Commit graph

622 commits

Author SHA1 Message Date
John Costa
0a0723521b
feat(azure-devops): add optional WIQL override for auto backlog import (#8516)
* feat(azure-devops): add optional WIQL override for auto backlog import

Adds an optional autoImportWiql config field to the Azure DevOps issue
provider plugin. When set, it fully replaces the generated auto-import
backlog query, so the user controls scope, state filtering and ordering
(e.g. to filter by iteration path, area path or work item type, or to
match custom done-state names). When empty, behavior is unchanged from
today's scope-based query, so it is fully backward compatible.

This mirrors the Jira provider's autoAddBacklogJqlQuery (a full query the
user owns) rather than appending a fragment, which can only narrow the
hard-coded English done-state exclusion and cannot accept a real exported
WIQL Select..From..Where statement.

Adds a vitest suite covering the default scopes, quote escaping, the
verbatim override and the blank-fallback, wires the plugin into the
plugin-tests CI matrix, and updates the issue integration comparison wiki.

Closes #7674

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DY1ESWymmU9x9ykLNaRHGH

* test(azure-devops): use node test env, drop unneeded jsdom dependency

The plugin tests exercise no DOM API, so vitest's default node
environment is sufficient (matching the clickup and google-calendar
provider plugins). Removing jsdom prunes ~530 lines of transitive
devDependencies from the lockfile.

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Johannes Millan <johannes.millan@gmail.com>
2026-06-22 17:38:49 +02:00
dependabot[bot]
03aee68fba
chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536)
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 12:18:31 +02:00
dependabot[bot]
e79b8244e1
chore(deps)(deps): bump the github-actions-minor group with 3 updates (#8535)
Bumps the github-actions-minor group with 3 updates: [actions/setup-java](https://github.com/actions/setup-java), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action).


Updates `actions/setup-java` from 5.2.0 to 5.3.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](be666c2fcd...ad2b38190b)

Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](b430933298...718ea10b13)

Updates `anthropics/claude-code-action` from 1.0.147 to 1.0.152
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](56fa348258...51705da45e)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.152
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-22 12:18:19 +02:00
Johannes Millan
ce5c27c24c
ci(electron-build): cache electron binary + retry npm i to fix flaky install (#8487)
CI run 27780507031 failed when electron's npm postinstall timed out
(ETIMEDOUT) downloading its prebuilt binary from GitHub. Harden every
Electron build/package job against that transient failure.

- New composite action .github/actions/setup-electron-build: node 22, the
  git-over-HTTPS workaround, and a combined npm-registry + electron-binary
  cache (warm runs skip the flaky download). The electron cache dir is
  OS-specific, so all three are listed; actions/cache ignores absent ones.
- Each job retries `npm i` via nick-fields/retry (the repo's existing
  idiom) under shell:bash, dropping node_modules/electron between attempts
  so npm actually re-runs the postinstall (verified: npm skips scripts for
  an already-present package).
- mac/windows run `npm install @nx/<platform>` before `npm i`; since
  `npm install <pkg>` reifies the whole tree, electron downloads in that
  step, so the nx workaround is folded into the same retried command.

Routed through the composite: electron-smoke (linux), build.yml
(linux/mac/windows), manual-build (windows/mac), test-mac-dmg.
2026-06-19 13:02:33 +02:00
Johannes Millan
2a2b0b05c3 ci: gate super-sync-server tests on server-path PRs
super-sync-server unit tests (vitest) previously ran only nightly and on
push to master via e2e-scheduled.yml, so server-side sync fixes were never
gated by a PR check. Add a dedicated workflow with a workflow-level paths
filter (super-sync-server, shared-schema, and its transitive sync-core dep)
so the suite runs on PRs that touch server code and stays off the rest -
matching the repo's plugin-tests.yml separate-workflow convention.
2026-06-17 16:07:53 +02:00
Johannes Millan
7eeea37b7a ci(e2e): retry npm install to absorb Prisma postinstall ECONNRESET 2026-06-17 14:35:12 +02:00
dependabot[bot]
3055656d27
chore(deps)(deps): bump the github-actions-minor group with 4 updates (#8399)
Bumps the github-actions-minor group with 4 updates: [gradle/actions](https://github.com/gradle/actions), [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `gradle/actions` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](50e97c2cd7...3f131e8634)

Updates `ruby/setup-ruby` from 1.310.0 to 1.313.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](afeafc3d1a...89f90524b8)

Updates `anthropics/claude-code-action` from 1.0.133 to 1.0.147
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](787c5a0ce9...56fa348258)

Updates `github/codeql-action` from 4.36.0 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7211b7c807...8aad20d150)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: ruby/setup-ruby
  dependency-version: 1.313.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.147
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-15 15:38:31 +02:00
Johannes Millan
5e63eeb294
fix(plugins): stop leaked timers on plugin disable via onUnload hook (#8286)
* feat(sync): show actionable error on persistent WebDAV 409

When a WebDAV PUT keeps returning 409 Conflict even after the parent
collection is created, the Base URL / Sync Folder Path is misconfigured
(the classic Synology / raw-WebDAV setup mistake). Previously the raw
"HTTP 409 Conflict" (or a bare "Unknown error") reached the user with no
hint at the cause.

Throw a dedicated WebDavSyncFolderUnusableSPError with a privacy-safe,
actionable message (no path, no response body) at the spot that already
detects this condition. Mirrors NetworkUnavailableSPError: a fixed
user-facing message matched by instanceof.

