Merge remote-tracking branch 'origin/dev' into feature/71380-inplace-edit-for-project-attributes-on-project-overview-page

Author: HDinger

.env.example

@@ -44,6 +44,10 @@ PORT=3000
 FE_HOST=localhost
 FE_PORT=4200
 
+# Hocuspocus (collaborative editing) - local development
+OPENPROJECT_COLLABORATIVE__EDITING__HOCUSPOCUS__URL=ws://localhost:1234
+OPENPROJECT_COLLABORATIVE__EDITING__HOCUSPOCUS__SECRET=secret12345
+
 # Default TLD for docker dev stack (e.g. when set to "local", services will be openproject.local, nextcloud.local, etc.)
 OPENPROJECT_DOCKER_DEV_TLD=local
 

.github/dependabot.yml

@@ -58,6 +58,22 @@ updates:
       - dependency-name: "openproject-octicons"
       - dependency-name: "openproject-octicons_helper"
       - dependency-name: "openproject-primer_view_components"
+  - package-ecosystem: "npm"
+    directory: "/extensions/op-blocknote-hocuspocus"
+    schedule:
+      interval: "weekly"
+    target-branch: "dev"
+    commit-message:
+      prefix: "deps(hocuspocus)"
+    labels:
+      - "dependencies"
+    groups:
+      npm-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

.github/workflows/cla.yml

@@ -3,7 +3,7 @@ on:
   issue_comment:
     types: [created]
   pull_request_target:
-    types: [opened,closed,synchronize]
+    types: [opened, closed, synchronize]
 
 # explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
 permissions:
@@ -14,6 +14,7 @@ permissions:
 
 jobs:
   CLAAssistant:
+    if: github.repository == 'opf/openproject'
     runs-on: ubuntu-latest
     steps:
       - name: "CLA Assistant"
@@ -23,11 +24,12 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PERSONAL_ACCESS_TOKEN: ${{ secrets.OPENPROJECTCI_GH_LEGAL_TOKEN }}
         with:
-          path-to-signatures: 'contributor-license-agreement/signatures/version1.json'
-          path-to-document: 'https://www.openproject.org/legal/contributor-license-agreement' # e.g. a CLA or a DCO document
+          path-to-signatures: "contributor-license-agreement/signatures/version1.json"
+          path-to-document: "https://www.openproject.org/legal/contributor-license-agreement" # e.g. a CLA or a DCO document
           # branch should not be protected
-          branch: 'main'
+          branch: "main"
           allowlist: >
+            *[bot]*,
             Copilot,
             Daten-David,
             EinLama,
@@ -39,6 +41,7 @@ jobs:
             NobodysNightmare,
             RobinWagner,
             akabiru,
+            anna-mohn,
             as-op,
             astock2,
             ba1ash,
@@ -51,6 +54,7 @@ jobs:
             corinnaguenther,
             crohr,
             dependabot[bot],
+            dfriquet,
             dombesz,
             dominic-braeunlein,
             dsteiner,
@@ -78,8 +82,8 @@ jobs:
             vspielau,
             wielinde,
             yanzubrytskyi,
-            ehassan01
-
+            ehassan01,
+            thykel
           # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken
           remote-organization-name: opf
           remote-repository-name: legal

.github/workflows/codeql-scan-core.yml

@@ -2,18 +2,19 @@ name: codeql
 
 on:
   push:
-    branches: [ "dev", "release/*", "stable/*" ]
+    branches: ["dev", "release/*", "stable/*"]
   pull_request:
-    branches: [ "dev", "release/*", "stable/*" ]
+    branches: ["dev", "release/*", "stable/*"]
     paths-ignore:
-      - 'docs/**'
+      - "docs/**"
   schedule:
-    - cron: '32 1 * * 2'
+    - cron: "32 1 * * 2"
 
 jobs:
   analyze:
+    if: github.repository == 'opf/openproject'
     name: Analyze
-    runs-on: 'ubuntu-latest'
+    runs-on: "ubuntu-latest"
     timeout-minutes: 120
     permissions:
       # required for all workflows
@@ -26,7 +27,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript-typescript', 'ruby' ]
+        language: ["javascript-typescript", "ruby"]
 
     steps:
       - name: Checkout repository

.github/workflows/create-merge-from-previous-release-branch-pr.yml

@@ -1,48 +1,49 @@
 name: create-merge-from-previous-release-branch
 on:
   push:
-    branches: [ "release/*" ]
+    branches: ["release/*"]
   workflow_dispatch:
 
