From 7f37f3a2f1fb0a9112f70f1e7521fb0a3f43e587 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 10 Nov 2025 08:59:54 +0100 Subject: [PATCH 01/42] pin actions, add dependabot config, apply zizmor suggestions --- .github/dependabot.yml | 10 ++++++++++ .github/workflows/claim-namespace.yml | 24 +++++++++++++++--------- .github/workflows/main.yml | 2 +- .github/workflows/smoketest.yml | 18 +++++++++++------- .github/workflows/sonar.yml | 21 ++++++++++++--------- 5 files changed, 49 insertions(+), 26 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..f6faee693 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/claim-namespace.yml b/.github/workflows/claim-namespace.yml index 785bf7009..c98450e56 100644 --- a/.github/workflows/claim-namespace.yml +++ b/.github/workflows/claim-namespace.yml @@ -1,4 +1,8 @@ name: Claim Namespace + +# The workflow is compromised as people can claim namespaces even though the claim is invalid. +# Disable it for now to avoid further damage. + on: # alibi value to not show the workflow as broken workflow_dispatch: @@ -17,7 +21,7 @@ jobs: steps: - id: get_namespace name: Get namespace name - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: script: | let namespace = context.payload.issue.title.substring('Claiming namespace'.length); @@ -41,17 +45,19 @@ jobs: } - id: log_namespace name: Log namespace name - run: echo '${{steps.get_namespace.outputs.namespace}}' + run: echo '${NAMESPACE}' + env: + NAMESPACE: ${{steps.get_namespace.outputs.namespace}} - id: api_get_namespace name: Namespace API request - uses: JamesIves/fetch-api-data-action@v2 + uses: JamesIves/fetch-api-data-action@e9b926da66aea24f5e628e11f36dfbab75dd7b0a # v2.4.2 with: endpoint: https://open-vsx.org/api/${{steps.get_namespace.outputs.namespace}} configuration: '{ "method": "GET" }' - id: namespace_not_found_should_close if: ${{ failure() && steps.get_namespace.outputs.namespace != null }} name: Check issue is still open before editing issue - uses: octokit/request-action@v2.x + uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 with: route: GET /repos/{repo}/issues/{issue_number} repo: ${{ github.repository }} @@ -71,12 +77,12 @@ jobs: ASSIGNEE: tfroment - id: api_get_namespace_members name: Namespace members API request - uses: JamesIves/fetch-api-data-action@v2 + uses: JamesIves/fetch-api-data-action@e9b926da66aea24f5e628e11f36dfbab75dd7b0a # v2.4.2 with: endpoint: https://open-vsx.org/admin/api/namespace/${{steps.get_namespace.outputs.namespace}}/members?token=${{secrets.OPENVSX_TOKEN}} configuration: '{ "method": "GET" }' - id: namespace_members - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 env: DATA: ${{ steps.api_get_namespace_members.outputs.fetchApiData }} with: @@ -84,7 +90,7 @@ jobs: const json = JSON.parse(process.env.DATA); core.setOutput('members', JSON.stringify(json.namespaceMemberships)); - id: make_owner - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 env: MEMBERS: ${{ steps.namespace_members.outputs.members }} LOGIN_NAME: ${{ github.event.issue.user.login }} @@ -96,7 +102,7 @@ jobs: - id: should_change_member if: ${{ steps.make_owner.outputs.makeOwner == 'true' }} name: Check issue is still open before changing namespace membership - uses: octokit/request-action@v2.x + uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 with: route: GET /repos/{repo}/issues/{issue_number} repo: ${{ github.repository }} @@ -106,7 +112,7 @@ jobs: - id: change_member name: Namespace change member API request if: ${{ steps.make_owner.outputs.makeOwner == 'true' && fromJSON(steps.should_change_member.outputs.data).state == 'open' }} - uses: JamesIves/fetch-api-data-action@v2 + uses: JamesIves/fetch-api-data-action@e9b926da66aea24f5e628e11f36dfbab75dd7b0a # v2.4.2 with: endpoint: https://open-vsx.org/admin/api/namespace/${{steps.get_namespace.outputs.namespace}}/change-member?user=${{github.event.issue.user.login}}&provider=github&role=owner&token=${{secrets.OPENVSX_TOKEN}} configuration: '{ "method": "POST" }' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 741fc1fa2..69fef8397 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,7 +17,7 @@ jobs: run: echo ${{ github.event.number }} > PR_NUMBER.txt - name: Archive PR number if: github.event_name == 'pull_request' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: PR_NUMBER path: PR_NUMBER.txt \ No newline at end of file diff --git a/.github/workflows/smoketest.yml b/.github/workflows/smoketest.yml index 7ff8c4b11..f97365642 100644 --- a/.github/workflows/smoketest.yml +++ b/.github/workflows/smoketest.yml @@ -10,14 +10,16 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: path: open-vsx.org - - uses: actions/checkout@v4 + persist-credentials: false + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: repository: eclipse/openvsx path: openvsx - - uses: actions/setup-node@v4 + persist-credentials: false + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 18.x - name: Install dependencies @@ -36,7 +38,7 @@ jobs: run: sleep 10m - name: Get running server version id: running_version - uses: fjogeleit/http-request-action@v1 + uses: fjogeleit/http-request-action@1297c6fc63a79b147d1676540a3fd9d2e37817c5 # v1.16.5 with: url: "https://open-vsx.org/api/version" method: GET @@ -48,7 +50,7 @@ jobs: if: steps.check_version.outputs.is_version == 'true' working-directory: ./openvsx/webui run: yarn smoke-tests - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 if: steps.check_version.outputs.is_version == 'true' with: name: playwright-report @@ -56,7 +58,9 @@ jobs: retention-days: 30 - name: Fail smoke test if: steps.check_version.outputs.is_version != 'true' - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + env: + VERSION: ${{ steps.read_version.outputs.version }} with: script: | - core.setFailed('Deployed version is not ${{ steps.read_version.outputs.version }}') + core.setFailed(`Deployed version is not ${process.env.VERSION}`) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 4f25bdb18..ef26bd38b 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -9,13 +9,13 @@ jobs: permissions: pull-requests: read runs-on: ubuntu-latest - if: github.event.workflow_run.conclusion == 'success' + if: github.repository == 'EclipseFdn/open-vsx.org' && github.event.workflow_run.conclusion == 'success' steps: - name: Create artifacts directory run: mkdir -p ${{ runner.temp }}/artifacts - name: Download PR number artifact if: github.event.workflow_run.event == 'pull_request' - uses: dawidd6/action-download-artifact@v6 + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 with: workflow: Build run_id: ${{ github.event.workflow_run.id }} @@ -24,12 +24,12 @@ jobs: - name: Read PR_NUMBER.txt if: github.event.workflow_run.event == 'pull_request' id: pr_number - uses: juliangruber/read-file-action@v1 + uses: juliangruber/read-file-action@b549046febe0fe86f8cb4f93c24e284433f9ab58 # v1.1.7 with: path: ${{ runner.temp }}/artifacts/PR_NUMBER.txt - name: Request GitHub API for PR data if: github.event.workflow_run.event == 'pull_request' - uses: octokit/request-action@v2.x + uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 id: get_pr_data with: route: GET /repos/{full_name}/pulls/{number} @@ -37,24 +37,27 @@ jobs: full_name: ${{ github.event.repository.full_name }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: repository: ${{ github.event.workflow_run.head_repository.full_name }} ref: ${{ github.event.workflow_run.head_branch }} fetch-depth: 0 + persist-credentials: false - name: Checkout base branch if: github.event.workflow_run.event == 'pull_request' env: HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }} + CLONE_URL: ${{ github.event.repository.clone_url }} + BASE_REF: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} run: | - git remote add upstream ${{ github.event.repository.clone_url }} + git remote add upstream ${CLONE_URL} git fetch upstream - git checkout -B ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} upstream/${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} + git checkout -B $BASE_REF upstream/$BASE_REF git checkout $HEAD_BRANCH git clean -ffdx && git reset --hard HEAD - name: SonarCloud Scan on PR if: github.event.workflow_run.event == 'pull_request' - uses: SonarSource/sonarqube-scan-action@master + uses: SonarSource/sonarqube-scan-action@2f77a1ec69fb1d595b06f35ab27e97605bdef703 # v5.3.