Commit Graph

121 Commits (fix-admintests-rebased)

Author SHA1 Message Date
webzwo0i ea550a651d remove npm i - is this still needed? 2023-10-08 20:15:36 +02:00
webzwo0i 510f0daae3 Remove etherpad-cli-client devDependency.
We use this package when testing rate limiting. We already install it in
Docker, when running the Github workflow, so there is no need to install it by default.

In contrast to other devDependencies this is not required in case you
want to run the backend tests or check the code with eslint etc.
2023-10-08 20:15:34 +02:00
webzwo0i 2f39a7b4bb Use `npm link` to install ep_etherpad-lite. This places a package.json
file in the root directory that references ./src directory as the file
source for `ep_etherpad-lite`.

Remove --legacy-peer-deps and --no-save when invoking npm. There is no
need for them anymore, as we are bumping npm now to v8.

./src/package.json contains all dependencies of Etherpad core
(package name ep_etherpad-lite) as before. The root directory's
package.json file references ep_etherpad-lite and also contains
references to any installed plugins.

Remove npm from package.json as we depend on a recent version now; PATH is still updated as before, so in the future we may install a custom npm version again

lint package-lock: update exception for sqlite3

remove node_modules and package.json during installDeps.sh

update Dockerfile

adapt minify

windows build

Fixed installOnWindows.bat

remove node_modules from git

bump minimal node/npm version in src/bin/functions.sh

add changelog notes

update installdeps

fix dockerfile

docker: test npm prefix set to the etherpad directory

workflow: upgrade-from-latest-release needs to be adapted until next release is out

Revert "docker: test npm prefix set to the etherpad directory"

This reverts commit b856a2488c9dbfb2acf35309cd1ee83016b631ad.

use npm link --bin-links=false to prevent it from copying bin files

temp fix for scripts as they are not installed to bin directory anymore

adjust bin paths in Dockerfile

Dockerfile

add hint for npm link, dockerfile

update dockerfile

Revert "Fixed installOnWindows.bat"

This reverts commit 70d0716bbedc4c0c1043155fcc5d157f01775c61.

try installOnWindows; still TODO: no difference between production and development; no warning like in installDeps.sh before update - it just removes package* and node_modules so admins must be aware of the plugins they want to reinstall later

update installOnWindows.bat

update package-lock.json

Dockerfile

Dockerfile

add file: scheme for lint check - needed as long as we have the plugin compatibility symlinks in ./src/node_modules

fix installOnWindows

upgrade-from-latest-release workflow: adapt cypress installation

src/package.json: test-container fix path to _mocha; maybe revert this in case we enable bin-links again

src/package.json: add test-on-windows script

another try with test-on-windows, without using bin-links

use bin-links on windows

Revert "use bin-links on windows"

This reverts commit f50ec2a9fabe3098d48e8f412b73c01edbe2140e.

invoke mocha binary on windows

run npm i once on windows, to make bin files available - why?

remove supertest on windows production builds

add symlink for mocha

debug

Revert "debug"

This reverts commit 8916a0515ca2897c57ca65fef49fd0b3610d2989.

Revert "add symlink for mocha"

This reverts commit 3c60bef77d2a120d24fce14421fe638598cd849d.

windows workflow: adapt cypress path

frontend admin tests
2023-10-08 20:13:17 +02:00
SamTV12345 f2faa3fa84
Only react to tags starting with v. 2023-09-24 14:06:03 +02:00
SamTV12345 4dfdee941c
Fix/admin test (#5936)
* Add missing awaits.

* Remove rate limiter.

* Readded maxHttpBuffersize.

* Revert "Add missing awaits."

This reverts commit d5a8979841.

* Increased timeout.

* Increased timeout further.

* Toggled down timeout.
2023-09-15 23:06:53 +02:00
SamTV12345 79e1075e88
Fix/admin test (#5934)
* Add missing awaits.

* Remove rate limiter.

* Readded maxHttpBuffersize.

