10webio · saghatelian · Oct 24, 2023 · Oct 24, 2023 · Oct 25, 2023 · Oct 25, 2023
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -24,6 +24,6 @@
 
 /superset-frontend/cypress-base/ @jinghua-qa @geido @eschutho @rusackas @betodealmeida
 
-# Notify PMC members of changes to Github Actions
+# Notify PMC members of changes to GitHub Actions
 
 /.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,12 @@
+---
+blank_issues_enabled: false
+contact_links:
+ - name: Feature Request
+ url: https://github.com/apache/superset/discussions/new?category=ideas
+ about: Propose a feature request to the Superset community
+ - name: Q&A
+ url: https://github.com/apache/superset/discussions/new?category=q-a-help
+ about: Open a community Q&A thread on GitHub Discussions
+ - name: Slack
+ url: https://bit.ly/join-superset-slack
+ about: Join the Superset Community on Slack for other discussions and assistance
diff --git a/.github/ISSUE_TEMPLATE/sip.md b/.github/ISSUE_TEMPLATE/sip.md
@@ -1,13 +1,13 @@
 ---
 name: SIP
-about: "Superset Improvement Proposal. See [here](https://github.com/apache/superset/issues/5602) for details."
+about: "Superset Improvement Proposal. See SIP-0 (https://github.com/apache/superset/issues/5602) for details. A SIP introduces any major change into Apache Superset's code or process."
 labels: sip
 title: "[SIP] Your Title Here (do not add SIP number)"
-asignees: "apache/superset-committers"
+assignees: "apache/superset-committers"
 ---
 
 *Please make sure you are familiar with the SIP process documented*
-(here)[https://github.com/apache/superset/issues/5602]. The SIP will be numbered by a committer upon acceptance.
+[here](https://github.com/apache/superset/issues/5602). The SIP will be numbered by a committer upon acceptance.
 
 ## [SIP] Proposal for ...<title>
 

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,38 @@
+# Security Policy
+
+This is a project of the [Apache Software Foundation](https://apache.org) and follows the
+ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+## Reporting Vulnerabilities
+
+**⚠️ Please do not file GitHub issues for security vulnerabilities as they are public! ⚠️**
+
+
+Apache Software Foundation takes a rigorous standpoint in annihilating the security issues
+in its software projects. Apache Superset is highly sensitive and forthcoming to issues
+pertaining to its features and functionality.
+If you have any concern or believe you have found a vulnerability in Apache Superset,
+please get in touch with the Apache Superset Security Team privately at
+e-mail address [security@superset.apache.org](mailto:security@superset.apache.org).
+
+More details can be found on the ASF website at
+[ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability)
+
+We kindly ask you to include the following information in your report:
+- Apache Superset version that you are using
+- A sanitized copy of your `superset_config.py` file or any config overrides
+- Detailed steps to reproduce the vulnerability
+
+Note that Apache Superset is not responsible for any third-party dependencies that may
+have security issues. Any vulnerabilities found in third-party dependencies should be
+reported to the maintainers of those projects. Results from security scans of Apache
+Superset dependencies found on its official Docker image can be remediated at release time
+by extending the image itself.
+
+**Your responsible disclosure and collaboration are invaluable.**
+
+## Extra Information
+
+ - [Apache Superset documentation](https://superset.apache.org/docs/security)
+ - [Common Vulnerabilities and Exposures by release](https://superset.apache.org/docs/security/cves)
+ - [How Security Vulnerabilities are Reported & Handled in Apache Superset (Blog)](https://preset.io/blog/how-security-vulnerabilities-are-reported-and-handled-in-apache-superset/)
diff --git a/.github/workflows/chromatic-master.yml b/.github/workflows/chromatic-master.yml
@@ -1,5 +1,5 @@
 # .github/workflows/chromatic.yml
-# seee https://www.chromatic.com/docs/github-actions
+# see https://www.chromatic.com/docs/github-actions
 #
 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements. See the NOTICE file distributed with

diff --git a/.github/workflows/codecov.sh b/.github/workflows/codecov.sh
@@ -174,7 +174,7 @@ cat << EOF
 
  -c Move discovered coverage reports to the trash
  -z FILE Upload specified file directly to Codecov and bypass all report generation.
- This is inteded to be used only with a pre-formatted Codecov report and is not
+ This is intended to be used only with a pre-formatted Codecov report and is not
  expected to work under any other circumstances.
  -Z Exit with 1 if not successful. Default will Exit with 0
 
