fix(helm): use pure TCP connect probe to avoid log noise

bash's `echo > /dev/tcp` writes a newline payload into the target on
each probe, which postgres logs as "incomplete startup packet". Open
the fd with `exec 3<>` instead so the probe is a pure connect.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

.github/actions/setup-backend/action.yml

@@ -42,7 +42,7 @@ runs:
         fi
         echo "python-version=$RESOLVED_VERSION" >> "$GITHUB_OUTPUT"
     - name: Set up Python ${{ steps.set-python-version.outputs.python-version }}
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
       with:
         python-version: ${{ steps.set-python-version.outputs.python-version }}
         cache: ${{ inputs.cache }}

.github/workflows/docker.yml

@@ -75,24 +75,6 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Free up disk space
-        shell: bash
-        run: |
-          # Reclaim large preinstalled toolchains we don't use. The image
-          # build, and especially the docker-compose sanity check (which
-          # rebuilds from scratch whenever the registry cache image
-          # apache/superset-cache is unavailable), can otherwise exhaust the
-          # runner's root disk and fail with "no space left on device".
-          echo "Disk before cleanup:"; df -h /
-          sudo rm -rf \
-            /usr/share/dotnet \
-            /usr/local/lib/android \
-            /opt/ghc \
-            /usr/local/.ghcup \
-            /opt/hostedtoolcache/CodeQL \
-            /usr/local/share/boost || true
-          echo "Disk after cleanup:"; df -h /
-
       - name: Setup Docker Environment
         uses: ./.github/actions/setup-docker
         with:
@@ -119,27 +101,13 @@ jobs:
             PUSH_OR_LOAD="--load"
           fi
 
-          # Retry to absorb transient Docker Hub registry errors (base-image
-          # pull timeouts, 504/401 on push, ECONNRESET) that otherwise fail
-          # the whole job. buildx reuses the buildkit layer cache from the
-          # failed attempt, so a retry mostly re-does just the failed push.
-          for attempt in 1 2 3; do
-            if supersetbot docker \
-              $PUSH_OR_LOAD \
-              --preset "$BUILD_PRESET" \
-              --context "$EVENT" \
-              --context-ref "$RELEASE" $FORCE_LATEST \
-              --extra-flags "--build-arg INCLUDE_CHROMIUM=false --tag $IMAGE_TAG" \
-              $PLATFORM_ARG; then
-              break
-            fi
-            if [ "$attempt" -eq 3 ]; then
-              echo "::error::supersetbot docker build failed after 3 attempts"
-              exit 1
-            fi
-            echo "::warning::Build attempt ${attempt} failed; retrying in 30s..."
-            sleep 30
-          done
+          supersetbot docker \
+            $PUSH_OR_LOAD \
+            --preset "$BUILD_PRESET" \
+            --context "$EVENT" \
+            --context-ref "$RELEASE" $FORCE_LATEST \
+            --extra-flags "--build-arg INCLUDE_CHROMIUM=false --tag $IMAGE_TAG" \
+            $PLATFORM_ARG
 
       # in the context of push (using multi-platform build), we need to pull the image locally
       - name: Docker pull
@@ -180,21 +148,6 @@ jobs:
         uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           persist-credentials: false
-      - name: Free up disk space
-        shell: bash
-        run: |
-          # The sanity check rebuilds the image from scratch whenever the
-          # registry cache image apache/superset-cache is unavailable, which
-          # can exhaust the runner's root disk ("no space left on device").
-          echo "Disk before cleanup:"; df -h /
-          sudo rm -rf \
-            /usr/share/dotnet \
-            /usr/local/lib/android \
-            /opt/ghc \
-            /usr/local/.ghcup \
-            /opt/hostedtoolcache/CodeQL \
-            /usr/local/share/boost || true
-          echo "Disk after cleanup:"; df -h /
       - name: Setup Docker Environment
         uses: ./.github/actions/setup-docker
         with:

docs/admin_docs/installation/docker-compose.mdx

@@ -223,9 +223,8 @@ compose based installation, edit the `x-superset-image:` line in your `docker-co
 `docker-compose-non-dev.yml` files, replacing `apachesuperset.docker.scarf.sh/apache/superset` with
 `apache/superset` to pull the image directly from Docker Hub.
 
