Tools/Notes
1
0
Fork 0
mirror of https://github.com/TriliumNext/Notes.git synced 2025-08-12 20:02:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' of https://github.com/TriliumNext/Notes into develop

Browse Source
This commit is contained in:
Adorian Doran 2025-04-18 10:39:44 +03:00
commit 837cdea26f
6 changed files with 145 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

257
.github/actions/build-electron/action.yml vendored
View File

@ -18,143 +18,152 @@ inputs:
runs: runs:
using: composite using: composite
steps: steps:
# Certificate setup # Certificate setup
- name: Import Apple certificates - name: Import Apple certificates
if: inputs.os == 'macos' if: inputs.os == 'macos'
uses: apple-actions/import-codesign-certs@v3 uses: apple-actions/import-codesign-certs@v3
with: with:
p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }} p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }}
p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }} p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }}
keychain: build keychain: build-app-${{ github.run_id }}
keychain-password: ${{ github.run_id }} keychain-password: ${{ github.run_id }}
- name: Install Installer certificate - name: Install Installer certificate
if: inputs.os == 'macos' if: inputs.os == 'macos'
uses: apple-actions/import-codesign-certs@v3 uses: apple-actions/import-codesign-certs@v3
with: with:
p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }} p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }}
p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }} p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}
keychain: build keychain: build-installer-${{ github.run_id }}
keychain-password: ${{ github.run_id }} keychain-password: ${{ github.run_id }}
# We don't need to create a keychain here because we're using the build keychain that was created in the previous step
create-keychain: false
- name: Verify certificates - name: Verify certificates
if: inputs.os == 'macos' if: inputs.os == 'macos'
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: | run: |
echo "Available signing identities:" echo "Available signing identities in app keychain:"
security find-identity -v -p codesigning build.keychain security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain
- name: Set up Python and other macOS dependencies echo "Available signing identities in installer keychain:"
if: ${{ inputs.os == 'macos' }} security find-identity -v -p codesigning build-installer-${{ github.run_id }}.keychain
shell: ${{ inputs.shell }}
run: |
brew install python-setuptools
brew install create-dmg
- name: Install dependencies for RPM and Flatpak package building # Make the keychains searchable
if: ${{ inputs.os == 'linux' }} security list-keychains -d user -s build-app-${{ github.run_id }}.keychain build-installer-${{ github.run_id }}.keychain $(security list-keychains -d user | tr -d '"')
shell: ${{ inputs.shell }} security default-keychain -s build-app-${{ github.run_id }}.keychain
run: | security unlock-keychain -p ${{ github.run_id }} build-app-${{ github.run_id }}.keychain
sudo apt-get update && sudo apt-get install rpm flatpak-builder elfutils security unlock-keychain -p ${{ github.run_id }} build-installer-${{ github.run_id }}.keychain
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo security set-keychain-settings -t 3600 -l build-app-${{ github.run_id }}.keychain
FLATPAK_ARCH=$(if [[ ${{ inputs.arch }} = 'arm64' ]]; then echo 'aarch64'; else echo 'x86_64'; fi) security set-keychain-settings -t 3600 -l build-installer-${{ github.run_id }}.keychain
FLATPAK_VERSION='24.08'