* ci(release): revive contributors section in release notes

* fix(plugins): stop leaked timers on plugin disable via onUnload hook

* fix(plugins): harden onUnload teardown hook after review

* refactor(plugins): group lifecycle registers into options object

* fix(plugins): close onReady stale-guard gap and timer interleave race
2026-06-12 17:09:28 +02:00
Johannes Millan
ca08016828 ci(pr-preview): add testing call-to-action to preview comment 2026-06-12 12:57:00 +02:00
Johannes Millan
feb60c5028 ci(pr-preview): post preview link to linked issues
Comment the Cloudflare preview URL on any issue the PR closes (via a
Closes/Fixes #N keyword), in addition to the existing PR comment, so the
original reporter can validate the fix without checking out the PR.

- Resolve linked issues from the PR's closingIssuesReferences.
- Find-or-update one bot-authored marker comment per issue; in-place
  edits are silent, so subscribers are notified at most once.
- Reconcile any duplicate comments from a concurrent run.
- Guard on a non-empty issue list and deploy URL; add issues:write.
2026-06-11 17:23:13 +02:00
Johannes Millan
a48cc49803 ci(e2e): retry Docker service start to survive Docker Hub pull flakes
Scheduled SuperSync shard 4/6 failed on a transient Docker Hub timeout
pulling postgres:15-alpine (auth.docker.io request canceled) before any
test ran. Wrap the WebDAV and SuperSync 'docker compose up' steps in
nick-fields/retry (3 attempts) so a single registry blip no longer fails
the job; per-attempt timeout_minutes also bounds the unbounded SuperSync
health-wait loop.
2026-06-09 10:50:07 +02:00
Johannes Millan
d0dfb3dbe2 ci(android): avoid legacy SDK tools install 2026-06-05 20:18:08 +02:00
dependabot[bot]
e050d0408c
chore(deps)(deps): bump anthropics/claude-code-action (#7943)
Bumps the github-actions-minor group with 1 update: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action).


Updates `anthropics/claude-code-action` from 1.0.132 to 1.0.133
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](bbfaf8e1ff...787c5a0ce9)

---
updated-dependencies:
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.133
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-02 14:10:12 +02:00
Johannes Millan
dc3523b1c7
ci: auto-submit iOS and macOS App Store builds for review (#7857)
* ci: auto-submit iOS and macOS App Store builds for review

The iOS and Mac App Store workflows previously stopped after uploading the
build to App Store Connect via altool, leaving version creation, "What's New"
and submission as manual steps.

Add fastlane lanes (ios/mac release) that upload the prebuilt .ipa / MAS .pkg
using App Store Connect API key auth (reusing the existing notarization key
secrets), push release notes derived from build/release-notes.md, wait for
processing, submit for review and flag automatic release on approval.

Final version tags submit for review; pre-release tags (RC/beta/alpha) and
manual runs only upload the build. Listing metadata and screenshots remain
curated by hand in App Store Connect.

https://claude.ai/code/session_014c1W1mX7tfvFzpZ6wyWzsJ

* ci: wire iOS and Mac Store workflows to fastlane submit lane

The previous commit added the fastlane lanes but the workflow edits were not
applied. Replace the altool validate/upload steps in the iOS and Mac App Store
workflows with the fastlane submit lane: install fastlane, generate the App
Store "What's New" notes and run `fastlane <platform> release` with App Store
Connect API key auth.

Also extend the Mac workflow's harden-runner egress allowlist with the
rubygems and App Store Connect endpoints used by fastlane.

https://claude.ai/code/session_014c1W1mX7tfvFzpZ6wyWzsJ

* fix(ci): harden Apple App Store auto-submission after review

Address review findings on the iOS/macOS App Store automation:

- Tag gating: submit only when the tag has no "-" (final semver), instead of
  denylisting RC/beta/alpha. GitHub Actions contains() is case-sensitive and
  the repo's RC tags are mostly lowercase (-rc.N), so the old guard would have
  auto-submitted release candidates to production review.
- Fastfile: set skip_metadata so deliver no longer reads back and re-uploads
  curated listing fields; push only "What's New" via an inline release_notes
  hash. Warn against verbose mode (can dump the API key).
- Gemfile.lock: add arm64-darwin/x86_64-darwin platforms so bundle install
  works on the macOS runners.
- Workflows: install deps via pinned ruby/setup-ruby (bundler cache), and
  resolve the artifact path with a strict nullglob check (exactly one match)
  instead of ls | head.
- release-notes script: tighten emphasis regexes so stray * / _ (globs,
  snake_case) survive, anchor footer patterns so legitimate "download" lines
  are not dropped, and drop a duplicate mkdir.
- Docs: document the hyphen-based gate, single-use build numbers, automatic
  release behavior and inline validation.

https://claude.ai/code/session_014c1W1mX7tfvFzpZ6wyWzsJ

* fix(ci): correct deliver metadata + setup-ruby version (second review pass)

Two bugs introduced by the previous review-fix commit, both confirmed against
upstream source:

- Fastfile: skip_metadata: true makes deliver's upload_metadata return early
  (verified in fastlane 2.225.0 deliver/lib/deliver/upload_metadata.rb), so the
  "What's New" notes were never uploaded. Revert to metadata_path pointing at a
  dir that contains only <locale>/release_notes.txt; load_from_filesystem reads
  only that file (next unless File.exist?) with no remote read-back, so other
  listing fields stay untouched. Removed the now-unused inline release_notes
  helper.
- Workflows: ruby/setup-ruby throws when ruby-version is unset and no
  .ruby-version file exists (it does not fall back to system Ruby). Pin
  ruby-version: '3.3' in both workflows.

Docs updated to match the corrected metadata approach.

https://claude.ai/code/session_014c1W1mX7tfvFzpZ6wyWzsJ

* fix(ci): remove invalid wait_for_uploaded_build from deliver lanes

wait_for_uploaded_build is a pilot/upload_to_testflight option, not a deliver one. Passing it to upload_to_app_store makes fastlane raise on the unknown key and fail both iOS and macOS release lanes on every run. deliver already waits for the build to finish processing during submit (select_build -> wait_for_build_processing_to_be_complete), so no replacement is needed.

