guettli/sharedinbox
1
0
Fork 0
Code Issues 21 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: guettli/sharedinbox:issue-205-fix
Branches Tags
guettli/sharedinbox:main guettli/sharedinbox:issue-563-agentloop-validation guettli/sharedinbox:dummy-pr-test guettli/sharedinbox:issue-560-fix-firebase-run-url guettli/sharedinbox:issue-539-stable-imap-uid guettli/sharedinbox:issue-533-shared-email-list guettli/sharedinbox:plan-issue-555 guettli/sharedinbox:drop-nix guettli/sharedinbox:plan-issue-484 guettli/sharedinbox:plan-issue-539 guettli/sharedinbox:plan-issue-535 guettli/sharedinbox:plan-issue-474 guettli/sharedinbox:plan-issue-533 guettli/sharedinbox:fix-dagger-engineless-precommit guettli/sharedinbox:issue-521-fix-deploy-yml-wait-time-api guettli/sharedinbox:issue-502-fix-email-id-collision-mailbox guettli/sharedinbox:issue-492-eliminate-duplicate-build-runner guettli/sharedinbox:issue-494-website-change-detection guettli/sharedinbox:issue-491-parallelize-check guettli/sharedinbox:issue-478-fix-stalwart-dual-stack-bind guettli/sharedinbox:issue-475-allowed-addresses-glob guettli/sharedinbox:issue-473-search-result-reorder guettli/sharedinbox:issue-453-update-agentloop-defaults guettli/sharedinbox:issue-466-structured-search guettli/sharedinbox:issue-505-exclude-chaos-monkey-from-regular-ci guettli/sharedinbox:issue-509-fix-search-result-sorting guettli/sharedinbox:fix-ink-sparkle-remaining-tests guettli/sharedinbox:issue-506-fix-search-emails-tests guettli/sharedinbox:issue-504-runner-wait-time guettli/sharedinbox:issue-488-search-notes guettli/sharedinbox:issue-472-changelog-issue-links guettli/sharedinbox:issue-501-folder-search-local-sqlite guettli/sharedinbox:issue-486-fix-stale-test-shader-mismatch guettli/sharedinbox:fix/prevent-settled-search-rerun-473 guettli/sharedinbox:issue-467-fix-search-stale-results guettli/sharedinbox:issue-446-installed-versions-in-changelog guettli/sharedinbox:issue-462-fix-pr guettli/sharedinbox:issue-448-chaos-monkey-test guettli/sharedinbox:issue-436-notes-on-emails guettli/sharedinbox:issue-429-unify-mail-display guettli/sharedinbox:issue-422-move-to-folder-create-new guettli/sharedinbox:issue-414-ensure-not-run-as-root guettli/sharedinbox:issue-424-unify-email-list-views guettli/sharedinbox:issue-419-trusted-senders-page guettli/sharedinbox:issue-425-fix-prs guettli/sharedinbox:test-foo guettli/sharedinbox:issue-421-bug-report guettli/sharedinbox:issue-383-fix-ci guettli/sharedinbox:issue-394-fix-deploy-flutter-version guettli/sharedinbox:issue-391-fix-ci-double-trigger guettli/sharedinbox:issue-376-combined-inbox-v2 guettli/sharedinbox:issue-376-combined-inbox guettli/sharedinbox:issue-384-fix-open-prs guettli/sharedinbox:sops-migrate guettli/sharedinbox:issue-339-safe-first-on-imap-fetch guettli/sharedinbox:issue-340-try-catch-measure-height guettli/sharedinbox:issue-342-pin-intl-version guettli/sharedinbox:issue-341-guard-threademails-last guettli/sharedinbox:issue-335-agentloop-code-test guettli/sharedinbox:issue-329-fix guettli/sharedinbox:issue-315-fix guettli/sharedinbox:issue-320-fix guettli/sharedinbox:issue-325-fix guettli/sharedinbox:issue-312-fix guettli/sharedinbox:issue-311-fix guettli/sharedinbox:issue-305-fix guettli/sharedinbox:issue-304-fix guettli/sharedinbox:issue-299-fix guettli/sharedinbox:issue-300-fix guettli/sharedinbox:issue-298-fix guettli/sharedinbox:issue-296-fix guettli/sharedinbox:issue-294-fix guettli/sharedinbox:issue-289-fix guettli/sharedinbox:issue-288-fix guettli/sharedinbox:issue-287-fix guettli/sharedinbox:issue-286-fix guettli/sharedinbox:issue-277-fix guettli/sharedinbox:issue-282-fix guettli/sharedinbox:issue-280-fix guettli/sharedinbox:issue-272-fix guettli/sharedinbox:issue-268-fix guettli/sharedinbox:issue-267-fix guettli/sharedinbox:issue-266-fix guettli/sharedinbox:issue-258-fix guettli/sharedinbox:issue-260-fix guettli/sharedinbox:issue-257-fix guettli/sharedinbox:issue-253-fix guettli/sharedinbox:issue-216-fix guettli/sharedinbox:issue-251-fix guettli/sharedinbox:issue-249-fix guettli/sharedinbox:issue-question-fixes guettli/sharedinbox:issue-235-fix guettli/sharedinbox:issue-236-fix-v2 guettli/sharedinbox:issue-237-fix guettli/sharedinbox:issue-236-fix guettli/sharedinbox:issue-228-fix guettli/sharedinbox:issue-217-fix guettli/sharedinbox:issue-214-fix guettli/sharedinbox:issue-213-fix guettli/sharedinbox:issue-208-fix guettli/sharedinbox:issue-205-fix guettli/sharedinbox:issue-204-fix guettli/sharedinbox:issue-203-fix guettli/sharedinbox:issue-202-fix guettli/sharedinbox:issue-129-fix guettli/sharedinbox:issue-161-fix guettli/sharedinbox:issue-160-fix guettli/sharedinbox:issue-201-fix guettli/sharedinbox:issue-210-fix guettli/sharedinbox:issue-198-fix guettli/sharedinbox:issue-200-fix guettli/sharedinbox:issue-144-fix guettli/sharedinbox:issue-199-fix guettli/sharedinbox:fix/playstore-upload-use-requests guettli/sharedinbox:issue-193-fix guettli/sharedinbox:issue-186-fix guettli/sharedinbox:issue-185-fix guettli/sharedinbox:issue-192-fix guettli/sharedinbox:issue-183-fix guettli/sharedinbox:issue-175-fix guettli/sharedinbox:issue-172-fix guettli/sharedinbox:issue-171-fix guettli/sharedinbox:issue-167-fix guettli/sharedinbox:issue-136-fix guettli/sharedinbox:issue-162-fix guettli/sharedinbox:issue-179-fix guettli/sharedinbox:issue-155-fix guettli/sharedinbox:issue-154-fix guettli/sharedinbox:issue-152-fix guettli/sharedinbox:issue-151-fix guettli/sharedinbox:issue-141-fix guettli/sharedinbox:issue-150-fix guettli/sharedinbox:issue-164-fix guettli/sharedinbox:migrate-to-dagger guettli/sharedinbox:task/d1-ci-matrix guettli/sharedinbox:task/a4-typeconverter-json guettli/sharedinbox:task/u7-onboarding-walkthrough guettli/sharedinbox:task/d3-sync-doc guettli/sharedinbox:task/a5-layer-boundary-lint guettli/sharedinbox:task/t5-golden-tests guettli/sharedinbox:task/p5-date-cache guettli/sharedinbox:task/s4-link-handling guettli/sharedinbox:task/p3-html-parse-isolate guettli/sharedinbox:task/u8-mark-all-read guettli/sharedinbox:task/u3-recent-searches guettli/sharedinbox:task/a3-jmap-injectable-http-client guettli/sharedinbox:task/r5-tls-error-handling guettli/sharedinbox:fix/playstore-redirect-retry guettli/sharedinbox:task/t3-repository-contract-tests guettli/sharedinbox:task/p2-email-list-pagination guettli/sharedinbox:task/p1-fts5-search guettli/sharedinbox:fix/playstore-upload-timeout guettli/sharedinbox:task/a1-email-detail-notifier guettli/sharedinbox:fix/upgrade-workmanager-0.9 guettli/sharedinbox:fix/android-core-library-desugaring guettli/sharedinbox:task/p4-db-indexes guettli/sharedinbox:task/r3-html-error-boundary guettli/sharedinbox:task/d2-check-coverage guettli/sharedinbox:task/a2-email-tile guettli/sharedinbox:task/t4-migration-tests guettli/sharedinbox:task/t2-widget-tests guettli/sharedinbox:task/t1-email-repo-coverage guettli/sharedinbox:task/u6-connection-status guettli/sharedinbox:task/u4-push-notifications guettli/sharedinbox:task/u2-draft-sync guettli/sharedinbox:task/u1-list-unsubscribe guettli/sharedinbox:task/s2-hostname-validation guettli/sharedinbox:task/r6-reliability-fuzz-tests guettli/sharedinbox:task/r4-sync-error-banner guettli/sharedinbox:task/r2-force-resync guettli/sharedinbox:task/r1-undo-history-persistence
..
pull from: guettli/sharedinbox:migrate-to-dagger
Branches Tags
guettli/sharedinbox:issue-563-agentloop-validation guettli/sharedinbox:dummy-pr-test guettli/sharedinbox:issue-560-fix-firebase-run-url guettli/sharedinbox:issue-539-stable-imap-uid guettli/sharedinbox:issue-533-shared-email-list guettli/sharedinbox:plan-issue-555 guettli/sharedinbox:main guettli/sharedinbox:drop-nix guettli/sharedinbox:plan-issue-484 guettli/sharedinbox:plan-issue-539 guettli/sharedinbox:plan-issue-535 guettli/sharedinbox:plan-issue-474 guettli/sharedinbox:plan-issue-533 guettli/sharedinbox:fix-dagger-engineless-precommit guettli/sharedinbox:issue-521-fix-deploy-yml-wait-time-api guettli/sharedinbox:issue-502-fix-email-id-collision-mailbox guettli/sharedinbox:issue-492-eliminate-duplicate-build-runner guettli/sharedinbox:issue-494-website-change-detection guettli/sharedinbox:issue-491-parallelize-check guettli/sharedinbox:issue-478-fix-stalwart-dual-stack-bind guettli/sharedinbox:issue-475-allowed-addresses-glob guettli/sharedinbox:issue-473-search-result-reorder guettli/sharedinbox:issue-453-update-agentloop-defaults guettli/sharedinbox:issue-466-structured-search guettli/sharedinbox:issue-505-exclude-chaos-monkey-from-regular-ci guettli/sharedinbox:issue-509-fix-search-result-sorting guettli/sharedinbox:fix-ink-sparkle-remaining-tests guettli/sharedinbox:issue-506-fix-search-emails-tests guettli/sharedinbox:issue-504-runner-wait-time guettli/sharedinbox:issue-488-search-notes guettli/sharedinbox:issue-472-changelog-issue-links guettli/sharedinbox:issue-501-folder-search-local-sqlite guettli/sharedinbox:issue-486-fix-stale-test-shader-mismatch guettli/sharedinbox:fix/prevent-settled-search-rerun-473 guettli/sharedinbox:issue-467-fix-search-stale-results guettli/sharedinbox:issue-446-installed-versions-in-changelog guettli/sharedinbox:issue-462-fix-pr guettli/sharedinbox:issue-448-chaos-monkey-test guettli/sharedinbox:issue-436-notes-on-emails guettli/sharedinbox:issue-429-unify-mail-display guettli/sharedinbox:issue-422-move-to-folder-create-new guettli/sharedinbox:issue-414-ensure-not-run-as-root guettli/sharedinbox:issue-424-unify-email-list-views guettli/sharedinbox:issue-419-trusted-senders-page guettli/sharedinbox:issue-425-fix-prs guettli/sharedinbox:test-foo guettli/sharedinbox:issue-421-bug-report guettli/sharedinbox:issue-383-fix-ci guettli/sharedinbox:issue-394-fix-deploy-flutter-version guettli/sharedinbox:issue-391-fix-ci-double-trigger guettli/sharedinbox:issue-376-combined-inbox-v2 guettli/sharedinbox:issue-376-combined-inbox guettli/sharedinbox:issue-384-fix-open-prs guettli/sharedinbox:sops-migrate guettli/sharedinbox:issue-339-safe-first-on-imap-fetch guettli/sharedinbox:issue-340-try-catch-measure-height guettli/sharedinbox:issue-342-pin-intl-version guettli/sharedinbox:issue-341-guard-threademails-last guettli/sharedinbox:issue-335-agentloop-code-test guettli/sharedinbox:issue-329-fix guettli/sharedinbox:issue-315-fix guettli/sharedinbox:issue-320-fix guettli/sharedinbox:issue-325-fix guettli/sharedinbox:issue-312-fix guettli/sharedinbox:issue-311-fix guettli/sharedinbox:issue-305-fix guettli/sharedinbox:issue-304-fix guettli/sharedinbox:issue-299-fix guettli/sharedinbox:issue-300-fix guettli/sharedinbox:issue-298-fix guettli/sharedinbox:issue-296-fix guettli/sharedinbox:issue-294-fix guettli/sharedinbox:issue-289-fix guettli/sharedinbox:issue-288-fix guettli/sharedinbox:issue-287-fix guettli/sharedinbox:issue-286-fix guettli/sharedinbox:issue-277-fix guettli/sharedinbox:issue-282-fix guettli/sharedinbox:issue-280-fix guettli/sharedinbox:issue-272-fix guettli/sharedinbox:issue-268-fix guettli/sharedinbox:issue-267-fix guettli/sharedinbox:issue-266-fix guettli/sharedinbox:issue-258-fix guettli/sharedinbox:issue-260-fix guettli/sharedinbox:issue-257-fix guettli/sharedinbox:issue-253-fix guettli/sharedinbox:issue-216-fix guettli/sharedinbox:issue-251-fix guettli/sharedinbox:issue-249-fix guettli/sharedinbox:issue-question-fixes guettli/sharedinbox:issue-235-fix guettli/sharedinbox:issue-236-fix-v2 guettli/sharedinbox:issue-237-fix guettli/sharedinbox:issue-236-fix guettli/sharedinbox:issue-228-fix guettli/sharedinbox:issue-217-fix guettli/sharedinbox:issue-214-fix guettli/sharedinbox:issue-213-fix guettli/sharedinbox:issue-208-fix guettli/sharedinbox:issue-205-fix guettli/sharedinbox:issue-204-fix guettli/sharedinbox:issue-203-fix guettli/sharedinbox:issue-202-fix guettli/sharedinbox:issue-129-fix guettli/sharedinbox:issue-161-fix guettli/sharedinbox:issue-160-fix guettli/sharedinbox:issue-201-fix guettli/sharedinbox:issue-210-fix guettli/sharedinbox:issue-198-fix guettli/sharedinbox:issue-200-fix guettli/sharedinbox:issue-144-fix guettli/sharedinbox:issue-199-fix guettli/sharedinbox:fix/playstore-upload-use-requests guettli/sharedinbox:issue-193-fix guettli/sharedinbox:issue-186-fix guettli/sharedinbox:issue-185-fix guettli/sharedinbox:issue-192-fix guettli/sharedinbox:issue-183-fix guettli/sharedinbox:issue-175-fix guettli/sharedinbox:issue-172-fix guettli/sharedinbox:issue-171-fix guettli/sharedinbox:issue-167-fix guettli/sharedinbox:issue-136-fix guettli/sharedinbox:issue-162-fix guettli/sharedinbox:issue-179-fix guettli/sharedinbox:issue-155-fix guettli/sharedinbox:issue-154-fix guettli/sharedinbox:issue-152-fix guettli/sharedinbox:issue-151-fix guettli/sharedinbox:issue-141-fix guettli/sharedinbox:issue-150-fix guettli/sharedinbox:issue-164-fix guettli/sharedinbox:migrate-to-dagger guettli/sharedinbox:task/d1-ci-matrix guettli/sharedinbox:task/a4-typeconverter-json guettli/sharedinbox:task/u7-onboarding-walkthrough guettli/sharedinbox:task/d3-sync-doc guettli/sharedinbox:task/a5-layer-boundary-lint guettli/sharedinbox:task/t5-golden-tests guettli/sharedinbox:task/p5-date-cache guettli/sharedinbox:task/s4-link-handling guettli/sharedinbox:task/p3-html-parse-isolate guettli/sharedinbox:task/u8-mark-all-read guettli/sharedinbox:task/u3-recent-searches guettli/sharedinbox:task/a3-jmap-injectable-http-client guettli/sharedinbox:task/r5-tls-error-handling guettli/sharedinbox:fix/playstore-redirect-retry guettli/sharedinbox:task/t3-repository-contract-tests guettli/sharedinbox:task/p2-email-list-pagination guettli/sharedinbox:task/p1-fts5-search guettli/sharedinbox:fix/playstore-upload-timeout guettli/sharedinbox:task/a1-email-detail-notifier guettli/sharedinbox:fix/upgrade-workmanager-0.9 guettli/sharedinbox:fix/android-core-library-desugaring guettli/sharedinbox:task/p4-db-indexes guettli/sharedinbox:task/r3-html-error-boundary guettli/sharedinbox:task/d2-check-coverage guettli/sharedinbox:task/a2-email-tile guettli/sharedinbox:task/t4-migration-tests guettli/sharedinbox:task/t2-widget-tests guettli/sharedinbox:task/t1-email-repo-coverage guettli/sharedinbox:task/u6-connection-status guettli/sharedinbox:task/u4-push-notifications guettli/sharedinbox:task/u2-draft-sync guettli/sharedinbox:task/u1-list-unsubscribe guettli/sharedinbox:task/s2-hostname-validation guettli/sharedinbox:task/r6-reliability-fuzz-tests guettli/sharedinbox:task/r4-sync-error-banner guettli/sharedinbox:task/r2-force-resync guettli/sharedinbox:task/r1-undo-history-persistence
2 Commits
issue-205-fix .. migrate-to-dagger
Author SHA1 Message Date
Thomas SharedInboxandClaude Sonnet 4.6 7f9bc65965 fix(android): disable AGP new-DSL mode to fix signReleaseBundle NullPointerException 
AGP 9+ defaults to new-DSL-only mode, which causes a NullPointerException
when conditionally creating signingConfigs inside the android {} block.
Setting android.newDsl=false restores the previous evaluation behaviour.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-17 12:34:51 +02:00
Thomas SharedInboxandClaude Sonnet 4.6 e76c536e0e fix: pass keystore password as Dagger secret to Android builds 
ANDROID_KEYSTORE_PASSWORD was set in the CI runner environment but never
forwarded into the Dagger container, so System.getenv() returned null
inside the Flutter build, causing a NullPointerException in
FinalizeBundleTask when signing the release bundle.

- Add keystorePassword *dagger.Secret param to BuildAndroidRelease,
  BuildAndroidApk, PublishAndroid, and DeployApk in the Dagger module
- Pass ANDROID_KEYSTORE_PASSWORD via WithSecretVariable to the build container
- Update ci.yml to supply env:ANDROID_KEYSTORE_PASSWORD to both
  publish-android and deploy-apk dagger calls
- Refactor build.gradle.kts to conditionally create the signing config
  only when both the keystore file and password are available, avoiding
  null values being passed to the signing config

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-17 11:18:00 +02:00
182 changed files with 796 additions and 11755 deletions
Expand all files Collapse all files
.daggerignore
+10 -8
View File
@@ -1,18 +1,20 @@
# Dagger context ignore file.
# Since we use explicit inclusion in ci/main.go (Base function),
# we only need to ignore large or sensitive directories here to
# avoid unnecessary upload overhead to the Dagger engine.
# Version control
.git/
# Build artifacts
build/
.dart_tool/
coverage/
.fvm/
.pub-cache/
node_modules/
ios/Pods/
macos/Pods/
linux/flutter/ephemeral/
website/public/
website/resources/
.task/
.fvm/
# Secrets
# Sensitive files
.env*
.envrc
.ssh/
.forgejo/Dockerfile
-21
View File
@@ -1,21 +0,0 @@
# Source: https://codeberg.org/guettli/sharedinbox/src/branch/main/.forgejo/Dockerfile
# Install at on the act-runner host on: /etc/forgejo/runner/Dockerfile
#
# In systemd service:
# ExecStartPre=docker build -t forgejo-act-runner:latest /etc/forgejo/runner
# ExecStart=/usr/local/bin/forgejo-runner daemon --config /etc/forgejo/config.yml
FROM ghcr.io/catthehacker/ubuntu:go-24.04
# Infrastructure tools required by CI workflows
RUN apt-get update && apt-get install -y --no-install-recommends \
stunnel4 \
netcat-openbsd \
&& rm -rf /var/lib/apt/lists/*
# Dagger CLI — pinned to match the engine version on the runner host
RUN curl -fsSL https://dl.dagger.io/dagger/install.sh \
| DAGGER_VERSION=0.20.8 BIN_DIR=/usr/local/bin sh
# Task runner
RUN curl -fsSL https://taskfile.dev/install.sh \
| sh -s -- -b /usr/local/bin v3.48.0
.forgejo/workflows/android-emulator-tests.yml
+39
View File
@@ -0,0 +1,39 @@
# We switched to Dagger. Running the emulator tests in Dagger does not really work
# We will use an external service for device testing.
# TODO: Switch to device testing. First choose a service. Maybe codemagic.io
name: Android Emulator Tests (Disabled)
on:
workflow_dispatch: # Manual trigger only
jobs:
integration-android:
name: Android Emulator Integration Tests
runs-on: self-hosted
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 50
- name: Enable Nix flakes
run: |
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- name: Install Android SDK
run: |
SDK="${ANDROID_HOME:-$HOME/Android/Sdk}"
if [ ! -d "$SDK/platforms/android-34" ]; then
wget -q https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip -O /tmp/cmdtools.zip
mkdir -p "$SDK/cmdline-tools"
unzip -q /tmp/cmdtools.zip -d "$SDK/cmdline-tools"
[ -d "$SDK/cmdline-tools/cmdline-tools" ] && mv "$SDK/cmdline-tools/cmdline-tools" "$SDK/cmdline-tools/latest"
yes | "$SDK/cmdline-tools/latest/bin/sdkmanager" --licenses >/dev/null 2>&1 || true
"$SDK/cmdline-tools/latest/bin/sdkmanager" "emulator" "system-images;android-34;google_apis;x86_64"
"$SDK/cmdline-tools/latest/bin/sdkmanager" "platform-tools" "build-tools;34.0.0" "platforms;android-34"
fi
- name: Run Android Integration Tests
run: nix develop --no-warn-dirty --command task integration-android
.forgejo/workflows/ci.yml
+117 -89
View File
@@ -3,109 +3,137 @@ name: CI
on:
push:
branches: [main]
paths:
- 'lib/**'
- 'test/**'
- 'integration_test/**'
- 'android/**'
- 'linux/**'
- 'assets/**'
- '!assets/changelog.txt'
- 'pubspec.yaml'
- 'pubspec.lock'
- 'analysis_options.yaml'
- 'scripts/**'
- 'stalwart-dev/**'
- 'ci/**'
- 'Taskfile.yml'
- 'drift_schemas/**'
- '.forgejo/workflows/ci.yml'
pull_request:
paths:
- 'lib/**'
- 'test/**'
- 'integration_test/**'
- 'android/**'
- 'linux/**'
- 'assets/**'
- '!assets/changelog.txt'
- 'pubspec.yaml'
- 'pubspec.lock'
- 'analysis_options.yaml'
- 'scripts/**'
- 'stalwart-dev/**'
- 'ci/**'
- 'Taskfile.yml'
- 'drift_schemas/**'
- '.forgejo/workflows/ci.yml'
jobs:
check:
name: Full Project Check
runs-on: ubuntu-latest
timeout-minutes: 60
runs-on: self-hosted
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 50
- name: Check runner tools
- name: Enable Nix flakes
run: |
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
- name: Setup Dagger Remote Engine (via stunnel)
env:
DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
run: scripts/setup_dagger_remote.sh
- name: Locate Docker daemon for local Dagger engine
run: |
# Skip if remote Dagger engine is already configured (preferred path)
if [ -n "${_DAGGER_RUNNER_HOST:-}" ]; then
echo "Remote Dagger engine configured, no local Docker needed."
exit 0
fi
# Try host Docker socket (DooD) if runner mounts it
if [ -S /var/run/docker.sock ]; then
if DOCKER_HOST=unix:///var/run/docker.sock docker info >/dev/null 2>&1; then
echo "Docker available via host socket."
echo "DOCKER_HOST=unix:///var/run/docker.sock" >> "$GITHUB_ENV"
exit 0
fi
fi
echo "WARNING: No remote Dagger engine and no local Docker found." >&2
echo " - Remote engine: check DAGGER_STUNNEL_URL secret and that the host proxy is running." >&2
echo " - Local Docker: runner does not expose /var/run/docker.sock." >&2
echo "CI will likely fail at the Dagger step." >&2
- name: Prune Dagger cache before check
env:
DAGGER_NO_NAG: "1"
# prune(maxUsedSpace) also reclaims named cache volumes (gradle-cache, go-build-cache, etc.)
# when total cache exceeds the limit; without args only unreferenced entries are removed.
run: |
dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }' || true
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- name: Run Full Check Suite
env:
DAGGER_NO_NAG: "1"
run: task check-dagger
run: nix develop --no-warn-dirty --command dagger call --progress=plain -m ci check --source .
- name: Prune Dagger cache after check
if: always()
env:
DAGGER_NO_NAG: "1"
build-linux:
name: Build Linux Release
runs-on: self-hosted
needs: check
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 50
- name: Enable Nix flakes
run: |
dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }' || true
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- name: Cleanup TLS credentials
if: always()
run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
- name: Build & Deploy Linux to server
continue-on-error: true
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
run: |
HASH=$(git rev-parse --short HEAD)
nix develop --no-warn-dirty --command dagger call --progress=plain -m ci deploy-linux --source . --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
deploy-playstore:
name: Build & Deploy to Play Store
runs-on: self-hosted
needs: check
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 50
- name: Enable Nix flakes
run: |
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- name: Install Android SDK (cached on runner between runs)
run: |
SDK="${ANDROID_HOME:-$HOME/Android/Sdk}"
if [ ! -d "$SDK/platforms/android-34" ]; then
echo "Android SDK not found, installing..."
wget -q https://dl.google.com/android/repository/commandlinetools-linux-11076708_latest.zip -O /tmp/cmdtools.zip
mkdir -p "$SDK/cmdline-tools"
unzip -q /tmp/cmdtools.zip -d "$SDK/cmdline-tools"
[ -d "$SDK/cmdline-tools/cmdline-tools" ] && mv "$SDK/cmdline-tools/cmdline-tools" "$SDK/cmdline-tools/latest"
yes | "$SDK/cmdline-tools/latest/bin/sdkmanager" --licenses >/dev/null 2>&1 || true
"$SDK/cmdline-tools/latest/bin/sdkmanager" "platform-tools" "build-tools;34.0.0" "platforms;android-34"
else
echo "Android SDK cached, skipping install."
fi
- name: Prepare Keystore
env:
ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
run: |
if [ -n "$ANDROID_KEYSTORE_BASE64" ]; then
echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > android/app/upload-keystore.jks
else
echo "Error: ANDROID_KEYSTORE_BASE64 secret is not set."
exit 1
fi
- name: Build & Deploy to Play Store
env:
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }}
run: |
nix develop --no-warn-dirty --command dagger call --progress=plain -m ci publish-android --source . --play-store-config env:PLAY_STORE_CONFIG_JSON --keystore-password env:ANDROID_KEYSTORE_PASSWORD
- name: Build & Deploy APK to server
continue-on-error: true
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
run: |
HASH=$(git rev-parse --short HEAD)
nix develop --no-warn-dirty --command dagger call --progress=plain -m ci deploy-apk --source . --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-password env:ANDROID_KEYSTORE_PASSWORD
publish-website:
name: Publish Website Build History
runs-on: self-hosted
needs: [build-linux, deploy-playstore]
if: |
always() &&
github.ref == 'refs/heads/main' &&
(needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success')
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Enable Nix flakes
run: |
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- name: Generate build history and deploy website
continue-on-error: true
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
run: |
nix develop --no-warn-dirty --command dagger call --progress=plain -m ci publish-website --source . --ssh-key env:SSH_PRIVATE_KEY --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"
.forgejo/workflows/deploy.yml
-319
View File
@@ -1,319 +0,0 @@
name: Deploy
on:
schedule:
- cron: '0 * * * *' # every hour on the hour
workflow_dispatch:
jobs:
check-changes:
name: Detect Changed Files
runs-on: ubuntu-latest
timeout-minutes: 5
outputs:
android: ${{ steps.diff.outputs.android }}
linux: ${{ steps.diff.outputs.linux }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Detect Android and Linux changes
id: diff
shell: bash
run: |
# On workflow_dispatch always build everything
if [ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]; then
echo "android=true" >> "$GITHUB_OUTPUT"
echo "linux=true" >> "$GITHUB_OUTPUT"
exit 0
fi
# Diff the HEAD commit against its parent; fall back to listing HEAD's files
# when the parent is unavailable (initial commit, shallow clone).
CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null \
|| git show --name-only --format= HEAD)
echo "Changed files:"
echo "$CHANGED"
android_re='^(android/|integration_test/|lib/|pubspec\.yaml|pubspec\.lock|drift_schemas/)'
linux_re='^(linux/|lib/|pubspec\.yaml|pubspec\.lock)'
echo "$CHANGED" | grep -qE "$android_re" \
&& echo "android=true" >> "$GITHUB_OUTPUT" \
|| echo "android=false" >> "$GITHUB_OUTPUT"
echo "$CHANGED" | grep -qE "$linux_re" \
&& echo "linux=true" >> "$GITHUB_OUTPUT" \
|| echo "linux=false" >> "$GITHUB_OUTPUT"
test-android-firebase:
name: Android Instrumented Tests (Firebase Test Lab)
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [check-changes]
if: needs.check-changes.outputs.android == 'true'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check runner tools
run: |
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
- name: Setup Dagger Remote Engine (via stunnel)
env:
DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
run: scripts/setup_dagger_remote.sh
- name: Run Android Tests on Firebase Test Lab
if: ${{ secrets.FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY != '' }}
env:
FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY: ${{ secrets.FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY }}
FIREBASE_PROJECT_ID: ${{ vars.FIREBASE_PROJECT_ID }}
DAGGER_NO_NAG: "1"
run: task test-android-firebase
- name: Cleanup TLS credentials
if: always()
run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
deploy-playstore:
name: Build & Deploy to Play Store
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [check-changes]
if: needs.check-changes.outputs.android == 'true'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check runner tools
run: |
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
- name: Setup Dagger Remote Engine (via stunnel)
env:
DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
run: scripts/setup_dagger_remote.sh
- name: Publish Android to Play Store
if: ${{ secrets.PLAY_STORE_CONFIG_JSON != '' }}
env:
ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }}
DAGGER_NO_NAG: "1"
run: task publish-android
- name: Cleanup TLS credentials
if: always()
run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
deploy-apk:
name: Build & Deploy APK to Server
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [check-changes]
if: needs.check-changes.outputs.android == 'true'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check runner tools
run: |
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
- name: Setup Dagger Remote Engine (via stunnel)
env:
DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
run: scripts/setup_dagger_remote.sh
- name: Build & Deploy APK to server
if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
DAGGER_NO_NAG: "1"
run: task deploy-apk
- name: Cleanup TLS credentials
if: always()
run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
build-linux:
name: Build Linux Release
runs-on: ubuntu-latest
timeout-minutes: 60
needs: [check-changes]
if: needs.check-changes.outputs.linux == 'true'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check runner tools
run: |
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
- name: Setup Dagger Remote Engine (via stunnel)
env:
DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
run: scripts/setup_dagger_remote.sh
- name: Build & Deploy Linux to server
if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
DAGGER_NO_NAG: "1"
run: task deploy-linux
- name: Cleanup TLS credentials
if: always()
run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
publish-website:
name: Publish Website Build History
runs-on: ubuntu-latest
needs: [build-linux, deploy-playstore, deploy-apk]
if: |
always() &&
(needs.build-linux.result == 'success' || needs.deploy-playstore.result == 'success' || needs.deploy-apk.result == 'success')
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Check runner tools
run: |
command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }
- name: Setup Dagger Remote Engine (via stunnel)
env:
DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
run: scripts/setup_dagger_remote.sh
- name: Generate build history and deploy website
if: ${{ secrets.SSH_PRIVATE_KEY != '' }}
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
DAGGER_NO_NAG: "1"
run: task publish-website
- name: Cleanup TLS credentials
if: always()
run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid
label-deploy-health:
name: Update Deploy Health Label
runs-on: ubuntu-latest
needs: [test-android-firebase, deploy-playstore, deploy-apk, build-linux]
if: |
always() && vars.DEPLOY_HEALTH_ISSUE != '' && (
needs.test-android-firebase.result == 'success' || needs.test-android-firebase.result == 'failure' ||
needs.deploy-playstore.result == 'success' || needs.deploy-playstore.result == 'failure' ||
needs.deploy-apk.result == 'success' || needs.deploy-apk.result == 'failure' ||
needs.build-linux.result == 'success' || needs.build-linux.result == 'failure'
)
timeout-minutes: 5
steps:
- name: Set CI/Full-Pass or CI/Full-Fail label on tracking issue
env:
FORGEJO_TOKEN: ${{ github.token }}
FORGEJO_URL: ${{ github.server_url }}
DEPLOY_HEALTH_ISSUE: ${{ vars.DEPLOY_HEALTH_ISSUE }}
ALL_SUCCEEDED: ${{ (needs.test-android-firebase.result == 'success' || needs.test-android-firebase.result == 'skipped') && (needs.deploy-playstore.result == 'success' || needs.deploy-playstore.result == 'skipped') && (needs.deploy-apk.result == 'success' || needs.deploy-apk.result == 'skipped') && (needs.build-linux.result == 'success' || needs.build-linux.result == 'skipped') }}
run: |
python3 - << 'PYEOF'
import os, json, urllib.request, urllib.error
issue = os.environ.get("DEPLOY_HEALTH_ISSUE", "").strip()
if not issue:
print("DEPLOY_HEALTH_ISSUE not set; skipping")
raise SystemExit(0)
token = os.environ["FORGEJO_TOKEN"]
url_base = os.environ["FORGEJO_URL"].rstrip("/")
succeeded = os.environ.get("ALL_SUCCEEDED", "false").lower() == "true"
add_label = "CI/Full-Pass" if succeeded else "CI/Full-Fail"
remove_label = "CI/Full-Fail" if succeeded else "CI/Full-Pass"
headers = {"Authorization": f"token {token}", "Content-Type": "application/json"}
api = f"{url_base}/api/v1/repos/guettli/sharedinbox"
def api_get(path):
req = urllib.request.Request(f"{api}{path}", headers=headers)
with urllib.request.urlopen(req) as r:
return json.loads(r.read())
def api_put(path, body):
data = json.dumps(body).encode()
req = urllib.request.Request(f"{api}{path}", data=data, headers=headers, method="PUT")
try:
with urllib.request.urlopen(req) as r:
return json.loads(r.read())
except urllib.error.HTTPError as e:
print(f"PUT {path} failed: {e.read().decode()}")
raise
repo_labels = api_get("/labels")
label_map = {l["name"]: l["id"] for l in repo_labels}
if add_label not in label_map:
print(f"Label '{add_label}' not found in repo — create it first")
raise SystemExit(1)
current = api_get(f"/issues/{issue}/labels")
keep_ids = [l["id"] for l in current if l["name"] not in ("CI/Full-Pass", "CI/Full-Fail")]
keep_ids.append(label_map[add_label])
api_put(f"/issues/{issue}/labels", {"labels": keep_ids})
print(f"Set '{add_label}' on issue #{issue}")
PYEOF
.forgejo/workflows/website.yml
+24 -9
View File
@@ -12,21 +12,36 @@ on:
jobs:
deploy:
name: Build & Deploy Website
runs-on: ubuntu-latest
runs-on: self-hosted
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Build & Deploy Website
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
run: task website-deploy
- name: Enable Nix flakes
run: |
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- name: Verify Website
- name: Setup SSH
env:
SSH_PRIVATE_KEY: ${{ secrets.WEBSITE_SSH_PRIVATE_KEY }}
run: |
if [ -n "$SSH_PRIVATE_KEY" ]; then
mkdir -p ~/.ssh
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
else
echo "Error: WEBSITE_SSH_PRIVATE_KEY secret is not set."
exit 1
fi
- name: Deploy
env:
SSH_USER: ${{ secrets.WEBSITE_SSH_USER }}
SSH_HOST: ${{ secrets.WEBSITE_SSH_HOST }}
run: scripts/website-verify.sh
run: nix develop --command task website-deploy
- name: Verify
run: nix develop --command task website-verify
.forgejo/workflows/windows-nightly.yml
+3
View File
@@ -11,6 +11,7 @@ jobs:
name: Build & Deploy Windows (Nightly)
runs-on: windows-runner
if: false
continue-on-error: true
steps:
- uses: actions/checkout@v4
@@ -31,6 +32,7 @@ jobs:
- name: Set up SSH key
if: env.SKIP_BUILD != 'true'
continue-on-error: true
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
run: |
@@ -40,6 +42,7 @@ jobs:
- name: Deploy Windows to server
if: env.SKIP_BUILD != 'true'
continue-on-error: true
env:
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
.github/workflows/ci.yml
+11 -12
View File
@@ -8,7 +8,7 @@ on:
jobs:
analyze-and-test:
name: Analyze & unit test
runs-on: sharedinbox-runner
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
@@ -39,7 +39,7 @@ jobs:
integration:
name: Integration tests (Stalwart)
runs-on: sharedinbox-runner
runs-on: ubuntu-latest
# Run integration tests only on push to main, not on every PR.
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -74,7 +74,7 @@ jobs:
integration-ui:
name: UI Integration tests (Stalwart + Xvfb)
runs-on: sharedinbox-runner
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
@@ -124,7 +124,7 @@ jobs:
build-linux:
name: Build Linux desktop
runs-on: sharedinbox-runner
runs-on: ubuntu-latest
needs: analyze-and-test
steps:
@@ -154,7 +154,7 @@ jobs:
deploy:
name: Deploy Linux build & publish website
runs-on: sharedinbox-runner
runs-on: ubuntu-latest
needs: build-linux
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
env:
@@ -202,8 +202,6 @@ jobs:
mkdir -p ~/.ssh
printf '%s\n' "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
printf '%s\n' "${{ secrets.SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: Build Linux release
run: |
@@ -217,20 +215,20 @@ jobs:
REMOTE_DIR="public_html/builds/$DATE_PATH"
TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
EXISTING=$(ssh "$SSH_USER@$SSH_HOST" \
EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" \
"cat public_html/latest.json 2>/dev/null || echo '{}'")
WINDOWS_URL=$(echo "$EXISTING" | \
python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" \
2>/dev/null || true)
if [ -n "$WINDOWS_URL" ]; then
echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
else
echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
fi
- name: Generate build history pages
@@ -246,5 +244,6 @@ jobs:
rsync -avz --delete \
--exclude='*.apk' \
--exclude='*.tar.gz' \
-e "ssh -o StrictHostKeyChecking=no" \
website/public/ \
"$SSH_USER@$SSH_HOST:public_html/"
.gitignore
+1 -5
View File
@@ -3,6 +3,7 @@ coverage/
.dart_tool/
.dart-tool/
.packages
pubspec.lock
build/
*.g.dart
*.freezed.dart
@@ -116,8 +117,3 @@ test/widget/failures/
dagger-certs
.Xauthority
.sharedinbox-agent-state.json
.viminfo
/go
.last_deployed_sha
.fail_count
.gitmodules
+3
View File
@@ -0,0 +1,3 @@
[submodule "website/themes/PaperMod"]
path = website/themes/PaperMod
url = https://github.com/adityatelange/hugo-PaperMod.git
.pre-commit-config.yaml
-12
View File
@@ -30,15 +30,3 @@ repos:
entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command scripts/pre_commit_check.sh'
pass_filenames: false
always_run: true
- id: ci-no-direct-dagger
name: check for direct dagger calls in workflows (use Task instead)
language: system
entry: "bash -c 'git grep \"dagger call\" .forgejo/workflows/ && echo \"ERROR: Direct dagger calls found in workflows. Use Taskfile instead.\" && exit 1 || exit 0'"
pass_filenames: false
always_run: true
- id: dagger-progress-plain
name: ensure all dagger calls use --progress=plain
language: system
entry: "bash -c 'git grep \"dagger call\" -- \":!.pre-commit-config.yaml\" | grep -v \"\\-\\-progress=plain\" && echo \"ERROR: All dagger calls must include --progress=plain\" && exit 1 || exit 0'"
pass_filenames: false
always_run: true
AGENTS.md
+1 -3
View File
@@ -23,9 +23,7 @@ fgj issue list --json --state open | jq '[.[] | select(.labels[].name == "State/
Rules:
- Never start work on an issue without `State/Ready`
- When working via the agent loop: `State/Ready``State/InProgress` is set automatically
by `agent_loop.py` before the agent starts — do **not** set it yourself.
