diff --git a/.github/workflows/crowdin.yml b/.github/workflows/crowdin.yml index bce21dd66..3ef37d5f4 100644 --- a/.github/workflows/crowdin.yml +++ b/.github/workflows/crowdin.yml @@ -10,16 +10,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: push source files - uses: crowdin/github-action@v2 + uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2 with: command: 'push' env: CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }} CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }} - name: pull translations - uses: crowdin/github-action@v2 + uses: crowdin/github-action@b8012bd5491b8aa8578b73ab5b5f5e7c94aaa6e2 # v2 with: command: 'download' command_args: '--export-only-approved --skip-untranslated-strings' @@ -27,9 +27,9 @@ jobs: CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }} CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: - node-version: '22' + node-version: '22.14.0' - name: Ensure file permissions run: | find pkg/i18n/lang frontend/src/i18n/lang -type f -name "*.json" -exec sudo chmod 666 {} \; diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b01fdfa71..e294a6605 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,18 +11,18 @@ jobs: id: ghd uses: proudust/gh-describe@v2 - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Docker meta version if: ${{ github.ref_type == 'tag' }} id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: images: | vikunja/vikunja @@ -33,7 +33,7 @@ jobs: type=raw,value=latest - name: Build and push unstable if: ${{ github.ref_type != 'tag' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 with: platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8 push: true @@ -42,7 +42,7 @@ jobs: RELEASE_VERSION=${{ steps.ghd.outputs.describe }} - name: Build and push version if: ${{ github.ref_type == 'tag' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 with: platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8 push: true @@ -54,14 +54,14 @@ jobs: frontend: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 name: Install pnpm with: run_install: false package_json_file: frontend/package.json - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 22 cache: 'pnpm' @@ -72,7 +72,7 @@ jobs: pnpm install pnpm build - name: Store frontend dist - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: frontend_dist path: ./frontend/dist/**/* @@ -82,19 +82,19 @@ jobs: needs: - frontend steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Git describe id: ghd uses: proudust/gh-describe@v2 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version: stable - name: Download Mage Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: mage_bin - name: get frontend - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: frontend_dist path: frontend/dist @@ -125,7 +125,7 @@ jobs: gpg -v --default-key 7D061A4AA61436B40713D42EFF054DACD908493A -b --batch --yes --passphrase "${{ secrets.RELEASE_GPG_PASSPHRASE }}" --pinentry-mode loopback --sign "$file" done - name: Upload - uses: kolaente/s3-action@v1.0.1 + uses: kolaente/s3-action@c6d17331cd9f6a3cbcfd96b8ade6fbfc502a79e9 # v1.0.1 with: s3-access-key-id: ${{ secrets.HETZNER_S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.HETZNER_S3_SECRET_KEY }} @@ -136,7 +136,7 @@ jobs: files: 'dist/zip/*' strip-path-prefix: dist/zip/ - name: Store Binaries - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: vikunja_bins path: ./dist/binaries/* @@ -154,9 +154,9 @@ jobs: - archlinux steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download Vikunja Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: vikunja_bins pattern: vikunja-*-linux-amd64 @@ -164,7 +164,7 @@ jobs: id: ghd uses: proudust/gh-describe@v2 - name: Download Mage Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: mage_bin - name: Prepare @@ -184,7 +184,7 @@ jobs: target: ./dist/os-packages/vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-x86_64.