mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-19 15:38:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
6401 commits 36 branches 47 tags 158 MiB
Commit graph

387 commits

Author SHA1 Message Date
Erik Michelson
1f1231a730 ci: remove netlify deployment workflow
Some checks failed
E2E Tests / backend-sqlite (push) Has been cancelled
Details
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Details
Run tests & build / Test and build with NodeJS ${{ matrix.node }} (true, 20) (push) Has been cancelled
Details
Docker / build-and-push (backend) (push) Has been cancelled
Details
Docker / build-and-push (frontend) (push) Has been cancelled
Details
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
Details
E2E Tests / backend-mariadb (push) Has been cancelled
Details
E2E Tests / backend-postgres (push) Has been cancelled
Details
E2E Tests / Build test build of frontend (push) Has been cancelled
Details
Lint and check format / Lint files and check formatting (push) Has been cancelled
Details
REUSE Compliance Check / reuse (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details
Static Analysis / Njsscan code scanning (push) Has been cancelled
Details
E2E Tests / frontend-cypress (1) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (2) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (3) (push) Has been cancelled
Details 
This workflow was used in an early stage of development of HedgeDoc 2.
It allowed the core developers to quickly check fixes, improvements or
new features to the HedgeDoc UI without the requirement to check-out
the branch locally. As not every pull request required a deployment,
this workflow was only triggered when the "ci: force deployment"
label was added. Since some time already, the frontend and backend
are so tightly coupled that the netfliy deployment doesn't make any
sense anymore and therefore hasn't been used anymore. This commit
therefore removes this leftover workflow.

@RedYetiDev contacted us privately and reported that this deployment
workflow could have been abused to invoke arbitrary commands, including
extraction of environment variables which include our tokens for the
turborepo build cache or the netlify deployment token. For this it
would have been required that somebody created a "safe" pull request,
which would have been labelled with the deployment label and then
changed afterwards since the workflow checks out the pull request
source repository, not the target. We assured that the label was only
added to pull requests from trusted members of the HedgeDoc core team.
There was never any malicious use of the workflow. Furthermore, no
released versions of HedgeDoc (1.x) could have been affected by this,
even in the worst-case scenario.

We're thankful for putting this risk at our attention!
If you too encounter something unusual regarding security in HedgeDoc
itself or our toolchain around it, don't hesitate to contact us.
Details on this are wriiten in our SECURITY.md in the root of the
repository.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2024-07-30 08:48:38 +02:00
Jochen Martin Eppler
cdb9a5cbb0 Fix typo
Some checks failed
Docker / build-and-push (backend) (push) Has been cancelled
Details
Docker / build-and-push (frontend) (push) Has been cancelled
Details
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
Details
E2E Tests / backend-sqlite (push) Has been cancelled
Details
E2E Tests / backend-mariadb (push) Has been cancelled
Details
E2E Tests / backend-postgres (push) Has been cancelled
Details
E2E Tests / Build test build of frontend (push) Has been cancelled
Details
Lint and check format / Lint files and check formatting (push) Has been cancelled
Details
REUSE Compliance Check / reuse (push) Has been cancelled
Details
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Details
Static Analysis / Njsscan code scanning (push) Has been cancelled
Details
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Details
Run tests & build / Test and build with NodeJS ${{ matrix.node }} (true, 20) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (1) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (2) (push) Has been cancelled
Details
E2E Tests / frontend-cypress (3) (push) Has been cancelled
Details 
defition --> definition

Signed-off-by: Jochen Martin Eppler <jougs@gmx.net>
 2024-06-27 12:45:50 +02:00
renovate[bot]
663faaf8f7 chore(deps): update yarn to v4.1.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2024-02-10 18:00:34 +01:00
renovate[bot]
3ea720d601 chore(deps): update dependency pymdown-extensions to v10.7 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2024-02-10 18:00:34 +01:00
renovate[bot]
5dd85b9fc3 chore(deps): update dependency mkdocs-material to v9.5.9 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-10 18:00:34 +01:00
Tilman Vatteroth
631b641041 fix(docs): linting of ldap config 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2024-02-10 16:02:31 +01:00
renovate[bot]
e1fdfb9095 chore(deps): update dependency markdownlint-cli2 to v0.12.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-10 16:02:31 +01:00
renovate[bot]
e8a500fb76 chore(deps): update dependency mkdocs-material to v9.5.6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-01-28 16:53:29 +00:00
renovate[bot]
442aa2a004 chore(deps): update dependency mkdocs-material to v9.5.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-01-24 21:56:38 +00:00
renovate[bot]
ff595561d2 chore(deps): update dependency mkdocs-material to v9.5.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-01-22 16:05:01 +00:00
yamashush
275988716c doc: update e2e test script name 
Signed-off-by: yamashush <38120991+yamashush@users.noreply.github.com>
 2024-01-21 15:31:10 +01:00
Tilman Vatteroth
01d7eb9529 fix(deps): bump minimum node version to v20 
With node 18 the tests always crash.

Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2024-01-18 19:12:46 +01:00
Erik Michelson
482cb7729f docs: fix reverse-proxy how-to using wrong host header 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2023-12-25 12:58:48 +01:00
renovate[bot]
ad6a0faed6 chore(deps): update dependency pymdown-extensions to v10.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-07 20:26:48 +01:00
renovate[bot]
77b63e0368 chore(deps): update dependency mkdocs-material to v9.5.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-07 20:12:23 +01:00
renovate[bot]
4b99dc2d49 chore(deps): update dependency markdownlint-cli2 to v0.11.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-07 20:11:43 +01:00
renovate[bot]
7b1870b6b9 chore(deps): update yarn to v4.0.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: David Mehren <git@herrmehren.de>
 2023-12-07 17:14:34 +00:00
renovate[bot]
c2ffcd763c chore(deps): update dependency mkdocs-material to v9.4.14 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-01 00:20:57 +00:00
renovate[bot]
93cdfb0a0a chore(deps): update dependency mkdocs-material to v9.4.8 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-11-12 21:07:16 +00:00
renovate[bot]
a18638aac5 chore(deps): update yarn to v4.0.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-11-12 20:00:30 +00:00
renovate[bot]
7cd394b8f8 chore(deps): update dependency mkdocs-material to v9.4.7 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-29 19:53:22 +00:00
Philip Molares
e797d600d4 chore: release alpha 2 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-25 21:55:27 +02:00
renovate[bot]
daecf20dd6 chore(deps): update yarn to v4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-24 11:26:16 +02:00
renovate[bot]
ad1d7cbb29 chore(deps): update dependency pymdown-extensions to v10.3.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-20 01:25:30 +00:00
renovate[bot]
ea57f5bb3b chore(deps): update dependency mkdocs-material to v9.4.6 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-14 10:23:52 +00:00
Erik Michelson
520953d0bd enhancement(docs): add info about ports in the setup tutorial 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2023-10-13 09:58:33 +02:00
Erik Michelson
b237836dd0 fix(docs): set docs title 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
 2023-10-13 09:58:33 +02:00
renovate[bot]
4c60bdb492 chore(deps): update dependency mkdocs-material to v9.4.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-10 09:10:23 +00:00
David Mehren
3d03835af9 chore: set version in all packae.jsons 
Signed-off-by: David Mehren <git@herrmehren.de>
 2023-10-08 22:01:47 +02:00
David Mehren
0df8533450 docs: set HD_INTERNAL_API_URL in docker-compose.yml example 
Signed-off-by: David Mehren <git@herrmehren.de>
 2023-10-08 21:12:51 +02:00
Tilman Vatteroth
f43c9fd2b1 feat: add internal api url 
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
 2023-10-08 21:12:51 +02:00
Philip Molares
74ba21711c docs: add faq entry about fork awesome deprecation 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-08 21:12:15 +02:00
Yannick Bungers
8f66447ab9 Update docs for HD_SHOW_LOG_TIMESTAMP 
Signed-off-by: Yannick Bungers <git@innay.de>

Signed-off-by: Yannick Bungers <git@innay.de>
 2023-10-08 20:42:37 +02:00
David Mehren
3aee932736 docs: add alpha version warning to setup instructions 
Signed-off-by: David Mehren <git@herrmehren.de>
 2023-10-08 19:25:19 +02:00
David Mehren
de14b75369 docs: fix alpha image tag 
Signed-off-by: David Mehren <git@herrmehren.de>
 2023-10-08 19:25:19 +02:00
Philip Molares
d10c922cba docs: add netlify badge 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-08 19:21:10 +02:00
Philip Molares
09698579a7 fix: docs deployment 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-08 17:54:39 +02:00
Philip Molares
c1aa396a3e fix: docs deployment 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-08 17:44:00 +02:00
Philip Molares
576815013c fix: docs deployment 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-08 17:31:59 +02:00
Philip Molares
e09ddcb7ab fix: docs deployment 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-08 16:53:57 +02:00
renovate[bot]
f3a3055e08 chore(deps): update yarn to v3.6.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-07 12:44:15 +00:00
Philip Molares
5335c48df7 feat(config): warn user about not yet supported config 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-07 14:33:21 +02:00
Philip Molares
d43da06ec1 refactor: remove dropbox, facebook & twitter login 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
 2023-10-07 13:28:37 +02:00
David Mehren
0693812e8b refactor: remove HstsConfig 
This config object was originally ported from the HD1 config,
but is not required anymore.

HD2 does not support handling TLS anymore, so it does not make
sense for it to set TLS-related headers.
The reverse proxy terminating TLS can easily set HSTS headers.

Signed-off-by: David Mehren <git@herrmehren.de>
 2023-10-07 11:10:37 +02:00
renovate[bot]
bf3e7e1f44 chore(deps): update dependency mkdocs-material to v9.4.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-05 22:04:14 +00:00
renovate[bot]
288504f718 chore(deps): update dependency mkdocs-material to v9.4.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-02 12:25:33 +00:00
renovate[bot]
aa1b4b1a47 chore(deps): update dependency mkdocs-material to v9.4.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-25 09:40:57 +00:00
renovate[bot]
404c253930 chore(deps): update dependency mkdocs-material to v9.4.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-22 16:47:15 +00:00
renovate[bot]
64db7c7f79 chore(deps): update dependency mkdocs-material to v9.4.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-22 11:14:58 +02:00
renovate[bot]
9d6ce53bac chore(deps): update dependency markdownlint-cli2 to v0.10.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-22 10:37:27 +02:00