@@ -1152,7 +1152,7 @@ fi
 
 if [ "$ft_search" = "1" ];
 then
- # detect bower comoponents location
+ # detect bower components location
  bower_components="bower_components"
  bower_rc=$(cd "$git_root" && cat .bowerrc 2>/dev/null || echo "")
  if [ "$bower_rc" != "" ];

diff --git a/.github/workflows/docker-ephemeral-env.yml b/.github/workflows/docker-ephemeral-env.yml
@@ -18,8 +18,6 @@ jobs:
  shell: bash
  run: |
  if [ -n "${{ (secrets.AWS_ACCESS_KEY_ID != '' &&
- secrets.AWS_ACCESS_KEY_ID != '' &&
- secrets.AWS_SECRET_ACCESS_KEY != '' &&
  secrets.AWS_SECRET_ACCESS_KEY != '') || '' }}" ]; then
  echo "has-secrets=1" >> "$GITHUB_OUTPUT"
  echo "has secrets!"

diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -6,7 +6,6 @@ on:
 jobs:
  config:
  runs-on: "ubuntu-latest"
- if: github.event.pull_request.draft == false
  outputs:
  has-secrets: ${{ steps.check.outputs.has-secrets }}
  steps:
@@ -30,9 +29,14 @@ jobs:
  persist-credentials: false
  submodules: recursive
  ref: ${{ github.ref }}
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v1
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
  - shell: bash
  env:
  DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
  DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
  run: |
- .github/workflows/docker_build_push.sh
+ GITHUB_RELEASE_TAG_NAME="${{ github.event.release.tag_name }}"
+ ./scripts/docker_build_push.sh "$GITHUB_RELEASE_TAG_NAME"
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -10,7 +10,6 @@ on:
 jobs:
  config:
  runs-on: "ubuntu-latest"
- if: github.event.pull_request.draft == false
  outputs:
  has-secrets: ${{ steps.check.outputs.has-secrets }}
  steps:
@@ -36,21 +35,31 @@ jobs:
  uses: actions/checkout@v3
  with:
  persist-credentials: false
-
+ - name: Set up QEMU
+ uses: docker/setup-qemu-action@v1
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@v1
  - shell: bash
  env:
  DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
  DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
  run: |
- .github/workflows/docker_build_push.sh
+ ./scripts/docker_build_push.sh
 
  - name: Build ephemeral env image
  if: github.event_name == 'pull_request'
  run: |
  mkdir -p ./build
  echo ${{ github.sha }} > ./build/SHA
  echo ${{ github.event.pull_request.number }} > ./build/PR-NUM
- DOCKER_BUILDKIT=1 docker build --target ci -t ${{ github.sha }} -t "pr-${{ github.event.pull_request.number }}" .
+ docker buildx build --target ci \
+ --load \
+ --cache-from=type=local,src=/tmp/superset \
+ -t ${{ github.sha }} \
+ -t "pr-${{ github.event.pull_request.number }}" \
+ --platform linux/amd64 \
+ --label "build_actor=${GITHUB_ACTOR}" \
+ .
  docker save ${{ github.sha }} | gzip > ./build/${{ github.sha }}.tar.gz
 
  - name: Upload build artifacts

diff --git a/.github/workflows/ecs-task-definition.json b/.github/workflows/ecs-task-definition.json
@@ -25,8 +25,12 @@
  "value": "8080"
  },
  {
- "name": "SUPERSET_SECRET_KEY",
- "value": "super-secret-for-ephemerals"
+ "name": "SUPERSET_SECRET_KEY",
+ "value": "super-secret-for-ephemerals"
+ },
+ {
+ "name": "TALISMAN_ENABLED",
+ "value": "False"
  }
  ],
  "mountPoints": [],

diff --git a/.github/workflows/embedded-sdk-test.yml b/.github/workflows/embedded-sdk-test.yml
@@ -8,7 +8,6 @@ on:
 
 jobs:
  embedded-sdk-test:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  defaults:
  run:

diff --git a/.github/workflows/prefer-typescript.yml b/.github/workflows/prefer-typescript.yml
@@ -1,4 +1,4 @@
-name: Prefer Typescript
+name: Prefer TypeScript
 
 on:
  push:
@@ -9,7 +9,7 @@ on:
 jobs:
  prefer_typescript:
  if: github.ref == 'ref/heads/master' && github.event_name == 'pull_request'
- name: Prefer Typescript
+ name: Prefer TypeScript
  runs-on: ubuntu-latest
  permissions:
  contents: read

diff --git a/.github/workflows/superset-applitool-cypress.yml b/.github/workflows/superset-applitool-cypress.yml
@@ -40,7 +40,7 @@ jobs:
  APPLITOOLS_BATCH_NAME: Superset Cypress
  services:
  postgres:
- image: postgres:14-alpine
+ image: postgres:15-alpine
  env:
  POSTGRES_USER: superset
  POSTGRES_PASSWORD: superset

diff --git a/.github/workflows/superset-cli.yml b/.github/workflows/superset-cli.yml
@@ -9,7 +9,6 @@ on:
 