-To disable the Scarf telemetry pixel, set the `SCARF_ANALYTICS` environment variable to `false` in
-your `docker/.env` file. This is read at runtime, so it disables the pixel on the pre-built image
-without rebuilding the frontend.
+To disable the Scarf telemetry pixel, set the `SCARF_ANALYTICS` environment variable to `False` in
+your terminal and/or in your `docker/.env` file.
 :::
 
 ## 3. Log in to Superset

docs/admin_docs/installation/kubernetes.mdx

@@ -136,17 +136,7 @@ init:
 :::note
 Superset uses [Scarf Gateway](https://about.scarf.sh/scarf-gateway) to collect telemetry data.  Knowing the installation counts for different Superset versions informs the  project's decisions about patching and long-term support. Scarf purges personally identifiable information (PII) and provides only aggregated statistics.
 
-There are two independent telemetry channels:
-
-- **Image pulls** (Scarf Gateway): to opt out, edit the `repository:` line in your `helm/superset/values.yaml` file, replacing `apachesuperset.docker.scarf.sh/apache/superset` with `apache/superset` to pull the image directly from Docker Hub.
-- **The analytics pixel** rendered in the UI: to opt out, set the `SCARF_ANALYTICS` environment variable to `false` on the Superset containers via `extraEnv` in your `values.yaml`:
-
-  ```yaml
-  extraEnv:
-    SCARF_ANALYTICS: "false"
-  ```
-
-  This is read at runtime, so it takes effect on the pre-built images without rebuilding the frontend.
+To opt-out of this data collection in your Helm-based installation, edit the `repository:` line in your `helm/superset/values.yaml` file, replacing `apachesuperset.docker.scarf.sh/apache/superset` with `apache/superset` to pull the image directly from Docker Hub.
 :::
 
 ### Dependencies

docs/docs/faq.mdx

@@ -321,8 +321,8 @@ This can be used, for example, to convert UTC time to local time.
 Superset uses [Scarf](https://about.scarf.sh/) by default to collect basic telemetry data upon installing and/or running Superset. This data helps the maintainers of Superset better understand which versions of Superset are being used, in order to prioritize patch/minor releases and security fixes.
 We use the [Scarf Gateway](https://docs.scarf.sh/gateway/) to sit in front of container registries, the [scarf-js](https://about.scarf.sh/package-sdks) package to track `npm` installations, and a Scarf pixel to gather anonymous analytics on Superset page views.
 Scarf purges PII and provides aggregated statistics. Superset users can easily opt out of analytics in various ways documented [here](https://docs.scarf.sh/gateway/#do-not-track) and [here](https://docs.scarf.sh/package-analytics/#as-a-user-of-a-package-using-scarf-js-how-can-i-opt-out-of-analytics).
-You can also opt out of the analytics pixel by setting the `SCARF_ANALYTICS` environment variable to `false`. This is read at runtime, so setting it on the Superset container (for example via `extraEnv` in the Helm chart, or `docker/.env` for Docker Compose) disables the pixel on the pre-built images without rebuilding the frontend.
-Additional opt-out instructions are available on the [Docker Compose](/admin-docs/installation/docker-compose) and [Kubernetes](/admin-docs/installation/kubernetes) installation pages.
+Superset maintainers can also opt out of telemetry data collection by setting the `SCARF_ANALYTICS` environment variable to `false` in the Superset container (or anywhere Superset/webpack are run).
+Additional opt-out instructions for Docker users are available on the [Docker Installation](/admin-docs/installation/docker-compose) page.
 
