Shows version, platform, OS version, screen resolution, Dart version, and
processor count in a markdown table. Buttons let users copy the info to
clipboard or open a pre-filled Codeberg issue.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The standalone "Check mocks are up to date" step ran build_runner AOT
compilation separately, then task check ran it again (check-mocks is
already a dep of check). The double invocation caused the build_runner
AOT compile to receive SIGTERM on the CI runner in run 4027578.
task check already verifies mocks via its check-mocks dep, so the
standalone step is redundant.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Track how long each mailbox takes to sync and display it in the
sync log expanded view (e.g. "2 new · 5 up-to-date · 1.3s").
- Add optional `duration` field to `MailboxSyncStats`
- Capture per-mailbox start/end time in both IMAP and JMAP sync loops
- Store as `duration_ms` in `sync_log_mailboxes` (schema v30 migration)
- Read back and reconstruct `Duration` in repository
- Show timing alongside fetch/skip counts in per-mailbox breakdown
- Extract `_fmtDuration` helper, reuse for the existing total duration
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add "Force full sync" popup menu item below "Verify sync health" in the
per-account menu on the account list screen, with a confirmation dialog.
Remove the button and handler from the edit account screen.
HTML emails with black text became unreadable when viewed in dark mode
because the WebView inherited a dark background from the system theme.
Inject `color-scheme: light` CSS + meta tag so the WebView always renders
email content on a white background, regardless of the device theme.
Extracts `buildEmailHtml()` as a `@visibleForTesting` top-level function
and adds unit tests to cover the light-mode enforcement and CSP logic.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace getTemporaryDirectory() + OpenFilex.open() with
getDownloadsDirectory() (fallback to temp) so the .eml file lands in
the public Downloads folder instead of triggering Android's
"open with" dialog.
- Show a SnackBar with the saved path after download instead of
launching a file viewer.
- Display the email size (via fmtSize) at the top of the Raw Email
dialog, above the scrollable content.
- Add widget test covering the size display in the Raw Email dialog.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Searching for "foo" now finds "foobar" (prefix of a word) but not
"blafoo" (suffix). The FTS5 query already used the foo* prefix form;
this commit extends the same semantics to folder-name and address
matching in the search screen, replacing contains() with a
word-boundary regex check. Tests added for all three paths.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
checkNow() previously delegated to _runAll(), which gated each
account on the _running flag (only true after start() is called).
This meant the manual "Verify sync health" action silently did nothing
if start() had not yet been called, or in any context where the
periodic runner was not active (e.g. widget tests).
Fix: checkNow() now iterates accounts directly and calls
_runForAccount() with force:true, bypassing the _running guard.
The guard is still respected during periodic runs for graceful
shutdown.
Adds three unit tests that reproduce the bug and verify the fix.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The deploy steps in build-linux and deploy-playstore already use
continue-on-error: true when SSH secrets may be absent, but
publish-website did not — causing a hard failure when SSH_USER is unset.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The builds page at /builds/ was empty because generate-build-history
only ran inside deploy-playstore; if that job failed early (e.g. Play
Store secrets not configured) the website was never updated, and the
build-linux job never triggered a website update at all.
Changes:
- generate_build_history.py: extend to cover Linux tarballs in addition
to Android APKs, capped at MAX_BUILDS_PER_PLATFORM (30) each
- Taskfile: add website-publish task (generate-build-history +
website-deploy), exclude *.tar.gz from rsync, update descriptions
- .forgejo/workflows/ci.yml: add publish-website job that waits for
both build-linux and deploy-playstore (using always() so it runs
even when deploy-playstore fails), then removes the duplicate
generate/deploy steps from deploy-playstore
- .github/workflows/ci.yml: add deploy job that deploys Linux build,
generates build history, builds Hugo site, and rsyncs to server
- .gitignore: ignore website/content/builds/_index.md (generated),
Python __pycache__, and widget test failure screenshots
- stalwart-dev/integration_ui_test.sh: use ${USER:-$(id -un)} for
robustness in environments where USER is unset
- scripts/test_generate_build_history.py: unit tests for parse_builds
and render_entries covering both platforms
Generated content (builds/_index.md and per-day pages) is not tracked
in git; it is produced at CI time and rsynced to the server.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Reuse the same Sieve UI for both server-side (ManageSieve/JMAP) and local
email filters. Both filter sets are stored and managed independently.
