diff --git a/.env.prod.default b/.env.prod.default index 98685687272..70ad7eec1f0 100644 --- a/.env.prod.default +++ b/.env.prod.default @@ -13,6 +13,6 @@ DOCKER_COMPOSE_APP_PROD_PORT_TARGET=9001 # Here, you can customize default pad text that will appear as the first string on each new pad. DOCKER_COMPOSE_APP_PROD_ENV_DEFAULT_PAD_TEXT="Willkommen beim kits Etherpad" -DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_DATABASE= -DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PASSWORD= -DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_USER= \ No newline at end of file +DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_DATABASE= +DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_PASSWORD= +DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_USER= \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 58200fd3caf..00000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,21 +0,0 @@ -version: 2 -updates: - # Maintain dependencies for GitHub Actions - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" - - package-ecosystem: "docker" - directory: "/" - schedule: - interval: "daily" - - package-ecosystem: "npm" - directory: "/src" - schedule: - interval: "daily" - versioning-strategy: "increase" - - package-ecosystem: "npm" - directory: "/src/bin/doc" - schedule: - interval: "daily" - versioning-strategy: "increase" diff --git a/.github/workflows/backend-tests.yml b/.github/workflows/backend-tests.yml deleted file mode 100644 index c16b79a5e7b..00000000000 --- a/.github/workflows/backend-tests.yml +++ /dev/null @@ -1,203 +0,0 @@ -name: "Backend tests" - -# any branch is useful for testing before a PR is submitted -on: [push, pull_request] - -permissions: - contents: read - -jobs: - withoutpluginsLinux: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: Linux without plugins - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - node: [14, 16, 18] - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node }} - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install libreoffice - run: | - sudo add-apt-repository -y ppa:libreoffice/ppa - sudo apt update - sudo apt install -y --no-install-recommends libreoffice libreoffice-pdfimport - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: Run the backend tests - run: cd src && npm test - - withpluginsLinux: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: Linux with Plugins - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - node: [14, 16, 18] - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node }} - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install libreoffice - run: | - sudo add-apt-repository -y ppa:libreoffice/ppa - sudo apt update - sudo apt install -y --no-install-recommends libreoffice libreoffice-pdfimport - - - name: Install Etherpad plugins - # The --legacy-peer-deps flag is required to work around a bug in npm v7: - # https://github.com/npm/cli/issues/2199 - run: > - npm install --no-save --legacy-peer-deps - ep_align - ep_author_hover - ep_cursortrace - ep_font_size - ep_hash_auth - ep_headings2 - ep_image_upload - ep_markdown - ep_readonly_guest - ep_set_title_on_pad - ep_spellcheck - ep_subscript_and_superscript - ep_table_of_contents - # Etherpad core dependencies must be installed after installing the - # plugin's dependencies, otherwise npm will try to hoist common - # dependencies by removing them from src/node_modules and installing them - # in the top-level node_modules. As of v6.14.10, npm's hoist logic appears - # to be buggy, because it sometimes removes dependencies from - # src/node_modules but fails to add them to the top-level node_modules. - # Even if npm correctly hoists the dependencies, the hoisting seems to - # confuse tools such as `npm outdated`, `npm update`, and some ESLint - # rules. - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: Run the backend tests - run: cd src && npm test - - withoutpluginsWindows: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: Windows without plugins - runs-on: windows-latest - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installOnWindows.bat - - - name: Fix up the settings.json - run: | - powershell -Command "(gc