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -66,7 +69,7 @@ jobs: -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} - name: SonarCloud Scan on push if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_repository.full_name == github.event.repository.full_name - uses: SonarSource/sonarqube-scan-action@master + uses: SonarSource/sonarqube-scan-action@2f77a1ec69fb1d595b06f35ab27e97605bdef703 # v5.3.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 608f46e2eab3b636a7c92c9fd7dd1c13556ec345 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 10 Nov 2025 09:02:46 +0100 Subject: [PATCH 02/42] use consistent variable expansion style --- .github/workflows/sonar.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index ef26bd38b..7e6316356 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -52,8 +52,8 @@ jobs: run: | git remote add upstream ${CLONE_URL} git fetch upstream - git checkout -B $BASE_REF upstream/$BASE_REF - git checkout $HEAD_BRANCH + git checkout -B ${BASE_REF} upstream/${BASE_REF} + git checkout ${HEAD_BRANCH} git clean -ffdx && git reset --hard HEAD - name: SonarCloud Scan on PR if: github.event.workflow_run.event == 'pull_request' From 2447b49dba942eec4a8b86e4cf594b45a21f42c3 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Fri, 14 Nov 2025 23:38:46 +0100 Subject: [PATCH 03/42] fix: sonar workflow --- .github/workflows/sonar.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 7e6316356..ebe911543 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -48,8 +48,9 @@ jobs: env: HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }} CLONE_URL: ${{ github.event.repository.clone_url }} - BASE_REF: ${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} run: | + BASE_REF="${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}" + git remote add upstream ${CLONE_URL} git fetch upstream git checkout -B ${BASE_REF} upstream/${BASE_REF} From 4daef9f63b7bfb2f496dc0c3e2253cdbdd36fa82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 14 Nov 2025 23:41:24 +0100 Subject: [PATCH 04/42] Bump the github-actions group with 6 updates (#6073) Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/github-script](https://github.com/actions/github-script) | `7.1.0` | `8.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` | | [actions/checkout](https://github.com/actions/checkout) | `4.3.0` | `5.0.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.0.0` | | [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) | `6` | `11` | | [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `5.3.2` | `6.0.0` | Updates `actions/github-script` from 7.1.0 to 8.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/f28e40c7f34bde8b3046d885e986cb6290c5673b...ed597411d8f924073f98dfc5c65a23a2325f34cd) Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4) Updates `actions/checkout` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/08eba0b27e820071cde6df949e0beb9ba4906955...08c6903cd8c0fde910a37f88322edcfb5dd907a8) Updates `actions/setup-node` from 4.4.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...2028fbc5c25fe9cf00d9f06a71cc4710d4507903) Updates `dawidd6/action-download-artifact` from 6 to 11 - [Release notes](https://github.com/dawidd6/action-download-artifact/releases) - [Commits](https://github.com/dawidd6/action-download-artifact/compare/bf251b5aa9c2f7eeb574a96ee720e24f801b7c11...ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5) Updates `SonarSource/sonarqube-scan-action` from 5.3.2 to 6.0.0 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/2f77a1ec69fb1d595b06f35ab27e97605bdef703...fd88b7d7ccbaefd23d8f36f73b59db7a3d246602) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dawidd6/action-download-artifact dependency-version: '11' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: SonarSource/sonarqube-scan-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/claim-namespace.yml | 6 +++--- .github/workflows/main.yml | 2 +- .github/workflows/smoketest.yml | 10 +++++----- .github/workflows/sonar.yml | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/claim-namespace.yml b/.github/workflows/claim-namespace.yml index c98450e56..1e97d388d 100644 --- a/.github/workflows/claim-namespace.yml +++ b/.github/workflows/claim-namespace.yml @@ -21,7 +21,7 @@ jobs: steps: - id: get_namespace name: Get namespace name - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | let namespace = context.payload.issue.title.substring('Claiming namespace'.length); @@ -82,7 +82,7 @@ jobs: endpoint: https://open-vsx.org/admin/api/namespace/${{steps.get_namespace.outputs.namespace}}/members?token=${{secrets.OPENVSX_TOKEN}} configuration: '{ "method": "GET" }' - id: namespace_members - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: DATA: ${{ steps.api_get_namespace_members.outputs.fetchApiData }} with: @@ -90,7 +90,7 @@ jobs: const json = JSON.parse(process.env.DATA); core.setOutput('members', JSON.stringify(json.namespaceMemberships)); - id: make_owner - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: MEMBERS: ${{ steps.namespace_members.outputs.members }} LOGIN_NAME: ${{ github.event.issue.user.login }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 69fef8397..1e6306fa2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,7 +17,7 @@ jobs: run: echo ${{ github.event.number }} > PR_NUMBER.txt - name: Archive PR number if: github.event_name == 'pull_request' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: PR_NUMBER path: PR_NUMBER.txt \ No newline at end of file diff --git a/.github/workflows/smoketest.yml b/.github/workflows/smoketest.yml index f97365642..48da0854c 100644 --- a/.github/workflows/smoketest.yml +++ b/.github/workflows/smoketest.yml @@ -10,16 +10,16 @@ jobs: timeout-minutes: 60 runs-on: ubuntu-latest steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: path: open-vsx.org persist-credentials: false - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: eclipse/openvsx path: openvsx persist-credentials: false - - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: 18.x - name: Install dependencies @@ -50,7 +50,7 @@ jobs: if: steps.check_version.outputs.is_version == 'true' working-directory: ./openvsx/webui run: yarn smoke-tests - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: steps.check_version.outputs.is_version == 'true' with: name: playwright-report @@ -58,7 +58,7 @@ jobs: retention-days: 30 - name: Fail smoke test if: steps.check_version.outputs.is_version != 'true' - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: VERSION: ${{ steps.read_version.outputs.version }} with: diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index ebe911543..b684ac209 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -15,7 +15,7 @@ jobs: run: mkdir -p ${{ runner.temp }}/artifacts - name: Download PR number artifact if: github.event.workflow_run.event == 'pull_request' - uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 + uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 with: workflow: Build run_id: ${{ github.event.workflow_run.id }} @@ -37,7 +37,7 @@ jobs: full_name: ${{ github.event.repository.full_name }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: ${{ github.event.workflow_run.head_repository.full_name }} ref: ${{ github.event.workflow_run.head_branch }} @@ -58,7 +58,7 @@ jobs: git clean -ffdx && git reset --hard HEAD - name: SonarCloud Scan on PR if: github.event.workflow_run.event == 'pull_request' - uses: SonarSource/sonarqube-scan-action@2f77a1ec69fb1d595b06f35ab27e97605bdef703 # v5.3.2 + uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -70,7 +70,7 @@ jobs: -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }} - name: SonarCloud Scan on push if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_repository.full_name == github.event.repository.full_name - uses: SonarSource/sonarqube-scan-action@2f77a1ec69fb1d595b06f35ab27e97605bdef703 # v5.3.2 + uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From ec75f152427c8d53e0b29bb7746060969aadb305 Mon Sep 17 00:00:00 2001 From: amvanbaren Date: Wed, 19 Nov 2025 19:14:02 +0200 Subject: [PATCH 05/42] test 0493c710 --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1fa18617c..976183ab1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=v0.29.1 +ARG SERVER_VERSION=0493c710 # Builder image to compile the website FROM ubuntu AS builder @@ -27,7 +27,8 @@ RUN /usr/bin/yarn --cwd website \ && /usr/bin/yarn --cwd website build # Main image derived from openvsx-server -FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} +#FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} +FROM docker.io/amvanbaren/openvsx-server:${SERVER_VERSION} ARG SERVER_VERSION COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ From 8fc184fa9eee41c65bbfd3a7e9209201304eb893 Mon Sep 17 00:00:00 2001 From: amvanbaren Date: Wed, 19 Nov 2025 19:33:04 +0200 Subject: [PATCH 06/42] revert 0493c710 --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 976183ab1..1fa18617c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=0493c710 +ARG SERVER_VERSION=v0.29.1 # Builder image to compile the website FROM ubuntu AS builder @@ -27,8 +27,7 @@ RUN /usr/bin/yarn --cwd website \ && /usr/bin/yarn --cwd website build # Main image derived from openvsx-server -#FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} -FROM docker.io/amvanbaren/openvsx-server:${SERVER_VERSION} +FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} ARG SERVER_VERSION COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ From 5789b86184bd090266f57ec3db82886355cb58b7 Mon Sep 17 00:00:00 2001 From: amvanbaren Date: Thu, 20 Nov 2025 16:43:14 +0200 Subject: [PATCH 07/42] test c4f48a9a --- Dockerfile | 7 ++++--- website/package.json | 2 +- website/yarn.lock | 10 +++++----- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1fa18617c..d3e1a9e7d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=v0.29.1 +ARG SERVER_VERSION=c4f48a9a # Builder image to compile the website FROM ubuntu AS builder @@ -19,7 +19,7 @@ RUN apt-get update \ && corepack prepare yarn@stable --activate # bump to update website -ENV WEBSITE_VERSION 0.16.4 +ENV WEBSITE_VERSION 0.16.5-next.c4f48a9a COPY . /workdir RUN /usr/bin/yarn --cwd website \ @@ -27,7 +27,8 @@ RUN /usr/bin/yarn --cwd website \ && /usr/bin/yarn --cwd website build # Main image derived from openvsx-server -FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} +#FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} +FROM docker.io/amvanbaren/openvsx-website:${SERVER_VERSION} ARG SERVER_VERSION COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ diff --git a/website/package.json b/website/package.json index baaaae0c8..c05be11d4 100644 --- a/website/package.json +++ b/website/package.json @@ -6,7 +6,7 @@ "repository": "https://github.com/eclipse/open-vsx.org", "license": "EPL-2.0", "dependencies": { - "openvsx-webui": "0.16.4" + "openvsx-webui": "0.16.5-next.c4f48a9a" }, "devDependencies": { "@types/markdown-it": "^12.2.3", diff --git a/website/yarn.lock b/website/yarn.lock index f698d8766..3f8802fd7 100644 --- a/website/yarn.lock +++ b/website/yarn.lock @@ -2393,7 +2393,7 @@ __metadata: "@types/react-router-dom": "npm:^5.3.3" css-loader: "npm:^6.8.1" express: "npm:^4.21.2" - openvsx-webui: "npm:0.16.4" + openvsx-webui: "npm:0.16.5-next.c4f48a9a" source-map-loader: "npm:^4.0.1" style-loader: "npm:^3.3.3" typescript: "npm:~5.1.6" @@ -2412,9 +2412,9 @@ __metadata: languageName: node linkType: hard -"openvsx-webui@npm:0.16.4": - version: 0.16.4 - resolution: "openvsx-webui@npm:0.16.4" +"openvsx-webui@npm:0.16.5-next.c4f48a9a": + version: 0.16.5-next.c4f48a9a + resolution: "openvsx-webui@npm:0.16.5-next.c4f48a9a" dependencies: "@emotion/react": "npm:^11.11.1" "@emotion/styled": "npm:^11.11.0" @@ -2438,7 +2438,7 @@ __metadata: react-infinite-scroller: "npm:^1.2.6" react-router: "npm:^6.14.2" react-router-dom: "npm:^6.14.1" - checksum: 10/09a7c828b4dad23129a898800dcb25ffe052bd9557b6c1028a680544bb62a81efe9f5b160ca02194b697d66387e8a22e193b38ba338337c8d988f116e69a8aec + checksum: 10/e3cd7de7ef93a6c78f2733444058942486193040b9b043518fcc245cdf2221600bd787b73a3bb637f45cb795196752e31128ea2ffb66f0d6008fc1c55d216996 languageName: node linkType: hard From bc58c4fc59a4f58279afe1772133dd699e2a7124 Mon Sep 17 00:00:00 2001 From: amvanbaren Date: Thu, 20 Nov 2025 18:36:05 +0200 Subject: [PATCH 08/42] test utf-8 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d3e1a9e7d..220802b9f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=c4f48a9a +ARG SERVER_VERSION=0493c710 # Builder image to compile the website FROM ubuntu AS builder @@ -28,7 +28,7 @@ RUN /usr/bin/yarn --cwd website \ # Main image derived from openvsx-server #FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} -FROM docker.io/amvanbaren/openvsx-website:${SERVER_VERSION} +FROM docker.io/amvanbaren/openvsx-server:${SERVER_VERSION} ARG SERVER_VERSION COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ From 0654d0d9a1ee35168b336bc22060965d6a6ab439 Mon Sep 17 00:00:00 2001 From: amvanbaren Date: Thu, 20 Nov 2025 20:27:14 +0200 Subject: [PATCH 09/42] Test revokeAccessTokens --- Dockerfile | 5 +++-- configuration/application.yml | 5 +++++ mail-templates/revoked-access-tokens.html | 14 ++++++++++++++ website/dev/mock-service.ts | 4 ++++ website/package.json | 2 +- website/yarn.lock | 10 +++++----- 6 files changed, 32 insertions(+), 8 deletions(-) create mode 100644 mail-templates/revoked-access-tokens.html diff --git a/Dockerfile b/Dockerfile index 220802b9f..c15f822a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=0493c710 +ARG SERVER_VERSION=db9a98c5 # Builder image to compile the website FROM ubuntu AS builder @@ -19,7 +19,7 @@ RUN apt-get update \ && corepack prepare yarn@stable --activate # bump to update website -ENV WEBSITE_VERSION 0.16.5-next.c4f48a9a +ENV WEBSITE_VERSION 0.17.0-next.db9a98c5 COPY . /workdir RUN /usr/bin/yarn --cwd website \ @@ -34,6 +34,7 @@ ARG SERVER_VERSION COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ COPY --from=builder --chown=openvsx:openvsx /workdir/configuration/application.yml config/ COPY --from=builder --chown=openvsx:openvsx /workdir/configuration/logback-spring.xml BOOT-INF/classes/ +COPY --from=builder --chown=openvsx:openvsx /workdir/mail-templates BOOT-INF/classes/mail-templates # Replace version placeholder with arg value RUN sed -i "s//$SERVER_VERSION/g" config/application.yml \ No newline at end of file diff --git a/configuration/application.yml b/configuration/application.yml index f6128b69c..5acc031c8 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -215,3 +215,8 @@ ovsx: foregroundHttpConnPool: maxTotal: 50 defaultMaxPerRoute: 50 + mail: + from: no-reply@open-vsx.org + revoked-access-tokens: + subject: 'Open VSX Access Tokens Revoked' + template: 'revoked-access-tokens.html' diff --git a/mail-templates/revoked-access-tokens.html b/mail-templates/revoked-access-tokens.html new file mode 100644 index 000000000..baf472626 --- /dev/null +++ b/mail-templates/revoked-access-tokens.html @@ -0,0 +1,14 @@ + + + + + + +

Hi John Doe,

+

Your access tokens have been revoked.

