reference the Snekbox cog?

With it being that short you could probably do the request yourself and then do some processing in one func

true

Since you can specify what exactly goes out to stdout for working with the data

You should keep them separate, for the sake of writing tests

That doesn’t make any sense

It’s already being tested

You don’t need to rewrite the function to test it again for a marginally different use case

I don't think the regex cog is being tested, it doesn't exist yet

Yeah, thanks

Writing tests for snekbox was really easy thanks to those short functions

Is it even possible to reference another cog?

Sounds like spaghetti

Yes

!int e print(bot.get_cog("ModLog"))

In [30]: print(bot.get_cog("ModLog"))
<bot.cogs.moderation.modlog.ModLog object at 0x7f61e06a7d90>

got it

Maybe I'll add tests for the regex cog first, and then I'll move it to snekbox.

Running docker-compose every time doesn't sound like lots of fun

You can reload the cogs on the fly

true

You don't need to reboot the container

Done that while testing

Still, writing tests is a good idea.

Absolutely

TDD can be fun sometimes

I don't love cogs referencing each other

I prefer moving any function that is useful to several cogs into a util file

and importing it into both

we should be able to disable or remove one cog without breaking any others

yes.

so imo @celest charm @patent pivot

we should not reference one cog from another. we only do this for modlog and even that is slightly dubious

better to just make more utils.

yeah, agreed

i do think utils is the way

I don't think cogs should ever import across each other, d.py will force-reload the module

so the definitions can run twice

I ran into a problem with seasonalbot where something was reliant on import order as a result

So maybe I (or someone else) will move that in a separate PR, then I'll git pull, and then work with that

I don't think you need a second PR

yeah, as long as it's documented that things have changed it can go in this PR

it is well inside the scope of a new cog to utilify other cog's methods

As long as you move the function in a separate commit, it should be fine yeah

I don't think it's worth the trouble in this case; unless a whole set of utils for snekbox communication is created

I agree with lemon; I don't think the design pattern of referencing other cogs is particularly well

The modlog cog references are luckily fetched when needed (instead of being cached once), with cog reloading in mind

yep

However, discord.py comes with a dispatcher/event listener utility built in

I think I had to for my de-watching on ban thing

Not sure how to correct that

I think that prideavatar size isn't working correctly

.prideavatar LGBT 64

Unh

Well, see the last two messages in #sir-lancebot-playground

No matter the size, it seems to always have the same size

it seems to work fine for me

odd

I sent a DM to @patent pivot a while back because my Font Awesome CDN sub was going to expire in a couple months, and you guys are using it

because I still need it myself, I've renewed it, so you can keep using it

they decided to give backers over 50% off to renew so it was worth it

oh sweet, cheers for that 😄

it also includes font awesome 6, whenever that comes out

interestingly, font awesome 6 is going to have an official django plugin, so that'll solve some issues

huh

you guys can read up on it here if you're interested https://fontawesome.com/6

Yeah I don't know what's up with my pfp, maybe that's a cache issue

Oh, also, there are various services-oriented features that FA6 will bring (like adding icons to kits and the desktop subsetter)

when those eventually release, if you guys want to use those, I'll give up to 3 of you access to the account

(I'd give more but I don't have enough seats)

Maybe I'm weird, but I really doubt using fontawesome in my projects. It can make a website look dull and uninteresting because it has the icons I've already seen a thousand times.

Like, the basic login, logout, user, eye icons

That's fair, some people aren't a fan

I find most of the utility in icons is that they're instantly recognisable though - you see that icon, you know what it's for

FA is just the most common - there are other sets out there, like the material icons site (which is mostly community maintained), and those are nice too

I would love to learn drawing beatiful icons myself.

Me too, but I'm nowhere near that inventive :>

This site has a lot of icons in many different styles. They're not fonts, and I haven't used them for web, but I do like them https://icons8.com/icons

Yup, icons8 is real nice as well

oh, speaking of fonts, the PyDis kit is using the web fonts version - FA says the SVGs perform better and are more versatile, I recall just picking that version since that's what we used way back when

it's just a toggle on my end if you want to change

This is the icon set I drew in Inkscape. I think it's mostly consistent, but some icons are really shitty. But it works for my purposes.

Those are quite nice

just another 7,000 to go, though :>

👍

although for real, having a custom icon set like that really makes you stand out

Well, that's enough for my project

Another benefit is that it occupies 1.6KB when gzipped

Yup, that's also nice

FA's svg kit still only loads what you use, but it's guaranteed to be far more than that

far, far more

Although the 1.6KB bleaks in comparison with the giant JS libraries I'm loading

You should webpack it

I probably can live without jquery, though

But I don't think I should worry about performance right now.

I'm getting 90+ with lighthouse

The biggest increase in performance while browsing (as opposed to loading) was in switching to an SPA.

That can definitely have an effect, yeah

Anyway, I think we might be getting a bit OT here, haha

true

let's go to ot1

aight

THoughts on avoiding dormant-ing a help channel if someone's typing in it?

also thoughts on why my tshirt is so small suddenly

think the typing thing is proposed

oh nice

But currently question is how to implement this, I think.

