Merge tag 'v18.0.0' into sc

* Implement changes to MSC2285 (private read receipts) ([\matrix-org#2221](matrix-org#2221)).
* Add support for HTML renderings of room topics ([\matrix-org#2272](matrix-org#2272)).
* Add stopClient parameter to MatrixClient::logout ([\matrix-org#2367](matrix-org#2367)).
* registration: add function to re-request email token ([\matrix-org#2357](matrix-org#2357)).
* Remove hacky custom status feature ([\matrix-org#2350](matrix-org#2350)).
* Remove default push rule override for MSC1930 ([\matrix-org#2376](matrix-org#2376)). Fixes element-hq/element-web#15439.
* Tweak thread creation & event adding to fix bugs around relations ([\matrix-org#2369](matrix-org#2369)). Fixes element-hq/element-web#22162 and element-hq/element-web#22180.
* Prune both clear & wire content on redaction ([\matrix-org#2346](matrix-org#2346)). Fixes element-hq/element-web#21929.
* MSC3786: Add a default push rule to ignore `m.room.server_acl` events ([\matrix-org#2333](matrix-org#2333)). Fixes element-hq/element-web#20788.

.github/workflows/notify-downstream.yaml

@@ -2,13 +2,24 @@ name: Notify Downstream Projects
 on:
   push:
     branches: [ develop ]
+concurrency: ${{ github.workflow }}-${{ github.ref }}
 jobs:
-  notify-matrix-react-sdk:
+  notify-downstream:
+    continue-on-error: true
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - repo: vector-im/element-web
+            event: element-web-notify
+          - repo: matrix-org/matrix-react-sdk
+            event: upstream-sdk-notify
+
     runs-on: ubuntu-latest
     steps:
       - name: Notify matrix-react-sdk repo that a new SDK build is on develop so it can CI against it
         uses: peter-evans/repository-dispatch@v1
         with:
           token: ${{ secrets.ELEMENT_BOT_TOKEN }}
-          repository: vector-im/element-web
-          event-type: upstream-sdk-notify
+          repository: ${{ matrix.repo }}
+          event-type: ${{ matrix.event }}

.github/workflows/pr_details.yml

@@ -0,0 +1,59 @@
+# Find details about the PR associated with this ref
+# Outputs:
+#  prnumber: the ID number of the associated PR
+#  headref: the name of the head branch of the PR
+#  baseref: the name of the base branch of the PR
+name: PR Details
+on:
+  workflow_call:
+    inputs:
+      owner:
+        type: string
+        required: true
+        description: The github username of the owner of the head branch
+      branch:
+        type: string
+        required: true
+        description: The name of the head branch
+    outputs:
+      pr_id:
+        description: The ID of the PR found
+        value: ${{ jobs.prdetails.outputs.pr_id }}
+      head_branch:
+        description: The head branch of the PR found
+        value: ${{ jobs.prdetails.outputs.head_branch }}
+      base_branch:
+        description: The base branch of the PR found
+        value: ${{ jobs.prdetails.outputs.base_branch }}
+
+jobs:
+  prdetails:
+    name: Find PR Details
+    runs-on: ubuntu-latest
+    steps:
+      - name: "🔍 Read PR details"
+        id: details
+        # We need to find the PR number that corresponds to the branch, which we do by searching the GH API
+        # The workflow_run event includes a list of pull requests, but it doesn't get populated for
+        # forked PRs: https://docs.github.com/en/rest/reference/checks#create-a-check-run
+        run: |
+          head_branch='${{ inputs.owner }}:${{ inputs.branch }}'
+          echo "Head branch: $head_branch"
+          pulls_uri="https://api.github.com/repos/${{ github.repository }}/pulls?head=$(jq -Rr '@uri' <<<$head_branch)"
+          pr_data=$(curl -s -H 'Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "$pulls_uri")
+
+          pr_number=$(jq -r '.[] | .number' <<< "$pr_data")
+          echo "PR number: $pr_number"
+          echo "::set-output name=prnumber::$pr_number"
+
+          head_ref=$(jq -r '.[] | .head.ref' <<< "$pr_data")
+          echo "Head ref: $head_ref"
+          echo "::set-output name=headref::$head_ref"
+
+          base_ref=$(jq -r '.[] | .base.ref' <<< "$pr_data")
+          echo "Base ref: $base_ref"
+          echo "::set-output name=baseref::$base_ref"
+    outputs:
+      pr_id: ${{ steps.details.outputs.prnumber }}
+      head_branch: ${{ steps.details.outputs.headref }}
+      base_branch: ${{ steps.details.outputs.baseref }}

.github/workflows/pull_request.yaml

@@ -1,10 +1,14 @@
 name: Pull Request
 on:
   pull_request_target:
-    types: [ opened, edited, labeled, unlabeled ]
+    types: [ opened, edited, labeled, unlabeled, synchronize ]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
   changelog:
     name: Preview Changelog
+    if: github.event.action != 'synchronize'
     runs-on: ubuntu-latest
     steps:
       - uses: matrix-org/allchange@main