- When working manually: switch to `State/InProgress` as your **first action**:
- Switch `State/Ready``State/InProgress` as your **first action** when picking up an issue — before reading any code:
```bash
fgj issue edit <NUMBER> --remove-label "State/Ready" --add-label "State/InProgress"
```
DAGGER.md
+1 -111
View File
@@ -61,29 +61,9 @@ _DAGGER_RUNNER_HOST=tcp://127.0.0.1:8080
Once the environment is set up, you can run the Dagger pipeline. For non-interactive environments (CI, LLMs), use `--progress=plain` for readable logs:
```bash
nix develop --command dagger call --progress=plain -q -m ci --source=. check
nix develop --command dagger call --progress=plain -m ci check --source .
```
## Secrets
All sensitive credentials are passed as `dagger.Secret` (never as plain strings).
This prevents values from appearing in Dagger logs or being cached in the engine.
| Parameter | Functions |
|---|---|
| `sshKey *dagger.Secret` | `Deployer`, `GenerateBuildHistory`, `BuildWebsite`, `PublishWebsite`, `DeployLinux`, `DeployApk` |
| `keystoreBase64 *dagger.Secret` | `setupKeystore`, `BuildAndroidApk`, `DeployApk`, `SignAndroidBundle`, `PublishAndroid` |
| `keystorePassword *dagger.Secret` | same as above |
| `playStoreConfig *dagger.Secret` | `UploadToPlayStore`, `PublishAndroid` |
| `serviceAccountKey *dagger.Secret` | `TestAndroidFirebase` |
Secrets are injected via `WithMountedSecret` (file-based, e.g. SSH key) or
`WithSecretVariable` (env-var-based, e.g. keystore data, Play Store JSON).
The only credentials not typed as `dagger.Secret` are the test passwords
(`STALWART_PASS_B`, `STALWART_PASS_C`) in `WithStalwart`. These are hardcoded
development values defined in `stalwart-dev/` — not production secrets.
## CI Integration (Codeberg/Forgejo)
The CI workflow in `.forgejo/workflows/ci.yml` is configured to use the Dagger module located in the `ci/` directory.
@@ -91,93 +71,3 @@ The CI workflow in `.forgejo/workflows/ci.yml` is configured to use the Dagger m
- **Check Suite:** Runs analysis and tests in parallel.
- **Builds:** Produces Linux and Android artifacts.
- **Caching:** When using the shared engine, CI runners benefit from the persistent cache on the host.
## Credential Security — Keeping Production Secrets Off Codeberg
### Problem
The current setup stores two categories of secrets in Codeberg repository secrets:
1. **Dagger access credentials** — TLS certificates used to connect to the remote Dagger engine via stunnel (`DAGGER_CA_CERT`, `DAGGER_CLIENT_CERT`, `DAGGER_CLIENT_KEY`, `DAGGER_STUNNEL_URL`).
2. **Production secrets** — actual credentials for external services: `ANDROID_KEYSTORE_BASE64`, `ANDROID_KEYSTORE_PASSWORD`, `PLAY_STORE_CONFIG_JSON`, `SSH_PRIVATE_KEY`, `FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY`.
If Codeberg is compromised, both categories are leaked. The Dagger TLS certificates enable access only to the Dagger engine and have limited blast radius. But the production secrets give direct access to the Play Store, the Android signing key, the deployment server, and Firebase — a much larger blast radius.
**Goal:** Keep only Dagger access credentials in Codeberg. Store all production secrets on the Dagger host machine so they never touch Codeberg.
### Option 1: Runner-level environment variables
Store production secrets as environment variables in the Forgejo runner's systemd service (e.g., via a `EnvironmentFile=` in the service override). The runner injects host env vars into job processes automatically. CI workflows drop the `${{ secrets.XYZ }}` references for production secrets entirely — the variables are already present in the job environment.
**Pro:**
- No new infrastructure required.
- Works with the existing `dagger call --progress=plain --secret env:VAR_NAME` argument style.
- Secrets never enter Codeberg.
- Straightforward to set up on a single self-hosted runner.
**Con:**
- Env vars are visible to every process on the runner host (e.g., via `/proc/<pid>/environ`).
- Rotating a secret requires host access (no API).
- Does not scale cleanly to multiple runners without a shared secrets mechanism.
### Option 2: Secret files on the CI host with restricted permissions
Store production secrets as files owned by the runner user with mode `600` (e.g., `/home/forgejo-runner/secrets/play_store.json`). A small setup script reads the files and either exports them as env vars or passes them directly as file-type arguments to `dagger call --progress=plain`. CI workflows contain no secret references at all.
**Pro:**
- OS-level file permissions limit access to the runner user.
- Natural format for JSON payloads and key files.
- Easy to audit (list files, check mtime).
- No new infrastructure.
**Con:**
- Plaintext files on disk; root or backup access exposes them.
- Workflow must know file paths (either hardcoded or by convention).
- Rotation still requires host filesystem access.
### Option 3: Dagger host as pipeline orchestrator
Instead of the CI runner invoking the Dagger CLI directly, the CI job sends a trigger to the Dagger host over SSH. The Dagger host runs the pipeline locally against its own environment, where secrets live as env vars or files. Codeberg only stores the SSH key to reach the Dagger host — not the production secrets.
```yaml
# CI job only does this:
- name: Trigger pipeline on Dagger host
run: ssh dagger-host "cd sharedinbox && task publish-android"
env:
SSH_PRIVATE_KEY: ${{ secrets.DAGGER_TRIGGER_SSH_KEY }}
```
**Pro:**
- Production secrets never leave the Dagger host.
- Codeberg stores exactly one secret: the trigger SSH key.
- All deployment logic and secrets are fully contained on the host.
**Con:**
- Harder to stream structured CI logs back to Codeberg Actions.
- Dynamic context (commit SHA, PR branch) must be passed explicitly over SSH.
- The trigger SSH key still grants shell access to the host, so its compromise has its own blast radius.
- CI becomes a "fire-and-forget" call, making failure attribution harder.
### Option 4: External secret manager (e.g., HashiCorp Vault)
Run a secret manager co-located with the Dagger host. The CI job authenticates with a short-lived AppRole credential (stored in Codeberg) and retrieves secrets at runtime. Vault can also be configured with IP-allow-lists to further restrict who can authenticate.
**Pro:**
- Full audit trail: every secret read is logged with a timestamp and caller identity.
- Fine-grained access control per secret.
- Built-in versioning and rotation support.
- Industry-standard approach; scales to team or multi-runner setups.
**Con:**
- Significant additional infrastructure to install, configure, and maintain.
- Vault credentials (RoleID + SecretID) still need to be in Codeberg, though with a smaller blast radius than raw secrets.
- Vault itself becomes a security-critical single point of failure.
- Operational overhead likely disproportionate for a small single-developer project.
### Recommendation
**Option 1** (runner-level env vars) or **Option 2** (secret files) are the pragmatic starting point for a single self-hosted runner. They require no new infrastructure and move all production secrets off Codeberg immediately.
**Option 3** (Dagger host as orchestrator) is worth considering once the trigger SSH key replaces all other secrets in Codeberg — it offers the cleanest security boundary at the cost of reduced CI observability.
**Option 4** (Vault) becomes worthwhile if the project grows to multiple runners or team members who each need audited access to deploy credentials.
Taskfile.yml
+29 -191
View File
@@ -1,9 +1,6 @@
version: "3"
silent: true
env:
DAGGER_NO_NAG: "1"
tasks:
default:
desc: Run all checks (analyze + unit tests + widget tests + integration, in parallel)
@@ -175,165 +172,22 @@ tasks:
- fvm flutter test
test-backend:
desc: Backend tests against a local Stalwart mail server (via Dagger)
desc: Backend tests against a local Stalwart mail server
deps: [_flutter-check]
sources:
- lib/**/*.dart
- test/backend/**/*.dart
cmds:
- dagger call --progress=plain -q -m ci --source=. test-backend
- stalwart-dev/test.sh
integration-ui:
desc: UI E2E tests on Linux via Xvfb — headless, no emulator needed (via Dagger)
desc: UI E2E tests on Linux via Xvfb — headless, no emulator needed
deps: [_preflight, _linux-deps-check, _pub-get]
sources:
- lib/**/*.dart
- integration_test/app_e2e_test.dart
cmds:
- dagger call --progress=plain -q -m ci --source=. test-integration
sync-reliability:
desc: Run sync reliability runner (via Dagger)
cmds:
- dagger call --progress=plain -q -m ci --source=. test-sync-reliability
test-android-firebase:
desc: Build Android debug APKs and run instrumented tests on Firebase Test Lab (via Dagger)
preconditions:
- sh: test -n "$FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY"
msg: "FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY is not set"
- sh: test -n "$FIREBASE_PROJECT_ID"
msg: "FIREBASE_PROJECT_ID is not set"
cmds:
- scripts/run_firebase_test.sh
ci-graph:
desc: Print a Mermaid diagram of the CI pipeline — paste into mermaid.live or any Markdown renderer
cmds:
- dagger call --progress=plain -q -m ci --source=. graph
stalwart:
desc: Start a Stalwart instance for local development (via Dagger)
cmds:
- echo "Starting Stalwart on default ports (JMAP=8080, IMAP=1430, SMTP=1025, SIEVE=4190)"
- dagger call --progress=plain -q -m ci --source=. stalwart up --ports 8080:8080 --ports 1430:1430 --ports 1025:1025 --ports 4190:4190
deploy-linux:
desc: Build and deploy Linux release via Dagger
preconditions:
- sh: test -n "$SSH_PRIVATE_KEY"
msg: "SSH_PRIVATE_KEY is not set"
- sh: test -n "$SSH_KNOWN_HOSTS"
msg: "SSH_KNOWN_HOSTS is not set"
cmds:
- HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-linux --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH"
build-android-bundle:
desc: Build AAB via Dagger (cached, versionCode=1 placeholder) and export locally
cmds:
- mkdir -p build/app/outputs/bundle/release
- dagger call --progress=plain -q -m ci --source=. build-android-release -o build/app/outputs/bundle/release/app-release.aab
upload-android-bundle:
desc: Upload AAB from build/ to Play Store via Dagger
preconditions:
- sh: test -n "$PLAY_STORE_CONFIG_JSON"
msg: "PLAY_STORE_CONFIG_JSON is not set"
- sh: test -f build/app/outputs/bundle/release/app-release.aab
msg: "AAB not found — run build-android-bundle first"
cmds:
- dagger call --progress=plain -q -m ci --source=. upload-to-play-store --aab build/app/outputs/bundle/release/app-release.aab --play-store-config env:PLAY_STORE_CONFIG_JSON
publish-android:
desc: Build cached AAB, stamp versionCode, sign, and publish to Play Store via Dagger
preconditions:
- sh: test -n "$PLAY_STORE_CONFIG_JSON"
msg: "PLAY_STORE_CONFIG_JSON is not set"
- sh: test -n "$ANDROID_KEYSTORE_BASE64"
msg: "ANDROID_KEYSTORE_BASE64 is not set"
- sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
msg: "ANDROID_KEYSTORE_PASSWORD is not set"
cmds:
- dagger call --progress=plain -q -m ci --source=. publish-android --play-store-config env:PLAY_STORE_CONFIG_JSON --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD
deploy-apk:
desc: Build and deploy Android APK via Dagger
preconditions:
- sh: test -n "$SSH_PRIVATE_KEY"
msg: "SSH_PRIVATE_KEY is not set"
- sh: test -n "$SSH_KNOWN_HOSTS"
msg: "SSH_KNOWN_HOSTS is not set"
- sh: test -n "$ANDROID_KEYSTORE_BASE64"
msg: "ANDROID_KEYSTORE_BASE64 is not set"
- sh: test -n "$ANDROID_KEYSTORE_PASSWORD"
msg: "ANDROID_KEYSTORE_PASSWORD is not set"
cmds:
- HASH=$(git rev-parse --short HEAD) && dagger call --progress=plain -q -m ci --source=. deploy-apk --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST" --commit-hash "$HASH" --keystore-base64 env:ANDROID_KEYSTORE_BASE64 --keystore-password env:ANDROID_KEYSTORE_PASSWORD --build-number "$(git log -1 --format=%ct HEAD)"
publish-website:
desc: Build and publish website via Dagger
preconditions:
- sh: test -n "$SSH_PRIVATE_KEY"
msg: "SSH_PRIVATE_KEY is not set"
- sh: test -n "$SSH_KNOWN_HOSTS"
msg: "SSH_KNOWN_HOSTS is not set"
cmds:
- dagger call --progress=plain -q -m ci --source=. publish-website --ssh-key env:SSH_PRIVATE_KEY --known-hosts env:SSH_KNOWN_HOSTS --ssh-user "$SSH_USER" --ssh-host "$SSH_HOST"
check-dagger:
desc: Run full check suite via Dagger (with OTEL timing report if python3 is available)
cmds:
- |
DAGGER_OUT=$(mktemp)
RC_FILE=$(mktemp)
_ts() { date -u '+[%H:%M:%S]'; }
run_dagger() {
: > "$DAGGER_OUT"; : > "$RC_FILE"
{ timeout --kill-after=10 600 "$@"; echo $? > "$RC_FILE"; } 2>&1 | tee "$DAGGER_OUT"
RC=$(cat "$RC_FILE" 2>/dev/null || echo 1)
if [ "$RC" -eq 124 ] && grep -q "All tests passed" "$DAGGER_OUT"; then
echo "$(_ts) dagger: hung in teardown after success; treating as exit 0." >&2
RC=0
fi
return "$RC"
}
retry_dagger() {
for attempt in 1 2 3; do
run_dagger "$@" && return 0
RC=$?
if [ "$attempt" -lt 3 ] && grep -qE "connection reset|context canceled|connection refused|invalid return status code" "$DAGGER_OUT"; then
echo "$(_ts) dagger: network error on attempt $attempt/3, retrying..." >&2
elif [ "$attempt" -lt 3 ] && grep -q "No space left on device" "$DAGGER_OUT"; then
echo "$(_ts) dagger: disk space error on attempt $attempt/3, pruning Dagger cache..." >&2
dagger query '{ engine { localCache { prune(targetSpace: "20gb") } } }' 2>/dev/null || true
echo "$(_ts) dagger: waiting 90s for freed space to settle..." >&2
sleep 90
else
return "$RC"
fi
done
}
if ! command -v python3 >/dev/null 2>&1; then
retry_dagger dagger call --progress=plain -q -m ci --source=. check
RC=$?
rm -f "$DAGGER_OUT" "$RC_FILE"
exit $RC
fi
PORTFILE=$(mktemp)
python3 ci/otel-receiver.py --port-file="$PORTFILE" &
RECV_PID=$!
cleanup() {
rm -f "$PORTFILE" "$DAGGER_OUT" "$RC_FILE"
}
trap cleanup EXIT
until [ -s "$PORTFILE" ]; do sleep 0.05; done
PORT=$(cat "$PORTFILE")
retry_dagger env \
OTEL_EXPORTER_OTLP_ENDPOINT="http://127.0.0.1:$PORT" \
OTEL_EXPORTER_OTLP_PROTOCOL="http/protobuf" \
dagger call --progress=plain -q -m ci --source=. check
RC=$?
curl -sf "http://127.0.0.1:$PORT/shutdown" >/dev/null 2>&1 || true
wait "$RECV_PID" 2>/dev/null || true
exit $RC
dagger-prune:
desc: Prune the Dagger engine cache (keeps named volumes unless total exceeds 75 GB, then targets 50 GB)
cmds:
- |
dagger query '{ engine { localCache { prune(maxUsedSpace: "75gb", targetSpace: "50gb") } } }'
- stalwart-dev/integration_ui_test.sh
integration-android:
desc: UI integration tests on a connected Android emulator (Stalwart on host, emulator reaches it via 10.0.2.2)
@@ -382,29 +236,25 @@ tasks:
msg: "SSH_USER is not set"
- sh: test -n "$SSH_HOST"
msg: "SSH_HOST is not set"
- sh: test -n "$SSH_KNOWN_HOSTS"
msg: "SSH_KNOWN_HOSTS is not set"
cmds:
- |
mkdir -p ~/.ssh
printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
HASH=$(git rev-parse --short HEAD)
DATE_PATH=$(date -u +%Y/%m/%d)
REMOTE_DIR="public_html/builds/$DATE_PATH"
TARBALL="sharedinbox-linux-amd64-$HASH.tar.gz"
tar -czf /tmp/$TARBALL -C build/linux/x64/release bundle
ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
scp /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
scp -o StrictHostKeyChecking=no /tmp/$TARBALL "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$TARBALL"
DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$TARBALL"
# Merge with any existing latest.json so we don't overwrite the windows key
EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
WINDOWS_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('windows',''))" 2>/dev/null || true)
if [ -n "$WINDOWS_URL" ]; then
echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\",\"windows\":\"$WINDOWS_URL\"}" | \
ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
else
echo "{\"version\":\"$HASH\",\"linux\":\"$DOWNLOAD_URL\"}" | \
ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
fi
echo "Uploaded $TARBALL and updated latest.json"
@@ -429,28 +279,24 @@ tasks:
msg: "SSH_USER is not set"
- sh: test -n "$SSH_HOST"
msg: "SSH_HOST is not set"
- sh: test -n "$SSH_KNOWN_HOSTS"
msg: "SSH_KNOWN_HOSTS is not set"
cmds:
- |
mkdir -p ~/.ssh
printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
HASH=$(git rev-parse --short HEAD)
DATE_PATH=$(date -u +%Y/%m/%d)
REMOTE_DIR="public_html/builds/$DATE_PATH"
ZIPFILE="sharedinbox-windows-x64-$HASH.zip"
cd build/windows/x64/runner && zip -r /tmp/$ZIPFILE Release/ && cd -
ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
scp /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
scp -o StrictHostKeyChecking=no /tmp/$ZIPFILE "$SSH_USER@$SSH_HOST:$REMOTE_DIR/$ZIPFILE"
DOWNLOAD_URL="https://sharedinbox.de/builds/$DATE_PATH/$ZIPFILE"
EXISTING=$(ssh "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
EXISTING=$(ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat public_html/latest.json 2>/dev/null || echo '{}'")
LINUX_URL=$(echo "$EXISTING" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('linux',''))" 2>/dev/null || true)
if [ -n "$LINUX_URL" ]; then
echo "{\"version\":\"$HASH\",\"linux\":\"$LINUX_URL\",\"windows\":\"$DOWNLOAD_URL\"}" | \
ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
else
echo "{\"version\":\"$HASH\",\"windows\":\"$DOWNLOAD_URL\"}" | \
ssh "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "cat > public_html/latest.json"
fi
echo "Uploaded $ZIPFILE and updated latest.json"
@@ -505,16 +351,16 @@ tasks:
- ANDROID_HOME=${ANDROID_HOME:-$HOME/Android/Sdk} fvm flutter build apk --release --no-pub --dart-define=GIT_HASH=$(git rev-parse --short HEAD) | grep -Ev "was tree-shaken|Tree-shaking can be disabled"
deploy-android-bundle:
desc: Build release AAB and upload to Play Store internal track (local/fvm)
deps: [build-android-bundle-local]
desc: Build release AAB and upload to Play Store internal track
deps: [build-android-bundle]
preconditions:
- sh: test -n "$PLAY_STORE_CONFIG_JSON"
msg: "PLAY_STORE_CONFIG_JSON is not set"
cmds:
- python3 scripts/deploy_playstore.py
build-android-bundle-local:
desc: Build a release App Bundle (AAB) locally via fvm (not Dagger)
build-android-bundle:
desc: Build a release App Bundle (AAB)
deps: [_preflight, _android-sdk-check, _codegen, generate-changelog]
method: timestamp
sources:
@@ -600,18 +446,14 @@ tasks:
msg: "SSH_USER is not set"
- sh: test -n "$SSH_HOST"
msg: "SSH_HOST is not set"
- sh: test -n "$SSH_KNOWN_HOSTS"
msg: "SSH_KNOWN_HOSTS is not set"
cmds:
- |
mkdir -p ~/.ssh
printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
HASH=$(git rev-parse --short HEAD)
DATE_PATH=$(date -u +%Y/%m/%d)
REMOTE_DIR="public_html/builds/$DATE_PATH"
APK_NAME="sharedinbox-mua-$HASH.apk"
ssh "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
scp \
ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" "mkdir -p $REMOTE_DIR"
scp -o StrictHostKeyChecking=no \
build/app/outputs/flutter-apk/app-release.apk \
"$SSH_USER@$SSH_HOST:$REMOTE_DIR/$APK_NAME"
echo "Uploaded $APK_NAME to $REMOTE_DIR"
@@ -640,16 +482,12 @@ tasks:
website-deploy:
desc: Deploy the website via rsync to public_html
deps: [website-build]
preconditions:
- sh: test -n "$SSH_KNOWN_HOSTS"
msg: "SSH_KNOWN_HOSTS is not set"
cmds:
- |
mkdir -p ~/.ssh
printf '%s\n' "$SSH_KNOWN_HOSTS" >> ~/.ssh/known_hosts
rsync -avz --delete \
--exclude='*.apk' \
--exclude='*.tar.gz' \
-e "ssh -o StrictHostKeyChecking=no" \
website/public/ \
${SSH_USER}@${SSH_HOST}:public_html/
android/app/build.gradle.kts
+13 -12
View File
@@ -20,15 +20,18 @@ android {
jvmTarget = JavaVersion.VERSION_17.toString()
}
signingConfigs {
create("release") {
// Hardcoded alias matching t.sh
keyAlias = "upload"
// Use the same password for both key and keystore
val pass = System.getenv("ANDROID_KEYSTORE_PASSWORD")
storePassword = pass
keyPassword = pass
storeFile = file("upload-keystore.jks")
val keystoreFile = file("upload-keystore.jks")
val keystorePass: String? = System.getenv("ANDROID_KEYSTORE_PASSWORD")
val hasKeystore = keystoreFile.exists() && keystorePass != null
if (hasKeystore) {
signingConfigs {
create("release") {
keyAlias = "upload"
storePassword = keystorePass
keyPassword = keystorePass
storeFile = keystoreFile
}
}
}
@@ -44,9 +47,7 @@ android {
buildTypes {
release {
// Use the signing config defined above for release builds.
// If the keystore file exists (e.g. in CI or manually placed), sign it.
signingConfig = if (signingConfigs.getByName("release").storeFile?.exists() == true) {
signingConfig = if (hasKeystore) {
signingConfigs.getByName("release")
} else {
signingConfigs.getByName("debug")
android/gradle.properties
+1 -1
View File
@@ -1,3 +1,3 @@
org.gradle.jvmargs=-Xmx8G -XX:MaxMetaspaceSize=4G -XX:ReservedCodeCacheSize=512m -XX:+HeapDumpOnOutOfMemoryError
android.useAndroidX=true
org.gradle.welcome=never
android.newDsl=false
ci/main.go
+140 -677
View File
@@ -2,309 +2,49 @@ package main
import (
"context"
"dagger/ci/internal/dagger"
"fmt"
"time"
"golang.org/x/sync/errgroup"
"dagger/ci/internal/dagger"
)
// patchAabScript patches android:versionCode in an AAB's compiled manifest proto.
// It strips META-INF/ (old signature) and repacks the ZIP. No external dependencies.
const patchAabScript = `#!/usr/bin/env python3
import sys, zipfile
type Ci struct{}
MANIFEST = "base/manifest/AndroidManifest.xml"
VERSION_CODE_RID = 0x0101021b
// Base container with all dependencies for Flutter and Linux builds
func (m *Ci) Base(source *dagger.Directory) *dagger.Container {
// Surgical inclusion: only take what is strictly needed for the build/test.
// This improves caching by ignoring transient or irrelevant files.
source = source.Filter(dagger.DirectoryFilterOpts{
Include: []string{
"lib/",
"test/",
"assets/",
"scripts/",
"pubspec.yaml",
"analysis_options.yaml",
"linux/",
"android/",
"integration_test/",
"drift_schemas/",
"stalwart-dev/",
},
})
def _vr(b, p):
n = s = 0
while True:
c = b[p]; p += 1; n |= (c & 127) << s
if not (c & 128): return n, p
s += 7
def _ve(n):
r = []
while n > 127: r.append((n & 127) | 128); n >>= 7
return bytes(r + [n])
def _parse(d):
p = 0
while p < len(d):
tag, p = _vr(d, p); fn, wt = tag >> 3, tag & 7
if wt == 0: v, p = _vr(d, p); yield fn, 0, v
elif wt == 2: ln, p = _vr(d, p); yield fn, 2, d[p:p+ln]; p += ln
elif wt == 5: yield fn, 5, d[p:p+4]; p += 4 # fixed32
elif wt == 1: yield fn, 1, d[p:p+8]; p += 8 # fixed64
else: raise ValueError(f"wire type {wt}")
def _enc(fn, wt, v):
t = _ve((fn << 3) | wt)
if wt == 0: return t + _ve(v)
if wt in (1, 5): return t + v # fixed-width, pass bytes as-is
return t + _ve(len(v)) + v
def _patch_prim(d, vc):
# Patch int_decimal_value (field 6) or int_hexadecimal_value (field 7),
# whichever is present — AAPT2 may use either.
out = bytearray()
for fn, wt, v in _parse(d):
out += _enc(fn, 0, vc) if (fn in (6, 7) and wt == 0) else _enc(fn, wt, v)
return bytes(out)
def _patch_item(d, vc):
out = bytearray()
for fn, wt, v in _parse(d):
out += _enc(7, 2, _patch_prim(v, vc)) if fn == 7 else _enc(fn, wt, v)
return bytes(out)
def _has_rid(d):
return any(fn == 5 and wt == 0 and v == VERSION_CODE_RID for fn, wt, v in _parse(d))
def _patch_attr(d, vc):
out = bytearray()
for fn, wt, v in _parse(d):
if fn == 3 and wt == 2: out += _enc(3, 2, str(vc).encode())
elif fn == 6 and wt == 2: out += _enc(6, 2, _patch_item(v, vc))
else: out += _enc(fn, wt, v)
return bytes(out)
def _patch_elem(d, vc):
out = bytearray()
for fn, wt, v in _parse(d):
out += _enc(4, 2, _patch_attr(v, vc)) if (fn == 4 and _has_rid(v)) else _enc(fn, wt, v)
return bytes(out)
def _patch_node(d, vc):
out = bytearray()
for fn, wt, v in _parse(d):
out += _enc(1, 2, _patch_elem(v, vc)) if fn == 1 else _enc(fn, wt, v)
return bytes(out)
def _dump_proto(d, depth=0, limit=3):
"""Print proto field structure for debugging."""
pad = " " * depth
for fn, wt, v in _parse(d):
if wt == 0:
print(f"{pad}[{fn}] varint={v} (0x{v:x})")
elif wt == 2:
print(f"{pad}[{fn}] bytes len={len(v)}")
if depth < limit:
_dump_proto(v, depth + 1, limit)
elif wt == 5:
print(f"{pad}[{fn}] fixed32={v.hex()}")
elif wt == 1:
print(f"{pad}[{fn}] fixed64={v.hex()}")
def _read_vc_from_node(d):
"""Read versionCode from XmlNode proto bytes. Returns int or None."""
for fn, wt, v in _parse(d):
if fn == 1 and wt == 2: # XmlElement
for efn, ewt, attr in _parse(v):
if efn == 4 and ewt == 2 and _has_rid(attr): # XmlAttribute with versionCode RID
for afn, awt, item in _parse(attr):
if afn == 6 and awt == 2: # compiled_value (Item)
for ifn, iwt, prim in _parse(item):
if ifn == 7 and iwt == 2: # prim (Primitive)
for pfn, pwt, pv in _parse(prim):
if pfn in (6, 7) and pwt == 0:
return pv
return None
def patch(src, dst, vc):
with zipfile.ZipFile(src) as z:
mf = z.read(MANIFEST)
orig_vc = _read_vc_from_node(mf)
if orig_vc is None:
print("DEBUG: could not find versionCode — dumping manifest proto structure:")
_dump_proto(mf, limit=4)
sys.exit(f"ERROR: versionCode not found in {MANIFEST}")
print(f"Original versionCode in manifest: {orig_vc}")
patched = _patch_node(mf, vc)
with zipfile.ZipFile(src) as zin, zipfile.ZipFile(dst, 'w') as zout:
for info in zin.infolist():
if info.filename.startswith('META-INF/'):
continue # strip old signature; jarsigner re-signs after
d = patched if info.filename == MANIFEST else zin.read(info.filename)
zi = zipfile.ZipInfo(info.filename, info.date_time)
zi.compress_type = info.compress_type
zi.external_attr = info.external_attr
zout.writestr(zi, d)
# Verify the patch actually took effect
with zipfile.ZipFile(dst) as z:
actual = _read_vc_from_node(z.read(MANIFEST))
if actual != vc:
sys.exit(f"ERROR: versionCode patch failed — wrote {vc} but read back {actual} (original was {orig_vc})")
print(f"versionCode={actual} -> {dst}")
if __name__ == "__main__":
if len(sys.argv) != 4:
sys.exit(f"usage: {sys.argv[0]} in.aab out.aab versionCode")
patch(sys.argv[1], sys.argv[2], int(sys.argv[3]))
`
type Ci struct {
Source *dagger.Directory
}
func New(
// +defaultPath=".."
source *dagger.Directory,
) *Ci {
return &Ci{
Source: source.Filter(dagger.DirectoryFilterOpts{
Include: []string{
"lib/",
"test/",
"assets/",
"scripts/",
"pubspec.yaml",
"pubspec.lock",
"analysis_options.yaml",
"linux/",
"android/",
"integration_test/",
"drift_schemas/",
"stalwart-dev/",
"website/",
},
}),
}
}
// toolchain returns the Flutter+Android toolchain without any mutable cache mounts.
// Its execution cache key is stable until the image, apt packages, or SDK versions change.
// Used as the base for pubGetLayer so flutter pub get is execution-cached between runs.
func (m *Ci) toolchain() *dagger.Container {
return dag.Container().
From("ghcr.io/cirruslabs/flutter:3.41.6").
WithExec([]string{"apt-get", "-qq", "update"}).
WithExec([]string{"apt-get", "install", "-y", "-qq", "clang", "cmake", "ninja-build", "pkg-config", "libgtk-3-dev", "liblzma-dev", "libsecret-1-dev", "libgcrypt20-dev", "libjsoncpp-dev", "sqlite3", "iproute2", "netcat-openbsd", "xvfb", "libosmesa6", "libegl1", "lld"}).
WithExec([]string{"useradd", "-m", "-s", "/bin/bash", "ci"}).
WithExec([]string{"/bin/sh", "-c",
`flutter_dir=$(dirname $(dirname $(which flutter))); ` +
`chown -R ci:ci "$flutter_dir"; ` +
`[ -n "$ANDROID_HOME" ] && chown -R ci:ci "$ANDROID_HOME" || true; ` +
`mkdir -p /src && chown ci:ci /src`}).
WithEnvVariable("PUB_CACHE", "/home/ci/.pub-cache").
WithEnvVariable("HOME", "/home/ci").
WithUser("ci").
WithExec([]string{"/bin/sh", "-c",
`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
`yes | sdkmanager "ndk;28.2.13676358" "cmake;3.22.1" "build-tools;35.0.0" "platforms;android-34" >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }`}).
WithExec([]string{"flutter", "precache", "--linux", "--no-android", "--no-ios"})
}
// Base is the Flutter toolchain container with mutable cache mounts attached.
// Use for Android/Gradle builds that need the Gradle cache.
func (m *Ci) Base() *dagger.Container {
return m.toolchain().
WithMountedCache("/home/ci/.gradle", dag.CacheVolume("gradle-cache"), dagger.ContainerWithMountedCacheOpts{Owner: "ci"})
}
// pubGetLayer runs flutter pub get with only pubspec.yaml + pubspec.lock as
// inputs, then removes non-deterministic fields from both package_config.json
// and .flutter-plugins-dependencies so the snapshot is byte-for-byte stable
// across runs. Re-executes only when pubspec.yaml or pubspec.lock changes.
// Packages land in the execution-cache snapshot (not a named volume) so that
// dagger prune can reclaim space from stale pubspec.lock snapshots.
func (m *Ci) pubGetLayer() *dagger.Container {
pubspecOnly := m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"pubspec.yaml", "pubspec.lock"},
})
return m.toolchain().
WithDirectory("/src", pubspecOnly, dagger.ContainerWithDirectoryOpts{Owner: "ci"}).
WithWorkdir("/src").
WithExec([]string{"/bin/bash", "-c",
`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
`flutter pub get >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
`grep -vE '^(\+|Downloading packages)' "$tmp" || true`}).
WithExec([]string{"python3", "-c",
"import json, os\n" +
"f='.dart_tool/package_config.json'; d=json.load(open(f)); [d.pop(k,None) for k in ('generated','generatorVersion')]; json.dump(d,open(f,'w'))\n" +
"g='.flutter-plugins-dependencies'\n" +
"if os.path.exists(g):\n" +
" d=json.load(open(g)); d.pop('date_created',None); json.dump(d,open(g,'w'))\n"})
}
// codegenBase runs build_runner on the source subset common to all build
// variants (lib/, test/, assets/, pubspec.*), excluding committed generated
// files so the cache key is stable. All setup() calls share this single
// Dagger cache entry, so build_runner compiles only once per pipeline run.
func (m *Ci) codegenBase() *dagger.Container {
codegenSrc := m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"lib/", "test/", "assets/", "pubspec.yaml", "pubspec.lock"},
Exclude: []string{"**/*.g.dart", "**/*.mocks.dart"},
})
return m.pubGetLayer().
WithDirectory("/src", codegenSrc, dagger.ContainerWithDirectoryOpts{Owner: "ci"}).
WithWorkdir("/src").
WithExec([]string{"/bin/bash", "-c",
`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
`flutter pub run build_runner build --delete-conflicting-outputs >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
`grep -vE '^\[.*s\] \|' "$tmp" || true`})
}
// setup overlays platform-specific source files onto the shared codegen base.
// Generated files (*.g.dart, *.mocks.dart) are excluded from the overlay so
// the freshly built output from codegenBase() is not overwritten by stale
// committed copies.
func (m *Ci) setup(src *dagger.Directory) *dagger.Container {
return m.codegenBase().