 ## Does Superset have an archive panel or trash bin from which a user can recover deleted assets?
 

docs/yarn.lock

@@ -15006,9 +15006,9 @@ webpack-dev-middleware@^7.4.2:
     schema-utils "^4.0.0"
 
 webpack-dev-server@^5.2.2:
-  version "5.2.5"
-  resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-5.2.5.tgz#648fceaac6a5736b0935e5c1e55d6aa1d0626119"
-  integrity sha512-4wZtCquSuv9CKX8oybo+mqxtxZqWz47uM1Ch94lxowBztOhWCbhqvRbfC/mODOwxgV2brY+JGZpHq58/SuVFYg==
+  version "5.2.4"
+  resolved "https://registry.yarnpkg.com/webpack-dev-server/-/webpack-dev-server-5.2.4.tgz#6e6306ce59848ed322c235e48b326632b1eed6d6"
+  integrity sha512-GqDPGZN9bRqKBTkp4aWkobDDHMsrXKoGSdOH56smIri8qR0JG8gfL8/v/f/OZR3/OKXjG8uwJbFVhKm/FNU/UA==
   dependencies:
     "@types/bonjour" "^3.5.13"
     "@types/connect-history-api-fallback" "^1.5.4"

helm/superset/Chart.yaml

@@ -29,7 +29,7 @@ maintainers:
   - name: craig-rueda
     email: craig@craigrueda.com
     url: https://github.com/craig-rueda
-version: 0.16.2 # See [README](https://github.com/apache/superset/blob/master/helm/superset/README.md#versioning) for version details.
+version: 0.17.0 # See [README](https://github.com/apache/superset/blob/master/helm/superset/README.md#versioning) for version details.
 dependencies:
   - name: postgresql
     version: 16.7.27

helm/superset/README.md

@@ -23,7 +23,7 @@ NOTE: This file is generated by helm-docs: https://github.com/norwoodj/helm-docs
 
 # superset
 
-![Version: 0.16.2](https://img.shields.io/badge/Version-0.16.2-informational?style=flat-square)
+![Version: 0.17.0](https://img.shields.io/badge/Version-0.17.0-informational?style=flat-square)
 
 Apache Superset is a modern, enterprise-ready business intelligence web application
 
@@ -111,9 +111,6 @@ On helm this can be set on `extraSecretEnv.SUPERSET_SECRET_KEY` or `configOverri
 | init.resources | object | `{}` |  |
 | init.tolerations | list | `[]` |  |
 | init.topologySpreadConstraints | list | `[]` | TopologySpreadConstrains to be added to init job |
-| initImage.pullPolicy | string | `"IfNotPresent"` |  |
-| initImage.repository | string | `"apache/superset"` |  |
-| initImage.tag | string | `"dockerize"` |  |
 | nameOverride | string | `nil` | Provide a name to override the name of the chart |
 | nodeSelector | object | `{}` |  |
 | postgresql | object | see `values.yaml` | Configuration values for the postgresql dependency. ref: https://github.com/bitnami/charts/tree/main/bitnami/postgresql |

helm/superset/values.yaml

@@ -194,11 +194,6 @@ image:
 
 imagePullSecrets: []
 