With redis caching in place, it should be trivial to keep track of the last "typing" time in a channel

And check when the timer runs out when that was

the on_typing event gets the datetime the typing event started anyway

Woah, this sounds nice to solve

I think I proposed the same thing, without redis as that wasn't there yet, in the issue

there can be a considerable delay between typing starting and that message being visible to others

the typing notification sorry

i might try and determine what the typical and worst case timings are

if it's significant you might end up having to undo a channel dormant-ing

particularly given this feature would mostly come into play (from a user's perspective) when a channel is about to be

ok i don't want to have to keep conjugating 'dormantify'

'sleep' a channel

I don't think we have to extend the scope that far just yet. If it's mere seconds between "member starts typing" and the dormant action, the message they were typing shouldn't be too long yet. At the very least, the member should be able to type it again in the same one or two seconds they had before the channel went dormant and their channel message box was cleared.

Because making a channel "undormant" would still mean that their message box was cleared anyway

So, I'm not too worried about those few times a user literally starts typing in the very last two seconds before a channel is made dormant

hmm yeah

there's also the argument that the point at which a channel becomes dormant might be the point at which there's no longer a need for help, if someone forgets to close

a surprising amount of people ask for help, then someone asks for clarification and they're never seen again

Noticed an issue with our site when hovering over "more" in the navbar to show the drop down. It causes the scroll bars to appear, which cause the entire page to shift to the left jarringly

Doesn't seem to be the case for me on chrome and 1920x1080 display

Which page did you try it on?

I tried it here

https://pythondiscord.com/pages/code-jams/using-git/

On chrome, it's fine. Not on Firefox

Seems to be fine everywhere I can quickly get to on chrome

Well the page must not have a scroll bar initially, and I was having trouble finding any public pages short enough

Have you seen this? (I guess so, but in case) https://github.com/advisories/GHSA-2m34-jcjv-45xf

Well, dependabot is opening PRs

hopefully all the pydis stuff is already latest though?

i assume they only made the cve public when the patched version was largely being used

it's not, but we just merged this version bump

so, solved.

ok so

but like, all i did was add a tag file, so im a bit confused

if anyone has any advice, that'd be welcome

https://github.com/python-discord/bot/pull/991/checks

@clever wraith looks like you have trailing whitespace on a line somewhere

ahh

oki

how did you see that?

go to the link you posted, click here

wait did i just not see that

cuz i was there :S

then select the failed job (lint & test) and the failed subjob

would a newline at the end of a file do it? cuz like there is no trailing whitespace S:

nvm i found it

I think it's the trailing whitespace in the code block

it was line 4

had a single space

ah

yay

tyyy

👍

switching out django-crispy-bulma for flake8-annotations

That was simpler than I thought

Didn't realise we use their API to get all the info

In hindsight, that is obvious

What's the most normally used pydis project?

My guess is flake8-annotations

Not bulma?

Indeed

532 downloads last month for simple-bulma, 12.9k for flake8-annotation according pypi stats

12.9k? holy shit

that's a lot

nice work @woeful thorn

annotations is awesome

we use it at work lol

I also use it, it's fantastic haha

In setting up for another set of projects, I stumbled across this document

https://help.github.com/en/github/building-a-strong-community/creating-a-default-community-health-file

This would allow pydis to centralise these documents in a single repo, which might make organisation easier

interesting

I'm also using probot to centralise some other stuff but that might be a bit much for pydis

labels, eg

i'm planning a bespoke github bot

Good shout, but do look at probot in that case

https://probot.github.io/

stinky js 👎

haha

Anyone up for some easy reviews?

.issue 935 bot

.issue 910 bot

.issue 988 bot

Was wondering about this when I was reviewing something few days ago. For contributors is there any use in reviewing something simple like 935?

We need to discuss this actually

I wish your reviews would count

Of course they are still helpful regardless

Maybe we can just force merge something if it gets 2 approvals, regardless of whether they counted or not

I think it's still useful, means that the second core dev reviewer has less to look at and can get things merged

Having to wait for a 2nd core dev slows down the process. There's no reason if we already have a perfectly competent 2nd review.

Well, there may be a reason and that would be limitations of GH's permission system.

I dunno if it's possible to let all core devs force a merge, especially to a protected branch

with big PRs I don't worry about it making a difference, but in cases like 935 where it adds one simple block that at most has to be tested functionally in one or two minutes and doesn't really save any time for the core dev reviewer

I dunno if it's possible to let all core devs force a merge, especially to a protected branch
@tawdry vapor

a much simpler solution is just to set the minimum required approvals to 1 and adopt a policy to wait for 2, where the second can be from anyone

I'm OK with that compromise.

I've suggested it before, I don't think it's very controversial.

I'm in bed but I could probably fix it tomorrow

You don't think we should run it by everyone first?

(again)

if it can wait a week we can bring it to the staff meeting.

but personally I don't anticipate any resistance

maybe a core dev ping would be enough

Yes. Not all of them can make the meetings anyway

Do a little poll in the channel

That can wait for tomorrow, you don't need to do it on your phone

oops

https://github.com/python-discord-bot What is this?

A github bot

lol yeah

python discord github bot

as opposed to @stable mountain , which is a github python discord bot

and !e, which is a github discord python bot

it's already doing better than me

lol

Joined 11 hours ago
There wasn't already a github bot?

@green oriole there is https://GitHub.com/pydis-bot but I didn't want to spam everyone's emails and change a load of auth stuff lol

But this bot is not open source?

I mean, the bot haven't done anything yet

This have been done at least one thing: https://github.com/python-discord/site/pull/349 labels addign

adding

Oh well, it doesn't show up in activity

It might be open source

but it isn't python

What lang this is?

