Merge tag 'v0.13.0' into release

Release v0.13.0
shaarli · Nov 22, 2023 · 130e347 · 130e347
2 parents c2127f1 + df12158
commit 130e347
Show file tree

Hide file tree

Showing 61 changed files with 3,004 additions and 2,834 deletions.
diff --git a/.docker/nginx.conf b/.docker/nginx.conf
@@ -18,6 +18,7 @@ http {
 
     server {
         listen      80;
+        listen      [::]:80;
         root        /var/www/shaarli;
 
         access_log  /var/log/nginx/shaarli.access.log;

diff --git a/.gitattributes b/.gitattributes
@@ -40,6 +40,8 @@ Dockerfile*       export-ignore
 Doxyfile          export-ignore
 Makefile          export-ignore
 node_modules/     export-ignore
-mkdocs.yml        export-ignore
+doc/conf.py       export-ignore
+doc/requirements.txt export-ignore
+doc/html/.doctrees/  export-ignore
 phpunit.xml       export-ignore
 tests/            export-ignore
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,7 +6,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: ['7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2']
+        php-versions: ['7.4', '8.0', '8.1', '8.2']
     name: PHP ${{ matrix.php-versions }}
     steps:
       - name: Set locales
@@ -93,8 +93,14 @@ jobs:
         with:
           python-version: 3.8
 
-      - name: Install dependencies
-        run: pip install mkdocs
-
       - name: Build documentation
-        run: mkdocs build --clean
+        run: make htmldoc
+
+  trivy-repo:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Run trivy scanner on repository (non-blocking)
+        run: make test_trivy_repo TRIVY_EXIT_CODE=0
diff --git a/.github/workflows/docker-latest.yml b/.github/workflows/docker-latest.yml
@@ -31,12 +31,15 @@ jobs:
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: .
           push: true
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
           tags: |
-            shaarli/shaarli:latest
-            ghcr.io/shaarli/shaarli:latest
+            ${{ secrets.DOCKER_IMAGE }}:latest
+            ghcr.io/${{ secrets.DOCKER_IMAGE }}:latest
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
+      - name: Run trivy scanner on latest docker image
+        run: make test_trivy_docker TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/${{ secrets.DOCKER_IMAGE }}:latest
diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml
@@ -0,0 +1,21 @@
+name: Build Docker image (Pull Request)
+on:
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Build Docker image
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          push: false
+          tags: shaarli/shaarli:pr-${{ github.event.number }}
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/.github/workflows/docker-tags.yml b/.github/workflows/docker-tags.yml
@@ -35,8 +35,9 @@ jobs:
         uses: docker/build-push-action@v3
         with:
           push: true
+          platforms: linux/amd64,linux/arm/v7
           tags: |
-            shaarli/shaarli:${{ env.REF }}
-            ghcr.io/shaarli/shaarli:${{ env.REF }}
+            ${{ secrets.DOCKER_IMAGE }}:${{ env.REF }}
+            ghcr.io/${{ secrets.DOCKER_IMAGE }}:${{ env.REF }}
       - name: Image digest
         run: echo ${{ steps.docker_build.outputs.digest }}
diff --git a/.gitignore b/.gitignore
@@ -26,6 +26,7 @@ sandbox
 phpmd.html
 phpdoc.xml
 .phpunit.result.cache
+trivy
 
 # User plugin configuration
 plugins/*

diff --git a/.readthedocs.yml b/.readthedocs.yml
@@ -5,11 +5,19 @@
 # Required
 version: 2
 
-# Build documentation with MkDocs
-mkdocs:
-  configuration: mkdocs.yml
+# Build documentation in the "docs/" directory with Sphinx
+sphinx:
+  configuration: doc/conf.py
+  builder: html
+
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+  commands:
+    - pip install sphinx==7.1.0 furo==2023.7.26 myst-parser sphinx-design
+    - sphinx-build -b html -c doc/ doc/md/ _readthedocs/html/
 