WithDirectory("/src", src.Filter(dagger.DirectoryFilterOpts{
Exclude: []string{"**/*.g.dart", "**/*.mocks.dart"},
}), dagger.ContainerWithDirectoryOpts{Owner: "ci"})
}
// Setup is the exported variant (CLI / Taskfile). Uses the full check source.
func (m *Ci) Setup() *dagger.Container {
return m.setup(m.checkSrc())
}
// checkSrc is the source subset for static checks and unit tests.
func (m *Ci) checkSrc() *dagger.Directory {
return m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"lib/", "test/", "assets/", "pubspec.yaml", "pubspec.lock", "analysis_options.yaml", "scripts/"},
})
}
// androidSrc is the source subset for Android builds.
func (m *Ci) androidSrc() *dagger.Directory {
return m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"lib/", "android/", "assets/", "pubspec.yaml", "pubspec.lock", "drift_schemas/"},
})
}
// firebaseSrc is the source subset for Firebase Test Lab builds (app + instrumented tests).
func (m *Ci) firebaseSrc() *dagger.Directory {
return m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"lib/", "android/", "integration_test/", "assets/", "pubspec.yaml", "pubspec.lock", "drift_schemas/"},
})
}
// linuxSrc is the source subset for Linux builds and integration tests.
func (m *Ci) linuxSrc() *dagger.Directory {
return m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"lib/", "linux/", "assets/", "pubspec.yaml", "pubspec.lock", "drift_schemas/"},
})
}
// backendSrc is the source subset for IMAP/JMAP backend tests.
func (m *Ci) backendSrc() *dagger.Directory {
return m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"lib/", "test/", "assets/", "scripts/", "stalwart-dev/", "pubspec.yaml", "pubspec.lock"},
})
}
// integrationSrc is the source subset for UI integration tests (runs on Linux desktop).
func (m *Ci) integrationSrc() *dagger.Directory {
return m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"lib/", "linux/", "integration_test/", "assets/", "pubspec.yaml", "pubspec.lock", "drift_schemas/"},
})
WithExec([]string{"apt-get", "update"}).
WithExec([]string{"apt-get", "install", "-y",
"clang", "cmake", "ninja-build", "pkg-config",
"libgtk-3-dev", "liblzma-dev", "libsecret-1-dev",
"libgcrypt20-dev", "libjsoncpp-dev", "sqlite3", "curl", "python3", "iproute2"}).
WithExec([]string{"curl", "-sL", "https://github.com/stalwartlabs/mail-server/releases/download/v0.14.1/stalwart-x86_64-unknown-linux-gnu.tar.gz", "-o", "/tmp/stalwart.tar.gz"}).
WithExec([]string{"tar", "-xzf", "/tmp/stalwart.tar.gz", "-C", "/usr/local/bin", "stalwart"}).
WithExec([]string{"chmod", "+x", "/usr/local/bin/stalwart"}).
WithExec([]string{"rm", "/tmp/stalwart.tar.gz"}).
WithMountedCache("/root/.pub-cache", dag.CacheVolume("flutter-pub-cache")).
WithMountedCache("/root/.gradle", dag.CacheVolume("gradle-cache")).
WithEnvVariable("PUB_CACHE", "/root/.pub-cache").
WithDirectory("/src", source).
WithWorkdir("/src")
}
// Hugo container for website builds
@@ -313,214 +53,116 @@ func (m *Ci) Hugo() *dagger.Container {
From("alpine:3.21").
WithExec([]string{"apk", "--no-cache", "add", "curl", "tar", "libc6-compat", "libstdc++", "gcompat"}).
WithExec([]string{"curl", "-sL", "https://github.com/gohugoio/hugo/releases/download/v0.152.2/hugo_extended_0.152.2_linux-amd64.tar.gz", "-o", "/tmp/hugo.tar.gz"}).
WithExec([]string{"sh", "-c", "echo '416bcfbdf5f68469ec9644dbe507da50fc21b94b69a125b059d64ed2cb4d8c27 /tmp/hugo.tar.gz' | sha256sum -c -"}).
WithExec([]string{"tar", "-xzf", "/tmp/hugo.tar.gz", "-C", "/usr/local/bin", "hugo"}).
WithExec([]string{"rm", "/tmp/hugo.tar.gz"})
}
// Deploy container for rsync/ssh
func (m *Ci) Deployer(sshKey *dagger.Secret, knownHosts *dagger.Secret) *dagger.Container {
func (m *Ci) Deployer(sshKey *dagger.Secret) *dagger.Container {
return dag.Container().
From("alpine:3.21").
WithExec([]string{"apk", "--no-cache", "add", "rsync", "openssh-client", "python3", "tar"}).
WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
WithEnvVariable("RSYNC_RSH", "ssh -i /root/.ssh/id_ed25519")
WithEnvVariable("RSYNC_RSH", "ssh -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519")
}
// Stalwart mail server service for backend and integration tests.
func (m *Ci) Stalwart() *dagger.Service {
stalwartSrc := m.Source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"stalwart-dev/"},
})
config := stalwartSrc.Directory("stalwart-dev").File("config.toml")
dataDir := dag.Container().
From("alpine:3.21").
WithExec([]string{"apk", "add", "--no-cache", "sqlite"}).
WithExec([]string{"/bin/sh", "-c", "mkdir -p /tmp/stalwart && chmod 777 /tmp/stalwart"}).
WithExec([]string{"sqlite3", "/tmp/stalwart/data.sqlite", "CREATE TABLE IF NOT EXISTS s (k BLOB PRIMARY KEY, v BLOB NOT NULL); INSERT OR REPLACE INTO s VALUES ('version.spam-filter', 'dev');"}).
Directory("/tmp/stalwart")
return dag.Container().
From("stalwartlabs/stalwart:v0.14.1").
WithFile("/etc/stalwart/config.toml.orig", config).
WithExec([]string{"/bin/sh", "-c", "sed -e 's/hostname = \"localhost\"/hostname = \"stalwart\"/' -e 's/bind = \\[\"0.0.0.0:\\([0-9]*\\)\"\\]/bind = [\"0.0.0.0:\\1\", \"[::]:\\1\"]/g' /etc/stalwart/config.toml.orig > /etc/stalwart/config.toml"}).
WithDirectory("/tmp/stalwart", dataDir).
WithExposedPort(8080). // JMAP
WithExposedPort(1430). // IMAP
WithExposedPort(1025). // SMTP
WithExposedPort(4190). // ManageSieve
WithEntrypoint([]string{"stalwart", "--config", "/etc/stalwart/config.toml"}).
AsService()
// Setup environment: pub get and build_runner
func (m *Ci) Setup(source *dagger.Directory) *dagger.Container {
return m.Base(source).
WithExec([]string{"flutter", "pub", "get"}).
// Use --delete-conflicting-outputs to ensure generated files match the current source
WithExec([]string{"flutter", "pub", "run", "build_runner", "build", "--delete-conflicting-outputs"})
}
// WithStalwart binds the Stalwart service and sets test environment variables.
func (m *Ci) WithStalwart(container *dagger.Container) *dagger.Container {
stalwart := m.Stalwart()
return container.
WithServiceBinding("stalwart", stalwart).
WithEnvVariable("STALWART_IMAP_HOST", "stalwart").
WithEnvVariable("STALWART_SMTP_HOST", "stalwart").
WithEnvVariable("STALWART_URL", "http://stalwart:8080").
WithEnvVariable("STALWART_IMAP_PORT", "1430").
WithEnvVariable("STALWART_SMTP_PORT", "1025").
WithEnvVariable("STALWART_SIEVE_PORT", "4190").
WithEnvVariable("STALWART_USER_B", "alice@example.com").
WithEnvVariable("STALWART_PASS_B", "secret").
WithEnvVariable("STALWART_USER_C", "bob@example.com").
WithEnvVariable("STALWART_PASS_C", "secret")
}
// CheckHygiene checks that no forbidden home-directory files are in the source.
func (m *Ci) CheckHygiene(ctx context.Context) (string, error) {
return m.Base().
WithDirectory("/src", m.Source, dagger.ContainerWithDirectoryOpts{Owner: "ci"}).
WithWorkdir("/src").
// Run hygiene check
func (m *Ci) CheckHygiene(ctx context.Context, source *dagger.Directory) (string, error) {
return m.Base(source).
WithExec([]string{"/bin/bash", "-c", "FORBIDDEN=\".ssh .bashrc .config .local .cache .gitconfig .android Android .gradle .pub-cache .dartServer .flutter .dart-cli-completion .atuin .bash_logout .profile .zcompdump .zshrc snap .emulator_console_auth_token .lesshst .metadata .tmux.conf\"; for f in $FORBIDDEN; do if [ -e \"$f\" ]; then echo \"ERROR: Forbidden file/dir found in source: $f\"; exit 1; fi; done; echo \"Hygiene check passed.\""}).
Stdout(ctx)
}
// CheckLayers enforces that ui/ does not import data/.
func (m *Ci) CheckLayers(ctx context.Context) (string, error) {
return m.Base().
WithDirectory("/src", m.Source.Filter(dagger.DirectoryFilterOpts{Include: []string{"lib/"}}), dagger.ContainerWithDirectoryOpts{Owner: "ci"}).
WithWorkdir("/src").
// Enforce architecture — ui/ must not import data/
func (m *Ci) CheckLayers(ctx context.Context, source *dagger.Directory) (string, error) {
return m.Base(source).
WithExec([]string{"/bin/bash", "-c", "VIOLATIONS=$(grep -rn \"package:sharedinbox/data/\" lib/ui/ 2>/dev/null || true); if [ -n \"$VIOLATIONS\" ]; then echo \"ERROR: UI layer imports data layer (only core/ interfaces are allowed from ui/):\"; echo \"$VIOLATIONS\"; exit 1; fi; echo \"Layer check passed.\""}).
Stdout(ctx)
}
// Format runs dart format check.
func (m *Ci) Format(ctx context.Context) (string, error) {
return m.setup(m.checkSrc()).
// Run dart format check
func (m *Ci) Format(ctx context.Context, source *dagger.Directory) (string, error) {
return m.Base(source).
WithExec([]string{"dart", "format", "--output=none", "--set-exit-if-changed", "lib", "test"}).
Stdout(ctx)
}
// CheckMocks verifies that generated mocks are up to date.
// It snapshots the committed source (including any stale *.mocks.dart) before
// running build_runner, so git diff detects real staleness instead of always
// comparing two freshly-generated outputs.
func (m *Ci) CheckMocks(ctx context.Context) (string, error) {
return m.pubGetLayer().
WithDirectory("/src", m.checkSrc(), dagger.ContainerWithDirectoryOpts{Owner: "ci"}).
WithWorkdir("/src").
// Verify that mocks are up to date
func (m *Ci) CheckMocks(ctx context.Context, source *dagger.Directory) (string, error) {
return m.Setup(source).
WithExec([]string{"git", "init"}).
WithExec([]string{"git", "config", "user.email", "ci@sharedinbox.de"}).
WithExec([]string{"git", "config", "user.name", "CI"}).
WithExec([]string{"git", "add", "."}).
WithExec([]string{"git", "commit", "-q", "-m", "baseline"}).
WithExec([]string{"/bin/bash", "-c",
`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
`flutter pub run build_runner build --delete-conflicting-outputs >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
`grep -vE '^\[.*s\] \|' "$tmp" || true`}).
WithExec([]string{"git", "commit", "-m", "baseline"}).
WithExec([]string{"flutter", "pub", "run", "build_runner", "build", "--delete-conflicting-outputs"}).
WithExec([]string{"/bin/bash", "-c", "CHANGED=$(find . -name '*.mocks.dart' | xargs -r git diff --exit-code); if [ $? -ne 0 ]; then echo \"ERROR: Mocks are out of date\"; exit 1; fi; echo \"Mocks are up to date.\""}).
Stdout(ctx)
}
// Coverage runs unit tests with coverage gate.
func (m *Ci) Coverage(ctx context.Context) (string, error) {
return m.setup(m.checkSrc()).
WithExec([]string{"/bin/bash", "-c",
`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
`flutter test test/unit --coverage --reporter expanded --no-pub >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
`grep -E '^All [0-9]+ tests passed' "$tmp" || tail -1 "$tmp"`}).
// Run coverage check
func (m *Ci) Coverage(ctx context.Context, source *dagger.Directory) (string, error) {
return m.Setup(source).
WithExec([]string{"flutter", "test", "test/unit", "--coverage"}).
WithExec([]string{"dart", "scripts/check_coverage.dart"}).
Stdout(ctx)
}
// TestBackend runs IMAP/JMAP sync tests against a live Stalwart instance.
func (m *Ci) TestBackend(ctx context.Context) (string, error) {
return m.WithStalwart(m.setup(m.backendSrc())).
WithExec([]string{"/bin/bash", "-c",
`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
`flutter test --concurrency=1 --reporter expanded --no-pub test/backend >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
`grep -E '^All [0-9]+ tests passed' "$tmp" || tail -1 "$tmp"`}).
Stdout(ctx)
}
// Full check suite (equivalent to task check)
func (m *Ci) Check(ctx context.Context, source *dagger.Directory) (string, error) {
setup := m.Setup(source)
// TestIntegration runs UI integration tests via Xvfb.
func (m *Ci) TestIntegration(ctx context.Context) (string, error) {
return m.WithStalwart(m.setup(m.integrationSrc())).
WithEnvVariable("LIBGL_ALWAYS_SOFTWARE", "1").
WithExec([]string{"/bin/bash", "-c",
`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
`xvfb-run -s '-screen 0 1280x720x24' flutter test integration_test/ -d linux >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
`grep -E '^All [0-9]+ tests passed' "$tmp" || tail -1 "$tmp"`}).
Stdout(ctx)
}
// TestSyncReliability runs the sync reliability runner.
func (m *Ci) TestSyncReliability(ctx context.Context) (string, error) {
return m.WithStalwart(m.setup(m.backendSrc())).
WithExec([]string{"/bin/bash", "-c",
`tmp=$(mktemp); trap 'rm -f "$tmp"' EXIT; ` +
`flutter test test/backend/sync_reliability_test.dart --reporter expanded --concurrency=1 --no-pub >"$tmp" 2>&1 || { cat "$tmp"; exit 1; }; ` +
`grep -E '^All [0-9]+ tests passed' "$tmp" || tail -1 "$tmp"`}).
Stdout(ctx)
}
// Check runs the full check suite.
func (m *Ci) Check(ctx context.Context) (string, error) {
ctx, cancel := context.WithTimeout(ctx, 30*time.Minute)
defer cancel()
if _, err := m.CheckHygiene(ctx); err != nil {
// Hygiene & Layers
if _, err := m.CheckHygiene(ctx, source); err != nil {
return "Hygiene check failed", err
}
if _, err := m.CheckLayers(ctx); err != nil {
if _, err := m.CheckLayers(ctx, source); err != nil {
return "Layer check failed", err
}
checkSetup := m.setup(m.checkSrc())
if _, err := checkSetup.WithExec([]string{"dart", "format", "--output=none", "--set-exit-if-changed", "lib", "test"}).Stdout(ctx); err != nil {
// Format (Running after Setup/pub get ensures package resolution context)
if _, err := setup.WithExec([]string{"dart", "format", "--output=none", "--set-exit-if-changed", "lib", "test"}).Stdout(ctx); err != nil {
return "Format check failed", err
}
analyze, err := checkSetup.WithExec([]string{"dart", "analyze", "--fatal-infos"}).Stdout(ctx)
// Run analyze
analyze, err := setup.WithExec([]string{"flutter", "analyze"}).Stdout(ctx)
if err != nil {
return analyze, err
}
mocks, err := m.CheckMocks(ctx)
if err != nil {
return mocks, err
}
coverage, err := m.Coverage(ctx)
// Run coverage gate (includes unit tests)
coverage, err := m.Coverage(ctx, source)
if err != nil {
return coverage, err
}
var testBackend, testIntegration string
eg, egCtx := errgroup.WithContext(ctx)
eg.Go(func() error {
var e error
testBackend, e = m.TestBackend(egCtx)
return e
})
eg.Go(func() error {
var e error
testIntegration, e = m.TestIntegration(egCtx)
return e
})
if err := eg.Wait(); err != nil {
return "", err
// Run backend tests (requires Stalwart)
testBackend, err := setup.WithExec([]string{"stalwart-dev/test.sh"}).Stdout(ctx)
if err != nil {
return testBackend, err
}
return fmt.Sprintf("All checks passed!\n\nAnalysis:\n%s\n\n%s\n\n%s\n\nBackend Tests:\n%s\n\nIntegration Tests:\n%s\n", analyze, mocks, coverage, testBackend, testIntegration), nil
return fmt.Sprintf("All checks passed!\n\nAnalysis:\n%s\n\n%s\n\nBackend Tests:\n%s\n", analyze, coverage, testBackend), nil
}
// GenerateBuildHistory scans the remote server and produces Hugo content.
// Generate build history Hugo content by scanning the remote server
func (m *Ci) GenerateBuildHistory(
ctx context.Context,
source *dagger.Directory,
sshKey *dagger.Secret,
knownHosts *dagger.Secret,
sshUser string,
sshHost string,
) *dagger.Directory {
scriptSource := m.Source.Filter(dagger.DirectoryFilterOpts{
scriptSource := source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"scripts/generate_build_history.py", "website/"},
})
@@ -528,7 +170,6 @@ func (m *Ci) GenerateBuildHistory(
From("python:3.12-alpine").
WithExec([]string{"apk", "add", "--no-cache", "openssh-client"}).
WithMountedSecret("/root/.ssh/id_ed25519", sshKey, dagger.ContainerWithMountedSecretOpts{Mode: 0600}).
WithMountedSecret("/root/.ssh/known_hosts", knownHosts, dagger.ContainerWithMountedSecretOpts{Mode: 0644}).
WithEnvVariable("SSH_USER", sshUser).
WithEnvVariable("SSH_HOST", sshHost).
WithDirectory("/src", scriptSource).
@@ -537,20 +178,23 @@ func (m *Ci) GenerateBuildHistory(
Directory("website/content/builds")
}
// BuildWebsite builds the Hugo-based website.
// Build and return the Hugo-based website bundle
func (m *Ci) BuildWebsite(
ctx context.Context,
source *dagger.Directory,
sshKey *dagger.Secret,
knownHosts *dagger.Secret,
sshUser string,
sshHost string,
) *dagger.Directory {
buildHistory := m.GenerateBuildHistory(ctx, sshKey, knownHosts, sshUser, sshHost)
// 1. Generate build history content
buildHistory := m.GenerateBuildHistory(ctx, source, sshKey, sshUser, sshHost)
websiteSource := m.Source.Filter(dagger.DirectoryFilterOpts{
// 2. Prepare website source (base files + generated history)
websiteSource := source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"website/"},
}).WithDirectory("website/content/builds", buildHistory)
// 3. Build with Hugo
return m.Hugo().
WithDirectory("/src", websiteSource).
WithWorkdir("/src/website").
@@ -558,17 +202,19 @@ func (m *Ci) BuildWebsite(
Directory("public")
}
// PublishWebsite builds and deploys the website to the remote server.
// Build and deploy the website to the remote server
func (m *Ci) PublishWebsite(
ctx context.Context,
source *dagger.Directory,
sshKey *dagger.Secret,
knownHosts *dagger.Secret,
sshUser string,
sshHost string,
) (string, error) {
public := m.BuildWebsite(ctx, sshKey, knownHosts, sshUser, sshHost)
// 1. Build the website
public := m.BuildWebsite(ctx, source, sshKey, sshUser, sshHost)
return m.Deployer(sshKey, knownHosts).
// 2. Deploy using rsync
return m.Deployer(sshKey).
WithDirectory("/public", public).
WithExec([]string{"rsync", "-avz", "--delete",
"--exclude=*.apk", "--exclude=*.tar.gz",
@@ -576,177 +222,106 @@ func (m *Ci) PublishWebsite(
Stdout(ctx)
}
// BuildLinux builds the Linux release bundle.
func (m *Ci) BuildLinux() *dagger.Directory {
return m.setup(m.linuxSrc()).
// Build and return the Linux bundle
func (m *Ci) BuildLinux(source *dagger.Directory) *dagger.Directory {
return m.Setup(source).
WithExec([]string{"flutter", "build", "linux", "--debug"}).
Directory("build/linux/x64/debug/bundle")
}
// Build and return the Linux bundle (release)
func (m *Ci) BuildLinuxRelease(source *dagger.Directory) *dagger.Directory {
return m.Setup(source).
WithExec([]string{"flutter", "build", "linux", "--release"}).
Directory("build/linux/x64/release/bundle")
}
// BuildLinuxRelease builds the Linux release bundle.
func (m *Ci) BuildLinuxRelease() *dagger.Directory {
return m.setup(m.linuxSrc()).
WithExec([]string{"flutter", "build", "linux", "--release"}).
Directory("build/linux/x64/release/bundle")
}
// DeployLinux packages and deploys the Linux release to the server.
// Package and deploy the Linux release to the server
func (m *Ci) DeployLinux(
ctx context.Context,
source *dagger.Directory,
sshKey *dagger.Secret,
knownHosts *dagger.Secret,
sshUser string,
sshHost string,
commitHash string,
) (string, error) {
bundle := m.BuildLinuxRelease()
// 1. Build the release bundle
bundle := m.BuildLinuxRelease(source)
// 2. Package and deploy
datePath := time.Now().Format("2006/01/02")
remoteDir := fmt.Sprintf("public_html/builds/%s", datePath)
tarball := fmt.Sprintf("sharedinbox-linux-amd64-%s.tar.gz", commitHash)
return m.Deployer(sshKey, knownHosts).
return m.Deployer(sshKey).
WithDirectory("/bundle", bundle).
WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("tar -czf /tmp/%s -C /bundle .", tarball)}).
WithExec([]string{"ssh", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -i /root/.ssh/id_ed25519 /tmp/%s %s@%s:%s/%s", tarball, sshUser, sshHost, remoteDir, tarball)}).
WithExec([]string{"ssh", "-o", "StrictHostKeyChecking=no", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519 /tmp/%s %s@%s:%s/%s", tarball, sshUser, sshHost, remoteDir, tarball)}).
Stdout(ctx)
}
// setupKeystore decodes the base64 keystore into the android build container.
func (m *Ci) setupKeystore(keystoreBase64 *dagger.Secret, keystorePassword *dagger.Secret) *dagger.Container {
return m.setup(m.androidSrc()).
WithSecretVariable("ANDROID_KEYSTORE_BASE64", keystoreBase64).
// Build and return the Android APK
func (m *Ci) BuildAndroidApk(source *dagger.Directory, keystorePassword *dagger.Secret) *dagger.File {
return m.Setup(source).
WithSecretVariable("ANDROID_KEYSTORE_PASSWORD", keystorePassword).
WithExec([]string{"/bin/sh", "-c", `echo "$ANDROID_KEYSTORE_BASE64" | base64 -d > android/app/upload-keystore.jks`})
}
// BuildAndroidApk builds a release APK signed with the upload key.
func (m *Ci) BuildAndroidApk(keystoreBase64 *dagger.Secret, keystorePassword *dagger.Secret, buildNumber string) *dagger.File {
return m.setupKeystore(keystoreBase64, keystorePassword).
WithExec([]string{"flutter", "build", "apk", "--release", "--no-pub", "--build-number", buildNumber}).
WithExec([]string{"flutter", "build", "apk", "--release"}).
File("build/app/outputs/flutter-apk/app-release.apk")
}
// DeployApk builds and deploys the APK to the server.
// Deploy the Android APK to the server
func (m *Ci) DeployApk(
ctx context.Context,
source *dagger.Directory,
sshKey *dagger.Secret,
knownHosts *dagger.Secret,
sshUser string,
sshHost string,
commitHash string,
keystoreBase64 *dagger.Secret,
keystorePassword *dagger.Secret,
buildNumber string,
) (string, error) {
apk := m.BuildAndroidApk(keystoreBase64, keystorePassword, buildNumber)
// 1. Build the APK
apk := m.BuildAndroidApk(source, keystorePassword)
// 2. Deploy
datePath := time.Now().Format("2006/01/02")
remoteDir := fmt.Sprintf("public_html/builds/%s", datePath)
apkName := fmt.Sprintf("sharedinbox-mua-%s.apk", commitHash)
return m.Deployer(sshKey, knownHosts).
return m.Deployer(sshKey).
WithFile("/tmp/app.apk", apk).
WithExec([]string{"ssh", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -i /root/.ssh/id_ed25519 /tmp/app.apk %s@%s:%s/%s", sshUser, sshHost, remoteDir, apkName)}).
WithExec([]string{"ssh", "-o", "StrictHostKeyChecking=no", "-i", "/root/.ssh/id_ed25519", fmt.Sprintf("%s@%s", sshUser, sshHost), fmt.Sprintf("mkdir -p %s", remoteDir)}).
WithExec([]string{"/bin/sh", "-c", fmt.Sprintf("scp -o StrictHostKeyChecking=no -i /root/.ssh/id_ed25519 /tmp/app.apk %s@%s:%s/%s", sshUser, sshHost, remoteDir, apkName)}).
Stdout(ctx)
}
// BuildAndroidDebugApks builds the debug app APK and the androidTest APK needed for Firebase Test Lab.
// Returns a flat directory with app-debug.apk and app-debug-androidTest.apk.
func (m *Ci) BuildAndroidDebugApks() *dagger.Directory {
built := m.setup(m.firebaseSrc()).
WithMountedCache("/home/ci/.gradle", dag.CacheVolume("gradle-cache"), dagger.ContainerWithMountedCacheOpts{Owner: "ci"}).
WithExec([]string{"flutter", "build", "apk", "--debug", "--no-pub"}).
WithWorkdir("/src/android").
// --no-daemon avoids connecting to a stale daemon whose registry file was
// preserved in the Dagger layer snapshot but whose process no longer exists.
WithExec([]string{"./gradlew", "--no-daemon", "app:assembleAndroidTest"}).
WithWorkdir("/src").
WithExec([]string{"/bin/bash", "-c",
`apk=$(find /src -path "*androidTest*" -name "*.apk" -type f 2>/dev/null | head -1) && \
[ -n "$apk" ] || { echo "ERROR: no androidTest APK found; APKs present:"; find /src -name "*.apk" -type f 2>/dev/null; exit 1; } && \
echo "Found test APK: $apk" && \
cp "$apk" /src/app-debug-androidTest.apk`})
return dag.Directory().
WithFile("app-debug.apk",
built.File("build/app/outputs/flutter-apk/app-debug.apk")).
WithFile("app-debug-androidTest.apk",
built.File("app-debug-androidTest.apk"))
}
// TestAndroidFirebase builds Android APKs and runs instrumented tests on Firebase Test Lab.
func (m *Ci) TestAndroidFirebase(
ctx context.Context,
serviceAccountKey *dagger.Secret,
projectID string,
) (string, error) {
apks := m.BuildAndroidDebugApks()
return dag.Container().
From("google/cloud-sdk:slim").
WithDirectory("/apks", apks).
WithSecretVariable("FIREBASE_SA_KEY", serviceAccountKey).
WithEnvVariable("FIREBASE_PROJECT_ID", projectID).
WithExec([]string{"/bin/bash", "-c",
`auth_err=$(mktemp); trap 'rm -f "$auth_err"' EXIT; \
gcloud auth activate-service-account --key-file=<(echo "$FIREBASE_SA_KEY") 2>"$auth_err" \
|| { cat "$auth_err"; exit 1; }; \
gcloud config set project "$FIREBASE_PROJECT_ID" 2>>"$auth_err" \
|| { cat "$auth_err"; exit 1; }; \
unknown=$(grep -vF "Activated service account credentials for:" "$auth_err" \
| grep -vF "Updated property [core/project]." | grep -v "^$" || true); \
[ -z "$unknown" ] || { echo "ERROR: unexpected gcloud auth output: $unknown"; exit 1; }; \
out=$(gcloud firebase test android run \
--type instrumentation \
--app /apks/app-debug.apk \
--test /apks/app-debug-androidTest.apk \
--device model=oriole,version=33,locale=en,orientation=portrait \
--results-bucket=gs://sharedinbox-ftl-results 2>&1); rc=$?; echo "$out"; \
[ "$rc" -eq 0 ] || { echo "ERROR: gcloud firebase test exited with code $rc"; exit "$rc"; }; \
expected_devices=1; \
actual_devices=$(echo "$out" | grep "│" | grep -cE "(Passed|Failed|Inconclusive|Skipped)") || actual_devices=0; \
[ "$actual_devices" -eq "$expected_devices" ] || \
{ echo "ERROR: expected $expected_devices test result(s) but found $actual_devices"; exit 1; }; \
echo "$out" | grep -q "Passed" || { echo "ERROR: no passing test results — tests failed or did not run"; exit 1; }`}).
Stdout(ctx)
}
// BuildAndroidRelease builds the AAB with a fixed build-number so Dagger can cache it.
// versionCode and signing are applied separately via StampAndroidVersionCode + SignAndroidBundle.
func (m *Ci) BuildAndroidRelease() *dagger.File {
return m.setup(m.androidSrc()).
WithExec([]string{"flutter", "build", "appbundle", "--release", "--no-pub", "--build-number", "1"}).
// Build and return the Android App Bundle (AAB)
func (m *Ci) BuildAndroidRelease(source *dagger.Directory, keystorePassword *dagger.Secret) *dagger.File {
return m.Setup(source).
WithSecretVariable("ANDROID_KEYSTORE_PASSWORD", keystorePassword).
WithExec([]string{"flutter", "build", "appbundle", "--release"}).
File("build/app/outputs/bundle/release/app-release.aab")
}
// withGoCache mounts Dagger cache volumes for GOCACHE and GOMODCACHE so Go
// builds inside the container reuse cached packages between pipeline runs.
func withGoCache(c *dagger.Container) *dagger.Container {
return c.
WithMountedCache("/home/ci/.cache/go-build", dag.CacheVolume("go-build-cache")).
WithMountedCache("/home/ci/go/pkg/mod", dag.CacheVolume("go-mod-cache")).
WithEnvVariable("GOCACHE", "/home/ci/.cache/go-build").
WithEnvVariable("GOMODCACHE", "/home/ci/go/pkg/mod")
}
// UploadToPlayStore uploads a pre-built AAB to the Play Store internal track.
func (m *Ci) UploadToPlayStore(
// Publish the Android App Bundle to Google Play Store
func (m *Ci) PublishAndroid(
ctx context.Context,
aab *dagger.File,
source *dagger.Directory,
playStoreConfig *dagger.Secret,
keystorePassword *dagger.Secret,
) (string, error) {
scriptSource := m.Source.Filter(dagger.DirectoryFilterOpts{
// 1. Build the AAB
aab := m.BuildAndroidRelease(source, keystorePassword)
// 2. Prepare script source
scriptSource := source.Filter(dagger.DirectoryFilterOpts{
Include: []string{"scripts/deploy_playstore.py"},
})
// 3. Deploy
return dag.Container().
From("python:3.12-alpine").
WithExec([]string{"apk", "add", "--no-cache", "curl"}).
WithMountedCache("/root/.cache/pip", dag.CacheVolume("pip-cache")).
WithExec([]string{"pip", "install", "google-auth", "requests"}).
WithExec([]string{"pip", "install", "requests", "google-auth"}).
WithFile("/src/build/app/outputs/bundle/release/app-release.aab", aab).
WithFile("/src/scripts/deploy_playstore.py", scriptSource.File("scripts/deploy_playstore.py")).
WithSecretVariable("PLAY_STORE_CONFIG_JSON", playStoreConfig).
@@ -754,115 +329,3 @@ func (m *Ci) UploadToPlayStore(
WithExec([]string{"python3", "scripts/deploy_playstore.py"}).
Stdout(ctx)
}
// StampAndroidVersionCode patches the versionCode in a built AAB without rebuilding.
func (m *Ci) StampAndroidVersionCode(aab *dagger.File, versionCode int) *dagger.File {
return dag.Container().
From("python:3.12-alpine").
WithNewFile("/patch.py", patchAabScript).
WithFile("/in.aab", aab).
WithExec([]string{"python3", "/patch.py", "/in.aab", "/out.aab", fmt.Sprintf("%d", versionCode)}).
File("/out.aab")
}
// SignAndroidBundle signs an AAB with the release upload key via jarsigner.
func (m *Ci) SignAndroidBundle(aab *dagger.File, keystoreBase64 *dagger.Secret, keystorePassword *dagger.Secret) *dagger.File {
return dag.Container().
From("eclipse-temurin:17-jdk-alpine").
WithFile("/app.aab", aab).
WithSecretVariable("KS_BASE64", keystoreBase64).
WithSecretVariable("KS_PASS", keystorePassword).
WithExec([]string{"sh", "-c",
`[ -n "$KS_BASE64" ] || { echo "ERROR: KS_BASE64 secret is empty — ANDROID_KEYSTORE_BASE64 not set"; exit 1; }
[ -n "$KS_PASS" ] || { echo "ERROR: KS_PASS secret is empty — ANDROID_KEYSTORE_PASSWORD not set"; exit 1; }
echo "$KS_BASE64" | base64 -d > /keystore.jks && \
jarsigner -sigalg SHA256withRSA -digestalg SHA-256 \
-signedjar /signed.aab \
-keystore /keystore.jks \
-storepass "$KS_PASS" -keypass "$KS_PASS" \
/app.aab upload`}).
File("/signed.aab")
}
// PublishAndroid builds a cached AAB, stamps the versionCode, re-signs, and uploads to Play Store.
func (m *Ci) PublishAndroid(
ctx context.Context,
playStoreConfig *dagger.Secret,
keystoreBase64 *dagger.Secret,
keystorePassword *dagger.Secret,
) (string, error) {
versionCode := int(time.Now().Unix())
aab := m.BuildAndroidRelease()
stamped := m.StampAndroidVersionCode(aab, versionCode)
signed := m.SignAndroidBundle(stamped, keystoreBase64, keystorePassword)
return m.UploadToPlayStore(ctx, signed, playStoreConfig)
}
// Graph returns a Mermaid diagram of the CI pipeline structure.
// Paste the output into any Mermaid renderer (codeberg, github, mermaid.live)
// or save it as a .md file to get a rendered diagram.
//
// Usage:
//
// dagger call --progress=plain -q -m ci --source=. graph
func (m *Ci) Graph() string {
return `# CI Pipeline Graph
` + "```" + `mermaid
flowchart TD
subgraph dagger ["Dagger · Check pipeline"]
toolchain["toolchain\nflutter:3.41.6 + NDK + apt + precache"]
pubGet["pubGetLayer\nflutter pub get"]
codegen["codegenBase\nbuild_runner build\n(shared cache)"]
stalwart(["Stalwart service\nIMAP · JMAP · SMTP · Sieve"])
toolchain --> pubGet
pubGet --> codegen
pubGet --> hygiene["CheckHygiene"]
pubGet --> layers["CheckLayers"]
pubGet --> mocks["CheckMocks\n(own build_runner run)"]
codegen --> fmt["Format"]
codegen --> analyze["Analyze"]
codegen --> coverage["Coverage\nunit tests + gate"]
codegen --> backend["TestBackend\nIMAP / JMAP"]
codegen --> integration["TestIntegration\nXvfb · Linux desktop"]
stalwart --> backend
stalwart --> integration
hygiene --> check{{"✓ Check"}}
layers --> check
fmt --> check
analyze --> check
mocks --> check
coverage --> check
backend --> check
integration --> check
end
subgraph forgejo_ci ["Codeberg CI · ci.yml (push/PR, source paths only)"]
ciCheck["check"]
end
subgraph forgejo_deploy ["Codeberg CI · deploy.yml (hourly schedule + workflow_dispatch)"]
detectChanges["check-changes\ndetect android / linux diff"]
buildLinux["build-linux\n(linux changed)"]
deployPS["deploy-playstore\n(android changed)"]
deployApk["deploy-apk\n(android changed)"]
fbTest["test-android-firebase\n(android changed)"]
pubWeb["publish-website\n(any build succeeded)"]
detectChanges --> buildLinux
detectChanges --> deployPS
detectChanges --> deployApk
detectChanges --> fbTest
buildLinux --> pubWeb
deployPS --> pubWeb
deployApk --> pubWeb
end
check -- "task check-dagger" --> ciCheck
` + "```"
}
ci/otel-receiver.py
-195
View File
@@ -1,195 +0,0 @@
#!/usr/bin/env python3
"""
Minimal OTLP HTTP/protobuf trace receiver for Dagger CI timing.
