Upgrade from python3.8 to python3.10

.azure-pipelines-gh-pages.yml

@@ -7,9 +7,12 @@ trigger:
 
 jobs:
   - job: build_and_publish_docs
+    # Note: Still on ubuntu-20.04 with python3.8 because of
+    # https://github.com/python-babel/babel/issues/990
     container: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-virtual-clang15
     pool:
       vmImage: ubuntu-20.04
+    displayName: Build and Publish Docs
 
     steps:
       - checkout: self

.azure-pipelines-quictls.yml

@@ -17,7 +17,7 @@ parameters:
 
 jobs:
   - job: build_quictls
-    container: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-clang15
+    container: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-virtual-clang15
     pool: 1es-dv4-focal
 
     strategy:

.azure-pipelines-templates/checks.yml

@@ -9,5 +9,5 @@ jobs:
         clean: true
         fetchDepth: 1
 
-      - script: python3.8 scripts/extract-release-notes.py --target-git-version
+      - script: python3.10 scripts/extract-release-notes.py --target-git-version
         displayName: "Check presence of release notes entry"

.azure-pipelines-templates/configure.yml

@@ -5,7 +5,7 @@ jobs:
       Codeql.SkipTaskAutoInjection: true
       skipComponentGovernanceDetection: true
     pool:
-      vmImage: "ubuntu-20.04"
+      vmImage: "ubuntu-22.04"
     steps:
       - checkout: self
         clean: true

.azure-pipelines-templates/deploy_aci.yml

@@ -11,7 +11,7 @@ jobs:
       Codeql.SkipTaskAutoInjection: true
       skipComponentGovernanceDetection: true
     pool:
-      vmImage: ubuntu-20.04
+      vmImage: ubuntu-22.04
     steps:
       - checkout: none
 
@@ -26,7 +26,7 @@ jobs:
       skipComponentGovernanceDetection: true
       sshKey: $[ dependencies.generate_ssh_key.outputs['generate_ssh_key.sshKey'] ]
     pool:
-      vmImage: ubuntu-20.04
+      vmImage: ubuntu-22.04
     steps:
       - script: |
           env
@@ -65,10 +65,10 @@ jobs:
 
       - script: |
           set -ex
-          python3.8 -m venv ./scripts/azure_deployment/.env
+          python3.10 -m venv ./scripts/azure_deployment/.env
           source ./scripts/azure_deployment/.env/bin/activate
           pip install -r ./scripts/azure_deployment/requirements.txt
-          python3.8 scripts/azure_deployment/arm_template.py deploy aci \
+          python3.10 scripts/azure_deployment/arm_template.py deploy aci \
             --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) \
             --resource-group ccf-aci \
             --region northeurope \
@@ -91,7 +91,7 @@ jobs:
       - job: deploy_secondary_aci
         displayName: "Deploy Secondary ACI"
         pool:
-          vmImage: ubuntu-20.04
+          vmImage: ubuntu-22.04
         dependsOn:
           - generate_ssh_key
         variables:
@@ -132,10 +132,10 @@ jobs:
 
           - script: |
               set -ex
-              python3.8 -m venv ./scripts/azure_deployment/.env
+              python3.10 -m venv ./scripts/azure_deployment/.env
               source ./scripts/azure_deployment/.env/bin/activate
               pip install -r ./scripts/azure_deployment/requirements.txt
-              python3.8 scripts/azure_deployment/arm_template.py deploy aci \
+              python3.10 scripts/azure_deployment/arm_template.py deploy aci \
                 --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) \
                 --resource-group ccf-aci \
                 --region northeurope \
@@ -185,7 +185,7 @@ jobs:
   - job: cleanup_aci
     displayName: "Cleanup ACI"
     pool:
-      vmImage: ubuntu-20.04
+      vmImage: ubuntu-22.04
     dependsOn:
       - generate_ssh_key
       - deploy_primary_aci
@@ -219,10 +219,10 @@ jobs:
 
       - script: |
           set -ex
-          python3.8 -m venv ./scripts/azure_deployment/.env
+          python3.10 -m venv ./scripts/azure_deployment/.env
           source ./scripts/azure_deployment/.env/bin/activate
           pip install -r ./scripts/azure_deployment/requirements.txt
-          python3.8 scripts/azure_deployment/arm_template.py remove aci \
+          python3.10 scripts/azure_deployment/arm_template.py remove aci \
           --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) \
           --resource-group ccf-aci \
           --aci-type dynamic-agent \
@@ -234,7 +234,7 @@ jobs:
       - script: |
           source ./scripts/azure_deployment/.env/bin/activate
           if [[ ${{ parameters.secondaries.count }} != 0 ]]; then
-            python3.8 scripts/azure_deployment/arm_template.py remove aci \
+            python3.10 scripts/azure_deployment/arm_template.py remove aci \
             --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) \
             --resource-group ccf-aci \
             --aci-type dynamic-agent \