Also pin the ruby/setup-ruby comment to its resolved version (v1.310.0), and slice the App Store release notes by code point so a multi-byte character is never split at the 4000-char cap.

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-06-01 11:42:16 +02:00
Johannes Millan
52ee696cff ci(build): pin macOS jobs to macos-15 ahead of runner migration
GitHub migrates the macos-latest label to macOS 26 between
2026-06-15 and 2026-07-15. Pin the release, Mac App Store, and
manual macOS build jobs to macos-15 to avoid the image swapping
mid-release; macOS 15 is maintained for ~1 more year. build-ios.yml
already runs on macos-26 and is left unchanged.
2026-05-29 14:55:22 +02:00
dependabot[bot]
f1146613b3
chore(deps)(deps): bump the github-actions-minor group with 8 updates (#7778)
Bumps the github-actions-minor group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.19.3` | `2.19.4` |
| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.123` | `1.0.132` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.5` | `4.36.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` |
| [actions/stale](https://github.com/actions/stale) | `10.2.0` | `10.3.0` |


Updates `step-security/harden-runner` from 2.19.3 to 2.19.4
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](ab7a9404c0...9af89fc715)

Updates `anthropics/claude-code-action` from 1.0.123 to 1.0.132
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](51ea8ea73a...bbfaf8e1ff)

Updates `github/codeql-action` from 4.35.5 to 4.36.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](9e0d7b8d25...7211b7c807)

Updates `docker/login-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](4907a6ddec...650006c6eb)

Updates `docker/metadata-action` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](030e881283...80c7e94dd9)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](4d04d5d948...d7f5e7f509)

Updates `docker/build-push-action` from 7.1.0 to 7.2.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](bcafcacb16...f9f3042f7e)

Updates `actions/stale` from 10.2.0 to 10.3.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](b5d41d4e1d...eb5cf3af3a)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.132
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: docker/metadata-action
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: docker/build-push-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: actions/stale
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-26 14:43:25 +02:00
Johannes Millan
b3324e37b9
fix(ci): pin wiki-sync second checkout to actions/checkout@v5 (#7759)
* chore(plugins): re-bundle document-mode and document Stage A path

Reverts the unbundling from b0cae69ffe. Stage 0 (gzip + throttle, shipped
in 84625be849) handles size; document-mode remains opt-in per context, so
cross-context conflict risk is bounded. Stage A (keyed plugin-persistence
API, issue #7749) is the documented future path for closing the LWW gap
on different-context concurrent edits — picked up when conflicts are
observed in practice.

Design sketch with multi-reviewed phasing lives in
docs/plans/2026-05-23-stage-a-keyed-plugin-persistence.md. Predecessor
plan's "Future work" section now links to it.

* test(plugins): cover document-mode bundled load and PLUGIN_USER_DATA LWW

Follow-ups from the multi-review of 199e816479's re-bundling decision:

- E2E smoke test asserts document-mode appears in plugin management so
  a typo in BUNDLED_PLUGIN_PATHS fails loudly.
- Spec exercises PLUGIN_USER_DATA conflict resolution end-to-end, which
  previously relied on analogy to REMINDER (same array+null branch) but
  was never directly asserted after the migration off 'virtual'.
- Stage A plan risks: stale-editor-view gap surfaced by the review;
  PluginHooks.PERSISTED_DATA_UPDATE already exists in the API but is
  never dispatched host-side — wiring it is the path to a fix.
- background.ts: comment marks the known gap at the registerHook site.

* docs(plugins): plan for wiring PERSISTED_DATA_CHANGED hook

Designs the host-side wiring for the currently-dead
PluginHooks.PERSISTED_DATA_CHANGED so plugins can react to remote-driven
changes to their persisted data. Multi-reviewed twice; v4 trims scope to
host-only (no plugin adoption in this design) and preserves the
multi-review insights as seeds for the follow-up doc-mode adoption
tracked at issue #7752.

Implementation lands in a separate PR.

* fix(ci): pin wiki-sync second checkout to actions/checkout@v5

v6 stores credentials in a $RUNNER_TEMP file referenced via
includeIf.gitdir matchers; the wiki push intermittently runs without
credentials on github-hosted runners (run 26335467138 failed with
"could not read Username for 'https://github.com'"). v5 uses the
path-independent extraheader, which is stable for this second
checkout pattern.

Leaves the primary Checkout Code on v6.0.2 so Dependabot keeps it
current.

Refs: actions/checkout#2321, #2359
2026-05-23 20:41:44 +02:00
Johannes Millan
77f83c5687
test(e2e): harden failure signals and provider gates (#7753)
* test: harden e2e failure signals

Fail otherwise-passing E2E tests on browser runtime errors, keep Playwright retries disabled, preserve Docker E2E exit codes, and make plugin/WebDAV setup failures hard failures instead of logged or skipped conditions.

* test: harden provider e2e runners

Make WebDAV and SuperSync runner scripts require provider readiness, preserve cleanup and argument forwarding, and fail manual sync clients on uncaught page errors.

* ci: require providers for scheduled e2e

Set required-provider flags in scheduled WebDAV and SuperSync jobs, and remove the duplicate provider runner scripts while keeping local npm aliases inline.