Usage:
python3 ci/otel-receiver.py --port-file=/tmp/otel.port
Caller sets:
OTEL_EXPORTER_OTLP_ENDPOINT=http://127.0.0.1:<port>
OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
"""
import argparse
import signal
import struct
import sys
import threading
from http.server import BaseHTTPRequestHandler, HTTPServer
# ── Minimal protobuf binary decoder ─────────────────────────────────────────
# Only decodes the fields we need; skips everything else safely.
def _varint(buf, pos):
n, shift = 0, 0
while pos < len(buf):
b = buf[pos]; pos += 1
n |= (b & 0x7F) << shift
shift += 7
if not (b & 0x80):
return n, pos
raise ValueError("truncated varint")
def _fields(buf):
"""Yield (field_num, wire_type, raw_value) for each field in a message."""
pos = 0
while pos < len(buf):
tag, pos = _varint(buf, pos)
wt, fn = tag & 7, tag >> 3
if wt == 0: # varint
v, pos = _varint(buf, pos)
elif wt == 1: # fixed64
v = struct.unpack_from("<Q", buf, pos)[0]; pos += 8
elif wt == 2: # length-delimited
n, pos = _varint(buf, pos)
v = buf[pos:pos + n]; pos += n
elif wt == 5: # fixed32
v = struct.unpack_from("<I", buf, pos)[0]; pos += 4
else:
break # unknown: stop
yield fn, wt, v
def _any_value(buf):
"""Parse AnyValue, return (type_tag, python_value)."""
for fn, wt, v in _fields(buf):
if fn == 1 and wt == 2: # string_value
return "str", v.decode("utf-8", errors="replace")
if fn == 2 and wt == 0: # bool_value
return "bool", bool(v)
if fn == 3 and wt == 0: # int_value (sint64)
return "int", v
if fn == 4 and wt == 1: # double_value
return "float", struct.unpack("<d", struct.pack("<Q", v))[0]
return None, None
def _keyvalue(buf):
key, tag, val = None, None, None
for fn, wt, v in _fields(buf):
if fn == 1 and wt == 2:
key = v.decode("utf-8", errors="replace")
elif fn == 2 and wt == 2:
tag, val = _any_value(v)
return key, tag, val
def _span(buf):
name = ""
start_ns = end_ns = 0
cached = False
for fn, wt, v in _fields(buf):
if fn == 5 and wt == 2: # name
name = v.decode("utf-8", errors="replace")
elif fn == 7 and wt == 1: # start_time_unix_nano
start_ns = v
elif fn == 8 and wt == 1: # end_time_unix_nano
end_ns = v
elif fn == 9 and wt == 2: # attributes (repeated)
k, tag, val = _keyvalue(v)
if tag == "bool" and k and "cached" in k.lower():
cached = val
return {"name": name, "dur": max(0.0, (end_ns - start_ns) / 1e9), "cached": cached}
def _decode(body):
spans = []
for fn1, wt1, rs in _fields(body): # resource_spans = 1
if fn1 != 1 or wt1 != 2:
continue
for fn2, wt2, ss in _fields(rs): # scope_spans = 2
if fn2 != 2 or wt2 != 2:
continue
for fn3, wt3, sp in _fields(ss): # spans = 2
if fn3 == 2 and wt3 == 2:
spans.append(_span(sp))
return spans
# ── HTTP receiver ────────────────────────────────────────────────────────────
_spans = []
_lock = threading.Lock()
class _Handler(BaseHTTPRequestHandler):
protocol_version = "HTTP/1.1"
def _respond(self, code, body=b""):
self.close_connection = True # actually close after response, matching the header
self.send_response(code)
self.send_header("Content-Type", "application/x-protobuf")
self.send_header("Content-Length", str(len(body)))
self.send_header("Connection", "close")
self.end_headers()
if body:
self.wfile.write(body)
def do_GET(self):
if self.path != "/shutdown":
self._respond(404); return
self._respond(200, b"shutting down")
threading.Thread(target=self.server.shutdown, daemon=True).start()
def do_POST(self):
if self.path != "/v1/traces":
self._respond(404); return
n = int(self.headers.get("Content-Length", 0))
body = self.rfile.read(n)
try:
decoded = _decode(body)
except Exception as exc:
print(f"[otel-receiver] decode error: {exc}", file=sys.stderr, flush=True)
self._respond(400, str(exc).encode()); return
with _lock:
_spans.extend(decoded)
self._respond(200)
def log_message(self, *_):
pass
# ── Timing report ────────────────────────────────────────────────────────────
def _report():
with _lock:
if not _spans:
print("otel-receiver: no spans received", file=sys.stderr)
return
rows = sorted(_spans, key=lambda r: r["dur"], reverse=True)
NAME_W = 38
print(f'\n{"STATUS":<6} {"DURATION":>8} SPAN')
print("" * (6 + 2 + 8 + 2 + NAME_W + 20))
for r in rows:
status = "CACHED" if r["cached"] else "LIVE"
name = r["name"]
if len(name) > NAME_W:
name = name[: NAME_W - 1] + ""
print(f'{status:<6} {r["dur"]:7.2f}s {name}')
print(f"\n{len(rows)} spans total")
def main():
ap = argparse.ArgumentParser()
ap.add_argument("--port-file", default="")
args = ap.parse_args()
server = HTTPServer(("127.0.0.1", 0), _Handler)
if args.port_file:
with open(args.port_file, "w") as f:
f.write(str(server.server_address[1]))
def _shutdown(sig, frame):
threading.Thread(target=server.shutdown, daemon=True).start()
signal.signal(signal.SIGTERM, _shutdown)
signal.signal(signal.SIGINT, _shutdown)
server.serve_forever()
_report()
if __name__ == "__main__":
main()
deploy.sh
-21
View File
@@ -1,21 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
REPO_DIR="$(cd "$(dirname "$0")" && pwd)"
# Load .env into environment
set -a
# shellcheck source=.env
source "$REPO_DIR/.env"
set +a
# SSH_PRIVATE_KEY must not live in .env (dagger parses .env and chokes on multiline values)
export SSH_PRIVATE_KEY=$(cat "$HOME/.ssh/id_ed25519")
# Add nix profile and nix store tools (task, dagger) to PATH
export PATH="$HOME/.nix-profile/bin:$PATH"
for pkg in "*go-task-*/bin/task" "*dagger-*/bin/dagger"; do
bin=$(ls -d /nix/store/$pkg 2>/dev/null | sort -V | tail -1)
[ -n "$bin" ] && export PATH="$(dirname "$bin"):$PATH"
done
exec python3 "$REPO_DIR/deploy_cron.py"
deploy_cron.py
-55
View File
@@ -1,55 +0,0 @@
#!/usr/bin/env python3
"""
Cron deploy script for sharedinbox website.
Runs every 5 minutes; skips if origin/main has not changed since last trigger.
Triggers the 'Deploy Website' Forgejo Actions workflow via fgj on each new commit.
Forgejo Actions handles failure reporting.
"""
import subprocess
import sys
from pathlib import Path
REPO_DIR = Path(__file__).parent.resolve()
SHA_FILE = REPO_DIR / '.last_deployed_sha'
REPO = 'guettli/sharedinbox'
def git(*args):
return subprocess.run(
['git', *args], cwd=REPO_DIR, check=True,
capture_output=True, text=True,
).stdout.strip()
def read(path: Path) -> str:
return path.read_text().strip() if path.exists() else ''
def main():
try:
git('fetch', 'origin', 'main')
except subprocess.CalledProcessError as exc:
print(f'git fetch failed (transient?): {exc} — skipping this run.', file=sys.stderr)
return
remote_sha = git('rev-parse', 'origin/main')
last_sha = read(SHA_FILE)
if remote_sha == last_sha:
print(f'No changes since {remote_sha[:8]}, skipping.')
return
print(f'New commit {remote_sha[:8]} (was {last_sha[:8] or "none"}) — triggering workflow...')
result = subprocess.run(
['fgj', 'actions', 'workflow', 'run', 'website.yml', '-R', REPO],
capture_output=True, text=True,
)
if result.returncode != 0:
print(f'fgj workflow run failed: {result.stderr}', file=sys.stderr)
sys.exit(1)
SHA_FILE.write_text(remote_sha + '\n')
print('Workflow triggered.')
if __name__ == '__main__':
main()
flake.nix
+2 -7
View File
@@ -29,11 +29,7 @@
cairo
gdk-pixbuf
harfbuzz
# Dagger remote setup dependencies
stunnel
netcat
];
fgj = pkgs.stdenv.mkDerivation {
pname = "fgj";
version = "0.4.0";
@@ -94,9 +90,8 @@
sqlite
# python3 base + Google Play API client (for scripts/deploy_playstore.py)
(python3.withPackages (ps: with ps; [
google-api-python-client
google-auth-httplib2
httplib2
google-auth
requests
])) # used by stalwart-dev/start and deploy_playstore.py
fgj # Codeberg/Forgejo CLI (like gh for GitHub)
]);
integration_test/app_e2e_test.dart
+6 -22
View File
@@ -112,28 +112,12 @@ void main() {
late String userPass;
setUpAll(() {
const required = [
'STALWART_IMAP_HOST',
'STALWART_IMAP_PORT',
'STALWART_SMTP_HOST',
'STALWART_SMTP_PORT',
'STALWART_USER_B',
'STALWART_PASS_B',
];
final missing = required.where((k) => Platform.environment[k] == null).toList();
if (missing.isNotEmpty) {
fail(
'Missing required environment variables: ${missing.join(', ')}. '
'This test requires a running Stalwart instance — '
'run via stalwart-dev/integration_ui_test.sh.',
);
}
imapHost = Platform.environment['STALWART_IMAP_HOST']!;
imapPort = int.parse(Platform.environment['STALWART_IMAP_PORT']!);
smtpHost = Platform.environment['STALWART_SMTP_HOST']!;
smtpPort = int.parse(Platform.environment['STALWART_SMTP_PORT']!);
userEmail = Platform.environment['STALWART_USER_B']!;
userPass = Platform.environment['STALWART_PASS_B']!;
imapHost = Platform.environment['STALWART_IMAP_HOST'] ?? '127.0.0.1';
imapPort = int.parse(Platform.environment['STALWART_IMAP_PORT'] ?? '1430');
smtpHost = Platform.environment['STALWART_SMTP_HOST'] ?? '127.0.0.1';
smtpPort = int.parse(Platform.environment['STALWART_SMTP_PORT'] ?? '1025');
userEmail = Platform.environment['STALWART_USER_B'] ?? 'alice@example.com';
userPass = Platform.environment['STALWART_PASS_B'] ?? 'secret';
});
testWidgets(
lib/core/services/notification_service.dart
+14 -23
View File
@@ -1,40 +1,31 @@
import 'dart:io';
import 'package:flutter/services.dart';
import 'package:flutter_local_notifications/flutter_local_notifications.dart';
const _kChannelId = 'new_mail';
const _kChannelName = 'New mail';
final _plugin = FlutterLocalNotificationsPlugin();
bool _initialized = false;
Future<void> initNotifications() async {
try {
const android = AndroidInitializationSettings('@mipmap/ic_launcher');
await _plugin.initialize(
settings: const InitializationSettings(android: android),
onDidReceiveNotificationResponse: (_) {},
);
await _plugin
.resolvePlatformSpecificImplementation<
AndroidFlutterLocalNotificationsPlugin>()
?.requestNotificationsPermission();
_initialized = true;
} on MissingPluginException {
// Plugin not registered on this device; notifications silently disabled.
} catch (_) {
// Unexpected initialization failure; notifications silently disabled.
}
const android = AndroidInitializationSettings('@mipmap/ic_launcher');
await _plugin.initialize(
const InitializationSettings(android: android),
onDidReceiveNotificationResponse: (_) {},
);
await _plugin
.resolvePlatformSpecificImplementation<
AndroidFlutterLocalNotificationsPlugin>()
?.requestNotificationsPermission();
}
Future<void> showNewMailNotification(String accountEmail) async {
if (!Platform.isAndroid || !_initialized) return;
if (!Platform.isAndroid) return;
await _plugin.show(
id: accountEmail.hashCode & 0x7FFFFFFF,
title: 'New mail',
body: accountEmail,
notificationDetails: const NotificationDetails(
accountEmail.hashCode & 0x7FFFFFFF,
'New mail',
accountEmail,
const NotificationDetails(
android: AndroidNotificationDetails(
_kChannelId,
_kChannelName,
lib/core/services/undo_service.dart
+15 -16
View File
@@ -4,39 +4,38 @@ import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:sharedinbox/core/models/undo_action.dart';
import 'package:sharedinbox/di.dart';
class UndoService extends Notifier<List<UndoAction>> {
class UndoService extends StateNotifier<List<UndoAction>> {
UndoService(this._ref) : super([]);
final Ref _ref;
static const int _maxHistory = 10;
// Resolves once build() has loaded persisted history.
late Future<void> _ready;
// Resolves once init() has loaded persisted history. Default to an already-
// resolved future so operations are safe even if init() is never called.
Future<void> _ready = Future.value();
@override
List<UndoAction> build() {
_ready = ref.read(undoRepositoryProvider).getHistory().then((history) {
if (ref.mounted) state = history;
Future<void> init() async {
_ready = _ref.read(undoRepositoryProvider).getHistory().then((history) {
if (mounted) state = history;
});
return [];
await _ready;
}
/// Waits for the persisted history to finish loading. Called by tests to
/// ensure the provider is ready before asserting state.
Future<void> init() => _ready;
Future<void> pushAction(UndoAction action) async {
await _ready;
final newList = [...state, action];
if (newList.length > _maxHistory) {
final removed = newList.removeAt(0);
await ref.read(undoRepositoryProvider).deleteAction(removed.id);
await _ref.read(undoRepositoryProvider).deleteAction(removed.id);
}
state = newList;
await ref.read(undoRepositoryProvider).saveAction(action);
await _ref.read(undoRepositoryProvider).saveAction(action);
}
Future<void> clear() async {
await _ready;
state = [];
unawaited(ref.read(undoRepositoryProvider).clearHistory());
unawaited(_ref.read(undoRepositoryProvider).clearHistory());
}
Future<void> undo({String? actionId}) async {
@@ -58,7 +57,7 @@ class UndoService extends Notifier<List<UndoAction>> {
// happened and retry if the undo failed (e.g. after an IMAP sync reverted
// the local change). The inverse action added below allows undoing the undo.
final repo = ref.read(emailRepositoryProvider);
final repo = _ref.read(emailRepositoryProvider);
for (final id in action.emailIds) {
// 1. Try to cancel the original change (if not started yet).
lib/core/sync/account_sync_manager.dart
-3
View File
@@ -1,7 +1,6 @@
import 'dart:async';
import 'package:enough_mail/enough_mail.dart' as imap;
import 'package:flutter/services.dart' show MissingPluginException;
import 'package:sharedinbox/core/models/account.dart';
import 'package:sharedinbox/core/models/email.dart' show SyncEmailsResult;
import 'package:sharedinbox/core/repositories/account_repository.dart';
@@ -295,7 +294,6 @@ class _AccountSync implements _SyncLoop {
bool _isPermanentError(Object e) {
if (isTlsConfigError(e)) return true;
if (e is MissingPluginException) return true;
final s = e.toString().toLowerCase();
// enough_mail doesn't always have typed exceptions for auth, so we check strings.
return s.contains('invalid credentials') ||
@@ -548,7 +546,6 @@ class _JmapAccountSync implements _SyncLoop {
bool _isPermanentError(Object e) {
if (isTlsConfigError(e)) return true;
if (e is MissingPluginException) return true;
final s = e.toString().toLowerCase();
return s.contains('invalid credentials') ||
s.contains('authentication failed') ||
lib/core/sync/background_sync.dart
+8 -21
View File
@@ -5,8 +5,6 @@ import 'dart:io';
import 'package:drift/drift.dart';
import 'package:drift/native.dart';
import 'package:enough_mail/enough_mail.dart' as imap;
import 'package:flutter/services.dart';
import 'package:flutter/widgets.dart';
import 'package:path/path.dart' as p;
import 'package:path_provider/path_provider.dart';
@@ -25,9 +23,6 @@ const _kResourceType = 'background_check';
@pragma('vm:entry-point')
void callbackDispatcher() {
// Required so that path_provider and other plugins are available in this
// background isolate (issue #192).
WidgetsFlutterBinding.ensureInitialized();
Workmanager().executeTask((_, __) async {
try {
await _doBackgroundSync();
@@ -37,22 +32,14 @@ void callbackDispatcher() {
}
Future<void> registerBackgroundSync() async {
try {
await Workmanager().initialize(callbackDispatcher);
await Workmanager().registerPeriodicTask(
_kTaskName,
_kTaskName,
frequency: const Duration(minutes: 15),
constraints: Constraints(networkType: NetworkType.connected),
existingWorkPolicy: ExistingPeriodicWorkPolicy.keep,
);
} on PlatformException {
// WorkManager channel unavailable on this device; background sync disabled.
} on MissingPluginException {
// Plugin not registered on this device; background sync disabled.
} catch (_) {
// Unexpected initialization failure; background sync disabled.
}
await Workmanager().initialize(callbackDispatcher);
await Workmanager().registerPeriodicTask(
_kTaskName,
_kTaskName,
frequency: const Duration(minutes: 15),
constraints: Constraints(networkType: NetworkType.connected),
existingWorkPolicy: ExistingPeriodicWorkPolicy.keep,
);
}
Future<void> _doBackgroundSync() async {
lib/data/db/database.dart
+9 -86
View File
@@ -3,7 +3,6 @@ import 'dart:io';
import 'package:drift/drift.dart';
import 'package:drift/native.dart';
import 'package:flutter/services.dart';
import 'package:path/path.dart' as p;
import 'package:path_provider/path_provider.dart';
@@ -579,96 +578,20 @@ String? _dbPath;
/// Call after WidgetsFlutterBinding.ensureInitialized() so that the
/// path_provider plugin channel is registered before the first DB access.
/// On some Android versions the Pigeon channel is not ready at the very
/// start of main(); if it fails, _openConnection() retries lazily.
Future<void> initDatabasePath() async {
try {
final dir = await getApplicationSupportDirectory();
_dbPath = p.join(dir.path, 'sharedinbox.db');
} on PlatformException {
// Channel not yet established; LazyDatabase will resolve the path
// on first access, after runApp() completes initialization.
}
final dir = await getApplicationSupportDirectory();
_dbPath = p.join(dir.path, 'sharedinbox.db');
}
/// Resolve the application support path, retrying on PlatformException to
/// survive a race where the path_provider Pigeon channel isn't ready yet.
Future<String> _resolveDatabasePath() async {
if (_dbPath != null) return _dbPath!;
// initDatabasePath() failed (channel not ready before runApp). Retry now
// that the engine is fully initialised, with back-off. Some slow Android
// devices need several seconds for the Pigeon channel to become ready
// (issue #166), so use a longer schedule than the initial attempt.
const delays = [200, 500, 1000, 2000, 4000];
for (final ms in delays) {
try {
final dir = await getApplicationSupportDirectory();
_dbPath = p.join(dir.path, 'sharedinbox.db');
return _dbPath!;
} on PlatformException {
await Future<void>.delayed(Duration(milliseconds: ms));
}
}
// On Android, path_provider can be permanently broken on some devices
// regardless of how long we wait (issue #192). Derive the path from
// /proc/self/cmdline (the Android process name == package name) without
// a platform channel as a last resort so the app can still open its DB.
if (Platform.isAndroid) {
final fallback = await _androidFallbackPath();
if (fallback != null) {
_dbPath = fallback;
return _dbPath!;
}
}
throw PlatformException(
code: 'channel-error',
message: 'path_provider unavailable after ${delays.length + 1} attempts — '
'cannot open database.',
);
}
// Reads /proc/self/cmdline to extract the Android package name, then
// constructs the standard app files-dir path without a platform channel.
// Returns null when the path cannot be determined or created.
Future<String?> _androidFallbackPath() async {
try {
final bytes = await File('/proc/self/cmdline').readAsBytes();
final end = bytes.indexOf(0);
final packageName = String.fromCharCodes(
end >= 0 ? bytes.sublist(0, end) : bytes,
).trim();
// A valid Android package name contains dots but not slashes.
if (packageName.isEmpty ||
!packageName.contains('.') ||
packageName.contains('/')) {
return null;
}
for (final base in [
'/data/user/0/$packageName/files',
'/data/data/$packageName/files',
]) {
try {
await Directory(base).create(recursive: true);
return p.join(base, 'sharedinbox.db');
} catch (_) {
continue;
}
}
return null;
} catch (_) {
return null;
}
}
// These functions are only called from unit tests (database_path_test.dart).
// They expose internals that cannot be reached via the public API.
Future<String> resolveDatabasePathForTesting() => _resolveDatabasePath();
void resetDatabasePathForTesting() => _dbPath = null;
Future<String?> androidFallbackPathForTesting() => _androidFallbackPath();
LazyDatabase _openConnection() {
return LazyDatabase(() async {
final file = File(await _resolveDatabasePath());
final file = File(
_dbPath ??
p.join(
(await getApplicationSupportDirectory()).path,
'sharedinbox.db',
),
);
return NativeDatabase.createInBackground(
file,
setup: (db) {
lib/di.dart
+12 -11
View File
@@ -11,7 +11,6 @@ import 'package:sharedinbox/core/repositories/email_repository.dart';
import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
import 'package:sharedinbox/core/repositories/search_history_repository.dart';
import 'package:sharedinbox/core/repositories/share_key_repository.dart';
import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
import 'package:sharedinbox/core/repositories/undo_repository.dart';
import 'package:sharedinbox/core/services/account_discovery_service.dart';
import 'package:sharedinbox/core/services/connection_test_service.dart';
@@ -102,7 +101,7 @@ final searchHistoryRepositoryProvider =
return SearchHistoryRepositoryImpl(ref.watch(dbProvider));
});
final syncLogRepositoryProvider = Provider<SyncLogRepository>((ref) {
final syncLogRepositoryProvider = Provider((ref) {
return SyncLogRepositoryImpl(ref.watch(dbProvider));
});
@@ -182,7 +181,11 @@ final manageSieveProbeServiceProvider = Provider<ManageSieveProbeService>((
});
final undoServiceProvider =
NotifierProvider<UndoService, List<UndoAction>>(UndoService.new);
StateNotifierProvider<UndoService, List<UndoAction>>((ref) {
final service = UndoService(ref);
unawaited(service.init());
return service;
});
/// Loads email header + body and marks the email as seen.
/// Owned by [EmailDetailScreen]; decouples data loading from the widget tree.
@@ -191,18 +194,16 @@ final emailDetailProvider = AsyncNotifierProvider.autoDispose
EmailDetailNotifier.new,
);
class EmailDetailNotifier extends AsyncNotifier<(Email?, EmailBody)> {
EmailDetailNotifier(this._emailId);
final String _emailId;
class EmailDetailNotifier
extends AutoDisposeFamilyAsyncNotifier<(Email?, EmailBody), String> {
@override
Future<(Email?, EmailBody)> build() async {
Future<(Email?, EmailBody)> build(String emailId) async {
final repo = ref.read(emailRepositoryProvider);
final results = await Future.wait([
repo.getEmail(_emailId),
repo.getEmailBody(_emailId),
repo.getEmail(emailId),
repo.getEmailBody(emailId),
]);
unawaited(repo.setFlag(_emailId, seen: true));
unawaited(repo.setFlag(emailId, seen: true));
return (results[0] as Email?, results[1] as EmailBody);
}
}
lib/main.dart
-1
View File
@@ -3,7 +3,6 @@ import 'dart:io';
import 'package:flutter/material.dart';
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:flutter_riverpod/misc.dart' show Override;
import 'package:sharedinbox/core/services/notification_service.dart';
import 'package:sharedinbox/core/sync/background_sync.dart';
lib/ui/screens/about_screen.dart
+2 -6
View File
@@ -3,7 +3,7 @@ import 'dart:io';
import 'package:flutter/material.dart';
import 'package:flutter/services.dart';
import 'package:flutter_markdown_plus/flutter_markdown_plus.dart';
import 'package:flutter_markdown/flutter_markdown.dart';
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:package_info_plus/package_info_plus.dart';
import 'package:sharedinbox/core/models/account.dart';
@@ -47,14 +47,10 @@ class _AboutScreenState extends ConsumerState<AboutScreen> {
final osName = _capitalize(Platform.operatingSystem);
final isDark = MediaQuery.of(context).platformBrightness == Brightness.dark;
final gitCommitLine = _gitHash.isNotEmpty
? '| Git Commit | [$_gitHash](https://codeberg.org/guettli/sharedinbox/commit/$_gitHash) |\n'
: '';
return '## [sharedinbox.de](https://sharedinbox.de)\n\n'
return '## sharedinbox.de\n\n'
'| Property | Value |\n'
'|----------|-------|\n'
'| App Version | $versionDisplay |\n'
'$gitCommitLine'
'| Platform | ${Platform.operatingSystem} |\n'
'| $osName Version | ${Platform.operatingSystemVersion} |\n'
'| Resolution | ${physW}x$physH px'
lib/ui/screens/account_receive_screen.dart
+8 -74
View File
@@ -32,15 +32,11 @@ enum _Step { generatingKey, showingPubKey, scanning, importing, done, error }
class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
_Step _step = _Step.generatingKey;
ShareKeyMaterial? _keyMaterial;
DateTime? _keyExpiresAt;
String? _pubKeyQr;
String? _errorMessage;
bool _scannerActive = false;
MobileScannerController? _scannerController;
// True when the scanner plugin fails to initialise at runtime (e.g.
// MissingPluginException on some Android builds).
bool _scannerFailed = false;
@override
void initState() {
@@ -65,7 +61,6 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
);
setState(() {
_keyMaterial = material;
_keyExpiresAt = DateTime.now().toUtc().add(const Duration(minutes: 20));
_pubKeyQr = qr;
_step = _Step.showingPubKey;
});
@@ -81,37 +76,8 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
setState(() {
_step = _Step.scanning;
_scannerActive = true;
_scannerController = MobileScannerController();
});
if (_cameraScanSupported()) {
unawaited(_initScanner());
}
}
// Pre-flight: probe the scanner's permission-state method to verify the
// plugin is registered. MissingPluginException is thrown on Android builds
// where the plugin is not linked (issue #204). All other exceptions mean
// the plugin exists but something else failed — the MobileScanner widget
// will surface those via its own error builder.
Future<void> _initScanner() async {
bool available = false;
try {
await const MethodChannel(
'dev.steenbakker.mobile_scanner/scanner/method',
).invokeMethod<int>('state');
available = true;
} on MissingPluginException {
// Plugin not registered on this device; text fallback will be shown.
} catch (_) {
// Plugin registered but state check failed; let the scanner widget
// handle it via its errorBuilder.
available = true;
}
if (!mounted) return;
if (available) {
setState(() => _scannerController = MobileScannerController());
} else {
setState(() => _scannerFailed = true);
}
}
Future<void> _onScanned(String rawValue) async {
@@ -278,7 +244,7 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
},
),
const SizedBox(height: 8),
_ExpiryHint(expiresAt: _keyExpiresAt!),
const _ExpiryHint(),
const SizedBox(height: 32),
if (_errorMessage != null) ...[
Text(
@@ -300,14 +266,11 @@ class _AccountReceiveScreenState extends ConsumerState<AccountReceiveScreen> {
}
Widget _buildScannerView(BuildContext context) {
// Fall back to text input when the platform has no camera support or when
// the scanner plugin fails to initialise at runtime (MissingPluginException).
if (!_cameraScanSupported() || _scannerFailed) {
// On platforms where the camera scanner is not available (Linux desktop),
// fall back to a text-input field.
if (!_cameraScanSupported()) {
return _buildTextFallbackView(context);
}
if (_scannerController == null) {
return const Center(child: CircularProgressIndicator());
}
return Stack(
children: [
@@ -408,37 +371,8 @@ bool _cameraScanSupported() =>
Platform.isMacOS ||
Platform.isWindows;
class _ExpiryHint extends StatefulWidget {
const _ExpiryHint({required this.expiresAt});
final DateTime expiresAt;
@override
State<_ExpiryHint> createState() => _ExpiryHintState();
}
class _ExpiryHintState extends State<_ExpiryHint> {
late Timer _timer;
@override
void initState() {
super.initState();
_timer = Timer.periodic(const Duration(seconds: 1), (_) => setState(() {}));
}
@override
void dispose() {
_timer.cancel();
super.dispose();
}
String _formatRemaining() {
final remaining = widget.expiresAt.difference(DateTime.now().toUtc());
if (remaining.isNegative) return 'expired';
final minutes = remaining.inMinutes;
final seconds = remaining.inSeconds % 60;
return '${minutes.toString().padLeft(2, '0')}:${seconds.toString().padLeft(2, '0')}';
}
class _ExpiryHint extends StatelessWidget {
const _ExpiryHint();
@override
Widget build(BuildContext context) {
@@ -448,7 +382,7 @@ class _ExpiryHintState extends State<_ExpiryHint> {
Icon(Icons.timer_outlined, size: 14, color: Colors.grey[600]),
const SizedBox(width: 4),
Text(
'This key expires in ${_formatRemaining()}',
'This key expires in 20 minutes',
style: TextStyle(fontSize: 12, color: Colors.grey[600]),
),
],
lib/ui/screens/account_send_screen.dart
+2 -35
View File
@@ -45,42 +45,12 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
bool _scannerActive = true;
MobileScannerController? _scannerController;
// True when the scanner plugin fails to initialise at runtime (e.g.
// MissingPluginException on some Android builds).
bool _scannerFailed = false;
@override
void initState() {
super.initState();
if (_cameraScanSupported()) {
unawaited(_initScanner());
}
}
// Pre-flight: probe the scanner's permission-state method to verify the
// plugin is registered. MissingPluginException is thrown on Android builds
// where the plugin is not linked (issue #204). All other exceptions mean
// the plugin exists but something else failed — the MobileScanner widget
// will surface those via its own error builder.
Future<void> _initScanner() async {
bool available = false;
try {
await const MethodChannel(
'dev.steenbakker.mobile_scanner/scanner/method',
).invokeMethod<int>('state');
available = true;
} on MissingPluginException {
// Plugin not registered on this device; text fallback will be shown.
} catch (_) {
// Plugin registered but state check failed; let the scanner widget
// handle it via its errorBuilder.
available = true;
}
if (!mounted) return;
if (available) {
setState(() => _scannerController = MobileScannerController());
} else {
setState(() => _scannerFailed = true);
_scannerController = MobileScannerController();
}
}
@@ -208,12 +178,9 @@ class _AccountSendScreenState extends ConsumerState<AccountSendScreen> {
}
Widget _buildScanStep(BuildContext context) {
if (!_cameraScanSupported() || _scannerFailed) {
if (!_cameraScanSupported()) {
return _buildTextFallbackView(context);
}
if (_scannerController == null) {
return const Center(child: CircularProgressIndicator());
}
return Stack(
children: [
lib/ui/screens/changelog_screen.dart
+1 -1
View File
@@ -2,7 +2,7 @@ import 'dart:async';
import 'package:flutter/material.dart';
import 'package:flutter/services.dart' show rootBundle;
import 'package:flutter_markdown_plus/flutter_markdown_plus.dart';
import 'package:flutter_markdown/flutter_markdown.dart';
import 'package:url_launcher/url_launcher.dart';
class ChangeLogScreen extends StatelessWidget {
lib/ui/screens/compose_screen.dart
+1 -1
View File
@@ -162,7 +162,7 @@ class _ComposeScreenState extends ConsumerState<ComposeScreen> {
}
Future<void> _pickAttachments() async {
final result = await FilePicker.pickFiles();
final result = await FilePicker.platform.pickFiles(allowMultiple: true);
if (result == null) return;
final files = result.files.where((f) => f.path != null).toList();
if (!mounted) return;
lib/ui/screens/crash_screen.dart
+88 -152
View File
@@ -1,6 +1,5 @@
import 'dart:io';
import 'package:flutter/foundation.dart';
import 'package:flutter/material.dart';
import 'package:flutter/services.dart';
import 'package:package_info_plus/package_info_plus.dart';
@@ -11,42 +10,21 @@ class CrashScreen extends StatelessWidget {
super.key,
required this.exception,
required this.stackTrace,
this.gitHash = const String.fromEnvironment('GIT_HASH'),
});
final Object exception;
final StackTrace? stackTrace;
final String gitHash;
String get _buildMode {
if (kDebugMode) return 'debug';
if (kProfileMode) return 'profile';
return 'release';
}
Future<String> _fetchVersion() async {
try {
final info = await PackageInfo.fromPlatform();
return '${info.version}+${info.buildNumber}';
} catch (_) {
return 'unknown';
}
}
Future<String> _buildReport() async {
final version = await _fetchVersion();
String version = 'unknown';
try {
final info = await PackageInfo.fromPlatform();
version = '${info.version}+${info.buildNumber}';
} catch (_) {}
final platform =
'${Platform.operatingSystem} ${Platform.operatingSystemVersion}';
final gitLine = gitHash.isNotEmpty
? 'Git Commit: [$gitHash](https://codeberg.org/guettli/sharedinbox/commit/$gitHash)\n'
: '';
final timestamp = DateTime.now().toUtc().toIso8601String();
return 'App Version: $version\n'
'Build Mode: $_buildMode\n'
'$gitLine'
'Platform: $platform\n'
'Dart: ${Platform.version}\n'
'Timestamp: $timestamp\n\n'
'Platform: $platform\n\n'
'Error:\n```\n$exception\n```\n\n'
'Stack Trace:\n```\n$stackTrace\n```';
}
@@ -59,57 +37,39 @@ class CrashScreen extends StatelessWidget {
title: const Text('Something went wrong'),
backgroundColor: Theme.of(context).colorScheme.errorContainer,
),
body: Builder(
builder: (ctx) => SingleChildScrollView(
padding: const EdgeInsets.all(16),
child: Column(
crossAxisAlignment: CrossAxisAlignment.stretch,
children: [
const Icon(Icons.error_outline, color: Colors.red, size: 64),
body: SingleChildScrollView(
padding: const EdgeInsets.all(16),
child: Column(
crossAxisAlignment: CrossAxisAlignment.stretch,
children: [
const Icon(Icons.error_outline, color: Colors.red, size: 64),
const SizedBox(height: 16),
Text(
'sharedinbox.de encountered an unexpected error and needs to be restarted.',
style: Theme.of(context).textTheme.titleMedium,
textAlign: TextAlign.center,
),
const SizedBox(height: 24),
const Text(
'Error Details:',
style: TextStyle(fontWeight: FontWeight.bold),
),
const SizedBox(height: 8),
Container(
padding: const EdgeInsets.all(12),
decoration: BoxDecoration(
color: Colors.grey[200],
borderRadius: BorderRadius.circular(8),
),
child: Text(
exception.toString(),
style: const TextStyle(fontFamily: 'monospace', fontSize: 12),
),
),
if (stackTrace != null) ...[
const SizedBox(height: 16),
Text(
'sharedinbox.de encountered an unexpected error and needs to be restarted.',
style: Theme.of(ctx).textTheme.titleMedium,
textAlign: TextAlign.center,
),
const SizedBox(height: 4),
FutureBuilder<String>(
future: _fetchVersion(),
builder: (context, snapshot) => Text(
'v${snapshot.data ?? ''}$_buildMode'
'${Platform.operatingSystem} ${Platform.operatingSystemVersion}',
style: Theme.of(context).textTheme.bodySmall?.copyWith(
color: Colors.grey[600],
),
textAlign: TextAlign.center,
),
),
if (gitHash.isNotEmpty) ...[
const SizedBox(height: 8),
GestureDetector(
onTap: () async {
final url = Uri.parse(
'https://codeberg.org/guettli/sharedinbox/commit/$gitHash',
);
await launchUrl(
url,
mode: LaunchMode.externalApplication,
);
},
child: Text(
'Git Commit: $gitHash',
style: const TextStyle(
fontSize: 12,
color: Colors.blue,
decoration: TextDecoration.underline,
),
textAlign: TextAlign.center,
),
),
],
const SizedBox(height: 24),
const Text(
'Error Details:',
'Stack Trace:',
style: TextStyle(fontWeight: FontWeight.bold),
),
const SizedBox(height: 8),
@@ -120,94 +80,70 @@ class CrashScreen extends StatelessWidget {
borderRadius: BorderRadius.circular(8),
),
child: Text(
exception.toString(),
stackTrace.toString(),
style: const TextStyle(
fontFamily: 'monospace',
fontSize: 12,
fontSize: 10,
),
),
),
if (stackTrace != null) ...[
const SizedBox(height: 16),
const Text(
'Stack Trace:',
style: TextStyle(fontWeight: FontWeight.bold),
),
const SizedBox(height: 8),
Container(
padding: const EdgeInsets.all(12),
decoration: BoxDecoration(
color: Colors.grey[200],
borderRadius: BorderRadius.circular(8),
),
child: Text(
stackTrace.toString(),
style: const TextStyle(
fontFamily: 'monospace',
fontSize: 10,
],
const SizedBox(height: 24),
FilledButton.icon(
onPressed: () async {
final data = await _buildReport();
await Clipboard.setData(ClipboardData(text: data));
if (context.mounted) {
ScaffoldMessenger.of(context).showSnackBar(
const SnackBar(
duration: Duration(seconds: 5),
content: Text('Copied to clipboard'),
),
),
),
],
const SizedBox(height: 24),
FilledButton.icon(
onPressed: () async {
final data = await _buildReport();
await Clipboard.setData(ClipboardData(text: data));
if (ctx.mounted) {
ScaffoldMessenger.of(ctx).showSnackBar(
);
}
},
icon: const Icon(Icons.copy),
label: const Text('Copy to Clipboard'),
),
const SizedBox(height: 16),
OutlinedButton.icon(
onPressed: () async {
final report = await _buildReport();
final title = Uri.encodeComponent(
'Crash: ${exception.toString().split('\n').first}',
);
final body = Uri.encodeComponent(report);
final url = Uri.parse(
'https://codeberg.org/guettli/sharedinbox/issues/new?title=$title&body=$body',
);
try {
final launched = await launchUrl(
url,
mode: LaunchMode.externalApplication,
);
if (!launched && context.mounted) {
ScaffoldMessenger.of(context).showSnackBar(
const SnackBar(
duration: Duration(seconds: 5),
content: Text('Copied to clipboard'),
content: Text('Could not open browser.'),
),
);
}
},
icon: const Icon(Icons.copy),
label: const Text('Copy to Clipboard'),
),
const SizedBox(height: 16),
OutlinedButton.icon(
onPressed: () async {
// URL carries only the title to avoid exceeding browser
// URL-length limits — long stack traces caused "create
// issue failed" (#146). Use "Copy to Clipboard" first to
// get the full report, then paste it in the issue body.
final title = Uri.encodeComponent(
'Crash: ${exception.toString().split('\n').first}',
);
final url = Uri.parse(
'https://codeberg.org/guettli/sharedinbox/issues/new?title=$title',
);
try {
final launched = await launchUrl(
url,
mode: LaunchMode.externalApplication,
} catch (e) {
if (context.mounted) {
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(
duration: const Duration(seconds: 5),
content: Text('Error: $e'),
),
);
if (!launched && ctx.mounted) {
ScaffoldMessenger.of(ctx).showSnackBar(
const SnackBar(
duration: Duration(seconds: 5),
content: Text('Could not open browser.'),
),
);
}
} catch (e) {
if (ctx.mounted) {
ScaffoldMessenger.of(ctx).showSnackBar(
SnackBar(
duration: const Duration(seconds: 5),
content: Text('Error: $e'),
),
);
}
}
},
icon: const Icon(Icons.bug_report),
label: const Text('Report Issue on Codeberg'),
),
],
),
}
},
icon: const Icon(Icons.bug_report),
label: const Text('Report Issue on Codeberg'),
),
],
),
),
),
lib/ui/screens/email_detail_screen.dart
+3 -3
View File
@@ -43,15 +43,15 @@ class _EmailDetailScreenState extends ConsumerState<EmailDetailScreen> {
ref.listen<AsyncValue<(Email?, EmailBody)>>(
emailDetailProvider(widget.emailId),
(_, next) {
final email = next.value?.$1;
final email = next.valueOrNull?.$1;
if (email != null && mounted) {
setState(() => _isFlagged = email.isFlagged);
}
},
);
final header = detail.value?.$1;
final body = detail.value?.$2;
final header = detail.valueOrNull?.$1;
final body = detail.valueOrNull?.$2;
final isMobile = defaultTargetPlatform == TargetPlatform.android ||
defaultTargetPlatform == TargetPlatform.iOS;
lib/ui/screens/email_list_screen.dart
+3 -3
View File
@@ -261,9 +261,9 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
Widget _buildSyncButton(EmailRepository emailRepo) {
final isSyncing =
ref.watch(isSyncingProvider(widget.accountId)).value ?? false;
ref.watch(isSyncingProvider(widget.accountId)).valueOrNull ?? false;
final hasError =
ref.watch(syncLastErrorProvider(widget.accountId)).value != null;
ref.watch(syncLastErrorProvider(widget.accountId)).valueOrNull != null;
return IconButton(
tooltip: isSyncing
? 'Syncing…'
@@ -350,7 +350,7 @@ class _EmailListScreenState extends ConsumerState<EmailListScreen> {
Widget _buildSyncErrorBanner() {
final errorAsync = ref.watch(syncLastErrorProvider(widget.accountId));
final error = errorAsync.value;
final error = errorAsync.valueOrNull;
if (error == null || error == _dismissedError) {
return const SizedBox.shrink();
}
pubspec.lock
-1345
View File
File diff suppressed because it is too large Load Diff
pubspec.yaml
+15 -16
View File
@@ -19,15 +19,15 @@ dependencies:
# Local persistence (offline-first)
drift: ^2.20.3
sqlite3_flutter_libs: ^0.6.0+eol
sqlite3_flutter_libs: ^0.5.28
path_provider: ^2.1.5
path: ^1.9.1
# State management
flutter_riverpod: ^3.0.0
flutter_riverpod: ^2.6.1
# Navigation
go_router: ^17.2.3
go_router: ^14.8.1
# Secure credential storage (passwords)
flutter_secure_storage: ^10.0.0
@@ -36,7 +36,7 @@ dependencies:
intl: any
# File picking (compose attachments) and opening downloaded attachments
file_picker: ^12.0.0-beta.4
file_picker: ^8.0.0
open_filex: ^4.6.0
mime: ^2.0.0
@@ -47,34 +47,34 @@ dependencies:
cryptography: ^2.7.0
# QR code scanning (camera) for secure account import
mobile_scanner: ^7.2.0
mobile_scanner: ^5.0.0
# HTML rendering for email bodies
webview_flutter: ^4.0.0
url_launcher: ^6.3.2
flutter_markdown_plus: ^1.0.7
flutter_markdown: ^0.7.7+1
# Background sync and local notifications
flutter_local_notifications: ^21.0.0
flutter_local_notifications: ^18.0.1
workmanager: ^0.9.0
# App version metadata for crash reports
package_info_plus: ^10.1.0
share_plus: ^13.1.0
package_info_plus: ^8.0.0
share_plus: ^12.0.2
dev_dependencies:
flutter_test:
sdk: flutter
integration_test:
sdk: flutter
flutter_lints: ^6.0.0
flutter_lints: ^4.0.0
drift_dev: ^2.20.3
build_runner: ^2.4.13
test: ^1.25.0
mockito: ^5.4.4
fake_async: ^1.3.1
path_provider_platform_interface: ^2.1.2
sqlite3: ^3.1.5 # used directly in test/unit/db_test_helper.dart; 3.x required for Database.close()
sqlite3: any # used directly in test/unit/db_test_helper.dart
url_launcher_platform_interface: ^2.3.2
plugin_platform_interface: ^2.1.8
@@ -84,8 +84,7 @@ flutter:
- assets/
dependency_overrides:
# path_provider_android 2.2.21 updated to Pigeon 26, which causes a
# channel-error on startup on some Android devices. 2.3+ uses package:jni
# (SIGSEGV in libdartjni.so FindClassUnchecked). Pin to 2.2.20 which uses
# stable Pigeon and is known to work reliably.
path_provider_android: ">=2.2.0 <2.2.21"
# path_provider_android 2.3+ uses package:jni which crashes on startup
# (SIGSEGV in libdartjni.so FindClassUnchecked — JNI env not ready when
# the Dart VM first calls into it). Pin to 2.2.x which uses Pigeon instead.
path_provider_android: ">=2.2.0 <2.3.0"
scripts/agent_loop.py
+96 -578
View File
@@ -7,91 +7,72 @@ Flow
1. Agent already running?
a. Age > 1 h → kill it, set its issue to State/Question, exit 1
b. Age ≤ 1 h → print status, exit 0 (let it keep working)
2. No agent running → extract pending_issue from state (if any), then check CI
a. pending_issue + open PR → check PR branch CI, merge/fix/wait as needed
b. Catch-up: orphaned issue-N-fix PRs with passing CI → merge them
c. Main CI running → save pending-ci state, exit 0
d. Main CI failed → start fix-CI agent (pushes fix to main), exit 0
e. Main CI ok + pending_issue → close the issue, exit 0 (dead code path —
section 2a always returns first)
f. Main CI ok (or no run yet) → find oldest Ready issue, start issue agent,
save state, exit 0
g. No Ready issues → print "nothing to do", exit 0
Issue agents must NOT close the issue themselves; the loop closes it after CI passes.