settings.json.template) -replace '\"max\": 10', '\"max\": 10000' | Out-File -encoding ASCII settings.json.holder" - powershell -Command "(gc settings.json.holder) -replace '\"points\": 10', '\"points\": 1000' | Out-File -encoding ASCII settings.json" - - - name: Run the backend tests - run: cd src && npm test - - withpluginsWindows: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: Windows with Plugins - runs-on: windows-latest - - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install Etherpad plugins - # The --legacy-peer-deps flag is required to work around a bug in npm - # v7: https://github.com/npm/cli/issues/2199 - run: > - npm install --no-save --legacy-peer-deps - ep_align - ep_author_hover - ep_cursortrace - ep_font_size - ep_hash_auth - ep_headings2 - ep_image_upload - ep_markdown - ep_readonly_guest - ep_set_title_on_pad - ep_spellcheck - ep_subscript_and_superscript - ep_table_of_contents - # Etherpad core dependencies must be installed after installing the - # plugin's dependencies, otherwise npm will try to hoist common - # dependencies by removing them from src/node_modules and installing them - # in the top-level node_modules. As of v6.14.10, npm's hoist logic appears - # to be buggy, because it sometimes removes dependencies from - # src/node_modules but fails to add them to the top-level node_modules. - # Even if npm correctly hoists the dependencies, the hoisting seems to - # confuse tools such as `npm outdated`, `npm update`, and some ESLint - # rules. - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installOnWindows.bat - - - name: Fix up the settings.json - run: | - powershell -Command "(gc settings.json.template) -replace '\"max\": 10', '\"max\": 10000' | Out-File -encoding ASCII settings.json.holder" - powershell -Command "(gc settings.json.holder) -replace '\"points\": 10', '\"points\": 1000' | Out-File -encoding ASCII settings.json" - - - name: Run the backend tests - run: cd src && npm test diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index ceb8d29b522..00000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [develop, master] - pull_request: - # The branches below must be a subset of the branches above - branches: [develop] - schedule: - - cron: '0 13 * * 1' - -permissions: - contents: read - -jobs: - analyze: - permissions: - actions: read # for github/codeql-action/init to get workflow details - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/autobuild to send a status report - name: Analyze - runs-on: ubuntu-latest - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml deleted file mode 100644 index 0e72a00efcd..00000000000 --- a/.github/workflows/dependency-review.yml +++ /dev/null @@ -1,20 +0,0 @@ -# Dependency Review Action -# -# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. -# -# Source repository: https://github.com/actions/dependency-review-action -# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement -name: 'Dependency Review' -on: [pull_request] - -permissions: - contents: read - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: 'Checkout Repository' - uses: actions/checkout@v3 - - name: 'Dependency Review' - uses: actions/dependency-review-action@v1 diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index fc820b2df5e..00000000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: Docker -on: - pull_request: - push: - branches: - - 'develop' - tags: - - 'v?[0-9]+.[0-9]+.[0-9]+' -env: - TEST_TAG: etherpad/etherpad:test -permissions: - contents: read - -jobs: - docker: - runs-on: ubuntu-latest - steps: - - - name: Check out - uses: actions/checkout@v3 - - - name: Set up QEMU - if: github.event_name == 'push' - uses: docker/setup-qemu-action@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Build and export to Docker - uses: docker/build-push-action@v2 - with: - context: . - load: true - tags: ${{ env.TEST_TAG }} - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Set up Node.js - uses: actions/setup-node@v3 - with: - node-version: 'lts/*' - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Test - run: | - docker run --rm -d -p 9001:9001 --name test ${{ env.TEST_TAG }} - docker logs -f test & - ./src/bin/installDeps.sh - while true; do - echo "Waiting for Docker container to start..." - status=$(docker container inspect -f '{{.State.Health.Status}}' test) || exit 1 - case ${status} in - healthy) break;; - starting) sleep 2;; - *) printf %s\\n "unexpected status: ${status}" >&2; exit 1;; - esac - done - (cd src && npm run test-container) - git clean -dxf . - - - name: Docker meta - if: github.event_name == 'push' - id: meta - uses: docker/metadata-action@v3 - with: - images: etherpad/etherpad - tags: | - type=ref,event=branch - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - - - name: Log in to Docker Hub - if: github.event_name == 'push' - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push - if: github.event_name == 'push' - uses: docker/build-push-action@v2 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/frontend-admin-tests.yml b/.github/workflows/frontend-admin-tests.yml deleted file mode 100644 index db657536a04..00000000000 --- a/.github/workflows/frontend-admin-tests.yml +++ /dev/null @@ -1,98 +0,0 @@ -# Leave the powered by Sauce Labs bit in as this means we get additional concurrency -name: "Frontend admin tests powered by Sauce Labs" - -on: [push] - -jobs: - withplugins: - name: with plugins - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - node: [14, 16, 18] - - steps: - - - name: Fail if Dependabot - if: github.actor == 'dependabot[bot]' - run: | - cat <&2 - Frontend tests skipped because Dependabot can't access secrets. - Manually re-run the jobs to run the frontend tests. - For more information, see: - https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ - EOF - exit 1 - - - name: Generate Sauce Labs strings - id: sauce_strings - run: | - printf %s\\n '::set-output name=name::${{ github.workflow }} - ${{ github.job }} - Node ${{ matrix.node }}' - printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}-node${{ matrix.node }}' - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node }} - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install etherpad plugins - # We intentionally install an old ep_align version to test upgrades to - # the minor version number. The --legacy-peer-deps flag is required to - # work around a bug in npm v7: https://github.com/npm/cli/issues/2199 - run: npm install --no-save --legacy-peer-deps ep_align@0.2.27 - # Etherpad core dependencies must be installed after installing the - # plugin's dependencies, otherwise npm will try to hoist common - # dependencies by removing them from src/node_modules and installing them - # in the top-level node_modules. As of v6.14.10, npm's hoist logic appears - # to be buggy, because it sometimes removes dependencies from - # src/node_modules but fails to add them to the top-level node_modules. - # Even if npm correctly hoists the dependencies, the hoisting seems to - # confuse tools such as `npm outdated`, `npm update`, and some ESLint - # rules. - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: Install etherpad plugins - run: rm -Rf node_modules/ep_align/static/tests/* - - - name: export GIT_HASH to env - id: environment - run: echo "::set-output name=sha_short::$(git rev-parse --short ${{ github.sha }})" - - - name: Create settings.json - run: cp settings.json.template settings.json - - - name: Write custom settings.json that enables the Admin UI tests - run: "sed -i 's/\"enableAdminUITests\": false/\"enableAdminUITests\": true,\\n\"users\":{\"admin\":{\"password\":\"changeme\",\"is_admin\":true}}/' settings.json" - - - name: increase maxHttpBufferSize - run: "sed -i 's/\"maxHttpBufferSize\": 10000/\"maxHttpBufferSize\": 100000/' settings.json" - - - name: Remove standard frontend test files, so only admin tests are run - run: mv src/tests/frontend/specs/* /tmp && mv /tmp/admin*.js src/tests/frontend/specs - - - uses: saucelabs/sauce-connect-action@v2.1.1 - with: - username: ${{ secrets.SAUCE_USERNAME }} - accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} - tunnelIdentifier: ${{ steps.sauce_strings.outputs.tunnel_id }} - - - name: Run the frontend admin tests - shell: bash - env: - SAUCE_USERNAME: ${{ secrets.SAUCE_USERNAME }} - SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} - SAUCE_NAME: ${{ steps.sauce_strings.outputs.name }} - TRAVIS_JOB_NUMBER: ${{ steps.sauce_strings.outputs.tunnel_id }} - GIT_HASH: ${{ steps.environment.outputs.sha_short }} - run: | - src/tests/frontend/travis/adminrunner.sh diff --git a/.github/workflows/frontend-tests.yml b/.github/workflows/frontend-tests.yml deleted file mode 100644 index 37dc61bbdb1..00000000000 --- a/.github/workflows/frontend-tests.yml +++ /dev/null @@ -1,166 +0,0 @@ -# Leave the powered by Sauce Labs bit in as this means we get additional concurrency -name: "Frontend tests powered by Sauce Labs" - -on: [push] - -jobs: - withoutplugins: - name: without plugins - runs-on: ubuntu-latest - steps: - - - name: Fail if Dependabot - if: github.actor == 'dependabot[bot]' - run: | - cat <&2 - Frontend tests skipped because Dependabot can't access secrets. - Manually re-run the jobs to run the frontend tests. - For more information, see: - https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ - EOF - exit 1 - - - name: Generate Sauce Labs strings - id: sauce_strings - run: | - printf %s\\n '::set-output name=name::${{ github.workflow }} - ${{ github.job }}' - printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}' - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: export GIT_HASH to env - id: environment - run: echo "::set-output name=sha_short::$(git rev-parse --short ${{ github.sha }})" - - - name: Create settings.json - run: cp settings.json.template settings.json - - - name: Disable import/export rate limiting - run: | - sed -e '/^ *"importExportRateLimiting":/,/^ *\}/ s/"max":.*/"max": 0/' -i settings.json - - - uses: saucelabs/sauce-connect-action@v2.1.1 - with: - username: ${{ secrets.SAUCE_USERNAME }} - accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} - tunnelIdentifier: ${{ steps.sauce_strings.outputs.tunnel_id }} - - - name: Run the frontend tests - shell: bash - env: - SAUCE_USERNAME: ${{ secrets.SAUCE_USERNAME }} - SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} - SAUCE_NAME: ${{ steps.sauce_strings.outputs.name }} - TRAVIS_JOB_NUMBER: ${{ steps.sauce_strings.outputs.tunnel_id }} - GIT_HASH: ${{ steps.environment.outputs.sha_short }} - run: | - src/tests/frontend/travis/runner.sh - - withplugins: - name: with plugins - runs-on: ubuntu-latest - steps: - - - name: Fail if Dependabot - if: github.actor == 'dependabot[bot]' - run: | - cat <&2 - Frontend tests skipped because Dependabot can't access secrets. - Manually re-run the jobs to run the frontend tests. - For more information, see: - https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ - EOF - exit 1 - - - name: Generate Sauce Labs strings - id: sauce_strings - run: | - printf %s\\n '::set-output name=name::${{ github.workflow }} - ${{ github.job }}' - printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}' - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install Etherpad plugins - # The --legacy-peer-deps flag is required to work around a bug in npm v7: - # https://github.com/npm/cli/issues/2199 - run: > - npm install --no-save --legacy-peer-deps - ep_align - ep_author_hover - ep_cursortrace - ep_embedmedia - ep_font_size - ep_hash_auth - ep_headings2 - ep_image_upload - ep_markdown - ep_readonly_guest - ep_set_title_on_pad - ep_spellcheck - ep_subscript_and_superscript - ep_table_of_contents - # Etherpad core dependencies must be installed after installing the - # plugin's dependencies, otherwise npm will try to hoist common - # dependencies by removing them from src/node_modules and installing them - # in the top-level node_modules. As of v6.14.10, npm's hoist logic appears - # to be buggy, because it sometimes removes dependencies from - # src/node_modules but fails to add them to the top-level node_modules. - # Even if npm correctly hoists the dependencies, the hoisting seems to - # confuse tools such as `npm outdated`, `npm update`, and some ESLint - # rules. - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: export GIT_HASH to env - id: environment - run: echo "::set-output name=sha_short::$(git rev-parse --short ${{ github.sha }})" - - - name: Create settings.json - run: cp settings.json.template settings.json - - - name: Disable import/export rate limiting - run: | - sed -e '/^ *"importExportRateLimiting":/,/^ *\}/ s/"max":.