Merge remote-tracking branch 'upstream/main'

fsr-de · Jan 13, 2024 · f4e10b4 · f4e10b4
2 parents ebd5067 + b20124e
commit f4e10b4
Show file tree

Hide file tree

Showing 396 changed files with 17,911 additions and 11,383 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -113,7 +113,14 @@ generate-version:
   before_script:
     - apk add -q git
   script:
-    - VERSION="$(git describe --abbrev=0 --tags)-${CI_COMMIT_REF_NAME}+${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}"
+    - >
+      VERSION="$(\
+        git describe --exact-match --tags HEAD 2> /dev/null\
+        || (\
+          (git describe --abbrev=0 --tags | tr -d '\n')\
+          && echo "-${CI_COMMIT_REF_NAME}+${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}"\
+        )\
+      )"
     - echo "${VERSION}"
     - echo -n "${VERSION}" > storage/app/VERSION
 
@@ -155,6 +162,15 @@ yarn lint:
     - apk add --no-cache git
     - yarn lint
 
+translations lint:
+  image: alpine
+  stage: prepare
+  before_script:
+    - apk add gettext
+  script:
+    - find resources/lang -type f -name '*.po' -exec sh -c 'msgfmt "${1%.*}.po" -o"${1%.*}.mo"' shell {} \;
+    - '[[ $(find resources/lang -type f -name "*.po" | wc -l) == $(find resources/lang -type f -name "*.mo" | wc -l) ]]'
+
 #
 # Build
 #
@@ -177,13 +193,15 @@ build-image:
     - composer validate
     - yarn check
     - yarn lint
+    - translations lint
     - generate-version
   dependencies:
     - generate-version
   script:
     - /kaniko/executor --context ${CI_PROJECT_DIR}
       --dockerfile ${CI_PROJECT_DIR}/docker/Dockerfile
       --destination "${TEST_IMAGE}"
+      --cache=true
 
 #
 # Test
@@ -241,6 +259,9 @@ dump-database:
     - cd "${DOCROOT}"
     - ./bin/migrate
   script:
+    - >-
+      mysql -h "${MYSQL_HOST}" -u "${MYSQL_USER}" -p"${MYSQL_PASSWORD}" "${MYSQL_DATABASE}"
+      -e 'UPDATE users SET api_key="" WHERE name="admin"'
     - >-
       mysqldump -h "${MYSQL_HOST}" -u "${MYSQL_USER}" -p"${MYSQL_PASSWORD}" "${MYSQL_DATABASE}"
       > "${HOMEDIR}/initial-install.sql"
@@ -270,7 +291,11 @@ release-image:
     - test
   dependencies: [ ]
   script:
-    - echo -e "FROM ${TEST_IMAGE}" | /kaniko/executor --dockerfile /dev/stdin --destination "${RELEASE_IMAGE}"
+    - echo -e "FROM ${TEST_IMAGE}"
+      | /kaniko/executor
+      --dockerfile /dev/stdin
+      --destination "${RELEASE_IMAGE}"
+      --cache=true
   only:
     - main
 
@@ -426,7 +451,8 @@ deploy:
     GIT_STRATEGY: none
   when: manual
   script:
-    - kubectl delete all,ingress,pvc -l app=$CI_PROJECT_PATH_SLUG -l environment=$CI_ENVIRONMENT_SLUG
+    - TARGETS=all,ingress,pvc,certificate
+    - kubectl -n "${KUBE_NAMESPACE}" delete $TARGETS -l app=$CI_PROJECT_PATH_SLUG -l environment=$CI_ENVIRONMENT_SLUG
 
 deploy-k8s-review:
   <<: *deploy_k8s

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -7,6 +7,7 @@
 * Code must pass PHPStan checks (`composer phpstan`)
 * Order the composer/npm dependencies alphabetically.
 * Do not use code from the [includes](includes) directory anywhere else.
+* Don't refactor [includes](includes) code just for the sake of change, it is legacy code that must only be replaced.
 * Please cover your code by unit tests, our goal is to stay at 100% line coverage.
   Code under `includes` does not require tests as it's mostly not testable and needs to be rewritten.
 * Do not use vendor prefixes like `-webkit` in styles.

diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -13,10 +13,14 @@ Please ensure that your pull requests follow the [PSR-12](https://www.php-fig.or
 You can check that by running
 ```bash
 composer run phpcs
+# with docker
+docker exec engelsystem_dev-es_workspace-1 composer run phpcs
 ```
 You may auto fix reported issues by running
 ```bash
 composer run phpcbf
+# with docker
+docker exec engelsystem_dev-es_workspace-1 composer run phpcbf
 ```
 
 ## Pre-commit hooks
@@ -68,7 +72,7 @@ docker compose exec es_workspace yarn build
 docker compose exec -e THEMES=0,1 es_workspace yarn build
 
 # Update the translation files
-docker compose exec es_workspace find /var/www/resources/lang -type f -name '*.po' -exec sh -c 'file="{}"; msgfmt "${file%.*}.po" -o "${file%.*}.mo"' \;
+docker compose exec es_workspace find /var/www/resources/lang -type f -name '*.po' -exec sh -c 'msgfmt "${1%.*}.po" -o"${1%.*}.mo"' shell {} \;
 
 # Run the migrations
 docker compose exec es_workspace bin/migrate
@@ -114,7 +118,7 @@ The following instructions explain how to get, build and run the latest Engelsys
     ```
 * Generate translation files
   ```bash
-  find resources/lang/ -type f -name '*.po' -exec sh -c 'file="{}"; msgfmt "${file%.*}.po" -o "${file%.*}.mo"' \;
+  find resources/lang/ -type f -name '*.po' -exec sh -c 'msgfmt "${1%.*}.po" -o"${1%.*}.mo"' shell {} \;
   ```
 
