diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml index d5003ecdd..2fd8d1a7d 100644 --- a/.github/actions/build-electron/action.yml +++ b/.github/actions/build-electron/action.yml @@ -18,143 +18,152 @@ inputs: runs: using: composite steps: - # Certificate setup - - name: Import Apple certificates - if: inputs.os == 'macos' - uses: apple-actions/import-codesign-certs@v3 - with: - p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} - p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} - keychain: build - keychain-password: ${{ github.run_id }} + # Certificate setup + - name: Import Apple certificates + if: inputs.os == 'macos' + uses: apple-actions/import-codesign-certs@v3 + with: + p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} + p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} + keychain: build-app-${{ github.run_id }} + keychain-password: ${{ github.run_id }} - - name: Install Installer certificate - if: inputs.os == 'macos' - uses: apple-actions/import-codesign-certs@v3 - with: - p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} - p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} - keychain: build - keychain-password: ${{ github.run_id }} - # We don't need to create a keychain here because we're using the build keychain that was created in the previous step - create-keychain: false + - name: Install Installer certificate + if: inputs.os == 'macos' + uses: apple-actions/import-codesign-certs@v3 + with: + p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} + p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} + keychain: build-installer-${{ github.run_id }} + keychain-password: ${{ github.run_id }} - - name: Verify certificates - if: inputs.os == 'macos' - shell: ${{ inputs.shell }} - run: | - echo "Available signing identities:" - security find-identity -v -p codesigning build.keychain + - name: Verify certificates + if: inputs.os == 'macos' + shell: ${{ inputs.shell }} + run: | + echo "Available signing identities in app keychain:" + security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain - - name: Set up Python and other macOS dependencies - if: ${{ inputs.os == 'macos' }} - shell: ${{ inputs.shell }} - run: | - brew install python-setuptools - brew install create-dmg + echo "Available signing identities in installer keychain:" + security find-identity -v -p codesigning build-installer-${{ github.run_id }}.keychain - - name: Install dependencies for RPM and Flatpak package building - if: ${{ inputs.os == 'linux' }} - shell: ${{ inputs.shell }} - run: | - sudo apt-get update && sudo apt-get install rpm flatpak-builder elfutils - flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - FLATPAK_ARCH=$(if [[ ${{ inputs.arch }} = 'arm64' ]]; then echo 'aarch64'; else echo 'x86_64'; fi) - FLATPAK_VERSION='24.08' - flatpak install --user --no-deps --arch $FLATPAK_ARCH --assumeyes runtime/org.freedesktop.Platform/$FLATPAK_ARCH/$FLATPAK_VERSION runtime/org.freedesktop.Sdk/$FLATPAK_ARCH/$FLATPAK_VERSION org.electronjs.Electron2.BaseApp/$FLATPAK_ARCH/$FLATPAK_VERSION + # Make the keychains searchable + security list-keychains -d user -s build-app-${{ github.run_id }}.keychain build-installer-${{ github.run_id }}.keychain $(security list-keychains -d user | tr -d '"') + security default-keychain -s build-app-${{ github.run_id }}.keychain + security unlock-keychain -p ${{ github.run_id }} build-app-${{ github.run_id }}.keychain + security unlock-keychain -p ${{ github.run_id }} build-installer-${{ github.run_id }}.keychain + security set-keychain-settings -t 3600 -l build-app-${{ github.run_id }}.keychain + security set-keychain-settings -t 3600 -l build-installer-${{ github.run_id }}.keychain - # Build setup - - name: Install dependencies - shell: ${{ inputs.shell }} - run: npm ci + - name: Set up Python and other macOS dependencies + if: ${{ inputs.os == 'macos' }} + shell: ${{ inputs.shell }} + run: | + brew install python-setuptools + brew install create-dmg - - name: Update build info - shell: ${{ inputs.shell }} - run: npm run chore:update-build-info + - name: Install dependencies for RPM and Flatpak package building + if: ${{ inputs.os == 'linux' }} + shell: ${{ inputs.shell }} + run: | + sudo apt-get update && sudo apt-get install rpm flatpak-builder elfutils + flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo + FLATPAK_ARCH=$(if [[ ${{ inputs.arch }} = 'arm64' ]]; then echo 'aarch64'; else echo 'x86_64'; fi) + FLATPAK_VERSION='24.08' + flatpak install --user --no-deps --arch $FLATPAK_ARCH --assumeyes runtime/org.freedesktop.Platform/$FLATPAK_ARCH/$FLATPAK_VERSION runtime/org.freedesktop.Sdk/$FLATPAK_ARCH/$FLATPAK_VERSION org.electronjs.Electron2.BaseApp/$FLATPAK_ARCH/$FLATPAK_VERSION - # Critical debugging configuration - - name: Run electron-forge build with enhanced logging - shell: ${{ inputs.shell }} - env: - # Pass through required environment variables for signing and notarization - APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} - APPLE_ID: ${{ env.APPLE_ID }} - APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }} - WINDOWS_SIGN_EXECUTABLE: ${{ env.WINDOWS_SIGN_EXECUTABLE }} - TRILIUM_ARTIFACT_NAME_HINT: TriliumNextNotes-${{ github.ref_name }}-${{ inputs.os }}-${{ inputs.arch }} - run: npm run electron-forge:make -- --arch=${{ inputs.arch }} --platform=${{ inputs.forge_platform }} + # Build setup + - name: Install dependencies + shell: ${{ inputs.shell }} + run: npm ci - # Add DMG signing step - - name: Sign DMG - if: inputs.os == 'macos' - shell: ${{ inputs.shell }} - run: | - echo "Signing DMG file..." - dmg_file=$(find ./dist -name "*.dmg" -print -quit) - if [ -n "$dmg_file" ]; then - echo "Found DMG: $dmg_file" - # Get the first valid signing identity from the keychain - SIGNING_IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') - if [ -z "$SIGNING_IDENTITY" ]; then - echo "Error: No valid Developer ID Application certificate found in keychain" - exit 1 + - name: Update build info + shell: ${{ inputs.shell }} + run: npm run chore:update-build-info + + # Critical debugging configuration + - name: Run electron-forge build with enhanced logging + shell: ${{ inputs.shell }} + env: + # Pass through required environment variables for signing and notarization + APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} + APPLE_ID: ${{ env.APPLE_ID }} + APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }} + WINDOWS_SIGN_EXECUTABLE: ${{ env.WINDOWS_SIGN_EXECUTABLE }} + TRILIUM_ARTIFACT_NAME_HINT: TriliumNextNotes-${{ github.ref_name }}-${{ inputs.os }}-${{ inputs.arch }} + run: npm run electron-forge:make -- --arch=${{ inputs.arch }} --platform=${{ inputs.forge_platform }} + + # Add DMG signing step + - name: Sign DMG + if: inputs.os == 'macos' + shell: ${{ inputs.shell }} + run: | + echo "Signing DMG file..." + dmg_file=$(find ./dist -name "*.dmg" -print -quit) + if [ -n "$dmg_file" ]; then + echo "Found DMG: $dmg_file" + # Get the first valid signing identity from the keychain + SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') + if [ -z "$SIGNING_IDENTITY" ]; then + echo "Error: No valid Developer ID Application certificate found in keychain" + exit 1 + fi + echo "Using signing identity: $SIGNING_IDENTITY" + # Sign the DMG + codesign --force --sign "$SIGNING_IDENTITY" --options runtime --timestamp "$dmg_file" + # Notarize the DMG + xcrun notarytool submit "$dmg_file" --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait + # Staple the notarization ticket + xcrun stapler staple "$dmg_file" + else + echo "No DMG found to