 jobs:
  test-load-examples:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:
@@ -21,7 +20,7 @@ jobs:
  SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
  services:
  postgres:
- image: postgres:14-alpine
+ image: postgres:15-alpine
  env:
  POSTGRES_USER: superset
  POSTGRES_PASSWORD: superset

diff --git a/.github/workflows/superset-e2e.yml b/.github/workflows/superset-e2e.yml
@@ -11,7 +11,6 @@ on:
 
 jobs:
  cypress-matrix:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  permissions:
  contents: read
@@ -34,7 +33,7 @@ jobs:
  GITHUB_TOKEN: ${{ github.token }}
  services:
  postgres:
- image: postgres:14-alpine
+ image: postgres:15-alpine
  env:
  POSTGRES_USER: superset
  POSTGRES_PASSWORD: superset

diff --git a/.github/workflows/superset-frontend.yml b/.github/workflows/superset-frontend.yml
@@ -10,7 +10,6 @@ on:
 
 jobs:
  frontend-build:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  steps:
  - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"

diff --git a/.github/workflows/superset-python-integrationtest.yml b/.github/workflows/superset-python-integrationtest.yml
@@ -10,7 +10,6 @@ on:
 
 jobs:
  test-mysql:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:
@@ -76,7 +75,6 @@ jobs:
  bash .github/workflows/codecov.sh -c -F python -F mysql
 
  test-postgres:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:
@@ -88,7 +86,7 @@ jobs:
  SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@127.0.0.1:15432/superset
  services:
  postgres:
- image: postgres:14-alpine
+ image: postgres:15-alpine
  env:
  POSTGRES_USER: superset
  POSTGRES_PASSWORD: superset
@@ -143,7 +141,6 @@ jobs:
  bash .github/workflows/codecov.sh -c -F python -F postgres
 
  test-sqlite:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:

diff --git a/.github/workflows/superset-python-misc.yml b/.github/workflows/superset-python-misc.yml
@@ -10,7 +10,6 @@ on:
 
 jobs:
  python-lint:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:
@@ -50,7 +49,6 @@ jobs:
  run: pylint -j 0 superset
 
  pre-commit:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:
@@ -88,10 +86,14 @@ jobs:
  echo "HOMEBREW_REPOSITORY=$HOMEBREW_REPOSITORY" >>"${GITHUB_ENV}"
  brew install norwoodj/tap/helm-docs
  - name: pre-commit
- run: pre-commit run --all-files
+ run: |
+ if ! pre-commit run --all-files; then
+ git status
+ git diff
+ exit 1
+ fi
 
  babel-extract:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:

diff --git a/.github/workflows/superset-python-presto-hive.yml b/.github/workflows/superset-python-presto-hive.yml
@@ -10,7 +10,6 @@ on:
 
 jobs:
  test-postgres-presto:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:
@@ -23,7 +22,7 @@ jobs:
  SUPERSET__SQLALCHEMY_EXAMPLES_URI: presto://localhost:15433/memory/default
  services:
  postgres:
- image: postgres:14-alpine
+ image: postgres:15-alpine
  env:
  POSTGRES_USER: superset
  POSTGRES_PASSWORD: superset
@@ -87,7 +86,6 @@ jobs:
  bash .github/workflows/codecov.sh -c -F python -F presto
 
  test-postgres-hive:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:
@@ -101,7 +99,7 @@ jobs:
  UPLOAD_FOLDER: /tmp/.superset/uploads/
  services:
  postgres:
- image: postgres:14-alpine
+ image: postgres:15-alpine
  env:
  POSTGRES_USER: superset
  POSTGRES_PASSWORD: superset
@@ -134,7 +132,7 @@ jobs:
  run: sudo chown -R $USER:$USER /tmp/.superset
  - name: Start hadoop and hive
  if: steps.check.outcome == 'failure'
- run: docker-compose -f scripts/databases/hive/docker-compose.yml up -d
+ run: docker compose -f scripts/databases/hive/docker-compose.yml up -d
  - name: Setup Python
  if: steps.check.outcome == 'failure'
  uses: actions/setup-python@v4

diff --git a/.github/workflows/superset-python-unittest.yml b/.github/workflows/superset-python-unittest.yml
@@ -10,7 +10,6 @@ on:
 
 jobs:
  unit-tests:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix:

diff --git a/.github/workflows/superset-translations.yml b/.github/workflows/superset-translations.yml
@@ -9,7 +9,6 @@ on:
 
 jobs:
  frontend-check:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  steps:
  - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
@@ -31,7 +30,6 @@ jobs:
  npm run check-translation
 
  babel-extract:
- if: github.event.pull_request.draft == false
  runs-on: ubuntu-20.04
  strategy:
  matrix: