Merge remote-tracking branch 'upstream/main' into 11168_clean_unused_…

…glossary_languages

.github/workflows/docs.yml

@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-name: Docs
+name: Documentation
 
 on:
   push:
@@ -44,38 +44,3 @@ jobs:
       with:
         name: Documentation
         path: docs/_build/html
-
-  linkcheck:
-    runs-on: ubuntu-24.04
-    name: Linkcheck
-
-    steps:
-    - uses: actions/checkout@v4
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.12'
-    - uses: astral-sh/setup-uv@v3
-    - name: Install apt dependencies
-      run: |
-        sudo apt update
-        sudo apt install -y graphviz
-    - name: Install Python dependencies
-      run: |
-        uv pip install --system -r docs/requirements.txt
-    - name: Sphinx linkcheck
-      run: |
-        ./ci/run-docs linkcheck
-    - name: Sphinx linkcheck collect
-      if: always()
-      run: |
-        echo "::add-matcher::.github/matchers/sphinx-linkcheck.json"
-        echo "::add-matcher::.github/matchers/sphinx-linkcheck-warn.json"
-        sed 's@^@docs/@' docs/_build/linkcheck/output.txt
-        echo "::remove-matcher owner=sphinx::"
-        echo "::remove-matcher owner=sphinx-warn::"
-    - uses: actions/upload-artifact@v4.4.0
-      if: always()
-      with:
-        name: Linkcheck report
-        path: docs/_build/linkcheck/output.txt

.github/workflows/fossa.yml

@@ -0,0 +1,31 @@
+# Copyright © Michal Čihař <michal@weblate.org>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: FOSSA
+
+on:
+  push:
+    branches:
+    - main
+
+permissions:
+  contents: read
+
+jobs:
+  fossa-scan:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout Code
+      uses: actions/checkout@v3
+
+    - name: Run FOSSA Scan
+      uses: fossas/fossa-action@v1.4.0
+      with:
+        api-key: ${{secrets.fossaApiKey}}
+
+    - name: Run FOSSA Test
+      uses: fossas/fossa-action@v1.4.0
+      with:
+        api-key: ${{secrets.fossaApiKey}}
+        run-tests: true

.github/workflows/linkcheck.yml

@@ -0,0 +1,58 @@
+# Copyright © Michal Čihař <michal@weblate.org>
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: Linkcheck
+
+on:
+  push:
+    paths:
+    - docs/**.rst
+    - docs/requirements.txt
+    - .github/workflows/linkcheck.yml
+  pull_request:
+    paths:
+    - docs/**.rst
+    - docs/requirements.txt
+    - .github/workflows/linkcheck.yml
+  schedule:
+  - cron: 30 5 * * *
+
+permissions:
+  contents: read
+
+jobs:
+  linkcheck:
+    runs-on: ubuntu-24.04
+    name: Linkcheck
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+    - uses: astral-sh/setup-uv@v3
+    - name: Install apt dependencies
+      run: |
+        sudo apt update
+        sudo apt install -y graphviz
+    - name: Install Python dependencies
+      run: |
+        uv pip install --system -r docs/requirements.txt
+    - name: Sphinx linkcheck
+      run: |
+        ./ci/run-docs linkcheck
+    - name: Sphinx linkcheck collect
+      if: always()
+      run: |
+        echo "::add-matcher::.github/matchers/sphinx-linkcheck.json"
+        echo "::add-matcher::.github/matchers/sphinx-linkcheck-warn.json"
+        sed 's@^@docs/@' docs/_build/linkcheck/output.txt
+        echo "::remove-matcher owner=sphinx::"
+        echo "::remove-matcher owner=sphinx-warn::"
+    - uses: actions/upload-artifact@v4.4.0
+      if: always()
+      with:
+        name: Linkcheck report
+        path: docs/_build/linkcheck/output.txt

.github/workflows/test.yml

@@ -31,23 +31,23 @@ jobs:
         database: [postgresql]
         experimental: [false]
         include:
-          # Reduced testing for mysql
-        - python-version: 3.11
+        # Reduced testing for mysql
+        - python-version: '3.11'
           requirements: latest
           database: mysql
           experimental: false
-          # Reduced testing for mariadb
-        - python-version: 3.11
+        # Reduced testing for mariadb
+        - python-version: '3.11'
           requirements: latest
           database: mariadb
           experimental: false
-          # Reduced testing for minimal deps
+        # Reduced testing for minimal deps
         - python-version: '3.11'
           requirements: minimal
           database: postgresql
           experimental: false
-          # Reduced testing for edge deps
-        - python-version: 3.11
+        # Reduced testing for edge deps
+        - python-version: '3.11'
           requirements: edge
           database: postgresql
           experimental: true

ci/apt-install

@@ -30,7 +30,7 @@ apt-get install -y \
     git-svn \
     gnupg \
     subversion \
-    postgresql-client-16 \
+    postgresql-client-17 \
     pkg-config \
     libxml2-dev \
     libacl1-dev \

docs/api.rst

@@ -11,6 +11,16 @@ The API is accessible on the ``/api/`` URL and it is based on
 `Django REST framework <https://www.django-rest-framework.org/>`_.
 You can use it directly or by :ref:`wlc`.
 