-initImage:
-  repository: apache/superset
-  tag: dockerize
-  pullPolicy: IfNotPresent
-
 service:
   type: ClusterIP
   port: 8088
@@ -303,15 +298,29 @@ supersetNode:
   # @default -- a container waiting for postgres
   initContainers:
     - name: wait-for-postgres
-      image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
-      imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+      image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+      imagePullPolicy: "{{ .Values.image.pullPolicy }}"
       envFrom:
         - secretRef:
             name: "{{ tpl .Values.envFromSecret . }}"
       command:
-        - /bin/sh
+        - /bin/bash
         - -c
-        - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -timeout 120s
+        - |
+          # opening a /dev/tcp fd performs a TCP connect without sending any
+          # payload (avoids postgres "incomplete startup packet" log noise);
+          # no external `dockerize`, `nc`, or busybox needed. SECONDS-based
+          # deadline mirrors the prior `dockerize -timeout 120s` behaviour.
+          SECONDS=0
+          until (exec 3<>/dev/tcp/"$DB_HOST"/"$DB_PORT") 2>/dev/null; do
+            if [ "$SECONDS" -ge 120 ]; then
+              echo "timeout waiting for postgres at $DB_HOST:$DB_PORT after 120s" >&2
+              exit 1
+            fi
+            echo "waiting for postgres at $DB_HOST:$DB_PORT (elapsed ${SECONDS}s)"
+            sleep 2
+          done
+          echo "postgres at $DB_HOST:$DB_PORT is up"
       resources:
         limits:
           memory: "256Mi"
@@ -407,15 +416,31 @@ supersetWorker:
   # @default -- a container waiting for postgres and redis
   initContainers:
     - name: wait-for-postgres-redis
-      image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
-      imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+      image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+      imagePullPolicy: "{{ .Values.image.pullPolicy }}"
       envFrom:
         - secretRef:
             name: "{{ tpl .Values.envFromSecret . }}"
       command:
-        - /bin/sh
+        - /bin/bash
         - -c
-        - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s
+        - |
+          # See supersetNode.initContainers for the rationale.
+          SECONDS=0
+          wait_for() {
+            local host=$1 port=$2 name=$3
+            until (exec 3<>/dev/tcp/"$host"/"$port") 2>/dev/null; do
+              if [ "$SECONDS" -ge 120 ]; then
+                echo "timeout waiting for $name at $host:$port after 120s" >&2
+                exit 1
+              fi
+              echo "waiting for $name at $host:$port (elapsed ${SECONDS}s)"
+              sleep 2
+            done
+            echo "$name at $host:$port is up"
+          }
+          wait_for "$DB_HOST" "$DB_PORT" postgres
+          wait_for "$REDIS_HOST" "$REDIS_PORT" redis
       resources:
         limits:
           memory: "256Mi"
@@ -495,15 +520,31 @@ supersetCeleryBeat:
   # @default -- a container waiting for postgres
   initContainers:
     - name: wait-for-postgres-redis
-      image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
-      imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+      image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+      imagePullPolicy: "{{ .Values.image.pullPolicy }}"
       envFrom:
         - secretRef:
             name: "{{ tpl .Values.envFromSecret . }}"
       command:
-        - /bin/sh
+        - /bin/bash
         - -c
-        - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s
+        - |
+          # See supersetNode.initContainers for the rationale.
+          SECONDS=0
+          wait_for() {
+            local host=$1 port=$2 name=$3
+            until (exec 3<>/dev/tcp/"$host"/"$port") 2>/dev/null; do
+              if [ "$SECONDS" -ge 120 ]; then
+                echo "timeout waiting for $name at $host:$port after 120s" >&2
+                exit 1
+              fi
+              echo "waiting for $name at $host:$port (elapsed ${SECONDS}s)"
+              sleep 2
+            done
+            echo "$name at $host:$port is up"
+          }
+          wait_for "$DB_HOST" "$DB_PORT" postgres
+          wait_for "$REDIS_HOST" "$REDIS_PORT" redis
       resources:
         limits:
           memory: "256Mi"
@@ -594,15 +635,31 @@ supersetCeleryFlower:
   # @default -- a container waiting for postgres and redis
   initContainers:
     - name: wait-for-postgres-redis
-      image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
-      imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+      image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+      imagePullPolicy: "{{ .Values.image.pullPolicy }}"
       envFrom:
         - secretRef:
             name: "{{ tpl .Values.envFromSecret . }}"
       command:
-        - /bin/sh
+        - /bin/bash
         - -c
-        - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -wait "tcp://$REDIS_HOST:$REDIS_PORT" -timeout 120s
+        - |
+          # See supersetNode.initContainers for the rationale.
+          SECONDS=0
+          wait_for() {
+            local host=$1 port=$2 name=$3
+            until (exec 3<>/dev/tcp/"$host"/"$port") 2>/dev/null; do
+              if [ "$SECONDS" -ge 120 ]; then
+                echo "timeout waiting for $name at $host:$port after 120s" >&2
+                exit 1
+              fi
+              echo "waiting for $name at $host:$port (elapsed ${SECONDS}s)"
+              sleep 2
+            done
+            echo "$name at $host:$port is up"
+          }
+          wait_for "$DB_HOST" "$DB_PORT" postgres
+          wait_for "$REDIS_HOST" "$REDIS_PORT" redis
       resources:
         limits:
           memory: "256Mi"
@@ -764,15 +821,26 @@ init:
   # @default -- a container waiting for postgres
   initContainers:
     - name: wait-for-postgres
-      image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}"
-      imagePullPolicy: "{{ .Values.initImage.pullPolicy }}"
+      image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+      imagePullPolicy: "{{ .Values.image.pullPolicy }}"
       envFrom:
         - secretRef:
             name: "{{ tpl .Values.envFromSecret . }}"
       command:
-        - /bin/sh
+        - /bin/bash
         - -c
-        - dockerize -wait "tcp://$DB_HOST:$DB_PORT" -timeout 120s
+        - |
+          # See supersetNode.initContainers for the rationale.
+          SECONDS=0
+          until (exec 3<>/dev/tcp/"$DB_HOST"/"$DB_PORT") 2>/dev/null; do
+            if [ "$SECONDS" -ge 120 ]; then
+              echo "timeout waiting for postgres at $DB_HOST:$DB_PORT after 120s" >&2
+              exit 1
+            fi
+            echo "waiting for postgres at $DB_HOST:$DB_PORT (elapsed ${SECONDS}s)"
+            sleep 2
+          done
+          echo "postgres at $DB_HOST:$DB_PORT is up"
       resources:
         limits:
           memory: "256Mi"