flatpak install --user --no-deps --arch $FLATPAK_ARCH --assumeyes runtime/org.freedesktop.Platform/$FLATPAK_ARCH/$FLATPAK_VERSION runtime/org.freedesktop.Sdk/$FLATPAK_ARCH/$FLATPAK_VERSION org.electronjs.Electron2.BaseApp/$FLATPAK_ARCH/$FLATPAK_VERSION
# Build setup - name: Set up Python and other macOS dependencies
- name: Install dependencies if: ${{ inputs.os == 'macos' }}
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: npm ci run: |
brew install python-setuptools
brew install create-dmg
- name: Update build info - name: Install dependencies for RPM and Flatpak package building
shell: ${{ inputs.shell }} if: ${{ inputs.os == 'linux' }}
run: npm run chore:update-build-info shell: ${{ inputs.shell }}
run: |
sudo apt-get update && sudo apt-get install rpm flatpak-builder elfutils
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
FLATPAK_ARCH=$(if [[ ${{ inputs.arch }} = 'arm64' ]]; then echo 'aarch64'; else echo 'x86_64'; fi)
FLATPAK_VERSION='24.08'
flatpak install --user --no-deps --arch $FLATPAK_ARCH --assumeyes runtime/org.freedesktop.Platform/$FLATPAK_ARCH/$FLATPAK_VERSION runtime/org.freedesktop.Sdk/$FLATPAK_ARCH/$FLATPAK_VERSION org.electronjs.Electron2.BaseApp/$FLATPAK_ARCH/$FLATPAK_VERSION
# Critical debugging configuration # Build setup
- name: Run electron-forge build with enhanced logging - name: Install dependencies
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
env: run: npm ci
# Pass through required environment variables for signing and notarization
APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }}
APPLE_ID: ${{ env.APPLE_ID }}
APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }}
WINDOWS_SIGN_EXECUTABLE: ${{ env.WINDOWS_SIGN_EXECUTABLE }}
TRILIUM_ARTIFACT_NAME_HINT: TriliumNextNotes-${{ github.ref_name }}-${{ inputs.os }}-${{ inputs.arch }}
run: npm run electron-forge:make -- --arch=${{ inputs.arch }} --platform=${{ inputs.forge_platform }}
# Add DMG signing step - name: Update build info
- name: Sign DMG shell: ${{ inputs.shell }}
if: inputs.os == 'macos' run: npm run chore:update-build-info
shell: ${{ inputs.shell }}
run: | # Critical debugging configuration
echo "Signing DMG file..." - name: Run electron-forge build with enhanced logging
dmg_file=$(find ./dist -name "*.dmg" -print -quit) shell: ${{ inputs.shell }}
if [ -n "$dmg_file" ]; then env:
echo "Found DMG: $dmg_file" # Pass through required environment variables for signing and notarization
# Get the first valid signing identity from the keychain APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }}
SIGNING_IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/') APPLE_ID: ${{ env.APPLE_ID }}
if [ -z "$SIGNING_IDENTITY" ]; then APPLE_ID_PASSWORD: ${{ env.APPLE_ID_PASSWORD }}
echo "Error: No valid Developer ID Application certificate found in keychain" WINDOWS_SIGN_EXECUTABLE: ${{ env.WINDOWS_SIGN_EXECUTABLE }}
exit 1 TRILIUM_ARTIFACT_NAME_HINT: TriliumNextNotes-${{ github.ref_name }}-${{ inputs.os }}-${{ inputs.arch }}
run: npm run electron-forge:make -- --arch=${{ inputs.arch }} --platform=${{ inputs.forge_platform }}
# Add DMG signing step
- name: Sign DMG
if: inputs.os == 'macos'
shell: ${{ inputs.shell }}
run: |
echo "Signing DMG file..."
dmg_file=$(find ./dist -name "*.dmg" -print -quit)
if [ -n "$dmg_file" ]; then
echo "Found DMG: $dmg_file"
# Get the first valid signing identity from the keychain
SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/')
if [ -z "$SIGNING_IDENTITY" ]; then
echo "Error: No valid Developer ID Application certificate found in keychain"
exit 1
fi
echo "Using signing identity: $SIGNING_IDENTITY"
# Sign the DMG
codesign --force --sign "$SIGNING_IDENTITY" --options runtime --timestamp "$dmg_file"
