From 7359c9bf936efd0ad57a893021ad5915fbfb362a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ga=C3=ABl=20Goinvic?= Date: Wed, 3 Jan 2024 10:42:32 +0100 Subject: [PATCH 01/11] sign images using cosign MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Gaƫl Goinvic --- .github/workflows/dockerhub.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/dockerhub.yaml b/.github/workflows/dockerhub.yaml index ab666bf27a..26008d6a8b 100644 --- a/.github/workflows/dockerhub.yaml +++ b/.github/workflows/dockerhub.yaml @@ -7,6 +7,9 @@ on: # This job can take a while, and we have usage limits, so just publish develop only twice a day - cron: "0 7/12 * * *" concurrency: ${{ github.workflow }}-${{ github.ref_name }} + +permissions: + id-token: write # needed for signing the images with GitHub OIDC Token jobs: buildx: name: Docker Buildx @@ -26,6 +29,9 @@ jobs: with: fetch-depth: 0 # needed for docker-package to be able to calculate the version + - name: Install Cosign + uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3 + - name: Prepare if: matrix.prepare run: ${{ matrix.prepare }} @@ -58,6 +64,7 @@ jobs: ${{ matrix.flavor }} - name: Build and push + id: build-and-push uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5 with: context: . @@ -66,6 +73,17 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + - name: Sign the images with GitHub OIDC Token + env: + DIGEST: ${{ steps.build-and-push.outputs.digest }} + TAGS: ${{ steps.meta.outputs.tags }} + run: | + images="" + for tag in ${TAGS}; do + images+="${tag}@${DIGEST} " + done + cosign sign --yes ${images} + - name: Update repo description if: matrix.variant == 'vanilla' uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4 From 6ebe844fc0f9f20b80993ce735d9b06071f1976c Mon Sep 17 00:00:00 2001 From: Ben Banfield-Zanin Date: Wed, 8 May 2024 16:56:45 +0100 Subject: [PATCH 02/11] Indent inline script correctly Co-authored-by: Michael Telatynski <7t3chguy@gmail.com> --- .github/workflows/dockerhub.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerhub.yaml b/.github/workflows/dockerhub.yaml index 26008d6a8b..3c64e4efbc 100644 --- a/.github/workflows/dockerhub.yaml +++ b/.github/workflows/dockerhub.yaml @@ -80,7 +80,7 @@ jobs: run: | images="" for tag in ${TAGS}; do - images+="${tag}@${DIGEST} " + images+="${tag}@${DIGEST} " done cosign sign --yes ${images} From 3a159beb21bbf0ddfa0fe4863525a8149fa57f0f Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 9 May 2024 10:42:26 +0100 Subject: [PATCH 03/11] Add code style rule for multiple return types --- code_style.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/code_style.md b/code_style.md index 0462f3a4a9..4bd9cebffe 100644 --- a/code_style.md +++ b/code_style.md @@ -224,6 +224,10 @@ Unless otherwise specified, the following applies to all code: // ... } ``` +37. Avoid functions whose behaviour / return type varies with different parameter types. + Multiple return types are fine when appropriate (eg. SDKConfig.get() with a string param which + returns the type according to the param given) but SDKConfig.get() with no args returning the + whole config object is not: this could just be a separate function. ## React From 36571edb9563724b552dbce0bd4d20260ca7ef07 Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 9 May 2024 10:53:33 +0100 Subject: [PATCH 04/11] Prettier --- code_style.md | 1 + 1 file changed, 1 insertion(+) diff --git a/code_style.md b/code_style.md index 4bd9cebffe..eab031b46d 100644 --- a/code_style.md +++ b/code_style.md @@ -224,6 +224,7 @@ Unless otherwise specified, the following applies to all code: // ... } ``` + 37. Avoid functions whose behaviour / return type varies with different parameter types. Multiple return types are fine when appropriate (eg. SDKConfig.get() with a string param which returns the type according to the param given) but SDKConfig.get() with no args returning the From 8ba3f53d2c84b14fed0901f5e31115658479fe7a Mon Sep 17 00:00:00 2001 From: David Baker Date: Fri, 10 May 2024 10:48:11 +0100 Subject: [PATCH 05/11] Hopefully clarify --- code_style.