superset-embedded-sdk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@superset-ui/embedded-sdk",
-  "version": "0.4.0",
+  "version": "0.3.0",
   "description": "SDK for embedding resources from Superset into your own application",
   "access": "public",
   "keywords": [

superset-frontend/package-lock.json

@@ -287,7 +287,7 @@
         "webpack": "^5.107.2",
         "webpack-bundle-analyzer": "^5.3.0",
         "webpack-cli": "^7.0.3",
-        "webpack-dev-server": "^5.2.5",
+        "webpack-dev-server": "^5.2.4",
         "webpack-manifest-plugin": "^6.0.1",
         "webpack-sources": "^3.5.0",
         "webpack-visualizer-plugin2": "^2.0.0"
@@ -26127,6 +26127,21 @@
         }
       }
     },
+    "node_modules/jsdom/node_modules/@noble/hashes": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-2.2.0.tgz",
+      "integrity": "sha512-IYqDGiTXab6FniAgnSdZwgWbomxpy9FtYvLKs7wCUs2a8RkITG+DFGO1DM9cr+E3/RgADRpFjrKVaJ1z6sjtEg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "peer": true,
+      "engines": {
+        "node": ">= 20.19.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
     "node_modules/jsdom/node_modules/css-tree": {
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-3.2.1.tgz",
@@ -42775,9 +42790,9 @@
       }
     },
     "node_modules/webpack-dev-server": {
-      "version": "5.2.5",
-      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-5.2.5.tgz",
-      "integrity": "sha512-4wZtCquSuv9CKX8oybo+mqxtxZqWz47uM1Ch94lxowBztOhWCbhqvRbfC/mODOwxgV2brY+JGZpHq58/SuVFYg==",
+      "version": "5.2.4",
+      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-5.2.4.tgz",
+      "integrity": "sha512-GqDPGZN9bRqKBTkp4aWkobDDHMsrXKoGSdOH56smIri8qR0JG8gfL8/v/f/OZR3/OKXjG8uwJbFVhKm/FNU/UA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -43249,6 +43264,21 @@
         }
       }
     },
+    "node_modules/whatwg-url/node_modules/@noble/hashes": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-2.2.0.tgz",
+      "integrity": "sha512-IYqDGiTXab6FniAgnSdZwgWbomxpy9FtYvLKs7wCUs2a8RkITG+DFGO1DM9cr+E3/RgADRpFjrKVaJ1z6sjtEg==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "peer": true,
+      "engines": {
+        "node": ">= 20.19.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
     "node_modules/whatwg-url/node_modules/webidl-conversions": {
       "version": "8.0.1",
       "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-8.0.1.tgz",
@@ -44369,7 +44399,7 @@
         "cross-env": "^10.1.0",
         "fs-extra": "^11.3.5",
         "jest": "^30.4.2",
-        "yeoman-test": "^11.5.3"
+        "yeoman-test": "^11.5.2"
       },
       "engines": {
         "node": ">= 18.0.0",