 permissions: {}
 jobs:
   setup:
+    if: github.repository == 'opf/openproject'
     runs-on: ubuntu-latest
     outputs:
       previous_release_branch: ${{ steps.find_previous_release.outputs.branch }}
       latest_release_branch: ${{ steps.find_latest_release.outputs.branch }}
     steps:
-    - id: find_previous_release
-      env:
-        GITHUB_TOKEN: ${{ secrets.OPENPROJECTCI_GH_CORE_PAT }}
-        GITHUB_REPOSITORY: ${{ github.repository }}
-      run: |
-        BRANCH=$(curl -H "Authorization: token $GITHUB_TOKEN" \
-          https://api.github.com/repos/$GITHUB_REPOSITORY/branches?protected=true | \
-          jq -r '.[].name' | grep '^release/' | sort --version-sort | tail -2 | head -1
-        )
-        if [ "$BRANCH" = "" ]; then
-          echo "Invalid release branch found: $BRANCH"
-          exit 1
-        fi
-        echo "Found previous release branch: $BRANCH"
-        echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
-    - id: find_latest_release
-      env:
-        GITHUB_TOKEN: ${{ secrets.OPENPROJECTCI_GH_CORE_PAT }}
-        GITHUB_REPOSITORY: ${{ github.repository }}
-      run: |
-        BRANCH=$(curl -H "Authorization: token $GITHUB_TOKEN" \
-          https://api.github.com/repos/$GITHUB_REPOSITORY/branches?protected=true | \
-          jq -r '.[].name' | grep '^release/' | sort --version-sort | tail -1
-        )
-        if [ "$BRANCH" = "" ]; then
-          echo "Invalid release branch found: $BRANCH"
-          exit 1
-        fi
-        
-        echo "Found current release branch: $BRANCH"
-        echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
+      - id: find_previous_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.OPENPROJECTCI_GH_CORE_PAT }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          BRANCH=$(curl -H "Authorization: token $GITHUB_TOKEN" \
+            https://api.github.com/repos/$GITHUB_REPOSITORY/branches?protected=true | \
+            jq -r '.[].name' | grep '^release/' | sort --version-sort | tail -2 | head -1
+          )
+          if [ "$BRANCH" = "" ]; then
+            echo "Invalid release branch found: $BRANCH"
+            exit 1
+          fi
+          echo "Found previous release branch: $BRANCH"
+          echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
+      - id: find_latest_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.OPENPROJECTCI_GH_CORE_PAT }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          BRANCH=$(curl -H "Authorization: token $GITHUB_TOKEN" \
+            https://api.github.com/repos/$GITHUB_REPOSITORY/branches?protected=true | \
+            jq -r '.[].name' | grep '^release/' | sort --version-sort | tail -1
+          )
+          if [ "$BRANCH" = "" ]; then
+            echo "Invalid release branch found: $BRANCH"
+            exit 1
+          fi
+
+          echo "Found current release branch: $BRANCH"
+          echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
   merge-or-create-pr:
     if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_name == needs.setup.outputs.previous_release_branch)
     env:
@@ -67,11 +68,11 @@ jobs:
           # Calculate a reasonable date to fetch from (e.g., 6 months ago)
           SINCE_DATE=$(date -d '3 months ago' '+%Y-%m-%d')
           echo "Fetching commits since: $SINCE_DATE"
-          
+
           # Fetch both branches with commits since the calculated date
           git fetch --shallow-since="$SINCE_DATE" origin "$RELEASE_BRANCH" "$PREVIOUS_RELEASE_BRANCH" || {
             echo "Shallow-since fetch failed, trying with depth strategy..."
-            
+
             # Fallback: Use progressive deepening
             git fetch --depth=50 origin "$RELEASE_BRANCH" "$PREVIOUS_RELEASE_BRANCH"
             for depth in 100 200 500 1000; do
@@ -98,7 +99,7 @@ jobs:
           else
             echo "⚠️ Could not find merge-base, operations may be limited"
           fi
-          
+
           echo "Branch $RELEASE_BRANCH has $(git rev-list --count origin/$RELEASE_BRANCH) commits"
           echo "Branch $PREVIOUS_RELEASE_BRANCH has $(git rev-list --count origin/$PREVIOUS_RELEASE_BRANCH) commits"
 

.github/workflows/create-merge-release-into-dev-pr.yml

@@ -2,33 +2,34 @@ name: create-merge-release-into-dev-pr
 on:
   workflow_dispatch:
   schedule:
-    - cron: '30 3 * * *' # Daily at 03:30
+    - cron: "30 3 * * *" # Daily at 03:30
 