* test: catch e2e teardown pageerrors and tighten fixture

- closeClient now asserts runtime errors AFTER context.close() so
  pageerrors emitted during teardown (Angular destroy hooks, late RxJS
  errors) are captured instead of dropped. Matches the pattern in
  guardContextCloseWithRuntimeErrorCheck.
- test.fixture.ts isolatedContext now spreads Playwright's merged
  contextOptions instead of destructuring 23 fields by hand. Future
  option additions propagate automatically; the page fixture uses the
  shared attachPageErrorCollector and only fails on pageerror (not
  console.error, which is too noisy). Guards against a configured 0
  timeout being treated as undefined.
- plugin-loading.spec.ts second test now hard-asserts that the plugin
  menu entry reappears after re-enable, matching the first test instead
  of silently logging when not visible.

* test(sync): stabilize ImmediateUploadService spec

Two complementary fixes for flaky failures observed under full-suite
random-order runs where the upload pipeline silently never fires:

- Pin navigator.onLine = true in beforeEach (restored in afterEach).
  isOnline() inside _canUpload reads navigator.onLine directly. The
  keyboard-layout spec replaces the whole navigator and the is-online
  spec spies on it; if order or restoration ever drifts, every "should
  fire upload" test fails trivially while the "should NOT" tests pass.
- Replace tick(2100) with tick(2000); flush(). The await chain inside
  withSession() (provider.isReady, withSession entry, uploadPendingOps,
  optional LWW re-upload) requires more microtask drain than tick's
  fixed-time window reliably provides under load. flush() drains the
  pipeline regardless.

* test(e2e): guard skipOnboarding init script against data: frames

The new page-error collector started failing plugin specs because
addInitScript runs in every frame — including the empty data:text/html
iframe that plugin-index swaps in on destroy — and localStorage access
in a data: URL throws SecurityError. Wrap the four setItem calls in
try/catch so the helper noops in storage-less frames.
2026-05-23 20:33:04 +02:00
Corey Newton
441952f0ed
chore(deps): add cooldown for NPM and GH Actions to reduce supply chain attack risk (#7685)
- Monthly/weekly update frequency reduces the window of exposure but the addition of a cooldown should help narrow it further.
- Implemented as suggested in this gist: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104
- I've opted to use the more conservative 3-day cooldown as this is the default in some tools.
- Dependabot needs to be adjusted in combination with .npmrc to avoid creating PRs that can't succeed.

Ref.
https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#cooldown-
2026-05-20 11:50:30 +02:00
Corey Newton
4889a5a2ea
chore: limit "resolved" actions to correct categories (#7679)
GH Action will incorrectly mark discussions without the question-answer
format as answered when that is not possible. The action should be fixed
but restricting to the correct categories will also avoid this problem.
2026-05-19 15:55:29 +02:00
dependabot[bot]
89ba858ce0
chore(deps)(deps): bump the github-actions-minor group with 4 updates (#7652)
Bumps the github-actions-minor group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [browser-actions/setup-chrome](https://github.com/browser-actions/setup-chrome), [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `step-security/harden-runner` from 2.19.1 to 2.19.3
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](a5ad31d6a1...ab7a9404c0)

Updates `browser-actions/setup-chrome` from 2.1.1 to 2.1.2
- [Release notes](https://github.com/browser-actions/setup-chrome/releases)
- [Changelog](https://github.com/browser-actions/setup-chrome/blob/master/CHANGELOG.md)
- [Commits](4f8e94349a...2e1d749697)

Updates `anthropics/claude-code-action` from 1.0.111 to 1.0.123
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](fefa07e9c6...51ea8ea73a)

Updates `github/codeql-action` from 4.35.3 to 4.35.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e46ed2cbd0...9e0d7b8d25)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: browser-actions/setup-chrome
  dependency-version: 2.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.123
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 13:41:41 +02:00
dependabot[bot]
87bf5f3d4c
chore(deps)(deps): bump cloudflare/wrangler-action from 3.15.0 to 4.0.0 (#7653)
Bumps [cloudflare/wrangler-action](https://github.com/cloudflare/wrangler-action) from 3.15.0 to 4.0.0.
- [Release notes](https://github.com/cloudflare/wrangler-action/releases)
- [Changelog](https://github.com/cloudflare/wrangler-action/blob/main/CHANGELOG.md)
- [Commits](9acf94ace1...ebbaa15849)

---
updated-dependencies:
- dependency-name: cloudflare/wrangler-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 13:41:31 +02:00
johannesjo
46d84d726c - ci(release): fix linux snap publishing race 2026-05-16 20:38:43 +02:00
johannesjo
351dfa1aa0 ci(aur): retry publish on transient failures 2026-05-16 20:31:57 +02:00
johannesjo
b83a6745e6 fix(supersync): prevent stale deploy image skew 2026-05-15 23:50:41 +02:00
Corey Newton
c39add913c
chore: combine and rename discussion pruning steps (#7610)
Re-ordered the steps to avoid a discussion that is marked as answered
just before the expiry to be false marked as OUTDATED.
Simplified messages.
Shortened waiting period for answered discussions.
2026-05-15 01:36:41 +02:00
Johannes Millan
24f8d390b6 ci(plugins): use npm i for root install to tolerate override drift
The root lockfile pins app-builder-lib's transitive minimatch via the
`overrides` field. npm 10.9.7 (bundled with Node 22 in setup-node@v6)
flags this as drift and fails `npm ci`, while npm 11 accepts it.
ci.yml's main test job uses `npm i`, which tolerates the drift without
mutating the lockfile on disk.