2. No agent running → check Codeberg CI
a. CI is running → print "CI running, waiting", exit 0
b. Latest CI failed → start fix-CI agent, save state, exit 0
c. CI ok (or no run yet) → find oldest Ready issue, start issue agent,
save state, exit 0
d. No Ready issues → print "nothing to do", exit 0
State file: ~/.sharedinbox-agent-state.json
{ "pid": 12345, "issue": 91,
"started_at": "2026-05-15T12:00:00+00:00", "type": "issue" }
Output is written to ~/.sharedinbox-agent-logs/<session>-<timestamp>.log.
To resume the Claude conversation, look up the session UUID first:
Resume the Claude conversation afterward with:
scripts/agent_loop.py list # shows NAME and UUID columns
claude --resume <uuid> # use the UUID, NOT the session name
claude --resume issue-91
"""
import argparse
import json
import os
import re
import shlex
import subprocess
import sys
from datetime import datetime, timezone
from pathlib import Path
# Cron runs with a minimal PATH; ensure Nix profile binaries (tea, claude) and ~/go/bin (fgj) are found.
os.environ["PATH"] = (
f"{Path.home()}/.nix-profile/bin"
f":{Path.home()}/go/bin"
f":{os.environ.get('PATH', '/usr/bin:/bin')}"
)
# Cron runs with a minimal PATH; ensure Nix profile binaries (tea, claude) are found.
os.environ["PATH"] = f"/home/si/.nix-profile/bin:{os.environ.get('PATH', '/usr/bin:/bin')}"
# ── configuration ─────────────────────────────────────────────────────────────
REPO = "guettli/sharedinbox"
REPO_URL = f"https://codeberg.org/{REPO}"
STATE_FILE = Path.home() / ".sharedinbox-agent-state.json"
MAX_AGENT_AGE_SECONDS = 3600 # 1 hour
CLAUDE_PROJECTS_DIR = Path.home() / ".claude" / "projects" / (
"-" + str(Path.home())[1:].replace("/", "-")
)
# Labels used by the workflow.
LABEL_READY = "State/Ready"
LABEL_IN_PROGRESS = "State/InProgress"
LABEL_QUESTION = "State/Question"
LABEL_PRIO_HIGH = "Prio/High"
# Only pick up issues filed by these accounts.
ALLOWED_ISSUE_AUTHORS = {"guettli", "guettlibot", "guettlibot2"}
# ── helpers ───────────────────────────────────────────────────────────────────
def _issue_url(number: int) -> str:
return f"{REPO_URL}/issues/{number}"
def _tea(*args: str) -> dict | list | None:
"""Run a `tea api` command and return parsed JSON, or None on 204."""
method = "GET"
path = args[0]
extra: list[str] = []
body_str = None
i = 1
while i < len(args):
if args[i] in ("--method", "-X") and i + 1 < len(args):
method = args[i + 1]
i += 2
elif args[i] in ("--data", "-d") and i + 1 < len(args):
body_str = args[i + 1]
i += 2
else:
extra.append(args[i])
i += 1
def _ci_run_url(run_id: int) -> str:
return f"{REPO_URL}/actions/runs/{run_id}"
cmd = ["tea", "api", "--repo", REPO, "-X", method]
if body_str:
cmd += ["-d", body_str]
cmd.append(path)
def _fgj(*args: str) -> None:
"""Run a fgj command, raising on failure."""
cmd = ["fgj", "--hostname", "codeberg.org", *args]
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode != 0:
raise RuntimeError(
f"fgj {' '.join(args)} failed:\n{result.stderr or result.stdout}"
)
def _tea_get(path: str) -> dict | list | None:
"""Run a tea api GET and return parsed JSON. Only use for reads — tea PATCH/PUT
silently fails (exits 0) when unauthenticated, so writes must go via fgj."""
cmd = ["tea", "api", path]
result = subprocess.run(cmd, capture_output=True, text=True)
if result.returncode != 0:
raise RuntimeError(
@@ -100,146 +81,48 @@ def _tea_get(path: str) -> dict | list | None:
out = result.stdout.strip()
if not out:
return None
data = json.loads(out)
if isinstance(data, dict) and "message" in data and "url" in data:
raise RuntimeError(f"tea api {path} returned error: {data['message']}")
return data
return json.loads(out)
def _set_labels(issue: int, add: list[str], remove: list[str]) -> None:
"""Add/remove labels on an issue via fgj."""
cmd = ["issue", "edit", str(issue), "--repo", REPO]
for label in add:
cmd += ["--add-label", label]
for label in remove:
cmd += ["--remove-label", label]
_fgj(*cmd)
"""Replace labels on an issue via the tea CLI."""
current = _tea(f"repos/{REPO}/issues/{issue}/labels") or []
current_names = {lbl["name"] for lbl in current}
all_labels = _tea(f"repos/{REPO}/labels") or []
name_to_id = {lbl["name"]: lbl["id"] for lbl in all_labels}
desired = (current_names - set(remove)) | set(add)
ids = [name_to_id[n] for n in desired if n in name_to_id]
_tea(
f"repos/{REPO}/issues/{issue}/labels",
"-X", "PUT",
"-d", json.dumps({"labels": ids}),
)
def _close_issue(issue: int) -> None:
_fgj("issue", "close", str(issue), "--repo", REPO)
_set_labels(issue, add=[], remove=[LABEL_IN_PROGRESS])
def _comment_issue(issue: int, body: str) -> None:
_fgj("issue", "comment", str(issue), "--repo", REPO, "--body", body)
_tea(
f"repos/{REPO}/issues/{issue}",
"-X", "PATCH",
"-d", json.dumps({"state": "closed"}),
)
def _ready_issues() -> list[dict]:
"""Return open issues with State/Ready, Prio/High first, then oldest."""
result = subprocess.run(
["fgj", "--hostname", "codeberg.org", "issue", "list",
"--repo", REPO, "--state", "open", "--json"],
capture_output=True, text=True, check=True,
)
data = json.loads(result.stdout) if result.stdout.strip() else []
"""Return open issues with State/Ready, oldest first."""
data = _tea(f"repos/{REPO}/issues?state=open&type=issues&limit=50") or []
ready = [
i for i in data
if any(lbl["name"] == LABEL_READY for lbl in i.get("labels", []))
and i.get("user", {}).get("login", "") in ALLOWED_ISSUE_AUTHORS
]
ready.sort(key=lambda i: (
0 if any(lbl["name"] == LABEL_PRIO_HIGH for lbl in i.get("labels", [])) else 1,
i["number"],
))
ready.sort(key=lambda i: i["number"])
return ready
def _latest_main_ci_run() -> dict | None:
"""Return the latest ci.yml run on the main branch.
Forgejo reports scheduled/dispatch workflows (e.g. deploy.yml) with
event=push and prettyref=main, so filtering by event alone is not enough.
We also require workflow_id == "ci.yml".
"""
data = _tea_get(f"repos/{REPO}/actions/runs?limit=20")
def _latest_ci_run() -> dict | None:
data = _tea(f"repos/{REPO}/actions/runs?limit=1")
runs = (data or {}).get("workflow_runs", [])
for run in runs:
if (run.get("event") == "push"
and run.get("prettyref") == "main"
and run.get("workflow_id") == "ci.yml"):
return run
return None
def _latest_ci_run_for_branch(branch: str) -> dict | None:
"""Return the latest CI run for a specific branch, or None.
Forgejo's workflow_runs API has no top-level head_branch field.
For push events the branch is in ``prettyref``; for pull_request
events it lives inside ``event_payload["pull_request"]["head"]["ref"]``.
"""
data = _tea_get(f"repos/{REPO}/actions/runs?limit=20")
runs = (data or {}).get("workflow_runs", [])
for run in runs:
if run.get("event") == "pull_request":
try:
payload = json.loads(run.get("event_payload", "{}"))
if payload.get("pull_request", {}).get("head", {}).get("ref") == branch:
return run
except (json.JSONDecodeError, AttributeError):
pass
elif run.get("event") == "push":
if run.get("prettyref") == branch:
return run
return None
def _find_pr_for_branch(branch: str, state: str = "open") -> dict | None:
"""Return the first PR in the given state whose head branch matches, or None."""
result = subprocess.run(
["fgj", "--hostname", "codeberg.org", "pr", "list",
"--repo", REPO, "--state", state, "--json"],
capture_output=True, text=True,
)
if result.returncode != 0 or not result.stdout.strip():
return None
prs = json.loads(result.stdout)
for pr in prs:
head = pr.get("head", {})
ref = head.get("ref") or head.get("label", "").split(":")[-1]
if ref == branch:
return pr
return None
def _open_issue_prs() -> list[dict]:
"""Return all open PRs with issue-{N}-fix branches, oldest-first."""
result = subprocess.run(
["fgj", "--hostname", "codeberg.org", "pr", "list",
"--repo", REPO, "--state", "open", "--json"],
capture_output=True, text=True,
)
if result.returncode != 0 or not result.stdout.strip():
return []
prs = json.loads(result.stdout)
issue_prs = []
for pr in prs:
head = pr.get("head", {})
ref = head.get("ref") or head.get("label", "").split(":")[-1]
if re.match(r"^issue-\d+-fix$", ref or ""):
issue_prs.append(pr)
issue_prs.sort(key=lambda p: p["number"])
return issue_prs
def _latest_ci_run_for_pr(pr_number: int) -> dict | None:
"""Return the latest CI run triggered by a pull_request event for the given PR number."""
data = _tea_get(f"repos/{REPO}/actions/runs?event=pull_request&limit=50")
runs = (data or {}).get("workflow_runs", [])
for run in runs:
try:
payload = json.loads(run.get("event_payload", "{}"))
if payload.get("pull_request", {}).get("number") == pr_number:
return run
except (json.JSONDecodeError, AttributeError):
pass
return None
def _merge_pr(pr_number: int) -> None:
"""Squash-merge a PR via fgj."""
_fgj("pr", "merge", str(pr_number), "--repo", REPO, "--merge-method", "squash")
return runs[0] if runs else None
# ── state file ────────────────────────────────────────────────────────────────
@@ -254,63 +137,35 @@ def _read_state() -> dict | None:
return None
def _write_state(pid: int | None, issue: int | None, kind: str, issue_title: str | None = None, session_name: str | None = None, ci_run_id: int | None = None) -> None:
data: dict = {
"pid": pid,
"issue": issue,
"started_at": datetime.now(timezone.utc).isoformat(),
"type": kind,
}
if issue_title is not None:
data["issue_title"] = issue_title
if session_name is not None:
data["session_name"] = session_name
if ci_run_id is not None:
data["ci_run_id_at_start"] = ci_run_id
STATE_FILE.write_text(json.dumps(data, indent=2))
STATE_FILE.chmod(0o600)
def _write_state(pid: int, issue: int | None, kind: str) -> None:
STATE_FILE.write_text(
json.dumps(
{
"pid": pid,
"issue": issue,
"started_at": datetime.now(timezone.utc).isoformat(),
"type": kind,
},
indent=2,
)
)
def _clear_state() -> None:
STATE_FILE.unlink(missing_ok=True)
def _find_session_uuid(session_name: str) -> str | None:
"""Return the Claude session UUID for *session_name*, or None if not found.
Claude stores session metadata in JSONL files; the first entry with
type=="agent-name" contains both the human-readable name and the UUID
needed for ``claude --resume <uuid>``.
"""
if not CLAUDE_PROJECTS_DIR.exists():
return None
for jsonl in CLAUDE_PROJECTS_DIR.glob("*.jsonl"):
try:
with jsonl.open() as fh:
for line in fh:
line = line.strip()
if not line:
continue
d = json.loads(line)
if d.get("type") == "agent-name" and d.get("agentName") == session_name:
return d.get("sessionId")
except Exception:
continue
return None
# ── agent launcher ────────────────────────────────────────────────────────────
def _start_agent(prompt: str, session_name: str) -> int:
"""Start Claude Code as a detached background process and return its PID."""
log_dir = Path.home() / ".sharedinbox-agent-logs"
log_dir.mkdir(mode=0o700, exist_ok=True)
log_dir.chmod(0o700) # fix permissions if dir already existed with wrong mode
log_dir.mkdir(exist_ok=True)
ts = datetime.now().strftime("%Y%m%dT%H%M%S")
log_file = log_dir / f"{session_name}-{ts}.log"
log_fh = open(log_file, "w", opener=lambda p, f: os.open(p, f, 0o600))
log_fh = open(log_file, "w")
proc = subprocess.Popen(
[
"claude",
@@ -328,8 +183,8 @@ def _start_agent(prompt: str, session_name: str) -> int:
proc.stdin.write(b"\n")
proc.stdin.close()
print(f"Started agent pid={proc.pid}, log={log_file}")
print(f" Resume: run 'scripts/agent_loop.py list' to get the UUID-based resume command")
print(f"[agent_loop] Started agent pid={proc.pid}, log={log_file}")
print(f"[agent_loop] Resume: claude --resume {shlex.quote(session_name)}")
return proc.pid
@@ -347,15 +202,6 @@ def _agent_alive(state: dict) -> bool:
return True
def _is_claude_process(pid: int) -> bool:
"""Return True if pid's comm name indicates it is a claude/node process."""
try:
comm = Path(f"/proc/{pid}/comm").read_text().strip()
return comm in ("claude", "node")
except OSError:
return False
def _agent_age_seconds(state: dict) -> float:
"""Seconds elapsed since the agent was launched, from the state file timestamp."""
try:
@@ -365,92 +211,20 @@ def _agent_age_seconds(state: dict) -> float:
return 0.0
def _git_summary() -> str:
"""Return a one-line summary of the latest commit and whether it's been pushed."""
try:
commit = subprocess.run(
["git", "log", "--oneline", "-1"],
capture_output=True, text=True, check=True,
).stdout.strip()
ahead = subprocess.run(
["git", "rev-list", "--count", "HEAD@{u}..HEAD"],
capture_output=True, text=True,
)
if ahead.returncode == 0 and ahead.stdout.strip() != "0":
push_status = f"not pushed ({ahead.stdout.strip()} ahead)"
elif ahead.returncode == 0:
push_status = "pushed"
else:
push_status = "no upstream"
return f"{commit} [{push_status}]"
except Exception:
return ""
def _kill_agent(state: dict) -> None:
"""Forcefully stop the running agent."""
pid = state.get("pid")
if pid and _is_claude_process(pid):
if pid:
try:
os.kill(pid, 9)
except ProcessLookupError:
pass
elif pid:
print(f"WARNING: pid {pid} is not a claude process — skipping kill to avoid hitting recycled PID")
# ── subcommands ───────────────────────────────────────────────────────────────
def cmd_list() -> int:
"""List recent agent-loop sessions, newest first."""
if not CLAUDE_PROJECTS_DIR.exists():
print(f"No sessions found (directory missing: {CLAUDE_PROJECTS_DIR})")
return 0
sessions = []
for jsonl in CLAUDE_PROJECTS_DIR.glob("*.jsonl"):
agent_name = None
session_id = None
try:
with jsonl.open() as fh:
for line in fh:
line = line.strip()
if not line:
continue
d = json.loads(line)
if d.get("type") == "agent-name":
agent_name = d.get("agentName")
session_id = d.get("sessionId")
break
except Exception:
continue
if agent_name:
sessions.append((jsonl.stat().st_mtime, agent_name, session_id))
if not sessions:
print("No agent sessions found.")
return 0
sessions.sort(reverse=True)
total = len(sessions)
print(f" {'DATE':<16} {'NAME':<20} UUID (use with: claude --resume <uuid>)")
print(f" {'-'*16} {'-'*20} {'-'*36}")
for mtime, name, sid in sessions[:20]:
ts = datetime.fromtimestamp(mtime).strftime("%Y-%m-%d %H:%M")
print(f" {ts:<16} {name:<20} {sid}")
if total > 20:
print(f" ... ({total - 20} more)")
return 0
# ── main flow ─────────────────────────────────────────────────────────────────
def _run_loop() -> int:
now = datetime.now(timezone.utc)
print(f"---------------------- Starting {now.strftime('%Y-%m-%d %H:%MZ')}")
def main() -> int:
state = _read_state()
# ── 1. Agent already running? ─────────────────────────────────────────────
@@ -460,288 +234,53 @@ def _run_loop() -> int:
kind = state.get("type", "issue")
pid = state.get("pid", "?")
issue_title = state.get("issue_title", "")
issue_ref = (
f"{_issue_url(issue)} {issue_title}".strip() if issue else str(issue)
)
if age > MAX_AGENT_AGE_SECONDS:
print(
f"Agent pid={pid!r} ({issue_ref}) "
f"[agent_loop] Agent pid={pid!r} (issue #{issue}) "
f"has been running for {age/60:.0f} min — aborting."
)
_kill_agent(state)
_clear_state()
if issue:
_set_labels(issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
_comment_issue(
issue,
f"Agent (pid {pid}) was killed after running for {age/60:.0f} min "
f"(limit: {MAX_AGENT_AGE_SECONDS//60} min). "
"Please investigate and resume manually.",
)
print(f"Set {_issue_url(issue)} to State/Question.")
print(f"[agent_loop] Set issue #{issue} to State/Question.")
return 1
session_name = state.get("session_name")
uuid = _find_session_uuid(session_name) if session_name else None
if uuid:
resume_cmd = f"claude --resume {shlex.quote(uuid)}"
elif session_name:
resume_cmd = f"claude --resume <uuid> # run: scripts/agent_loop.py list"
else:
resume_cmd = ""
git_info = _git_summary()
parts = [
f"Agent pid={pid!r} ({kind}, {issue_ref}) still running ({age/60:.0f} min). Waiting.",
]
if resume_cmd:
parts.append(f" Resume: {resume_cmd}")
if git_info:
parts.append(f" Commit: {git_info}")
print("\n".join(parts))
print(
f"[agent_loop] Agent pid={pid!r} ({kind}, issue #{issue}) "
f"still running ({age/60:.0f} min). Waiting."
)
return 0
# Agent not running (or no state) — extract any pending issue, then clean up.
pending_issue: int | None = None
ci_run_id_at_start: int | None = None
# Agent not running (or no state) — clean up stale state.
if state:
pending_issue = state.get("issue")
ci_run_id_at_start = state.get("ci_run_id_at_start")
_clear_state()
# ── 2. Check for a PR opened by the agent ────────────────────────────────
if pending_issue:
branch = f"issue-{pending_issue}-fix"
pr = _find_pr_for_branch(branch)
if pr:
pr_number = pr["number"]
pr_url = f"{REPO_URL}/pulls/{pr_number}"
print(f"Found PR #{pr_number} ({pr_url}) for issue #{pending_issue}.")
pr_run = _latest_ci_run_for_branch(branch)
if pr_run and pr_run.get("status") == "running":
print(f"CI run {_ci_run_url(pr_run['id'])} on branch {branch!r} is running. Waiting.")
_write_state(None, pending_issue, "pending-ci")
return 0
if pr_run and pr_run.get("status") in ("failure", "error"):
print(f"CI run {_ci_run_url(pr_run['id'])} on branch {branch!r} failed — starting fix agent.")
prompt = (
f"The Codeberg CI for guettli/sharedinbox just failed on branch {branch!r} "
f"(PR #{pr_number}). "
f"CI run: {_ci_run_url(pr_run['id'])}. "
"Fetch the CI logs using the task ci-logs command or the Codeberg API. "
"Identify the failure, fix it, commit, and push to the same branch. "
"Do NOT push to main, do NOT close the issue, do NOT merge the PR. "
"Do NOT reference any issue numbers in commit messages "
"(no 'closes #N', 'fixes #N', or similar) — auto-closing the wrong "
"issue via a commit message would be a bug. "
"Verify locally with 'task check' before pushing. "
"When done, stop."
)
session_name = f"ci-fix-pr-{pr_number}"
pid = _start_agent(prompt, session_name)
_write_state(pid, pending_issue, "ci-fix", session_name=session_name)
return 0
if not pr_run:
# No CI run yet — might be that CI hasn't triggered yet.
# Wait up to 15 min before giving up.
pr_created_at = pr.get("created_at", "")
try:
created = datetime.fromisoformat(pr_created_at.replace("Z", "+00:00"))
age_s = (datetime.now(timezone.utc) - created).total_seconds()
except Exception:
age_s = 999999
if age_s < 900:
print(
f"PR #{pr_number} has no CI run yet (created {age_s/60:.0f} min ago). Waiting."
)
_write_state(None, pending_issue, "pending-ci")
return 0
print(
f"No CI run for branch {branch!r} after {age_s/60:.0f} min — "
"agent may not have pushed. Setting to State/Question."
)
_set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
_comment_issue(
pending_issue,
f"Agent opened PR #{pr_number} but no CI run appeared on branch `{branch}` "
f"after {age_s/60:.0f} min. The agent may not have pushed any commits. "
"Please investigate and resume manually.",
)
return 0
# CI passed on the PR branch — squash-merge and close.
print(f"CI passed {_ci_run_url(pr_run['id'])} on branch {branch!r} — merging PR #{pr_number}.")
try:
_merge_pr(pr_number)
except RuntimeError as e:
print(f"Merge of PR #{pr_number} failed: {e} — setting to State/Question.")
_set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
_comment_issue(
pending_issue,
f"Automatic merge of PR #{pr_number} failed: {e}. Please merge manually.",
)
return 0
if _find_pr_for_branch(branch):
print(f"PR #{pr_number} is still open after merge attempt — setting to State/Question.")
_set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
_comment_issue(
pending_issue,
f"Automatic merge of PR #{pr_number} failed (PR is still open after the "
"merge command). Please merge manually.",
)
return 0
_close_issue(pending_issue)
print(f"Merged PR #{pr_number} and closed {_issue_url(pending_issue)}.")
return 0
# No open PR — check if it was already merged.
merged_pr = _find_pr_for_branch(branch, state="closed")
if merged_pr and merged_pr.get("merged"):
print(f"PR for branch {branch!r} was already merged — closing issue #{pending_issue}.")
_close_issue(pending_issue)
return 0
# No open or merged PR — the agent may not have created one, or it was
# closed without merging (the bug this block was added to catch).
print(
f"No open or merged PR found for branch {branch!r} "
f"(issue #{pending_issue}) — setting to State/Question."
)
_set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
_comment_issue(
pending_issue,
f"Agent finished but no open or merged PR was found for branch `{branch}`. "
"Please investigate and resume manually.",
)
return 0
# ── 2b. Catch-up: scan open issue-N-fix PRs orphaned by a cleared state ─────
# This handles PRs whose CI has passed but were never merged because the
# state file was cleared (loop restart, killed agent, manual intervention).
open_prs = _open_issue_prs()
for pr in open_prs:
pr_number = pr["number"]
pr_url = f"{REPO_URL}/pulls/{pr_number}"
head = pr.get("head", {})
branch = head.get("ref") or head.get("label", "").split(":")[-1]
m = re.match(r"^issue-(\d+)-fix$", branch or "")
issue_num = int(m.group(1)) if m else None
pr_run = _latest_ci_run_for_pr(pr_number)
if pr_run and pr_run.get("status") == "running":
print(f"Catch-up: CI {_ci_run_url(pr_run['id'])} on PR #{pr_number} still running. Waiting.")
_write_state(None, issue_num, "pending-ci")
return 0
if pr_run and pr_run.get("status") in ("failure", "error"):
print(f"Catch-up: CI {_ci_run_url(pr_run['id'])} on PR #{pr_number} failed — skipping.")
continue
if pr_run and pr_run.get("status") == "success":
print(f"Catch-up: CI passed on PR #{pr_number} ({pr_url}) — merging.")
try:
_merge_pr(pr_number)
except RuntimeError as e:
print(f"Catch-up: merge of PR #{pr_number} failed: {e} — skipping.")
continue
# Verify the merge actually happened; fgj can exit 0 without merging
# (e.g. branch-protection rules not satisfied).
if _find_pr_for_branch(branch):
print(
f"Catch-up: PR #{pr_number} is still open after merge attempt "
"— skipping to avoid infinite retry."
)
if issue_num:
_set_labels(issue_num, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
_comment_issue(
issue_num,
f"Automatic merge of PR #{pr_number} failed (PR is still open "
"after the merge command). Please merge manually.",
)
continue
if issue_num:
_close_issue(issue_num)
print(f"Merged PR #{pr_number} and closed issue #{issue_num}.")
else:
print(f"Merged PR #{pr_number}.")
return 0
# ── 3. Global CI check (main branch only) ────────────────────────────────
run = _latest_main_ci_run()
# ── 2. Check CI ───────────────────────────────────────────────────────────
run = _latest_ci_run()
if run and run.get("status") == "running":
print(f"CI run {_ci_run_url(run['id'])} is still running. Waiting.")
if pending_issue:
_write_state(None, pending_issue, "pending-ci")
print(f"[agent_loop] CI run {run['id']} is still running. Waiting.")
return 0
if run and run.get("status") in ("failure", "error"):
# Guard: if the same main CI run has been failing since the last ci-fix
# agent started, that agent pushed to a branch instead of main. Before
# spawning another agent, check whether any CI run is currently in
# progress (the branch run) and wait if so.
if ci_run_id_at_start is not None and run["id"] == ci_run_id_at_start:
check = _tea_get(f"repos/{REPO}/actions/runs?limit=5")
in_flight = [
r for r in (check or {}).get("workflow_runs", [])
if r.get("status") == "running"
]
if in_flight:
print(
f"Main CI still shows the same failed run {run['id']}; "
f"{_ci_run_url(in_flight[0]['id'])} is running "
"(previous ci-fix pushed to a branch). Waiting."
)
return 0
print(f"CI run {_ci_run_url(run['id'])} failed — starting fix agent.")
print(f"[agent_loop] CI run {run['id']} failed — starting fix agent.")
prompt = (
"The Codeberg CI for guettli/sharedinbox just failed on the main branch. "
"The Codeberg CI for guettli/sharedinbox just failed. "
f"The CI run ID is {run['id']}. "
"Fetch the CI logs using the task ci-logs command or the Codeberg API. "
"Identify the failure, fix it, commit, and push directly to main. "
"Identify the failure, fix it, commit, and push. "
"Verify locally with 'task check' before pushing. "
"Do NOT reference any issue numbers in commit messages "
"(no 'closes #N', 'fixes #N', or similar) — this is a CI fix, "
"not an issue fix, and auto-closing an issue via a commit message would be a bug. "
"Do NOT close any issues. "
"When done, stop."
)
pid = _start_agent(prompt, "ci-fix")
_write_state(pid, pending_issue, "ci-fix", session_name="ci-fix",
ci_run_id=run["id"] if run else None)
_write_state(pid, None, "ci-fix")
return 0
# CI is ok (or no run).
if pending_issue:
latest_run_id = run["id"] if run else None
if ci_run_id_at_start is not None and latest_run_id == ci_run_id_at_start:
# CI run hasn't changed since the agent was launched → agent pushed nothing
# (likely crashed or hit a rate limit).
print(
f"No new CI run since agent started for {_issue_url(pending_issue)} "
f"(run id {latest_run_id}) — agent did nothing. Setting to State/Question."
)
_set_labels(pending_issue, add=[LABEL_QUESTION], remove=[LABEL_IN_PROGRESS])
_comment_issue(
pending_issue,
"The agent exited without pushing any changes (no new CI run was triggered). "
"This usually means the agent hit a rate limit or crashed at startup. "
"The issue has been set to State/Question — please review the agent log and retry.",
)
return 0
_close_issue(pending_issue)
ci_run_part = f" {_ci_run_url(run['id'])}" if run else ""
print(f"CI passed{ci_run_part} — closed {_issue_url(pending_issue)}.")
return 0
# Find a Ready issue.
# CI is ok (or no run) — find a Ready issue.
issues = _ready_issues()
if not issues:
print("No issues with State/Ready. Nothing to do.")
print("[agent_loop] No issues with State/Ready. Nothing to do.")
return 0
issue = issues[0]
@@ -749,7 +288,7 @@ def _run_loop() -> int:
issue_title = issue["title"]
issue_body = issue.get("body", "")
print(f"Starting agent for {_issue_url(issue_number)} {issue_title}")
print(f"[agent_loop] Starting agent for issue #{issue_number}: {issue_title}")
# Mark InProgress before starting so the next cron tick sees it even if
# the agent hasn't had time to do so yet.
@@ -771,38 +310,17 @@ Instructions:
- Implement the required change, following the existing code style.
- Write or update tests as appropriate.
- Run 'task check' locally and fix any failures before committing.
- Commit with a descriptive message and include (#{issue_number}) in the title,
e.g. "feat: description (#{issue_number})".
Do NOT use "Closes #N" or "Fixes #N" keywords — the loop closes the issue
after CI passes; using those keywords would close it prematurely or wrongly.
- Create a branch named `issue-{issue_number}-fix`, push your changes there, and open a PR against main:
git checkout -b issue-{issue_number}-fix
git push -u origin issue-{issue_number}-fix
fgj pr create --title "fix: <short description> (#{issue_number})" \\
--head issue-{issue_number}-fix --base main --repo {REPO}
- Do NOT push to main, do NOT close the issue, and do NOT merge the PR — the loop handles that after CI passes.
- Commit with a descriptive message referencing the issue number (e.g. "feat: ... (#{issue_number})").
- Push to origin/main.
- If you hit a blocker you cannot resolve, set the issue label to State/Question
and stop (do NOT close the issue).
- When the work is pushed and the PR is opened, stop. The loop will merge the PR and close the issue after CI passes.
- When the work is done and pushed, close the issue and stop.