superset-frontend/package.json

@@ -370,7 +370,7 @@
     "webpack": "^5.107.2",
     "webpack-bundle-analyzer": "^5.3.0",
     "webpack-cli": "^7.0.3",
-    "webpack-dev-server": "^5.2.5",
+    "webpack-dev-server": "^5.2.4",
     "webpack-manifest-plugin": "^6.0.1",
     "webpack-sources": "^3.5.0",
     "webpack-visualizer-plugin2": "^2.0.0"

superset-frontend/packages/superset-ui-core/src/components/TelemetryPixel/TelemetryPixel.test.tsx

@@ -46,19 +46,3 @@ test('should NOT render the pixel link when FF is off', () => {
   const image = document.querySelector('img[src*="scarf.sh"]');
   expect(image).not.toBeInTheDocument();
 });
-
-test('should NOT render the pixel link when disabled at runtime', () => {
-  process.env.SCARF_ANALYTICS = 'true';
-  render(<TelemetryPixel enabled={false} />);
-
-  const image = document.querySelector('img[src*="scarf.sh"]');
-  expect(image).not.toBeInTheDocument();
-});
-
-test('should render the pixel link when enabled at runtime', () => {
-  process.env.SCARF_ANALYTICS = 'true';
-  render(<TelemetryPixel enabled />);
-
-  const image = document.querySelector('img[src*="scarf.sh"]');
-  expect(image).toBeInTheDocument();
-});

superset-frontend/packages/superset-ui-core/src/components/TelemetryPixel/index.tsx

@@ -23,25 +23,17 @@ interface TelemetryPixelProps {
   version?: string;
   sha?: string;
   build?: string;
-  enabled?: boolean;
 }
 
 /**
  * Renders a telemetry pixel component to capture anonymous, aggregated telemetry via Scarf.
- *
- * Telemetry can be disabled in two ways:
- * - At build time, by setting the SCARF_ANALYTICS environment variable to `false`
- *   (inlined by webpack; only effective when building the frontend yourself).
- * - At runtime, by passing `enabled={false}`, which the app derives from the
- *   `SCARF_ANALYTICS` backend config exposed via the bootstrap payload. This is
- *   what allows opting out in pre-built images, where the build-time flag is fixed.
+ * This can be disabled by setting the SCARF_ANALYTICS environment variable to false.
  *
  * @component
  * @param {TelemetryPixelProps} props - The props for the TelemetryPixel component.
  * @param {string} props.version - The version of  Superset that's currently in use.
  * @param {string} props.sha - The SHA of Superset that's currently in use.
  * @param {string} props.build - The build of Superset that's currently in use.
- * @param {boolean} props.enabled - Runtime opt-out switch; when false the pixel is not rendered.
  * @returns {JSX.Element | null} The rendered TelemetryPixel component.
  */
 
