Release OpenProject 12.3.0

opf · Oct 10, 2022 · b821152 · b821152
2 parents 694946a + 8d62e6a
commit b821152
Show file tree

Hide file tree

Showing 1,061 changed files with 70,581 additions and 34,190 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,15 +1,8 @@
-# Frontend rules
-*.js @opf/frontend
-*.ts @opf/frontend
-
-# Backend rules
-*.rb @opf/backend
-
 # docs rules
 /docs/ @opf/doc-writers
 
 # Tech doc rules
 /docs/development @opf/tech-writers 
 /docs/installation-and-operations @opf/tech-writers 
 /docs/system-admin-guide @opf/tech-writers 
-/docs/api @opf/tech-writers @opf/backend
+/docs/api @opf/tech-writers
diff --git a/.github/workflows/cd-storybook.yml b/.github/workflows/cd-storybook.yml
@@ -0,0 +1,26 @@
+name: cd-storybook
+on:
+  push:
+    branches:
+      - dev
+
+permissions:
+  contents: read
+
+jobs:
+  trigger_design_system_workflow:
+    permissions:
+      contents: none
+    if: github.repository == 'opf/openproject'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger downstream workflow
+        env:
+          TOKEN: ${{ secrets.OPENPROJECT_CI_TOKEN }}
+          DS_CD_WORKFLOW_ID: build-docs.yml
+          DS_REPOSITORY: opf/design-system
+        run: |
+          curl -i --fail -H"authorization: Bearer $TOKEN" \
+            -XPOST -H"Accept: application/vnd.github.v3+json" \
+            https://api.github.com/repos/$DS_REPOSITORY/actions/workflows/$DS_CD_WORKFLOW_ID/dispatches \
+          -d '{ "ref": "dev", "inputs": { "ref": "${{ github.ref }}" }}'
diff --git a/.github/workflows/crowdin.yml b/.github/workflows/crowdin.yml
@@ -4,6 +4,7 @@ on:
   schedule:
     - cron: '0 3 * * *' # Daily at 03:00
 
+permissions: {}
 jobs:
   setup:
     runs-on: ubuntu-latest
@@ -28,6 +29,9 @@ jobs:
         echo "::set-output name=crowdin_release_branch::release"
 
   crowdin:
+    permissions:
+      contents: write # for git push
+
     runs-on: ubuntu-latest
     needs: setup
     timeout-minutes: 60

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -7,6 +7,10 @@ on:
   push:
     tags:
       - v*
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   publish:
     # restrict this job to base repo for now
@@ -30,7 +34,7 @@ jobs:
           cache: ${{ github.event_name != 'schedule' }}
       - name: Test
         run: |
-          docker run --name openproject -d -p 8080:80 -e SUPERVISORD_LOG_LEVEL=debug -e SECRET_KEY_BASE=secret ${{ steps.build_and_push.outputs.digest }}
+          docker run --name openproject -d -p 8080:80 -e SUPERVISORD_LOG_LEVEL=debug -e SECRET_KEY_BASE=secret -e OPENPROJECT_HTTPS=false ${{ steps.build_and_push.outputs.digest }}
           sleep 30
           docker logs openproject --tail 100
           wget -O- --retry-on-http-error=503,502 --retry-connrefused http://localhost:8080/api/v3
diff --git a/.github/workflows/pullpreview.yml b/.github/workflows/pullpreview.yml
@@ -7,8 +7,17 @@ on:
   pull_request:
     types: [labeled, unlabeled, synchronize, closed, reopened]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   deploy:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      deployments: write # to delete deployments
+      pull-requests: write # to remove labels
+      statuses: write # to create commit status
+
     if: github.repository == 'opf/openproject' && ( github.event_name == 'schedule' || github.event_name == 'push' || github.event.label.name == 'pullpreview' || contains(github.event.pull_request.labels.*.name, 'pullpreview') )
     runs-on: ubuntu-latest
     timeout-minutes: 30
@@ -27,13 +36,14 @@ jobs:
       run: |
         cp ./docker/pullpreview/docker-compose.yml ./docker-compose.pullpreview.yml
         cp ./docker/prod/Dockerfile ./Dockerfile
+        cp ./docker/pullpreview-storybook/Dockerfile ./Dockerfile-storybook
     - uses: pullpreview/action@v5
       with:
         admins: crohr,HDinger,machisuji,oliverguenther,ulferts,wielinde,b12f,cbliard
         always_on: dev
         compose_files: docker-compose.pullpreview.yml
         instance_type: large_2_0
-        ports: 80,443
+        ports: 80,443,8080
         default_port: 443
       env:
         AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"

diff --git a/.gitignore b/.gitignore
@@ -107,14 +107,22 @@ npm-debug.log*
 /frontend/npm-debug.log*
 /frontend/dist/
 /frontend/tests/*.gif
+/frontend/storybook-static
 node_modules/
 