"""
session_name = f"issue-{issue_number}"
pid = _start_agent(prompt, session_name)
current_run_id = run["id"] if run else None
_write_state(pid, issue_number, "issue", issue_title, session_name=session_name, ci_run_id=current_run_id)
pid = _start_agent(prompt, f"issue-{issue_number}")
_write_state(pid, issue_number, "issue")
return 0
def main() -> int:
parser = argparse.ArgumentParser(prog="agent_loop")
sub = parser.add_subparsers(dest="cmd")
sub.add_parser("list", help="List recent agent sessions")
args = parser.parse_args()
if args.cmd == "list":
return cmd_list()
return _run_loop()
if __name__ == "__main__":
sys.exit(main())
scripts/check_mocks_fresh.sh
+1 -8
View File
@@ -5,14 +5,7 @@ set -euo pipefail
cd "$(git rev-parse --show-toplevel)"
echo "check-mocks: regenerating..."
tmp=$(mktemp)
trap 'rm -f "$tmp"' EXIT
if fvm flutter pub run build_runner build --delete-conflicting-outputs >"$tmp" 2>&1; then
grep -vE '^\[' "$tmp" || true
else
cat "$tmp"
exit 1
fi
fvm flutter pub run build_runner build --delete-conflicting-outputs 2>&1
CHANGED=$(git diff --name-only -- '*.mocks.dart')
if [ -n "$CHANGED" ]; then
scripts/deploy_playstore.py
+53 -51
View File
@@ -6,49 +6,71 @@ import os
import sys
import time
import requests
from google.auth.transport.requests import AuthorizedSession
from google.oauth2 import service_account
PACKAGE_NAME = "de.sharedinbox.mua"
AAB_PATH = "build/app/outputs/bundle/release/app-release.aab"
TRACK = "internal"
_TIMEOUT = 300 # seconds — AAB uploads can be large
_MAX_UPLOAD_ATTEMPTS = 3
_BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
_UPLOAD_BASE = "https://androidpublisher.googleapis.com/upload/androidpublisher/v3/applications"
_MAX_UPLOAD_ATTEMPTS = 3
def _upload_aab_resumable(session, package, edit_id, aab_path):
"""Upload AAB using the Google resumable upload protocol."""
file_size = os.path.getsize(aab_path)
init_url = f"{_UPLOAD_BASE}/{package}/edits/{edit_id}/bundles"
def _make_session(config_json: str) -> AuthorizedSession:
creds = service_account.Credentials.from_service_account_info(
json.loads(config_json),
scopes=["https://www.googleapis.com/auth/androidpublisher"],
)
return AuthorizedSession(creds)
def _upload_aab(session: AuthorizedSession, edit_id: str) -> int:
"""Resumable upload of the AAB. Returns the version code."""
file_size = os.path.getsize(AAB_PATH)
# Step 1: initiate the resumable upload session
init_resp = session.post(
init_url,
f"{_UPLOAD_BASE}/{PACKAGE_NAME}/edits/{edit_id}/bundles",
params={"uploadType": "resumable"},
headers={
"X-Upload-Content-Type": "application/octet-stream",
"X-Upload-Content-Length": str(file_size),
"Content-Length": "0",
},
timeout=60,
json={},
timeout=30,
)
init_resp.raise_for_status()
upload_url = init_resp.headers["Location"]
# Step 2: upload the file in a single PUT to the session URI
with open(aab_path, "rb") as f:
upload_resp = session.put(
upload_url,
data=f,
headers={
"Content-Type": "application/octet-stream",
"Content-Length": str(file_size),
},
timeout=600,
)
upload_resp.raise_for_status()
return upload_resp.json()
with open(AAB_PATH, "rb") as f:
data = f.read()
last_exc = None
for attempt in range(_MAX_UPLOAD_ATTEMPTS):
try:
upload_resp = session.put(
upload_url,
data=data,
headers={
"Content-Type": "application/octet-stream",
"Content-Length": str(file_size),
},
timeout=_TIMEOUT,
)
upload_resp.raise_for_status()
return upload_resp.json()["versionCode"]
except requests.HTTPError as exc:
last_exc = exc
if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
delay = 10 * (2 ** attempt)
print(f"Upload attempt {attempt + 1} failed ({exc}), retrying in {delay}s…")
time.sleep(delay)
raise RuntimeError(
f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
) from last_exc
def main():
@@ -61,45 +83,25 @@ def main():
print(f"Error: AAB not found at {AAB_PATH}", file=sys.stderr)
sys.exit(1)
creds = service_account.Credentials.from_service_account_info(
json.loads(config_json),
scopes=["https://www.googleapis.com/auth/androidpublisher"],
)
session = AuthorizedSession(creds)
session = _make_session(config_json)
edit_resp = session.post(f"{_BASE}/{PACKAGE_NAME}/edits", json={}, timeout=30)
edit_resp = session.post(
f"{_BASE}/{PACKAGE_NAME}/edits",
json={},
timeout=30,
)
edit_resp.raise_for_status()
edit_id = edit_resp.json()["id"]
last_exc = None
bundle = None
for attempt in range(_MAX_UPLOAD_ATTEMPTS):
try:
bundle = _upload_aab_resumable(session, PACKAGE_NAME, edit_id, AAB_PATH)
break
except Exception as exc:
last_exc = exc
if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
delay = 10 * (2 ** attempt)
print(
f"Upload attempt {attempt + 1} failed ({type(exc).__name__}: {exc}), "
f"retrying in {delay}s…"
)
time.sleep(delay)
if bundle is None:
raise RuntimeError(
f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
) from last_exc
version_code = bundle["versionCode"]
version_code = _upload_aab(session, edit_id)
print(f"Uploaded AAB, version code: {version_code}")
track_resp = session.put(
tracks_resp = session.put(
f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
timeout=30,
)
track_resp.raise_for_status()
tracks_resp.raise_for_status()
commit_resp = session.post(
f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}:commit",
scripts/generate_build_history.py
+3 -8
View File
@@ -33,20 +33,15 @@ def list_remote_files(ssh_user: str, ssh_host: str, pattern: str) -> list[str]:
result = subprocess.run(
[
"ssh",
"-o",
"StrictHostKeyChecking=no",
f"{ssh_user}@{ssh_host}",
f"find {REMOTE_BUILDS_DIR} -name '{pattern}' -type f | sort",
],
capture_output=True,
text=True,
check=True,
)
if result.returncode != 0:
print(
f"WARNING: ssh exit {result.returncode} listing {pattern} on {ssh_user}@{ssh_host}"
" — build history will be empty for this pattern",
file=sys.stderr,
)
print(result.stderr, file=sys.stderr)
return []
return [line.strip() for line in result.stdout.splitlines() if line.strip()]
scripts/run_firebase_test.sh
-54
View File
@@ -1,54 +0,0 @@
#!/usr/bin/env bash
# Runs the Firebase Test Lab Dagger pipeline with Gradle/Dagger noise filtered out.
# Retries up to 3 times on transient Dagger engine connectivity errors.
set -uo pipefail
OUT=$(mktemp)
RC_FILE=$(mktemp)
trap 'rm -f "$OUT" "$RC_FILE"' EXIT
_strip_ansi() {
sed 's/\x1b\[[0-9;]*[mGKHFJ]//g'
}
_filter_noise() {
grep -vE \
'> Task :.+(UP-TO-DATE|NO-SOURCE|SKIPPED)'\
'|[0-9]+ files found for path '\''lib/'\
'|^Inputs:'\
'|^[[:space:]]+-[[:space:]]/'\
'|\[Incubating\]'\
'|Deprecated Gradle features'\
'|warning-mode all'\
'|please refer to https://docs\.gradle'\
'|[0-9]+ actionable tasks'\
'|^warning: \[options\]'\
'|^Note: Some input files'\
'|Starting a Gradle Daemon'\
'|Have questions, feedback, or issues'\
'|https://firebase\.google\.com/support'\
'|^\s*[┆│]\s*$' \
|| true
}
_run() {
: > "$OUT" ; : > "$RC_FILE"
{
dagger call --progress=plain -q -m ci --source=. test-android-firebase \
--service-account-key env:FIREBASE_TEST_LAB_SERVICE_ACCOUNT_KEY \
--project-id "$FIREBASE_PROJECT_ID"
echo $? > "$RC_FILE"
} 2>&1 | tee "$OUT" | _strip_ansi | _filter_noise
}
for attempt in 1 2 3; do
_run && break
RC=$(cat "$RC_FILE" 2>/dev/null || echo 1)
if [ "$attempt" -lt 3 ] && grep -qE "connection reset|context canceled|connection refused|No Dagger server responded" "$OUT"; then
echo "[firebase] dagger connectivity error on attempt $attempt/3, retrying..." >&2
else
exit "$RC"
fi
done
exit "$(cat "$RC_FILE" 2>/dev/null || echo 0)"
scripts/setup_dagger_remote.sh
-102
View File
@@ -1,102 +0,0 @@
#!/usr/bin/env bash
# Establishes a secure tunnel to a remote Dagger Engine via stunnel.
set -euo pipefail
if [ -z "${DAGGER_STUNNEL_URL:-}" ]; then
echo "Error: DAGGER_STUNNEL_URL must be set."
exit 1
fi
# Parse host and port (e.g., example.com:8774 or just example.com)
host=$(echo "$DAGGER_STUNNEL_URL" | cut -d: -f1)
port=$(echo "$DAGGER_STUNNEL_URL" | cut -d: -f2)
if [ "$host" == "$port" ]; then
port="8774"
fi
MAX_PROBE_ATTEMPTS=5
PROBE_DELAY=30
for attempt in $(seq 1 $MAX_PROBE_ATTEMPTS); do
echo "Probing $host:$port (attempt $attempt/$MAX_PROBE_ATTEMPTS)..."
if nc -zw 5 "$host" "$port" 2>/dev/null; then
echo "Found active server on $host:$port"
break
fi
if [ "$attempt" -eq "$MAX_PROBE_ATTEMPTS" ]; then
echo "Warning: No Dagger server responded on $host:$port after $MAX_PROBE_ATTEMPTS attempts"
echo "Remote engine unavailable — CI will use the local Dagger engine."
exit 0
fi
echo "Dagger server not responding, waiting ${PROBE_DELAY}s before retry..."
sleep $PROBE_DELAY
done
# 2a. Try plain TCP connection first (works when server is a plain TCP proxy, no TLS)
echo "Trying plain TCP Dagger connection at tcp://$host:$port..."
if _DAGGER_RUNNER_HOST="tcp://$host:$port" \
_EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://$host:$port" \
timeout 8 dagger version >/dev/null 2>&1; then
echo "Plain TCP Dagger connection succeeded — no TLS stunnel needed."
if [ -n "${GITHUB_ENV:-}" ]; then
echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://$host:$port" >> "$GITHUB_ENV"
echo "_DAGGER_RUNNER_HOST=tcp://$host:$port" >> "$GITHUB_ENV"
else
export _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://$host:$port"
export _DAGGER_RUNNER_HOST="tcp://$host:$port"
echo "Dagger configured at tcp://$host:$port (plain TCP)"
fi
exit 0
fi
echo "Plain TCP connection not available; trying TLS stunnel..."
# 2b. Setup TLS credentials (passed as env vars from secrets)
mkdir -p /tmp/dagger-tls
echo "$DAGGER_CA_CERT" > /tmp/dagger-tls/ca.crt
echo "$DAGGER_CLIENT_CERT" > /tmp/dagger-tls/client.crt
echo "$DAGGER_CLIENT_KEY" > /tmp/dagger-tls/client.key
chmod 600 /tmp/dagger-tls/client.key
# 3. Configure and start stunnel
STUNNEL_CONF="/tmp/stunnel-dagger.conf"
cat << EOF > "$STUNNEL_CONF"
client = yes
foreground = yes
pid = /tmp/stunnel.pid
debug = warning
; TCP keepalive on the remote side to prevent NAT/firewall from resetting the connection
socket = r:SO_KEEPALIVE=1
socket = r:TCP_KEEPIDLE=10
socket = r:TCP_KEEPINTVL=5
socket = r:TCP_KEEPCNT=3
[dagger]
accept = 127.0.0.1:1774
connect = $host:$port
CAfile = /tmp/dagger-tls/ca.crt
cert = /tmp/dagger-tls/client.crt
key = /tmp/dagger-tls/client.key
verifyChain = yes
EOF
# Start stunnel in the background
stunnel "$STUNNEL_CONF" &
TUNNEL_PID=$!
# Give it a moment to establish
sleep 2
if ! kill -0 "$TUNNEL_PID" 2>/dev/null; then
echo "Error: stunnel failed to start"
exit 1
fi
# 4. Export environment for subsequent CI steps
if [ -n "${GITHUB_ENV:-}" ]; then
echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://127.0.0.1:1774" >> "$GITHUB_ENV"
echo "_DAGGER_RUNNER_HOST=tcp://127.0.0.1:1774" >> "$GITHUB_ENV"
echo "Tunnel established. Dagger is configured to use the remote engine."
else
export _EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://127.0.0.1:1774
export _DAGGER_RUNNER_HOST=tcp://127.0.0.1:1774
echo "Tunnel established. Run: export _DAGGER_RUNNER_HOST=tcp://127.0.0.1:1774"
fi
scripts/test_agent_loop.py
+11 -552
View File
@@ -1,6 +1,5 @@
#!/usr/bin/env python3
"""Tests for agent_loop.py."""
import contextlib
import io
import json
import os
@@ -15,16 +14,6 @@ sys.path.insert(0, str(Path(__file__).parent))
import agent_loop
class TestUrlHelpers(unittest.TestCase):
def test_issue_url(self):
url = agent_loop._issue_url(128)
self.assertEqual(url, "https://codeberg.org/guettli/sharedinbox/issues/128")
def test_ci_run_url(self):
url = agent_loop._ci_run_url(4145144)
self.assertEqual(url, "https://codeberg.org/guettli/sharedinbox/actions/runs/4145144")
class TestStateFile(unittest.TestCase):
def setUp(self):
self._tmp = tempfile.NamedTemporaryFile(delete=False, suffix=".json")
@@ -65,16 +54,6 @@ class TestStateFile(unittest.TestCase):
agent_loop._clear_state()
self.assertIsNone(agent_loop._read_state())
def test_write_state_stores_issue_title(self):
agent_loop._write_state(42, 10, "issue", "My Test Issue")
data = json.loads(Path(self._tmp.name).read_text())
self.assertEqual(data["issue_title"], "My Test Issue")
def test_write_state_omits_issue_title_when_none(self):
agent_loop._write_state(42, None, "ci-fix")
data = json.loads(Path(self._tmp.name).read_text())
self.assertNotIn("issue_title", data)
class TestAgentAlive(unittest.TestCase):
def test_own_pid_is_alive(self):
@@ -88,47 +67,21 @@ class TestAgentAlive(unittest.TestCase):
self.assertFalse(agent_loop._agent_alive({"pid": None}))
class TestIsClaudeProcess(unittest.TestCase):
def test_returns_true_for_claude_comm(self):
with patch.object(agent_loop.Path, "read_text", return_value="claude\n"):
self.assertTrue(agent_loop._is_claude_process(1234))
def test_returns_true_for_node_comm(self):
with patch.object(agent_loop.Path, "read_text", return_value="node\n"):
self.assertTrue(agent_loop._is_claude_process(1234))
def test_returns_false_for_other_process(self):
with patch.object(agent_loop.Path, "read_text", return_value="bash\n"):
self.assertFalse(agent_loop._is_claude_process(1234))
def test_returns_false_when_proc_missing(self):
with patch.object(agent_loop.Path, "read_text", side_effect=OSError):
self.assertFalse(agent_loop._is_claude_process(1234))
class TestKillAgent(unittest.TestCase):
def test_kill_sends_sigkill(self):
with patch("agent_loop._is_claude_process", return_value=True):
with patch("agent_loop.os.kill") as mock_kill:
agent_loop._kill_agent({"pid": 1234})
mock_kill.assert_called_once_with(1234, 9)
with patch("agent_loop.os.kill") as mock_kill:
agent_loop._kill_agent({"pid": 1234})
mock_kill.assert_called_once_with(1234, 9)
def test_kill_ignores_missing_process(self):
with patch("agent_loop._is_claude_process", return_value=True):
with patch("agent_loop.os.kill", side_effect=ProcessLookupError):
agent_loop._kill_agent({"pid": 1234}) # Should not raise.
with patch("agent_loop.os.kill", side_effect=ProcessLookupError):
agent_loop._kill_agent({"pid": 1234}) # Should not raise.
def test_kill_noop_when_no_pid(self):
with patch("agent_loop.os.kill") as mock_kill:
agent_loop._kill_agent({})
mock_kill.assert_not_called()
def test_kill_skips_recycled_pid(self):
with patch("agent_loop._is_claude_process", return_value=False):
with patch("agent_loop.os.kill") as mock_kill:
agent_loop._kill_agent({"pid": 1234})
mock_kill.assert_not_called()
class TestStartAgent(unittest.TestCase):
def _make_mock_proc(self, pid=42):
@@ -200,13 +153,12 @@ class TestMain(unittest.TestCase):
return 55
with patch("agent_loop._read_state", return_value=None), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value=None), \
patch("agent_loop._latest_ci_run", return_value=None), \
patch("agent_loop._ready_issues", return_value=[self._make_issue(10)]), \
patch("agent_loop._set_labels", side_effect=fake_set_labels), \
patch("agent_loop._start_agent", side_effect=fake_start_agent), \
patch("agent_loop._write_state"):
result = agent_loop._run_loop()
result = agent_loop.main()
self.assertEqual(result, 0)
labels_idx = next(
@@ -227,13 +179,12 @@ class TestMain(unittest.TestCase):
captured["remove"] = remove
with patch("agent_loop._read_state", return_value=None), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value=None), \
patch("agent_loop._latest_ci_run", return_value=None), \
patch("agent_loop._ready_issues", return_value=[self._make_issue(7)]), \
patch("agent_loop._set_labels", side_effect=fake_set_labels), \
patch("agent_loop._start_agent", return_value=99), \
patch("agent_loop._write_state"):
agent_loop._run_loop()
agent_loop.main()
self.assertIn(agent_loop.LABEL_IN_PROGRESS, captured.get("add", []))
self.assertIn(agent_loop.LABEL_READY, captured.get("remove", []))
@@ -241,508 +192,16 @@ class TestMain(unittest.TestCase):
def test_no_ready_issues_does_nothing(self):
"""main() exits cleanly with 0 when there are no ready issues."""
with patch("agent_loop._read_state", return_value=None), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value=None), \
patch("agent_loop._latest_ci_run", return_value=None), \
patch("agent_loop._ready_issues", return_value=[]), \
patch("agent_loop._set_labels") as mock_labels, \
patch("agent_loop._start_agent") as mock_start:
result = agent_loop._run_loop()
result = agent_loop.main()
self.assertEqual(result, 0)
mock_labels.assert_not_called()
mock_start.assert_not_called()
def test_prompt_does_not_tell_agent_to_close_issue(self):
"""Agents must not close issues; the loop handles closing after CI passes."""
captured_prompt = {}
def fake_start_agent(prompt, session_name):
captured_prompt["prompt"] = prompt
return 77
with patch("agent_loop._read_state", return_value=None), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value=None), \
patch("agent_loop._ready_issues", return_value=[self._make_issue(42)]), \
patch("agent_loop._set_labels"), \
patch("agent_loop._start_agent", side_effect=fake_start_agent), \
patch("agent_loop._write_state"):
agent_loop._run_loop()
prompt = captured_prompt.get("prompt", "")
# "do NOT close the issue" (blocker instruction) is fine; what must be
# absent is any affirmative instruction to close on completion.
self.assertNotIn("close the issue and stop", prompt.lower())
class TestPendingCi(unittest.TestCase):
"""Tests for the pending-CI state: issue closed only after CI passes."""
def _dead_state(self, issue: int, kind: str = "issue") -> dict:
return {
"pid": 999999999, # non-existent PID
"issue": issue,
"started_at": "2026-01-01T00:00:00+00:00",
"type": kind,
}
def _open_pr(self, branch: str = "issue-10-fix") -> dict:
return {"number": 5, "head": {"ref": branch}, "created_at": "2026-01-01T00:00:00+00:00"}
def _find_pr_open(self, branch, state="open"):
if state == "open":
return self._open_pr(branch)
return None
def test_closes_issue_when_ci_passes_after_agent_finishes(self):
"""After issue agent finishes, loop merges the PR and closes the issue once CI is green."""
# First call: PR found open. Second call (post-merge verification): PR closed.
with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
patch("agent_loop._find_pr_for_branch", side_effect=[self._open_pr(), None]), \
patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 1, "status": "success"}), \
patch("agent_loop._merge_pr") as mock_merge, \
patch("agent_loop._close_issue") as mock_close, \
patch("agent_loop._clear_state"):
result = agent_loop._run_loop()
self.assertEqual(result, 0)
mock_merge.assert_called_once_with(5)
mock_close.assert_called_once_with(10)
def test_ci_passed_output_includes_ci_run_url(self):
"""'CI passed' line includes the CI run URL when a run is available."""
buf = io.StringIO()
with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
patch("agent_loop._find_pr_for_branch", side_effect=[self._open_pr(), None]), \
patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 4145144, "status": "success"}), \
patch("agent_loop._merge_pr"), \
patch("agent_loop._close_issue"), \
patch("agent_loop._clear_state"), \
contextlib.redirect_stdout(buf):
agent_loop._run_loop()
output = buf.getvalue()
self.assertIn("https://codeberg.org/guettli/sharedinbox/actions/runs/4145144", output)
self.assertIn("https://codeberg.org/guettli/sharedinbox/issues/10", output)
def test_already_merged_pr_closes_issue_without_ci_url(self):
"""When the PR was already merged, the issue is closed and no CI run URL appears."""
def find_pr(branch, state="open"):
if state == "closed":
return {"number": 5, "merged": True}
return None
buf = io.StringIO()
with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
patch("agent_loop._find_pr_for_branch", side_effect=find_pr), \
patch("agent_loop._close_issue") as mock_close, \
patch("agent_loop._clear_state"), \
contextlib.redirect_stdout(buf):
result = agent_loop._run_loop()
output = buf.getvalue()
self.assertEqual(result, 0)
mock_close.assert_called_once_with(10)
self.assertIn("already merged", output)
self.assertNotIn("/actions/runs/", output)
def test_no_pr_found_sets_question_label(self):
"""When no open or merged PR exists for the pending branch, set State/Question."""
with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
patch("agent_loop._find_pr_for_branch", return_value=None), \
patch("agent_loop._set_labels") as mock_labels, \
patch("agent_loop._comment_issue") as mock_comment, \
patch("agent_loop._close_issue") as mock_close, \
patch("agent_loop._clear_state"):
result = agent_loop._run_loop()
self.assertEqual(result, 0)
mock_close.assert_not_called()
mock_labels.assert_called_once_with(
10,
add=[agent_loop.LABEL_QUESTION],
remove=[agent_loop.LABEL_IN_PROGRESS],
)
mock_comment.assert_called_once()
self.assertIn("issue-10-fix", mock_comment.call_args[0][1])
def test_does_not_close_issue_when_ci_fails(self):
"""After issue agent finishes, loop must NOT close the issue if CI failed on PR branch."""
with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
patch("agent_loop._find_pr_for_branch", side_effect=self._find_pr_open), \
patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 1, "status": "failure"}), \
patch("agent_loop._close_issue") as mock_close, \
patch("agent_loop._start_agent", return_value=55), \
patch("agent_loop._write_state"), \
patch("agent_loop._clear_state"):
result = agent_loop._run_loop()
self.assertEqual(result, 0)
mock_close.assert_not_called()
def test_saves_pending_ci_state_while_ci_running(self):
"""When CI is still running on PR branch after agent finishes, pending issue is preserved."""
written = {}
def fake_write_state(pid, issue, kind, issue_title=None, session_name=None, ci_run_id=None):
written["pid"] = pid
written["issue"] = issue
written["kind"] = kind
with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
patch("agent_loop._find_pr_for_branch", side_effect=self._find_pr_open), \
patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 1, "status": "running"}), \
patch("agent_loop._write_state", side_effect=fake_write_state), \
patch("agent_loop._clear_state"):
result = agent_loop._run_loop()
self.assertEqual(result, 0)
self.assertEqual(written.get("issue"), 10)
self.assertEqual(written.get("kind"), "pending-ci")
self.assertIsNone(written.get("pid"))
def test_ci_fix_preserves_pending_issue_in_state(self):
"""When CI fails on PR branch after agent finishes, ci-fix state includes the pending issue."""
written = {}
def fake_write_state(pid, issue, kind, issue_title=None, session_name=None, ci_run_id=None):
written["pid"] = pid
written["issue"] = issue
written["kind"] = kind
with patch("agent_loop._read_state", return_value=self._dead_state(10)), \
patch("agent_loop._find_pr_for_branch", side_effect=self._find_pr_open), \
patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 1, "status": "failure"}), \
patch("agent_loop._start_agent", return_value=55), \
patch("agent_loop._write_state", side_effect=fake_write_state), \
patch("agent_loop._clear_state"):
result = agent_loop._run_loop()
self.assertEqual(result, 0)
self.assertEqual(written.get("issue"), 10)
self.assertEqual(written.get("kind"), "ci-fix")
def test_closes_issue_after_ci_fix_and_ci_passes(self):
"""After ci-fix agent finishes and CI passes on PR branch, the pending issue is closed."""
with patch("agent_loop._read_state", return_value=self._dead_state(10, "ci-fix")), \
patch("agent_loop._find_pr_for_branch", side_effect=[self._open_pr(), None]), \
patch("agent_loop._latest_ci_run_for_branch", return_value={"id": 1, "status": "success"}), \
patch("agent_loop._merge_pr") as mock_merge, \
patch("agent_loop._close_issue") as mock_close, \
patch("agent_loop._clear_state"):
result = agent_loop._run_loop()
self.assertEqual(result, 0)
mock_merge.assert_called_once_with(5)
mock_close.assert_called_once_with(10)
def test_no_pending_issue_ci_fix_without_issue(self):
"""ci-fix for a manual push (no pending issue) does not try to close anything."""
with patch("agent_loop._read_state", return_value={
"pid": 999999999, "issue": None, "started_at": "2026-01-01T00:00:00+00:00",
"type": "ci-fix",
}), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value={"id": 1, "status": "success"}), \
patch("agent_loop._close_issue") as mock_close, \
patch("agent_loop._ready_issues", return_value=[]), \
patch("agent_loop._clear_state"):
result = agent_loop._run_loop()
self.assertEqual(result, 0)
mock_close.assert_not_called()
class TestOutputFormat(unittest.TestCase):
"""Verify output format: no [agent_loop] prefix, URLs in output."""
def test_output_starts_with_header(self):
buf = io.StringIO()
with patch("agent_loop._read_state", return_value=None), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value=None), \
patch("agent_loop._ready_issues", return_value=[]), \
contextlib.redirect_stdout(buf):
agent_loop._run_loop()
first_line = buf.getvalue().splitlines()[0]
self.assertTrue(first_line.startswith("---------------------- Starting "),
f"Unexpected first line: {first_line!r}")
def test_no_agent_loop_prefix_in_output(self):
buf = io.StringIO()
with patch("agent_loop._read_state", return_value=None), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value=None), \
patch("agent_loop._ready_issues", return_value=[]), \
contextlib.redirect_stdout(buf):
agent_loop._run_loop()
self.assertNotIn("[agent_loop]", buf.getvalue())
def test_ci_run_output_contains_url(self):
run = {"id": 4145144, "status": "running"}
buf = io.StringIO()
with patch("agent_loop._read_state", return_value=None), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value=run), \
contextlib.redirect_stdout(buf):
agent_loop._run_loop()
self.assertIn("https://codeberg.org/guettli/sharedinbox/actions/runs/4145144",
buf.getvalue())
def test_issue_output_contains_url_and_title(self):
issue = {"number": 128, "title": "Fix something", "body": "", "labels": []}
buf = io.StringIO()
with patch("agent_loop._read_state", return_value=None), \
patch("agent_loop._open_issue_prs", return_value=[]), \
patch("agent_loop._latest_main_ci_run", return_value=None), \
patch("agent_loop._ready_issues", return_value=[issue]), \
patch("agent_loop._set_labels"), \
patch("agent_loop._start_agent", return_value=99), \
patch("agent_loop._write_state"), \
contextlib.redirect_stdout(buf):
agent_loop._run_loop()
output = buf.getvalue()
self.assertIn("https://codeberg.org/guettli/sharedinbox/issues/128", output)
self.assertIn("Fix something", output)
class TestLatestMainCiRun(unittest.TestCase):
"""_latest_main_ci_run() must return only ci.yml push-to-main runs."""
def _ci_run(self, run_id, status="success"):
return {"event": "push", "prettyref": "main", "workflow_id": "ci.yml",
"status": status, "id": run_id}
def _deploy_run(self, run_id, status="success"):
return {"event": "push", "prettyref": "main", "workflow_id": "deploy.yml",
"status": status, "id": run_id}
def test_skips_deploy_run_returns_ci_run(self):
# Forgejo reports deploy.yml schedule runs as event=push/prettyref=main;
# must be excluded by workflow_id filter.
runs = [self._deploy_run(1), self._ci_run(2)]
with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
result = agent_loop._latest_main_ci_run()
self.assertIsNotNone(result)
self.assertEqual(result["id"], 2)
def test_returns_none_when_only_deploy_runs_exist(self):
runs = [self._deploy_run(1)]
with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
result = agent_loop._latest_main_ci_run()
self.assertIsNone(result)
def test_returns_none_when_only_schedule_runs_exist(self):
runs = [{"event": "schedule", "prettyref": "main", "workflow_id": "deploy.yml",
"status": "success", "id": 1}]
with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
result = agent_loop._latest_main_ci_run()
self.assertIsNone(result)
def test_returns_ci_push_to_main_run(self):
runs = [self._ci_run(42, status="running")]
with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
result = agent_loop._latest_main_ci_run()
self.assertIsNotNone(result)
self.assertEqual(result["id"], 42)
class TestLatestCiRunForBranch(unittest.TestCase):
"""Tests for _latest_ci_run_for_branch — Forgejo API field mapping."""
def _make_pr_run(self, branch: str, status: str = "success") -> dict:
payload = json.dumps({"pull_request": {"head": {"ref": branch}}})
return {"event": "pull_request", "event_payload": payload, "status": status, "id": 1}
def _make_push_run(self, prettyref: str, status: str = "success") -> dict:
return {"event": "push", "prettyref": prettyref, "status": status, "id": 2}
def _mock_tea_runs(self, runs):
with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}) as m:
yield m
def test_pr_event_matches_via_event_payload(self):
run = self._make_pr_run("issue-166-fix")
with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
self.assertIsNotNone(result)
self.assertEqual(result["id"], 1)
def test_pr_event_does_not_match_wrong_branch(self):
run = self._make_pr_run("issue-99-fix")
with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
self.assertIsNone(result)
def test_push_event_matches_via_prettyref(self):
run = self._make_push_run("issue-166-fix")
with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
self.assertIsNotNone(result)
self.assertEqual(result["id"], 2)
def test_push_event_prettyref_pr_number_does_not_match_branch(self):
# Forgejo sets prettyref="#169" for PR runs — must not match branch name.
run = {"event": "push", "prettyref": "#169", "status": "success", "id": 3}
with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
self.assertIsNone(result)
def test_head_branch_field_absent_still_works(self):
# Regression: the old code used run.get("head_branch") which is absent in Forgejo.
run = self._make_pr_run("issue-166-fix")
self.assertNotIn("head_branch", run)
with patch("agent_loop._tea_get", return_value={"workflow_runs": [run]}):
result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
self.assertIsNotNone(result)
def test_returns_none_when_no_runs(self):
with patch("agent_loop._tea_get", return_value={"workflow_runs": []}):
result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
self.assertIsNone(result)
def test_returns_first_matching_run(self):
runs = [
self._make_pr_run("issue-166-fix", status="success"),
self._make_pr_run("issue-166-fix", status="failure"),
]
runs[0]["id"] = 10
runs[1]["id"] = 11
with patch("agent_loop._tea_get", return_value={"workflow_runs": runs}):
result = agent_loop._latest_ci_run_for_branch("issue-166-fix")
self.assertEqual(result["id"], 10)
class TestFindSessionUuid(unittest.TestCase):
"""Tests for _find_session_uuid()."""
def _write_jsonl(self, directory: Path, filename: str, entries: list) -> Path:
path = directory / filename
with path.open("w") as fh:
for entry in entries:
fh.write(json.dumps(entry) + "\n")
return path
def test_returns_uuid_for_matching_session_name(self):
with tempfile.TemporaryDirectory() as tmpdir:
projects_dir = Path(tmpdir)
self._write_jsonl(projects_dir, "abc123.jsonl", [
{"type": "agent-name", "agentName": "issue-91", "sessionId": "uuid-abc-123"},
])
orig = agent_loop.CLAUDE_PROJECTS_DIR
agent_loop.CLAUDE_PROJECTS_DIR = projects_dir
try:
result = agent_loop._find_session_uuid("issue-91")
finally:
agent_loop.CLAUDE_PROJECTS_DIR = orig
self.assertEqual(result, "uuid-abc-123")
def test_returns_none_when_name_does_not_match(self):
with tempfile.TemporaryDirectory() as tmpdir:
projects_dir = Path(tmpdir)
self._write_jsonl(projects_dir, "abc123.jsonl", [
{"type": "agent-name", "agentName": "issue-99", "sessionId": "uuid-abc-123"},
])
orig = agent_loop.CLAUDE_PROJECTS_DIR
agent_loop.CLAUDE_PROJECTS_DIR = projects_dir
try:
result = agent_loop._find_session_uuid("issue-91")
finally:
agent_loop.CLAUDE_PROJECTS_DIR = orig
self.assertIsNone(result)
def test_returns_none_when_directory_missing(self):
orig = agent_loop.CLAUDE_PROJECTS_DIR
agent_loop.CLAUDE_PROJECTS_DIR = Path("/nonexistent/path/that/does/not/exist")
try:
result = agent_loop._find_session_uuid("issue-91")
finally:
agent_loop.CLAUDE_PROJECTS_DIR = orig
self.assertIsNone(result)
def test_returns_none_when_no_agent_name_entry(self):
with tempfile.TemporaryDirectory() as tmpdir:
projects_dir = Path(tmpdir)
self._write_jsonl(projects_dir, "abc123.jsonl", [
{"type": "message", "content": "hello"},
])
orig = agent_loop.CLAUDE_PROJECTS_DIR
agent_loop.CLAUDE_PROJECTS_DIR = projects_dir
try:
result = agent_loop._find_session_uuid("issue-91")
finally:
agent_loop.CLAUDE_PROJECTS_DIR = orig
self.assertIsNone(result)
def test_scans_multiple_files_to_find_match(self):
with tempfile.TemporaryDirectory() as tmpdir:
projects_dir = Path(tmpdir)
self._write_jsonl(projects_dir, "aaa.jsonl", [
{"type": "agent-name", "agentName": "issue-10", "sessionId": "uuid-10"},
])
self._write_jsonl(projects_dir, "bbb.jsonl", [
{"type": "agent-name", "agentName": "issue-91", "sessionId": "uuid-91"},
])
orig = agent_loop.CLAUDE_PROJECTS_DIR
agent_loop.CLAUDE_PROJECTS_DIR = projects_dir
try:
result = agent_loop._find_session_uuid("issue-91")
finally:
agent_loop.CLAUDE_PROJECTS_DIR = orig
self.assertEqual(result, "uuid-91")
class TestRunLoopResumeCommand(unittest.TestCase):
"""Tests that _run_loop() shows a UUID-based resume command when agent is running."""
def _alive_state(self, session_name="issue-91"):
return {
"pid": os.getpid(), # own PID is always alive
"issue": 91,
"started_at": "2026-05-23T12:00:00+00:00",
"type": "issue",
"session_name": session_name,
}
def test_resume_shows_uuid_when_found(self):
buf = io.StringIO()
fake_uuid = "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
with patch("agent_loop._read_state", return_value=self._alive_state()), \
patch("agent_loop._agent_alive", return_value=True), \
patch("agent_loop._agent_age_seconds", return_value=600), \
patch("agent_loop._find_session_uuid", return_value=fake_uuid), \
patch("agent_loop._git_summary", return_value=""), \
contextlib.redirect_stdout(buf):
agent_loop._run_loop()
output = buf.getvalue()
self.assertIn(f"claude --resume {fake_uuid}", output)
def test_resume_shows_list_hint_when_uuid_not_found(self):
buf = io.StringIO()
with patch("agent_loop._read_state", return_value=self._alive_state()), \
patch("agent_loop._agent_alive", return_value=True), \
patch("agent_loop._agent_age_seconds", return_value=600), \
patch("agent_loop._find_session_uuid", return_value=None), \
patch("agent_loop._git_summary", return_value=""), \
contextlib.redirect_stdout(buf):
agent_loop._run_loop()
output = buf.getvalue()
self.assertIn("scripts/agent_loop.py list", output)
# Must NOT show the session name as a valid resume argument.
self.assertNotIn("claude --resume issue-91", output)
def test_resume_not_shown_when_no_session_name(self):
state = self._alive_state()
del state["session_name"]
buf = io.StringIO()
with patch("agent_loop._read_state", return_value=state), \
patch("agent_loop._agent_alive", return_value=True), \
patch("agent_loop._agent_age_seconds", return_value=600), \
patch("agent_loop._find_session_uuid", return_value=None), \
patch("agent_loop._git_summary", return_value=""), \
contextlib.redirect_stdout(buf):
agent_loop._run_loop()
output = buf.getvalue()
self.assertNotIn("Resume:", output)
if __name__ == "__main__":
unittest.main()
scripts/test_deploy_playstore.py
-200
View File
@@ -1,200 +0,0 @@
#!/usr/bin/env python3
"""Tests for deploy_playstore.py."""
import os
import sys
import unittest
from pathlib import Path
from unittest.mock import MagicMock, call, patch
sys.path.insert(0, str(Path(__file__).parent))
import deploy_playstore
def _make_session(
edit_id="edit-42",
version_code=7,
upload_side_effects=None,
):
"""Return a mock AuthorizedSession with sensible defaults."""
session = MagicMock()
# POST /edits → create edit
edit_resp = MagicMock()
edit_resp.json.return_value = {"id": edit_id}
session.post.return_value = edit_resp
# POST resumable-init → Location header
init_resp = MagicMock()
init_resp.headers = {"Location": "https://upload.example.com/session"}
# PUT upload → bundle JSON
upload_resp = MagicMock()
upload_resp.json.return_value = {"versionCode": version_code}
if upload_side_effects is not None:
# Use side_effect list: first call is edit create, rest are upload inits
# We override the PUT side effects via _upload_aab_resumable mock instead
pass
return session, init_resp, upload_resp
class TestMainEnvChecks(unittest.TestCase):
def test_missing_env_exits(self):
with patch.dict(os.environ, {}, clear=True):
with self.assertRaises(SystemExit) as ctx:
deploy_playstore.main()
self.assertEqual(ctx.exception.code, 1)
def test_missing_aab_exits(self):
fake_config = '{"type": "service_account"}'
with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
with patch("deploy_playstore.os.path.exists", return_value=False):
with self.assertRaises(SystemExit) as ctx:
deploy_playstore.main()
self.assertEqual(ctx.exception.code, 1)
class TestMainHappyPath(unittest.TestCase):
def _run_main(self, fake_config='{"type":"service_account"}'):
mock_session = MagicMock()
# POST for edit create and commit
post_responses = [
MagicMock(**{"json.return_value": {"id": "edit-42"}}), # create edit
MagicMock(), # commit
]
mock_session.post.side_effect = post_responses
# PUT for track update
mock_session.put.return_value = MagicMock()
with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
with patch("deploy_playstore.os.path.exists", return_value=True):
with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
with patch(
"deploy_playstore._upload_aab_resumable",
return_value={"versionCode": 7},
):
deploy_playstore.main()
return mock_session
def test_creates_edit(self):
session = self._run_main()
create_call = session.post.call_args_list[0]
self.assertIn("/edits", create_call[0][0])
def test_commits_edit(self):
session = self._run_main()
commit_call = session.post.call_args_list[1]
self.assertIn(":commit", commit_call[0][0])
def test_updates_track(self):
session = self._run_main()
track_call = session.put.call_args_list[0]
self.assertIn("/tracks/", track_call[0][0])
class TestUploadRetry(unittest.TestCase):
def _run_main(self, upload_side_effects, sleep_mock=None):
mock_session = MagicMock()
post_responses = [
MagicMock(**{"json.return_value": {"id": "edit-1"}}),
MagicMock(),
]
mock_session.post.side_effect = post_responses
mock_session.put.return_value = MagicMock()
patches = [
patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}),
patch("deploy_playstore.os.path.exists", return_value=True),
patch("deploy_playstore.service_account.Credentials.from_service_account_info"),
patch("deploy_playstore.AuthorizedSession", return_value=mock_session),
patch("deploy_playstore._upload_aab_resumable", side_effect=upload_side_effects),
patch("deploy_playstore.time.sleep"),
]
for p in patches:
p.start()
try:
deploy_playstore.main()
finally:
for p in patches:
p.stop()
def test_succeeds_on_first_attempt(self):
with patch("deploy_playstore._upload_aab_resumable", return_value={"versionCode": 5}) as mock_upload:
with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
with patch("deploy_playstore.os.path.exists", return_value=True):
with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
mock_session = MagicMock()
mock_session.post.side_effect = [
MagicMock(**{"json.return_value": {"id": "e1"}}),
MagicMock(),
]
mock_session.put.return_value = MagicMock()
with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
deploy_playstore.main()
mock_upload.assert_called_once()
def test_retries_once_on_error_then_succeeds(self):
self._run_main([ValueError("transient"), {"versionCode": 9}])
def test_raises_after_all_attempts_exhausted(self):
with self.assertRaises(RuntimeError) as ctx:
self._run_main([ValueError("err"), ValueError("err"), ValueError("err")])
self.assertIn(str(deploy_playstore._MAX_UPLOAD_ATTEMPTS), str(ctx.exception))
def test_backoff_delays_are_10s_then_20s(self):
mock_session = MagicMock()
mock_session.post.side_effect = [
MagicMock(**{"json.return_value": {"id": "e1"}}),
MagicMock(),
]
mock_session.put.return_value = MagicMock()
with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
with patch("deploy_playstore.os.path.exists", return_value=True):
with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
with patch("deploy_playstore.AuthorizedSession", return_value=mock_session):
with patch(
"deploy_playstore._upload_aab_resumable",
side_effect=[ValueError("e"), ValueError("e"), {"versionCode": 3}],
):
with patch("deploy_playstore.time.sleep") as mock_sleep:
deploy_playstore.main()
mock_sleep.assert_has_calls([call(10), call(20)])
class TestUploadAabResumable(unittest.TestCase):
def test_initiates_and_uploads(self):
mock_session = MagicMock()
init_resp = MagicMock()
init_resp.headers = {"Location": "https://upload.example.com/sess"}
upload_resp = MagicMock()
upload_resp.json.return_value = {"versionCode": 42}
mock_session.post.return_value = init_resp
mock_session.put.return_value = upload_resp
import tempfile
with tempfile.NamedTemporaryFile(delete=False) as f:
f.write(b"fake-aab-content")
aab_path = f.name
try:
result = deploy_playstore._upload_aab_resumable(
mock_session, "com.example.app", "edit-1", aab_path
)
finally:
os.unlink(aab_path)
self.assertEqual(result["versionCode"], 42)
mock_session.post.assert_called_once()
mock_session.put.assert_called_once()
put_call = mock_session.put.call_args
self.assertEqual(put_call[0][0], "https://upload.example.com/sess")
if __name__ == "__main__":
unittest.main()
scripts/test_firebase_check.sh
-89
View File
@@ -1,89 +0,0 @@
#!/usr/bin/env bash
# Tests for Firebase CI check patterns used in ci/main.go.
# Run directly: bash scripts/test_firebase_check.sh
PASS=0
FAIL=0
_assert() {
local name="$1" expected="$2" actual="$3"
if [ "$actual" = "$expected" ]; then
PASS=$((PASS + 1))
else
echo "FAIL: $name"
echo " expected: '$expected'"
echo " actual: '$actual'"
FAIL=$((FAIL + 1))
fi
}
# --- auth stderr filter ---
# Lines ignored: "Activated service account credentials for: [...]"
# "Updated property [core/project]."
_filter_auth() {
grep -vF "Activated service account credentials for:" \
| grep -vF "Updated property [core/project]." \
| grep -v "^$" \
|| true
}
_assert "auth: both known messages produce empty output" "" \
"$(printf 'Activated service account credentials for: [ci@sa.iam.gserviceaccount.com]\nUpdated property [core/project].\n' | _filter_auth)"
_assert "auth: only credentials line produces empty output" "" \
"$(printf 'Activated service account credentials for: [ci@sa.iam.gserviceaccount.com]\n' | _filter_auth)"
_assert "auth: only property line produces empty output" "" \
"$(printf 'Updated property [core/project].\n' | _filter_auth)"
_assert "auth: empty input produces empty output" "" \
"$(printf '' | _filter_auth)"
_assert "auth: unexpected line passes through" "some unexpected error" \
"$(printf 'some unexpected error\n' | _filter_auth)"
_assert "auth: unknown line kept alongside known messages" "unexpected line" \
"$(printf 'Activated service account credentials for: [x]\nunexpected line\nUpdated property [core/project].\n' | _filter_auth)"
# --- "error" word detection: grep -qwi 'error' ---
# Matches "error" as a whole word (case-insensitive).
# Must NOT match "error" as part of another word (e.g. "stderr", "AssertionError").
_has_err() { printf '%s\n' "$1" | grep -qwi 'error' && echo yes || echo no; }
_assert "error: non-retryable error line matched" yes "$(_has_err 'A non-retryable error occurred.')"