@@ -51,11 +43,9 @@ export const TelemetryPixel = ({
   version = 'unknownVersion',
   sha = 'unknownSHA',
   build = 'unknownBuild',
-  enabled = true,
 }: TelemetryPixelProps): ReactElement | null => {
   const pixelPath = `https://apachesuperset.gateway.scarf.sh/pixel/${PIXEL_ID}/${version}/${sha}/${build}`;
-  const disabled = !enabled || process.env.SCARF_ANALYTICS === 'false';
-  return disabled ? null : (
+  return process.env.SCARF_ANALYTICS === 'false' ? null : (
     <img
       referrerPolicy="no-referrer-when-downgrade"
       src={pixelPath}

superset-frontend/src/features/home/RightMenu.tsx

@@ -133,7 +133,6 @@ const RightMenu = ({
     EXCEL_EXTENSIONS,
     ALLOWED_EXTENSIONS,
     HAS_GSHEETS_INSTALLED,
-    SCARF_ANALYTICS,
   } = useSelector<any, ExtensionConfigs>(state => state.common.conf);
   const [showDatabaseModal, setShowDatabaseModal] = useState<boolean>(false);
   const [showCSVUploadModal, setShowCSVUploadModal] = useState<boolean>(false);
@@ -770,7 +769,6 @@ const RightMenu = ({
         version={navbarRight.version_string}
         sha={navbarRight.version_sha}
         build={navbarRight.build_number}
-        enabled={SCARF_ANALYTICS !== false}
       />
     </StyledDiv>
   );

superset-frontend/src/features/home/types.ts

@@ -36,7 +36,6 @@ export interface ExtensionConfigs {
   COLUMNAR_EXTENSIONS: Array<any>;
   EXCEL_EXTENSIONS: Array<any>;
   HAS_GSHEETS_INSTALLED: boolean;
-  SCARF_ANALYTICS?: boolean;
 }
 export interface RightMenuProps {
   align: 'flex-start' | 'flex-end';

superset/config.py

@@ -2257,13 +2257,6 @@ DATABASE_OAUTH2_TIMEOUT = timedelta(seconds=30)
 # Enable/disable CSP warning
 CONTENT_SECURITY_POLICY_WARNING = True
 
-# Superset uses Scarf (https://about.scarf.sh/) to collect anonymous, aggregated
-# telemetry via a pixel rendered in the UI. Set the SCARF_ANALYTICS environment
-# variable to "false" to opt out. This value is exposed to the frontend through
-# the bootstrap payload so it takes effect at runtime, including in pre-built
-# images where the webpack build-time flag of the same name cannot be changed.
-SCARF_ANALYTICS = utils.cast_to_boolean(os.environ.get("SCARF_ANALYTICS", True))
-
 # Do you want Talisman enabled?
 TALISMAN_ENABLED = utils.cast_to_boolean(os.environ.get("TALISMAN_ENABLED", True))
 

superset/views/base.py

@@ -124,7 +124,6 @@ FRONTEND_CONF_KEYS = (
     "MAPBOX_API_KEY",
     "DEFAULT_MAP_RENDERER",
     "CSV_STREAMING_ROW_THRESHOLD",
-    "SCARF_ANALYTICS",
 )
 
 logger = logging.getLogger(__name__)

tests/unit_tests/views/test_base.py

@@ -75,15 +75,6 @@ def test_default_map_renderer_is_exposed_to_frontend_config() -> None:
     assert "DEFAULT_MAP_RENDERER" in FRONTEND_CONF_KEYS
 
 
-def test_scarf_analytics_is_exposed_to_frontend_config() -> None:
-    """SCARF_ANALYTICS must reach the frontend config so pre-built images can opt
-    out at runtime via the config/env var (the webpack build-time flag cannot be
-    changed there)."""
-    from superset.views.base import FRONTEND_CONF_KEYS
-
-    assert "SCARF_ANALYTICS" in FRONTEND_CONF_KEYS
-
-
 def _extract_language(
     locale_str: str | None,
     languages: dict[str, dict[str, object]] | None = None,