Ruby?

Elixir

Ahhh right

Forgot Elixir used do

Is this in Elixir because Python don't have library for this?

Elixir is joe's side fling

The man loves it

I just prefer the elixir libraries for github & wanted to do an elixir thing

OK

plus this is clean

The font for payload looks weird

cursive

But yeah that's pretty clean

That reminds me of time when we wrote code on paper at school lol

But that could be done with a bit of flask too :>

I heard somewhere that PyDis have some plans to make GitHub approval requirement 1 review and then 1 from someone who is not Core Dev (of course this may Core Dev too, this is just not required). When this idea will be applied, then maybe should bot check on every review, is all these requirements passed and when it is, auto merge PR?

no I disagree strongly

Auto merging doesn't sound like a great idea

merging to master should always be done by someone who is present

so that they can make sure everything went fine or revert if necessary

yeah we won't auto merge

i've left PRs at 2 approvals before because I wasnt around my computer at the time

Then maybe this should attach label like status: ready for merge

we could yeah

You loose the merger name in the git history though

if we auto-merged?

Yeah

'cause the bot would have merged it

I guess it could leave in the commit body the person that authorized the merge

I don't see a point in a ready for merge label

yeah, or we could not auto merge

GitHub's UI already shows this

@woeful thorn not if we are doing it for contrib reviews

we still need 2 reviews, but it will be marked as ready at 1, but we won't merge at 1

It's still not necessarily ready for merge

from the ping in #dev-core, it should be

1 core dev review & 1 contrib review should mean merge ready

But how do you count if someone is a contributor?

wdym?

You'd have a separate list or a gh team?

Any person that contributes is a contributor

Maybe DB with bot?

Ah, you aren't talking about auto merge

I saw do up there I thought someone invented a cursed Python language, that's crossed with Python and Lua.

!tempmute @bitter vigil 12h Please don't link drop across multiple channels, that is spam

:incoming_envelope: :ok_hand: applied mute to @bitter vigil until 2020-06-11 03:36 (11 hours and 59 minutes).

your github bot

needs to make up its mind

:o

unless thats 1 additional review?

@patent pivot

also if you update after a review, should you like re-request the review?

or just leave it

That looks right, a commit would invalidate a review

@crude gyro intentional

a commit invalidates the review so it wants two reviews again

oh wait

so it is additional reviews?

but it didn't remove the one review

it did

i just refreshed

that's annoying and not how a human might treat a commit.

oh yeah it did

hmmm

also if you update after a review, should you like re-request the review?
@clever wraith important question, i dont wanna bug people if i dont have to

cuz like i literally commited the changes joe suggested

but

let's say I approve a PR, but mention a few minor nitpicks that the author can decide to change. or not. then the author makes those changes. Why shouldn't my approval count?

I think dismissing stale reviews should be a human decision

that sounds sensible

hmm right, that's fair enough

so don't do anything on a commit?

and another thing

your bot is switching the labels when someone leaves changes requested

why? that's not an approval.

i didnt leave them requested thats the thing

well yeah, it does and then when it gets to no reviews required it flicks to waiting for author

hm. right.

i literally commited them both, so i dont understand why github is saying changes requested =/

it's not 2 approvals required it's 2 reviews required

I think it should be waiting for author the minute there's a changes requested

right, can do

do we still want a needs 1 review then after a requested changes?

it's not 2 approvals required it's 2 reviews required
@patent pivot

hang on. why isn't it the former?

we shouldn't be merging stuff before we have two approvals, specifically.

I mean, that's how we communicate that something is ready to merge

yeah, for sure, but this isn't for mergability, it's so reviewers know where to look

we can do the former

isn't it a little of both, though?

I mean,

off topic. but im semi confused. why does github still say joe wants changes ;-;

when you have one approval from a core dev and one from a contrib, isn't it supposed to put some sort of ready to merge label?

Because he has to re review

how is github supposed to know that you made the changes correctly?

joe needs to approve the changes you made

well.. i commited his exact changes

ELA didn't like a ready to merge label, and convinced me as well

so i just figured github would consider those are 'correct'

also if you update after a review, should you like re-request the review?
@clever wraith hence this

yeah, you can re-request the review

okay

yeah I read ELAs statements now and I agree too

anyway I'm just stream of conciousnessing

Spooky

sorry that it's a little nebulous

so flow looks like:

PR OPENED:
+ needs 2 reviews
+ status: needs review

1 REVIEW:
+ needs 1 review
+ status: waiting for author (assuming it's request changes)
+ status: needs review

2 REVIEWS:
- status: needs review
+ status: waiting for author (unless it's 2 approvals, in which case just remove all review labels)

okay. that seems reasonable to me

and we don't discount reviews if there were new commits

@clever wraith GitHub has an option to dismiss reviews when commits are made. We’ve disabled it because it’s really annoying

ohhh

but like. the exact commit?

it's not the review itself, but the fact i made the exact changes joe asked for, so how could he still be requestiing them

thats my thought process anyway

Any commit

dismissing reviews on commit is not very productive.

also apologies for label spamming your commit @clever wraith lol, just trying to crack this

xD its oki

wait

it means the same people have to keep coming back to click a button, often for no reason at all

what did you do

oh

nothin

should we dismiss the status: waiting for author on new commits?

i mean that'd make sense

okay @clever wraith rereviewed, think that's my final comment on the matter

also I'm just going to use your PR as a guinea pig for something

okay it worked, nice

:o

where did this come from

that was you being my guinea pig

I needed a new contrib to the repo

PRs will not be messy like this in future I promise

o

oki

:3

https://github.com/python-discord/bot/pull/957#discussion_r438384953 How I should test does this exit enough early?

