Commit graph

78 commits

Author SHA1 Message Date
Naveen
77e036e8d3 chore(deps): Included dependency review
> Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
2022-05-02 21:27:57 -04:00
naveen
2929a3c0bd chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-02 20:48:01 -04:00
dependabot[bot]
5e99ae772a build(deps): bump actions/upload-artifact from 2 to 3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 21:44:53 -04:00
dependabot[bot]
d7c44c5725 build(deps): bump actions/download-artifact from 2 to 3
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-08 21:44:21 -04:00
Grant Slater
a11cf67de7 Docker: use buildx to build amd64 and arm64 images 2022-03-20 22:11:09 -04:00
Richard Hansen
5748c76db3 ci: docker: Show Etherpad logs 2022-03-12 00:40:48 -05:00
Richard Hansen
178db7508f ci: docker: Wait for container to be healthy 2022-03-12 00:40:48 -05:00
Richard Hansen
a6b969c811 ci: Bump actions/checkout to v3 2022-03-01 17:17:16 -05:00
dependabot[bot]
90d1ae87a7 build(deps): bump actions/setup-node from 2 to 3
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2 to 3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-25 23:51:38 -05:00
Richard Hansen
c568bb1baa ci: Skip frontend tests for Dependabot PRs 2022-01-28 01:51:15 -05:00
Richard Hansen
43aa1e4aeb ci: Reformat .yml files for readability 2022-01-28 01:39:45 -05:00
dependabot[bot]
84c7da82cf
build(deps): bump saucelabs/sauce-connect-action from 2.0.0 to 2.1.1
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action) from 2.0.0 to 2.1.1.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases)
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v2.0.0...v2.1.1)

---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-28 04:54:58 +00:00
Richard Hansen
35a182e053 ci: dependabot: Set versioning-strategy to increase
This keeps `package.json` in sync with `package-lock.json`.
2022-01-27 23:54:28 -05:00
Richard Hansen
63a02ec5fa ci: Enable caching 2022-01-27 22:40:38 -05:00
Richard Hansen
e80e1c0221 ci: docker: Combine test and build+publish workflows 2022-01-27 22:05:47 -05:00
Richard Hansen
a6fcc92d2a ci: docker: Set up Docker Buildx
This isn't required, but it's recommended everywhere I look.
2022-01-27 22:05:47 -05:00
Richard Hansen
3a31ebde4b ci: docker: Style improvements 2022-01-27 22:05:47 -05:00
Richard Hansen
f334fb8280 ci: lockfile-lint: Whitelist specific sqlite version 2022-01-27 22:05:47 -05:00
Richard Hansen
f925b481c6 ci: lockfile-lint: Pass --no-save to npm 2022-01-27 22:05:47 -05:00
Felix
578ae17aa8
Add docker & npm ecosystem to dependabot 2022-01-26 19:34:27 -05:00
dependabot[bot]
e4944b8bfa Bump saucelabs/sauce-connect-action from 1.1.2 to 2.0.0
Bumps [saucelabs/sauce-connect-action](https://github.com/saucelabs/sauce-connect-action) from 1.1.2 to 2.0.0.
- [Release notes](https://github.com/saucelabs/sauce-connect-action/releases)
- [Changelog](https://github.com/saucelabs/sauce-connect-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/saucelabs/sauce-connect-action/compare/v1.1.2...v2.0.0)

---
updated-dependencies:
- dependency-name: saucelabs/sauce-connect-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-29 22:32:27 -05:00
dependabot[bot]
68933718f6
Bump joncloud/makensis-action from 3.4 to 3.6
Bumps [joncloud/makensis-action](https://github.com/joncloud/makensis-action) from 3.4 to 3.6.
- [Release notes](https://github.com/joncloud/makensis-action/releases)
- [Commits](https://github.com/joncloud/makensis-action/compare/v3.4...v3.6)

---
updated-dependencies:
- dependency-name: joncloud/makensis-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-30 02:05:07 +00:00
Richard Hansen
40854b0cfd GitHub workflow to build and publish Docker images 2021-11-29 21:02:41 -05:00
Richard Hansen
df459c1278 Enable Dependabot for GitHub Actions 2021-11-29 20:35:29 -05:00
Richard Hansen
9cd59a84af
Fix bug_report.md bug template 2021-11-22 17:25:00 -05:00
Peter VandeHaar
9987834b15 Clarify instructions in PULL_REQUEST_TEMPLATE.md
This change
- removes instructions about commit headers that nobody follows,
- links to useful resources for first-time contributors,
- simplifies some text, and
- hides all text inside <!--  -->.
2021-10-31 02:40:03 -04:00
John McLear
c47134b3ab
Update bug_report.md 2021-10-09 14:44:48 +01:00
webzwo0i
d3890bc2c2 admin tests: Increase maxHttpBufferSize to fit settings.json 2021-09-29 23:48:03 -04:00
Hossein
d262e31bbf fix: install all dependencies and symlink 2021-09-28 19:01:19 -04:00
webzwo0i
b475296cee stop closing feature requests by stale bot 2021-07-02 14:07:29 -04:00
Richard Hansen
44343e5c5e tests: Replace Node.js v15 with v16 2021-06-14 23:17:17 +02:00
Richard Hansen
ef1ba21104 deps: Drop support for Node.js < 12.13.0 2021-06-14 23:17:17 +02:00
Richard Hansen
c2ac5e6145 tests: Fix missing commit in "Upgrade from latest release" workflow 2021-04-20 13:20:33 -04:00
Richard Hansen
96208e8239 tests: Rename workflow to "Upgrade from latest release" 2021-04-20 13:20:04 -04:00
John McLear
536db7553f
tests: CI of updating from master > this commit. (#4912)
* tests: CI of updating from master > this commit.

