Add a new supersync-server-tests job to the scheduled E2E workflow that
runs the SuperSync server unit tests (vitest). These were previously
missing from CI entirely.
Also extend the push path filter to include packages/super-sync-server
and packages/shared-schema so the workflow triggers on pushes to master
that change server code.
Signing failure previously resulted in no exe files in the release
because all publish steps were gated on signing success, but
continue-on-error silently swallowed the failure. Now the job
fails hard if signing fails, making the problem visible. Also
increases SignPath timeout from 10 to 60 minutes.
Root cause: electron-builder auto-published unsigned files via implicit
tag-based publishing (despite release:false), and spaces in NSIS
artifact names caused naming mismatches — electron-builder sanitized
spaces to hyphens while softprops/action-gh-release converted them
to dots, resulting in three sets of exe files per architecture.
Changes:
- Hardcode NSIS artifactName with hyphens to eliminate spaces
- Add --publish never to explicitly prevent auto-publishing
- Update latest.yml with signed file hashes (preserving EB fields)
- Use lockfile-pinned app-builder-bin for blockmap regeneration
- Scope blockmap publishing to NSIS setup files only
- Fail hard if latest.yml references missing files
PowerShell (default on Windows) treats $GITHUB_OUTPUT as an undefined
variable instead of the environment variable, so the cache path output
was never written, causing actions/cache to fail with "path required".
Split PR preview into two workflows using the workflow_run pattern:
- pr-preview-build.yml (pull_request): builds without secret access
- pr-preview-deploy.yml (workflow_run): deploys pre-built artifact with secrets
Prevents fork PR authors from executing arbitrary code with access to
CLOUDFLARE_API_TOKEN, UNSPLASH_KEY, and other repository secrets.
* ci: add package-lock.json registry check and pin npm registry
Prevents contributors using mirror registries (e.g. npmmirror.com) from
rewriting all resolved URLs in package-lock.json, which also causes
cascading formatting changes due to different dependency versions.
* fix(ci): use || true instead of || echo 0 in registry check
When all resolved URLs are standard, grep -cv outputs 0 and exits with
code 1. The || echo 0 then fires and also outputs 0, making BAD_COUNT
"0\n0" which causes a bash integer expression error. Using || true
swallows the exit code without extra output.
---------
Co-authored-by: Kondamon <kondamon@github.com>
* fix(ci): replace deprecated set-output and fix E2E test failures
- Replace deprecated `::set-output` with `$GITHUB_OUTPUT` in all
workflow files (build.yml, ci.yml, build-android.yml, manual-build.yml)
- Fix recurring-start-date-epoch-bug-6860 E2E test: use en-GB date
format (DD/MM/YYYY) instead of US format since app defaults to en-GB
- Fix recurring-future-start-date-bug-6856 E2E test: wait for Save
button to be enabled, increase persistence wait, and fix
reload/navigation ordering for more reliable state verification
https://claude.ai/code/session_01JovQ5nVMSVQXUBFVknZtSm
* fix(ci): replace deprecated set-output in remaining workflow files
Fix 3 additional workflow files that still used the deprecated
::set-output syntax: build-create-windows-store-on-release.yml,
build-publish-to-mac-store-on-release.yml, and
build-update-web-app-on-release.yml.
https://claude.ai/code/session_01JovQ5nVMSVQXUBFVknZtSm
---------
Co-authored-by: Claude <noreply@anthropic.com>
Add deadline support for tasks with date-only and time-specific deadlines.
Core:
- Add deadlineDay, deadlineWithTime, deadlineRemindAt fields to task model
- Add NgRx actions (setDeadline, removeDeadline, clearDeadlineReminder)
- Add meta-reducer with mutual exclusivity and input validation
- Register deadline actions in ActionType enum and op-log codes
UI:
- Create deadline dialog with calendar, time input, and reminder options
- Add deadline badge to task list row with overdue warning color
- Add deadline item to task detail panel with flag icon
- Add deadline options to task context menu
- Show deadlines in scheduled list page
Reminders:
- Add deadline reminder effects and selectors
- Show reminder dialog with grouped deadline/schedule sections
- Handle deadline reminder clearing on dismiss, done, add-to-today
- Cancel Android native deadline notifications on delete/archive
Planner:
- Show deadline tasks in planner day view and overdue section
- Create dedicated planner-deadline-task component
- Optimize deadline grouping with O(N) single-pass selector
Other:
- Add deadline-today banner effect for unplanned deadline tasks
- Add translation keys for all deadline UI strings
- Add E2E tests for deadline reminder flows
- Add unit tests for deadline reducer and overdue utility
- Extract shared isDeadlineOverdue utility function
- Guard app-state selectors against undefined during teardown
The action-electron-builder omits --publish when release=false, causing
electron-builder to default to onTag on CI and publish unsigned files.