I need help. Something went wrong when I updated branch from pydis master in https://github.com/python-discord/bot/pull/957 and now I have so much commits there.

Try changing the target branch to something other than master and back again

That should make github recalculate the diff

Thanks, this fixed that issue

I still see a bunch of commits

@cold moon You definitely duplicated your commits somehow. You need to fix this.

There are commits with the same message but different hashes.

Huh, I don't understand what went wrong...

Did you try to do a rebase?

I tried merge, but then something went wrong and this failed. Then I readed from Stackoverflow that I have to do rebase, so I did

You need to rebase to delete those duplicate commits, and then force push

Ok

I'm sorry that I've been ignoring my re command PR, I'm busy with other stuff right now. If someone is interested and knows the snekbox interface, feel free to take over.

markdown isn't properly escaped: https://discordapp.com/channels/267624335836053506/267659945086812160/720850568234663986

if someone could open an issue for this, that'd be great. i'm a bit busy at the moment

maybe also fix Flask to Django: https://discordapp.com/channels/267624335836053506/267659945086812160/720862086921453618

@tawdry vapor I have problem: When I use Sublime Merge for rebasing, I don't see duplicate commits.

Check out your branch again from the remote. Maybe even using git reset --hard

I don't use that program so I cannot help you with it

I see the duplicates in git log

Yes, I see them with log command too

Do a rebase from the command line

OK

@celest charm I might take over. Is it all detailed in the PR so far?

Yep, we decided to move the regex execution to the snekbox.

https://github.com/python-discord/bot/pull/952

ack, will crack on with the todo

Thanks!

the bot added a label twice

@clever wraith think I know why that bug happens, checking it

oki

https://github.com/python-discord/bot/pull/991/files#r438924530
not too sure what mark meant by having a scheme

http(s)...

o h

im just used to calling that a protocol

the s p a m

hmmmmm

why

my poor pr 🥺 👉 👈

why as in why is it doing that ?

it's trying to calculate what reviews are outstanding and somewhere it is slipping up

ohhh

there's a new check

codeql yeah

what's that

not required though

it's a security thing

o?

checks for SQL injection, unsafe decoding, etc.

made by github

ohhhhh

i signed the org for the beta and we got access like... yesterday

oh fun

okay I think I've fixed the waiting for author bug

So contrib reviews are now working fine or is it still in the process? Got one or two pre where I left it at a comment instead of a putting an approval after they were addressed

i wonder if i should pr a cooldown (deco) tag

cuz like there are so many d.py tags that'd be useful

the issue was that it calculates the number of approvals and number of outstanding requested changes. approvals was < 2 so it added waiting for author but requested changes was 0 so it tried to remove it. approvals now does not influence waiting for author, only requested changes does

ohhh

@brazen charm contrib reviews should be good to go. to keep github UI all working like anticipated we've kind of said that we'll keep the requirement at 2 but if a contrib reviews and approves then we'll give it a once over and add a core dev approval and merge with that

Not really a fan of having s tag for every dpy feature out there

Maybe in one day GitHub allow itself 1 write access approval and 1 contributor approval requirement.

potentially yeah

if github adds better permission granularity then we could look into having contribs in the org again

Not really a fan of having s tag for every dpy feature out there
@brazen charm
True but the basics? A basic command, how context works, things like that?

That'd be more fitting for the wiki imo

okay i updated your branch and things seem to have worked, it removed waiting for author since you have committed now

poggies

Hm what would make something good for a tag

I think if we keep things short it could go in the tag

the things for the wiki are like uhhh

we have some long ones let me find them

!starimports

!mutabledefaultargs

those ones for example

Can't say I like them

God those are huge...

yeah, they should be going on https://pythondiscord.com/pages/resources/guides

I don't think there's much purpose behind a tag that needs a conversation around it or a lot of followups, which would be pretty common with discordpy

(which we have internal issue for, migrating tags => wiki)

And people just sending tags as responses to questions should be considered

but we do want to have a big collection of tags on all sorts

ideal tag length is probably

3 or 4 lines

!global

Max

hmm that's a little long

!f-strings

Jesus no

!with

that's getting there

Or gotcha is fine imo

!relative-path

!orgotcha

yeah

Is it?

I mean that takes up the whole screen for me

On desktop even

Looks a bit worse when wrapped

So if I can make a tag for those that's short?

(the things I suggested{

Or would that still be better for the wiki

Discord should add collapsing code blocks

:o

Yes

We can have a tag and a wiki page

And have the tag link to the wiki page for more info

wait like.. a pydis wiki?

thats a thing?

So yeah, I'm okay with more tags for d.py tags

https://PythonDiscord.com/pages/resources/guides

that's a wiki system, helpers+ can add articles and stuff

how would someone use that... seeing as context is explained in the docs just..not well apparently

and ohh yeaaaa

I like GitLab's permission system more than GitHub's one. There is multiple levels.