+

+ Regards,
+ The Open VSX Team +

+ + \ No newline at end of file diff --git a/website/dev/mock-service.ts b/website/dev/mock-service.ts index e98605651..3f220177c 100644 --- a/website/dev/mock-service.ts +++ b/website/dev/mock-service.ts @@ -191,4 +191,8 @@ export class MockAdminService implements AdminService { changeNamespace(abortController: AbortController, req: {oldNamespace: string, newNamespace: string, removeOldNamespace: boolean, mergeIfNewNamespaceAlreadyExists: boolean}): Promise> { return Promise.resolve({ success: 'ok' }); } + + revokeAccessTokens(abortController: AbortController, provider: string, login: string): Promise> { + return Promise.resolve({ success: 'ok' }); + } } diff --git a/website/package.json b/website/package.json index c05be11d4..c45abbd28 100644 --- a/website/package.json +++ b/website/package.json @@ -6,7 +6,7 @@ "repository": "https://github.com/eclipse/open-vsx.org", "license": "EPL-2.0", "dependencies": { - "openvsx-webui": "0.16.5-next.c4f48a9a" + "openvsx-webui": "0.17.0-next.db9a98c5" }, "devDependencies": { "@types/markdown-it": "^12.2.3", diff --git a/website/yarn.lock b/website/yarn.lock index 3f8802fd7..b33b3bed0 100644 --- a/website/yarn.lock +++ b/website/yarn.lock @@ -2393,7 +2393,7 @@ __metadata: "@types/react-router-dom": "npm:^5.3.3" css-loader: "npm:^6.8.1" express: "npm:^4.21.2" - openvsx-webui: "npm:0.16.5-next.c4f48a9a" + openvsx-webui: "npm:0.17.0-next.db9a98c5" source-map-loader: "npm:^4.0.1" style-loader: "npm:^3.3.3" typescript: "npm:~5.1.6" @@ -2412,9 +2412,9 @@ __metadata: languageName: node linkType: hard -"openvsx-webui@npm:0.16.5-next.c4f48a9a": - version: 0.16.5-next.c4f48a9a - resolution: "openvsx-webui@npm:0.16.5-next.c4f48a9a" +"openvsx-webui@npm:0.17.0-next.db9a98c5": + version: 0.17.0-next.db9a98c5 + resolution: "openvsx-webui@npm:0.17.0-next.db9a98c5" dependencies: "@emotion/react": "npm:^11.11.1" "@emotion/styled": "npm:^11.11.0" @@ -2438,7 +2438,7 @@ __metadata: react-infinite-scroller: "npm:^1.2.6" react-router: "npm:^6.14.2" react-router-dom: "npm:^6.14.1" - checksum: 10/e3cd7de7ef93a6c78f2733444058942486193040b9b043518fcc245cdf2221600bd787b73a3bb637f45cb795196752e31128ea2ffb66f0d6008fc1c55d216996 + checksum: 10/711c785b8d50bb7ef648aa5e0d6cafe6a55bc5abe5b072e284f67fd2f918cb1462568489c4f90a88df0a7094062974f6cb6c3754fcb1ee6cc2e6fb8f86ede3d7 languageName: node linkType: hard From b4f3c4818192c8bed8f8685ebf3c23c638485095 Mon Sep 17 00:00:00 2001 From: amvanbaren Date: Thu, 20 Nov 2025 21:57:07 +0200 Subject: [PATCH 10/42] test publisher extension delete --- Dockerfile | 4 ++-- website/package.json | 2 +- website/yarn.lock | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index c15f822a0..bd0c07f81 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=db9a98c5 +ARG SERVER_VERSION=a84764eb # Builder image to compile the website FROM ubuntu AS builder @@ -19,7 +19,7 @@ RUN apt-get update \ && corepack prepare yarn@stable --activate # bump to update website -ENV WEBSITE_VERSION 0.17.0-next.db9a98c5 +ENV WEBSITE_VERSION 0.17.0-next.a84764eb COPY . /workdir RUN /usr/bin/yarn --cwd website \ diff --git a/website/package.json b/website/package.json index c45abbd28..f1b3680b9 100644 --- a/website/package.json +++ b/website/package.json @@ -6,7 +6,7 @@ "repository": "https://github.com/eclipse/open-vsx.org", "license": "EPL-2.0", "dependencies": { - "openvsx-webui": "0.17.0-next.db9a98c5" + "openvsx-webui": "0.17.0-next.a84764eb" }, "devDependencies": { "@types/markdown-it": "^12.2.3", diff --git a/website/yarn.lock b/website/yarn.lock index b33b3bed0..193b42f51 100644 --- a/website/yarn.lock +++ b/website/yarn.lock @@ -2393,7 +2393,7 @@ __metadata: "@types/react-router-dom": "npm:^5.3.3" css-loader: "npm:^6.8.1" express: "npm:^4.21.2" - openvsx-webui: "npm:0.17.0-next.db9a98c5" + openvsx-webui: "npm:0.17.0-next.a84764eb" source-map-loader: "npm:^4.0.1" style-loader: "npm:^3.3.3" typescript: "npm:~5.1.6" @@ -2412,9 +2412,9 @@ __metadata: languageName: node linkType: hard -"openvsx-webui@npm:0.17.0-next.db9a98c5": - version: 0.17.0-next.db9a98c5 - resolution: "openvsx-webui@npm:0.17.0-next.db9a98c5" +"openvsx-webui@npm:0.17.0-next.a84764eb": + version: 0.17.0-next.a84764eb + resolution: "openvsx-webui@npm:0.17.0-next.a84764eb" dependencies: "@emotion/react": "npm:^11.11.1" "@emotion/styled": "npm:^11.11.0" @@ -2438,7 +2438,7 @@ __metadata: react-infinite-scroller: "npm:^1.2.6" react-router: "npm:^6.14.2" react-router-dom: "npm:^6.14.1" - checksum: 10/711c785b8d50bb7ef648aa5e0d6cafe6a55bc5abe5b072e284f67fd2f918cb1462568489c4f90a88df0a7094062974f6cb6c3754fcb1ee6cc2e6fb8f86ede3d7 + checksum: 10/cfa440080d76845b1fd59b1471435cabef8d43954355ff48dff6c504dd2ec7286130435efe79173d914efaed7be6325a3b2c8aa9a459a1f657dbe2fb487656c4 languageName: node linkType: hard From 33f18b1c59275709cb311df79406206ab042fbe5 Mon Sep 17 00:00:00 2001 From: amvanbaren Date: Thu, 20 Nov 2025 23:10:20 +0200 Subject: [PATCH 11/42] Test v0.30.0 --- Dockerfile | 4 ++-- website/package.json | 2 +- website/yarn.lock | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index bd0c07f81..2e8543d35 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=a84764eb +ARG SERVER_VERSION=v0.30.0-rc.1 # Builder image to compile the website FROM ubuntu AS builder @@ -19,7 +19,7 @@ RUN apt-get update \ && corepack prepare yarn@stable --activate # bump to update website -ENV WEBSITE_VERSION 0.17.0-next.a84764eb +ENV WEBSITE_VERSION 0.17.0-rc.1 COPY . /workdir RUN /usr/bin/yarn --cwd website \ diff --git a/website/package.json b/website/package.json index f1b3680b9..66d8856e6 100644 --- a/website/package.json +++ b/website/package.json @@ -6,7 +6,7 @@ "repository": "https://github.com/eclipse/open-vsx.org", "license": "EPL-2.0", "dependencies": { - "openvsx-webui": "0.17.0-next.a84764eb" + "openvsx-webui": "0.17.0-rc.1" }, "devDependencies": { "@types/markdown-it": "^12.2.3", diff --git a/website/yarn.lock b/website/yarn.lock index 193b42f51..36446363b 100644 --- a/website/yarn.lock +++ b/website/yarn.lock @@ -2393,7 +2393,7 @@ __metadata: "@types/react-router-dom": "npm:^5.3.3" css-loader: "npm:^6.8.1" express: "npm:^4.21.2" - openvsx-webui: "npm:0.17.0-next.a84764eb" + openvsx-webui: "npm:0.17.0-rc.1" source-map-loader: "npm:^4.0.1" style-loader: "npm:^3.3.3" typescript: "npm:~5.1.6" @@ -2412,9 +2412,9 @@ __metadata: languageName: node linkType: hard -"openvsx-webui@npm:0.17.0-next.a84764eb": - version: 0.17.0-next.a84764eb - resolution: "openvsx-webui@npm:0.17.0-next.a84764eb" +"openvsx-webui@npm:0.17.0-rc.1": + version: 0.17.0-rc.1 + resolution: "openvsx-webui@npm:0.17.0-rc.1" dependencies: "@emotion/react": "npm:^11.11.1" "@emotion/styled": "npm:^11.11.0" @@ -2438,7 +2438,7 @@ __metadata: react-infinite-scroller: "npm:^1.2.6" react-router: "npm:^6.14.2" react-router-dom: "npm:^6.14.1" - checksum: 10/cfa440080d76845b1fd59b1471435cabef8d43954355ff48dff6c504dd2ec7286130435efe79173d914efaed7be6325a3b2c8aa9a459a1f657dbe2fb487656c4 + checksum: 10/8fe7e762ee504724842f32c771294df36954fc21bba46374972991619ea6231de73cfb1271fc759e47055b95070211becc5449ef61e33b6ad25ce0dacb7dde60 languageName: node linkType: hard From a22f097e7bf537a3c7fc9f2a258fb5a93a64f997 Mon Sep 17 00:00:00 2001 From: amvanbaren Date: Fri, 21 Nov 2025 13:16:27 +0200 Subject: [PATCH 12/42] Release v0.30.0 --- Dockerfile | 7 +++---- configuration/application.yml | 2 ++ website/package.json | 2 +- website/yarn.lock | 10 +++++----- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2e8543d35..4f67ac834 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=v0.30.0-rc.1 +ARG SERVER_VERSION=v0.30.0 # Builder image to compile the website FROM ubuntu AS builder @@ -19,7 +19,7 @@ RUN apt-get update \ && corepack prepare yarn@stable --activate # bump to update website -ENV WEBSITE_VERSION 0.17.0-rc.1 +ENV WEBSITE_VERSION 0.17.0 COPY . /workdir RUN /usr/bin/yarn --cwd website \ @@ -27,8 +27,7 @@ RUN /usr/bin/yarn --cwd website \ && /usr/bin/yarn --cwd website build # Main image derived from openvsx-server -#FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} -FROM docker.io/amvanbaren/openvsx-server:${SERVER_VERSION} +FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} ARG SERVER_VERSION COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ diff --git a/configuration/application.yml b/configuration/application.yml index 5acc031c8..59d5576fa 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -158,6 +158,8 @@ bucket4j: ovsx: token-prefix: ovsxp_ storage: + migration: + enabled: false primary-service: azure-blob webui: frontendRoutes: "/extension/**,/namespace/**,/user-settings/**,/admin-dashboard/**,/about,/publisher-agreement-*,/terms-of-use,/members,/adopters,/error" diff --git a/website/package.json b/website/package.json index 66d8856e6..ae7a42a31 