sign" fi - echo "Using signing identity: $SIGNING_IDENTITY" - # Sign the DMG - codesign --force --sign "$SIGNING_IDENTITY" --options runtime --timestamp "$dmg_file" - # Notarize the DMG - xcrun notarytool submit "$dmg_file" --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait - # Staple the notarization ticket - xcrun stapler staple "$dmg_file" - else - echo "No DMG found to sign" - fi - - name: Verify code signing - if: inputs.os == 'macos' - shell: ${{ inputs.shell }} - run: | - echo "Verifying code signing for all artifacts..." + - name: Verify code signing + if: inputs.os == 'macos' + shell: ${{ inputs.shell }} + run: | + echo "Verifying code signing for all artifacts..." - # First check the .app bundle - echo "Looking for .app bundle..." - app_bundle=$(find ./dist -name "*.app" -print -quit) - if [ -n "$app_bundle" ]; then - echo "Found app bundle: $app_bundle" - echo "Verifying app bundle signing..." - codesign --verify --deep --strict --verbose=2 "$app_bundle" - echo "Displaying app bundle signing info..." - codesign --display --verbose=2 "$app_bundle" + # First check the .app bundle + echo "Looking for .app bundle..." + app_bundle=$(find ./dist -name "*.app" -print -quit) + if [ -n "$app_bundle" ]; then + echo "Found app bundle: $app_bundle" + echo "Verifying app bundle signing..." + codesign --verify --deep --strict --verbose=2 "$app_bundle" + echo "Displaying app bundle signing info..." + codesign --display --verbose=2 "$app_bundle" - echo "Checking entitlements..." - codesign --display --entitlements :- "$app_bundle" + echo "Checking entitlements..." + codesign --display --entitlements :- "$app_bundle" - echo "Checking notarization status..." - xcrun stapler validate "$app_bundle" || echo "Warning: App bundle not notarized yet" - else - echo "No .app bundle found to verify" - fi + echo "Checking notarization status..." + xcrun stapler validate "$app_bundle" || echo "Warning: App bundle not notarized yet" + else + echo "No .app bundle found to verify" + fi - # Then check DMG if it exists - echo "Looking for DMG..." - dmg_file=$(find ./dist -name "*.dmg" -print -quit) - if [ -n "$dmg_file" ]; then - echo "Found DMG: $dmg_file" - echo "Verifying DMG signing..." - codesign --verify --deep --strict --verbose=2 "$dmg_file" - echo "Displaying DMG signing info..." - codesign --display --verbose=2 "$dmg_file" + # Then check DMG if it exists + echo "Looking for DMG..." + dmg_file=$(find ./dist -name "*.dmg" -print -quit) + if [ -n "$dmg_file" ]; then + echo "Found DMG: $dmg_file" + echo "Verifying DMG signing..." + codesign --verify --deep --strict --verbose=2 "$dmg_file" + echo "Displaying DMG signing info..." + codesign --display --verbose=2 "$dmg_file" - echo "Checking DMG notarization..." - xcrun stapler validate "$dmg_file" || echo "Warning: DMG not notarized yet" - else - echo "No DMG found to verify" - fi + echo "Checking DMG notarization..." + xcrun stapler validate "$dmg_file" || echo "Warning: DMG not notarized yet" + else + echo "No DMG found to verify" + fi - # Finally check ZIP if it exists - echo "Looking for ZIP..." - zip_file=$(find ./dist -name "*.zip" -print -quit) - if [ -n "$zip_file" ]; then - echo "Found ZIP: $zip_file" - echo "Note: ZIP files are not code signed, but their contents should be" - fi + # Finally check ZIP if it exists + echo "Looking for ZIP..." + zip_file=$(find ./dist -name "*.zip" -print -quit) + if [ -n "$zip_file" ]; then + echo "Found ZIP: $zip_file" + echo "Note: ZIP files are not code signed, but their contents should be" + fi diff --git a/.github/workflows_old/codeql-analysis.yml b/.github/workflows_old/codeql-analysis.yml deleted file mode 100644 index 1b48f2f10..000000000 --- a/.github/workflows_old/codeql-analysis.yml +++ /dev/null @@ -1,71 