This is a collection of issues we encountered with the Django 2.2 upgrade and lessons learned from it, especially ones that could have been addressed earlier or should inform how we do major upgrades in the future.
Although we couldn’t test with Django 2.0+ until the Python 3 upgrade was complete, much of the work was updating our code to remove usage of APIs that were already deprecated by Django 1.11 and could have been done over the past 2 years. Tickets had been made for much of that work as soon as the 1.11 upgrade was finished, but were deferred as GDPR and other crises took precedence.
Few repositories had been updated to use the newer style of Django middleware introduced in 1.10 (August 2016) which became mandatory in 2.0. We use lots of middleware, both from 3rd-party packages and written ourselves.
Our original OAuth2 library in edx-platform was obsolete and superseded even before the Django 1.11 upgrade, but in a rush to complete that upgrade we chose to maintain a fork of the library alongside its newer replacement rather than completely remove it. Two years later, we had to finish that removal after circumstances had made it even more difficult; this took a few senior engineers over two months to complete.
2 years ago we created guidelines (OEP-18) for more easily keeping Python package dependencies up to date, but dozens of our repositories had not yet been updated to follow them. We made these updates as part of the Django 2.2 upgrade to facilitate safely upgrading many dependencies in each of dozens of repositories, which should help keep things current moving forward.
We had been routinely pinning dependencies to old versions whenever upgrading to a newer one didn’t work automatically (or often just to avoid the risk of an upgrade not working out). We had to deal with dozens of such minor problems all at once when we suddenly needed to upgrade all those libraries to newer versions with support for Django 2.2. The OEP-18 guidelines from 2 years ago warned of this, but again, many repositories weren’t following those guidelines yet.