-# Optionally set the version of Python and requirements required to build your docs
-# https://github.com/rtfd/readthedocs.org/issues/5250
 python:
-  version: 3.5
+  install:
+    - requirements: doc/requirements.txt
diff --git a/AUTHORS b/AUTHORS
@@ -1,8 +1,8 @@
-  1206	ArthurHoaro <arthur@hoa.ro>
+  1216	ArthurHoaro <arthur@hoa.ro>
+   456	nodiscc <nodiscc@gmail.com>
    405	VirtualTam <virtualtam@flibidi.net>
-   384	nodiscc <nodiscc@gmail.com>
     56	Sébastien Sauvage <sebsauvage@sebsauvage.net>
-    23	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+    27	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
     19	Keith Carangelo <mail@kcaran.com>
     16	Luce Carević <lcarevic@access42.net>
     15	Florian Eula <eula.florian@gmail.com>
@@ -11,53 +11,49 @@
      9	Lucas Cimon <lucas.cimon@gmail.com>
      9	Willi Eggeling <thewilli@gmail.com>
      8	Christophe HENRY <christophe.henry@sbgodin.fr>
+     6	B. van Berkum <dev@dotmpe.com>
      6	Immánuel Fodor <immanuelfactor+github@gmail.com>
      6	YFdyh000 <yfdyh000@gmail.com>
      6	kalvn <kalvnthereal@gmail.com>
-     6	B. van Berkum <dev@dotmpe.com>
      6	llune <llune@users.noreply.github.com>
      5	Mark Schmitz <kramred@gmail.com>
      5	Sébastien NOBILI <code@pipoprods.org>
      4	Alexandre Alapetite <alexandre@alapetite.fr>
-     4	yude <yudesleepy@gmail.com>
      4	David Sferruzza <david.sferruzza@gmail.com>
-     3	Teromene <teromene@teromene.fr>
-     3	yudete <yu@yude.moe>
+     4	yude <yudesleepy@gmail.com>
      3	Agurato <mail.vmonot@gmail.com>
-     3	Olivier <bourreauolivier@gmail.com>
      3	Christoph Stoettner <christoph.stoettner@stoeps.de>
+     3	Olivier <bourreauolivier@gmail.com>
+     3	Teromene <teromene@teromene.fr>
+     3	yudete <yu@yude.moe>
+     2	Alexander Railean <alexandr.railean@arculus.de>
+     2	Alexandre G.-Raymond <alex@ndre.gr>
+     2	Chris Kuethe <chris.kuethe@gmail.com>
+     2	Doug Breaux <25640850+dougbreaux@users.noreply.github.com>
      2	Felix Bartels <felix@host-consultants.de>
+     2	Ganesh Kandu <kanduganesh@gmail.com>
+     2	Gregory <gregory@nosheep.fr>
+     2	Guillaume Virlet <github@virlet.org>
+     2	Knah Tsaeb <Knah-Tsaeb@knah-tsaeb.org>
      2	Mathieu Chabanon <git@matchab.fr>
      2	Miloš Jovanović <mjovanovic@gmail.com>
      2	Neros <contact@neros.fr>
-     2	Alexandre G.-Raymond <alex@ndre.gr>
      2	Qwerty <champlywood@free.fr>
-     2	Guillaume Virlet <github@virlet.org>
      2	Sebastien Wains <sebw@users.noreply.github.com>
      2	Stephen Muth <smuth4@gmail.com>
      2	Timo Van Neerden <fire@lehollandaisvolant.net>
-     2	Alexander Railean <alexandr.railean@arculus.de>
-     2	Doug Breaux <25640850+dougbreaux@users.noreply.github.com>
      2	flow.gunso <flow.gunso@gmail.com>
-     2	Chris Kuethe <chris.kuethe@gmail.com>
-     2	Ganesh Kandu <kanduganesh@gmail.com>
      2	julienCXX <software@chmodplusx.eu>
-     2	Knah Tsaeb <Knah-Tsaeb@knah-tsaeb.org>
      2	philipp-r <philipp-r@users.noreply.github.com>
      2	pips <pips@e5150.fr>
      2	prog-it <pash.vld@gmail.com>
      2	trailjeep <trailjeep@gmail.com>
-     1	leyrer <gitlab@leyrer.priv.at>
-     1	locness3 <37651007+locness3@users.noreply.github.com>
-     1	owen bell <66233223+xfnw@users.noreply.github.com>
-     1	philipp <philipp@philipp.PC.Ubuntu>
-     1	rfolo9li <50079896+rfolo9li@users.noreply.github.com>
-     1	sprak3000 <sprak3000+github@gmail.com>
-     1	yudejp <i@yude.jp>
-     1	Rajat Hans <rajathans9@gmail.com>
+     1	Adrien Oliva <adrien.oliva@yapbreak.fr>
      1	Adrien le Maire <adrien@alemaire.be>
      1	Ajabep <ajabep@users.noreply.github.com>