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '37 4 * * 1' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'javascript' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows_old/docker.yaml b/.github/workflows_old/docker.yaml deleted file mode 100644 index 39adce00a..000000000 --- a/.github/workflows_old/docker.yaml +++ /dev/null @@ -1,53 +0,0 @@ -name: Publish Docker image -on: - push: - tags: [v*] -jobs: - push_to_registries: - name: Push Docker image to multiple registries - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - name: Docker meta - id: meta - uses: docker/metadata-action@v3 - with: - images: | - zadam/trilium - ghcr.io/zadam/trilium - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}}-latest - type=match,pattern=(\d+.\d+).\d+\-beta,enable=${{ endsWith(github.ref, 'beta') }},group=1,suffix=-latest - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - with: - install: true - - name: Log in to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Create server-package.json - run: cat package.json | grep -v electron > server-package.json - - name: Build and Push - uses: docker/build-push-action@v2.7.0 - with: - context: . - platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 - push: true - cache-from: type=registry,ref=zadam/trilium:buildcache - cache-to: type=registry,ref=zadam/trilium:buildcache,mode=max - tags: ${{ steps.meta.outputs.tags }} diff --git a/src/public/stylesheets/style.css b/src/public/stylesheets/style.css index 41239294f..11f446e56 100644 --- a/src/public/stylesheets/style.css +++ b/src/public/stylesheets/style.css @@ -1992,7 +1992,12 @@ footer.file-footer button { background: var(--card-background-color); border-radius: 0.5em; padding: 1em; + margin: 1.25em 0; + position: relative; + padding-left: 2.5em; + overflow: hidden; } + .admonition p:last-child { margin-bottom: 0; } @@ -2011,11 +2016,11 @@ footer.file-footer button { .admonition.caution { --accent-color: #ff2e2e; } .admonition.warning { --accent-color: #e2aa03; } -.ck-content .admonition.note::before { content: "\eb21"; } -.ck-content .admonition.tip::before { content: "\ea0d"; } -.ck-content .admonition.important::before { content: "\ea7c"; } -.ck-content .admonition.caution::before { content: "\eac7"; } -.ck-content .admonition.warning::before { content: "\eac5"; } +.admonition.note::before { content: "\eb21"; } +.admonition.tip::before { content: "\ea0d"; } +.admonition.important::before { content: "\ea7c"; } +.admonition.caution::before { content: "\eac7"; } +.admonition.warning::before { content: "\eac5"; } .chat-options-container { display: flex; @@ -2066,11 +2071,6 @@ footer.file-footer button { border-left: 2px solid #e2aa03; font-weight: bold; } -.admonition.note::before { content: "\eb21"; } -.admonition.tip::before { content: "\ea0d"; } -.admonition.important::before { content: "\ea7c"; } -.admonition.caution::before { content: "\eac7"; } -.admonition.warning::before { content: "\eac5"; } /* * In-content floating buttons diff --git a/src/routes/api/options.ts b/src/routes/api/options.ts index 60cfc9bb7..c7e48c432 100644 --- a/src/routes/api/options.ts +++ b/src/routes/api/options.ts @@ -82,6 +82,7 @@ const ALLOWED_OPTIONS = new Set([ "allowedHtmlTags", "redirectBareDomain", "showLoginInShareTheme", + "splitEditorOrientation", // AI/LLM integration options "aiEnabled", diff --git a/src/services/auth.ts b/src/services/auth.ts index d1d951fc0..3c9c9c8e6 100644 --- a/src/services/auth.ts +++ b/src/services/auth.ts @@ -15,7 +15,7 @@ const noAuthentication = config.General && config.General.noAuthentication === t function checkAuth(req: Request, res: Response, next: NextFunction) { if (!sqlInit.isDbInitialized()) { - res.redirect('setup'); + return res.redirect('setup'); } const currentTotpStatus = totp.isTotpEnabled();