+The API is also documented using OpenAPI 3.0 on the ``/api/schema/`` URL, you
+can browse it using Swagger at ``/api/schema/swagger-ui/`` or Redoc at
+``/api/schema/redoc/``.
+
+.. note::
+
+   OpenAPI is available as a feature preview. The documentation is most likely
+   incomplete at this point and subject to change. Please consult the
+   documentation below for more detailed information on the API.
+
 .. _api-generic:
 
 Authentication and generic parameters

docs/changes.rst

@@ -17,6 +17,7 @@ Not yet released.
 * :ref:`mt-aws` now supports :ref:`glossary-mt`.
 * :ref:`autofix` for Devanagari danda now better handles latin script.
 * :ref:`autofix` for French and Breton now uses a non-breaking space before colons instead of a narrow one.
+* :ref:`api` now has a preview OpenAPI specification.
 * Stale, empty glossaries are now automatically removed.
 
 **Bug fixes**

pyproject.toml

@@ -32,7 +32,7 @@ dependencies = [
   "certifi>=2024.8.30",
   "charset-normalizer>=2.0.12,<4.0",
   "crispy-bootstrap3==2024.1",
-  "cryptography>=42.0.2",
+  "cryptography>=42.0.4",
   "cssselect>=1.2,<1.3",
   "Cython>=3.0.0,<3.1",
   "cyrtranslit>=1.1.0,<1.2.0",
@@ -48,7 +48,8 @@ dependencies = [
   "django-otp>=1.5.2,<2.0",
   "django-otp-webauthn>=0.3.0,<0.4",
   "Django[argon2]>=5.0,<5.2",
-  "djangorestframework>=3.15.0,<3.16",
+  "djangorestframework>=3.15.2,<3.16",
+  "drf-spectacular[sidecar]>=0.27.2,<0.28",
   "filelock<4,>=3.12.2",
   "fluent.syntax>=0.18.1,<0.20",
   "GitPython>=3.1.0,<3.2",
@@ -75,9 +76,9 @@ dependencies = [
   "redis>=5.0.2,<5.2.0",
   "requests>=2.32.2,<2.33",
   "ruamel.yaml>=0.17.2,<0.19.0",
-  "sentry-sdk>=2.2,<3.0",
+  "sentry-sdk>=2.8,<3.0",
   "siphashc>=2.1,<3.0",
-  "social-auth-app-django>=5.4.0,<6.0.0",
+  "social-auth-app-django>=5.4.1,<6.0.0",
   "social-auth-core>=4.5.0,<5.0.0",
   "tesserocr>=2.6.1,<2.8.0",
   "translate-toolkit>=3.13.1,<3.14",

weblate/middleware.py

@@ -64,7 +64,12 @@
 }
 
 # URLs requiring inline javascript
-INLINE_PATHS = {"social:begin", "djangosaml2idp:saml_login_process"}
+INLINE_PATHS = {
+    "social:begin",
+    "djangosaml2idp:saml_login_process",
+    "swagger-ui",
+    "redoc",
+}
 
 
 class ProxyMiddleware:

weblate/settings_docker.py

@@ -779,6 +779,8 @@
     "django_otp.plugins.otp_static",
     "django_otp.plugins.otp_totp",
     "django_otp_webauthn",
+    "drf_spectacular",
+    "drf_spectacular_sidecar",
 ]
 
 modify_env_list(INSTALLED_APPS, "APPS")
@@ -1204,6 +1206,20 @@
     "VIEW_DESCRIPTION_FUNCTION": "weblate.api.views.get_view_description",
     "EXCEPTION_HANDLER": "weblate.api.views.weblate_exception_handler",
     "UNAUTHENTICATED_USER": "weblate.auth.models.get_anonymous",
+    "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
+}
+SPECTACULAR_SETTINGS = {
+    "SWAGGER_UI_DIST": "SIDECAR",
+    "SWAGGER_UI_FAVICON_HREF": "SIDECAR",
+    "REDOC_DIST": "SIDECAR",
+    "SERVE_URLCONF": "weblate.api.urls",
+    "TITLE": "Weblate's REST API",
+    "DESCRIPTION": """
+The API is accessible on the ``/api/`` URL and it is based on [Django REST framework](https://www.django-rest-framework.org/).
+
+The OpenAPI specification is available as feature preview, feedback welcome!
+    """,
+    "VERSION": None,
 }
 
