Release OpenProject 14.0.0

Author: oliverguenther

.buildpacks

@@ -0,0 +1,2 @@
+https://github.com/heroku/heroku-buildpack-nodejs.git#v197
+https://github.com/pkgr/heroku-buildpack-ruby.git#v254-2

.dockerignore

@@ -0,0 +1,35 @@
+.github/
+.git
+.dockerignore
+.gitignore
+.bundle
+.env*
+.buildpacks
+.*.yml
+*.swp
+.*ignore
+*.md
+*.log
+docker/prod/Dockerfile
+docker/ci/Dockerfile
+Guardfile
+docker-compose.*
+browserslist
+
+/docs
+!/docs/api/apiv3/openapi-spec.yml
+!/docs/api/apiv3/paths
+!/docs/api/apiv3/tags
+!/docs/api/apiv3/components
+
+extra
+features
+help
+log/*.log
+spec
+/tmp
+frontend/.angular/cache
+frontend/node_modules
+node_modules
+# travis
+vendor/bundle

.editorconfig

@@ -0,0 +1,65 @@
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) 2012-2020 the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+# If you place a .env file into the root directory of OpenProject
+# you can override some default settings that overmind will use
+# to start OpenProject
+
+# This is used to prevent people from using the new docker-compose file for automated installs
+LOCAL_DEV_CHECK=1
+
+# Set this to your ckeditor build output directory (which includes ckeditor.js) if you
+# want to develop ckeditor locally.
+CKEDITOR_BUILD_DIR=./frontend/src/vendor/ckeditor/
+
+HOST=0.0.0.0
+PORT=4200
+
+# Use this variables to configure hostnames for frontend and backend, e.g. to enable HTTPS in docker development setup
+OPENPROJECT_DEV_HOST=localhost
+OPENPROJECT_DEV_URL=http://${OPENPROJECT_DEV_HOST}:${PORT}
+
+# Select edition from: ['standard','bim']
+OPENPROJECT_EDITION=standard
+
+DEV_UID=1000
+DEV_GID=1001
+
+DB_HOST=db
+DB_PORT=5432
+DB_USERNAME=openproject
+DB_PASSWORD=openproject
+DB_DATABASE=openproject
+
+CI_JOBS=24
+
+SMTP_ADDRESS=
+SMTP_PORT=
+SMTP_DOMAIN=
+SMTP_USER_NAME=
+SMTP_PASSWORD=

.env.example

@@ -0,0 +1,50 @@
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) 2012-2020 the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+# Nextcloud VCR credentials
+
+NEXTCLOUD_LOCAL_OAUTH_CLIENT_ID=
+NEXTCLOUD_LOCAL_OAUTH_CLIENT_SECRET=
+
+NEXTCLOUD_LOCAL_OPENPROJECT_UID=
+NEXTCLOUD_LOCAL_OPENPROJECT_SECRET=
+NEXTCLOUD_LOCAL_OPENPROJECT_REDIRECT_URI=https://nextcloud.local/index.php/apps/integration_openproject/oauth-redirect
+
+NEXTCLOUD_LOCAL_OAUTH_CLIENT_ACCESS_TOKEN=
+NEXTCLOUD_LOCAL_OAUTH_CLIENT_REFRESH_TOKEN=
+
+# Sharepoint/OneDrive VCR credentials
+
+ONE_DRIVE_TEST_TENANT_ID=
+ONE_DRIVE_TEST_DRIVE_ID=
+
+ONE_DRIVE_TEST_OAUTH_CLIENT_ID=
+ONE_DRIVE_TEST_OAUTH_CLIENT_SECRET=
+
+ONE_DRIVE_TEST_OAUTH_CLIENT_ACCESS_TOKEN=
+ONE_DRIVE_TEST_OAUTH_CLIENT_REFRESH_TOKEN=

.env.test.local.example

@@ -0,0 +1,35 @@
+---
+EnableDefaultLinters: true
+inherit_gem:
+  erblint-github:
+    - config/accessibility.yml
+exclude:
+  - '**/frontend/**/*'
+  - '**/node_modules/**/*'
+  - '**/vendor/**/*'
+linters:
+  ErbSafety:
+    enabled: true
+  Rubocop:
+    enabled: true
+    rubocop_config:
+      inherit_from:
+        - .rubocop.yml
+      Layout/InitialIndentation:
+        Enabled: false
+      Layout/LeadingEmptyLines:
+        Enabled: false
+      Layout/LineLength:
+        Enabled: false
+      Layout/TrailingEmptyLines:
+        Enabled: false
+      Layout/TrailingWhitespace:
+        Enabled: false
+      Naming/FileName:
+        Enabled: false
+      Style/FrozenStringLiteralComment:
+        Enabled: false
+      Lint/UselessAssignment:
+        Enabled: false
+      Rails/OutputSafety:
+        Enabled: false