Changes:
- Add LocalSieveScripts table (DB schema v29) to store local Sieve scripts
- Add LocalSieveRepository with full CRUD and activate-script support
- Add isLocal param to SieveScriptsScreen and SieveScriptEditScreen; each
screen shows a banner explaining whether scripts run on the server or device
- Add routes /accounts/:id/sieve/local and /accounts/:id/sieve/local/edit
- Split "Email filters" account menu entry into "Server email filters" and
"Local email filters" (local is always available, server requires ManageSieve)
- Wire up localSieveRepositoryProvider in DI
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Without `< /dev/null`, claude detects the tmux PTY as stdin and blocks
waiting for user input that never arrives (the PTY never sends EOF).
The 3-second stdin-timeout only fires for pipe stdin, not TTY stdin.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Filter deleted emails locally in _batchDelete so the pop-back fires
immediately instead of waiting for the IMAP server to catch up.
- Add _openSearchResultAndRefresh / _refreshSearchAndPopIfEmpty so that
returning from EmailDetailScreen after deleting the last match also
pops EmailListScreen back to the caller.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace bare subprocess.Popen with `tmux new-session -d` so each agent
runs in a detached tmux session that inherits the tmux server's environment
(including ANTHROPIC_API_KEY / keychain access, which cron's minimal env
lacks — the root cause of intermittent empty log files).
- Track agents by tmux session name instead of PID; age is derived from the
state-file `started_at` timestamp rather than /proc/<pid>/stat.
- `_kill_agent` terminates via `tmux kill-session`; backward compat preserved
for old state files that stored a `pid`.
- Operators can now `tmux attach -t issue-<N>` to watch live output, or
`claude --resume issue-<N>` to continue the conversation afterward.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Two bugs prevented snoozing in a brand-new IMAP/JMAP account:
- IMAP flush read `payload['mailboxPath']` which doesn't exist in snooze
payloads (they use 'src'); selecting the wrong (null) mailbox caused the
operation to fail. Now uses `payload['mailboxPath'] ?? payload['src']`.
- JMAP flush had no path to create the Snoozed mailbox when the folder
didn't already exist on the server. Flush now calls `Mailbox/set` to
create it whenever `dest == 'Snoozed'` (the sentinel used when the folder
was absent at enqueue time), then substitutes the real JMAP mailbox ID.
Tests added for both code paths using a spy IMAP client and a mock JMAP
HTTP client respectively.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add Export account screen (QR code + copy-to-clipboard) and Import
account screen (paste JSON code) so users can transfer IMAP/JMAP
account configuration to another device without re-entering every field.
- Account list popup: "Export account" opens a QR code with a password
warning and a copy-code button.
- Add Account screen: "Import account" button opens the import flow
where pasting the exported JSON pre-fills the account and one tap
saves it with a fresh generated ID.
- New routes: /accounts/:id/export and /accounts/import.
- Widget tests cover export display, import parsing, validation,
and the happy-path save-and-navigate flow.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When the user searches in a mailbox, selects all results, and deletes
them, re-evaluate the search. If no results remain and there is a
previous screen in the navigation stack, pop back to it instead of
clearing the search and showing the regular inbox.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The JMAP body-fetch path never requested or stored `bodyStructure`, so
`body.mimeTree` was always null for JMAP accounts — causing Show Mail
Structure to show nothing.
Fix: include `bodyStructure` in the JMAP `Email/get` request and convert
it to the same JSON format used by the IMAP path via the new
`_jmapBodyStructureToJson` helper. The parsed tree is persisted in the
DB and returned from `getEmailBody`, so the cached round-trip also works.