In response to cypress eslint I thought I'd put some CI testing for if a PR might break automated upgrading.

Matrix usage is probably overkill.

* Update major-version-git-pull-update.yml

* Name...

* include a front end test

* fix pathing

* Clarity on what's happening

* Update .github/workflows/major-version-git-pull-update.yml

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* Update .github/workflows/major-version-git-pull-update.yml

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* Update .github/workflows/major-version-git-pull-update.yml

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-03-05 06:38:50 +00:00
John McLear
a79f9efdb4
Include props to Sauce Labs for the tests they power. (#4897)
* Include props to Sauce Labs for the tests they power.

* include message in CI
2021-03-01 14:46:50 +00:00
John McLear
64e9e7fcda
tests: Frontend test Windows ZIP (#4894)
* tests:  Frontend test Windows ZIP

This PR introduces Frontend testing within Github actions!

We're depending a lot on saucelabs recently and that's fine but sometimes we just want to quickly do a frontend simple test on a weird environment (IE windows build) so this PR solves that problem.

Things to note.

    It still builds the windows .zip if the cypress tests fail.
    It does not add any heavy deps to Etherpad as cypress must be installed in CI.
    Cypress is responsible for running the Etherpad instance.

It's up to us how much we use this or not, I know it introduces a bunch of technical debt but I tried to keep that a minimum by compartmentalizing things and documenting where required.

* Update .github/workflows/windows-zip.yml

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* remove timeouts

* Move folder structure up a level

* Update windows-zip.yml

* Update test.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-03-01 14:31:55 +00:00
John McLear
b0f16bb1f1 Use stable sauce version 2021-03-01 13:08:34 +00:00
John McLear
35ae08ca77
tests: run a long(1+ hr) load test 2021-02-28 16:05:16 +00:00
John McLear
b0d78d662e
tests: include ep_embedmedia in tests (#4889) 2021-02-28 09:26:43 +00:00
John McLear
fc7acad846
artifacts: Windows CI Installer
* Windows CI Installer

This PR introduces CI builds of a windows installer(using NSIS) .

It builds an executable that installs Etherpad and runs it.

There are obvious steps to make once this has been merged. But I'd suggest on each release we include both the .zip and the .exe and allow users to have a portable zip or an installed executable.

https://github.com/ether/etherpad_nsis

This was a relatively rushed project (4 hours) and I didn't want to spend any more time on it so it will need a foster parent to maintain it :)

props to @joncloud for https://github.com/joncloud/makensis-action-test and the nsis team that while have a horrible UX make relatively easy to use and rapid tools.

Note for review: I'm using linux to build the windows executable, this may need to be reviewed and we might want to switch to Windows if we can confirm building on linux causes a problem.

* CI: Use Windows to build the .zip
2021-02-25 10:00:33 +00:00
Richard Hansen
6f17d2f913 CI: Use Windows to build the Windows zip
npm might do something different on Windows when setting up the
executables in `src/node_modules/.bin`.
2021-02-23 22:40:15 -05:00
Richard Hansen
e9cb1692eb CI: Disable import/export rate limiting for frontend tests 2021-02-22 18:20:24 -05:00
Richard Hansen
644c8e6195 CI: Disable frontend admin tests for non-admin workflow 2021-02-22 18:20:24 -05:00
Richard Hansen
a354b03633 CI: Leave log level at INFO for frontend tests 2021-02-22 18:20:24 -05:00
Richard Hansen
3ca1589885 Revert "tests: fix importexport frontend tests (#4827)"
I'm going to split this into separate commits.

This reverts commit 9b03f8f6ab.
2021-02-22 18:19:48 -05:00
John McLear
9b03f8f6ab
tests: fix importexport frontend tests (#4827)
* CI: Leave log level at INFO for frontend tests

* CI: Disable frontend admin tests for non-admin workflow

* CI: Disable import/export rate limiting for frontend tests

* tests: fix importexport tests

The testing approach was redone to fix numerous issues:
  * Even if the tests had been working, none of them would have caught
    https://github.com/ether/etherpad-lite/issues/4808 because they
    didn't exercise the client-side import logic. Now they do.
  * Follow-up logic was not in the `helper.waitFor()` callback like it
    should have been. Now the code uses `async` and `await` to ensure
    proper execution order.
  * All `$.ajax()` calls used `async: false`. Now they're properly
    asynchronous.
  * The `helper.waitFor()` condition callbacks threw instead of
    returning false.
  * The string comparisons didn't allow for different attribute
    order (e.g., `<ol start="1" class="list-number1">` vs. `<ol
    class="list-number1" start="1">`). Now `Node.isEqualNode()` is
    used to reduce fragility. (`Node.isEqualNode()` is not perfect, so
    the tests are still a bit fragile: If class names or style strings
    are in a different order then `Node.isEqualNode()` will return
    false even if the nodes are semantically equivalent.)

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-02-22 10:40:38 +00:00
Richard Hansen
85231cb774 tests: More descriptive Sauce Labs name 2021-02-22 03:36:12 -05:00
webzwo0i
2994ef3c3c tests: try all supported node versions 2021-02-22 03:36:12 -05:00
webzwo0i
29afb91b3e tests: delay setting up saucelabs tunnel 2021-02-22 03:36:12 -05:00