      1	Alexis J <alexis@effingo.be>
+     1	Alistair Young <avatar@arkane-systems.net>
+     1	Amadeous <amadeous@users.noreply.github.com>
      1	Angristan <angristan@users.noreply.github.com>
      1	Bish Erbas <42714627+bisherbas@users.noreply.github.com>
      1	BoboTiG <bobotig@gmail.com>
@@ -66,6 +62,7 @@
      1	Buster One <37770318+buster-one@users.noreply.github.com>
      1	D Low <daniellowtw@gmail.com>
      1	Daniel Jakots <vigdis@chown.me>
+     1	David <dajare@gmail.com>
      1	David Foucher <dev@tyjak.net>
      1	Denis Renning <denis@devtty.de>
      1	Dennis Verspuij <dennisverspuij@users.noreply.github.com>
@@ -75,7 +72,6 @@
      1	Florian Voigt <flvoigt@me.com>
      1	Franck Kerbiriou <FranckKe@users.noreply.github.com>
      1	Gary Marigliano <gmarigliano93@gmail.com>
-     1	Gregory <gregory@nosheep.fr>
      1	Hazhar Galeh <78073762+hazhargaleh@users.noreply.github.com>
      1	Hg <dev@indigo.re>
      1	Jens Kubieziel <github@kubieziel.de>
@@ -90,16 +86,26 @@
      1	Mark Gerarts <mark.gerarts@gmail.com>
      1	Marsup <marsup@gmail.com>
      1	Nicolas Friedli <nicolas@theologique.ch>
+     1	Nicolas Le Gaillart <nicolas@legaillart.fr>
      1	Paul van den Burg <github@paulvandenburg.nl>
-     1	Adrien Oliva <adrien.oliva@yapbreak.fr>
+     1	Rajat Hans <rajathans9@gmail.com>
      1	Sbgodin <Sbgodin@users.noreply.github.com>
      1	ToM <tom@leloop.org>
      1	TsT <tst2005@gmail.com>
      1	agentcobra <agentcobra@free.fr>
      1	aguy <aguytech@users.noreply.github.com>
+     1	bschwede <bschwede@users.noreply.github.com>
      1	bschwede <gummibando@gmx.net>
+     1	clach04 <clach04@gmail.com>
      1	dimtion <zizou.xena@gmail.com>
      1	durcheinandr <jochen@durcheinandr.de>
      1	heimpogo <hypertexthome@googlemail.com>
      1	jalr <mail@jalr.de>
      1	lapineige <lapineige@users.noreply.github.com>
+     1	leyrer <gitlab@leyrer.priv.at>
+     1	locness3 <37651007+locness3@users.noreply.github.com>
+     1	owen bell <66233223+xfnw@users.noreply.github.com>
+     1	philipp <philipp@philipp.PC.Ubuntu>
+     1	rfolo9li <50079896+rfolo9li@users.noreply.github.com>
+     1	sprak3000 <sprak3000+github@gmail.com>
+     1	yudejp <i@yude.jp>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,57 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [v0.13.0](https://github.com/shaarli/Shaarli/releases/tag/v0.12.3) - 2023-11-22
+
+> Major changes:
+>  - Security: Fix XSS vulnerability in tag search
+>  - Drop support for PHP 7.1, 7.2 and 7.3
+
+### Added
+* Docker build: add ARM64 platform and bump Github action version by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1965
+* github actions: build OCI images that contain both amd64 and armv7 by @nodiscc in https://github.com/shaarli/Shaarli/pull/1962
+* Expose tags_separator config through /info API by @amadeous in https://github.com/shaarli/Shaarli/pull/1997
+* tools: github actions: build docker images on pull requests by @nodiscc in https://github.com/shaarli/Shaarli/pull/2014
+* doc: server configuration: add PHP 8.2 to PHP compatibility table by @nodiscc in https://github.com/shaarli/Shaarli/pull/2021
+* Add shaarli-stack theme to Community-and-related-software.md by @dajare in https://github.com/shaarli/Shaarli/pull/2028
+* doc: document general.download_max_size/timeout configuration settings by @nodiscc in https://github.com/shaarli/Shaarli/pull/2036
+* doc: troubleshooting: automatic title retrieval fails when it is set by javascript by @nodiscc in https://github.com/shaarli/Shaarli/pull/2037
+
+### Changed
+* doc: update release procedure (merge the latest release to the release branch) + use the release branch for latest release version detection by @nodiscc in https://github.com/shaarli/Shaarli/pull/1960