Tests added:
- Unit: JMAP getEmailBody populates mimeTree from bodyStructure and
survives the cache round-trip; null when bodyStructure is absent.
- Widget: Show Mail Structure dialog displays all MIME parts when
mimeTree is present; snackbar appears when mimeTree is null.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Cron runs with a minimal environment that doesn't include ~/.nix-profile/bin,
causing every invocation to crash with FileNotFoundError on 'tea'.
Closes#93
Polls Codeberg CI and State/Ready issues every 10 minutes, launching
Claude Code agents for CI fixes and issue work, with PID-based liveness
tracking and automatic timeout after 1 hour.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a MimePart tree model, parses it from the IMAP BODYSTRUCTURE
when fetching the email body, caches it in a new mime_tree_json column
(schema v28), and exposes a 'Show Mail Structure' overflow menu item
that renders the indented tree (content-type, filename, size, encoding)
in an AlertDialog alongside the existing headers dialog.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Emails with multipart/related structure reference embedded images via
cid: URIs. The WebView's CSP only allows data:/blob: sources, so those
images were never shown. injectInlineImages() now replaces each cid:
reference with a data: URI using the decoded bytes from the MIME tree,
both for double-quoted and single-quoted src attributes.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Two fixes for the UndoLog:
1. Don't delete the original undo log entry when undo is performed.
The entry stays in the log alongside the new inverse action, so
the user can retry the undo if it was silently reverted by an
IMAP sync.
2. Fix IMAP UID mismatch: after an IMAP move is applied on the server
the email gets a new UID in the destination folder. The undo service
now looks up the email by its RFC 2822 Message-ID when the original
row is gone, so the reverse-move pending change carries the correct
UID and actually succeeds on the server.
Add findEmailByMessageId to EmailRepository interface and impl.
Add a regression test that simulates the UID change scenario.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
After deleting all selected emails from a search view, re-run the
search query. If no emails match any more, clear the search bar so
the user returns to the normal thread list view instead of seeing
a stale list of already-deleted messages.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add check-mocks task that re-runs build_runner and fails if any
*.mocks.dart file differs from what is committed. Wired into
check-fast (pre-commit) and added as an early CI step so stale
mocks are caught before the full test suite runs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Instead of reconstructing the message from the local DB, fetch the
original bytes live from IMAP (BODY.PEEK[]) or JMAP (Email/get blobId
→ downloadBlob) so the view shows the true unmodified message.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a new popup menu item below "Show Mail Headers" that displays the
email in RFC-style ASCII format (headers + plain-text body), with a
Copy-to-clipboard button and a Download button that saves a .eml file
and opens it via the system file handler.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Swap the flutter_html renderer for a webview_flutter-based widget that
enforces strict security by default: scripts blocked via CSP
(script-src 'none'), remote images opt-in, and every link click routed
through a confirmation dialog that bolds the registered domain for
phishing detection. Links open in the system browser via url_launcher.
On Linux (no webview_flutter platform support) the widget falls back to
plain text extracted via the existing htmlToPlain() utility.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Builds and deploys Windows once a day (02:00 UTC) instead of on every
push to main. Skips the build if no commits landed on main in the last
24 hours. Kept disabled (if: false) until a windows-runner is
registered.
Closes#77
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
timeout-minutes doesn't start until a runner accepts the job, so the
job would queue indefinitely. Disable with if: false for now — change
back to github.ref == 'refs/heads/main' once a windows-runner runner
is set up.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
60-minute wait blocks every run. 5 minutes lets it fail fast with
continue-on-error, leaving the rest of the workflow unaffected.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
With set -Eeuo pipefail, a failing fvm flutter test exited the script
before _e2e_exit=$? could run, so the retry-on-new-display logic never
fired. Use the cmd || var=$? pattern to capture the exit code safely,
and add || true to the break guard so set -e doesn't trip on it.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The windows-runner self-hosted runner doesn't exist yet, so the job
would block the run indefinitely. With continue-on-error + timeout it
fails gracefully once a runner is registered and picks up the job.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds build-windows-release and deploy-windows-to-server Taskfile tasks,
a build-windows CI job (requires a windows-runner self-hosted runner),
and extends updateInfoProvider to also cover Platform.isWindows.
latest.json is now extended with a 'windows' key; both deploy tasks
preserve the other platform's URL when updating the file.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Build task embeds GIT_HASH via --dart-define; new deploy-linux-to-server task
packages a tar.gz and updates latest.json on the server. The account list screen
shows a MaterialBanner when a newer Linux build is available.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add ORDER BY receivedAt DESC to the searchAddresses query so the first
unique occurrence of each address comes from the newest email. Contacts
from recent conversations float to the top of the suggestions list.
Add a unit test verifying the sort order.
Fixes#83
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
_RawAutocompleteState.dispose() removes _updateOptionsViewVisibility
from the external FocusNode but forgets to remove _onFocusChange. When
the state is recreated with the same FocusNode both listeners accumulate,
and the second hide() call hits the _zOrderIndex != null assertion in
overlay.dart:1681. This is a Flutter framework bug, not a test deficiency.
Restore the filter with a comment pointing to the root cause so it can
be removed when we upgrade past the fix.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When focus leaves the To field while the address DB query is in flight,
the optionsBuilder Future completes AFTER RawAutocomplete has already
called hide() on the overlay. The completion triggers a second hide()
call, hitting the _zOrderIndex != null assertion in overlay.dart.
Fix: check focusNode.hasFocus after the await; return [] if focus left,
which prevents RawAutocomplete from calling show()/hide() on a closed
overlay.
Also fixes#81 partially: after undo(), push an inverse UndoAction so
the undo log retains a record and the user can re-apply the operation.
Fixes#79
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The /builds/ page returned 404 because website/content/builds/ was fully
gitignored — Hugo had no content to generate the section landing page.
Fix:
- Narrow .gitignore to only ignore year-subdirectories (YYYY/) so that
_index.md can be committed as a static fallback.
- Add website/content/builds/_index.md with section description.
- Enhance generate_build_history.py to fetch and display commit datetime
alongside title, and render _index.md as a flat list of all builds
(newest-day first) so the section landing page is useful immediately.
Fixes#82
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A plain pump() between enterText(To) and enterText(Subject) does not
prevent the _zOrderIndex assertion: hide() is called twice synchronously
during the focus-dispatch triggered by the second enterText().
Fix: explicitly call primaryFocus?.unfocus() after the To field, then
pump(300ms) so RawAutocomplete's OverlayPortal closes via a single
FocusNode notification. By the time Subject takes focus the overlay is
already hidden — no second hide() fires.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
RawAutocomplete's OverlayPortalController.hide() was called twice:
once when focus left the To field and again when ComposeScreen was popped,
triggering the _zOrderIndex assertion in overlay.dart.
Fix by:
1. pump() after entering the To field so the overlay has a frame to close
before the Subject field takes focus.
2. unfocus() + pump() before tapping Send so the overlay is already hidden
when the screen pops, preventing a second hide() on unmount.
Remove the _zOrderIndex string-filter from FlutterError.onError — the
root cause is fixed rather than suppressed.
Fixes#79
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
After showDialog and after the two repo awaits (getEmail/deleteEmail),
the widget may have been disposed — calling ref.read on a disposed
ConsumerStatefulElement throws "Cannot use 'ref' after the widget was
disposed." Add if (!mounted) return; at both points.
Fixes#80
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
SSH secrets (SSH_USER, SSH_HOST, SSH_PRIVATE_KEY) are not yet configured
as repository secrets. Mark the four SSH-dependent steps continue-on-error
so the Play Store deploy job succeeds while those secrets are pending.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The deploy-apk-to-server task depends on build-android which signs the
APK — it needs the keystore password or the packageRelease Gradle task
fails.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
_verifyErrorWidgetBuilderUnset is called from _runTestBody after testBody()
returns, but addTearDown callbacks run after _runTestBody — so teardown is
too late for this check. Restore ErrorWidget.builder inline, right after
app.main() sets it, so the binding sees the original value when it verifies.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
app.main() also sets ErrorWidget.builder to its CrashScreen handler.