.github/workflows/sonarcloud.yml

@@ -0,0 +1,91 @@
+name: SonarCloud
+on:
+  workflow_call:
+    inputs:
+      repo:
+        type: string
+        required: true
+        description: The full name of the repo in org/repo format
+      head_branch:
+        type: string
+        required: true
+        description: The name of the head branch
+      # We cannot use ${{ github.sha }} here as for pull requests it'll be a simulated merge commit instead
+      revision:
+        type: string
+        required: true
+        description: The git revision with which this sonar run should be associated
+
+      # Coverage specific parameters, assumes coverage reports live in a /coverage/ directory
+      coverage_workflow_name:
+        type: string
+        required: false
+        description: The name of the workflow which uploaded the `coverage` artifact, if any
+      coverage_run_id:
+        type: string
+        required: false
+        description: The run_id of the workflow which upload the coverage relevant to this run
+
+      # PR specific parameters
+      pr_id:
+        type: string
+        required: false
+        description: The ID number of the PR if this workflow is being triggered due to one
+      base_branch:
+        type: string
+        required: false
+        description: The base branch of the PR if this workflow is being triggered due to one
+
+      # Org specific parameters
+      main_branch:
+        type: string
+        required: false
+        description: The default branch of the repository
+        default: "develop"
+    secrets:
+      SONAR_TOKEN:
+        required: true
+jobs:
+  analysis:
+    name: Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: "🧮 Checkout code"
+        uses: actions/checkout@v3
+        with:
+          repository: ${{ inputs.repo }}
+          ref: ${{ inputs.head_branch }} # checkout commit that triggered this workflow
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+
+      # Fetch develop so that Sonar can identify new issues in PR builds
+      - name: "📕 Fetch ${{ inputs.main_branch }}"
+        if: inputs.head_branch != inputs.main_branch
+        run: git rev-parse HEAD && git fetch origin ${{ inputs.main_branch }}:${{ inputs.main_branch }} && git status && git rev-parse HEAD
+
+      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
+      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
+      - name: "📥 Download Coverage Report"
+        uses: dawidd6/action-download-artifact@v2
+        if: inputs.coverage_workflow_name
+        with:
+          workflow: ${{ inputs.coverage_workflow_name }}
+          run_id: ${{ inputs.coverage_run_id }}
+          name: coverage
+          path: coverage
+
+      - name: "🔍 Read package.json version"
+        id: version
+        uses: martinbeentjes/npm-get-version-action@main
+
+      - name: "🩻 SonarCloud Scan"
+        uses: SonarSource/sonarcloud-github-action@master
+        with:
+          args: >
+            -Dsonar.projectVersion=${{ steps.version.outputs.current-version }}
+            -Dsonar.scm.revision=${{ inputs.revision }}
+            -Dsonar.pullrequest.key=${{ inputs.pr_id }}
+            -Dsonar.pullrequest.branch=${{ inputs.pr_id && inputs.head_branch }}
+            -Dsonar.pullrequest.base=${{ inputs.pr_id && inputs.base_branch }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/sonarqube.yml

@@ -4,44 +4,34 @@ on:
     workflows: [ "Tests" ]
     types:
       - completed
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
-  sonarqube:
-    name: SonarQube
-    runs-on: ubuntu-latest
-    if: github.event.workflow_run.conclusion == 'success'
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-
-      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
-      # (https://github.com/actions/download-artifact/issues/60) so instead we get this mess:
-      - name: Download Coverage Report
-        uses: actions/github-script@v3.1.0
-        with:
-          script: |
-            const artifacts = await github.actions.listWorkflowRunArtifacts({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                run_id: ${{ github.event.workflow_run.id }},
-            });
-            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
-                return artifact.name == "coverage"
-            })[0];
-            const download = await github.actions.downloadArtifact({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                artifact_id: matchArtifact.id,
-                archive_format: 'zip',
-            });
-            const fs = require('fs');
-            fs.writeFileSync('${{github.workspace}}/coverage.zip', Buffer.from(download.data));
+  prdetails:
+    name: ℹ️ PR Details
+    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
+    uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
+    with:
+      owner: ${{ github.event.workflow_run.head_repository.owner.login }}
+      branch: ${{ github.event.workflow_run.head_branch }}
 
