Update project dependencies

[paulapreuss]

OpenPlan is currently based on python 3.9, which has already reached it's EoL, and Django 4.2, which has its long term support (LTS) phase also ending at the end of the year. Additionally, most project dependencies have not been updated in a long time, posing possible security issues, among other things.

This PR aims to upgrade the project to python 3.12 and Django 5.2 (as a compromise between a jump to all latest versions and moving to versions that have at least two years of long term support ahead). Other project dependencies will also be checked for upgrades.

Within this PR, oemof packages are also upgraded to oemof-solph==0.5.7 and oemof-thermal==0.0.8. Will have to do some testing. Likely these versions were pinned to be in sync with MVS, but since we are moving away from MVS we will need to update anyway. The upgrade was necessary, since the package dependencies were not compatible with python 3.12.

Closes #399

TODO:

• Check and potentially update security settings
• Update README
• Update local deploy settings / instructions
• Include build test
• Set up dependabot

[Bachibouzouk]

I just though yesterday that we were due to update django. Shouldn't we unpin the dependencies ? I would keep a file with pinned dependencies but use the one with unpinned such that we always get the latest updates when we deploy (we could setup a scheduled job to build using the unpinned requirements and be notifyed when it fails). If it fails and it is a friday or one day before a workshop and one has no time, we can fallback on the pinned dependencies and leave it as TODO to fix the dependencies later.

[github-actions]

✅dependabot config looks good 👍

[paulapreuss]

Hi @Bachibouzouk, I think this is about ready. What I did:

• Upgrade Django to 5.2
• Upgrade python to 3.12
• Upgrade all other packages, only pinning the ones triggering version conflicts or causing other issues in the code
• Differentiate between docker-compose-production and docker-compose-local and update local deployment description
• Add build test on CI (builds local-compose-local to check that the requirements are working and there are no migration files are missing)
• Add a basic dependabot configuration (we will have to see if this is catching all we are interested in, it is hard to test locally)
• Add a github action to automatically tag releases when they get merged into prod
• Update the pre-commit config to be quite a bit stricter (now uses ruff and a few other hooks) - this has also caused the changed files to be so huge, since I ran it once on the repo. It should mostly be code formatting, though. Locally, you should update your pre-commit config with pre-commit install.

Let me know what you think. I did change quite a few things so I assume this will take quite a bit of noodling around on staging to make sure that everything really still works as intended.

One thing I have not yet done is move from Django-q to celery beat. I will do this when I have a bit of time again.

Also, I have now included the changes from your other closed PRs to the Changelog here, as they were still missing.

[Bachibouzouk]

NB: make sure this is addressed in a later commit

[Bachibouzouk]

Shouldn't we set it to 518400 ?

[paulapreuss]

@Bachibouzouk I would keep it as is for now and then gradually increase before moving from staging to production? We can also set it a bit higher already, but I wouldn't go to 518400 right away.

[Bachibouzouk]

This is so far I got for the moment, testing the production on the sandbox server

[Bachibouzouk]

Did you test if the path is accessible in production?

[Bachibouzouk]

If I set prod env to False I get the sandbox to work, if not I makes and endless ssl redirect and ends up with a ns-error-redirect-loop error

[Bachibouzouk]

Likely due to https://docs.djangoproject.com/en/dev/ref/settings/#secure-ssl-redirect

[Bachibouzouk]

When one sets PROD_ENV to True while setting DJANGO_SECURE_SSL_REDIRECT to False, then it works :)

[paulapreuss]

@Bachibouzouk I added SECURE_PROXY_SSL_HEADER to the settings as recommended by the documentation, now the DJANGO_SECURE_SSL_REDIRECT setting also seems to work without endless redirects.

[paulapreuss]

@Bachibouzouk I also toyed around a bit on the sandbox server with this and it looks to be working. Are you good with merging it into main/staging?