## Summary
- Adds `scripts/check_ci_images.sh`: extracts every `From("...")` image reference from `ci/main.go` and runs `skopeo inspect --no-creds` on each one (manifest-only, no layer pull, no daemon required)
- Adds `task check-ci-images` task in `Taskfile.yml` that runs the script
- Adds `ci-image-exists` hook to `.pre-commit-config.yaml` that fires only when `ci/main.go` is staged (using `files: ^ci/main\.go$` rather than `always_run`, to avoid a network round-trip on every unrelated commit)
- Adds `skopeo` to the Nix devShell so the tool is on PATH when the hook runs via `nix develop --command`
This catches a bad image tag (like `ghcr.io/cirruslabs/flutter:3.44.1` not yet published) at commit time, before the push reaches CI.
## Test plan
- Stage a change to `ci/main.go` bumping a `From("...")` tag to a non-existent version → hook rejects commit with NOT FOUND
- Stage a change with valid image tags → hook prints OK for each image and allows the commit
- Stage a change to any other file → `ci-image-exists` hook is skipped entirely
Closes#407
Co-authored-by: Thomas SharedInbox <sharedinbox@thomas-guettler.de>
Reviewed-on: https://codeberg.org/guettli/sharedinbox/pulls/413
Replace `import nixpkgs { inherit system; }` with the idiomatic flake
pattern `nixpkgs.legacyPackages.\${system}`, which avoids the evaluation
warning: 'system' has been renamed to/replaced by 'stdenv.hostPlatform.system'.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add Dagger to flake.nix
- Create Dagger module in ci/ with Flutter build/test logic
- Update .forgejo/workflows/ci.yml to use Dagger
- Move Android emulator tests to separate disabled workflow
- Add .daggerignore to exclude host junk
httplib2 raises RedirectMissingLocation on Google Play's resumable upload
redirects, causing every deploy since run #77 to fail. Replace google-api-python-client
+ google-auth-httplib2 with a direct requests-based implementation using
AuthorizedSession; drop httplib2 from flake.nix entirely.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add ndk debugSymbolLevel=FULL to release build type (opt-B for debug symbols)
- Add google-api-python-client to Nix devshell
- Add scripts/deploy_playstore.py to upload AAB to internal track
- Add deploy-android-bundle task to Taskfile
- Enable release.yml (remove if:false, wire up task deploy-android-bundle)
- Fix forbidden-files pre-commit hook to run task via nix develop (like dart-check)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- flake.nix: replace tea with fgj (fetchurl of v0.4.0 linux_amd64 binary)
- flake.nix shellHook: export IN_NIX_SHELL=1 so that nix develop --command
sets the variable that _preflight checks (nix develop does not set it
automatically, unlike the old nix-shell)
- Taskfile.yml _preflight: use IN_NIX_SHELL check instead of DIRENV_DIR,
which never worked in CI
- scripts/ci_logs.sh + task ci-logs: fetch raw Codeberg Actions job logs
from the web-UI endpoint (API endpoint not available on Codeberg 15.0.0)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix IMAP attachment sizes showing as '0 B' by falling back to decoded content length.
- Fix IMAP attachment downloads failing for single-part fetches by falling back to root message.
- Implement immediate server-side sync for deletions/flags using a new onChangesQueued stream.
- Automate FVM SDK setup and add 'task setup'.
- Make MobSF optional in build-android to handle environment restrictions.
- Update test fakes to match EmailRepository interface changes.
The Android UI integration test failed at tap(aliceTile) with "0 widgets"
even though pumpUntil had just found the tile. On the slow software-rendered
emulator the route-pop animation finalises during pumpUntil's trailing 300 ms
settle, briefly leaving the tile out of the tree. Re-confirm with a second
pumpUntil before the tap.
Bundles the previously uncommitted infra changes that make task deploy-android
run end-to-end inside nix develop: Linux desktop runtime libs + GL software
rendering env in flake.nix, path_provider_android pin to <2.3 to avoid the
libdartjni SIGSEGV, deferred DB-path resolution after WidgetsFlutterBinding,
+iglx for xvfb-run, platform-tools on PATH, and a single pre-commit script
replacing the dart-format / task-check-fast pair.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Add lcov to nix flake (required for flutter --merge-coverage)
- stalwart-dev/test.sh: collect and merge coverage when unit baseline exists
- run_unit_tests.sh: remove inline coverage check (now in dedicated task)
- Taskfile: add coverage task; check runs test → integration → coverage
sequentially so the gate sees combined unit + integration data
- check-fast (pre-commit) omits coverage gate since integration tests
don't run there; full gate runs only in task check
- Drop two untestable fake-only tests (UID-validity reset, malformed envelope)
- Coverage threshold restored to 80% (84% with merged data)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- flake.nix: Flutter 3.41.6, Android SDK, Stalwart, GTK3/build
tools for Linux desktop, go-task
- .envrc: copied from sharedinbox — use flake + dotenv_if_exists
- Taskfile.yml: analyze, test, integration, codegen, run tasks
- stalwart-dev/: IMAP+SMTP dev server reused from sharedinbox
- test/integration/imap_sync_test.dart: login, list mailboxes,
send via SMTP and receive via IMAP
- pubspec.yaml: add flutter_secure_storage
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