 ## Testing

diff --git a/README.md b/README.md
@@ -46,7 +46,7 @@ The Engelsystem may be installed manually or by using the provided [docker setup
  * Recommended: Directory Listing should be disabled.
  * There must be a MySQL database set up with a user who has full rights to that database.
  * If necessary, create a `config/config.php` to override values from `config/config.default.php`.
-   * To edit values from the `footer_items`, `themes`, `locales`, `tshirt_sizes` or `headers` lists, directly modify the `config/config.default.php` file or rename it to `config/config.php`.
+   * To disable/remove values from the `themes`, `tshirt_sizes`, `headers`, `header_items`, `footer_items`, or `locales` lists, set the value of the entry to `null`.
  * To import the database, the `bin/migrate` script has to be run. If you can't execute scripts, you can use the `initial-install.sql` file from the release zip.
  * In the browser, login with credentials `admin` : `asdfasdf` and change the password.
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you want to contact us directly regarding a security concern, please write an e-mail to [email protected] and explain your findings.
+Thank you!
+
+## Use of external reporting / bug bounty services
+
+We kindly ask you to not use any external reporting / bug bounty service. We do not collaborate with any external service and experiences in the past showed that these services usually add a lot of unnecessary overhead.
+
+Please send security critical bug reports to [email protected].
+
+If you feel like we are not reacting fast enough (generally no more than 14 days should go by until an initial response; This is a volunteer project mostly used internally after all), please feel free to go for full disclosure via our github issue tracker, and tag the issue there by creating a title prefixed with [SECURITY].
+
+If you find a critical vulnerability that warrants a CVE, we will also take care of issuing a CVE without any bug bounty platform having to be involved.
diff --git a/bin/pre-commit b/bin/pre-commit
@@ -3,10 +3,24 @@
 # immediate exit after an error
 set -e
 
+testing() {
+    echo
+    echo "🔎 Checking ${1}"
+}
+
+testing 'JS & CSS 🎨'
 yarn check
 yarn lint
 
+testing 'PHP ⚙️'
 composer validate
 composer phpcs
 composer phpstan
 ./vendor/bin/phpunit
+
+testing 'translations 🗺️'
+find resources/lang -type f -name '*.po' -exec sh -c 'msgfmt "${1%.*}.po" -o"${1%.*}.mo"' shell {} \;
+[ "$(find resources/lang -type f -name '*.po' | wc -l)" -eq "$(find resources/lang -type f -name '*.mo' | wc -l)" ]
+find resources/lang -type f -name '*.mo' -exec rm {} \;
+
+echo '✅ Done 🎉'
diff --git a/composer.json b/composer.json
@@ -35,38 +35,40 @@
         "ext-pdo": "*",
         "ext-simplexml": "*",
         "ext-xml": "*",
-        "doctrine/dbal": "^3.5",
+        "doctrine/dbal": "^3.7",
         "erusev/parsedown": "^1.7",
         "gettext/gettext": "^5.7",
-        "gettext/translator": "^1.1",
-        "guzzlehttp/guzzle": "^7.5",
-        "illuminate/container": "^9.43",
-        "illuminate/database": "^9.43",
-        "illuminate/support": "^9.43",
-        "league/oauth2-client": "^2.6",
+        "gettext/translator": "^1.2",
+        "guzzlehttp/guzzle": "^7.8",
+        "illuminate/container": "^10.38",
+        "illuminate/database": "^10.38",
+        "illuminate/support": "^10.38",
+        "league/oauth2-client": "^2.7",
+        "league/openapi-psr7-validator": "^0.21",
         "nikic/fast-route": "^1.3",
-        "nyholm/psr7": "^1.5",
+        "nyholm/psr7": "^1.8",
         "psr/container": "^2.0",
+        "psr/http-message": "^1.1",
         "psr/http-server-middleware": "^1.0",
         "psr/log": "^3.0",
-        "rcrowe/twigbridge": "^0.14.0",
+        "rcrowe/twigbridge": "^0.14.1",
         "respect/validation": "^1.1",
-        "symfony/http-foundation": "^6.2",
-        "symfony/mailer": "^6.2",
-        "symfony/psr-http-message-bridge": "^2.1",
-        "twig/twig": "^3.4",
-        "vlucas/phpdotenv": "^5.5"
+        "symfony/http-foundation": "^6.4",
+        "symfony/mailer": "^6.4",
+        "symfony/psr-http-message-bridge": "^2.3",
+        "twig/twig": "^3.8",
+        "vlucas/phpdotenv": "^5.6"
     },
     "require-dev": {
-        "dms/phpunit-arraysubset-asserts": "^0.4",
-        "fakerphp/faker": "^1.20",
+        "dms/phpunit-arraysubset-asserts": "^0.5",
+        "fakerphp/faker": "^1.23",
         "fig/log-test": "^1.1",
-        "filp/whoops": "^2.14",
-        "phpstan/phpstan": "^1.9",
-        "phpunit/phpunit": "^9.5",
-        "slevomat/coding-standard": "^8.6",
-        "squizlabs/php_codesniffer": "^3.7",
-        "symfony/var-dumper": "^6.2"
+        "filp/whoops": "^2.15",
+        "phpstan/phpstan": "^1.10",
+        "phpunit/phpunit": "^9.6",
+        "slevomat/coding-standard": "^8.14",
+        "squizlabs/php_codesniffer": "^3.8",
+        "symfony/var-dumper": "^6.4"
     },
     "autoload": {
         "psr-4": {