# Notarize the DMG
xcrun notarytool submit "$dmg_file" --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait
# Staple the notarization ticket
xcrun stapler staple "$dmg_file"
else
echo "No DMG found to sign"
fi fi
echo "Using signing identity: $SIGNING_IDENTITY"
# Sign the DMG
codesign --force --sign "$SIGNING_IDENTITY" --options runtime --timestamp "$dmg_file"
# Notarize the DMG
xcrun notarytool submit "$dmg_file" --apple-id "$APPLE_ID" --password "$APPLE_ID_PASSWORD" --team-id "$APPLE_TEAM_ID" --wait
# Staple the notarization ticket
xcrun stapler staple "$dmg_file"
else
echo "No DMG found to sign"
fi
- name: Verify code signing - name: Verify code signing
if: inputs.os == 'macos' if: inputs.os == 'macos'
shell: ${{ inputs.shell }} shell: ${{ inputs.shell }}
run: | run: |
echo "Verifying code signing for all artifacts..." echo "Verifying code signing for all artifacts..."
# First check the .app bundle # First check the .app bundle
echo "Looking for .app bundle..." echo "Looking for .app bundle..."
app_bundle=$(find ./dist -name "*.app" -print -quit) app_bundle=$(find ./dist -name "*.app" -print -quit)
if [ -n "$app_bundle" ]; then if [ -n "$app_bundle" ]; then
echo "Found app bundle: $app_bundle" echo "Found app bundle: $app_bundle"
echo "Verifying app bundle signing..." echo "Verifying app bundle signing..."
codesign --verify --deep --strict --verbose=2 "$app_bundle" codesign --verify --deep --strict --verbose=2 "$app_bundle"
echo "Displaying app bundle signing info..." echo "Displaying app bundle signing info..."
codesign --display --verbose=2 "$app_bundle" codesign --display --verbose=2 "$app_bundle"
echo "Checking entitlements..." echo "Checking entitlements..."
codesign --display --entitlements :- "$app_bundle" codesign --display --entitlements :- "$app_bundle"
echo "Checking notarization status..." echo "Checking notarization status..."
xcrun stapler validate "$app_bundle" || echo "Warning: App bundle not notarized yet" xcrun stapler validate "$app_bundle" || echo "Warning: App bundle not notarized yet"
else else
echo "No .app bundle found to verify" echo "No .app bundle found to verify"
fi fi
# Then check DMG if it exists # Then check DMG if it exists
echo "Looking for DMG..." echo "Looking for DMG..."
dmg_file=$(find ./dist -name "*.dmg" -print -quit) dmg_file=$(find ./dist -name "*.dmg" -print -quit)
if [ -n "$dmg_file" ]; then if [ -n "$dmg_file" ]; then
echo "Found DMG: $dmg_file" echo "Found DMG: $dmg_file"
echo "Verifying DMG signing..." echo "Verifying DMG signing..."
codesign --verify --deep --strict --verbose=2 "$dmg_file" codesign --verify --deep --strict --verbose=2 "$dmg_file"
echo "Displaying DMG signing info..." echo "Displaying DMG signing info..."
codesign --display --verbose=2 "$dmg_file" codesign --display --verbose=2 "$dmg_file"
echo "Checking DMG notarization..." echo "Checking DMG notarization..."
xcrun stapler validate "$dmg_file" || echo "Warning: DMG not notarized yet" xcrun stapler validate "$dmg_file" || echo "Warning: DMG not notarized yet"
else else
echo "No DMG found to verify" echo "No DMG found to verify"
fi fi
# Finally check ZIP if it exists # Finally check ZIP if it exists
echo "Looking for ZIP..." echo "Looking for ZIP..."
zip_file=$(find ./dist -name "*.zip" -print -quit) zip_file=$(find ./dist -name "*.zip" -print -quit)
if [ -n "$zip_file" ]; then if [ -n "$zip_file" ]; then
echo "Found ZIP: $zip_file" echo "Found ZIP: $zip_file"
echo "Note: ZIP files are not code signed, but their contents should be" echo "Note: ZIP files are not code signed, but their contents should be"
fi fi