Plugin-Tests has been red on every PR since 2026-05-08 for this reason.
The inner `npm ci` for plugin-specific deps stays strict.
2026-05-13 21:22:02 +02:00
Johannes Millan
49d36577d8 ci(win-store): collect release notes for Partner Center upload
Fetch the GitHub release body for the tag and publish it as an artifact
plus a job-summary block, so the maintainer can paste it into Partner
Center's "What's new" field during the manual appx upload. Falls back to
a pointer message when the release isn't yet published.
2026-05-13 11:46:54 +02:00
Johannes Millan
16b7deab73 ci(e2e): increase supersync sharding 2026-05-12 10:36:57 +02:00
Johannes Millan
9fd9d386a8 refactor(sync): move vector clocks to sync-core 2026-05-11 15:21:08 +02:00
johannesjo
17e664f2fc build(release): add automated release notes 2026-05-10 00:24:47 +02:00
dependabot[bot]
3ed79229c5
chore(deps)(deps): bump the github-actions-minor group with 3 updates (#7479)
Bumps the github-actions-minor group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `step-security/harden-runner` from 2.19.0 to 2.19.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](8d3c67de8e...a5ad31d6a1)

Updates `anthropics/claude-code-action` from 1.0.107 to 1.0.111
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](567fe954a4...fefa07e9c6)

Updates `github/codeql-action` from 4.35.2 to 4.35.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](95e58e9a2c...e46ed2cbd0)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.111
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-04 19:39:03 +02:00
johannesjo
141e3b4e46 ci(snap): mount build dir to /project so snapcraft container finds sp.snap
The canonical snapcraft container runs snapcraft as a pebble service whose
working-dir is hard-coded to /project, so docker's -w flag is ignored. The
upload was running in /project (empty) and failing with "'sp.snap' is not a
valid file". Mount $PWD/.tmp/app-builds at /project instead.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 22:23:40 +02:00
Johannes Millan
41393b2736 build: drop redundant 'snapcraft' arg from snapcraft-rocks docker call
The snapcraft-rocks image (ghcr.io/canonical/snapcraft:8_core24) wraps
its entrypoint in /bin/run-snapcraft.sh which does `exec snapcraft "$@"`.
Passing `snapcraft upload sp.snap --release edge` therefore expanded to
`snapcraft snapcraft upload sp.snap --release edge`, and snapcraft
rejected it with "no such command 'snapcraft'" — failing every retry.

Drop the leading 'snapcraft' word so the wrapper sees only the
subcommand and args. Adds a 4-line WHY comment to prevent re-introduction.

The promote workflow (build-publish-to-snap-on-release.yml) is not
affected — it runs the whole job inside `container:`, so its bare
`snapcraft promote ...` already executes inside the image.
2026-05-02 17:49:09 +02:00
Corey Newton
cbc6cbaa73
Housekeeping for various docs, templates, and actions (#7451)
* chore: change Claude doc directives

Ensure docs are not only aimed at end users but also that they aren't
too myopic. DeepWiki can provide limitless detail on any topic.

* chore(ci): switch stalesweeper to a hash reference

* chore(ci): decrease frequency of discussion pruning

* chore(ci): fix "unanswered" logic for stale discussions

Close answered Q&A after 90 days as RESOLVED.
Close everything else after 180 days as OUTDATED.

* chore: clean up issue templates wrt docs

Also, invert the expected-observed order for bug report.
2026-05-02 13:58:25 +02:00
johannesjo
a168fb3db8 build: run snapcraft from canonical container instead of snap install
The snap-publish workflows have been failing intermittently with
"unable to contact snap store" coming from `sudo snap install snapcraft
--classic`. Both `samuelmeuli/action-snapcraft` and `canonical/action-publish`
use the same install path internally, so neither is a real alternative.

Switch to Canonical's actively-maintained snapcraft-rocks image
(ghcr.io/canonical/snapcraft:8_core24) which has snapcraft 8 pre-installed
and only needs SNAPCRAFT_STORE_CREDENTIALS — no snapd/snap-store handshake
on the runner. promote/upload subcommands and CLI flags are unchanged.

- build-publish-to-snap-on-release.yml: whole job runs in the container
- build.yml: keeps the existing ubuntu-latest job (npm/playwright/electron-builder
  need a normal Ubuntu env), but invokes snapcraft via `docker run` for the
  upload step

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 00:00:44 +02:00
johannesjo
4d3160d2bc build: fix snap build 2026-05-01 22:48:04 +02:00
johannesjo
af7ba05845 ci(ios): bump runner to macos-26 for iOS 26 SDK
Apple now requires Xcode 26 / iOS 26 SDK for App Store uploads
(mandatory since 2026-04-28). Switch the iOS release workflow to
the macos-26 runner and explicitly select Xcode 26.2.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 22:44:57 +02:00
dependabot[bot]
e960da0d25
chore(deps)(deps): bump the github-actions-minor group with 2 updates (#7385)
Bumps the github-actions-minor group with 2 updates: [r0adkll/upload-google-play](https://github.com/r0adkll/upload-google-play) and [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action).


Updates `r0adkll/upload-google-play` from 1.1.3 to 1.1.5
- [Release notes](https://github.com/r0adkll/upload-google-play/releases)
- [Commits](935ef9c68b...e738b9dd8f)

Updates `anthropics/claude-code-action` from 1.0.101 to 1.0.107
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](38ec876110...567fe954a4)

---
updated-dependencies:
- dependency-name: r0adkll/upload-google-play
  dependency-version: 1.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.107
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-27 11:06:22 +02:00
Johannes Millan
4473559fbd ci(plugins): run unit tests when plugin code changes
New workflow runs each plugin's `npm test` in a parallel matrix when
its directory or a shared package (plugin-api, vite-plugin) changes
on a PR. Detects per-plugin changes via three-dot `git diff` against
the PR base.
2026-04-25 22:36:14 +02:00
Johannes Millan
e72aa77336
Add Electron packaging smoke test to catch missing dependencies (#7336)
* ci(electron): verify packaged app.asar and smoke-test launch

Adds coverage for the gap that let #7320 ship: CI built electron TS
and ran electron-builder on release, but never exercised the packaged
binary. A stray relative import reaching out of electron/** was
compiled by tsc into src/app/util/*.js, fell outside the files glob
in electron-builder.yaml, and was missing from app.asar — the main
process crashed on launch for every 18.2.7 user.