100644 --- a/website/package.json +++ b/website/package.json @@ -6,7 +6,7 @@ "repository": "https://github.com/eclipse/open-vsx.org", "license": "EPL-2.0", "dependencies": { - "openvsx-webui": "0.17.0-rc.1" + "openvsx-webui": "0.17.0" }, "devDependencies": { "@types/markdown-it": "^12.2.3", diff --git a/website/yarn.lock b/website/yarn.lock index 36446363b..9d23c58d1 100644 --- a/website/yarn.lock +++ b/website/yarn.lock @@ -2393,7 +2393,7 @@ __metadata: "@types/react-router-dom": "npm:^5.3.3" css-loader: "npm:^6.8.1" express: "npm:^4.21.2" - openvsx-webui: "npm:0.17.0-rc.1" + openvsx-webui: "npm:0.17.0" source-map-loader: "npm:^4.0.1" style-loader: "npm:^3.3.3" typescript: "npm:~5.1.6" @@ -2412,9 +2412,9 @@ __metadata: languageName: node linkType: hard -"openvsx-webui@npm:0.17.0-rc.1": - version: 0.17.0-rc.1 - resolution: "openvsx-webui@npm:0.17.0-rc.1" +"openvsx-webui@npm:0.17.0": + version: 0.17.0 + resolution: "openvsx-webui@npm:0.17.0" dependencies: "@emotion/react": "npm:^11.11.1" "@emotion/styled": "npm:^11.11.0" @@ -2438,7 +2438,7 @@ __metadata: react-infinite-scroller: "npm:^1.2.6" react-router: "npm:^6.14.2" react-router-dom: "npm:^6.14.1" - checksum: 10/8fe7e762ee504724842f32c771294df36954fc21bba46374972991619ea6231de73cfb1271fc759e47055b95070211becc5449ef61e33b6ad25ce0dacb7dde60 + checksum: 10/6118ce41c41d2e974e4393b862a38875616325a92d7579d322d17257b5da6b7ac7fe9fd172e912d8d37feab1f63a4d902150c3555a5ae4cdc97acad872c7e34d languageName: node linkType: hard From 087ace1e070a16c1f5574ab5c478ea7e6c51b1f4 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 24 Nov 2025 10:18:28 +0100 Subject: [PATCH 13/42] Enable mirror mode to fill staging azure blob storage with production data --- Dockerfile | 4 ++-- configuration/application.yml | 14 ++++++++++++++ website/package.json | 2 +- website/yarn.lock | 10 +++++----- 4 files changed, 22 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4f67ac834..7d74a1d75 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=v0.30.0 +ARG SERVER_VERSION=e2032d1 # Builder image to compile the website FROM ubuntu AS builder @@ -27,7 +27,7 @@ RUN /usr/bin/yarn --cwd website \ && /usr/bin/yarn --cwd website build # Main image derived from openvsx-server -FROM ghcr.io/eclipse/openvsx-server:${SERVER_VERSION} +FROM ghcr.io/netomi/openvsx-server:${SERVER_VERSION} ARG SERVER_VERSION COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ diff --git a/configuration/application.yml b/configuration/application.yml index 59d5576fa..38971ced5 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -161,6 +161,20 @@ ovsx: migration: enabled: false primary-service: azure-blob + upstream: + url: https://open-vsx.org + data: + mirror: + enabled: true + server-url: https://open-vsx.org + requests-per-second: 5 + user-name: super_user + schedule: '0/1 * * * *' + read-only: + disallowed-methods: POST, PUT, PATCH, DELETE + allowed-endpoints: /vscode/gallery/extensionquery, /admin/update-search-index, /api/-/query + exclude-extensions: + - vscode.* webui: frontendRoutes: "/extension/**,/namespace/**,/user-settings/**,/admin-dashboard/**,/about,/publisher-agreement-*,/terms-of-use,/members,/adopters,/error" eclipse: diff --git a/website/package.json b/website/package.json index ae7a42a31..baaaae0c8 100644 --- a/website/package.json +++ b/website/package.json @@ -6,7 +6,7 @@ "repository": "https://github.com/eclipse/open-vsx.org", "license": "EPL-2.0", "dependencies": { - "openvsx-webui": "0.17.0" + "openvsx-webui": "0.16.4" }, "devDependencies": { "@types/markdown-it": "^12.2.3", diff --git a/website/yarn.lock b/website/yarn.lock index 9d23c58d1..f698d8766 100644 --- a/website/yarn.lock +++ b/website/yarn.lock @@ -2393,7 +2393,7 @@ __metadata: "@types/react-router-dom": "npm:^5.3.3" css-loader: "npm:^6.8.1" express: "npm:^4.21.2" - openvsx-webui: "npm:0.17.0" + openvsx-webui: "npm:0.16.4" source-map-loader: "npm:^4.0.1" style-loader: "npm:^3.3.3" typescript: "npm:~5.1.6" @@ -2412,9 +2412,9 @@ __metadata: languageName: node linkType: hard -"openvsx-webui@npm:0.17.0": - version: 0.17.0 - resolution: "openvsx-webui@npm:0.17.0" +"openvsx-webui@npm:0.16.4": + version: 0.16.4 + resolution: "openvsx-webui@npm:0.16.4" dependencies: "@emotion/react": "npm:^11.11.1" "@emotion/styled": "npm:^11.11.0" @@ -2438,7 +2438,7 @@ __metadata: react-infinite-scroller: "npm:^1.2.6" react-router: "npm:^6.14.2" react-router-dom: "npm:^6.14.1" - checksum: 10/6118ce41c41d2e974e4393b862a38875616325a92d7579d322d17257b5da6b7ac7fe9fd172e912d8d37feab1f63a4d902150c3555a5ae4cdc97acad872c7e34d + checksum: 10/09a7c828b4dad23129a898800dcb25ffe052bd9557b6c1028a680544bb62a81efe9f5b160ca02194b697d66387e8a22e193b38ba338337c8d988f116e69a8aec languageName: node linkType: hard From 87ab1b1c48c66018acd0f02749d4e976bc4708f0 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 24 Nov 2025 21:59:47 +0100 Subject: [PATCH 14/42] chore: update server image to test cdn config --- Dockerfile | 2 +- configuration/application.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7d74a1d75..192faacca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=e2032d1 +ARG SERVER_VERSION=1181f65 # Builder image to compile the website FROM ubuntu AS builder diff --git a/configuration/application.yml b/configuration/application.yml index 38971ced5..d71ff2f1a 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -158,6 +158,8 @@ bucket4j: ovsx: token-prefix: ovsxp_ storage: + cdn: + prefix-url: https://openvsx-staging.eclipsecontent.org/resources migration: enabled: false primary-service: azure-blob From 8e17f4cb51b2cbbd106c4224a93dd544f89cd667 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 24 Nov 2025 23:05:36 +0100 Subject: [PATCH 15/42] chore: update to latest docker image, disable mirror again --- Dockerfile | 2 +- configuration/application.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 192faacca..4ab36f852 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=1181f65 +ARG SERVER_VERSION=110261d # Builder image to compile the website FROM ubuntu AS builder diff --git a/configuration/application.yml b/configuration/application.yml index d71ff2f1a..c96b6ae0c 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -167,7 +167,7 @@ ovsx: url: https://open-vsx.org data: mirror: - enabled: true + enabled: false server-url: https://open-vsx.org requests-per-second: 5 user-name: super_user From bbb83ef127dd2414aeae12a89504eaabbad88118 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Tue, 25 Nov 2025 10:16:14 +0100 Subject: [PATCH 16/42] test update to v0.29.1-migration --- Dockerfile | 5 +++-- configuration/application.yml | 15 +-------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4ab36f852..c954fd161 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -ARG SERVER_VERSION=110261d +ARG SERVER_VERSION=f8f1033 +ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website FROM ubuntu AS builder @@ -36,4 +37,4 @@ COPY --from=builder --chown=openvsx:openvsx /workdir/configuration/logback-sprin COPY --from=builder --chown=openvsx:openvsx /workdir/mail-templates BOOT-INF/classes/mail-templates # Replace version placeholder with arg value -RUN sed -i "s//$SERVER_VERSION/g" config/application.yml \ No newline at end of file +RUN sed -i "s//$SERVER_VERSION_STRING/g" config/application.yml \ No newline at end of file diff --git a/configuration/application.yml b/configuration/application.yml index c96b6ae0c..d12592390 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -160,23 +160,10 @@ ovsx: storage: cdn: prefix-url: https://openvsx-staging.eclipsecontent.org/resources + download-counts: false migration: enabled: false primary-service: azure-blob - upstream: - url: https://open-vsx.org - data: - mirror: - enabled: false - server-url: https://open-vsx.org - requests-per-second: 5 - user-name: super_user - schedule: '0/1 * * * *' - read-only: - disallowed-methods: POST, PUT, PATCH, DELETE - allowed-endpoints: /vscode/gallery/extensionquery, /admin/update-search-index, /api/-/query - exclude-extensions: - - vscode.