Merge branch 'develop' of https://github.com/TriliumNext/Notes into develop

.github/actions/build-electron/action.yml

@@ -25,7 +25,7 @@ runs:
       with:
         p12-file-base64: ${{ env.APPLE_APP_CERTIFICATE_BASE64 }}
         p12-password: ${{ env.APPLE_APP_CERTIFICATE_PASSWORD }}
-      keychain: build
+        keychain: build-app-${{ github.run_id }}
         keychain-password: ${{ github.run_id }}
 
     - name: Install Installer certificate
@@ -34,17 +34,26 @@ runs:
       with:
         p12-file-base64: ${{ env.APPLE_INSTALLER_CERTIFICATE_BASE64 }}
         p12-password: ${{ env.APPLE_INSTALLER_CERTIFICATE_PASSWORD }}
-      keychain: build
+        keychain: build-installer-${{ github.run_id }}
         keychain-password: ${{ github.run_id }}
-      # We don't need to create a keychain here because we're using the build keychain that was created in the previous step
-      create-keychain: false
 
     - name: Verify certificates
       if: inputs.os == 'macos'
       shell: ${{ inputs.shell }}
       run: |
-      echo "Available signing identities:"
-      security find-identity -v -p codesigning build.keychain
+        echo "Available signing identities in app keychain:"
+        security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain
+
+        echo "Available signing identities in installer keychain:"
+        security find-identity -v -p codesigning build-installer-${{ github.run_id }}.keychain
+
+        # Make the keychains searchable
+        security list-keychains -d user -s build-app-${{ github.run_id }}.keychain build-installer-${{ github.run_id }}.keychain $(security list-keychains -d user | tr -d '"')
+        security default-keychain -s build-app-${{ github.run_id }}.keychain
+        security unlock-keychain -p ${{ github.run_id }} build-app-${{ github.run_id }}.keychain
+        security unlock-keychain -p ${{ github.run_id }} build-installer-${{ github.run_id }}.keychain
+        security set-keychain-settings -t 3600 -l build-app-${{ github.run_id }}.keychain
+        security set-keychain-settings -t 3600 -l build-installer-${{ github.run_id }}.keychain
 
     - name: Set up Python and other macOS dependencies
       if: ${{ inputs.os == 'macos' }}
@@ -94,7 +103,7 @@ runs:
         if [ -n "$dmg_file" ]; then
           echo "Found DMG: $dmg_file"
           # Get the first valid signing identity from the keychain
-        SIGNING_IDENTITY=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/')
+          SIGNING_IDENTITY=$(security find-identity -v -p codesigning build-app-${{ github.run_id }}.keychain | grep "Developer ID Application" | head -1 | sed -E 's/.*"([^"]+)".*/\1/')
           if [ -z "$SIGNING_IDENTITY" ]; then
             echo "Error: No valid Developer ID Application certificate found in keychain"
             exit 1

.github/workflows_old/codeql-analysis.yml

@@ -1,71 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
-  schedule:
-    - cron: '37 4 * * 1'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

.github/workflows_old/docker.yaml

@@ -1,53 +0,0 @@
-name: Publish Docker image
-on:
-    push:
-        tags: [v*]
-jobs:
-    push_to_registries:
-        name: Push Docker image to multiple registries
-        runs-on: ubuntu-latest
-        permissions:
-            packages: write
-            contents: read
-        steps:
-            - name: Checkout
-              uses: actions/checkout@v2
-            - name: Set up QEMU
-              uses: docker/setup-qemu-action@v1
-            - name: Docker meta
-              id: meta
-              uses: docker/metadata-action@v3
-              with:
-                  images: |
-                      zadam/trilium
-                      ghcr.io/zadam/trilium
-                  tags: |
-                      type=semver,pattern={{version}}
-                      type=semver,pattern={{major}}.{{minor}}-latest
-                      type=match,pattern=(\d+.\d+).\d+\-beta,enable=${{ endsWith(github.ref, 'beta') }},group=1,suffix=-latest
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v1
-              with:
-                  install: true
-            - name: Log in to Docker Hub
-              uses: docker/login-action@v1
-              with:
-                  username: ${{ secrets.DOCKER_USERNAME }}
-                  password: ${{ secrets.DOCKER_PASSWORD }}
-            - name: Log in to GitHub Docker Registry
-              uses: docker/login-action@v1
-              with:
-                  registry: ghcr.io
-                  username: ${{ github.repository_owner }}
-                  password: ${{ secrets.GITHUB_TOKEN }}
-            - name: Create server-package.json
-              run: cat package.json | grep -v electron > server-package.json
-            - name: Build and Push
-              uses: docker/build-push-action@v2.7.0
-              with:
-                  context: .
-                  platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
-                  push: true
-                  cache-from: type=registry,ref=zadam/trilium:buildcache
-                  cache-to: type=registry,ref=zadam/trilium:buildcache,mode=max
-                  tags: ${{ steps.meta.outputs.tags }}

src/public/stylesheets/style.css

@@ -1992,7 +1992,12 @@ footer.file-footer button {
     background: var(--card-background-color);
     border-radius: 0.5em;
     padding: 1em;
+    margin: 1.25em 0;
+    position: relative;
+    padding-left: 2.5em;
+    overflow: hidden;
 }
+
 .admonition p:last-child {
     margin-bottom: 0;
 }
@@ -2011,11 +2016,11 @@ footer.file-footer button {
 .admonition.caution { --accent-color: #ff2e2e; }
 .admonition.warning { --accent-color: #e2aa03; }
 
-.ck-content .admonition.note::before { content: "\eb21"; }
-.ck-content .admonition.tip::before { content: "\ea0d"; }
-.ck-content .admonition.important::before { content: "\ea7c"; }
-.ck-content .admonition.caution::before { content: "\eac7"; }
-.ck-content .admonition.warning::before { content: "\eac5"; }
+.admonition.note::before { content: "\eb21"; }
+.admonition.tip::before { content: "\ea0d"; }
+.admonition.important::before { content: "\ea7c"; }
+.admonition.caution::before { content: "\eac7"; }
+.admonition.warning::before { content: "\eac5"; }
 
 .chat-options-container {
     display: flex;
@@ -2066,11 +2071,6 @@ footer.file-footer button {
     border-left: 2px solid #e2aa03;
     font-weight: bold;
 }
-.admonition.note::before { content: "\eb21"; }
-.admonition.tip::before { content: "\ea0d"; }
-.admonition.important::before { content: "\ea7c"; }
-.admonition.caution::before { content: "\eac7"; }
-.admonition.warning::before { content: "\eac5"; }
 
 /*
  * In-content floating buttons

src/routes/api/options.ts

@@ -82,6 +82,7 @@ const ALLOWED_OPTIONS = new Set<OptionNames>([
     "allowedHtmlTags",
     "redirectBareDomain",
     "showLoginInShareTheme",
+    "splitEditorOrientation",
 
     // AI/LLM integration options
     "aiEnabled",

src/services/auth.ts

@@ -15,7 +15,7 @@ const noAuthentication = config.General && config.General.noAuthentication === t
 
 function checkAuth(req: Request, res: Response, next: NextFunction) {
     if (!sqlInit.isDbInitialized()) {
-        res.redirect('setup');
+        return res.redirect('setup');
     }
 
     const currentTotpStatus = totp.isTotpEnabled();