* Revert "Add missing awaits."

This reverts commit d5a8979841.
2023-09-15 22:01:09 +02:00
SamTV12345 239bc2d426
Fixed frontend-admin.yml 2023-09-14 16:47:30 +02:00
SamTV12345 1b01f01ca3
Fix/rate limit in test (#5931)
* build(deps): bump express-rate-limit from 6.11.1 to 7.0.0 in /src

Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) from 6.11.1 to 7.0.0.
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Changelog](https://github.com/express-rate-limit/express-rate-limit/blob/main/changelog.md)
- [Commits](https://github.com/express-rate-limit/express-rate-limit/compare/v6.11.1...v7.0.0)

---
updated-dependencies:
- dependency-name: express-rate-limit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Increase exportratelimit to high number for tests.

* Fixed rate limiting in frontend tests.

* Also do this for the run without plugins.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-14 16:37:52 +02:00
dependabot[bot] 6711c294ed
build(deps): bump docker/setup-buildx-action from 2 to 3 (#5928)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 20:03:42 +02:00
dependabot[bot] ea1cabc4f0
build(deps): bump docker/metadata-action from 4 to 5 (#5924)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4 to 5.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 19:54:17 +02:00
dependabot[bot] c5c861dab4
build(deps): bump docker/build-push-action from 4 to 5 (#5926)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 19:53:42 +02:00
dependabot[bot] 86f4442e7f
build(deps): bump docker/login-action from 2 to 3 (#5927)
Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 19:53:29 +02:00
dependabot[bot] 578fb3ea91
build(deps): bump docker/setup-qemu-action from 2 to 3 (#5925)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-13 19:52:50 +02:00
dependabot[bot] 1413d66417
build(deps): bump actions/checkout from 3 to 4 (#5913)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-05 19:16:08 +02:00
SamTV12345 6f5d8834e4
Readded building windows with tar/Upload windows build on release
* Use windows.

* Fixed windows yml.

* Also upload windows build on tag to release folder.

* Added comment.

* Updated file name to be in sync with release name.

* Revert "Updated file name to be in sync with release name."

This reverts commit 2fbc26a891.

* Reverted and just rename at the end.
2023-09-04 21:57:10 +02:00
dependabot[bot] 66b21e840f
build(deps): bump actions/checkout from 3 to 4 (#5910)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-04 18:51:22 +02:00
SamTV12345 2f5b6b80e1
Fix/windows build (#5861)
* Use updated env var.

* Show bin and src bin.

* Use native link.

* Use link.

* Check file link.

* Use existing installation on github runner.

* Use -P.

* Use git checkout for copying the data to temp directory.

* Use rsync to copy data.

* Remove package from src.

* Use simple copy to copy the dependencies.

* Copy src folder only.
2023-08-08 16:22:25 +02:00
SamTV12345 bc6b05cea6
Skip instead of fail on dependabot. (#5858) 2023-08-03 22:15:35 +02:00
John McLear 1d289520eb
Require Node 16 for Etherpad and target Node 20 for testing (#5771) 2023-06-26 18:11:32 +01:00
John McLear 04826edd3b
github action fix for windows build (#5737)
* github action fix for windows build

* cypress pathing
2023-06-22 01:45:11 +01:00
dependabot[bot] 7ece72503a build(deps): bump actions/dependency-review-action from 1 to 3
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 3.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 13:17:38 +01:00
dependabot[bot] 6eb037525c build(deps): bump actions/stale from 7 to 8
Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v7...v8)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 13:13:52 +01:00
dependabot[bot] ed8b8f0893 build(deps): bump saucelabs/sauce-connect-action from 2.1.1 to 2.3.4
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action) from 2.1.1 to 2.3.4.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases)
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v2.1.1...v2.3.4)

