super-productivity/.github/workflows
Johannes Millan 63253f8e0c
fix(sync): never transmit plaintext operations for E2EE-mandatory providers (#8670)
* fix(sync): never upload plaintext ops for E2EE-mandatory providers

SuperSync's first-time setup ran an initial sync (dialog-sync-cfg save ->
sync(true)) BEFORE the user chose an encryption password, so all local ops
(incl. issue-provider credentials) were uploaded to the server in cleartext.
Completing setup deleted them; aborting left them stored indefinitely, breaking
the E2EE promise (GHSA-9v8x-68pf-p5x7).

Add an optional `isEncryptionMandatory` capability to OperationSyncCapable
(true for SuperSync) and refuse to upload in the op-log upload path while no
usable key is configured. Downloads still run (merge-first) and the encryption-
enable flow performs the first, encrypted upload, so the setup flow and prompt
are unchanged. File-based providers, where unencrypted sync is a legitimate
user choice, leave the flag unset.

* fix(sync): fail closed on plaintext snapshot for E2EE-mandatory providers

Multi-review hardening for GHSA-9v8x-68pf-p5x7. The op-upload guard closes the
reported leak, but SnapshotUploadService.deleteAndReuploadWithNewEncryption could
still push a plaintext snapshot for SuperSync on two adjacent paths: the (today
UI-unreachable) disable-encryption flow, and a keyless import declaring
isEncryptionEnabled:true. Reject an unencrypted snapshot for an encryption-
mandatory provider before any destructive deleteAllData, so the "never transmit
plaintext" invariant holds regardless of caller.

Also lower the mandatory-encryption upload-skip log from warn to normal: it is an
expected by-design skip during the pre-encryption setup window and would
otherwise fire on every auto-sync cycle.

* fix(sync): consolidate op-log into the encryption-enable snapshot

Follow-up to the GHSA-9v8x-68pf-p5x7 upload guard. With the guard, first-time
SuperSync setup leaves the whole local history unsynced until encryption is
enabled; the enable-snapshot then represents that full state, but the ops were
re-uploaded incrementally on top of it on the next sync (redundant server op-log
bloat, and previously untested at whole-history volume).

deleteAndReuploadWithNewEncryption now captures the pending ops the snapshot
subsumes (before the destructive delete, under runWithSyncBlocked + a modal
dialog so the set is stable) and marks them synced after a successful upload —
mirroring planRegularOpsAfterFullStateUpload in the op-log upload path, which
this direct snapshot upload bypasses. Also fixes the same latent redundancy in
the enable-from-settings-with-pending-ops flow.

Adds a multi-client e2e: local task history exists before first-time encrypted
setup, then a second client with the same password receives exactly those tasks
with no duplicates, conflicts, or errors.

* ci(e2e): add optional grep input to manual SuperSync e2e dispatch

* fix(sync): capture subsumed ops before state snapshot to prevent mark-synced data loss

deleteAndReuploadWithNewEncryption captured getUnsynced() AFTER the full-state
snapshot, so an op created in that window was marked synced yet absent from the
snapshot — silently lost. Capture the unsynced set first: every marked-synced op
is then guaranteed present in the snapshot, and a concurrent op arriving after
the capture is left unsynced and re-uploaded next sync (idempotent by op id).

* test(sync): mock WebCrypto so mandatory-encryption guard test reaches the guard

The 'enabling without a usable key' case passed isEncryptionEnabled: true but did
not mock WebCrypto, so the availability check threw WebCryptoNotAvailableError in
non-secure CI before the /unencrypted snapshot/ guard under test.
2026-07-01 17:56:39 +02:00
..
auto-publish-google-play-on-release.yml ci(android): enable manual Google Play promotion without a GitHub release 2026-06-25 16:10:33 +02:00
build-android.yml chore(deps)(deps): bump the github-actions-minor group with 3 updates (#8622) 2026-06-29 12:46:38 +02:00
build-create-windows-store-on-release.yml chore(deps)(deps): bump actions/cache from 5.0.5 to 6.1.0 (#8623) 2026-06-29 12:45:07 +02:00
build-ios.yml chore(deps)(deps): bump the github-actions-minor group with 3 updates (#8622) 2026-06-29 12:46:38 +02:00
build-publish-to-aur-on-release.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
build-publish-to-mac-store-on-release.yml chore(deps)(deps): bump the github-actions-minor group with 3 updates (#8622) 2026-06-29 12:46:38 +02:00
build-publish-to-snap-on-release.yml - ci(release): fix linux snap publishing race 2026-05-16 20:38:43 +02:00
build-update-web-app-on-release.yml chore(deps)(deps): bump actions/cache from 5.0.5 to 6.1.0 (#8623) 2026-06-29 12:45:07 +02:00
build.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
ci.yml chore(deps)(deps): bump actions/cache from 5.0.5 to 6.1.0 (#8623) 2026-06-29 12:45:07 +02:00
claude.yml chore(deps)(deps): bump the github-actions-minor group with 3 updates (#8622) 2026-06-29 12:46:38 +02:00
codeql-analysis.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
e2e-scheduled.yml fix(sync): never transmit plaintext operations for E2EE-mandatory providers (#8670) 2026-07-01 17:56:39 +02:00
electron-smoke.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
issue-open-auto-reply.yml fix(ci): add issues write permission to autoresponse workflow 2026-01-06 13:17:15 +01:00
manual-build.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
plugin-tests.yml chore(deps)(deps): bump actions/cache from 5.0.5 to 6.1.0 (#8623) 2026-06-29 12:45:07 +02:00
pr-preview-build.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
pr-preview-deploy.yml ci(pr-preview): add testing call-to-action to preview comment 2026-06-12 12:57:00 +02:00
publish-to-hub-docker.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
stale-discussions.yml chore: limit "resolved" actions to correct categories (#7679) 2026-05-19 15:55:29 +02:00
stale.yml chore(deps)(deps): bump the github-actions-minor group with 8 updates (#7778) 2026-05-26 14:43:25 +02:00
supersync-docker.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
supersync-server-tests.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
test-mac-dmg-build.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00
welcome-first-time-contributors.yml fix(ci): replace buggy first-interaction action with custom first-time check 2026-02-13 14:06:43 +01:00
wiki-sync.yml chore(deps)(deps): bump actions/checkout from 5 to 7 (#8536) 2026-06-22 12:18:31 +02:00