*/"max": 0/' -i settings.json - # XXX we should probably run all tests, because plugins could effect their results - - - name: Remove standard frontend test files, so only plugin tests are run - run: rm src/tests/frontend/specs/* - - - uses: saucelabs/sauce-connect-action@v2.1.1 - with: - username: ${{ secrets.SAUCE_USERNAME }} - accessKey: ${{ secrets.SAUCE_ACCESS_KEY }} - tunnelIdentifier: ${{ steps.sauce_strings.outputs.tunnel_id }} - - - name: Run the frontend tests - shell: bash - env: - SAUCE_USERNAME: ${{ secrets.SAUCE_USERNAME }} - SAUCE_ACCESS_KEY: ${{ secrets.SAUCE_ACCESS_KEY }} - SAUCE_NAME: ${{ steps.sauce_strings.outputs.name }} - TRAVIS_JOB_NUMBER: ${{ steps.sauce_strings.outputs.tunnel_id }} - GIT_HASH: ${{ steps.environment.outputs.sha_short }} - run: | - src/tests/frontend/travis/runner.sh diff --git a/.github/workflows/lint-package-lock.yml b/.github/workflows/lint-package-lock.yml deleted file mode 100644 index bc05a1a52ac..00000000000 --- a/.github/workflows/lint-package-lock.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "Lint" - -# any branch is useful for testing before a PR is submitted -on: [push, pull_request] - -permissions: - contents: read - -jobs: - lint-package-lock: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: package-lock.json - runs-on: ubuntu-latest - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install lockfile-lint - run: npm install --no-save lockfile-lint - - - name: Run lockfile-lint on package-lock.json - run: > - npx lockfile-lint - --path src/package-lock.json - --allowed-hosts npm - --allowed-schemes https: - --allowed-schemes github: - --allowed-urls github:mapbox/node-sqlite3#593c9d498be2510d286349134537e3bf89401c4a diff --git a/.github/workflows/load-test.yml b/.github/workflows/load-test.yml deleted file mode 100644 index 9d8c4fd9b8c..00000000000 --- a/.github/workflows/load-test.yml +++ /dev/null @@ -1,125 +0,0 @@ -name: "Loadtest" - -# any branch is useful for testing before a PR is submitted -on: [push, pull_request] - -permissions: - contents: read - -jobs: - withoutplugins: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: without plugins - runs-on: ubuntu-latest - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: Install etherpad-load-test - run: sudo npm install -g etherpad-load-test - - - name: Run load test - run: src/tests/frontend/travis/runnerLoadTest.sh 25 50 - - withplugins: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: with Plugins - runs-on: ubuntu-latest - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install etherpad-load-test - run: sudo npm install -g etherpad-load-test - - - name: Install etherpad plugins - # The --legacy-peer-deps flag is required to work around a bug in npm v7: - # https://github.com/npm/cli/issues/2199 - run: > - npm install --no-save --legacy-peer-deps - ep_align - ep_author_hover - ep_cursortrace - ep_font_size - ep_hash_auth - ep_headings2 - ep_markdown - ep_readonly_guest - ep_set_title_on_pad - ep_spellcheck - ep_subscript_and_superscript - ep_table_of_contents - # Etherpad core dependencies must be installed after installing the - # plugin's dependencies, otherwise npm will try to hoist common - # dependencies by removing them from src/node_modules and installing them - # in the top-level node_modules. As of v6.14.10, npm's hoist logic appears - # to be buggy, because it sometimes removes dependencies from - # src/node_modules but fails to add them to the top-level node_modules. - # Even if npm correctly hoists the dependencies, the hoisting seems to - # confuse tools such as `npm outdated`, `npm update`, and some ESLint - # rules. - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: Run load test - run: src/tests/frontend/travis/runnerLoadTest.sh 25 50 - - long: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: long running - runs-on: ubuntu-latest - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: Install etherpad-load-test - run: sudo npm install -g etherpad-load-test - - - name: Run load test - run: src/tests/frontend/travis/runnerLoadTest.sh 5000 5 diff --git a/.github/workflows/rate-limit.yml b/.github/workflows/rate-limit.yml deleted file mode 100644 index 7df7aa4ce3d..00000000000 --- a/.github/workflows/rate-limit.