.azure-pipelines-templates/deploy_attestation_container.yml

@@ -5,7 +5,7 @@ jobs:
       Codeql.SkipTaskAutoInjection: true
       skipComponentGovernanceDetection: true
     pool:
-      vmImage: ubuntu-20.04
+      vmImage: ubuntu-22.04
     steps:
       - template: azure_cli.yml
         parameters:
@@ -22,10 +22,10 @@ jobs:
 
       - script: |
           set -ex
-          python3.8 -m venv ./scripts/azure_deployment/.env
+          python3.10 -m venv ./scripts/azure_deployment/.env
           source ./scripts/azure_deployment/.env/bin/activate
           pip install -r ./scripts/azure_deployment/requirements.txt
-          python3.8 scripts/azure_deployment/arm_template.py deploy aci \
+          python3.10 scripts/azure_deployment/arm_template.py deploy aci \
             --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) \
             --resource-group attestationContainer \
             --aci-type dynamic-agent \
@@ -40,7 +40,7 @@ jobs:
   - job: cleanup_aci
     displayName: "Cleanup Attestation Container"
     pool:
-      vmImage: ubuntu-20.04
+      vmImage: ubuntu-22.04
     dependsOn:
       - deploy_attestation_container
       - ${{ parameters.used_by }}
@@ -54,10 +54,10 @@ jobs:
 
       - script: |
           set -ex
-          python3.8 -m venv ./scripts/azure_deployment/.env
+          python3.10 -m venv ./scripts/azure_deployment/.env
           source ./scripts/azure_deployment/.env/bin/activate
           pip install -r ./scripts/azure_deployment/requirements.txt
-          python3.8 scripts/azure_deployment/arm_template.py remove aci \
+          python3.10 scripts/azure_deployment/arm_template.py remove aci \
           --subscription-id $(CCF_AZURE_SUBSCRIPTION_ID) \
           --resource-group attestationContainer \
           --aci-type dynamic-agent \
@@ -68,7 +68,7 @@ jobs:
   - job: cleanup_container_image
     displayName: "Cleanup Attestation Container image"
     pool:
-      vmImage: ubuntu-20.04
+      vmImage: ubuntu-22.04
     dependsOn:
       - deploy_attestation_container
       - ${{ parameters.used_by }}

.azure-pipelines-templates/install_others.yml

@@ -1,7 +1,7 @@
 steps:
   - script: |
       set -ex
-      python3.8 -m venv env
+      python3.10 -m venv env
       source ./env/bin/activate
       pip install -r requirements.txt
       pip install wheel

.azure-pipelines-templates/matrix.yml

@@ -5,7 +5,7 @@ parameters:
     Hosted:
       container: virtual
       pool:
-        vmImage: ubuntu-20.04
+        vmImage: ubuntu-22.04
     Virtual:
       container: virtual
       pool: 1es-dv4-focal

.azure-pipelines-templates/release.yml

@@ -14,7 +14,7 @@ jobs:
 
       - script: |
           set -ex
-          python3.8 ./scripts/extract-release-notes.py --target-git-version | tee $(Build.BinariesDirectory)/rel-notes.md
+          python3.10 ./scripts/extract-release-notes.py --target-git-version | tee $(Build.BinariesDirectory)/rel-notes.md
         displayName: Extract release notes
 
       - script: |

.azure-pipelines-templates/test_attestation_container.yml

@@ -8,7 +8,7 @@ jobs:
     dependsOn: ${{ parameters.depends_on }}
     condition: ${{ parameters.condition }}
     pool:
-      vmImage: ubuntu-20.04
+      vmImage: ubuntu-22.04
     timeoutInMinutes: 120
     variables:
       Codeql.SkipTaskAutoInjection: true

.azure-pipelines-templates/test_on_remote.yml

@@ -8,7 +8,7 @@ jobs:
     dependsOn: ${{ parameters.depends_on }}
     condition: ${{ parameters.condition }}
     pool:
-      vmImage: ubuntu-20.04
+      vmImage: ubuntu-22.04
     timeoutInMinutes: 120
     variables:
       runOn: ${{ parameters.run_on }}

.azure-pipelines.yml

@@ -29,15 +29,15 @@ schedules:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-virtual-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-virtual-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
     - container: snp
-      image: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-snp-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-snp-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
     - container: sgx
-      image: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-sgx
+      image: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-sgx
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx -v /lib/modules:/lib/modules:ro
 
 variables:

.daily.yml

@@ -25,15 +25,15 @@ schedules:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-virtual-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-virtual-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE
 
     - container: snp
-      image: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-snp-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-snp-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
     - container: sgx
-      image: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-sgx
+      image: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-sgx
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx
 
 jobs:

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "CCF Development Environment",
-  "image": "ccfmsrc.azurecr.io/ccf/ci:27-04-2023-virtual-clang15",
+  "image": "ccfmsrc.azurecr.io/ccf/ci:30-05-2023-virtual-clang15",
   "runArgs": [],
   "extensions": [
     "eamodio.gitlens",

.github/workflows/build-ci-container.yml

@@ -45,10 +45,10 @@ jobs:
         run: docker login -u $ACR_TOKEN_NAME -p ${{ secrets.ACR_CI_PUSH_TOKEN_PASSWORD }} $ACR_REGISTRY
 