 env:
   BASE_BRANCH: dev
 
 permissions: {}
 jobs:
   setup:
+    if: github.repository == 'opf/openproject'
     runs-on: ubuntu-latest
     outputs:
       latest_release_branch: ${{ steps.find_latest_release.outputs.branch }}
     steps:
-    - id: find_latest_release
-      env:
-        GITHUB_TOKEN: ${{ secrets.OPENPROJECTCI_GH_CORE_PAT }}
-        GITHUB_REPOSITORY: ${{ github.repository }}
-      run: |
-        BRANCH=$(curl -H "Authorization: token $GITHUB_TOKEN" \
-          https://api.github.com/repos/$GITHUB_REPOSITORY/branches?protected=true | \
-          jq -r '.[].name' | grep '^release/' | sort --version-sort | tail -1
-        )
-        if [ "$BRANCH" = "" ]; then
-          echo "Invalid release branch found: $BRANCH"
-          exit 1
-        fi
+      - id: find_latest_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.OPENPROJECTCI_GH_CORE_PAT }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          BRANCH=$(curl -H "Authorization: token $GITHUB_TOKEN" \
+            https://api.github.com/repos/$GITHUB_REPOSITORY/branches?protected=true | \
+            jq -r '.[].name' | grep '^release/' | sort --version-sort | tail -1
+          )
+          if [ "$BRANCH" = "" ]; then
+            echo "Invalid release branch found: $BRANCH"
+            exit 1
+          fi
 
-        echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
+          echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
 
   merge-or-create-pr:
     env:
@@ -56,8 +57,14 @@ jobs:
       - name: Resolve bug in git https://stackoverflow.com/a/63879454/96823
         run: git repack -d
 
-      - name: Get one commit more to connect the history of dev and release branches
-        run: git fetch --deepen 1 origin "$BASE_BRANCH" "$RELEASE_BRANCH"
+      - name: Get more commits to connect the history of dev and release branches
+        run: |
+          for i in $(seq 1 10); do
+            git fetch --deepen 10 origin "$BASE_BRANCH" "$RELEASE_BRANCH"
+            git merge-base --all HEAD origin/"$RELEASE_BRANCH" && exit 0
+          done
+          echo "Failed to fetch merge base" >&2
+          exit 1
 
       - name: Create branch without checkout just to have shorter automatic commit message
         run: git branch "$RELEASE_BRANCH" origin/"$RELEASE_BRANCH"

.github/workflows/crowdin.yml

@@ -2,30 +2,31 @@ name: crowdin
 on:
   workflow_dispatch:
   schedule:
-    - cron: '0 3 * * *' # Daily at 03:00
+    - cron: "0 3 * * *" # Daily at 03:00
 
 permissions: {}
 jobs:
   setup:
+    if: github.repository == 'opf/openproject'
     runs-on: ubuntu-latest
     outputs:
       latest_release_branch: ${{ steps.find_latest_release.outputs.branch }}
     steps:
-    - id: find_latest_release
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        GITHUB_REPOSITORY: ${{ github.repository }}
-      run: |
-        BRANCH=$(curl -H "Authorization: token $GITHUB_TOKEN" \
-          https://api.github.com/repos/$GITHUB_REPOSITORY/branches?protected=true | \
-          jq -r '.[].name' | grep '^release/' | sort --version-sort | tail -1
-        )
-        if [ "$BRANCH" = "" ]; then
-          echo "Invalid release branch found: $BRANCH"
-          exit 1
-        fi
+      - id: find_latest_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+        run: |
+          BRANCH=$(curl -H "Authorization: token $GITHUB_TOKEN" \
+            https://api.github.com/repos/$GITHUB_REPOSITORY/branches?protected=true | \
+            jq -r '.[].name' | grep '^release/' | sort --version-sort | tail -1
+          )
+          if [ "$BRANCH" = "" ]; then
+            echo "Invalid release branch found: $BRANCH"
+            exit 1
+          fi
 
-        echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
+          echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
 
   crowdin:
     permissions:

.github/workflows/docker-release.yml

@@ -12,6 +12,7 @@ on:
 
 jobs:
   compute-inputs:
+    if: github.repository == 'opf/openproject'
     runs-on: ubuntu-latest
     outputs:
       tag: ${{ steps.compute.outputs.tag }}
@@ -45,7 +46,7 @@ jobs:
           echo "tag=$TAG_REF" | tee -a "$GITHUB_OUTPUT"
 
   build:
-    needs: compute-inputs
+    needs: [compute-inputs]
     uses: ./.github/workflows/docker.yml
     with:
       branch: ${{ needs.compute-inputs.outputs.branch }}

.github/workflows/docker-scheduled.yml

@@ -8,16 +8,18 @@ on:
 
 jobs:
   build-dev:
+    if: github.repository == 'opf/openproject'
     uses: ./.github/workflows/docker.yml
     with:
       branch: dev
       tag: dev
     secrets: inherit
   build-release-candidate:
+    if: github.repository == 'opf/openproject'
     # References to release/X.Y and X.Y-rc are being
     # updated from the devkit (UpdateWorkflows step) whenever a new release branch is created
-    uses: opf/openproject/.github/workflows/docker.yml@release/17.1
+    uses: opf/openproject/.github/workflows/docker.yml@release/17.2
     with:
-      branch: release/17.1
-      tag: 17.1-rc
+      branch: release/17.2
+      tag: 17.2-rc
     secrets: inherit