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: "rate limit" - -# any branch is useful for testing before a PR is submitted -on: [push, pull_request] - -permissions: - contents: read - -jobs: - ratelimit: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: test - runs-on: ubuntu-latest - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: docker network - run: docker network create --subnet=172.23.42.0/16 ep_net - - - name: build docker image - run: | - docker build -f Dockerfile -t epl-debian-slim . - docker build -f src/tests/ratelimit/Dockerfile.nginx -t nginx-latest . - docker build -f src/tests/ratelimit/Dockerfile.anotherip -t anotherip . - - - name: run docker images - run: | - docker run --name etherpad-docker -p 9000:9001 --rm --network ep_net --ip 172.23.42.2 -e 'TRUST_PROXY=true' epl-debian-slim & - docker run -p 8081:80 --rm --network ep_net --ip 172.23.42.1 -d nginx-latest - docker run --rm --network ep_net --ip 172.23.42.3 --name anotherip -dt anotherip - - - name: install dependencies and create symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: run rate limit test - run: | - cd src/tests/ratelimit - ./testlimits.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000000..d045a14f416 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,61 @@ +# https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# GitHub recommends pinning actions to a commit SHA. +# To get a newer version, you will need to update the SHA. +# You can also reference a tag or branch, but the action may change without warning. + +name: Create and publish a Docker image + +on: + push: + branches: + - kits + - postgresql-migration + release: + types: [published] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + platforms: linux/amd64,linux/arm64/v8 + build-args: | + ETHERPAD_PLUGINS=kitsteam/ep_comments_page kitsteam/ep_push2delete ep_image_upload ep_embedded_hyperlinks2 ep_headings2 ep_align ep_font_color ep_delete_empty_pads ep_delete_after_delay ep_helmet ep_font_size ep_disable_imports + INSTALL_SOFFICE=true + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 84036a8144f..00000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: 'Close stale issues and PRs' -on: - schedule: - - cron: '30 6 * * *' -permissions: - issues: write - pull-requests: write -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v5 - with: - close-issue-label: wontfix - close-pr-label: wontfix - days-before-close: -1 - exempt-issue-labels: 'pinned,security,Bug,Serious Bug,Minor bug,Black hole bug,Special case Bug,Upstream bug,Feature Request' - exempt-pr-labels: 'pinned,security,Bug,Serious Bug,Minor bug,Black hole bug,Special case Bug,Upstream bug,Feature Request' diff --git a/.github/workflows/upgrade-from-latest-release.yml b/.github/workflows/upgrade-from-latest-release.yml deleted file mode 100644 index a00e9540d0f..00000000000 --- a/.github/workflows/upgrade-from-latest-release.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: "Upgrade from latest release" - -# any branch is useful for testing before a PR is submitted -on: [push, pull_request] - -permissions: - contents: read - -jobs: - withpluginsLinux: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: Linux with Plugins - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - node: [14, 16, 18] - steps: - - - name: Check out latest release - uses: actions/checkout@v3 - with: - ref: master - - - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node }} - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install Etherpad plugins - # The --legacy-peer-deps flag is required to work around a bug in npm - # v7: https://github.com/npm/cli/issues/2199 - run: > - npm install --no-save --legacy-peer-deps - ep_align - ep_author_hover - ep_cursortrace - ep_font_size - ep_hash_auth - ep_headings2 - ep_image_upload - ep_markdown - ep_readonly_guest - ep_set_title_on_pad - ep_spellcheck - ep_subscript_and_superscript - ep_table_of_contents - # Etherpad core dependencies must be installed after installing the - # plugin's dependencies, otherwise npm will