_assert "error: uppercase ERROR matched" yes "$(_has_err 'ERROR: infrastructure_failure')"
_assert "error: mixed-case Error matched" yes "$(_has_err 'Error: something went wrong')"
_assert "error: normal pending line not matched" no "$(_has_err 'Test is Pending')"
_assert "error: timing line not matched" no "$(_has_err 'Done. Test time = 183 (secs)')"
_assert "error: completion line not matched" no "$(_has_err 'Instrumentation testing complete.')"
_assert "error: 'stderr' word not matched" no "$(_has_err 'some stderr: gcloud output')"
_assert "error: 'AssertionError' not matched" no "$(_has_err 'java.lang.AssertionError: expected true')"
# --- device count from result table ---
# Counts data rows by looking for lines with "│" that contain an outcome word.
TABLE_PASS="┌─────────┬───────────────────────┬──────────────┐
│ OUTCOME │ TEST_AXIS_VALUE │ TEST_DETAILS │
├─────────┼───────────────────────┼──────────────┤
│ Passed │ oriole-33-en-portrait │ -- │
└─────────┴───────────────────────┴──────────────┘"
TABLE_FAIL="┌─────────┬───────────────────────┬──────────────┐
│ OUTCOME │ TEST_AXIS_VALUE │ TEST_DETAILS │
├─────────┼───────────────────────┼──────────────┤
│ Failed │ oriole-33-en-portrait │ -- │
└─────────┴───────────────────────┴──────────────┘"
_count() {
local n
n=$(printf '%s' "$1" | grep "│" | grep -cE "(Passed|Failed|Inconclusive|Skipped)") || n=0
printf '%s' "$n"
}
_assert "count: one passing device gives 1" 1 "$(_count "$TABLE_PASS")"
_assert "count: one failing device gives 1" 1 "$(_count "$TABLE_FAIL")"
_assert "count: no table gives 0" 0 "$(_count 'Test is Pending\nDone.')"
_assert "count: plain output gives 0" 0 "$(_count 'Instrumentation testing complete.')"
echo ""
echo "Results: $PASS passed, $FAIL failed"
[ "$FAIL" -eq 0 ] || exit 1
stalwart-dev/config.toml
+10 -5
View File
@@ -1,5 +1,10 @@
# Minimal Stalwart Mail configuration for local development and integration tests.
#
# Do not start directly — use stalwart-dev/start, which substitutes $STALWART_PORT
# and writes a per-clone config into /tmp/stalwart-dev-PORT/ before starting.
#
# Check: curl http://localhost:$STALWART_PORT/.well-known/jmap
#
# HTTP only — localhost testing, no TLS.
# Two test accounts (alice, bob) for multi-account sync tests.
@@ -8,27 +13,27 @@ hostname = "localhost"
[[server.listener]]
id = "jmap"
bind = ["0.0.0.0:8080"]
bind = ["127.0.0.1:8080"]
protocol = "http"
[[server.listener]]
id = "imap"
bind = ["0.0.0.0:1430"]
bind = ["127.0.0.1:1430"]
protocol = "imap"
[[server.listener]]
id = "smtp"
bind = ["0.0.0.0:1025"]
bind = ["127.0.0.1:1025"]
protocol = "smtp"
[[server.listener]]
id = "managesieve"
bind = ["0.0.0.0:4190"]
bind = ["127.0.0.1:4190"]
protocol = "managesieve"
[store."db"]
type = "sqlite"
path = "/tmp/stalwart/data.sqlite"
path = "/tmp/stalwart-dev/data.sqlite"
[storage]
data = "db"
stalwart-dev/start
+19 -22
View File
@@ -6,6 +6,16 @@
# STALWART_TMPDIR/ports.env for other scripts to source.
set -euo pipefail
command -v stalwart >/dev/null || {
echo "stalwart not in PATH — run inside nix develop"
exit 1
}
command -v ss >/dev/null || {
echo "ss not in PATH — cannot verify Stalwart ports"
exit 1
}
if [ "${STALWART_RANDOM_PORTS:-0}" = "1" ] || [ "${STALWART_PORT:-0}" = "0" ]; then
command -v python3 >/dev/null || {
echo "python3 not in PATH — cannot choose random Stalwart ports"
@@ -51,30 +61,17 @@ export STALWART_SIEVE_PORT=${STALWART_SIEVE_PORT}
export STALWART_URL=${STALWART_URL}
EOF
# Find a container runtime
if command -v podman >/dev/null 2>&1; then
RUNTIME="podman"
elif command -v docker >/dev/null 2>&1; then
RUNTIME="docker"
else
echo "No container runtime (podman or docker) found" >&2
exit 1
fi
echo "Stalwart ports: JMAP=${STALWART_PORT} IMAP=${STALWART_IMAP_PORT} SMTP=${STALWART_SMTP_PORT} SIEVE=${STALWART_SIEVE_PORT}" >&2
echo "Stalwart is running in a container (${RUNTIME}). Press Ctrl+C to stop." >&2
echo "Stalwart is running in the foreground. Press Ctrl+C to stop." >&2
echo "Connection info written to ${TMPDIR}/ports.env" >&2
REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
# Run Stalwart in container, mapping the random host ports to the fixed container ports.
# We mount the config.toml and use /tmp/stalwart for data (mapped to our local TMPDIR).
exec "${RUNTIME}" run --rm -i \
-p "${STALWART_PORT}:8080" \
-p "${STALWART_IMAP_PORT}:1430" \
-p "${STALWART_SMTP_PORT}:1025" \
-p "${STALWART_SIEVE_PORT}:4190" \
-v "${REPO_ROOT}/stalwart-dev/config.toml:/etc/stalwart/config.toml:ro" \
-v "${TMPDIR}:/tmp/stalwart:rw" \
docker.io/stalwartlabs/stalwart:v0.14.1 \
stalwart --config /etc/stalwart/config.toml
sed -e "s|127.0.0.1:8080|127.0.0.1:${STALWART_PORT}|" \
-e "s|127.0.0.1:1430|127.0.0.1:${STALWART_IMAP_PORT}|" \
-e "s|127.0.0.1:1025|127.0.0.1:${STALWART_SMTP_PORT}|" \
-e "s|127.0.0.1:4190|127.0.0.1:${STALWART_SIEVE_PORT}|" \
-e "s|/tmp/stalwart-dev|${TMPDIR}|" \
"${REPO_ROOT}/stalwart-dev/config.toml" >"${TMPDIR}/config.toml"
exec stalwart --config "${TMPDIR}/config.toml"
stalwart-dev/test.sh
+9 -3
View File
@@ -12,7 +12,13 @@ export STALWART_RANDOM_PORTS=1
STALWART_TMPDIR="$(mktemp -d /tmp/stalwart-dev-XXXXXX)"
export STALWART_TMPDIR
# Kill any stalwart left over from a previous run.
command -v stalwart >/dev/null || {
echo "stalwart not in PATH — run inside nix develop"
exit 1
}
# Kill any stalwart left over from a previous run (the CI self-hosted runner
# keeps processes alive across jobs when a run is killed externally).
pkill -x stalwart 2>/dev/null && sleep 0.5 || true
# Pre-seed spam-filter version so Stalwart does not fetch it on first boot.
@@ -29,8 +35,8 @@ tmp=$(mktemp)
STALWART_PID=$!
trap 'kill "$STALWART_PID" 2>/dev/null || true; wait "$STALWART_PID" 2>/dev/null || true; rm -f "$tmp"' EXIT
# Wait until Stalwart is accepting connections (up to 60 s).
for _i in $(seq 1 120); do
# Wait until Stalwart is accepting connections (up to 10 s).
for _i in $(seq 1 20); do
# shellcheck source=/dev/null
[ -f "${STALWART_TMPDIR}/ports.env" ] && . "${STALWART_TMPDIR}/ports.env"
grep -E "already in use" "$LOGFILE" >/dev/null 2>&1 && {
test/unit/account_sync_manager_test.dart
-67
View File
@@ -1,8 +1,6 @@
import 'dart:async';
import 'package:flutter/services.dart' show MissingPluginException;
import 'package:mockito/annotations.dart';
import 'package:sharedinbox/core/models/account.dart';
import 'package:sharedinbox/core/models/email.dart';
import 'package:sharedinbox/core/models/mailbox.dart';
import 'package:sharedinbox/core/repositories/account_repository.dart';
@@ -32,40 +30,6 @@ void main() {
// This is hard to test without real loops, but we can verify it doesn't crash.
manager.syncNow('unknown');
});
// Regression test for issue #200: when flutter_secure_storage throws
// MissingPluginException (channel unavailable on the device), the IMAP sync
// loop must stop permanently instead of retrying indefinitely with backoff.
test(
'MissingPluginException from secure storage stops IMAP sync loop permanently',
() async {
final syncLog = FakeSyncLogRepository();
final m = AccountSyncManager(
_AccountRepositoryWithMissingPlugin(),
FakeMailboxRepositoryWithInbox(),
FakeEmailRepository(),
syncLog: syncLog,
);
m.start();
// Allow the first sync cycle to run and fail.
await Future<void>.delayed(const Duration(milliseconds: 100));
expect(syncLog.logs, hasLength(1));
expect(syncLog.logs.first.success, isFalse);
// Kicking the loop should have no effect once it has stopped permanently.
m.syncNow('1');
await Future<void>.delayed(const Duration(milliseconds: 100));
// Before the fix: kick triggers a retry → 2 log entries.
// After the fix: loop is permanently stopped → still exactly 1 entry.
expect(syncLog.logs, hasLength(1));
m.dispose();
});
}
class FakeEmailRepository implements EmailRepository {
@@ -223,34 +187,3 @@ class FakeMailboxRepositoryWithInbox implements MailboxRepository {
@override
Future<void> clearForResync(String accountId) async {}
}
class _AccountRepositoryWithMissingPlugin implements AccountRepository {
static const _account = Account(
id: '1',
displayName: 'Test',
email: 'test@example.com',
);
@override
Stream<List<Account>> observeAccounts() => Stream.value([_account]);
@override
Future<Account?> getAccount(String id) async => _account;
@override
Future<String> getPassword(String accountId) => Future.error(
MissingPluginException(
'No implementation found for method read on channel '
'plugins.it.nomads.com/flutter_secure_storage',
),
);
@override
Future<void> addAccount(Account account, String password) async {}
@override
Future<void> updateAccount(Account account, {String? password}) async {}
@override
Future<void> removeAccount(String id) async {}
}
test/unit/background_sync_test.dart
-20
View File
@@ -1,20 +0,0 @@
import 'package:flutter_test/flutter_test.dart';
import 'package:sharedinbox/core/sync/background_sync.dart';
void main() {
TestWidgetsFlutterBinding.ensureInitialized();
// Regression test for https://codeberg.org/guettli/sharedinbox/issues/149:
// On some Android devices the WorkManager platform channel is absent at
// startup, throwing PlatformException(channel-error, ...).
// registerBackgroundSync() must absorb the failure and let the app continue.
test(
'registerBackgroundSync completes without throwing when plugin is unavailable',
() async {
// In the unit-test environment the native WorkManager plugin is not
// registered, so Workmanager().initialize() throws a PlatformException or
// MissingPluginException. The fix catches it. This test fails before the
// fix (exception propagates) and passes after it (exception is swallowed).
await expectLater(registerBackgroundSync(), completes);
});
}
test/unit/database_path_test.dart
-156
View File
@@ -1,156 +0,0 @@
import 'dart:async';
import 'dart:io';
import 'package:fake_async/fake_async.dart';
import 'package:flutter/services.dart';
import 'package:flutter_test/flutter_test.dart';
import 'package:path_provider_platform_interface/path_provider_platform_interface.dart';
import 'package:plugin_platform_interface/plugin_platform_interface.dart';
import 'package:sharedinbox/data/db/database.dart';
// Fake PathProviderPlatform that always throws PlatformException(channel-error)
// to simulate the Pigeon channel not being ready at startup (issue #166).
class _UnavailablePathProvider extends Fake
with MockPlatformInterfaceMixin
implements PathProviderPlatform {
@override
Future<String?> getApplicationSupportPath() async {
throw PlatformException(
code: 'channel-error',
message: 'Simulated: path_provider channel not ready',
);
}
}
// Fake PathProviderPlatform that fails the first [failCount] calls, then
// returns a fixed path. Used to exercise the retry loop in
// _resolveDatabasePath() without waiting for real timers.
class _SucceedAfterNPathProvider extends Fake
with MockPlatformInterfaceMixin
implements PathProviderPlatform {
_SucceedAfterNPathProvider({required this.failCount});
final int failCount;
int _callCount = 0;
@override
Future<String?> getApplicationSupportPath() async {
_callCount++;
if (_callCount <= failCount) {
throw PlatformException(
code: 'channel-error',
message: 'Simulated: path_provider channel not ready',
);
}
return '/tmp/test_app_support';
}
}
void main() {
TestWidgetsFlutterBinding.ensureInitialized();
// Regression test for https://codeberg.org/guettli/sharedinbox/issues/166:
// On some slow Android devices the path_provider Pigeon channel is not ready
// when initDatabasePath() runs before runApp(). initDatabasePath() must
// absorb the PlatformException and let the app start; _resolveDatabasePath()
// then retries with back-off on first DB access.
test(
'initDatabasePath completes without throwing when path_provider is unavailable',
() async {
final prev = PathProviderPlatform.instance;
PathProviderPlatform.instance = _UnavailablePathProvider();
addTearDown(() => PathProviderPlatform.instance = prev);
// Must not throw — the exception is swallowed so the app can continue.
await expectLater(initDatabasePath(), completes);
},
);
// Tests for _resolveDatabasePath() — the lazy retry path called on first DB
// access when initDatabasePath() already failed. fake_async lets us advance
// the back-off timers without waiting real-world milliseconds.
test(
'_resolveDatabasePath retries and eventually succeeds after transient failures',
() {
resetDatabasePathForTesting();
final prev = PathProviderPlatform.instance;
// Fail 3 times, succeed on the 4th call. The delays in
// _resolveDatabasePath are [200, 500, 1000, 2000, 4000] ms, so three
// failures cost 200+500+1000 = 1700 ms before the fourth attempt.
PathProviderPlatform.instance = _SucceedAfterNPathProvider(failCount: 3);
addTearDown(() {
PathProviderPlatform.instance = prev;
resetDatabasePathForTesting();
});
fakeAsync((fake) {
String? result;
unawaited(resolveDatabasePathForTesting().then((r) => result = r));
// Advance fake time through the three back-off delays.
fake.elapse(const Duration(milliseconds: 200 + 500 + 1000 + 1));
expect(result, isNotNull);
expect(result, endsWith('sharedinbox.db'));
});
},
);
test(
'_resolveDatabasePath throws PlatformException after exhausting all retries',
() {
resetDatabasePathForTesting();
final prev = PathProviderPlatform.instance;
PathProviderPlatform.instance = _UnavailablePathProvider();
addTearDown(() {
PathProviderPlatform.instance = prev;
resetDatabasePathForTesting();
});
fakeAsync((fake) {
Object? caughtError;
unawaited(
resolveDatabasePathForTesting().catchError((Object e) {
caughtError = e;
return ''; // ignored; satisfies the Future<String> return type
}),
);
// Advance past all five back-off delays: 200+500+1000+2000+4000 ms.
fake.elapse(
const Duration(milliseconds: 200 + 500 + 1000 + 2000 + 4000 + 1),
);
expect(caughtError, isA<PlatformException>());
expect(
(caughtError! as PlatformException).message,
contains('cannot open database'),
);
});
},
// The Android fallback runs only on Android, so on the host machine the
// exception is still thrown after all retries. Skip on Android to avoid
// depending on /data/user/0/... being absent in the test environment.
skip: Platform.isAndroid,
);
// Regression test for issue #192: _androidFallbackPath must return null when
// the process cmdline does not look like an Android package name (e.g. on
// the host test machine where the process is the Dart executable).
test(
'_androidFallbackPath returns null when process name is not a package name',
() async {
// On non-Android platforms the host process cmdline is a file-system path
// (starts with '/'), which the fallback correctly rejects. On Android
// the process IS named after the package — the fallback is free to
// succeed or return null depending on the device state; we do not assert
// here so as not to constrain Android behaviour.
if (!Platform.isAndroid) {
final result = await androidFallbackPathForTesting();
expect(result, isNull);
}
},
);
}
test/unit/notification_service_test.dart
-26
View File
@@ -1,26 +0,0 @@
import 'package:flutter_test/flutter_test.dart';
import 'package:sharedinbox/core/services/notification_service.dart';
void main() {
TestWidgetsFlutterBinding.ensureInitialized();
// Regression test for https://codeberg.org/guettli/sharedinbox/issues/146:
// On some Android devices the flutter_local_notifications plugin channel is
// absent at startup, throwing MissingPluginException (or a similar error).
// initNotifications() must absorb the failure and let the app continue.
test(
'initNotifications completes without throwing when plugin is unavailable',
() async {
// In the unit-test environment the native plugin is not registered, so
// _plugin.initialize() throws. The fix catches it and keeps _initialized
// false. This test fails before the fix (exception propagates) and passes
// after it (exception is swallowed).
await expectLater(initNotifications(), completes);
});
test('showNewMailNotification completes without throwing', () async {
// Platform.isAndroid is false in tests, so this returns early without
// touching the plugin. Ensures the guard path is exercised.
await expectLater(showNewMailNotification('test@example.com'), completes);
});
}
test/widget/about_screen_test.dart
-4
View File
@@ -151,10 +151,6 @@ void main() {
expect(clipboardText, contains('Dark Mode'));
expect(clipboardText, contains('IMAP Accounts'));
expect(clipboardText, contains('JMAP Accounts'));
expect(
clipboardText,
contains('[sharedinbox.de](https://sharedinbox.de)'),
);
});
testWidgets('AboutScreen create-issue button opens Codeberg URL', (
test/widget/account_export_screen_test.dart
+2 -100
View File
@@ -23,7 +23,7 @@ void main() {
expect(find.byKey(const Key('scanEncryptedButton')), findsOneWidget);
});
testWidgets('shows expiry countdown hint', (tester) async {
testWidgets('shows 20-minute expiry hint', (tester) async {
await tester.pumpWidget(
buildApp(
initialLocation: '/accounts/receive',
@@ -32,106 +32,8 @@ void main() {
);
await tester.pumpAndSettle();
expect(find.textContaining('expires in'), findsOneWidget);
expect(find.textContaining('20 minutes'), findsOneWidget);
});
testWidgets(
'step 2 button shows text-input fallback on platforms without camera',
(tester) async {
await tester.pumpWidget(
buildApp(
initialLocation: '/accounts/receive',
overrides: baseOverrides(),
),
);
await tester.pumpAndSettle();
await tester.tap(find.byKey(const Key('scanEncryptedButton')));
await tester.pumpAndSettle();
// On Linux (desktop, no camera) the text fallback field must appear.
expect(find.byKey(const Key('encryptedCodeField')), findsOneWidget);
},
);
testWidgets(
'step 2 — valid encrypted QR imports account via text fallback',
(tester) async {
// Pre-generate a key pair so we can encrypt a QR code with the same
// material the screen will use for decryption.
final material = await ShareEncryptionService.generateKeyPair();
final repo = FakeShareKeyRepository(material: material);
const account = Account(
id: 'src-1',
displayName: 'Alice',
email: 'alice@example.com',
imapHost: 'imap.example.com',
smtpHost: 'smtp.example.com',
);
final encryptedQr = await ShareEncryptionService.encryptAccounts(
recipientKeyId: material.keyId,
recipientPublicKeyBytes: material.publicKeyBytes,
accounts: [
AccountPayload(
accountJson: account.toJson(),
password: 'secret',
),
],
);
await tester.pumpWidget(
buildApp(
initialLocation: '/accounts/receive',
overrides: baseOverrides(shareKeyRepository: repo),
),
);
await tester.pumpAndSettle(); // key generation completes
await tester.tap(find.byKey(const Key('scanEncryptedButton')));
await tester.pumpAndSettle();
await tester.enterText(
find.byKey(const Key('encryptedCodeField')),
encryptedQr,
);
await tester.tap(find.text('Import'));
await tester.pumpAndSettle();
expect(
find.text('Imported 1 account successfully.'),
findsOneWidget,
);
},
);
testWidgets(
'step 2 — invalid encrypted QR shows error and returns to pub-key step',
(tester) async {
await tester.pumpWidget(
buildApp(
initialLocation: '/accounts/receive',
overrides: baseOverrides(),
),
);
await tester.pumpAndSettle();
await tester.tap(find.byKey(const Key('scanEncryptedButton')));
await tester.pumpAndSettle();
await tester.enterText(
find.byKey(const Key('encryptedCodeField')),
'not-a-valid-qr-code',
);
await tester.tap(find.text('Import'));
await tester.pumpAndSettle();
// Screen returns to the pub-key step with an error message visible.
expect(find.byKey(const Key('pubKeyQrCode')), findsOneWidget);
expect(find.textContaining('Import failed:'), findsWidgets);
},
);
});
group('AccountSendScreen', () {
test/widget/compose_screen_test.dart
-1
View File
@@ -1,6 +1,5 @@
import 'package:flutter/material.dart';
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:flutter_riverpod/misc.dart' show Override;
import 'package:flutter_test/flutter_test.dart';
import 'package:go_router/go_router.dart';
test/widget/crash_screen_test.dart
+2 -165
View File
@@ -1,5 +1,4 @@
import 'package:flutter/material.dart';
import 'package:flutter/services.dart';
import 'package:flutter_test/flutter_test.dart';
import 'package:mockito/mockito.dart';
import 'package:package_info_plus/package_info_plus.dart';
@@ -60,10 +59,6 @@ void main() {
await tester.tap(find.text('Report Issue on Codeberg'));
await tester.pumpAndSettle();
// Regression for #146: URL must contain only the title, NOT the full
// report body. Long stack traces caused "create issue failed" by
// exceeding browser URL-length limits. The report is copied to clipboard
// so the user can paste it into the issue body.
expect(
mock.launchedUrl,
contains('https://codeberg.org/guettli/sharedinbox/issues/new'),
@@ -72,165 +67,7 @@ void main() {
mock.launchedUrl,
contains('title=Crash%3A%20TestException%3A%20something%20broke'),
);
expect(mock.launchedUrl, isNot(contains('&body=')));
expect(mock.launchedUrl, isNot(contains('App%20Version')));
expect(mock.launchedUrl, isNot(contains('Stack%20Trace')));
expect(mock.launchedUrl, contains('App%20Version%3A%201.0.0%2B42'));
expect(mock.launchedUrl, contains('TestException%3A%20something%20broke'));
});
testWidgets(
'CrashScreen copy-to-clipboard includes version and platform info',
(tester) async {
tester.view.physicalSize = const Size(800, 1200);
tester.view.devicePixelRatio = 1.0;
addTearDown(() => tester.view.resetPhysicalSize());
String? clipboardText;
tester.binding.defaultBinaryMessenger.setMockMethodCallHandler(
SystemChannels.platform,
(MethodCall call) async {
if (call.method == 'Clipboard.setData') {
clipboardText =
(call.arguments as Map<dynamic, dynamic>)['text'] as String?;
}
return null;
},
);
addTearDown(
() => tester.binding.defaultBinaryMessenger
.setMockMethodCallHandler(SystemChannels.platform, null),
);
const exception = 'TestException: clipboard test';
final stackTrace = StackTrace.current;
await tester.pumpWidget(
MaterialApp(
home: CrashScreen(exception: exception, stackTrace: stackTrace),
),
);
await tester.tap(find.text('Copy to Clipboard'));
await tester.pump();
await tester.pump();
await tester.pumpAndSettle();
expect(clipboardText, isNotNull);
expect(clipboardText, contains('App Version: 1.0.0+42'));
expect(clipboardText, contains('Build Mode:'));
expect(clipboardText, contains('Platform:'));
expect(clipboardText, contains('Dart:'));
expect(clipboardText, contains('Timestamp:'));
expect(clipboardText, contains('TestException: clipboard test'));
// GIT_HASH is empty in test builds — no Git Commit line expected
expect(clipboardText, isNot(contains('Git Commit:')));
},
);
testWidgets(
'CrashScreen shows git hash as clickable link above stacktrace',
(tester) async {
tester.view.physicalSize = const Size(800, 1200);
tester.view.devicePixelRatio = 1.0;
addTearDown(() => tester.view.resetPhysicalSize());
final mock = MockUrlLauncher();
UrlLauncherPlatform.instance = mock;
const exception = 'TestException: git hash test';
final stackTrace = StackTrace.current;
const testHash = 'abc1234';
await tester.pumpWidget(
CrashScreen(
exception: exception,
stackTrace: stackTrace,
gitHash: testHash,
),
);
// Git hash link should be present
final gitLinkFinder = find.textContaining('Git Commit: abc1234');
expect(gitLinkFinder, findsOneWidget);
// Link must appear above the stack trace
final stackTraceFinder = find.text('Stack Trace:');
expect(
tester.getTopLeft(gitLinkFinder).dy,
lessThan(tester.getTopLeft(stackTraceFinder).dy),
);
// Tapping the link should open the Codeberg commit URL
await tester.tap(gitLinkFinder);
await tester.pumpAndSettle();
expect(
mock.launchedUrl,
equals('https://codeberg.org/guettli/sharedinbox/commit/abc1234'),
);
},
);
testWidgets(
'CrashScreen shows version, build mode, and platform in the UI',
(tester) async {
tester.view.physicalSize = const Size(800, 1200);
tester.view.devicePixelRatio = 1.0;
addTearDown(() => tester.view.resetPhysicalSize());
const exception = 'TestException: info row test';
final stackTrace = StackTrace.current;
await tester.pumpWidget(
MaterialApp(
home: CrashScreen(exception: exception, stackTrace: stackTrace),
),
);
await tester.pumpAndSettle();
// Info row shows app version (from mock), build mode, and platform OS.
expect(find.textContaining('1.0.0+42'), findsWidgets);
// In test builds kDebugMode is true.
expect(find.textContaining('debug'), findsOneWidget);
// Platform OS is always present (linux in CI, android/ios on device).
expect(
find.textContaining(RegExp(r'linux|android|ios|windows|macos')),
findsWidgets,
);
},
);
testWidgets(
'CrashScreen used as root widget — buttons work without ScaffoldMessenger crash',
(tester) async {
// Regression test for: ScaffoldMessenger.of(context) null-crash when
// CrashScreen is the root widget (runApp path after startup crash).
tester.view.physicalSize = const Size(800, 1200);
tester.view.devicePixelRatio = 1.0;
addTearDown(() => tester.view.resetPhysicalSize());
final mock = MockUrlLauncher();
UrlLauncherPlatform.instance = mock;
const exception = 'TestException: startup crash';
final stackTrace = StackTrace.current;
// Pump CrashScreen directly as the root — no parent MaterialApp.
await tester.pumpWidget(
CrashScreen(exception: exception, stackTrace: stackTrace),
);
expect(find.textContaining('TestException'), findsOneWidget);
// Tapping 'Report Issue on Codeberg' must not crash. Previously
// ScaffoldMessenger.of(context) threw because context was above the
// MaterialApp that CrashScreen itself creates.
await tester.tap(find.text('Report Issue on Codeberg'));
await tester.pumpAndSettle();
expect(
mock.launchedUrl,
contains('https://codeberg.org/guettli/sharedinbox/issues/new'),
);
},
);
}
test/widget/email_detail_screen_test.dart
+1 -1
View File
@@ -3,7 +3,7 @@ import 'dart:convert';
import 'dart:io';
import 'package:flutter/material.dart';
import 'package:flutter_riverpod/misc.dart' show Override;
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:flutter_test/flutter_test.dart';
import 'package:path_provider_platform_interface/path_provider_platform_interface.dart';
test/widget/email_list_screen_golden_test.dart
+1 -1
View File
@@ -1,5 +1,5 @@
import 'package:flutter/material.dart';
import 'package:flutter_riverpod/misc.dart' show Override;
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:flutter_test/flutter_test.dart';
import 'package:sharedinbox/core/models/email.dart';
test/widget/helpers.dart
+5 -20
View File
@@ -6,7 +6,6 @@
import 'package:flutter/material.dart';
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:flutter_riverpod/misc.dart' show Override;
import 'package:go_router/go_router.dart';
import 'package:sharedinbox/core/models/account.dart';
@@ -20,7 +19,6 @@ import 'package:sharedinbox/core/repositories/email_repository.dart';
import 'package:sharedinbox/core/repositories/mailbox_repository.dart';
import 'package:sharedinbox/core/repositories/search_history_repository.dart';
import 'package:sharedinbox/core/repositories/share_key_repository.dart';
import 'package:sharedinbox/core/repositories/sync_log_repository.dart';
import 'package:sharedinbox/core/services/account_discovery_service.dart';
import 'package:sharedinbox/core/services/connection_test_service.dart';
import 'package:sharedinbox/core/services/managesieve_probe_service.dart';
@@ -79,13 +77,11 @@ class FakeAccountRepository implements AccountRepository {
}
class FakeShareKeyRepository implements ShareKeyRepository {
FakeShareKeyRepository({ShareKeyMaterial? material}) : _material = material;
ShareKeyMaterial? _material;
@override
Future<ShareKeyMaterial> createKeyPair() async {
_material ??= await ShareEncryptionService.generateKeyPair();
_material = await ShareEncryptionService.generateKeyPair();
return _material!;
}
@@ -477,18 +473,10 @@ Widget buildApp({
);
return ProviderScope(
// Defaults come first so tests can override them via [overrides].
//
// syncHealthProvider and syncLogRepositoryProvider are backed by Drift
// StreamQueries. When a StreamProvider that wraps a Drift query is disposed,
// Drift schedules a Timer.run() for cache debouncing. Flutter's test
// framework then fails the test with "A Timer is still pending". Replacing
// these with simple synchronous streams avoids the pending-timer assertion.
// Always neutralise the ManageSieve probe so widget tests never open a
// real socket. Tests that need to assert on probe behaviour should supply
// their own override before this default in [overrides].
overrides: [
syncHealthProvider.overrideWith((ref, _) => Stream.value(null)),
syncLogRepositoryProvider.overrideWithValue(
const NoOpSyncLogRepository(),
),
...overrides,
manageSieveProbeServiceProvider.overrideWith(
(ref) => _NoOpManageSieveProbeService(),
@@ -513,7 +501,6 @@ List<Override> baseOverrides({
List<Mailbox>? mailboxes,
DiscoveryResult? discovery,
Exception? connectionError,
ShareKeyRepository? shareKeyRepository,
}) =>
[
accountRepositoryProvider
@@ -528,9 +515,7 @@ List<Override> baseOverrides({
connectionTestServiceProvider.overrideWithValue(
FakeConnectionTestService(error: connectionError),
),
shareKeyRepositoryProvider.overrideWithValue(
shareKeyRepository ?? FakeShareKeyRepository(),
),
shareKeyRepositoryProvider.overrideWithValue(FakeShareKeyRepository()),
];
// ---------------------------------------------------------------------------
website/themes/PaperMod
Submodule
+1
Submodule website/themes/PaperMod added at 154d006e01
website/themes/PaperMod/LICENSE
-22
View File
@@ -1,22 +0,0 @@
MIT License
Copyright (c) 2020 nanxiaobei and adityatelange
Copyright (c) 2021-2026 adityatelange
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
website/themes/PaperMod/README.md
-99
View File
@@ -1,99 +0,0 @@
# Hugo PaperMod
**A fast, clean, and responsive theme for [Hugo](https://gohugo.io/).**
[![hugo-papermod](https://img.shields.io/badge/Hugo--Themes-@PaperMod-blue)](https://themes.gohugo.io/themes/hugo-papermod/)
[![Minimum Hugo Version](https://img.shields.io/static/v1?label=Hugo&message=v0.146.0%2B&color=blue&logo=hugo)](https://github.com/gohugoio/hugo/releases/tag/v0.146.0)
[![Discord](https://img.shields.io/discord/971046860317921340?label=Discord&logo=discord)](https://discord.gg/ahpmTvhVmp)
> Based on [hugo-paper](https://github.com/nanxiaobei/hugo-paper/tree/4330c8b12aa48bfdecbcad6ad66145f679a430b3), with additional features and customization options.
<table>
<tbody>
<tr>
<td>Live Demo</td>
<td><a href="https://adityatelange.github.io/hugo-PaperMod/">adityatelange.github.io/hugo-PaperMod</a></td>
</tr>
<tr>
<td>Documentation 📚</td>
<td><a href="https://github.com/adityatelange/hugo-PaperMod/wiki">Github Wiki</a></td>
</tr>
<tr>
<td>Example Site Source</td>
<td><a href="https://github.com/adityatelange/hugo-PaperMod/tree/exampleSite">exampleSite branch</a></td>
</tr>
<tr>
<td><a href="https://www.star-history.com/adityatelange/hugo-papermod"><img src="https://api.star-history.com/badge?repo=adityatelange/hugo-PaperMod&amp;theme=dark" alt="Star History Rank" /></a></td>
<td><a href="https://ko-fi.com/H2H229ZWH"><img src="https://ko-fi.com/img/githubbutton_sm.svg" alt="ko-fi" /></a></td>
</tr>
</tbody>
</table>
<p align="center">
<img src="https://user-images.githubusercontent.com/21258296/114303440-bfc0ae80-9aeb-11eb-8cfa-48a4bb385a6d.png" alt="Mockup image" title="Mockup"/>
</p>
---
## Features 💥
`☄️ Fast | ☁️ Fluent | 🌙 Smooth | 📱 Responsive`
- **Asset pipeline** -- Hugo's built-in asset generator with fingerprinting, bundling, and minification.
- **Three layout modes** -- [Regular](https://github.com/adityatelange/hugo-PaperMod/wiki/Features#regular-mode-default-mode), [Home-Info](https://github.com/adityatelange/hugo-PaperMod/wiki/Features#home-info-mode), and [Profile](https://github.com/adityatelange/hugo-PaperMod/wiki/Features#profile-mode).
- **Light and dark themes** -- Automatic switching based on browser preference, plus a manual toggle.
- **Multilingual support** -- Includes a built-in language selector.
- **Search** -- Client-side search powered by Fuse.js.