Two new checks, both running on ubuntu-latest:

1. tools/verify-electron-requires.js extracts app.asar and re-resolves
   every relative require() under electron/** against the packaged
   tree. Runs on every PR that touches electron/**, electron-builder
   config, package.json, or the workflow itself. ~10s after the build.

2. A launch-under-xvfb smoke test starts the packaged binary, waits
   30s for a crash, and greps stderr for 'Cannot find module' /
   'Uncaught Exception'. Runs on push to master, release tags, and
   manual dispatch (not every PR — needs xvfb setup + idle wait).

Exposed as npm run electron:verify-asar for local use after dist.

* ci(electron): harden smoke workflow and verify script from review

Review feedback on the previous commit surfaced a handful of real
defects. Addressed here:

verify-electron-requires.js
- Guard resolved paths against escaping the extracted asar tree.
  Without this, a relative require with enough `..` climbs above the
  temp dir and Node's resolver hits the host filesystem, masking a
  genuinely missing module behind a stray file on the CI runner.
- Walk .cjs and .mjs files too. electron/simple-store.test.cjs ships
  via the `electron/**/*` glob and was being skipped.
- Move cleanup out of the path where `process.exit(1)` runs inside a
  `try/finally` (synchronous exit does not guarantee `finally`), so
  the temp dir is reliably removed.
- Code comment noting that esbuild-bundled preload.js is opaque to
  this walker — that coverage comes from the launch smoke test.

electron-smoke.yml
- Broaden pull_request paths filter. The previous filter only matched
  electron/**, which is exactly the wrong answer: #7320's root cause
  was a file under src/app/util/ that electron/ imported. Now uses a
  negative list — docs, translations, android/, ios/, other workflows.
- Explicit Xvfb screen geometry (`-screen 0 1280x720x24`) and
  `--disable-dev-shm-usage` on the Electron side. Both known CI
  flake preventers.
- Expanded crash-marker regex: SIGSEGV, Segmentation fault,
  TypeError:, ReferenceError:, FATAL ERROR, Check failed. Also scan
  the log during the liveness loop, not just at the end — catches
  main-process exceptions that get logged without killing the
  process.
- Move the launch log under .tmp/smoke/ so upload-artifact@v7 reliably
  finds it on failure; /tmp paths are fragile across runner images.
- Sweep stray electron worker processes on teardown via pkill.

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-23 21:53:28 +02:00
Johannes Millan
80976c32c1 ci(electron): wire node --test for electron/*.test.cjs
Follow-up to #7297: the simple-store regression test only ran via
local invocation. Add a test:electron npm script and run it in the
CI Tests job so simple-store fixes stay regression-guarded.
2026-04-21 21:50:52 +02:00
dependabot[bot]
1b8616ca89
chore(deps)(deps): bump the github-actions-minor group across 1 directory with 8 updates (#7289)
Bumps the github-actions-minor group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.17.0` | `2.19.0` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |
| [KSXGitHub/github-actions-deploy-aur](https://github.com/ksxgithub/github-actions-deploy-aur) | `4.1.2` | `4.1.3` |
| [signpath/github-action-submit-signing-request](https://github.com/signpath/github-action-submit-signing-request) | `2.1` | `2.2` |
| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.93` | `1.0.101` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.2` |
| [cloudflare/wrangler-action](https://github.com/cloudflare/wrangler-action) | `3.14.1` | `3.15.0` |



Updates `step-security/harden-runner` from 2.17.0 to 2.19.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](f808768d15...8d3c67de8e)

Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](53b83947a5...48b55a011b)

Updates `actions/cache` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](668228422a...27d5ce7f10)

Updates `KSXGitHub/github-actions-deploy-aur` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/ksxgithub/github-actions-deploy-aur/releases)
- [Commits](abe8ac26b5...da03e16036)

Updates `signpath/github-action-submit-signing-request` from 2.1 to 2.2
- [Release notes](https://github.com/signpath/github-action-submit-signing-request/releases)
- [Commits](bc66d86b01...b9d91eadd3)

Updates `anthropics/claude-code-action` from 1.0.93 to 1.0.101
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](b47fd721da...38ec876110)

Updates `github/codeql-action` from 4.35.1 to 4.35.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c10b8064de...95e58e9a2c)

Updates `cloudflare/wrangler-action` from 3.14.1 to 3.15.0
- [Release notes](https://github.com/cloudflare/wrangler-action/releases)
- [Changelog](https://github.com/cloudflare/wrangler-action/blob/main/CHANGELOG.md)
- [Commits](da0e0dfe58...9acf94ace1)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: KSXGitHub/github-actions-deploy-aur
  dependency-version: 4.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: signpath/github-action-submit-signing-request
  dependency-version: '2.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.101
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: github/codeql-action
  dependency-version: 4.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: cloudflare/wrangler-action
  dependency-version: 3.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-20 13:41:16 +02:00
Johannes Millan
01e30b9c7e
Feat/to me it looks like there are lots of 60dd04 (#7280)
* fix(issue): prevent crash from orphan issueProviderId (#7135)

The Jira image-headers effect in task-detail-panel subscribed to
selectIssueProviderById without an error handler, so a task with an
issueProviderId pointing at a deleted provider (e.g. after sync
convergence where taskIdsToUnlink didn't cover all local tasks)
propagated the selector throw to Zone.js as a crash dialog. Wrap the
inner selector observable in catchError that logs and falls back to
of(null); the downstream jiraCfg?.isEnabled guard handles the fallback.