try to hoist common - # dependencies by removing them from src/node_modules and installing them - # in the top-level node_modules. As of v6.14.10, npm's hoist logic appears - # to be buggy, because it sometimes removes dependencies from - # src/node_modules but fails to add them to the top-level node_modules. - # Even if npm correctly hoists the dependencies, the hoisting seems to - # confuse tools such as `npm outdated`, `npm update`, and some ESLint - # rules. - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: Run the backend tests - run: cd src && npm test - # Because actions/checkout@v3 is called with "ref: master" and without - # "fetch-depth: 0", the local clone does not have the ${GITHUB_SHA} - # commit. Fetch ${GITHUB_REF} to get the ${GITHUB_SHA} commit. Note that a - # plain "git fetch" only fetches "normal" references (refs/heads/* and - # refs/tags/*), and for pull requests none of the normal references - # include ${GITHUB_SHA}, so we have to explicitly tell Git to fetch - # ${GITHUB_REF}. - - - name: Fetch the new Git commits - run: git fetch --depth=1 origin "${GITHUB_REF}" - - - name: Upgrade to the new Git revision - # For pull requests, ${GITHUB_SHA} is the automatically generated merge - # commit that merges the PR's source branch to its destination branch. - run: git checkout "${GITHUB_SHA}" - - - name: Install all dependencies and symlink for ep_etherpad-lite - run: src/bin/installDeps.sh - - - name: Run the backend tests - run: cd src && npm test - - - name: Install Cypress - run: cd src && npm install cypress - - - name: Run Etherpad & Test Frontend - run: | - node src/node/server.js & - curl --connect-timeout 10 --max-time 20 --retry 5 --retry-delay 10 --retry-max-time 60 --retry-connrefused http://127.0.0.1:9001/p/test - ./src/node_modules/cypress/bin/cypress run --config-file src/tests/frontend/cypress/cypress.config.js diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml deleted file mode 100644 index 3622fedfed4..00000000000 --- a/.github/workflows/windows.yml +++ /dev/null @@ -1,125 +0,0 @@ -name: "Windows Build" - -# any branch is useful for testing before a PR is submitted -on: [push, pull_request] - -permissions: - contents: read - -jobs: - build-zip: - # run on pushes to any branch - # run on PRs from external forks - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: Build .zip - runs-on: windows-latest - steps: - - - uses: msys2/setup-msys2@v2 - with: - path-type: inherit - install: >- - zip - - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - src/package-lock.json - src/bin/doc/package-lock.json - - - name: Install all dependencies and symlink for ep_etherpad-lite - shell: msys2 {0} - run: src/bin/installDeps.sh - - - name: Run the backend tests - shell: msys2 {0} - run: cd src && npm test - - - name: Build the .zip - shell: msys2 {0} - run: src/bin/buildForWindows.sh - - - name: Archive production artifacts - uses: actions/upload-artifact@v3 - with: - name: etherpad-win.zip - path: etherpad-win.zip - - build-exe: - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: Build .exe - needs: build-zip - runs-on: windows-latest - steps: - - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Download .zip - uses: actions/download-artifact@v3 - with: - name: etherpad-win.zip - path: .. - - - name: Extract .zip - working-directory: .. - run: 7z x etherpad-win.zip -oetherpad-zip - - - name: Create installer - uses: joncloud/makensis-action@v3.6 - with: - script-file: 'src/bin/nsis/etherpad.nsi' - - - name: Archive production artifacts - uses: actions/upload-artifact@v3 - with: - name: etherpad-win.exe - path: etherpad-win.exe - - deploy-zip: - # run on pushes to any branch - # run on PRs from external forks - permissions: - contents: none - if: | - (github.event_name != 'pull_request') - || (github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id) - name: Deploy - needs: build-zip - runs-on: windows-latest - steps: - - - name: Download zip - uses: actions/download-artifact@v3 - with: - name: etherpad-win.zip - - - name: Extract Etherpad - run: 7z x etherpad-win.zip -oetherpad - - - uses: actions/setup-node@v3 - with: - node-version: 14 - cache: 'npm' - cache-dependency-path: | - etherpad/src/package-lock.json - etherpad/src/bin/doc/package-lock.json - - - name: Install Cypress - run: cd src && npm install cypress - - - name: Run Etherpad - run: | - cd etherpad - node node_modules\ep_etherpad-lite\node\server.js & - curl --connect-timeout 10 --max-time 20 --retry 5 --retry-delay 10 --retry-max-time 60 --retry-connrefused http://127.0.0.1:9001/p/test - src\node_modules\cypress\bin\cypress run --config-file src\tests\frontendcypress\cypress.config.js diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml index 03c6be2e458..2120bba8721 100644 --- a/docker-compose-prod.yml +++ b/docker-compose-prod.yml @@ -24,15 +24,15 @@ services: ep_disable_imports INSTALL_SOFFICE: 'true' depends_on: - - mariadb_prod + - postgres_prod environment: DB_CHARSET: ${DOCKER_COMPOSE_APP_PROD_ENV_DB_CHARSET:-utf8mb4} - DB_HOST: mariadb_prod - DB_NAME: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_DATABASE:?} - DB_PASS: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PASSWORD:?} - DB_PORT: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PORT:-3306} - DB_TYPE: "mysql" - DB_USER: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_USER:?} + DB_HOST: postgres_prod + DB_NAME: ${DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_DATABASE:?} + DB_PASS: ${DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_PASSWORD:?} + DB_PORT: ${DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_PORT:-5432} + DB_TYPE: "postgres" + DB_USER: ${DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_USER:?} # For now, the env var DEFAULT_PAD_TEXT cannot be unset or empty; it seems to be mandatory in the latest version of etherpad DEFAULT_PAD_TEXT: ${DOCKER_COMPOSE_APP_PROD_ENV_DEFAULT_PAD_TEXT:- } DISABLE_IP_LOGGING: ${DOCKER_COMPOSE_APP_PROD_ENV_DISABLE_IP_LOGGING:-true} @@ -42,38 +42,23 @@ services: ports: - "${DOCKER_COMPOSE_APP_PROD_PORT_PUBLISHED:-9001}:${DOCKER_COMPOSE_APP_PROD_PORT_TARGET:-9001}" - mariadb_prod: - image: mariadb + postgres_prod: + image: postgres:12-alpine # Pass config parameters to the mysql server. # Find more information below when you need to generate the ssl-relevant file your self - command: - - --character-set-server=utf8mb4 - - --collation-server=utf8mb4_bin - - --ssl_cert=/var/lib/mysql/server.crt - - --ssl_key=/var/lib/mysql/server.key environment: - MARIADB_DATABASE: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_DATABASE:?} - MARIADB_PASSWORD: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PASSWORD:?} - MARIADB_PORT: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_PORT:-3306} - MARIADB_RANDOM_ROOT_PASSWORD: 'yes' - MARIADB_USER: ${DOCKER_COMPOSE_MARIADB_PROD_ENV_MARIADB_USER:?} + POSTGRES_DB: ${DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_DATABASE:?} + POSTGRES_PASSWORD: ${DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_PASSWORD:?} + POSTGRES_PORT: ${DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_PORT:-5432} + POSTGRES_USER: ${DOCKER_COMPOSE_POSTGRES_PROD_ENV_POSTGRES_USER:?} + PGDATA: /var/lib/postgresql/data/pgdata restart: always + # Exposing the port is not needed unless you want to access this database instance from the host. + # Be careful when other postgres docker container are running on the same port + # ports: + # - "5432:5432" volumes: - # To setup an ssl-enabled mysql server locally, you need to generate a self-signed ssl certificate. - # - # ```bash - # mkdir -p ./ca - # openssl req -new -text -passout pass:abcd -subj /CN=localhost -out ./ca/server.req -keyout ./ca/privkey.pem - # openssl rsa -in ./ca/privkey.pem -passin pass:abcd -out ./ca/server.key - # openssl req -x509 -in ./ca/server.req -text -key ./ca/server.key -out ./ca/server.crt - # chmod 600 ./ca/server.key - # test $(uname -s) = Linux && chown 70 ./ca/server.key - # ``` - # - # Afterwards, the ssl_cert_file and ssl_key_file are mounted into the docker container, see below - - ./ca/server.crt:/var/lib/mysql/server.crt - - ./ca/server.key:/var/lib/mysql/server.key - - mariadb_prod_data:/var/lib/mysql + - postgres_data:/var/lib/postgresql/data/pgdata volumes: - mariadb_prod_data: \ No newline at end of file + postgres_data: \ No newline at end of file