71
.github/workflows_old/codeql-analysis.yml vendored
View File

@ -1,71 +0,0 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '37 4 * * 1'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

53
.github/workflows_old/docker.yaml vendored
View File

@ -1,53 +0,0 @@
name: Publish Docker image
on:
push:
tags: [v*]
jobs:
push_to_registries:
name: Push Docker image to multiple registries
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
images: |
zadam/trilium
ghcr.io/zadam/trilium
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}-latest
type=match,pattern=(\d+.\d+).\d+\-beta,enable=${{ endsWith(github.ref, 'beta') }},group=1,suffix=-latest
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
with:
install: true
- name: Log in to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Log in to GitHub Docker Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create server-package.json
run: cat package.json | grep -v electron > server-package.json
- name: Build and Push
uses: docker/build-push-action@v2.7.0
with:
context: .
platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
push: true
cache-from: type=registry,ref=zadam/trilium:buildcache
cache-to: type=registry,ref=zadam/trilium:buildcache,mode=max
tags: ${{ steps.meta.outputs.tags }}

20
src/public/stylesheets/style.css
View File

@ -1992,7 +1992,12 @@ footer.file-footer button {
background: var(--card-background-color); background: var(--card-background-color);
border-radius: 0.5em; border-radius: 0.5em;
padding: 1em; padding: 1em;
margin: 1.25em 0;
position: relative;
padding-left: 2.5em;
overflow: hidden;
} }
.admonition p:last-child { .admonition p:last-child {
margin-bottom: 0; margin-bottom: 0;
} }
@ -2011,11 +2016,11 @@ footer.file-footer button {
.admonition.caution { --accent-color: #ff2e2e; } .admonition.caution { --accent-color: #ff2e2e; }
.admonition.warning { --accent-color: #e2aa03; } .admonition.warning { --accent-color: #e2aa03; }
.ck-content .admonition.note::before { content: "\eb21"; } .admonition.note::before { content: "\eb21"; }
.ck-content .admonition.tip::before { content: "\ea0d"; } .admonition.tip::before { content: "\ea0d"; }
.ck-content .admonition.important::before { content: "\ea7c"; } .admonition.important::before { content: "\ea7c"; }
.ck-content .admonition.caution::before { content: "\eac7"; } .admonition.caution::before { content: "\eac7"; }
.ck-content .admonition.warning::before { content: "\eac5"; } .admonition.warning::before { content: "\eac5"; }
.chat-options-container { .chat-options-container {
display: flex; display: flex;
@ -2066,11 +2071,6 @@ footer.file-footer button {
border-left: 2px solid #e2aa03; border-left: 2px solid #e2aa03;
font-weight: bold; font-weight: bold;
} }
.admonition.note::before { content: "\eb21"; }
.admonition.tip::before { content: "\ea0d"; }
.admonition.important::before { content: "\ea7c"; }
.admonition.caution::before { content: "\eac7"; }
.admonition.warning::before { content: "\eac5"; }
/* /*
* In-content floating buttons * In-content floating buttons

1
src/routes/api/options.ts
View File

@ -82,6 +82,7 @@ const ALLOWED_OPTIONS = new Set<OptionNames>([
"allowedHtmlTags", "allowedHtmlTags",
"redirectBareDomain", "redirectBareDomain",
"showLoginInShareTheme", "showLoginInShareTheme",
"splitEditorOrientation",
// AI/LLM integration options // AI/LLM integration options
"aiEnabled", "aiEnabled",

2
src/services/auth.ts
View File

@ -15,7 +15,7 @@ const noAuthentication = config.General && config.General.noAuthentication === t
function checkAuth(req: Request, res: Response, next: NextFunction) { function checkAuth(req: Request, res: Response, next: NextFunction) {
if (!sqlInit.isDbInitialized()) { if (!sqlInit.isDbInitialized()) {
res.redirect('setup'); return res.redirect('setup');
} }
const currentTotpStatus = totp.isTotpEnabled(); const currentTotpStatus = totp.isTotpEnabled();