Yeah gitlab permissions are nice (though sadly the rest is not)

lol

Let's combine GitLab + GitHub lol

xD

i love how the 2 requested reviewers didnt even

wait im guessing they're code owners?

We've got a group of core devs that get pulled from a list when a PR is made

So the ones who get requested may or may not be the ones who do the reviews

ohhh

More just trying to spread the work load around

also. what happened here
https://github.com/python-discord/bot/pull/991/commits/776f80fe53729d9c37aedd14784c81bc28c2e901

i at first thought it merged, but the pr is still open so-

Can't say I saw a lot of reviews from people on the prs where they were auto requested

It's currently blocked by another PR

so what was the commit tho?

i'm confused

Weird, I can see it now

https://github.com/python-discord/bot/pull/991/files

ye?

No I mean from your link I couldn't see the file at all

ohh

the commit didnt even change a file tho

master was merged into your branch so the pr can get marged into master

No I getcha now

oH

Oh right, so you can stay up to date

that makes sense

check any closed pr and that'll be the last commit if master got a commit while it was open

That or a rebase

so like why does that need to happen tho? i didnt touch another file that was edited

or is it just a thing done for all

You didn't, no, but other files in the main branch changed

And your copy needed to get those changes to catch up

why?

Consistency

hm

And to check if there's any conflicts

doesnt github say that tho?

O.o

If you did something to one file and one file only, that isn't to say that changes from someone else's merges wouldn't cause an issue with your file

Yes, but it still does that by merging under the hood

hm ok

GitHub spoils us in a lot of ways

it also calls me out for my force pushes >:(

Well. Yes

You're not a Jedi

You don't need to use the force

well it was either that or have a million commits, i was just amending one cuz i didnt realize i could use flake8 locally

Makes sense

cRaZyGmR101 FoRcE PuShEd FoUr TiMeS

so like, about the wiki, is there a way people can suggest to add to that or?

only helpers+ @clever wraith

i know helpers and up can add but is there no way to suggest?

i guess you could open an issue in the meta repo

oh, i didnt know that was a thing, alr

Maybe GitHub bot should not add any labels when PR is draft?

yeah that was a bug, we already adjusted it

Can we get https://github.com/python-discord/bot/pull/817 merged soon? I'd like that when some changes is made that user itself update test not that I have to update branch and then update tests.

It’s not like it’s sitting there on purpose

When were the github labels changed to the short versions?

Just now

Do you like it?

It seems to be a bit harder to understand when focusing on the invdividual tags

Don't know what it was before but I can't get the i/L on the difficulty

It was level

That one is probably the most confusing

And I am debating removing it, since "good first issue" is adequate in most cases

I think apart from the priority the codes or how to call them are not really needed that much

You mean the numbers?

the shortened names

so for example just waiting for author without the s:

I do agree but it's a way to keep them grouped in the label selection list

Maybe that doesn't matter 🤷‍♂️

Ah, not familiar with the interface on the other side

In here

I usually use the search bar anyway so IDK how important it really is to keep them sorted

out of context 1 - high could be confusing but I think things like tests , feature or the aforementioned waiting for author are clear if it doesn't need them for other reasons

Right

Not sure if the letters would have much meaning for someone looking at the issues for the first time or after a while for example

They never were intended to add meaning really, just to keep them sorted. Most labels have a clear meaning on their own, which is why I felt shortening the prefixes wouldn't hurt the understanding of the labels but shorten their length and improve overall readability on an issue with many labels

@tawdry vapor Jam cog tests review addressed

i need help

Hello, @clever wraith, what do you need help with?

uhm

i am working on the antimalware for bot

but, i need to see the whitelist of files

Are you working on our bot?

no

i am working on a new project

i just wanted to know, which files can be allowed

@hardy gorge any suggestion?

Hmm, that's mainly up to you. We have a whitelist in our bot's constants (https://git.pydis.com/bot), which you could ook at, but what you want to allow is ultimately up to you. In any case, this channel is to discuss contributing to our projects; it's not a general help channel.

ohk

@hardy gorge can u send me the link? i can't fiind the list.

https://github.com/python-discord/bot/blob/master/config-default.yml#L477-L503

paginator buttons are impossible to see on amoled mode on mobile

maybe a white stroke is in order?

Hmm, they are regular unicode emojis at the moment

Not custom emojis

Looks like Discord isn't handling that well in this color scheme

ah, fair

I'm not married to these specific emojis, although this set has logical variants for "first", "previous", "next", and "last"

At the same time, we're running into reaction rate limits with our paginator, so mabye we should just simplify the interface anyway

I think the bulk of our public paginated embeds only have 2-3 pages anyway, so only having a "previous" and "next" button would probably be fine

And, as most are restricted to #bot-commands for regular members, maybe we can even do away with the deletion option as well

That would bring the number of reactions we'd have to add for each paginated embed down to two

@mental estuary why are you spamming this video?

@mental estuary why are you spamming this video?
@woeful thorn this isn't a spam.

Hey @velvet sail, we don't allow recruitment on our server. Also, this channel is meant for discussion about Python Discord projects.

oh

sorry about that

@green oriole why is https://github.com/python-discord/bot/pull/892 stalled again?

You mentioned something about PATCH requests but I was unclear as to why

@tawdry vapor About source command, can you now try again. Old solution worked well for me (MacOS), but now I made changes and these work too for me.