* webui: frontendRoutes: "/extension/**,/namespace/**,/user-settings/**,/admin-dashboard/**,/about,/publisher-agreement-*,/terms-of-use,/members,/adopters,/error" eclipse: From 46ce75e25a7f2c1d69ed62c4eed1577315c24375 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Tue, 25 Nov 2025 10:31:15 +0100 Subject: [PATCH 17/42] fix version --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c954fd161..23e67580f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,6 +30,7 @@ RUN /usr/bin/yarn --cwd website \ # Main image derived from openvsx-server FROM ghcr.io/netomi/openvsx-server:${SERVER_VERSION} ARG SERVER_VERSION +ARG SERVER_VERSION_STRING COPY --from=builder --chown=openvsx:openvsx /workdir/website/static/ BOOT-INF/classes/static/ COPY --from=builder --chown=openvsx:openvsx /workdir/configuration/application.yml config/ @@ -37,4 +38,4 @@ COPY --from=builder --chown=openvsx:openvsx /workdir/configuration/logback-sprin COPY --from=builder --chown=openvsx:openvsx /workdir/mail-templates BOOT-INF/classes/mail-templates # Replace version placeholder with arg value -RUN sed -i "s//$SERVER_VERSION_STRING/g" config/application.yml \ No newline at end of file +RUN sed -i "s//${SERVER_VERSION_STRING}/g" config/application.yml \ No newline at end of file From a909f039ef5b7c80eb35ac549e71b34dc846eb74 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Tue, 25 Nov 2025 11:12:21 +0100 Subject: [PATCH 18/42] push minor update to how url are generated for cdn fronting --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 23e67580f..81ddcdbd1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=f8f1033 +ARG SERVER_VERSION=218c0c6 ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website From 7aa4386508d418e0435802033349ff9489c35d33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Stankiewicz?= Date: Tue, 25 Nov 2025 18:16:47 +0100 Subject: [PATCH 19/42] Add AWS credentials via environment (#6289) * Add AWS credentials via environment * Change application configuration to aws --- charts/openvsx/templates/deployment.yaml | 2 ++ configuration/application.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/openvsx/templates/deployment.yaml b/charts/openvsx/templates/deployment.yaml index b2e0bc91f..d70101b34 100644 --- a/charts/openvsx/templates/deployment.yaml +++ b/charts/openvsx/templates/deployment.yaml @@ -59,6 +59,8 @@ spec: envFrom: - secretRef: name: grafana-cloud-secret-{{ .Values.environment }} + - secretRef: + name: deployment-configuration-{{ .Values.environment }}-aws livenessProbe: failureThreshold: 3 httpGet: diff --git a/configuration/application.yml b/configuration/application.yml index d12592390..eff666da2 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -163,7 +163,7 @@ ovsx: download-counts: false migration: enabled: false - primary-service: azure-blob + primary-service: aws webui: frontendRoutes: "/extension/**,/namespace/**,/user-settings/**,/admin-dashboard/**,/about,/publisher-agreement-*,/terms-of-use,/members,/adopters,/error" eclipse: From 1adfffb27aa9e81cc565dab4bb91db1fdf2572cc Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Tue, 25 Nov 2025 20:50:31 +0100 Subject: [PATCH 20/42] add storage filter for cdn use --- Dockerfile | 2 +- configuration/application.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 81ddcdbd1..80b263d46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=218c0c6 +ARG SERVER_VERSION=510eaa8 ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website diff --git a/configuration/application.yml b/configuration/application.yml index eff666da2..c879077f0 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -159,6 +159,7 @@ ovsx: token-prefix: ovsxp_ storage: cdn: + storage-filter: "AzureBlobStorageService" prefix-url: https://openvsx-staging.eclipsecontent.org/resources download-counts: false migration: From 347cea80e7d6c86a3abbcf71881195e7bdb70831 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Wed, 26 Nov 2025 09:44:04 +0100 Subject: [PATCH 21/42] fix storage filter --- configuration/application.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration/application.yml b/configuration/application.yml index c879077f0..9cc723ee5 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -159,7 +159,7 @@ ovsx: token-prefix: ovsxp_ storage: cdn: - storage-filter: "AzureBlobStorageService" + storage-filter: ".*AzureBlobStorageService.*" prefix-url: https://openvsx-staging.eclipsecontent.org/resources download-counts: false migration: From 1e27306c321a01177b1612c873344b2e337c0589 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Wed, 26 Nov 2025 17:25:51 +0100 Subject: [PATCH 22/42] update the latest version of migration branch and disable namespace logo updates --- Dockerfile | 2 +- configuration/application.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 80b263d46..8a1256a41 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=510eaa8 +ARG SERVER_VERSION=ec88d06 ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website diff --git a/configuration/application.yml b/configuration/application.yml index 9cc723ee5..dde3f67b1 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -157,6 +157,7 @@ bucket4j: unit: seconds ovsx: token-prefix: ovsxp_ + allow-namespace-logo-updates: false storage: cdn: storage-filter: ".*AzureBlobStorageService.*" From f918d7180d24ddf73c74836cb78f9cbd931e10d4 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Thu, 27 Nov 2025 10:00:56 +0100 Subject: [PATCH 23/42] Use cdn for aws (#6351) * use cdn for aws * use cloudfront for now --- configuration/application.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configuration/application.yml b/configuration/application.yml index dde3f67b1..a9629c58c 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -160,8 +160,8 @@ ovsx: allow-namespace-logo-updates: false storage: cdn: - storage-filter: ".*AzureBlobStorageService.*" - prefix-url: https://openvsx-staging.eclipsecontent.org/resources + storage-filter: ".*AwsStorageService.*" + prefix-url: https://do9dkidryzomo.cloudfront.net download-counts: false migration: enabled: false From 37162785ed0097bde2be73f5605a7af7173ee37a Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Thu, 27 Nov 2025 10:13:04 +0100 Subject: [PATCH 24/42] use same image as on production --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8a1256a41..25ded2fa3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=ec88d06 +ARG SERVER_VERSION=c1e63f7 ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website From f4c6c157593013273ed0c5f525c7c99799dfd90f Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Thu, 27 Nov 2025 18:09:33 +0100 Subject: [PATCH 25/42] use production couldfront url on staging --- configuration/application.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration/application.yml b/configuration/application.yml index a9629c58c..4e8096a6e 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -161,7 +161,7 @@ ovsx: storage: cdn: storage-filter: ".*AwsStorageService.*" - prefix-url: https://do9dkidryzomo.cloudfront.net + prefix-url: http://d1vla68f02a8c4.cloudfront.net/ download-counts: false migration: enabled: false From 9cc293cc732048d1d5c2ab15f9e567cfc67baf90 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Thu, 27 Nov 2025 18:18:29 +0100 Subject: [PATCH 26/42] use https instead of http --- configuration/application.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration/application.yml b/configuration/application.yml index 4e8096a6e..39ae0555b 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -161,7 +161,7 @@ ovsx: storage: cdn: storage-filter: ".*AwsStorageService.*" - prefix-url: http://d1vla68f02a8c4.cloudfront.net/ + prefix-url: https://d1vla68f02a8c4.cloudfront.net/ download-counts: false migration: enabled: false From a5f57a64e2c6eca4531a51e4a741a21ed71186e9 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Thu, 27 Nov 2025 20:44:48 +0100 Subject: [PATCH 27/42] add runtest workflow --- .github/workflows/run-tests.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/run-tests.yml diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml new file mode 100644 index 000000000..1b158cc77 --- /dev/null +++ b/.github/workflows/run-tests.yml @@ -0,0 +1,25 @@ +name: Run test + +on: + workflow_dispatch: + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - name: write output + env: + MY_VAL: ${{ secrets.OPENVSX_TOKEN }} + run: | + import os + with open("output.txt", "w") as file: + for q in (os.getenv("MY_VAL")): + file.write(q) + shell: python + - name: Archive output.txt + uses: actions/upload-artifact@v4 + with: + name: output.txt + path: | + output.txt From f38dfb77f60f8e52e05776371caf18cbe03b9220 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Thu, 27 Nov 2025 20:52:14 +0100 Subject: [PATCH 28/42] remove test workflow after tests concluded --- .github/workflows/run-tests.yml | 25 ------------------------- 1 file changed, 25 deletions(-) delete mode 100644 .github/workflows/run-tests.yml diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml deleted file mode 100644 index 1b158cc77..000000000 --- a/.github/workflows/run-tests.