+* Update german translation by @bschwede in https://github.com/shaarli/Shaarli/pull/1969
+* Update Server-configuration.md by @reinboldg in https://github.com/shaarli/Shaarli/pull/1973
+* Update Community-and-related-software.md by @nlegaillart in https://github.com/shaarli/Shaarli/pull/1984
+* doc: improve docs on usage of OR operator in tags search by @nodiscc in https://github.com/shaarli/Shaarli/pull/1987
+* docker: nginx: listen on IPv6 in addition to IPv4 by @cerebrate in https://github.com/shaarli/Shaarli/pull/1983
+* Doc update, WebSub (formerly PubSubHubbub) plugin by @clach04 in https://github.com/shaarli/Shaarli/pull/2008
+* doc: community/related software/integration with other platforms: add link to shaarli debian package by @nodiscc in https://github.com/shaarli/Shaarli/pull/2018
+* replace mkdocs with sphinx/myst-parser for HTML documentation generation, documentation improvements by @nodiscc in https://github.com/shaarli/Shaarli/pull/2025
+
+### Fixed
+* Makefile: Use GNU tar if available by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1957
+* Support: ignore disk_free_space if the function is unavailable by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1970
+* Documentation: fix broken link to 3rd party plugins by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1975
+* Fix autofocus: load bulk action input on linklist only by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1976
+* doc: fix mkdocs build warnings/relative links by @nodiscc in https://github.com/shaarli/Shaarli/pull/2015
+* correct usage of hyphens in all occurences of 'super fast, database-free' by @nodiscc in https://github.com/shaarli/Shaarli/pull/2003
+
+
+### Removed
+* Drop support for PHP 7.1, 7.2 and 7.3 by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/1958
+* doc: themes: remove unmaintained themes by @nodiscc in https://github.com/shaarli/Shaarli/pull/2030
+* doc: remove bountysource badge by @nodiscc in https://github.com/shaarli/Shaarli/pull/2035
+
+### Security
+* Fix XSS vulnerability in tag search by @ArthurHoaro in https://github.com/shaarli/Shaarli/pull/2039
+* tools: run trivy vulnerability scanner on the 'latest' docker image by @nodiscc in https://github.com/shaarli/Shaarli/pull/1980
+* github actions: fix value of TRIVY_TARGET_DOCKER_IMAGE by @nodiscc in https://github.com/shaarli/Shaarli/pull/1989
+* tools/CI: scan repository with trivy security scanner (yarn.lock, composer.lock) by @nodiscc in https://github.com/shaarli/Shaarli/pull/1998
+* tools/tests: update trivy to v0.44.0 by @nodiscc in https://github.com/shaarli/Shaarli/pull/2012
+* docker: update base alpine docker image to 3.16.7 by @nodiscc in https://github.com/shaarli/Shaarli/pull/2024
+
+**Full Changelog**: https://github.com/shaarli/Shaarli/compare/v0.12.2...v0.12.3
+
 ## [v0.12.2](https://github.com/shaarli/Shaarli/releases/tag/v0.12.2) - 2023-03-18
 
 > Docker: use `ghcr.io/shaarli/shaarli` as Docker image instead of `shaarli/shaarli`.

diff --git a/Dockerfile b/Dockerfile
@@ -4,9 +4,8 @@
 FROM python:3-alpine as docs
 ADD . /usr/src/app/shaarli
 RUN cd /usr/src/app/shaarli \
-    && apk add --no-cache gcc musl-dev \
-    && pip install --no-cache-dir mkdocs \
-    && mkdocs build --clean
+    && apk add --no-cache gcc musl-dev make bash \
+    && make htmldoc
 
 # Stage 2:
 # - Resolve PHP dependencies with Composer
@@ -26,7 +25,7 @@ RUN cd shaarli \
 
 # Stage 4:
 # - Shaarli image
-FROM alpine:3.16
+FROM alpine:3.16.7
 LABEL maintainer="Shaarli Community"
 
 RUN apk --update --no-cache add \