-      - name: Extract Coverage Report
-        run: unzip -d coverage coverage.zip && rm coverage.zip
-
-      - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  sonarqube:
+    name: 🩻 SonarQube
+    needs: prdetails
+    # Only wait for prdetails if it isn't skipped
+    if: |
+      always() &&
+      (needs.prdetails.result == 'success' || needs.prdetails.result == 'skipped') &&
+      github.event.workflow_run.conclusion == 'success'
+    uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
+    with:
+      repo: ${{ github.event.workflow_run.head_repository.full_name }}
+      pr_id: ${{ needs.prdetails.outputs.pr_id }}
+      head_branch: ${{ needs.prdetails.outputs.head_branch || github.event.workflow_run.head_branch }}
+      base_branch: ${{ needs.prdetails.outputs.base_branch }}
+      revision: ${{ github.event.workflow_run.head_sha }}
+      coverage_workflow_name: tests.yml
+      coverage_run_id: ${{ github.event.workflow_run.id }}
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/static_analysis.yml

@@ -3,6 +3,9 @@ on:
   pull_request: { }
   push:
     branches: [ develop, master ]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
   ts_lint:
     name: "Typescript Syntax Check"

.github/workflows/tests.yml

@@ -2,7 +2,10 @@ name: Tests
 on:
   pull_request: { }
   push:
-    branches: [ develop, main, master ]
+    branches: [ develop, master ]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 jobs:
   jest:
     name: Jest

.github/workflows/upgrade_dependencies.yml

@@ -0,0 +1,38 @@
+name: Upgrade Dependencies
+on:
+  workflow_dispatch: { }
+  workflow_call:
+    secrets:
+      ELEMENT_BOT_TOKEN:
+        required: true
+jobs:
+  upgrade:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: actions/setup-node@v3
+        with:
+          cache: 'yarn'
+
+      - name: Upgrade
+        run: yarn upgrade && yarn install
+
+      - name: Create Pull Request
+        id: cpr
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+          branch: actions/upgrade-deps
+          delete-branch: true
+          title: Upgrade dependencies
+          labels: |
+            Dependencies
+            T-Task
+          
+      - name: Enable automerge
+        uses: peter-evans/enable-pull-request-automerge@v2
+        if: steps.cpr.outputs.pull-request-operation == 'created'
+        with:
+          token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}

CHANGELOG.md

@@ -1,3 +1,21 @@
+Changes in [18.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v18.0.0) (2022-05-24)
+==================================================================================================
+
+## 🚨 BREAKING CHANGES (to experimental methods)
+ * Implement changes to MSC2285 (private read receipts) ([\#2221](https://github.com/matrix-org/matrix-js-sdk/pull/2221)).
+
+## ✨ Features
+ * Add support for HTML renderings of room topics ([\#2272](https://github.com/matrix-org/matrix-js-sdk/pull/2272)).
+ * Add stopClient parameter to MatrixClient::logout ([\#2367](https://github.com/matrix-org/matrix-js-sdk/pull/2367)).
+ * registration: add function to re-request email token ([\#2357](https://github.com/matrix-org/matrix-js-sdk/pull/2357)).
+ * Remove hacky custom status feature ([\#2350](https://github.com/matrix-org/matrix-js-sdk/pull/2350)).
+
+## 🐛 Bug Fixes
+ * Remove default push rule override for MSC1930 ([\#2376](https://github.com/matrix-org/matrix-js-sdk/pull/2376)). Fixes vector-im/element-web#15439.
+ * Tweak thread creation & event adding to fix bugs around relations ([\#2369](https://github.com/matrix-org/matrix-js-sdk/pull/2369)). Fixes vector-im/element-web#22162 and vector-im/element-web#22180.
+ * Prune both clear & wire content on redaction ([\#2346](https://github.com/matrix-org/matrix-js-sdk/pull/2346)). Fixes vector-im/element-web#21929.
+ * MSC3786: Add a default push rule to ignore `m.room.server_acl` events ([\#2333](https://github.com/matrix-org/matrix-js-sdk/pull/2333)). Fixes vector-im/element-web#20788.
+
 Changes in [17.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v17.2.0) (2022-05-10)
 ==================================================================================================
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "matrix-js-sdk",
-  "version": "17.2.0",
+  "version": "18.0.0",
   "description": "Matrix Client-Server SDK for Javascript",
   "engines": {
     "node": ">=12.9.0"

sonar-project.properties

@@ -1,13 +1,6 @@
 sonar.projectKey=matrix-js-sdk
 sonar.organization=matrix-org
 
-# This is the name and version displayed in the SonarCloud UI.
-#sonar.projectName=matrix-js-sdk
-#sonar.projectVersion=1.0
-
-# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
-#sonar.sources=.
-
 # Encoding of the source code. Default is default system encoding
 #sonar.sourceEncoding=UTF-8
 
@@ -17,5 +10,7 @@ sonar.exclusions=docs,examples,git-hooks
 
 sonar.typescript.tsconfigPath=./tsconfig.json
 sonar.javascript.lcov.reportPaths=coverage/lcov.info
-sonar.coverage.exclusions=spec/*.ts
+sonar.coverage.exclusions=spec/**/*
 sonar.testExecutionReportPaths=coverage/test-report.xml
+
+sonar.lang.patterns.ts=**/*.ts,**/*.tsx