 # Fonts CDN URL

weblate/settings_example.py

@@ -438,6 +438,8 @@
     "django_otp.plugins.otp_static",
     "django_otp.plugins.otp_totp",
     "django_otp_webauthn",
+    "drf_spectacular",
+    "drf_spectacular_sidecar",
 ]
 
 # Custom exception reporter to include some details
@@ -823,6 +825,20 @@
     "VIEW_DESCRIPTION_FUNCTION": "weblate.api.views.get_view_description",
     "EXCEPTION_HANDLER": "weblate.api.views.weblate_exception_handler",
     "UNAUTHENTICATED_USER": "weblate.auth.models.get_anonymous",
+    "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
+}
+SPECTACULAR_SETTINGS = {
+    "SWAGGER_UI_DIST": "SIDECAR",
+    "SWAGGER_UI_FAVICON_HREF": "SIDECAR",
+    "REDOC_DIST": "SIDECAR",
+    "SERVE_URLCONF": "weblate.api.urls",
+    "TITLE": "Weblate's REST API",
+    "DESCRIPTION": """
+The API is accessible on the ``/api/`` URL and it is based on [Django REST framework](https://www.django-rest-framework.org/).
+
+The OpenAPI specification is available as feature preview, feedback welcome!
+    """,
+    "VERSION": None,
 }
 
 # Fonts CDN URL

weblate/static/loader-bootstrap.js

@@ -1422,10 +1422,9 @@ $(function () {
   $("input[name='period']").daterangepicker(
     {
       autoApply: false,
-      startDate:
-        $("input[name='period']#id_period").attr("data-start-date") || moment(),
-      endDate:
-        $("input[name='period']#id_period").attr("data-end-date") || moment(),
+      autoUpdateInput: false,
+      startDate: $("input[name='period']#id_period").attr("data-start-date"),
+      endDate: $("input[name='period']#id_period").attr("data-end-date"),
       alwaysShowCalendars: true,
       cancelButtonClasses: "btn-warning",
       opens: "left",
@@ -1485,6 +1484,12 @@ $(function () {
     (start, end, label) => {},
   );
 
+  $("input[name='period']").on("apply.daterangepicker", function (ev, picker) {
+    $(this).val(
+      `${picker.startDate.format("MM/DD/YYYY")} - ${picker.endDate.format("MM/DD/YYYY")}`,
+    );
+  });
+
   $("input[name='period']").on("cancel.daterangepicker", (_ev, picker) => {
     picker.element.val("");
   });

weblate/urls.py

@@ -13,6 +13,11 @@
 from django.views.decorators.cache import cache_control, cache_page
 from django.views.decorators.vary import vary_on_cookie
 from django.views.generic import RedirectView, TemplateView
+from drf_spectacular.views import (
+    SpectacularAPIView,
+    SpectacularRedocView,
+    SpectacularSwaggerView,
+)
 
 import weblate.accounts.urls
 import weblate.accounts.views
@@ -814,6 +819,19 @@
     path("accounts/", include(weblate.accounts.urls)),
     # Auth
     path("api/", include((weblate.api.urls, "weblate.api"), namespace="api")),
+    # YOUR PATTERNS
+    path("api/schema/", SpectacularAPIView.as_view(), name="schema"),
+    # Optional UI:
+    path(
+        "api/schema/swagger-ui/",
+        SpectacularSwaggerView.as_view(url_name="schema"),
+        name="swagger-ui",
+    ),
+    path(
+        "api/schema/redoc/",
+        SpectacularRedocView.as_view(url_name="schema"),
+        name="redoc",
+    ),
     # Static pages
     path("contact/", weblate.accounts.views.contact, name="contact"),
     path("hosting/", weblate.accounts.views.hosting, name="hosting"),

weblate/utils/requirements.py

@@ -58,6 +58,7 @@
     "python-redis-lock",
     "charset-normalizer",
     "cyrtranslit",
+    "drf_spectacular",
 ]
 
 OPTIONAL = [

weblate/utils/search.py

@@ -593,7 +593,10 @@ def convert_non_field(self) -> Q:
     def field_extra(self, field: str, query: Q, match: Any) -> Q:  # noqa: ANN401
         if field == "translates":
             return query & Q(
-                change__timestamp__date__gte=timezone.now().date() - timedelta(days=90)
+                change__timestamp__gte=timezone.now().replace(
+                    hour=0, minute=0, second=0, microsecond=0
+                )
+                - timedelta(days=90)
             )
 
         return super().field_extra(field, query, match)
@@ -610,7 +613,10 @@ def contributes_field(self, text: str, context: dict) -> Q:
         else:
             query = Q(change__project__slug__iexact=text)
         return query & Q(
-            change__timestamp__date__gte=timezone.now().date() - timedelta(days=90)
+            change__timestamp__gte=timezone.now().replace(
+                hour=0, minute=0, second=0, microsecond=0
+            )
+            - timedelta(days=90)
         )