Merge branch 'develop'

Author: JohnMcLear

.dockerignore

@@ -19,6 +19,7 @@ Dockerfile
 .git/ORIG_HEAD
 .git/packed-refs
 .git/refs/remotes/
+.git/rr-cache/
 .gitignore
 
 settings.json

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,5 +1,3 @@
-IMPORTANT: Please disable plugins prior to posting a bug report.  If you have a problem with a plugin please post on the plugin repository.  Thanks!
-
 ---
 name: Bug report
 about: Create a report to help us improve
@@ -9,6 +7,8 @@ assignees: ''
 
 ---
 
+<!-- IMPORTANT: Please disable plugins prior to posting a bug report.  If you have a problem with a plugin please post on the plugin repository.  Thanks! -->
+
 **Describe the bug**
 A clear and concise description of what the bug is.
 

.github/dependabot.yml

@@ -0,0 +1,21 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "npm"
+    directory: "/src"
+    schedule:
+      interval: "daily"
+    versioning-strategy: "increase"
+  - package-ecosystem: "npm"
+    directory: "/src/bin/doc"
+    schedule:
+      interval: "daily"
+    versioning-strategy: "increase"

.github/stale.yml

@@ -3,6 +3,9 @@ name: "Backend tests"
 # any branch is useful for testing before a PR is submitted
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   withoutpluginsLinux:
     # run on pushes to any branch
@@ -15,11 +18,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node: [12, 14, 16]
+        node: [14, 16, 18]
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         uses: actions/setup-node@v3
         with:
@@ -52,11 +55,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node: [12, 14, 16]
+        node: [14, 16, 18]
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         uses: actions/setup-node@v3
         with:
@@ -117,11 +120,11 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         uses: actions/setup-node@v3
         with:
-          node-version: 12
+          node-version: 14
           cache: 'npm'
           cache-dependency-path: |
             src/package-lock.json
@@ -150,11 +153,11 @@ jobs:
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         uses: actions/setup-node@v3
         with:
-          node-version: 12
+          node-version: 14
           cache: 'npm'
           cache-dependency-path: |
             src/package-lock.json

.github/workflows/backend-tests.yml

@@ -9,14 +9,21 @@ on:
   schedule:
     - cron: '0 13 * * 1'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
     name: Analyze
     runs-on: ubuntu-latest
     steps:
       -
         name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -28,10 +35,10 @@ jobs:
         if: ${{ github.event_name == 'pull_request' }}
       -
         name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
       -
         name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,20 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v1

.github/workflows/dependency-review.yml

@@ -8,19 +8,26 @@ on:
       - 'v?[0-9]+.[0-9]+.[0-9]+'
 env:
   TEST_TAG: etherpad/etherpad:test
+permissions:
+  contents: read
+
 jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
       -
         name: Check out
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        if: github.event_name == 'push'
+        uses: docker/setup-qemu-action@v2
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       -
         name: Build and export to Docker
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: .
           load: true
@@ -39,16 +46,25 @@ jobs:
       -
         name: Test
         run: |
-          docker run --rm -d -p 9001:9001 ${{ env.TEST_TAG }}
+          docker run --rm -d -p 9001:9001 --name test ${{ env.TEST_TAG }}
+          docker logs -f test &
           ./src/bin/installDeps.sh
-          sleep 3
+          while true; do
+            echo "Waiting for Docker container to start..."
+            status=$(docker container inspect -f '{{.State.Health.Status}}' test) || exit 1
+            case ${status} in
+              healthy) break;;
+              starting) sleep 2;;
+              *) printf %s\\n "unexpected status: ${status}" >&2; exit 1;;
+            esac
+          done
           (cd src && npm run test-container)
           git clean -dxf .
       -
         name: Docker meta
         if: github.event_name == 'push'
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: etherpad/etherpad
           tags: |
@@ -59,16 +75,17 @@ jobs:
       -
         name: Log in to Docker Hub
         if: github.event_name == 'push'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push
         if: github.event_name == 'push'
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v4
         with:
           context: .
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

.github/workflows/docker.yml

@@ -3,6 +3,9 @@ name: "Frontend admin tests powered by Sauce Labs"
 
 on: [push]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   withplugins:
     name: with plugins
@@ -11,7 +14,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node: [12, 14, 16]
+        node: [14, 16, 18]
 
     steps:
       -
@@ -33,7 +36,7 @@ jobs:
           printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}-node${{ matrix.node }}'
       -
         name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         uses: actions/setup-node@v3
         with:

.github/workflows/frontend-admin-tests.yml

@@ -3,6 +3,9 @@ name: "Frontend tests powered by Sauce Labs"
 
 on: [push]
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   withoutplugins:
     name: without plugins
@@ -27,11 +30,11 @@ jobs:
           printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}'
       -
         name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         uses: actions/setup-node@v3
         with:
-          node-version: 12
+          node-version: 14
           cache: 'npm'
           cache-dependency-path: |
             src/package-lock.json
@@ -91,11 +94,11 @@ jobs:
           printf %s\\n '::set-output name=tunnel_id::${{ github.run_id }}-${{ github.run_number }}-${{ github.job }}'
       -
         name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       -
         uses: actions/setup-node@v3
         with:
-          node-version: 12
+          node-version: 14
           cache: 'npm'
           cache-dependency-path: |
             src/package-lock.json