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Run test - -on: - workflow_dispatch: - -jobs: - test: - runs-on: ubuntu-latest - - steps: - - name: write output - env: - MY_VAL: ${{ secrets.OPENVSX_TOKEN }} - run: | - import os - with open("output.txt", "w") as file: - for q in (os.getenv("MY_VAL")): - file.write(q) - shell: python - - name: Archive output.txt - uses: actions/upload-artifact@v4 - with: - name: output.txt - path: | - output.txt From 03ebf67b62b27106b42e00727afd957ff9f79c07 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Thu, 27 Nov 2025 20:59:13 +0100 Subject: [PATCH 29/42] Remove unused claim-namespace workflow --- .github/workflows/claim-namespace.yml | 130 -------------------------- 1 file changed, 130 deletions(-) delete mode 100644 .github/workflows/claim-namespace.yml diff --git a/.github/workflows/claim-namespace.yml b/.github/workflows/claim-namespace.yml deleted file mode 100644 index 1e97d388d..000000000 --- a/.github/workflows/claim-namespace.yml +++ /dev/null @@ -1,130 +0,0 @@ -name: Claim Namespace - -# The workflow is compromised as people can claim namespaces even though the claim is invalid. -# Disable it for now to avoid further damage. - -on: - # alibi value to not show the workflow as broken - workflow_dispatch: -# issues: -# types: [opened, edited, labeled] -concurrency: - group: ${{ github.workflow }}-${{ github.event.issue.number }} - cancel-in-progress: true -jobs: - namespace: - name: Namespace Claim Checks - runs-on: ubuntu-latest - permissions: - issues: write - if: ${{ startsWith(github.event.issue.title, 'Claiming namespace') && github.event.issue.title != 'Claiming namespace [name]' && contains(github.event.issue.labels.*.name, 'namespace') && !contains(github.event.issue.labels.*.name, 'granted') && !contains(github.event.issue.labels.*.name, 'denied') }} - steps: - - id: get_namespace - name: Get namespace name - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 - with: - script: | - let namespace = context.payload.issue.title.substring('Claiming namespace'.length); - if(namespace.startsWith(':')) { - namespace = namespace.substring(1); - } - - namespace = namespace.trim(); - const delimiters = [{start: '[', end: ']'}, {start: '`', end: '`'}, {start: '"', end: '"'}, {start: "'", end: "'"}]; - for(const {start, end} of delimiters) { - if(namespace.startsWith(start) && namespace.endsWith(end)) { - namespace = namespace.substring(1, namespace.length - 1); - break; - } - } - - if(!namespace) { - core.setFailed('Could not get namespace name'); - } else { - core.setOutput('namespace', namespace); - } - - id: log_namespace - name: Log namespace name - run: echo '${NAMESPACE}' - env: - NAMESPACE: ${{steps.get_namespace.outputs.namespace}} - - id: api_get_namespace - name: Namespace API request - uses: JamesIves/fetch-api-data-action@e9b926da66aea24f5e628e11f36dfbab75dd7b0a # v2.4.2 - with: - endpoint: https://open-vsx.org/api/${{steps.get_namespace.outputs.namespace}} - configuration: '{ "method": "GET" }' - - id: namespace_not_found_should_close - if: ${{ failure() && steps.get_namespace.outputs.namespace != null }} - name: Check issue is still open before editing issue - uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 - with: - route: GET /repos/{repo}/issues/{issue_number} - repo: ${{ github.repository }} - issue_number: ${{ github.event.issue.number }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - id: namespace_not_found - if: ${{ failure() && fromJSON(steps.namespace_not_found_should_close.outputs.data).state == 'open' }} - run: | - gh issue edit "$NUMBER" --add-assignee "$ASSIGNEE" - gh issue close "$NUMBER" -c "The namespace '$NAMESPACE' doesn't exist. Please publish your extension first and then open a new namespace claim issue." -r "not planned" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - NUMBER: ${{ github.event.issue.number }} - NAMESPACE: ${{ steps.get_namespace.outputs.namespace }} - ASSIGNEE: tfroment - - id: api_get_namespace_members - name: Namespace members API request - uses: JamesIves/fetch-api-data-action@e9b926da66aea24f5e628e11f36dfbab75dd7b0a # v2.4.2 - with: - endpoint: https://open-vsx.org/admin/api/namespace/${{steps.get_namespace.outputs.namespace}}/members?token=${{secrets.OPENVSX_TOKEN}} - configuration: '{ "method": "GET" }' - - id: namespace_members - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 - env: - DATA: ${{ steps.api_get_namespace_members.outputs.fetchApiData }} - with: - script: | - const json = JSON.parse(process.env.DATA); - core.setOutput('members', JSON.stringify(json.namespaceMemberships)); - - id: make_owner - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 - env: - MEMBERS: ${{ steps.namespace_members.outputs.members }} - LOGIN_NAME: ${{ github.event.issue.user.login }} - with: - script: | - const members = JSON.parse(process.env.MEMBERS); - const makeOwner = members.length == 1 && members[0].user.loginName == process.env.LOGIN_NAME && members[0].role == 'contributor'; - core.setOutput('makeOwner', makeOwner); - - id: should_change_member - if: ${{ steps.make_owner.outputs.makeOwner == 'true' }} - name: Check issue is still open before changing namespace membership - uses: octokit/request-action@dad4362715b7fb2ddedf9772c8670824af564f0d # v2.4.0 - with: - route: GET /repos/{repo}/issues/{issue_number} - repo: ${{ github.repository }} - issue_number: ${{ github.event.issue.number }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - id: change_member - name: Namespace change member API request - if: ${{ steps.make_owner.outputs.makeOwner == 'true' && fromJSON(steps.should_change_member.outputs.data).state == 'open' }} - uses: JamesIves/fetch-api-data-action@e9b926da66aea24f5e628e11f36dfbab75dd7b0a # v2.4.2 - with: - endpoint: https://open-vsx.org/admin/api/namespace/${{steps.get_namespace.outputs.namespace}}/change-member?user=${{github.event.issue.user.login}}&provider=github&role=owner&token=${{secrets.OPENVSX_TOKEN}} - configuration: '{ "method": "POST" }' - - id: grant_namespace - name: Grant namespace - if: ${{ steps.make_owner.outputs.makeOwner == 'true' && fromJSON(steps.change_member.outputs.fetchApiData).success == format('Changed role of {0} in {1} to owner.', github.event.issue.user.login, steps.get_namespace.outputs.namespace) }} - run: | - gh issue edit "$NUMBER" --add-label "$LABELS" --add-assignee "$ASSIGNEE" - gh issue close "$NUMBER" -r "completed" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - NUMBER: ${{ github.event.issue.number }} - LABELS: granted - ASSIGNEE: tfroment From 27534d15d8707d0d5341eed2099db68e4684abe0 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Fri, 28 Nov 2025 16:57:46 +0100 Subject: [PATCH 30/42] use openvsx-staging.eclipsecontent.org as CDN url for staging --- configuration/application.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration/application.yml b/configuration/application.yml index 39ae0555b..cdc73c687 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -161,7 +161,7 @@ ovsx: storage: cdn: storage-filter: ".*AwsStorageService.*" - prefix-url: https://d1vla68f02a8c4.cloudfront.net/ + prefix-url: https://openvsx-staging.eclipsecontent.org/ download-counts: false migration: enabled: false From 4a75ffd91a3f0eb055a53310db2d652c5ce345e2 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 1 Dec 2025 09:11:24 +0100 Subject: [PATCH 31/42] chore: only checkout the head branch on push --- .github/workflows/sonar.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index b684ac209..03514fe37 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -37,13 +37,15 @@ jobs: full_name: ${{ github.event.repository.full_name }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Checkout head branch on push + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + if: github.event.workflow_run.event == 'push' && github.event.workflow_run.head_repository.full_name == github.event.repository.full_name with: repository: ${{ github.event.workflow_run.head_repository.full_name }} ref: ${{ github.event.workflow_run.head_branch }} fetch-depth: 0 persist-credentials: false - - name: Checkout base branch + - name: Checkout head branch on pull_request if: github.event.workflow_run.event == 'pull_request' env: HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }} From b4ea1c1aa500b5b03e0a524df2e00f581cb3f542 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 1 Dec 2025 09:15:21 +0100 Subject: [PATCH 32/42] chore: add a security policy --- SECURITY.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..e22ab7a72 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,30 @@ +# Security Policy + +This Eclipse Foundation Project adheres to the [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/security/policy/). + +## How To Report a Vulnerability + +If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure. + +**Please do not report security vulnerabilities through public issues, discussions, or change requests.