Yeah it works, thanks

@patent pivot I think it was because we wanted to reschedule the failed message deletions, so we need to update the database entry iirc

Ah yeah opened an issue

is there a traceback for https://github.com/python-discord/bot/issues/908 ?

looking into it

@brazen charm added to issue 👍

Thanks

About https://github.com/python-discord/bot/issues/1011, maybe should this use run_until_complete instead create_task?

I got such info that GitHub is already working on custom permission roles, but currently they don't know when this will be ready.

No that won't work since the loop is already running I think

the thing is with github permissions

even if they add more granularity it's going to be difficult to manage

one of the concerns we had was that a contributor could force push over another contributors branch and stuff along those lines, as well as managing issues and PRs which could also be not optimal (especially if it went through the GitHub API and such)

We'll see what they implement but personally I think write permissions for 3rd party members is a risk with little benefit (forks aren't that bad)

I hope that this is like you can choose permissions one by one for every role and then when you assign role to user, and then user have permissions that this role provide.

From a contributor standpoint, what would the perks of being in the organisation be?

So contributors should have like approve and require changes permissions.

Contributors can practically do that now

yeah, that's something we're hoping to implement through the github bot anyway

if we see a PR which has two approvals with at least 1 being from a core dev we will merge it

OK, this is new for me

yep, we're just working some bot technicalities out (right now it still all runs on my laptop) and then I'll probably ping all contribs

Not sure is this already implemented, but maybe should bot notify PR authors with long inactivity when changes requested.

We could look into that

We add the waiting for author label when changes are requested

Can just subscribe through GH and get it to your inbox

I don't really like the idea of adding automated nagging

It's not really our responsibility to plan our contributors time for them

But this should notify when this is like 3 months+ inactivity with waiting for author label.

so i can merge if there's 1 approval from a non core dev and the other from a core dev?

@sullen phoenix yes, a brief look over should be done but providing there are no outstanding requested changes that's fine

hm wonder why ks's requested changes didn't count there

I think GitHub api is returning some odd things

on my PR? it says suggested changes

maybe it's treated different for contribs?

yeah

hah

nope

it was just my abysmal wifi speeds

I re-queued the labeller and it went through

big scary button

lol

so yeah @cold moon, your requested changes there put the PR into a waiting for author state

excellent, but what resolves the s: waiting for author tag then? is it when ks approves?

I think when new commits come

when additional commits are added

yeah

mm ok

However

is it possible to make sure all suggestions are resolved?

hmmm

I think it'd make more sense on all suggestions resolved rather than new commits

yeah

since I'll still do that but it's more conscious

new commit doesn't imply all is resolved

things may even be worse now

like here https://github.com/python-discord/seasonalbot/pull/419

yeah

Suggestion resolution isn't going to be deterministic enough, ignoring that GitHub's automatic detection is sometimes wrong, there can also be changes not tied to specific lines of code

Commits are probably the least worst reliable option

there is no way to remove the tag add/remove event from the PR timeline right?

No

because if I push a commit and then manually set back to waiting for author on my own PR to communicate that I'm not done, it will still have the visual noise of fighting the bot

when looking through review comments the API does not return the resolved state

so I have no idea how that is calculated

Maybe this should remove it when requester approve?

I'll look into altering the logic

just lint before you push :)

looking around at other projects

this is how cpython handles rerequesting reviews

https://github.com/python-discord/bot/issues/1005 How to recreate this situation for testing?

During solving https://github.com/python-discord/bot/issues/1011, I found one bigger issue: Bot.http_session is already closed before L99 at bot.py, because dpy's own Bot.close closes their internal session, but these sessions share same connectors, what means that both sessions will be closed. I tried waiting for access token revoke task finish, before L99, but session is already closed there. And I can't put this before await super().close() because there this unload cogs what mean task is not available before it.

I have problem: When I use docker-compose up then web is missing some migrations, like avatar_hash removal.

@cold moon Ah sorry about that (the resolved conversation), that's annoying

mmm I'm not particularly excited about contribs not being able to do that

Contributors should at least have ability to mark resolved their own reviews, but GH permissions system is not best.

yeah definitely

I marked the constants one as resolved as well then, although joe commented there too

👍

But can anyone help me with this missing migrations when using Docker? https://canary.discordapp.com/channels/267624335836053506/635950537262759947/723818471762296985

I'll look into a better way to mark reviews as resolved @cold moon

Maybe adding a thumbs up reaction could do it

Providing you either authored the comment or are the owner of the PR

You can do it normally if you're the owner

Ah

Anyone have ideas how to solve https://canary.discordapp.com/channels/267624335836053506/635950537262759947/723804876123144294 ? Bot.close (dpy) automatically closing Bot.http_session don't let wait until revoke task is complete (session is already closed)

I dunno, you need to find a way to block in cog_unload until the task finishes

The http session isn't closed until all cog_unloads have been called

https://paste.pythondiscord.com/etoloyahuw.py

cogs are unloaded in commands.Bot, and session is closed in discord.Client

I dunno, that may be useless since the bot awaits super

Problem is that await super().close() closes self.http_session

Have cog_unload put the task in some collection and then do an asyncio.gather in close before awaiting super.close

That's a little clumsy but I guess it would work

await super().close() is unloading cogs.

Righttttttttt

The task could just be added to the list in __init__

But I don't know if that may cause "unawaited coroutine" warnings

Alternatively, the close code from commands.Bot could be copy-pasted and then you'd have control over order of execution

But then to inherit Client's close, is this super().super().close()?