Also drop IssueLog.log(issueProviderKey, issueProvider) from the
throwing variant of the selector: providers may carry credentials
(host, token, apiKey) and IssueLog history is exportable.

* fix(focus-mode): sync tray countdown with in-app timer during breaks

Tray title was rebuilt from a cached currentFocusSessionTime that only
refreshed when CURRENT_TASK_UPDATED fired. addTimeSpent is gated on an
active current task, so during focus-mode breaks or task-less focus
sessions the cache froze while the in-app timer kept ticking.

Add the tick action to taskChangeElectron$ so the cache refreshes every
second whenever the focus timer is running.

Fixes #7278

* fix(ci): restore GitHub Actions SHA pins undone by 0e9218bd68

Commit 0e9218bd68 silently reverted PR #7212 (github-actions-minor group
bump) along with its stated sync/client-id work. This restores the 15
workflow files to their pre-revert state.

Actions restored to newer pinned SHAs:
- actions/upload-artifact v7.0.0 -> v7.0.1
- step-security/harden-runner v2.16.1 -> v2.17.0
- softprops/action-gh-release v2.6.1 -> v3.0.0
- signpath/github-action-submit-signing-request v2.0 -> v2.1
- anthropics/claude-code-action v1.0.89 -> v1.0.93
- docker/build-push-action v7.0.0 -> v7.1.0
- easingthemes/ssh-deploy v5.1.1 -> v6.0.3

* fix: restore i18n, UI, and docs work undone by 0e9218bd68

Commit 0e9218bd68 silently reverted the following work alongside its stated
sync/client-id changes. Files where later master commits (fec7b25f23, etc.)
already re-applied the reverted work are intentionally left untouched.

Restored:
- #7232 docs/long-term-plans/location-based-reminders.md (513 lines)
- #7199 Romanian i18n phase 3 (ro.json + ro-md.json, ~1168 lines)
- #7049 Polish translation improvements
- #7143 planner component styling (4 scss files)
- #7211 add-task-bar preserve time estimate when typing title
- #7208 task.reducer roll-up estimates for added subtasks
- #6767 focus-mode pomodoro reset button
- #7205 plugin-dev github-issue-provider TOKEN description
- #7231 mobile-bottom-nav FAB fix
- a4fe03272 iOS keyboard accessory bar (global-theme + dialog-fullscreen-markdown)
- 309670db3 ShortSyntaxEffects undefined guard
- 667a7986f Dropbox PKCE auth comment/behavior

* fix(electron): restore electron + e2e work undone by 0e9218bd68

Commit 0e9218bd68 silently reverted the following electron/e2e work.
Files already re-fixed by later master commits are left as-is:
- e2e/tests/sync/supersync-archive-conflict.spec.ts (de33234976 + 191d129ff3)

Restored:
- e8a3e156eb fix(electron): Linux autostart IDB backing-store recovery
  (re-adds electron/clear-stale-idb-locks.ts + start-app.ts wiring)
- 5ce78a5b63 fix(electron): macOS Cmd+Q / Dock > Quit hang
  (setIsQuiting + before-quit delegate to close-handler)
- 46e0fa2d01 fix(sync): FILE_SYNC_LIST_FILES IPC contract
  (electronAPI.d.ts + local-file-sync + preload + ipc-events)
- ea1ef16307 fix(android): session-only SAF permissions on OEM devices
- 8865dc0a50 test(e2e): supersync parallel-worker stampede guard
  (SUPERSYNC_SERVER_HEALTHY env-var fallback + goto retry loop)
- af7c7687e2 test(e2e): block WS-triggered downloads in non-WS specs
- 265b44db5d test(e2e): premature waitForURL on daily-summary
  (this is literally the fix the bad commit's message claimed to add)

Conflict resolutions:
- e2e/utils/supersync-helpers.ts: kept the refined getDoneTaskElement
  checks from d64014d086 (later than c558bcab5e) while restoring the
  goto retry loop from 8865dc0a50.
- electron/start-app.ts: unioned imports (setIsQuiting +
  clearStaleLevelDbLocks from theirs, fs from ours).

* fix(sync): restore sync-core work undone by 0e9218bd68

Commit 0e9218bd68 silently reverted parts of several sync fixes. Most
sync-core reverts have already been re-addressed differently on master
by later commits (1f5184f6e7, 05cd875dd6, 09f5ced2c9, 7df43358ab,
d9158d6adb, 32dbc95ed9, 8c3b08e016, f89fe1ebc3) — those files are
intentionally left untouched to avoid reverting master's newer work.

This PR restores only the pieces that are genuinely still missing:

- e8a3e156eb fix(electron): IDB backing-store autoreload (in-app piece)
  operation-log-hydrator.service.ts + .spec.ts (the electron/clear-
  stale-idb-locks.ts piece was restored in the prior commit)

Plus three low-risk documentation/cleanup restorations:
- operation-sync.util.ts — add "Nextcloud" to isFileBasedProvider JSDoc
- dropbox.ts — restore improved _getRedirectUri JSDoc (667a7986fb)
- dialog-get-and-enter-auth-code.component.ts — restore isNativePlatform
  comment explaining why manual code entry flow is used (667a7986fb)
- file-adapter.interface.ts — remove stray "// NEW" comment (46e0fa2d01)