---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 13:11:20 +01:00
dependabot[bot] 5c376ea17a build(deps): bump joncloud/makensis-action from 3.6 to 3.7
Bumps [joncloud/makensis-action](https://github.com/joncloud/makensis-action) from 3.6 to 3.7.
- [Release notes](https://github.com/joncloud/makensis-action/releases)
- [Commits](https://github.com/joncloud/makensis-action/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: joncloud/makensis-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-21 13:11:06 +01:00
dependabot[bot] 0dea4cb1c8 build(deps): bump docker/setup-buildx-action from 1 to 2
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 14:11:58 +01:00
dependabot[bot] 0f557909ba build(deps): bump docker/metadata-action from 3 to 4
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3 to 4.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/docker/metadata-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 13:48:05 +01:00
dependabot[bot] 3879763656 build(deps): bump docker/login-action from 1 to 2
Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 13:46:10 +01:00
dependabot[bot] c175d1ea36 build(deps): bump actions/stale from 5 to 7
Bumps [actions/stale](https://github.com/actions/stale) from 5 to 7.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v5...v7)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 13:44:15 +01:00
dependabot[bot] d4b5ce2db3 build(deps): bump docker/build-push-action from 2 to 4
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2...v4)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-20 13:43:20 +01:00
Alex efe32ac333
GitHub Workflows security hardening (#5598)
* build: harden frontend-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden frontend-admin-tests.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
2023-06-20 13:27:03 +01:00
dependabot[bot] 156348e314 build(deps): bump docker/setup-qemu-action from 1 to 2
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-09-25 00:09:13 +02:00
webzwo0i c28177388a Drop support for Node v12.
Add v18 to test matrix
2022-09-24 22:58:32 +02:00
webzwo0i 21d03c1924 stale workflow: fix syntax 2022-09-24 20:15:55 +02:00
webzwo0i 111ad5c52e fix cypress config 2022-09-24 18:44:15 +02:00
Richard Hansen a059a653ba ci: stale: Don't auto-close issues or PRs
Users can't reopen them, so auto-closing tends to irritate users.
Also, when developer activity drops, stale is less meaningful.
2022-07-16 15:08:32 -04:00
Richard Hansen 3018c33efd ci: stale: Use wontfix for close label, not stale 2022-07-16 15:04:40 -04:00
Richard Hansen a95c7b61ea ci: stale: Switch from app to action
The stale app seems to be unmaintained.
2022-07-16 15:03:42 -04:00
Richard Hansen 00173cf55d Windows build: Consolidate Windows workflows 2022-05-14 18:25:29 -04:00
Richard Hansen b1d48bb333 Windows build: Extract .zip outside repo clone 2022-05-14 17:50:46 -04:00
Richard Hansen 52dd6a26bc Windows build: Rename the `.exe` for consistency 2022-05-14 17:46:32 -04:00
Richard Hansen 8a2ef69873 Windows build: Move NSIS installer script to this repo 2022-05-14 17:46:32 -04:00
Richard Hansen e71f69ec72 Windows build: Rename zip to `etherpad-win.zip` 2022-05-14 17:45:30 -04:00
dependabot[bot] 0adc027e25 build(deps): bump github/codeql-action from 1 to 2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-05-02 21:30:46 -04:00
Naveen 77e036e8d3 chore(deps): Included dependency review
> Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
2022-05-02 21:27:57 -04:00
naveen 2929a3c0bd chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-02 20:48:01 -04:00
dependabot[bot] 5e99ae772a build(deps): bump actions/upload-artifact from 2 to 3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 21:44:53 -04:00
dependabot[bot] d7c44c5725 build(deps): bump actions/download-artifact from 2 to 3
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 21:44:21 -04:00
Grant Slater a11cf67de7 Docker: use buildx to build amd64 and arm64 images 2022-03-20 22:11:09 -04:00
Richard Hansen 5748c76db3 ci: docker: Show Etherpad logs 2022-03-12 00:40:48 -05:00
Richard Hansen 178db7508f ci: docker: Wait for container to be healthy 2022-03-12 00:40:48 -05:00