+# Storybook data
+/frontend/documentation.json
+
 # Ignore global package-lock.json that generates
 /package-lock.json
 plaintext.yml
 structure.sql
 
-# Local development docker 
+# Local development
+# used by dotenv
+/.env.*.local
+
+# Local development docker
 /.env
 /docker-compose.override.yml
 

diff --git a/.rubocop.yml b/.rubocop.yml
@@ -77,8 +77,7 @@ Lint/Void:
   Enabled: false
 
 Lint/AmbiguousBlockAssociation:
-  IgnoredMethods: [change]
-
+  AllowedMethods: [change]
 
 Metrics/ClassLength:
   Enabled: false
@@ -124,6 +123,9 @@ Naming/PredicateName:
   ForbiddenPrefixes:
     - is_
 
+Naming/VariableNumber:
+  AllowedPatterns:
+    - '\w_20\d\d' # allow dates like christmas_2022 or date_2034_04_12
 
 # There are valid cases in which to use methods like:
 # * update_all
@@ -163,12 +165,25 @@ RSpec/ExampleLength:
     - 'spec/features/**/*.rb'
     - 'modules/*/spec/features/**/*.rb'
 
+# We have specs that have no expect(..) syntax,
+# but only helper classes that expect themselves
+RSpec/NoExpectationExample:
+  Enabled: false
+
 RSpec/DescribeClass:
   Enabled: true
   Exclude:
     - 'spec/features/**/*.rb'
     - 'modules/*/spec/features/**/*.rb'
 
+# dynamic finders cop clashes with capybara ID cop
+Rails/DynamicFindBy:
+  Enabled: true
+  Exclude:
+    - 'spec/features/**/*.rb'
+    - 'spec/support/**/*.rb'
+    - 'modules/*/spec/features/**/*.rb'
+
 # See RSpec/ExampleLength for why feature specs are excluded
 RSpec/MultipleExpectations:
   Max: 15
@@ -207,6 +222,7 @@ RSpec/NamedSubject:
 RSpec/ContextWording:
   Prefixes:
     - as
+    - 'on'
     - when
     - with
     - without
@@ -278,6 +294,9 @@ Style/EvenOdd:
 Style/FormatString:
   Enabled: false
 
+Style/FormatStringToken:
+  AllowedMethods: [redirect]
+
 Style/GlobalVars:
   Enabled: false
 

diff --git a/Gemfile b/Gemfile
@@ -78,7 +78,7 @@ gem 'htmldiff'
 gem 'stringex', '~> 2.8.5'
 
 # CommonMark markdown parser with GFM extension
-gem 'commonmarker', '~> 0.23.0'
+gem 'commonmarker', '~> 0.23.6'
 
 # HTML pipeline for transformations on text formatter output
 # such as sanitization or additional features
@@ -88,7 +88,7 @@ gem 'deckar01-task_list', '~> 2.3.1'
 # Requires escape-utils for faster escaping
 gem 'escape_utils', '~> 1.3'
 # Syntax highlighting used in html-pipeline with rouge
-gem 'rouge', '~> 3.29.0'
+gem 'rouge', '~> 3.30.0'
 # HTML sanitization used for html-pipeline
 gem 'sanitize', '~> 6.0.0'
 # HTML autolinking for mails and urls (replaces autolink)
@@ -129,7 +129,7 @@ gem 'rack-protection', '~> 2.2.0'
 gem 'rack-attack', '~> 6.6.0'
 
 # CSP headers
-gem 'secure_headers', '~> 6.3.0'
+gem 'secure_headers', '~> 6.4.0'
 
 # Browser detection for incompatibility checks
 gem 'browser', '~> 5.3.0'
@@ -200,9 +200,9 @@ gem 'mini_magick', '~> 4.11.0', require: false
 gem 'validate_url'
 
 # Sentry error reporting
-gem "sentry-delayed_job", '~> 5.3.0'
-gem "sentry-rails", '~> 5.3.0'
-gem "sentry-ruby", '~> 5.3.0'
+gem "sentry-delayed_job", '~> 5.4.0'
+gem "sentry-rails", '~> 5.4.0'
+gem "sentry-ruby", '~> 5.4.0'
 
 # Appsignal integration
 gem "appsignal", "~> 3.0", require: false
@@ -299,11 +299,11 @@ group :development, :test do
   gem 'lefthook', require: false
 
   # Brakeman scanner
-  gem 'brakeman', '~> 5.2.0'
+  gem 'brakeman', '~> 5.3.0'
   gem 'danger-brakeman'
 end
 
-gem 'bootsnap', '~> 1.12.0', require: false
+gem 'bootsnap', '~> 1.13.0', require: false
 
 # API gems
 gem 'grape', '~> 1.6.0'