No

super(Client, self).close()

Oh, okay

@tawdry vapor Unresolved attribute reference 'close' for class 'object' I get this with await super(discord.Client, self).close().

I believe you want the Bot there if bot inherits from Client

Thanks, this worked.

So how are you doing it?

Are you putting it in __init__?

I don't know what a good solution is

Basically I created new Bot variable self.closing_tasks: List[asyncio.Task] = [] what this is awaiting on close. I will push changes and PR soon, more details there.

But the task should still happen in cog_unload too

That's the problem

Normally, create_task is fine. But it's not when the bot is shutting down

We want the same thing to happen when the bot closes as when the cog is manually unloaded

This is creating it in cog_unload and appending to list.

I don't know how you're doing it then

I feel like the implementation should be properly discussed in the issue

PR created. I'm going to sleep now.

I'd appreciate some discussion on this https://github.com/python-discord/bot/issues/800#issuecomment-647047778

Not sure what the actual problem is and if it's just with my setup but how does the mixed line endings precommit work?
It always fails in some cases, like currently when I'm trying to do a partial commit from pycharm, but when I view the line endings they are all CRLF. Running pipenv lint changes the endings everywhere and creates a diff

The hook doesn't do anything fancy

It just goes through every line in the file and gets the frequency of each ending

I think what's happening is that it forces LF endings

changing pycharm to use lf doesn't seem to be having any effect, but it does switch back to CRLF after it fails so I don't really know what's going on there

99% of the time I let it fail once to do its whatever and then it runs fine but this partial commit seems to break it in some way (pycharm switching out files?)

Try setting core.eol to lf and core.autocrlf to input

Or maybe set autocrlf to false 🤷‍♂️

changing it to input along with the eol seems to have worked (at least for the commit I was having trouble with), thanks

I believe I asked this before but is there any stance on naming/structuring the git(hub) stuff?

With commits I've been trying to be more descriptive because I've found myself wondering about what's something for and the blame not helping at all but it sometimes feels like I'm leaning into the implementation there, is that alright to go a bit into?

Then I've seen some coredevs structure their branch names according to the issue/feature they've been working on; guess this is more curiousity since it doesn't show up almost anywhere from a fork, but is that just a preference or does it go from some form of a guideline?

it's just preference really

on the master repo it's nice to try keep things tidy so we each have a way of claiming a branch as ours or relating to an issue

we do prefer more descriptive commits though, we don't squash and maintaining a nice blame is useful

we had the ban messages fix recently where ban messages were being sent after the user was banned and it was hard to track that down and there was no commit to revert so there's an example of why we prefer smaller but more commits

@brazen charm trying to understand the review dismissal stuff, is this the kind of review where you don't see resolve? https://cdn.seph.club/discord/😪😌😀🙉.png

Yes https://i.imgur.com/Tj1FZ3u.png

Hm, that is irritating

I guess since the PR author can resolve we can leave it to them or core devs https://cdn.seph.club/discord/😹🙈🙇😄.png

but that is irritating

lmao i just clicked accidentally the pencil icon of a file from python-discord/bot and it got forked to my account

sheeeeeeeeeeeeeeeeet

lol

Even worse, that will happen if you just press "e" on your keyboard

github must fix that somehow

if you click edit to a file and you didn't actually edit it don't fork it

meanwhile in bot/bot/cogs/filtering.py

lol

gdudes-pony-farm

lemon got angry at around fuckery I think

someone changed it to that from aroundfuckery

okay so in cogs/filtering.py i found this line of code py from bot.constants import ( Channels, Colours, Filter, Icons, URLs )
but i don't know where is bot.constants located

bot is the top level package, so it'll be in the dir next to main

you mean bot/bot/bot.py?

lol how many bots

https://github.com/python-discord/bot/blob/master/bot/constants.py

oh 🤔

okay thanks ela

i was struggling 10 minutes straight

someone changed it to that from aroundfuckery
We did have a really important talk about this haha

As the boss said #ot0-psvm’s-eternal-disapproval message

hey @cold moon, available for a chat?

i'm wondering why the test for send_private_embed fails for you when you remove the if statement

I don't think it should and I cannot replicate it

for all 4 test cases, the await args to user.send look like this:

Calls: call(embed=<discord.embeds.Embed object at 0x7f74f9bef5e0>)
Calls: call(embed=<discord.embeds.Embed object at 0x7f74f9bef5e0>)
Calls: call(embed=<discord.embeds.Embed object at 0x7f74f9bef5e0>)
Calls: call(embed=<discord.embeds.Embed object at 0x7f74f9bef5e0>)

I can also step through the tested function & confirm that the return gets awaited in every case

there's also await_count which is exactly 1 for each case

Interesting that my result is different. Also test_first_fail_second_success_user_post_infraction is failing for me locally too, but success in CI. Maybe problem is in my computer.

And await_count is 0 for all cases what raise error.

that's very strange

not sure what to make of it

if tests fail locally but not in CI there's something odd happening and you need to figure out what that is

@tough imp I tried in my Linux computer too, but there this fail too. I don't understand what is wrong.

What's the pr number?