The signed files were then published separately, creating duplicates.
- Add --publish never to explicitly prevent auto-publishing
- Hardcode NSIS artifactName with hyphens to avoid SignPath converting
spaces to dots (Super.Productivity → Super-Productivity)
- Skip blockmap regeneration for portable targets, fail loudly if an
NSIS blockmap is unexpectedly missing
- Update normalization comment and docs filename reference
- Remove outdated feature requests from .github/CONTRIBUTING.md (GitLab
support already exists) and add commit message format section
- Improve PR template with type-of-change checkboxes and checklist
- Update commit guideline links in README and CONTRIBUTING.md to
reference the project's own format instead of external angular.js docs
- Add "only edit en.json" rule to TRANSLATING.md and clarify workflow
- Update add-new-integration.md provider list to match codebase (add
Trello, ClickUp, Linear, Azure DevOps, Nextcloud Deck; note GitHub
plugin migration; fix type name to BuiltInIssueProviderKey)
- Add cross-references between mac certificate docs and remove 240-line
duplicate section from update-mac-certificates.md
- Clean up update-android-app.md (specify npm version args, collapse
deprecated workflow, translate German UI labels to English)
- Add context to howto-refresh-snap-credentials.md
- Fix fine-grained token note in github-access-token-instructions.md
- Fix absolute URL to relative path in gitlab-access-token-instructions.md
- Fix grammar in i18n-script-usage.md
- Add status headers to all 19 long-term plan files (Planned, Completed,
Archived with reason, Investigation Complete)
- Fix broken relative link in hybrid-manifest-architecture.md
- Delete supersync-scenarios-simplified.md (duplicate of
supersync-scenarios.md; known issues already covered there)
- Rename vector-clock-pruning-research.md to
vector-clock-history-and-alternatives.md for clarity
- Pin actions/checkout to commit hash for supply-chain security
- Pass github context via env vars to prevent script injection
- Guard against empty PREV_TAG on first release
- Remove unused step id
Remove allowed_non_write_users: '*' which allowed any fork PR to trigger
the review workflow with base repo secrets. Remove unnecessary id-token:
write permission. Fixes GHSA-v4qq-p376-rvh8.
Remove the premature unsigned exe upload that caused duplicate release
assets with different naming (hyphens vs dots). Now only signed binaries
are published via a single upload at the end, guarded by SignPath success.
The review agent was denied all 7 attempts to access PR code because:
- Read/Glob/Grep tools were missing from allowedTools
- Shell pipes/redirects caused Bash(gh pr diff:*) to not match
- gh pr checkout and git diff were not in the allowed list
- Only the base branch was checked out (fetch-depth: 1)
SignPath renames files (spaces become dots), causing duplicate assets on
GitHub releases. Normalize filenames by stripping spaces, dots, and
hyphens to match signed files back to their originals, then overwrite
in-place to preserve the correct asset names for website download links.
The stalesweeper action needs write access to close discussions and add
comments. Without explicit permissions, the GITHUB_TOKEN only has read
access, causing FORBIDDEN errors.
Lint and unit tests are already covered by the main CI workflow.
Removing them from the Windows Store build avoids failures from
Windows-specific test issues and speeds up artifact creation.
* ci(community): initial discussion pruning workflow
This is the original workflow from steffen-karlsson/stalesweeper@v1.1.1
https://github.com/marketplace/actions/stalesweeper
The debug mode does not work which makes testing with dry-run impossible.
There is a re-worked action that probably won't get merged: https://github.com/thenick775/stalesweeper
I'm preserving the original workflow for posterity and potential troubleshooting. See next commit for details.