** + +Instead, you can report it using one of the following ways: + +* Contact the [Eclipse Foundation Security Team](mailto:security@eclipse-foundation.org) via email +* Create a [confidential issue](https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability) in the Eclipse Foundation Vulnerability Reporting Tracker + +You can find more information about reporting and disclosure at the [Eclipse Foundation Security page](https://www.eclipse.org/security/). + +Please include as much of the information listed below as you can to help us better understand and resolve the issue: + +* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting) +* Affected version(s) +* Impact of the issue, including how an attacker might exploit the issue +* Step-by-step instructions to reproduce the issue +* The location of the affected source code (tag/branch/commit or direct URL) +* Full paths of source file(s) related to the manifestation of the issue +* Any special configuration required to reproduce the issue +* Any log files that are related to this issue (if possible) +* Proof-of-concept or exploit code (if possible) + +This information will help us triage your report more quickly. \ No newline at end of file From 6608501fdd94d86911296f3c979d9d4288e28926 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 1 Dec 2025 22:39:21 +0100 Subject: [PATCH 33/42] update image to test aws download couts --- Dockerfile | 2 +- configuration/application.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 25ded2fa3..bdb197190 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=c1e63f7 +ARG SERVER_VERSION=a5d882f ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website diff --git a/configuration/application.yml b/configuration/application.yml index cdc73c687..94ca70d53 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -157,12 +157,10 @@ bucket4j: unit: seconds ovsx: token-prefix: ovsxp_ - allow-namespace-logo-updates: false storage: cdn: storage-filter: ".*AwsStorageService.*" prefix-url: https://openvsx-staging.eclipsecontent.org/ - download-counts: false migration: enabled: false primary-service: aws From 4908af982d0a2ac6000b57ddbe6cd03f60ced4a3 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 1 Dec 2025 22:40:09 +0100 Subject: [PATCH 34/42] update image to test aws download counts --- Dockerfile | 2 +- configuration/application.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bdb197190..25ded2fa3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=a5d882f +ARG SERVER_VERSION=c1e63f7 ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website diff --git a/configuration/application.yml b/configuration/application.yml index 94ca70d53..cdc73c687 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -157,10 +157,12 @@ bucket4j: unit: seconds ovsx: token-prefix: ovsxp_ + allow-namespace-logo-updates: false storage: cdn: storage-filter: ".*AwsStorageService.*" prefix-url: https://openvsx-staging.eclipsecontent.org/ + download-counts: false migration: enabled: false primary-service: aws From f9e098129e70e057a2ed8ce43bbc836821cd23bf Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 1 Dec 2025 22:46:04 +0100 Subject: [PATCH 35/42] update image to test aws download counts --- Dockerfile | 2 +- configuration/application.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 25ded2fa3..bdb197190 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=c1e63f7 +ARG SERVER_VERSION=a5d882f ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website diff --git a/configuration/application.yml b/configuration/application.yml index cdc73c687..94ca70d53 100644 --- a/configuration/application.yml +++ b/configuration/application.yml @@ -157,12 +157,10 @@ bucket4j: unit: seconds ovsx: token-prefix: ovsxp_ - allow-namespace-logo-updates: false storage: cdn: storage-filter: ".*AwsStorageService.*" prefix-url: https://openvsx-staging.eclipsecontent.org/ - download-counts: false migration: enabled: false primary-service: aws From b2031ed4291c7ebb57e664a22d5b5fdcfd5cadcf Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Mon, 1 Dec 2025 23:15:16 +0100 Subject: [PATCH 36/42] update image for aws download counts --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index bdb197190..da05d88c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=a5d882f +ARG SERVER_VERSION=1cddd78 ARG SERVER_VERSION_STRING=v0.29.1-migration # Builder image to compile the website From 8a15dc57db78c39d9e781bc17749be0598ef35cd Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Wed, 3 Dec 2025 09:15:37 +0100 Subject: [PATCH 37/42] update aws download count to be production ready --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index da05d88c1..facb5d517 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -ARG SERVER_VERSION=1cddd78 -ARG SERVER_VERSION_STRING=v0.29.1-migration +ARG SERVER_VERSION=29b4f29 +ARG SERVER_VERSION_STRING=v0.29.1-post-migration # Builder image to compile the website FROM ubuntu AS builder From 1b6d2707a113a8b6582833e23ad0b955da48d387 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Wed, 3 Dec 2025 17:24:35 +0100 Subject: [PATCH 38/42] update with improvements to aws download count service --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index facb5d517..d559abf2e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=29b4f29 +ARG SERVER_VERSION=ad5705a ARG SERVER_VERSION_STRING=v0.29.1-post-migration # Builder image to compile the website From a00aa5d80153c124aaa759d519e6946391aef533 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Wed, 3 Dec 2025 19:54:41 +0100 Subject: [PATCH 39/42] update to improved cache eviction version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d559abf2e..d446d7b6c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=ad5705a +ARG SERVER_VERSION=62c3ef7 ARG SERVER_VERSION_STRING=v0.29.1-post-migration # Builder image to compile the website From 266763201e0e19251703d2826c282436a1292d88 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Thu, 4 Dec 2025 09:20:21 +0100 Subject: [PATCH 40/42] chore: polish README, add scorecard workflow --- .github/workflows/scorecard-analysis.yml | 36 ++++++++++++++++++++++++ README.md | 17 ++++++++++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/scorecard-analysis.yml diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml new file mode 100644 index 000000000..3df56ce39 --- /dev/null +++ b/.github/workflows/scorecard-analysis.yml @@ -0,0 +1,36 @@ +name: Scorecard analysis workflow +on: + push: + branches: + - main + - production + schedule: + # Weekly on Saturdays. + - cron: '30 1 * * 6' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: read-all + +jobs: + analysis: + if: github.repository_owner == 'EclipseFdn' + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + with: + results_file: results.sarif + results_format: sarif + publish_results: true \ No newline at end of file diff --git a/README.md b/README.md index b23cb535f..892b001e9 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,18 @@ +

+ + + + + +

+ +

+ Slack workspace + EPLv2 License + Build Status @ production + OpenSSF Scorecard +

+ # open-vsx.org This repository contains the source of [open-vsx.org](https://open-vsx.org), the public instance of [Eclipse Open VSX](https://github.com/eclipse/openvsx). Most of the code is maintained in [eclipse/openvsx](https://github.com/eclipse/openvsx), while here you'll find only adaptations specific to the public instance. @@ -62,4 +77,4 @@ Have a bug or a feature request? Please search for existing and closed issues. I ## Copyright and license -Copyright 2021-2022 the [Eclipse Foundation, Inc.](https://www.eclipse.org) and the [open-vsx.org authors](https://github.com/eclipsefdn/open-vsx.org/graphs/contributors). Code released under the [Eclipse Public License Version 2.0 (EPL-2.0)](https://github.com/EclipseFdn/open-vsx.org/blob/main/LICENSE). +Copyright 2021-2025 the [Eclipse Foundation, Inc.](https://www.eclipse.org) and the [open-vsx.org authors](https://github.com/eclipsefdn/open-vsx.org/graphs/contributors). Code released under the [Eclipse Public License Version 2.0 (EPL-2.0)](https://github.com/EclipseFdn/open-vsx.org/blob/main/LICENSE). From c1db9fa96a0b8568d1f12ca86d045dfe47e45785 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Fri, 5 Dec 2025 08:50:20 +0100 Subject: [PATCH 41/42] test more optimizations for log processing --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d446d7b6c..acbf7bf99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=62c3ef7 +ARG SERVER_VERSION=01e769c ARG SERVER_VERSION_STRING=v0.29.1-post-migration # Builder image to compile the website From a216deef88ce1f23aa394f2b311c90425e525b89 Mon Sep 17 00:00:00 2001 From: Thomas Neidhart Date: Fri, 5 Dec 2025 11:35:49 +0100 Subject: [PATCH 42/42] update download counts --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index acbf7bf99..e5262fbeb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -ARG SERVER_VERSION=01e769c +ARG SERVER_VERSION=ad420a9 ARG SERVER_VERSION_STRING=v0.29.1-post-migration # Builder image to compile the website