       - name: Pull CI container
-        run: docker pull $ACR_REGISTRY/ccf/ci:27-04-2023-snp-clang15
+        run: docker pull $ACR_REGISTRY/ccf/ci:30-05-2023-snp-clang15
 
       - name: Build CCF CI SNP container
-        run: docker build -f docker/ccf_ci_built . --build-arg="base=ccfmsrc.azurecr.io/ccf/ci:27-04-2023-snp-clang15" --build-arg="platform=snp" -t $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD`
+        run: docker build -f docker/ccf_ci_built . --build-arg="base=ccfmsrc.azurecr.io/ccf/ci:30-05-2023-snp-clang15" --build-arg="platform=snp" -t $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD`
 
       - name: Push CI container
         run: docker push $ACR_REGISTRY/ccf/ci:pr-`git rev-parse HEAD`

.github/workflows/ci-checks.yml

@@ -9,7 +9,7 @@ on:
 jobs:
   checks:
     runs-on: ubuntu-latest
-    container: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-virtual-clang15
+    container: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-virtual-clang15
 
     steps:
       - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

.github/workflows/codeql-analysis.yml

@@ -12,7 +12,7 @@ on:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     strategy:
       fail-fast: false

.multi-thread.yml

@@ -16,7 +16,7 @@ pr:
 resources:
   containers:
     - container: virtual
-      image: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-virtual-clang15
+      image: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-virtual-clang15
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro
 
 jobs:

.stress.yml

@@ -20,7 +20,7 @@ schedules:
 resources:
   containers:
     - container: sgx
-      image: ccfmsrc.azurecr.io/ccf/ci:27-04-2023-sgx
+      image: ccfmsrc.azurecr.io/ccf/ci:30-05-2023-sgx
       options: --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision -v /dev/sgx:/dev/sgx
 
 jobs:

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [4.0.3]
+
+[4.0.3]: https://github.com/microsoft/CCF/releases/tag/ccf-4.0.3
+
+- Updated Python from 3.8 to 3.10 (#5311).
+
 ## [4.0.2]
 
 [4.0.2]: https://github.com/microsoft/CCF/releases/tag/ccf-4.0.2
@@ -17,11 +23,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 - The `set_js_runtime_options` action now accepts `return_exception_details` and `log_exception_details` boolean options, which set the corresponding keys in the `public:ccf.gov.js_runtime_options` KV map. When enabled, a stack trace is respectively returned to the caller, and emitted to the log, on uncaught JS exceptions in application code.
 
-## Changed
+### Changed
 
 - For security reasons, OpenSSL `>=1.1.1f` must be first installed on the system (Ubuntu) before installing the CCF Debian package (#5227).
 
-## Added
+### Added
 
 - Added `ccf::historical::populate_service_endorsements` to public C++ API, allowing custom historical endpoints to do the same work as adapters.
 

docker/ccf_ci_built

@@ -4,7 +4,7 @@
 
 # Latest image as of this change
 ARG platform=sgx
-ARG base=ccfmsrc.azurecr.io/ccf/ci:27-04-2023-snp-clang-15
+ARG base=ccfmsrc.azurecr.io/ccf/ci:30-05-2023-snp-clang-15
 FROM ${base}
 
 # SSH. Note that this could (should) be done in the base ccf_ci image instead

getting_started/setup_vm/roles/ccf_build/tasks/install.yml

@@ -1,3 +1,10 @@
+- name: Add Python repository
+  apt_repository:
+    repo: "ppa:deadsnakes/ppa"
+    state: present
+    update_cache: yes
+  become: yes
+
 - name: Include vars for Clang
   include_vars: "clang{{ clang_version }}.yml"
 

getting_started/setup_vm/roles/ccf_build/vars/clang11.yml

@@ -7,8 +7,8 @@ debs:
   - libuv1-dev
   - libc++-{{ clang_ver }}-dev
   - libc++abi-{{ clang_ver }}-dev
-  - python3.8-dev
-  - python3.8-venv
+  - python3.10-dev
+  - python3.10-venv
   - llvm-{{ clang_ver }}
   - clang-{{ clang_ver }}
   - clang-format-11

getting_started/setup_vm/roles/ccf_build/vars/clang15.yml

@@ -7,8 +7,8 @@ debs:
   - libuv1-dev
   - libc++-{{ clang_ver }}-dev
   - libc++abi-{{ clang_ver }}-dev
-  - python3.8-dev
-  - python3.8-venv
+  - python3.10-dev
+  - python3.10-venv
   - llvm-{{ clang_ver }}
   - clang-{{ clang_ver }}
   - clang-format-11 # On purpose, to avoid formatting conflicts

livehtml.sh

@@ -17,7 +17,7 @@ fi
 echo "Setting up Python environment..."
 if [ ! -f "env/bin/activate" ]
     then
-        python3.8 -m venv env
+        python3.10 -m venv env
 fi
 
 source env/bin/activate