The test binding's _verifyErrorWidgetBuilderUnset check fires when
ErrorWidget.builder != its pre-test value after the test completes.
Save and restore ErrorWidget.builder alongside FlutterError.onError.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
OverlayPortalController.hide() asserts _zOrderIndex != null before
clearing it. In headless tests without navigation animations, rapid
screen dismissal can trigger hide() twice (once on focus loss, once on
widget unmount) — a Flutter framework race that overlay.dart itself
notes should not happen during rebuilds. Filter it alongside the
existing DEFUNCT/DISPOSED suppressions.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
app.main() synchronously sets FlutterError.onError to its crash-screen
handler, overwriting the filter the test had registered first. The test
binding's _runTest finally-block checks FlutterError.onError != _recordError
and fires assertion '_pendingExceptionDetails != null', which prevents the
integration test framework from calling exit() — causing the process to hang
for the full 360-second timeout.
Fix: capture the binding's error recorder (bindingError) before app.main(),
call app.main() first, then install the DEFUNCT/DISPOSED filter pointing at
bindingError, and restore to bindingError in teardown. This keeps the crash
handler from interfering with the test binding's error tracking.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Future.any([Future.delayed(N), stopSignal.future]) left unfired Timers
alive after stop() fired the signal — pending Timers kept the Dart event
loop running and prevented the process from exiting, causing the E2E
integration test to time out (exit 124) instead of exiting cleanly.
Replace all four occurrences with an explicit Timer that completes the
stop-signal and is cancelled in a finally block, so the Dart isolate can
exit as soon as the sync loops are stopped.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- scripts/generate_build_history.py: SSH into server, list APKs under
public_html/builds/YYYY/MM/DD/, fetch commit titles from Codeberg API,
and write Hugo content pages to website/content/builds/
- Taskfile: add deploy-apk-to-server and generate-build-history tasks;
add --exclude='*.apk' to website-deploy rsync so APKs survive redeploy
- CI: after Play Store deploy, set up SSH key, scp APK, generate history,
then deploy website
- .gitignore: exclude website/content/builds/ (generated at deploy time)
- website/hugo.toml: add Builds nav item
Closes#73
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When a sync failure banner appears in the email list screen, a new
'View log' button navigates directly to the account's sync log screen
so the user can see the full error details.
Also creates issue #75 for the first-snooze-in-new-account failure.
Closes#13
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds RawAutocomplete<EmailAddress> to the To and Cc fields in the
compose screen. As the user types (minimum 2 chars), suggestions are
fetched from the local DB by searching from/to/cc columns of cached
emails. Selecting a suggestion appends it to any existing addresses
already in the field (comma-separated).
New repository method searchAddresses() returns deduplicated
EmailAddress objects matching the query string.
Closes#11
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Issue reports now include:
- App version (from package_info_plus)
- OS name and version (non-personal, from dart:io Platform)
- Error and stack trace wrapped in triple-backtick code blocks
so Codeberg renders them as preformatted text
Closes#59
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
actions/checkout defaults to fetch-depth: 1 (shallow clone).
generate-changelog runs git log -n 50, so only one entry appeared
in the built app. Fetching 50 commits gives a complete changelog.
Closes#64
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The user should set State/Ready manually when the issue is ready
to be worked on, not automatically on creation.
Closes#74
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add --no-warn-dirty to all nix develop calls to suppress Git dirty-tree warnings
- Switch integration test reporter from expanded to compact (per-test names suppressed on success)
- Show only summary line on integration test success, matching unit/widget test behavior
Closes#8
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
getSingle() throws 'Bad state: No element' when the email row is gone
(race condition in batch operations or already deleted). Switch to
getSingleOrNull() and return early so batch moves/flags/deletes on
stale IDs fail silently instead of crashing.