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/code_style.md b/code_style.md index eab031b46d..f18de37e0d 100644 --- a/code_style.md +++ b/code_style.md @@ -226,9 +226,10 @@ Unless otherwise specified, the following applies to all code: ``` 37. Avoid functions whose behaviour / return type varies with different parameter types. - Multiple return types are fine when appropriate (eg. SDKConfig.get() with a string param which - returns the type according to the param given) but SDKConfig.get() with no args returning the - whole config object is not: this could just be a separate function. + Multiple return types are fine, but the function's fundamental behaviour should not + change according its arguments: have two separate functions. For example,SDKConfig.get() + with a string param which returns the type according to the param given but SDKConfig.get() + with no args returning the whole config object is not: this could just be a separate function. ## React From f2da5fcf2c928565f9815278719551e77557ff58 Mon Sep 17 00:00:00 2001 From: David Baker Date: Fri, 10 May 2024 16:49:05 +0100 Subject: [PATCH 06/11] Fix typos and clarify wording Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --- code_style.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/code_style.md b/code_style.md index f18de37e0d..cab6d36d08 100644 --- a/code_style.md +++ b/code_style.md @@ -227,9 +227,9 @@ Unless otherwise specified, the following applies to all code: 37. Avoid functions whose behaviour / return type varies with different parameter types. Multiple return types are fine, but the function's fundamental behaviour should not - change according its arguments: have two separate functions. For example,SDKConfig.get() - with a string param which returns the type according to the param given but SDKConfig.get() - with no args returning the whole config object is not: this could just be a separate function. + change according its arguments: have two separate functions. For example, `SDKConfig.get()` + with a string param which returns the type according to the param given is ok, but `SDKConfig.get()` + with no args returning the whole config object would not be: this should just be a separate function. ## React From 5f1f018a30f3b98e75af77a57fba399eee78fa0b Mon Sep 17 00:00:00 2001 From: David Baker Date: Fri, 10 May 2024 16:52:19 +0100 Subject: [PATCH 07/11] Fundamental behaviour, not return type --- code_style.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/code_style.md b/code_style.md index cab6d36d08..e6ad053111 100644 --- a/code_style.md +++ b/code_style.md @@ -225,11 +225,11 @@ Unless otherwise specified, the following applies to all code: } ``` -37. Avoid functions whose behaviour / return type varies with different parameter types. - Multiple return types are fine, but the function's fundamental behaviour should not - change according its arguments: have two separate functions. For example, `SDKConfig.get()` - with a string param which returns the type according to the param given is ok, but `SDKConfig.get()` - with no args returning the whole config object would not be: this should just be a separate function. +37. Avoid functions whose fundamental behaviour varies with different parameter types. + Multiple return types are fine, but if the function's behaviour is going to change significantly, + have two separate functions. For example, `SDKConfig.get()` with a string param which returns the + type according to the param given is ok, but `SDKConfig.get()` with no args returning the whole + config object would not be: this should just be a separate function. ## React From ae77dac66def850b1cdcd3f9e1bbcf37bd17d5b3 Mon Sep 17 00:00:00 2001 From: Marcel Date: Sun, 12 May 2024 15:03:14 +0200 Subject: [PATCH 08/11] Modernize hash --- webpack.config.js | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/webpack.config.js b/webpack.config.js index 3b827c8d95..1a43eb0ed5 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -449,7 +449,7 @@ module.exports = (env, argv) => { loader: "file-loader", type: "javascript/auto", options: { - name: "[name].[hash:7].[ext]", + name: "[name].[fullhash:7].[ext]", outputPath: ".", }, }, @@ -461,7 +461,7 @@ module.exports = (env, argv) => { type: "javascript/auto", options: { // We deliberately override the name so it makes sense in debugging - name: "opus-encoderWorker.min.[hash:7].[ext]", + name: "opus-encoderWorker.min.[fullhash:7].[ext]", outputPath: ".", }, }, @@ -489,7 +489,7 @@ module.exports = (env, argv) => { type: "javascript/auto", // https://github.com/webpack/webpack/issues/6725 options: { // We deliberately override the name so it makes sense in debugging - name: "opus-decoderWorker.min.[hash:7].[ext]", + name: "opus-decoderWorker.min.[fullhash:7].[ext]", outputPath: ".", }, }, @@ -514,7 +514,7 @@ module.exports = (env, argv) => { type: "javascript/auto", // https://github.com/webpack/webpack/issues/6725 options: { // We deliberately override the name so it makes sense in debugging - name: "wave-encoderWorker.min.