* ci(community): revised workflow for revised action
This is a new workflow that uses the modified thenick775/stalesweeper action.
https://github.com/LizardByte/community/blob/master/.github/workflows/discussions-stale.yml
Verbose mode appears to built-in now: b7f8c5e1c3
This workflow requires additional modifications as it uses environment variables and other settings that are not applicable to the SP repo.
* ci(community): add first valid workflow
Remove unnecessary permissions.
Remove unnecessary token placeholders.
Reduce frequency of workflow to reduce API calls.
Change defaults for manual runs to use safer options.
Use 180 days for the standard "expiry date" for regular discussions.
Create separate job and expiry for answered questions in "Q&A".
Make an exception for any discussions marked as "documentation gap".
* ci(community): switch action to controlled fork
There is really only a single action in GH Marketplace that does what is
needed and relying on a fork of *that* is a bit risky. I've separated
this commit out for easier `git revert` later on if needed.
Add a create-release job that pre-creates a single draft release
before mac-bin and windows-bin start. This eliminates the race
condition where parallel jobs each created their own draft release.
The actions/first-interaction@v3 action has a bug where isFirstPullRequest()
fetches all PRs without a creator filter, causing returning contributors to
receive "first PR" greetings on every PR. Replace with inline script using
GitHub Search API with proper author filtering.
Closes#6500
* fix(build): fix Play Store always showing version 16.7.3
Two issues caused production releases to always show as 16.7.3:
1. APKs were uploaded to the internal track with status: draft.
The promote action only sees active (non-draft) releases, so it
kept promoting the last non-draft version (16.7.3).
2. The promote workflow triggered on release:published, which fires
before the Android build finishes uploading. This race condition
meant the promotion always ran against stale internal track state.
Fix: change upload status to completed and move the promotion step
into the build workflow (after the upload), eliminating the race
condition. Remove the now-redundant auto-publish workflow.
https://claude.ai/code/session_01N8ddANh4ejMn3kYLajkL5V
* Revert "fix(build): fix Play Store always showing version 16.7.3"
This reverts commit a99f43ec1a.
* fix(build): fix Play Store always showing version 16.7.3
APKs were uploaded to the internal track with status: draft. When the
promote action later ran (on manual release publish), the Google Play
API could not promote a draft release to production, so it kept the
last non-draft version (16.7.3) on the production track.
Change upload status from draft to completed so the release is
promotable when the separate auto-publish workflow runs.
https://claude.ai/code/session_01N8ddANh4ejMn3kYLajkL5V
---------
Co-authored-by: Claude <noreply@anthropic.com>
The Windows job was publishing the release immediately (draft: false),
causing Linux and Mac electron-builder uploads to skip because they
found an already-published release instead of the expected draft.
Publish unsigned artifacts to the release first so Windows binaries are
always available. Signing steps run as best-effort with continue-on-error
and overwrite the unsigned assets on success.
Integrate SignPath signing directly into the windows-bin job so build
and signing happen in the same workflow (required for origin verification).
- Add signing steps: upload artifact, sign with SignPath, verify signatures
- Regenerate blockmaps and update latest.yml sha512 after signing
- Scope id-token:write permission to windows-bin job only
- Pin SignPath action to SHA, update action-gh-release to v2.5.0
- Delete standalone signpath-code-signing.yml workflow
Change both Apple store release workflows to trigger on v* tag push
instead of GitHub release publication, matching the Microsoft Store
workflow pattern. This also removes prerelease checks so builds run
for all tags including prereleases.
macos-26 runner defaults to Xcode 26.2 (Swift 6.2.3) which is
incompatible with Capacitor 7. Capacitor 8 is required for Xcode 26
support. Switch to macos-15 as an interim fix until Capacitor 8
migration is completed.
https://claude.ai/code/session_01A9RKZFkpVxqWXTdoyH5sZA
Co-authored-by: Claude <noreply@anthropic.com>
The code-review plugin couldn't post reviews because Claude Code's
internal permission system blocked all Bash commands. Add claude_args
with --allowedTools to explicitly permit the gh and git commands the
plugin needs at runtime.