GitLab

This reverts commit 8f58ff06.

Without disabling CSRF (complicated, will probably become impossible at some
point), we did not manage to have jenkins-job-builder use the API
with current Jenkins LTS. Using the standard security setup
(https://wiki.jenkins.io/display/JENKINS/Standard+Security+Setup),
an actual user, and its API token, repairs communication with the API.

refs sysadmin#16955

refs: sysadmin#16955

See: https://salsa.debian.org/tails-team/gitlab-migration/-/issues/55

I'll change manually in repo during deploy.

See: https://salsa.debian.org/tails-team/gitlab-migration/-/issues/74

I'll modify manually in the server.

For some reason, our script is not detecting some dependency constraints
correctly, so i'm pinning this one manually.

From: https://github.com/django-compressor/django-compressor/blob/2.4/setup.py#L148

It is now installed with pip. I'll remove the package manually from the
server after deploy.

It was missing a change of directory, bug was introduced in:
9a166c00

refs: sysadmin#17719

We need to account for longer version strings than the one provided by
the Pypi JSON for some packages.

In the case at hand, Pypi will return "2.1" for latest user-agents
version, but we should be looking for "2.1.0" in GitHub tags.

The version in the Pypi JSON is "2.1" but there's no such tag in the
repo and our dep update script does not currently account for such
differences.

The deps update script does not correctly check for compatibility with
Python for direct dependencies of Weblate (such check is only done for
dependencies of dependencies).

Therefore, we manually pin openpyxl version to <3.0 as bigger versions
all depend on Python >= 3.6 which is not available in Debian Stretch.

In its previous location, the dependencies update script was being
served in the Puppet file server, but we don't need that, as such script
is meant to be executed in the admin machine to generate Puppet code.

This is what I ran:

  python3 files/weblate/external_scripts/update_puppet_dependecy_files.py \
    --weblate-version 3.5.1 \
    --debian-suite stretch \
    --weblate-repo ~/weblate/

Apache packages are declared in tails::weblate::webserver and memcached
is declared in tails::weblate::config.

Extra dependencies are listed in the Pypi JSON with the keyword "extra",
as such (example taken from https://pypi.org/pypi/celery/json):

    "cryptography ; extra == 'auth'",

This means that someone can run `pip install celery[auth]` and will get
the cryptography package installed.

But this scheme also allows for variations, as the following (from the
same URL as above):

    "couchbase-cffi (<3.0.0) ; (platform_python_implementation == \"PyPy\") and extra == 'couchbase'",

The current implementation of detection of "extra" dependencies does not
account for the second format, so I'm fixing it in this commit.