[hash:7].[ext]", + name: "wave-encoderWorker.min.[fullhash:7].[ext]", outputPath: ".", }, }, @@ -525,7 +525,7 @@ module.exports = (env, argv) => { type: "javascript/auto", loader: "file-loader", options: { - name: "i18n/[name].[hash:7].[ext]", + name: "i18n/[name].[fullhash:7].[ext]", }, }, { @@ -595,10 +595,10 @@ module.exports = (env, argv) => { loader: "file-loader", options: { esModule: false, - name: "[name].[hash:7].[ext]", + name: "[name].[fullhash:7].[ext]", outputPath: getAssetOutputPath, publicPath: function (url, resourcePath) { - // CSS image usages end up in the `bundles/[hash]` output + // CSS image usages end up in the `bundles/[fullhash]` output // directory, so we adjust the final path to navigate up // twice. const outputPath = getAssetOutputPath(url, resourcePath); @@ -610,7 +610,7 @@ module.exports = (env, argv) => { }, { test: /\.(gif|png|ttf|woff|woff2|xml|ico)$/, - // Use a content-based hash in the name so that we can set a long cache + // Use a content-based fullhash in the name so that we can set a long cache // lifetime for assets while still delivering changes quickly. oneOf: [ { @@ -619,10 +619,10 @@ module.exports = (env, argv) => { loader: "file-loader", options: { esModule: false, - name: "[name].[hash:7].[ext]", + name: "[name].[fullhash:7].[ext]", outputPath: getAssetOutputPath, publicPath: function (url, resourcePath) { - // CSS image usages end up in the `bundles/[hash]` output + // CSS image usages end up in the `bundles/[fullhash]` output // directory, so we adjust the final path to navigate up // twice. const outputPath = getAssetOutputPath(url, resourcePath); @@ -653,8 +653,8 @@ module.exports = (env, argv) => { // This exports our CSS using the splitChunks and loaders above. new MiniCssExtractPlugin({ - filename: useHMR ? "bundles/[name].css" : "bundles/[hash]/[name].css", - chunkFilename: useHMR ? "bundles/[name].css" : "bundles/[hash]/[name].css", + filename: useHMR ? "bundles/[name].css" : "bundles/[fullhash]/[name].css", + chunkFilename: useHMR ? "bundles/[name].css" : "bundles/[fullhash]/[name].css", ignoreOrder: false, // Enable to remove warnings about conflicting order }), @@ -770,9 +770,9 @@ module.exports = (env, argv) => { // directory and symlink it into place - this allows users who loaded // an older version of the application to continue to access webpack // chunks even after the app is redeployed. - filename: "bundles/[hash]/[name].js", - chunkFilename: "bundles/[hash]/[name].js", - webassemblyModuleFilename: "bundles/[hash]/[modulehash].wasm", + filename: "bundles/[fullhash]/[name].js", + chunkFilename: "bundles/[fullhash]/[name].js", + webassemblyModuleFilename: "bundles/[fullhash]/[modulehash].wasm", }, // configuration for the webpack-dev-server From a10f2e12586df08858e32536b491407d0635ecff Mon Sep 17 00:00:00 2001 From: Marcel Date: Mon, 13 May 2024 10:15:24 +0200 Subject: [PATCH 09/11] Revert "Modernize hash in webpack" (#27466) --- webpack.config.js | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/webpack.config.js b/webpack.config.js index 1a43eb0ed5..3b827c8d95 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -449,7 +449,7 @@ module.exports = (env, argv) => { loader: "file-loader", type: "javascript/auto", options: { - name: "[name].[fullhash:7].[ext]", + name: "[name].[hash:7].[ext]", outputPath: ".", }, }, @@ -461,7 +461,7 @@ module.exports = (env, argv) => { type: "javascript/auto", options: { // We deliberately override the name so it makes sense in debugging - name: "opus-encoderWorker.min.[fullhash:7].[ext]", + name: "opus-encoderWorker.min.[hash:7].[ext]", outputPath: ".", }, }, @@ -489,7 +489,7 @@ module.exports = (env, argv) => { type: "javascript/auto", // https://github.com/webpack/webpack/issues/6725 options: { // We deliberately override the name so it makes sense in debugging - name: "opus-decoderWorker.min.[fullhash:7].[ext]", + name: "opus-decoderWorker.min.[hash:7].[ext]", outputPath: ".", }, }, @@ -514,7 +514,7 @@ module.exports = (env, argv) => { type: "javascript/auto", // https://github.com/webpack/webpack/issues/6725 options: { // We deliberately override the name so it makes sense in debugging - name: "wave-encoderWorker.min.[fullhash:7].[ext]", + name: "wave-encoderWorker.min.[hash:7].[ext]", outputPath: ".", }, }, @@ -525,7 +525,7 @@ module.exports = (env, argv) => { type: "javascript/auto", loader: "file-loader", options: { - name: "i18n/[name].[fullhash:7].[ext]", + name: "i18n/[name].[hash:7].[ext]", }, }, { @@ -595,10 +595,10 @@ module.exports = (env, argv) => { loader: "file-loader", options: { esModule: false, - name: "[name].