Intentionally NOT restored (master's newer work covers or supersedes):
- sync-trigger.service.ts / sync.effects.ts (05cd875dd6)
- sync-wrapper.service.ts (1f5184f6e7)
- sync-errors.ts (1f5184f6e7 re-added LegacySyncFormatDetectedError)
- file-based-sync-adapter.service.ts + spec (1f5184f6e7 + d9158d6adb)
- file-based-sync.types.ts (1f5184f6e7)
- operation-log.const.ts (32dbc95ed9 bumped IDB_OPEN_RETRIES to 5)
- dialog-sync-initial-cfg.component.ts (f89fe1ebc3)
2026-04-20 12:04:38 +02:00
Johannes Millan
0e9218bd68 fix(sync): handle data validation errors and improve client ID management
- Separate JsonParseError and SyncDataCorruptedError handlers in sync wrapper
- Handle corrupted remote data gracefully instead of throwing
- Add getOrGenerateClientId() as unified entry point, eliminating dual injection
  of ClientIdService + CLIENT_ID_PROVIDER in snapshot-upload, file-based-encryption,
  and sync-hydration services
- Use crypto.getRandomValues() instead of Math.random() for client ID generation
- Warn user when stored client ID is invalid and must be regenerated
- Fix flaky e2e supersync tests (premature waitForURL match on daily-summary URL)
2026-04-16 17:41:39 +02:00
dependabot[bot]
e5d34f6a96
chore(deps)(deps): bump easingthemes/ssh-deploy from 5.1.1 to 6.0.3 (#7151)
Bumps [easingthemes/ssh-deploy](https://github.com/easingthemes/ssh-deploy) from 5.1.1 to 6.0.3.
- [Release notes](https://github.com/easingthemes/ssh-deploy/releases)
- [Changelog](https://github.com/easingthemes/ssh-deploy/blob/main/docs/CHANGELOG.md)
- [Commits](a1aa0b6cf9...2cc5b27bf3)

---
updated-dependencies:
- dependency-name: easingthemes/ssh-deploy
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-13 16:41:16 +02:00
dependabot[bot]
d77cd0eb93
chore(deps)(deps): bump the github-actions-minor group with 5 updates (#7212)
Bumps the github-actions-minor group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.1` | `2.17.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [signpath/github-action-submit-signing-request](https://github.com/signpath/github-action-submit-signing-request) | `2.0` | `2.1` |
| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.89` | `1.0.93` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.1.0` |


Updates `step-security/harden-runner` from 2.16.1 to 2.17.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](fe10465874...f808768d15)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](bbbca2ddaa...043fb46d1a)

Updates `signpath/github-action-submit-signing-request` from 2.0 to 2.1
- [Release notes](https://github.com/signpath/github-action-submit-signing-request/releases)
- [Commits](3f9250c566...bc66d86b01)

Updates `anthropics/claude-code-action` from 1.0.89 to 1.0.93
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](6e2bd52842...b47fd721da)

Updates `docker/build-push-action` from 7.0.0 to 7.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](d08e5c354a...bcafcacb16)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: signpath/github-action-submit-signing-request
  dependency-version: '2.1'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.93
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-13 16:40:32 +02:00
dependabot[bot]
b074642d01
chore(deps)(deps): bump softprops/action-gh-release (#7213)
Bumps the softprops-action-gh-release-major group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `softprops/action-gh-release` from 2.6.1 to 3.0.0
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](153bb8e044...b430933298)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: softprops-action-gh-release-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-13 16:40:29 +02:00
dependabot[bot]
77a065a1b9
chore(deps)(deps): bump the github-actions-minor group with 7 updates (#7150)
Bumps the github-actions-minor group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.0` | `2.16.1` |
| [gradle/actions](https://github.com/gradle/actions) | `6.0.1` | `6.1.0` |
| [android-actions/setup-android](https://github.com/android-actions/setup-android) | `4.0.0` | `4.0.1` |
| [KSXGitHub/github-actions-deploy-aur](https://github.com/ksxgithub/github-actions-deploy-aur) | `4.1.1` | `4.1.2` |
| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.82` | `1.0.89` |
| [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` |
| [zenoprax/stalesweeper](https://github.com/zenoprax/stalesweeper) | `1.0.0` | `1.1.2` |


Updates `step-security/harden-runner` from 2.16.0 to 2.16.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](fa2e9d605c...fe10465874)

Updates `gradle/actions` from 6.0.1 to 6.1.0
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](39e147cb9d...50e97c2cd7)

Updates `android-actions/setup-android` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/android-actions/setup-android/releases)
- [Commits](651bceb6f9...40fd30fb8d)

Updates `KSXGitHub/github-actions-deploy-aur` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/ksxgithub/github-actions-deploy-aur/releases)
- [Commits](2ac5a4c1d7...abe8ac26b5)

Updates `anthropics/claude-code-action` from 1.0.82 to 1.0.89
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](88c168b39e...6e2bd52842)

Updates `docker/login-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](b45d80f862...4907a6ddec)

Updates `zenoprax/stalesweeper` from 1.0.0 to 1.1.2
- [Release notes](https://github.com/zenoprax/stalesweeper/releases)
- [Commits](https://github.com/zenoprax/stalesweeper/compare/v1.0.0...v1.1.2)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.16.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: gradle/actions
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: android-actions/setup-android
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: KSXGitHub/github-actions-deploy-aur
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.89
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-minor
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
- dependency-name: zenoprax/stalesweeper
  dependency-version: 1.1.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-09 20:34:50 +02:00
Corey Newton
972acd358c
docs/wiki content v0.8 (#7068)
* docs(wiki): refactor download page

Rework and improve download page in preparation for README updates.

* chore(ci): simplify the initial release text

Centralizing all links to one place will make maintenance of docs
easier.

* chore(docs): Update meta docs and templates

Aligning issue templates and other docs to support the use of the wiki
and to encourage additions from others.

* chore(docs): align README with new download page
2026-04-01 12:40:28 +02:00