mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-09-18 15:08:47 -04:00
HedgeDoc - Ideas grow better together
1f1231a730
Some checks failed
E2E Tests / backend-sqlite (push) Has been cancelled
Static Analysis / CodeQL analysis (javascript) (push) Has been cancelled
Run tests & build / Test and build with NodeJS ${{ matrix.node }} (true, 20) (push) Has been cancelled
Docker / build-and-push (backend) (push) Has been cancelled
Docker / build-and-push (frontend) (push) Has been cancelled
Deploy HD2 docs to Netlify / Deploys to netlify (push) Has been cancelled
E2E Tests / backend-mariadb (push) Has been cancelled
E2E Tests / backend-postgres (push) Has been cancelled
E2E Tests / Build test build of frontend (push) Has been cancelled
Lint and check format / Lint files and check formatting (push) Has been cancelled
REUSE Compliance Check / reuse (push) Has been cancelled
Scorecard supply-chain security / Scorecard analysis (push) Has been cancelled
Static Analysis / Njsscan code scanning (push) Has been cancelled
E2E Tests / frontend-cypress (1) (push) Has been cancelled
E2E Tests / frontend-cypress (2) (push) Has been cancelled
E2E Tests / frontend-cypress (3) (push) Has been cancelled
This workflow was used in an early stage of development of HedgeDoc 2. It allowed the core developers to quickly check fixes, improvements or new features to the HedgeDoc UI without the requirement to check-out the branch locally. As not every pull request required a deployment, this workflow was only triggered when the "ci: force deployment" label was added. Since some time already, the frontend and backend are so tightly coupled that the netfliy deployment doesn't make any sense anymore and therefore hasn't been used anymore. This commit therefore removes this leftover workflow. @RedYetiDev contacted us privately and reported that this deployment workflow could have been abused to invoke arbitrary commands, including extraction of environment variables which include our tokens for the turborepo build cache or the netlify deployment token. For this it would have been required that somebody created a "safe" pull request, which would have been labelled with the deployment label and then changed afterwards since the workflow checks out the pull request source repository, not the target. We assured that the label was only added to pull requests from trusted members of the HedgeDoc core team. There was never any malicious use of the workflow. Furthermore, no released versions of HedgeDoc (1.x) could have been affected by this, even in the worst-case scenario. We're thankful for putting this risk at our attention! If you too encounter something unusual regarding security in HedgeDoc itself or our toolchain around it, don't hesitate to contact us. Details on this are wriiten in our SECURITY.md in the root of the repository. Signed-off-by: Erik Michelson <github@erik.michelson.eu> |
||
|---|---|---|
| .github | ||
| .idea/copyright | ||
| .reuse | ||
| .yarn | ||
| backend | ||
| commons | ||
| dev-reverse-proxy | ||
| docker | ||
| docs | ||
| frontend | ||
| html-to-react | ||
| LICENSES | ||
| markdown-it-plugins | ||
| .dockerignore | ||
| .env.example | ||
| .env.example.license | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| .mailmap.license | ||
| .nvmrc | ||
| .nvmrc.license | ||
| .yarnrc.yml | ||
| AUTHORS | ||
| CODE_OF_CONDUCT.md | ||
| codecov.yml | ||
| CONTRIBUTING.md | ||
| developer-certificate-of-origin.txt | ||
| developer-certificate-of-origin.txt.license | ||
| LICENSE | ||
| package.json | ||
| package.json.license | ||
| README.md | ||
| renovate.json | ||
| renovate.json.license | ||
| SECURITY.md | ||
| turbo.json | ||
| turbo.json.license | ||
| yarn.lock | ||
| yarn.lock.license | ||
HedgeDoc lets you create real-time collaborative markdown notes.
Getting Started
- ℹ️ Read all about HedgeDoc and the history of the project on our website
- 🧪 Try out HedgeDoc with the demo instance. Check out the features page!
- 💽 Install HedgeDoc yourself using the install guide
- ❓ Questions? Join our Matrix chat or the community forums
- 💬 Stay up to date by subscribing to the release feed
State of the project
HedgeDoc 1.x is stable and used around the world, but the codebase has grown over time,
making it hard to add new features.
We are currently working on HedgeDoc 2, a complete rewrite of HedgeDoc. Please note the following:
- This branch contains the latest development code and does not implement all features yet. If you are looking for the 1.x source code, have a look at the master branch.
- The 1.x release is maintenance-only. We do not accept feature requests or PRs for this release anymore and may choose to close non-critical bug reports, if the bug will be non-existent in 2.0.
- HedgeDoc 2 will be split in two components. The backend and the frontend. Both are present in this repository.
Development
Information for setting up a local development environment can be found in the developer documentation
HedgeDoc 2 Alpha
Curious about the new look and feel of HedgeDoc 2? We provide a demo of the alpha on hedgedoc.dev.
If you want to try it out on your own devices, visit the HedgeDoc 2 docs. But be aware that these may change over time.
Contributions
We welcome contributions!
Have a look at our contribution docs to find out how you can help. If you want to contribute to
HedgeDoc 2, please join our development chat.
License
Licensed under AGPLv3. For our list of contributors, see AUTHORS.
The license does not include the HedgeDoc logo, whose terms of usage can be found in the github repository.