[fullhash:7].[ext]", + name: "[name].[hash:7].[ext]", outputPath: getAssetOutputPath, publicPath: function (url, resourcePath) { - // CSS image usages end up in the `bundles/[fullhash]` output + // CSS image usages end up in the `bundles/[hash]` output // directory, so we adjust the final path to navigate up // twice. const outputPath = getAssetOutputPath(url, resourcePath); @@ -610,7 +610,7 @@ module.exports = (env, argv) => { }, { test: /\.(gif|png|ttf|woff|woff2|xml|ico)$/, - // Use a content-based fullhash in the name so that we can set a long cache + // Use a content-based hash in the name so that we can set a long cache // lifetime for assets while still delivering changes quickly. oneOf: [ { @@ -619,10 +619,10 @@ module.exports = (env, argv) => { loader: "file-loader", options: { esModule: false, - name: "[name].[fullhash:7].[ext]", + name: "[name].[hash:7].[ext]", outputPath: getAssetOutputPath, publicPath: function (url, resourcePath) { - // CSS image usages end up in the `bundles/[fullhash]` output + // CSS image usages end up in the `bundles/[hash]` output // directory, so we adjust the final path to navigate up // twice. const outputPath = getAssetOutputPath(url, resourcePath); @@ -653,8 +653,8 @@ module.exports = (env, argv) => { // This exports our CSS using the splitChunks and loaders above. new MiniCssExtractPlugin({ - filename: useHMR ? "bundles/[name].css" : "bundles/[fullhash]/[name].css", - chunkFilename: useHMR ? "bundles/[name].css" : "bundles/[fullhash]/[name].css", + filename: useHMR ? "bundles/[name].css" : "bundles/[hash]/[name].css", + chunkFilename: useHMR ? "bundles/[name].css" : "bundles/[hash]/[name].css", ignoreOrder: false, // Enable to remove warnings about conflicting order }), @@ -770,9 +770,9 @@ module.exports = (env, argv) => { // directory and symlink it into place - this allows users who loaded // an older version of the application to continue to access webpack // chunks even after the app is redeployed. - filename: "bundles/[fullhash]/[name].js", - chunkFilename: "bundles/[fullhash]/[name].js", - webassemblyModuleFilename: "bundles/[fullhash]/[modulehash].wasm", + filename: "bundles/[hash]/[name].js", + chunkFilename: "bundles/[hash]/[name].js", + webassemblyModuleFilename: "bundles/[hash]/[modulehash].wasm", }, // configuration for the webpack-dev-server From 6a6a362a8d4c8f5b5bd53230fa068af1c523d428 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 13 May 2024 11:19:55 +0100 Subject: [PATCH 10/11] Update end-to-end-tests.yaml --- .github/workflows/end-to-end-tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/end-to-end-tests.yaml b/.github/workflows/end-to-end-tests.yaml index 5b09d70c14..782efb43b5 100644 --- a/.github/workflows/end-to-end-tests.yaml +++ b/.github/workflows/end-to-end-tests.yaml @@ -22,6 +22,7 @@ jobs: issues: read pull-requests: read with: + element-web-sha: ${{ github.sha }} react-sdk-repository: matrix-org/matrix-react-sdk # We only want to run the playwright tests on merge queue to prevent regressions # from creeping in. They take a long time to run and consume multiple concurrent runners. From 64f0bb546033fb9fa19b8bd1a4a2505cc8244596 Mon Sep 17 00:00:00 2001 From: Michael Telatynski <7t3chguy@gmail.com> Date: Mon, 13 May 2024 13:05:50 +0100 Subject: [PATCH 11/11] Inline consts Signed-off-by: Michael Telatynski <7t3chguy@gmail.com> --- src/vector/platform/ElectronPlatform.tsx | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/vector/platform/ElectronPlatform.tsx b/src/vector/platform/ElectronPlatform.tsx index dddf73ae07..29c331cc73 100644 --- a/src/vector/platform/ElectronPlatform.tsx +++ b/src/vector/platform/ElectronPlatform.tsx @@ -57,8 +57,6 @@ interface SquirrelUpdate { updateURL: string; } -const LEGACY_PROTOCOL = "element"; -const OIDC_PROTOCOL = "io.element.desktop"; const SSO_ID_KEY = "element-desktop-ssoid"; const isMac = navigator.platform.toUpperCase().includes("MAC"); @@ -381,7 +379,7 @@ export default class ElectronPlatform extends VectorBasePlatform { public getSSOCallbackUrl(fragmentAfterLogin?: string): URL { const url = super.getSSOCallbackUrl(fragmentAfterLogin); - url.protocol = LEGACY_PROTOCOL; + url.protocol = "element"; url.searchParams.set(SSO_ID_KEY, this.ssoID); return url; } @@ -465,7 +463,7 @@ export default class ElectronPlatform extends VectorBasePlatform { */ public getOidcCallbackUrl(): URL { const url = super.getOidcCallbackUrl(); - url.protocol = OIDC_PROTOCOL; + url.protocol = "io.element.desktop"; return url; } }