${{ matrix.package }} config: ./nfpm.yaml - name: Upload - uses: kolaente/s3-action@v1.0.1 + uses: kolaente/s3-action@c6d17331cd9f6a3cbcfd96b8ade6fbfc502a79e9 # v1.0.1 with: s3-access-key-id: ${{ secrets.HETZNER_S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.HETZNER_S3_SECRET_KEY }} @@ -198,12 +198,12 @@ jobs: config-yaml: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Git describe id: ghd uses: proudust/gh-describe@v2 - name: Download Mage Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: mage_bin - name: generate @@ -211,7 +211,7 @@ jobs: chmod +x ./mage-static ./mage-static generate:config-yaml 1 - name: Upload to S3 - uses: kolaente/s3-action@v1.0.1 + uses: kolaente/s3-action@c6d17331cd9f6a3cbcfd96b8ade6fbfc502a79e9 # v1.0.1 with: s3-access-key-id: ${{ secrets.HETZNER_S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.HETZNER_S3_SECRET_KEY }} @@ -233,16 +233,16 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Git describe id: ghd uses: proudust/gh-describe@v2 - name: Install pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 with: package_json_file: desktop/package.json - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 22 cache: pnpm @@ -251,7 +251,7 @@ jobs: if: ${{ runner.os == 'Linux' }} run: sudo apt-get install --no-install-recommends -y libopenjp2-tools rpm libarchive-tools - name: get frontend - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: frontend_dist path: frontend/dist @@ -261,7 +261,7 @@ jobs: pnpm install --fetch-timeout 100000 node build.js "${{ steps.ghd.outputs.describe }}" ${{ github.ref_type == 'tag' }} - name: Upload to S3 - uses: kolaente/s3-action@v1.0.1 + uses: kolaente/s3-action@c6d17331cd9f6a3cbcfd96b8ade6fbfc502a79e9 # v1.0.1 with: s3-access-key-id: ${{ secrets.HETZNER_S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.HETZNER_S3_SECRET_KEY }} @@ -278,13 +278,13 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download Mage Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: mage_bin - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version: stable - name: generate diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 18a8d15ee..352aa5d61 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,26 +8,26 @@ jobs: runs-on: ubuntu-latest name: prepare-mage steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version: stable - name: Cache Mage id: cache-mage - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 with: key: ${{ runner.os }}-build-mage-${{ hashFiles('magefile.go') }} path: | ./mage-static - name: Compile Mage if: ${{ steps.cache-mage.outputs.cache-hit != 'true' }} - uses: magefile/mage-action@v3 + uses: magefile/mage-action@6f50bbb8ea47d56e62dee92392788acbc8192d0b # v3 with: version: latest args: -compile ./mage-static - name: Store Mage Binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: mage_bin path: ./mage-static @@ -36,16 +36,16 @@ jobs: runs-on: ubuntu-latest needs: mage steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download Mage Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: mage_bin - name: Git describe id: ghd uses: proudust/gh-describe@v2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version: stable - name: Build @@ -57,7 +57,7 @@ jobs: chmod +x ./mage-static ./mage-static build - name: Store Vikunja Binary - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: vikunja_bin path: ./vikunja @@ -65,8 +65,8 @@ jobs: api-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: go-version: stable - name: prepare frontend files @@ -74,7 +74,7 @@ jobs: mkdir -p frontend/dist touch frontend/dist/index.html - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6 with: version: v1.64.5 @@ -82,9 +82,9 @@ jobs: runs-on: ubuntu-latest needs: mage steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download Mage Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: mage_bin - name: Check @@ -104,14 +104,14 @@ jobs: - mysql services: migration-smoke-db-mysql: - image: mariadb:11 + image: mariadb:11@sha256:310d29fbb58169dcddb384b0ff138edb081e2773d6e2eceb976b3668089f2f84 env: MYSQL_ROOT_PASSWORD: vikunjatest MYSQL_DATABASE: vikunjatest ports: - 3306:3306 migration-smoke-db-postgres: - image: postgres:16 + image: postgres:16@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e env: POSTGRES_PASSWORD: vikunjatest POSTGRES_DB: vikunjatest @@ -123,7 +123,7 @@ jobs: wget https://dl.vikunja.io/api/unstable/vikunja-unstable-linux-amd64-full.zip -q -O vikunja-latest.zip unzip vikunja-latest.zip vikunja-unstable-linux-amd64 - name: Download Vikunja Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: vikunja_bin - name: run migration @@ -158,27 +158,27 @@ jobs: - integration services: db-mysql: - image: mariadb:11 + image: mariadb:11@sha256:310d29fbb58169dcddb384b0ff138edb081e2773d6e2eceb976b3668089f2f84 env: MYSQL_ROOT_PASSWORD: vikunjatest MYSQL_DATABASE: vikunjatest ports: - 3306:3306 db-postgres: - image: postgres:16 + image: postgres:16@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e env: POSTGRES_PASSWORD: vikunjatest POSTGRES_DB: vikunjatest ports: - 5432:5432 test-ldap: - image: gitea/test-openldap + image: gitea/test-openldap@sha256:b66527e298d6062d5289dc411d1b8da1c593f8140a3d1f863e8d9d021234122f ports: - 389:389 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Download Mage Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: mage_bin - name: test @@ -205,14 +205,14 @@ jobs: frontend-dependencies: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 name: Install pnpm with: run_install: false package_json_file: frontend/package.json - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 22 cache: 'pnpm' @@ -227,14 +227,14 @@ jobs: needs: - frontend-dependencies steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 name: Install pnpm with: run_install: false package_json_file: frontend/package.json - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 22 cache: 'pnpm' @@ -250,14 +250,14 @@ jobs: needs: - frontend-dependencies steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 name: Install pnpm with: run_install: false package_json_file: frontend/package.json - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 22 cache: 'pnpm' @@ -274,14 +274,14 @@ jobs: needs: - frontend-dependencies steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 name: Install pnpm with: run_install: false package_json_file: frontend/package.json - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 22 cache: 'pnpm' @@ -298,20 +298,20 @@ jobs: - frontend-dependencies - api-build steps: - - uses: actions/checkout@v4 - - uses: pnpm/action-setup@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 name: Install pnpm with: run_install: false package_json_file: frontend/package.json - name: Install Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 with: node-version: 22 cache: 'pnpm' cache-dependency-path: frontend/pnpm-lock.yaml - name: Download Vikunja Binary - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4 with: name: vikunja_bin - name: Build frontend for test diff --git a/Dockerfile b/Dockerfile index 8d60d2821..efde6ebf0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -# syntax=docker/dockerfile:1 +# syntax=docker/dockerfile:1@sha256:4c68376a702446fc3c79af22de146a148bc3367e73c25a5803d453b6b3f722fb FROM --platform=$BUILDPLATFORM node:22.14.0-alpine@sha256:9bef0ef1e268f60627da9ba7d7605e8831d5b56ad07487d24d1aa386336d1944 AS frontendbuilder WORKDIR /build @@ -13,7 +13,7 @@ RUN npm install -g corepack && corepack enable && \ pnpm install && \ pnpm run build -FROM --platform=$BUILDPLATFORM ghcr.io/techknowlogick/xgo:go-1.23.x AS apibuilder +FROM --platform=$BUILDPLATFORM ghcr.io/techknowlogick/xgo:go-1.23.x@sha256:87fcbe33bc233b4baa5e6dcfd39b4d475020f7d21cb06fab609d83493e0abb12 AS apibuilder RUN go install github.com/magefile/mage@latest && \ mv /go/bin/mage /usr/local/go/bin diff --git a/frontend/cypress/docker-compose.yml b/frontend/cypress/docker-compose.yml index 7a06106fd..2e56a63c4 100644 --- a/frontend/cypress/docker-compose.yml +++ b/frontend/cypress/docker-compose.yml @@ -2,14 +2,14 @@ version: '3' services: api: - image: vikunja/api:unstable + image: vikunja/api:unstable@sha256:61b77af0f0ed5b0e4c3ee693a79926d8633712ddb245f8212ba5e5321485d330 environment: VIKUNJA_LOG_LEVEL: DEBUG VIKUNJA_SERVICE_TESTINGTOKEN: averyLongSecretToSe33dtheDB ports: - 3456:3456 cypress: - image: cypress/browsers:node18.12.0-chrome107 + image: cypress/browsers:node18.12.0-chrome107@sha256:bfdbf9b64fdaad364f6e76e3c2a75fbce7c8018644d71e41ef43bba0ae8f4e38 volumes: - ..:/project - $HOME/.cache:/home/node/.cache/ diff --git a/frontend/package.json b/frontend/package.json index 44f3ea63d..25ca5a6c4 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -93,7 +93,7 @@ "is-touch-device": "1.0.1", "klona": "2.0.6", "lowlight": "3.3.0", - "marked": "^15.0.6", + "marked": "15.0.6", "pinia": "2.3.1", "register-service-worker": "1.7.2", "sortablejs": "1.15.6", diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml index 226f1c281..6917eb14e 100644 --- a/frontend/pnpm-lock.yaml +++ b/frontend/pnpm-lock.yaml @@ -149,7 +149,7 @@ importers: specifier: 3.3.0 version: 3.3.0 marked: - specifier: ^15.0.6 + specifier: 15.0.6 version: 15.0.6 pinia: specifier: 2.3.1