Closes#58
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
A partial BODY.PEEK[n] fetch omits the section's MIME headers, so
enough_mail's decodeContentBinary() has no Content-Transfer-Encoding
and returns the raw base64 string instead of the decoded bytes.
Fetching BODY.PEEK[] gives enough_mail the full MIME structure and
getPart(fetchPartId) correctly decodes the attachment.
Also adds an integration test that creates an email with a binary
attachment, syncs it, and asserts the downloaded bytes match the
original — this test failed before the fix.
Closes#70
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Mobile platforms provide OS-level back navigation (swipe gesture),
so the redundant AppBar back button only clutters the toolbar.
Desktop keeps it since there is no system back gesture.
Closes#69
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The (YY-20)mmddHHMM formula generates ~605M for 2026, which is lower
than existing epoch-second deployments (~1.747B). Google Play rejects
version code regressions at commit time (403 Forbidden).
Blocked — see issue #63 for context.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Makes the InProgress-first rule harder to skip by including the exact
command to run, so there is no ambiguity about how or when to do it.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces epoch seconds with a compact date-based integer so the Play
Store version code is interpretable by humans while staying below the
2 100 000 000 upper bound until ~2040.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
date +%y%m%d%H%M for 2026-05-14 17:17 = 2605141717 which exceeds
Android's 2100000000 versionCode cap, aborting the build.
Epoch seconds (~1.75B today) stay under the cap and remain unique.
Human-readable build-name (yymmddhhmm) is unchanged for issue #63.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
workflow_run is not supported by Forgejo Actions — release.yml never
fired after CI passed. Port the deploy-playstore job into ci.yml with
needs: check + if: main, matching the pattern already used by build-linux.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The U7 onboarding view replaced "No accounts yet." with "Welcome to
SharedInbox", causing the E2E test to spin for the full timeout budget
(pumping slowly in headless CI) before failing. Fix the finder and
bump per-attempt timeout from 240s → 360s and CI job ceiling from
20 min → 30 min to give the full account-add → send → verify flow
room to complete.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
xvfb-run catches SIGTERM from `timeout`, kills its children, and exits 0,
making a timed-out test indistinguishable from a pass (CI #168 false positive).
Running Xvfb ourselves captures fvm flutter test's real exit code so timeouts
(exit 124) are correctly treated as failures.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Previous failed CI runs leave orphan sharedinbox/flutter processes that hold
onto Xvfb display resources, causing the next run's GTK app to hang during
initialisation (never connects back to the flutter test runner, no output
for 9+ min until timeout fires).
Fix:
- Kill stale sharedinbox/flutter processes before launching xvfb-run
- Retry the xvfb-run call once (4-min timeout per attempt) so a transient
display-init hang doesn't permanently fail the job
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Splitting into separate steps breaks the Dart compilation cache that task
check builds up via parallelism. Without the shared cache, flutter test
integration_test/ -d linux rebuilds cold (9+ min instead of ~24s).
Keep the single 'nix develop --command task check' step which runs
analyze+build-linux+test in parallel (Task deps) and warms the cache
before the E2E test. Add timeout-minutes: 20 as a job-level safety net.
The xvfb-run timeout 600 (already in integration_ui_test.sh) still
prevents infinite hangs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sequential CI steps leave the runner under heavier load than the parallel
task check approach, so the E2E test can legitimately take 4-5 min.
Raise timeout 300→600 in integration_ui_test.sh and step timeout 6→12 min.