817

test_first_fail_second_success_user_post_infraction is failing with:

AssertionError: Awaits not found.
Expected: [call('bot/infractions', json={'actor': <MagicMock name='mock.message.author.id' id='4466251904'>, 'hidden': False, 'reason': 'Test reason', 'type': 'mute', 'user': 1234, 'active': True}),
 call('bot/infractions', json={'actor': <MagicMock name='mock.message.author.id' id='4466251904'>, 'hidden': False, 'reason': 'Test reason', 'type': 'mute', 'user': 1234, 'active': True})]
Actual: [call('bot/infractions', json={'actor': <MagicMock name='mock.message.author.id' id='4466251904'>, 'hidden': False, 'reason': 'Test reason', 'type': 'mute', 'user': 1234, 'active': True})]

so again missing await on exception I think.

Didn't look through the module but the tests pass when I remove the discussed condition. If you don't have anything staged try resetting to the remote

@brazen charm I reset to remote, but test_first_fail_second_success_user_post_infraction fail however.

Looks like that this don't count await that have raised exception as call.

I found this:

import asyncio
from unittest.mock import AsyncMock

my_mock = AsyncMock(side_effect=ValueError('test'))
try:
    asyncio.run(my_mock())
except ValueError:
    pass
print(my_mock.await_count)

print out 0, but:

import asyncio
from unittest.mock import AsyncMock

my_mock = AsyncMock()
try:
    asyncio.run(my_mock())
except ValueError:
    pass
print(my_mock.await_count)

print 1. This don't affect MagicMock. Tested using eval command.

This looks like Python bug.

hello guys

i wnt to ask one thing i was just reading py bot code for mute command

there no db is used

so incase bot goes off

how u manage to get time

to unmute

plz correct me if i am wrong

We do store it into the database

The function right here does that https://github.com/python-discord/bot/blob/master/bot/cogs/moderation/utils.py#L60

@tough imp Problem resolved. My both computers was using Python 3.8.0, but this bug fix was released in 3.8.1, this was reason why these tests failed for me.

excellent, that's good to know

I'll try to make time to look at your PR again tonight

@green oriole for same it does with help channel also?

I don't know about help channels though

I think they are just backed by a redis dict, or discovered at startup

Claimants are backed by a Redis dict, the times are figured out on startup though

redis dict hmmm

i will look at this

heres the source for the redis wrapper we use

https://github.com/python-discord/bot/blob/master/bot/utils/redis_cache.py

ty

sorry if it feels like non sense question but y u all prefer redis dict instead of storing in db

someone will correct me if I'm wrong but we use Redis as it lets us store in memory as a cache as well as store in physical storage as needed

oooo means it store same thing at two places

I think its mainly for convenience, storing key:value pairs of simple types that get updated/popped/read frequently has less overhead this way than making site api calls everytime, plus creating a new mapping in redis takes no effort in contrast with setting up a new table/schema in postgres

basically its almost as easy as making a new dict

so development can move a lot faster as well and stays in one repo

makes sense ty for your explanation

@exotic ember @green mesa

correct me if I'm wrong

Well I don't think you're wrong, but it's a little misleading to say that we're storing it in two places. The RedisCache is just a direct interface for a database, there's no in-memory caching. Redis is a so-called schemaless database (sort of like a python dictionary), which means that we can store whatever we want in it without setting up a table first.

Basically the bot needs to be able to store two different kinds of data.

1. Complex data that is important to retain, such as infractions. Because it's important that we keep this data forever, we need to store it in a safe place and make regular backups. This is what we use the relational database for (we use postgres). This data can also have relationships to other objects, for instance an infraction is related to user who got the infraction.

2. Ephemeral and simple data, such as who claimed a certain help channel. This is data that will only be relevant for a short time, and that we don't care about making backups of. If we lose this data, it has no serious consequences. For this, we use the schemaless Redis database.

To manage the second type of data in Redis, we created this convenient interface called RedisCache. Every time you get data via a RedisCache, you're making a Redis lookup, so nothing is actually stored in the bot memory for very long.

ty for this info

this is really helpful

We will probably have future usage for redis outside of Redis cache

redis supports lists and stuff which would come in handy

hmm

Hi. I have a question about the configuration of the seasonalbot in PyCharm (version 2020.1.2).
I have already done all the steps explained in the Seasonalbot's Wiki.
Now PyCharm is still telling me that "Package requirement 'discord-py==1.3.3' is not satisfied.
I checked the module version in Pipenv settings and it tells me that discord.py = 1.3.3.
When I edit the Pipfile and change "discord-py" to "discord.py" then the message in PyCharm is gone.
Also PyCharm complains that the module "aiohttp" is not listed in the requirements.
When I put that module also in the Pipfile, then this message is also gone.

I have two questions about that:
Do I have to edit the Pipfile in order to not get those messages, or can I just ignore them?
Is there a difference between "discord-py" and "discord.py"?

I'm not sure about aiohttp but the discord one is a bug

Ah, okay. A bug where? PyCharm?

yeah I think so

if you run pipenv --venv in the project directory it will show you where the venv is located in your system

instead of using the pipenv integration in pycharm you can select that you want to use an existing virtualenv and select the python at the path shown by the command above

Okay, I tried a few things.
Appart from the message in PyCharm showing up everything seems to work fine.
I guess I'll just ignore the message for now.
Thank you

the approach above will make it read the venv correctly but yeah if it doesnt bother you then it doesnt affect the code in any way

you may lose out on some static analysis or autocomplete, not sure