From 38f33d8573dc6885e69a001507efd363860b41dd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 02:59:09 +0000 Subject: [PATCH 1/7] chore(deps): update apple-actions/import-codesign-certs action to v5 --- .github/actions/build-electron/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml index 51b022bed..0b8d3ac4e 100644 --- a/.github/actions/build-electron/action.yml +++ b/.github/actions/build-electron/action.yml @@ -18,7 +18,7 @@ runs: # Certificate setup - name: Import Apple certificates if: inputs.os == 'macos' - uses: apple-actions/import-codesign-certs@v3 + uses: apple-actions/import-codesign-certs@v5 with: p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} @@ -27,7 +27,7 @@ runs: - name: Install Installer certificate if: inputs.os == 'macos' - uses: apple-actions/import-codesign-certs@v3 + uses: apple-actions/import-codesign-certs@v5 with: p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} From 18e6527191104d7fefb279f8edd23c8ac98e13af Mon Sep 17 00:00:00 2001 From: perf3ct Date: Thu, 17 Apr 2025 20:39:42 +0000 Subject: [PATCH 2/7] fix(deps): attempt to resolve issue created due to https://github.com/Apple-Actions/import-codesign-certs/issues/71 --- .github/actions/build-electron/action.yml | 24 ++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml index a2f070600..5ca07d519 100644 --- a/.github/actions/build-electron/action.yml +++ b/.github/actions/build-electron/action.yml @@ -25,7 +25,7 @@ runs: with: p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} - keychain: build + keychain: build-app keychain-password: ${{ github.run_id }} - name: Install Installer certificate @@ -34,17 +34,19 @@ runs: with: p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} - keychain: build + keychain: build-installer keychain-password: ${{ github.run_id }} - # We don't need to create a keychain here because we're using the build keychain that was created in the previous step - create-keychain: false + # We need to create a separate keychain for the installer certificate + create-keychain: true - name: Verify certificates if: inputs.os == 'macos' shell: ${{ inputs.shell }} run: | - echo "Available signing identities:" - security find-identity -v -p codesigning build.keychain + echo "Available signing identities in build-app keychain:" + security find-identity -v -p codesigning build-app.keychain + echo "Available signing identities in build-installer keychain:" + security find-identity -v -p codesigning build-installer.keychain - name: Set up Python and other macOS dependencies if: ${{ inputs.os == 'macos' }} @@ -96,10 +98,14 @@ runs: dmg_file=$(find ./dist -name "*.dmg" -print -quit) if [ -n "$dmg_file" ]; then echo "Found DMG: $dmg_file" - # Get the first valid signing identity from the keychain - SIGNING_IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') + # Try to get a signing identity from both keychains + SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-app.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') if [ -z "$SIGNING_IDENTITY" ]; then - echo "Error: No valid Developer ID Application certificate found in keychain" + echo "No valid Developer ID Application certificate found in build-app keychain, trying build-installer keychain" + SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-installer.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') + fi + if [ -z "$SIGNING_IDENTITY" ]; then + echo "Error: No valid Developer ID Application certificate found in any keychain" exit 1 fi echo "Using signing identity: $SIGNING_IDENTITY" From bbe697cc3e9b966580fa4407bb990bb74a6345f6 Mon Sep 17 00:00:00 2001 From: perf3ct Date: Thu, 17 Apr 2025 21:07:22 +0000 Subject: [PATCH 3/7] fix(deps): macos signing is so complicated, had to fix making keychains searchable for v5 --- .github/actions/build-electron/action.yml | 47 ++++++++++------------- 1 file changed, 20 insertions(+), 27 deletions(-) diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml index 7878db865..2fd8d1a7d 100644 --- a/.github/actions/build-electron/action.yml +++ b/.github/actions/build-electron/action.yml @@ -21,32 +21,39 @@ runs: # Certificate setup - name: Import Apple certificates if: inputs.os == 'macos' - uses: apple-actions/import-codesign-certs@v5 + uses: apple-actions/import-codesign-certs@v3 with: p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} - keychain: build-app + keychain: build-app-${{ github.run_id }} keychain-password: ${{ github.run_id }} - name: Install Installer certificate if: inputs.os == 'macos' - uses: apple-actions/import-codesign-certs@v5 + uses: apple-actions/import-codesign-certs@v3 with: p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} - keychain: build-installer + keychain: build-installer-${{ github.run_id }} keychain-password: ${{ github.run_id }} - # We need to create a separate keychain for the installer certificate - create-keychain: true - name: Verify certificates if: inputs.os == 'macos' shell: ${{ inputs.shell }} run: | - echo "Available signing identities in build-app keychain:" - security find-identity -v -p codesigning build-app.keychain - echo "Available signing identities in build-installer keychain:" - security find-identity -v -p codesigning build-installer.keychain + echo "Available signing identities in app keychain:" + security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain + + echo "Available signing identities in installer keychain:" + security find-identity -v -p codesigning build-installer-${{ github.run_id }}.keychain + + # Make the keychains searchable + security list-keychains -d user -s build-app-${{ github.run_id }}.keychain build-installer-${{ github.run_id }}.keychain $(security list-keychains -d user | tr -d '"') + security default-keychain -s build-app-${{ github.run_id }}.keychain + security unlock-keychain -p ${{ github.run_id }} build-app-${{ github.run_id }}.keychain + security unlock-keychain -p ${{ github.run_id }} build-installer-${{ github.run_id }}.keychain + security set-keychain-settings -t 3600 -l build-app-${{ github.run_id }}.keychain + security set-keychain-settings -t 3600 -l build-installer-${{ github.run_id }}.keychain - name: Set up Python and other macOS dependencies if: ${{ inputs.os == 'macos' }} @@ -95,14 +102,10 @@ runs: dmg_file=$(find ./dist -name "*.dmg" -print -quit) if [ -n "$dmg_file" ]; then echo "Found DMG: $dmg_file" - # Try to get a signing identity from both keychains - SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-app.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') + # Get the first valid signing identity from the keychain + SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') if [ -z "$SIGNING_IDENTITY" ]; then - echo "No valid Developer ID Application certificate found in build-app keychain, trying build-installer keychain" - SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-installer.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') - fi - if [ -z "$SIGNING_IDENTITY" ]; then - echo "Error: No valid Developer ID Application certificate found in any keychain" + echo "Error: No valid Developer ID Application certificate found in keychain" exit 1 fi echo "Using signing identity: $SIGNING_IDENTITY" @@ -112,16 +115,6 @@ runs: xcrun notarytool submit "$dmg_file" --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait # Staple the notarization ticket xcrun stapler staple "$dmg_file" - else - echo "No DMG found to sign" - fi - echo "Using signing identity: $SIGNING_IDENTITY" - # Sign the DMG - codesign --force --sign "$SIGNING_IDENTITY" --options runtime --timestamp "$dmg_file" - # Notarize the DMG - xcrun notarytool submit "$dmg_file" --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait - # Staple the notarization ticket - xcrun stapler staple "$dmg_file" else echo "No DMG found to sign" fi From 93f645fc5bd615683ecdf2c5f67dfc35c26f3619 Mon Sep 17 00:00:00 2001 From: Panagiotis Papadopoulos Date: Thu, 17 Apr 2025 23:28:04 +0200 Subject: [PATCH 4/7] fix(routes/api/options): readd splitEditorOrientation option got deleted accidentally by https://github.com/TriliumNext/Notes/commit/49076e3cf6fc82e2960599c4e36108e06c2327ef#diff-85a967d423ba952960f6b0b8fd74f2f4aa84e3d94fa68d3404a68a205a4b4cb6 --- src/routes/api/options.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/routes/api/options.ts b/src/routes/api/options.ts index 60cfc9bb7..c7e48c432 100644 --- a/src/routes/api/options.ts +++ b/src/routes/api/options.ts @@ -82,6 +82,7 @@ const ALLOWED_OPTIONS = new Set([ "allowedHtmlTags", "redirectBareDomain", "showLoginInShareTheme", + "splitEditorOrientation", // AI/LLM integration options "aiEnabled", From 65c3c6b89acfc32bce916efdd8d72e305fc6fba2 Mon Sep 17 00:00:00 2001 From: Elian Doran Date: Fri, 18 Apr 2025 00:29:52 +0300 Subject: [PATCH 5/7] fix(client): admonitions broken due to merge conflicts --- src/public/stylesheets/style.css | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/public/stylesheets/style.css b/src/public/stylesheets/style.css index 41239294f..11f446e56 100644 --- a/src/public/stylesheets/style.css +++ b/src/public/stylesheets/style.css @@ -1992,7 +1992,12 @@ footer.file-footer button { background: var(--card-background-color); border-radius: 0.5em; padding: 1em; + margin: 1.25em 0; + position: relative; + padding-left: 2.5em; + overflow: hidden; } + .admonition p:last-child { margin-bottom: 0; } @@ -2011,11 +2016,11 @@ footer.file-footer button { .admonition.caution { --accent-color: #ff2e2e; } .admonition.warning { --accent-color: #e2aa03; } -.ck-content .admonition.note::before { content: "\eb21"; } -.ck-content .admonition.tip::before { content: "\ea0d"; } -.ck-content .admonition.important::before { content: "\ea7c"; } -.ck-content .admonition.caution::before { content: "\eac7"; } -.ck-content .admonition.warning::before { content: "\eac5"; } +.admonition.note::before { content: "\eb21"; } +.admonition.tip::before { content: "\ea0d"; } +.admonition.important::before { content: "\ea7c"; } +.admonition.caution::before { content: "\eac7"; } +.admonition.warning::before { content: "\eac5"; } .chat-options-container { display: flex; @@ -2066,11 +2071,6 @@ footer.file-footer button { border-left: 2px solid #e2aa03; font-weight: bold; } -.admonition.note::before { content: "\eb21"; } -.admonition.tip::before { content: "\ea0d"; } -.admonition.important::before { content: "\ea7c"; } -.admonition.caution::before { content: "\eac7"; } -.admonition.warning::before { content: "\eac5"; } /* * In-content floating buttons From 3b69eadbf60f7f195293a43ab391079d67780ab9 Mon Sep 17 00:00:00 2001 From: Elian Doran Date: Fri, 18 Apr 2025 00:46:52 +0300 Subject: [PATCH 6/7] chore(github): remove old workflows --- .github/workflows_old/codeql-analysis.yml | 71 ----------------------- .github/workflows_old/docker.yaml | 53 ----------------- 2 files changed, 124 deletions(-) delete mode 100644 .github/workflows_old/codeql-analysis.yml delete mode 100644 .github/workflows_old/docker.yaml diff --git a/.github/workflows_old/codeql-analysis.yml b/.github/workflows_old/codeql-analysis.yml deleted file mode 100644 index 1b48f2f10..000000000 --- a/.github/workflows_old/codeql-analysis.yml +++ /dev/null @@ -1,71 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ master ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ master ] - schedule: - - cron: '37 4 * * 1' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'javascript' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows_old/docker.yaml b/.github/workflows_old/docker.yaml deleted file mode 100644 index 39adce00a..000000000 --- a/.github/workflows_old/docker.yaml +++ /dev/null @@ -1,53 +0,0 @@ -name: Publish Docker image -on: - push: - tags: [v*] -jobs: - push_to_registries: - name: Push Docker image to multiple registries - runs-on: ubuntu-latest - permissions: - packages: write - contents: read - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - name: Docker meta - id: meta - uses: docker/metadata-action@v3 - with: - images: | - zadam/trilium - ghcr.io/zadam/trilium - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}}-latest - type=match,pattern=(\d+.\d+).\d+\-beta,enable=${{ endsWith(github.ref, 'beta') }},group=1,suffix=-latest - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - with: - install: true - - name: Log in to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Create server-package.json - run: cat package.json | grep -v electron > server-package.json - - name: Build and Push - uses: docker/build-push-action@v2.7.0 - with: - context: . - platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 - push: true - cache-from: type=registry,ref=zadam/trilium:buildcache - cache-to: type=registry,ref=zadam/trilium:buildcache,mode=max - tags: ${{ steps.meta.outputs.tags }} From 9ef6f3e9475e208346f85ee0de2021343a851648 Mon Sep 17 00:00:00 2001 From: Panagiotis Papadopoulos Date: Fri, 18 Apr 2025 00:39:17 +0200 Subject: [PATCH 7/7] fix(services/auth): fix ERR_HTTP_HEADERS_SENT errors on new unitialized Setups was previously showing two errors: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client --- src/services/auth.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/auth.ts b/src/services/auth.ts index d1d951fc0..3c9c9c8e6 100644 --- a/src/services/auth.ts +++ b/src/services/auth.ts @@ -15,7 +15,7 @@ const noAuthentication = config.General && config.General.noAuthentication === t function checkAuth(req: Request, res: Response, next: NextFunction) { if (!sqlInit.isDbInitialized()) { - res.redirect('setup'); + return res.redirect('setup'); } const currentTotpStatus = totp.isTotpEnabled();