.erb-lint.yml

@@ -0,0 +1 @@
+require "erblint-github/linters"

.erb-linters/erblint-github.rb

@@ -0,0 +1,12 @@
+# .git-blame-ignore-revs
+# lint with rubocop --autocorrect (safe cops only)
+48a4f1b6adb1e847a90a61f2ab277f28bcd77608
+# Update copyright information for 2023
+21a696ef9b170e14ad2daf53364a4c2113822c2f
+# Update copyright information for 2024
+c795874f7f281297bbd3bad2fdb58b24cb4ce624
+# switch to double quotes
+f3c99ee5dded81ad55f2b6f3706216d5fa765677
+5c72ea0046a6b5230bf456f55a296ed6fd579535
+9e4934cd0a468f46d8f0fc0f11ebc2d4216f789c
+6678cab48d443b5782fa93b171d62093819ee4fc

.git-blame-ignore-revs

@@ -0,0 +1,2 @@
+paths-ignore:
+  - frontend/src/vendor

.github/codeql/config.yml

@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/frontend"
+    schedule:
+      interval: "daily"
+    target-branch: "dev"
+    open-pull-requests-limit: 3
+    versioning-strategy: lockfile-only
+    groups:
+      angular:
+        patterns:
+          - '@angular*'
+      fullcalendar:
+        patterns:
+          - '@fullcalendar*'
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    target-branch: "dev"
+    open-pull-requests-limit: 3
+    versioning-strategy: lockfile-only

.github/dependabot.yml

@@ -0,0 +1,49 @@
+name: brakeman
+
+on:
+  pull_request:
+    branches:
+      - dev
+      - release/*
+    paths:
+      - '**.rb'
+  schedule:
+    - cron: '10 6 * * 1'
+
+permissions:
+  contents: read
+
+jobs:
+  brakeman-scan:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
+    if: github.repository == 'opf/openproject'
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    env:
+      RUBY_GC_HEAP_INIT_SLOTS: 100000
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+
+      - name: Setup Brakeman
+        run: |
+          gem install brakeman
+
+      - name: Scan
+        run: |
+          brakeman \
+            --ignore-config config/brakeman.ignore \
+            --no-exit-on-warn \
+            --no-exit-on-error \
+            --format sarif \
+            --output output.sarif.json
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: output.sarif.json

.github/workflows/brakeman-scan-core.yml

@@ -0,0 +1,44 @@
+name: codeql
+
+on:
+  push:
+    branches: [ "dev", "release/*", "stable/*" ]
+  pull_request:
+    branches: [ "dev", "release/*", "stable/*" ]
+  schedule:
+    - cron: '32 1 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: 'ubuntu-latest'
+    timeout-minutes: 120
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript-typescript', 'ruby' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          config-file: ./.github/codeql/config.yml
+          languages: ${{ matrix.language }}
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          queries: security-extended,security-and-quality
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/codeql-scan-core.yml

@@ -0,0 +1,27 @@
+name: continuous-delivery
+on:
+  push:
+    branches:
+      - dev
+      - release/*
+      - stable/*
+permissions:
+  contents: read
+
+jobs:
+  trigger_downstream_workflow:
+    permissions:
+      contents: none
+    if: github.repository == 'opf/openproject'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger Flavours workflow
+        env:
+          TOKEN: ${{ secrets.OPENPROJECT_CI_TOKEN }}
+          REPOSITORY: opf/openproject-flavours
+          WORKFLOW_ID: ci.yml
+        run: |
+          curl -i --fail-with-body -H"authorization: Bearer $TOKEN" \
+            -XPOST -H"Accept: application/vnd.github.v3+json" \
+            https://api.github.com/repos/$REPOSITORY/actions/workflows/$WORKFLOW_ID/dispatches \
+            -d '{"ref": "dev", "inputs": { "ref" : "${{ github.ref_name }}" }}'