Job-level ceiling raised to 30 min to match.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The assets/ directory is created by generate-changelog. Splitting CI into
separate steps meant analyze ran before any step created it, causing a
pubspec.yaml asset_directory_does_not_exist warning that fails the check.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Split single 'Run Full Check Suite' step into named steps so per-step
timing is visible in the CI UI
- Add timeout-minutes: 20 to the overall job and timeout-minutes: 6 to
the UI E2E step — previously a stuck xvfb-run could hang for 23+ min
- Add 'timeout 300' to xvfb-run in integration_ui_test.sh so the E2E
test exits with a clear error instead of hanging indefinitely
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add Select All button to AppBar during selection mode (#15)
- Replace Unix timestamp build number with yymmdd-hhmm format (#63)
- Gate release.yml on CI workflow success via workflow_run event
- Update golden for email_list_selection to reflect new Select All button
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
httplib2 raises RedirectMissingLocation on Google Play's resumable upload
redirects, causing every deploy since run #77 to fail. Replace google-api-python-client
+ google-auth-httplib2 with a direct requests-based implementation using
AuthorizedSession; drop httplib2 from flake.nix entirely.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
git rev-list --count returns 1 in shallow CI clones. A Unix timestamp
(~1.747B, well under Android's 2.1B max) is always increasing and works
in both CI shallow checkouts and local full clones.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Play Store rejects versionCode 1 since it was already used. Deriving
the build number from `git rev-list --count HEAD` gives a monotonically
increasing versionCode on every push with no manual bumping required.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Missing generated .g.dart files caused flutter build appbundle to fail.
_codegen already implies _pub-get via its dep chain.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
First run downloads cmdline-tools + platform-tools + android-34; subsequent
runs find the SDK at ~/Android/Sdk and skip in under a second.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add ndk debugSymbolLevel=FULL to release build type (opt-B for debug symbols)
- Add google-api-python-client to Nix devshell
- Add scripts/deploy_playstore.py to upload AAB to internal track
- Add deploy-android-bundle task to Taskfile
- Enable release.yml (remove if:false, wire up task deploy-android-bundle)
- Fix forbidden-files pre-commit hook to run task via nix develop (like dart-check)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The direct fvm call bypasses codegen and uses stale runner build cache.
task build-linux-release runs _codegen as a dep and passes --no-pub.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Forgejo Actions is GitHub Actions-compatible; expressions use github.*
not gitea.*. gitea.ref causes a YAML schema validation error.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace github.ref with gitea.ref in ci.yml (Forgejo uses gitea context)
- Fix README.md CI path from .github/ to .forgejo/
- Use codeberg icon instead of github icon in hugo.toml social link
- Add Privacy Policy page required for Google Play Store submission
- Add Privacy Policy link to website nav menu
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
HUGO_PARAMS_GITVERSION was stripped when website-build called
'nix develop --command hugo' from within an already-active nix shell
(nested nix develop resets the environment). Hugo is already on PATH
from the outer 'nix develop --command task website-deploy' in CI, and
locally tasks run from within 'nix develop' per AGENTS.md convention.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- website/layouts/_partials/extend_head.html: injects <meta name="x-version">
using HUGO_PARAMS_GITVERSION (set by Taskfile at build time)
- Taskfile: website-build sets HUGO_PARAMS_GITVERSION=<short HEAD>;
new website-verify task runs scripts/website-verify.sh
- scripts/website-verify.sh: fetches homepage, retries 6x/10s, checks
that the deployed version hash matches HEAD
- website.yml: Verify step after Deploy; scripts/website-verify.sh added
to path trigger
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
enough_mail is a pub dependency, not a vendored package.
Add missing 'Enable Nix flakes' step to website.yml (matching ci.yml)
and remove redundant branch condition already handled by the trigger.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- flake.nix: replace tea with fgj (fetchurl of v0.4.0 linux_amd64 binary)
- flake.nix shellHook: export IN_NIX_SHELL=1 so that nix develop --command
sets the variable that _preflight checks (nix develop does not set it
automatically, unlike the old nix-shell)
- Taskfile.yml _preflight: use IN_NIX_SHELL check instead of DIRENV_DIR,
which never worked in CI
- scripts/ci_logs.sh + task ci-logs: fetch raw Codeberg Actions job logs
from the web-UI endpoint (API endpoint not available on Codeberg 15.0.0)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