- **SEO optimized** -- Open Graph, Twitter Cards, and Schema.org structured data out of the box.
- **Cover images** -- Per-post cover images with responsive image support.
- **Table of contents** -- Auto-generated from heading structure.
- **Multiple authors** -- Native support for multi-author sites.
- **Social icons and share buttons** -- Configurable social links and per-post sharing.
- **Breadcrumb navigation**
- **Post archives and taxonomies**
- **Code block copy buttons** -- One-click copying with Chroma syntax highlighting.
- **Related post suggestions**
- **Zero JS build dependencies** -- No webpack, Node.js, or other tooling required.
| Topic | Description |
| ------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
| **[Installation guide](https://github.com/adityatelange/hugo-PaperMod/wiki/Installation)** | Detailed installation and update instructions |
| **[Features wiki page](https://github.com/adityatelange/hugo-PaperMod/wiki/Features)** | In-depth explanations of all features |
| **[FAQ wiki](https://github.com/adityatelange/hugo-PaperMod/wiki/FAQs)** | Common questions and configuration walkthroughs |
| **[Icons wiki](https://github.com/adityatelange/hugo-PaperMod/wiki/Icons)** | Documentation for social icons and share icons |
| **[Variables wiki](https://github.com/adityatelange/hugo-PaperMod/wiki/Variables)** | List of all available template variables |
| **[Overiding templates](https://github.com/adityatelange/hugo-PaperMod/wiki/Template_Overrides)** | Guide to customizing templates without forking |
| **[Releases](https://github.com/adityatelange/hugo-PaperMod/releases)** | Detailed history of releases |
---
## Performance ☄️
PaperMod consistently scores near-perfect results on [Pagespeed Insights](https://pagespeed.web.dev/report?url=https://adityatelange.github.io/hugo-PaperMod/).
<img width="481" height="116" alt="image" src="https://github.com/user-attachments/assets/497d831b-d143-4a46-bc11-b1d7f8ef4a83" />
---
## Support 🫶
- Star this repository to show your support.
- Share PaperMod with others who might find it useful.
- Sponsor the project on [GitHub Sponsors](https://github.com/sponsors/adityatelange) or [Ko-Fi](https://ko-fi.com/adityatelange).
---
## Special Thanks 🌟
- [Highlight.js](https://github.com/highlightjs/highlight.js)
- [Fuse.js](https://github.com/krisk/fuse)
- [Feather Icons](https://github.com/feathericons/feather)
- [Simple Icons](https://github.com/simple-icons/simple-icons)
- All contributors and supporters
---
## Stargazers 📈
[![Stargazers over time](https://starchart.cc/adityatelange/hugo-PaperMod.svg?background=%23ffffff00&axis=%23858585&line=%236b63ff)](https://starchart.cc/adityatelange/hugo-PaperMod)
website/themes/PaperMod/assets/css/common/404.css
-11
View File
@@ -1,11 +0,0 @@
.not-found {
position: absolute;
left: 0;
right: 0;
display: flex;
align-items: center;
justify-content: center;
height: 80%;
font-size: 160px;
font-weight: 700;
}
website/themes/PaperMod/assets/css/common/archive.css
-44
View File
@@ -1,44 +0,0 @@
.archive-posts {
width: 100%;
font-size: 16px;
}
.archive-year {
margin-top: 40px;
}
.archive-year:not(:last-of-type) {
border-bottom: 2px solid var(--border);
}
.archive-month {
display: flex;
align-items: flex-start;
padding: 10px 0;
}
.archive-month-header {
margin: 25px 0;
width: 200px;
}
.archive-month:not(:last-of-type) {
border-bottom: 1px solid var(--border);
}
.archive-entry {
position: relative;
padding: 5px;
margin: 10px 0;
}
.archive-entry-title {
margin: 5px 0;
font-weight: 400;
}
.archive-count,
.archive-meta {
color: var(--secondary);
font-size: 14px;
}
website/themes/PaperMod/assets/css/common/footer.css
-56
View File
@@ -1,56 +0,0 @@
.footer,
.top-link {
font-size: 12px;
color: var(--secondary);
}
.footer {
max-width: calc(var(--main-width) + var(--gap) * 2);
margin: auto;
padding: calc((var(--footer-height) - var(--gap)) / 2) var(--gap);
text-align: center;
line-height: 24px;
}
.footer span {
margin-inline-start: 1px;
margin-inline-end: 1px;
}
.footer span:last-child {
white-space: nowrap;
}
.footer a {
color: inherit;
text-underline-offset: 0.25rem;
text-decoration: underline;
}
.top-link {
position: fixed;
bottom: 4rem;
right: 2rem;
z-index: 99;
background: var(--tertiary);
width: 2.5rem;
height: 2.5rem;
padding: 10px;
border-radius: 64px;
transition: visibility .3s, opacity .3s cubic-bezier(0.4, 0, 1, 1);
}
.hidden {
visibility: hidden;
opacity: 0;
}
.top-link,
.top-link svg {
filter: drop-shadow(0px 0px 0px var(--theme));
}
.footer a:hover,
.top-link:hover {
color: var(--primary);
}
website/themes/PaperMod/assets/css/common/header.css
-101
View File
@@ -1,101 +0,0 @@
.header-nav {
display: flex;
flex-wrap: wrap;
justify-content: space-between;
max-width: calc(var(--nav-width) + var(--gap) * 2);
margin: auto;
line-height: var(--header-height);
padding: 0 var(--gap);
column-gap: var(--gap);
}
.header-nav a {
display: block;
}
.logo,
.menu {
display: flex;
}
.logo {
align-items: center;
column-gap: 0.55rem;
flex-wrap: wrap;
}
.logo a {
font-size: 24px;
font-weight: 700;
display: flex;
align-items: center;
column-gap: 0.55rem;
}
.logo a img,
.logo a svg {
pointer-events: none;
border-radius: 6px;
}
.theme-toggle {
padding: 0 0.4rem;
}
[data-theme="dark"] .moon {
display: none;
}
[data-theme="light"] .sun {
display: none;
}
.logo-switches {
display: inline-flex;
gap: 0.4rem;
align-items: inherit;
min-height: stretch;
flex-wrap: inherit;
}
.logo-switches>* {
min-height: inherit;
align-items: center;
display: inline-flex;
}
.nav-sep {
color: var(--secondary);
}
.lang-menu * {
display: inherit;
min-height: inherit;
align-items: inherit;
}
.lang-menu a {
font-size: 1rem;
font-weight: 500;
padding: 0 0.4rem;
display: inline-flex
}
.menu {
list-style: none;
word-break: keep-all;
overflow-x: auto;
white-space: nowrap;
column-gap: var(--gap);
}
.menu a {
font-size: 16px;
}
.menu .active {
font-weight: 500;
text-decoration: underline;
text-underline-offset: 0.3rem;
text-decoration-thickness: 2px;
}
website/themes/PaperMod/assets/css/common/main.css
-66
View File
@@ -1,66 +0,0 @@
.main {
position: relative;
min-height: calc(100vh - var(--header-height) - var(--footer-height));
max-width: calc(var(--main-width) + var(--gap) * 2);
margin: auto;
padding: var(--gap);
}
.page-header h1 {
font-size: 40px;
}
.pagination {
display: flex;
}
.pagination a {
color: var(--theme);
font-size: 13px;
line-height: 36px;
background: var(--primary);
border-radius: calc(36px / 2);
padding: 0 16px;
}
.pagination .next {
margin-inline-start: auto;
}
.social-icons a {
display: inline-flex;
padding: 10px;
}
.social-icons a svg {
height: 26px;
width: 26px;
}
code {
direction: ltr;
}
div.highlight,
pre {
position: relative;
}
.copy-code {
display: none;
position: absolute;
top: 4px;
right: 4px;
color: rgba(255, 255, 255, 0.8);
background: rgba(78, 78, 78, 0.8);
border-radius: var(--radius);
padding: 0 5px;
font-size: 14px;
user-select: none;
}
div.highlight:hover .copy-code,
pre:hover .copy-code {
display: block;
}
website/themes/PaperMod/assets/css/common/md-content.css
-253
View File
@@ -1,253 +0,0 @@
.md-content h3,
.md-content h4,
.md-content h5,
.md-content h6 {
margin: 24px 0 16px;
}
.md-content h1 {
margin: 40px auto 32px;
font-size: 40px;
}
.md-content h2 {
margin: 32px auto 24px;
font-size: 32px;
}
.md-content h3 {
font-size: 24px;
}
.md-content h4 {
font-size: 16px;
}
.md-content h5 {
font-size: 14px;
}
.md-content h6 {
font-size: 12px;
}
.md-content a:not(.anchor) {
text-underline-offset: 0.3rem;
text-decoration: underline;
}
.md-content del {
text-decoration: line-through;
}
.md-content dl:not(:last-child),
.md-content ol:not(:last-child),
.md-content p:not(:last-child),
.md-content figure:not(:last-child),
.md-content ul:not(:last-child) {
margin-bottom: var(--content-gap);
}
.md-content ol,
.md-content ul {
padding-inline-start: 1.25rem;
}
.md-content li {
margin-top: 0.3rem;
}
.md-content li p {
margin-bottom: 0;
}
.md-content dl {
display: flex;
flex-wrap: wrap;
margin: 0;
}
.md-content dt {
width: 25%;
font-weight: 700;
}
.md-content dd {
width: 75%;
margin-inline-start: 0;
padding-inline-start: 10px;
}
.md-content dd~dd,
.md-content dt~dt {
margin-top: 10px;
}
.md-content table {
margin-bottom: var(--content-gap);
}
.md-content table th,
.md-content table:not(.highlighttable, .highlight table, .gist .highlight) td {
min-width: 80px;
padding: 6px 13px;
line-height: 1.5;
border: 1px solid var(--border);
}
.md-content table th {
text-align: start;
}
.md-content table:not(.highlighttable) td code:only-child {
margin: auto 0;
}
.md-content .highlight table {
border-radius: var(--radius);
}
.md-content .highlight:not(table) {
margin-bottom: var(--content-gap);
background: var(--code-block-bg) !important;
border-radius: var(--radius);
direction: ltr;
}
.md-content li>.highlight {
margin-inline-end: 0;
}
.md-content ul pre {
margin-inline-start: calc(var(--gap) * -2);
}
.md-content .highlight pre {
margin: 0;
}
.md-content .highlighttable {
table-layout: fixed;
}
.md-content .highlighttable td:first-child {
width: 40px;
}
.md-content .highlighttable td .linenodiv {
padding-inline-end: 0 !important;
}
.md-content .highlighttable td .highlight,
.md-content .highlighttable td .linenodiv pre {
margin-bottom: 0;
}
.post-content code {
padding: 0.2rem 0.3rem;
font-size: 0.78em;
line-height: 1.5;
background: var(--code-bg);
border-radius: 0.2rem;
}
.md-content pre code {
display: grid;
margin: auto 0;
padding: 10px;
color: rgb(213, 213, 214);
background: var(--code-block-bg) !important;
border-radius: var(--radius);
overflow-x: auto;
word-break: break-all;
}
.md-content blockquote {
margin: 1rem 0;
padding-inline-start: 1rem;
border-inline-start: 0.3rem solid var(--content);
}
.md-content hr {
margin: 30px 0;
height: 2px;
background: var(--tertiary);
border: 0;
}
.md-content iframe {
max-width: 100%;
}
.md-content img {
border-radius: var(--radius);
margin: 1rem 0;
}
.md-content img[src*="#center"] {
margin: 1rem auto;
}
.md-content figure.align-center {
text-align: center;
}
.md-content figure>figcaption {
color: var(--primary);
font-size: 16px;
font-weight: bold;
margin: 8px 0 16px;
}
.md-content figure>figcaption>p {
color: var(--secondary);
font-size: 14px;
font-weight: normal;
}
.md-content h1:hover .anchor,
.md-content h2:hover .anchor,
.md-content h3:hover .anchor,
.md-content h4:hover .anchor,
.md-content h5:hover .anchor,
.md-content h6:hover .anchor {
display: inline-flex;
color: var(--secondary);
margin-inline-start: 0.5em;
font-weight: 500;
user-select: none;
}
.anchor:hover {
color: var(--content) !important;
}
.md-content img.in-text {
display: inline;
margin: auto;
}
mark {
border-radius: 2px;
padding: 0 2px;
}
audio {
display: block;
width: 100%;
border: 1px solid var(--border);
border-radius: var(--radius);
overflow: hidden;
height: 2.5rem;
margin-bottom: var(--content-gap);
}
audio::-webkit-media-controls-enclosure {
border-radius: 0;
}
video {
border: 1px solid var(--code-bg);
border-radius: var(--radius);
max-width: 100%;
}
website/themes/PaperMod/assets/css/common/post-entry.css
-129
View File
@@ -1,129 +0,0 @@
.first-entry {
position: relative;
display: flex;
flex-direction: column;
justify-content: center;
min-height: 320px;
margin: var(--gap) 0 calc(var(--gap) * 2) 0;
}
.first-entry .entry-header {
overflow: hidden;
display: -webkit-box;
-webkit-box-orient: vertical;
-webkit-line-clamp: 3;
}
.first-entry .entry-header h1 {
font-size: 34px;
line-height: 1.3;
}
.first-entry .entry-header h2 {
font-size: 40px;
}
.first-entry .entry-content {
margin: 14px 0;
font-size: 16px;
-webkit-line-clamp: 3;
}
.first-entry .entry-footer {
font-size: 14px;
}
.home-info .entry-content {
--content-gap: 0.5rem;
-webkit-line-clamp: unset;
margin: 0;
}
.home-info .social-icons a:first-of-type {
padding-inline-start: 0;
}
.post-entry {
position: relative;
margin-bottom: var(--gap);
padding: var(--gap);
background: var(--entry);
border-radius: var(--radius);
transition: transform 0.25s ease;
border: 1px solid var(--border);
}
.post-entry:hover,
.post-entry:focus-within {
transform: translateY(-2px);
border-color: var(--tertiary);
}
.tag-entry .entry-cover {
display: none;
}
.entry-header h2 {
font-size: 24px;
line-height: 1.3;
}
.entry-content {
margin: 8px 0;
color: var(--secondary);
font-size: 14px;
line-height: 1.6;
overflow: hidden;
display: -webkit-box;
-webkit-box-orient: vertical;
-webkit-line-clamp: 2;
}
.home-info .entry-content p {
margin-block-start: 1em;
margin-block-end: 1em;
}
.entry-footer {
color: var(--secondary);
font-size: 13px;
}
.entry-link {
position: absolute;
left: 0;
right: 0;
top: 0;
bottom: 0;
border-radius: var(--radius);
}
.entry-hint {
color: var(--secondary);
}
.entry-hint-parent {
display: flex;
justify-content: space-between;
}
.entry-cover {
font-size: 14px;
margin-bottom: var(--gap);
text-align: center;
display: flex;
flex-direction: column;
gap: .5rem;
}
.entry-cover img {
border-radius: var(--radius);
width: 100%;
height: auto;
}
.entry-cover a {
text-underline-offset: 0.3rem;
text-decoration: underline;
}
website/themes/PaperMod/assets/css/common/post-single.css
-215
View File
@@ -1,215 +0,0 @@
.page-header,
.post-header {
margin: 24px auto var(--content-gap) auto;
}
.post-title {
font-size: 40px;
}
.post-description {
margin-top: 10px;
}
.post-meta {
margin-top: 5px;
}
.post-meta,
.breadcrumbs {
color: var(--secondary);
font-size: 14px;
}
.breadcrumbs {
display: flex;
flex-wrap: wrap;
align-items: center;
gap: 0.2rem;
}
.breadcrumbs a {
font-size: 16px;
}
.breadcrumbs svg {
height: 1em;
}
.i18n_list {
display: inline-flex;
}
.post-meta .i18n_list li {
list-style: none;
margin: auto 3px;
}
.post-meta a,
.toc a:hover {
text-underline-offset: 0.3rem;
text-decoration: underline;
}
.post-meta a {
color: var(--secondary);
text-decoration-style: dotted;
}
details.toc {
margin-bottom: var(--content-gap);
background: var(--code-bg);
border-radius: var(--radius);
border: 1px solid var(--border);
}
[data-theme="dark"] details.toc {
background: var(--entry);
}
details.toc summary {
padding: 0.3rem 1.2rem;
border-radius: var(--radius);
}
details summary {
cursor: pointer;
display: list-item;
width: 100%;
margin-inline-start: 0;
user-select: none;
}
details .title {
display: inline;
font-weight: 500;
margin-inline-start: 0.2rem;
}
details {
interpolate-size: allow-keywords;
}
details::details-content {
height: 0;
opacity: 0;
overflow: clip;
transition: height 150ms ease,
opacity 150ms ease,
content-visibility 150ms allow-discrete;
}
details[open]::details-content {
height: auto;
opacity: 1;
}
details .inner {
margin: 0 2.4rem;
padding-bottom: 0.6rem;
}
details li ul {
margin-inline-start: var(--gap);
}
.post-content {
color: var(--content);
margin: 30px 0;
}
.post-footer {
margin-top: var(--content-gap);
}
.post-footer>* {
margin-bottom: 10px;
}
.post-tags {
display: flex;
flex-wrap: wrap;
gap: 10px;
}
.post-tags li {
display: inline-block;
}
.post-tags a,
.share-buttons,
.paginav {
border-radius: var(--radius);
background: var(--code-bg);
border: 1px solid var(--border);
}
.post-tags a {
display: block;
padding: 0 14px;
color: var(--secondary);
font-size: 14px;
line-height: 34px;
background: var(--code-bg);
}
.post-tags a:hover,
.paginav a:hover {
background: var(--border);
}
.share-buttons {
padding: 10px;
display: flex;
justify-content: center;
overflow-x: auto;
gap: 10px;
}
.share-buttons li,
.share-buttons a {
display: inline-flex;
}
.share-buttons a:not(:last-of-type) {
margin-inline-end: 12px;
}
.paginav {
display: flex;
line-height: 1.2;
}
.paginav .title {
letter-spacing: 1px;
text-transform: uppercase;
font-size: 0.8rem;
color: var(--secondary);
}
.paginav a {
width: 50%;
display: flex;
flex-direction: column;
gap: 0.5rem;
padding: 0.8rem;
border-radius: var(--radius);
}
.paginav span:hover:not(.title) {
text-underline-offset: 0.2rem;
text-decoration: underline;
}
.paginav .next {
margin-inline-start: auto;
text-align: right;
}
[dir="rtl"] .paginav .next {
text-align: left;
}
h1>a>svg {
display: inline;
}
website/themes/PaperMod/assets/css/common/profile-mode.css
-34
View File
@@ -1,34 +0,0 @@
.buttons,
.main .profile {
display: flex;
justify-content: center;
}
.main .profile {
align-items: center;
min-height: calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));
text-align: center;
}
.profile .profile_inner {
display: flex;
flex-direction: column;
align-items: center;
gap: 1rem;
}
.profile img {
border-radius: 50%;
}
.buttons {
flex-wrap: wrap;
max-width: 400px;
gap: 1rem;
}
.button {
background: var(--tertiary);
border-radius: var(--radius);
padding: 0.4rem 0.8rem;
}
website/themes/PaperMod/assets/css/common/search.css
-41
View File
@@ -1,41 +0,0 @@
.searchbox input {
padding: 4px 10px;
width: 100%;
color: var(--primary);
font-weight: bold;
border: 2px solid var(--tertiary);
border-radius: var(--radius);
}
.searchResults li {
list-style: none;
border-radius: var(--radius);
padding: 10px 15px;
position: relative;
font-weight: 500;
display: flex;
align-items: center;
justify-content: space-between;
background: var(--entry);
transition: transform .25s ease;
border: 1px solid var(--border);
}
.searchResults {
margin: var(--content-gap) 0;
width: 100%;
display: flex;
flex-direction: column;
gap: 10px;
}
.searchResults li:hover,
.searchResults li:focus-within {
transform: translateY(-2px);
border-color: var(--tertiary);
}
.searchResults li .entry-link:focus {
outline: 2px solid var(--secondary);
outline-offset: -2px;
}
website/themes/PaperMod/assets/css/common/terms.css
-19
View File
@@ -1,19 +0,0 @@
.terms-tags {
display: flex;
flex-wrap: wrap;
gap: 1em;
margin-top: var(--content-gap);
}
.terms-tags li {
display: inline-block;
font-weight: 500;
}
.terms-tags a {
display: block;
padding: 4px 10px;
background: var(--tertiary);
border-radius: var(--radius);
transition: transform 0.1s;
}
website/themes/PaperMod/assets/css/core/license.css
-6
View File
@@ -1,6 +0,0 @@
/*
PaperMod v8+
License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE
Copyright (c) 2020 nanxiaobei and adityatelange
Copyright (c) 2021-2026 adityatelange
*/
website/themes/PaperMod/assets/css/core/reset.css
-118
View File
@@ -1,118 +0,0 @@
*,
::after,
::before {
box-sizing: border-box;
}
html {
-webkit-tap-highlight-color: transparent;
overflow-y: scroll;
-webkit-text-size-adjust: 100%;
text-size-adjust: 100%;
}
a,
button,
body,
h1,
h2,
h3,
h4,
h5,
h6 {
color: var(--primary);
}
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;
font-size: 18px;
line-height: 1.6;
word-break: break-word;
background: var(--theme);
}
article,
aside,
figcaption,
figure,
footer,
header,
hgroup,
main,
nav,
section,
table {
display: block;
}
h1,
h2,
h3,
h4,
h5,
h6 {
line-height: 1.2;
}
h1,
h2,
h3,
h4,
h5,
h6,
p {
margin-top: 0;
margin-bottom: 0;
}
ul {
padding: 0;
}
a {
text-decoration: none;
}
body,
figure,
ul {
margin: 0;
}
table {
width: 100%;
border-collapse: collapse;
border-spacing: 0;
overflow-x: auto;
word-break: keep-all;
}
button,
input,
textarea {
padding: 0;
font: inherit;
background: 0 0;
border: 0;
}
input,
textarea {
outline: 0;
}
button,
input[type=button],
input[type=submit] {
cursor: pointer;
}
input:-webkit-autofill,
textarea:-webkit-autofill {
box-shadow: 0 0 0 50px var(--theme) inset;
}
img {
display: block;
max-width: 100%;
}
website/themes/PaperMod/assets/css/core/theme-vars.css
-40
View File
@@ -1,40 +0,0 @@
:root {
--gap: 24px;
--content-gap: 20px;
--nav-width: 1024px;
--main-width: 720px;
--header-height: 60px;
--footer-height: 60px;
--radius: 8px;
--theme: rgb(255, 255, 255);
--entry: rgb(255, 255, 255);
--primary: rgb(30, 30, 30);
--secondary: rgb(108, 108, 108);
--tertiary: rgb(214, 214, 214);
--content: rgb(31, 31, 31);
--code-block-bg: rgb(28, 29, 33);
--code-bg: rgb(245, 245, 245);
--border: rgb(238, 238, 238);
color-scheme: light;
}
:root[data-theme="dark"] {
--theme: rgb(29, 30, 32);
--entry: rgb(46, 46, 51);
--primary: rgb(218, 218, 219);
--secondary: rgb(155, 156, 157);
--tertiary: rgb(65, 66, 68);
--content: rgb(196, 196, 197);
--code-block-bg: rgb(46, 46, 51);
--code-bg: rgb(55, 56, 62);
--border: rgb(51, 51, 51);
color-scheme: dark;
}
.list {
background: var(--code-bg);
}
[data-theme="dark"] .list {
background: var(--theme);
}
website/themes/PaperMod/assets/css/core/zmedia.css
-55
View File
@@ -1,55 +0,0 @@
@media screen and (max-width: 768px) {
/* theme-vars */
:root {
--gap: 14px;
}
/* profile-mode */
.profile img {
transform: scale(0.85);
}
/* post-entry */
.first-entry {
min-height: 260px;
}
/* archive */
.archive-month {
flex-direction: column;
}
.archive-year {
margin-top: 20px;
}
/* footer */
.footer {
padding: calc((var(--footer-height) - var(--gap) - 10px) / 2) var(--gap);
}
}
/* footer */
@media screen and (max-width: 900px) {
.list .top-link {
transform: translateY(-5rem);
}
}
@media screen and (max-width: 340px) {
.share-buttons {
justify-content: unset;
}
}
@media (prefers-reduced-motion) {
/* terms; profile-mode; post-single; post-entry; post-entry; search; search */
.terms-tags a:active,
.button:active,
.post-entry:active,
.top-link,
.searchResults .focus,
.searchResults li:active {
transform: none;
}
}
website/themes/PaperMod/assets/css/extended/blank.css
-5
View File
@@ -1,5 +0,0 @@
/*
This is just a placeholder blank stylesheet so as to support adding custom styles budled with theme's default styles
Read https://github.com/adityatelange/hugo-PaperMod/wiki/FAQs#bundling-custom-css-with-themes-assets for more info
*/
website/themes/PaperMod/assets/css/includes/chroma-mod.css
-24
View File
@@ -1,24 +0,0 @@
.chroma {
background-color: unset !important;
}
.chroma .hl {
display: flex;
}
.chroma .lnt {
padding: 0 0 0 12px;
}
.highlight pre.chroma code {
padding: 8px 0;
}
.highlight pre.chroma .line .cl,
.chroma .ln {
padding: 0 10px;
}
.chroma .lntd:last-of-type {
width: 100%;
}
website/themes/PaperMod/assets/css/includes/chroma-styles.css
-86
View File
@@ -1,86 +0,0 @@
/* Background */ .bg { color: #cad3f5; background-color: #24273a; }
/* PreWrapper */ .chroma { color: #cad3f5; background-color: #24273a; }
/* Other */ .chroma .x { }
/* Error */ .chroma .err { color: #ed8796 }
/* CodeLine */ .chroma .cl { }
/* LineLink */ .chroma .lnlinks { outline: none; text-decoration: none; color: inherit }
/* LineTableTD */ .chroma .lntd { vertical-align: top; padding: 0; margin: 0; border: 0; }
/* LineTable */ .chroma .lntable { border-spacing: 0; padding: 0; margin: 0; border: 0; }
/* LineHighlight */ .chroma .hl { background-color: #474733 }
/* LineNumbersTable */ .chroma .lnt { white-space: pre; -webkit-user-select: none; user-select: none; margin-right: 0.4em; padding: 0 0.4em 0 0.4em;color: #8087a2 }
/* LineNumbers */ .chroma .ln { white-space: pre; -webkit-user-select: none; user-select: none; margin-right: 0.4em; padding: 0 0.4em 0 0.4em;color: #8087a2 }
/* Line */ .chroma .line { display: flex; }
/* Keyword */ .chroma .k { color: #c6a0f6 }
/* KeywordConstant */ .chroma .kc { color: #f5a97f }
/* KeywordDeclaration */ .chroma .kd { color: #ed8796 }
/* KeywordNamespace */ .chroma .kn { color: #8bd5ca }
/* KeywordPseudo */ .chroma .kp { color: #c6a0f6 }
/* KeywordReserved */ .chroma .kr { color: #c6a0f6 }
/* KeywordType */ .chroma .kt { color: #ed8796 }
/* Name */ .chroma .n { }
/* NameAttribute */ .chroma .na { color: #8aadf4 }
/* NameBuiltin */ .chroma .nb { color: #91d7e3 }
/* NameBuiltinPseudo */ .chroma .bp { color: #91d7e3 }
/* NameClass */ .chroma .nc { color: #eed49f }
/* NameConstant */ .chroma .no { color: #eed49f }
/* NameDecorator */ .chroma .nd { color: #8aadf4; font-weight: bold }
/* NameEntity */ .chroma .ni { color: #8bd5ca }
/* NameException */ .chroma .ne { color: #f5a97f }
/* NameFunction */ .chroma .nf { color: #8aadf4 }
/* NameFunctionMagic */ .chroma .fm { color: #8aadf4 }
/* NameLabel */ .chroma .nl { color: #91d7e3 }
/* NameNamespace */ .chroma .nn { color: #f5a97f }
/* NameOther */ .chroma .nx { }
/* NameProperty */ .chroma .py { color: #f5a97f }
/* NameTag */ .chroma .nt { color: #c6a0f6 }
/* NameVariable */ .chroma .nv { color: #f4dbd6 }
/* NameVariableClass */ .chroma .vc { color: #f4dbd6 }
/* NameVariableGlobal */ .chroma .vg { color: #f4dbd6 }
/* NameVariableInstance */ .chroma .vi { color: #f4dbd6 }
/* NameVariableMagic */ .chroma .vm { color: #f4dbd6 }
/* Literal */ .chroma .l { }
/* LiteralDate */ .chroma .ld { }
/* LiteralString */ .chroma .s { color: #a6da95 }
/* LiteralStringAffix */ .chroma .sa { color: #ed8796 }
/* LiteralStringBacktick */ .chroma .sb { color: #a6da95 }
/* LiteralStringChar */ .chroma .sc { color: #a6da95 }
/* LiteralStringDelimiter */ .chroma .dl { color: #8aadf4 }
/* LiteralStringDoc */ .chroma .sd { color: #6e738d }
/* LiteralStringDouble */ .chroma .s2 { color: #a6da95 }
/* LiteralStringEscape */ .chroma .se { color: #8aadf4 }
/* LiteralStringHeredoc */ .chroma .sh { color: #6e738d }
/* LiteralStringInterpol */ .chroma .si { color: #a6da95 }
/* LiteralStringOther */ .chroma .sx { color: #a6da95 }
/* LiteralStringRegex */ .chroma .sr { color: #8bd5ca }
/* LiteralStringSingle */ .chroma .s1 { color: #a6da95 }
/* LiteralStringSymbol */ .chroma .ss { color: #a6da95 }
/* LiteralNumber */ .chroma .m { color: #f5a97f }
/* LiteralNumberBin */ .chroma .mb { color: #f5a97f }
/* LiteralNumberFloat */ .chroma .mf { color: #f5a97f }
/* LiteralNumberHex */ .chroma .mh { color: #f5a97f }
/* LiteralNumberInteger */ .chroma .mi { color: #f5a97f }
/* LiteralNumberIntegerLong */ .chroma .il { color: #f5a97f }
/* LiteralNumberOct */ .chroma .mo { color: #f5a97f }
/* Operator */ .chroma .o { color: #91d7e3; font-weight: bold }
/* OperatorWord */ .chroma .ow { color: #91d7e3; font-weight: bold }
/* Punctuation */ .chroma .p { }
/* Comment */ .chroma .c { color: #6e738d; font-style: italic }
/* CommentHashbang */ .chroma .ch { color: #6e738d; font-style: italic }
/* CommentMultiline */ .chroma .cm { color: #6e738d; font-style: italic }
/* CommentSingle */ .chroma .c1 { color: #6e738d; font-style: italic }
/* CommentSpecial */ .chroma .cs { color: #6e738d; font-style: italic }
/* CommentPreproc */ .chroma .cp { color: #6e738d; font-style: italic }
/* CommentPreprocFile */ .chroma .cpf { color: #6e738d; font-weight: bold; font-style: italic }
/* Generic */ .chroma .g { }
/* GenericDeleted */ .chroma .gd { color: #ed8796; background-color: #363a4f }
/* GenericEmph */ .chroma .ge { font-style: italic }
/* GenericError */ .chroma .gr { color: #ed8796 }
/* GenericHeading */ .chroma .gh { color: #f5a97f; font-weight: bold }
/* GenericInserted */ .chroma .gi { color: #a6da95; background-color: #363a4f }
/* GenericOutput */ .chroma .go { }
/* GenericPrompt */ .chroma .gp { }
/* GenericStrong */ .chroma .gs { font-weight: bold }
/* GenericSubheading */ .chroma .gu { color: #f5a97f; font-weight: bold }
/* GenericTraceback */ .chroma .gt { color: #ed8796 }
/* GenericUnderline */ .chroma .gl { text-decoration: underline }
/* TextWhitespace */ .chroma .w { }
website/themes/PaperMod/assets/js/fastsearch.js
-194
View File
@@ -1,194 +0,0 @@
import * as params from '@params';
const resList = document.getElementById('searchResults');
const sInput = document.getElementById('searchInput');
const searchBox = document.getElementById('searchbox');
let fuse;
let currentElement = null;
let firstResult = null;
let lastResult = null;
const defaultFuseOptions = {
distance: 100,
threshold: 0.4,
ignoreLocation: true,
keys: ['title', 'permalink', 'summary', 'content']
};
const buildFuseOptions = () => {
if (!params.fuseOpts) {
return defaultFuseOptions;
}
return {
isCaseSensitive: params.fuseOpts.iscasesensitive ?? false,
includeScore: params.fuseOpts.includescore ?? false,
includeMatches: params.fuseOpts.includematches ?? false,
minMatchCharLength: params.fuseOpts.minmatchcharlength ?? 1,
shouldSort: params.fuseOpts.shouldsort ?? true,
findAllMatches: params.fuseOpts.findallmatches ?? false,
keys: params.fuseOpts.keys ?? defaultFuseOptions.keys,
location: params.fuseOpts.location ?? 0,
threshold: params.fuseOpts.threshold ?? defaultFuseOptions.threshold,
distance: params.fuseOpts.distance ?? defaultFuseOptions.distance,
ignoreLocation: params.fuseOpts.ignorelocation ?? defaultFuseOptions.ignoreLocation
};
};
const debounce = (fn, delay) => {
let timeout;
return (...args) => {
clearTimeout(timeout);
timeout = window.setTimeout(() => fn(...args), delay);
};
};
const reset = () => {
currentElement = null;
firstResult = null;
lastResult = null;
resList.innerHTML = '';
sInput.value = '';
sInput.focus();
};
const setActiveResult = (element) => {
document.querySelectorAll('.focus').forEach((item) => item.classList.remove('focus'));
if (!element) {
return;
}
element.focus();
element.parentElement?.classList.add('focus');
currentElement = element;
};
const renderResults = (results) => {
if (!Array.isArray(results) || results.length === 0) {
resList.innerHTML = '';
firstResult = lastResult = currentElement = null;
return;
}
const fragment = document.createDocumentFragment();
for (const result of results) {
const li = document.createElement('li');
const titleText = document.createTextNode(result.item.title);
const svg = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
svg.setAttribute('width', '24');
svg.setAttribute('height', '24');
svg.setAttribute('viewBox', '0 0 24 24');
svg.setAttribute('fill', 'none');
svg.setAttribute('stroke', 'currentColor');
svg.setAttribute('stroke-width', '2');
svg.setAttribute('stroke-linecap', 'round');
svg.setAttribute('stroke-linejoin', 'round');
svg.classList.add('feather', 'feather-chevrons-right');
svg.innerHTML = '<polyline points="13 17 18 12 13 7"></polyline><polyline points="6 17 11 12 6 7"></polyline>';
const link = document.createElement('a');
link.className = 'entry-link';
link.href = result.item.permalink;
link.setAttribute('aria-label', result.item.title);
li.appendChild(titleText);
li.appendChild(svg);
li.appendChild(link);
fragment.appendChild(li);
}
resList.innerHTML = '';
resList.appendChild(fragment);
firstResult = resList.firstElementChild;
lastResult = resList.lastElementChild;
};
const performSearch = () => {
if (!fuse) {
return;
}
const query = sInput.value.trim();
if (!query) {
renderResults([]);
return;
}
const searchOptions = params.fuseOpts?.limit ? { limit: params.fuseOpts.limit } : undefined;
const results = searchOptions ? fuse.search(query, searchOptions) : fuse.search(query);
renderResults(results);
};
const initSearch = async () => {
if (!sInput || !resList) {
return;
}
sInput.disabled = false;
sInput.focus();
try {
const response = await fetch('../index.json');
if (!response.ok) {
throw new Error(`Search index load failed: ${response.status}`);
}
const data = await response.json();
if (data) {
fuse = new Fuse(data, buildFuseOptions());
}
} catch (error) {
console.error(error);
}
};
window.addEventListener('load', initSearch);
sInput?.addEventListener('input', debounce(performSearch, 150));
sInput?.addEventListener('search', () => {
if (!sInput.value) {
reset();
}
});
document.addEventListener('keydown', (event) => {
const { key } = event;
const active = document.activeElement;
const isInSearchBox = searchBox?.contains(active);
if (key === 'Escape') {
reset();
return;
}
if (!firstResult || !isInSearchBox) {
return;
}
if (key === 'ArrowDown') {
event.preventDefault();
if (active === sInput) {
setActiveResult(firstResult.querySelector('.entry-link'));
} else if (active?.parentElement !== lastResult) {
setActiveResult(active?.parentElement?.nextElementSibling?.querySelector('.entry-link'));
}
} else if (key === 'ArrowUp') {
event.preventDefault();
if (active?.parentElement === firstResult) {
setActiveResult(sInput);
} else if (active !== sInput) {
setActiveResult(active?.parentElement?.previousElementSibling?.querySelector('.entry-link'));
}
} else if (key === 'ArrowRight') {
if (active?.matches?.('.entry-link')) {
active.click();
}
}
});
website/themes/PaperMod/assets/js/fuse.basic.min.js
Vendored
-9
View File
File diff suppressed because one or more lines are too long
website/themes/PaperMod/assets/js/license.js
-6
View File
@@ -1,6 +0,0 @@
/*
PaperMod v8+
License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE
Copyright (c) 2020 nanxiaobei and adityatelange
Copyright (c) 2021-2026 adityatelange
*/
website/themes/PaperMod/go.mod
-3
View File
@@ -1,3 +0,0 @@
module github.com/adityatelange/hugo-PaperMod
go 1.16
website/themes/PaperMod/i18n/ar.yaml
-28
View File
@@ -1,28 +0,0 @@
- id: prev_page
translation: "السابق"
- id: next_page
translation: "التالي"
- id: read_time
translation:
one: "دقيقة واحدة"
two: "دقيقتان"
few: "بضع ثوان"
zero: "الآن"
other: "دقائق {{ .Count }}"
- id: toc
translation: "فهرس المحتوى"
- id: translations
translation: "ترجمات أخرى"
- id: home
translation: "الصفحة الرئيسية"
- id: code_copied
translation: "تم النسخ!"
- id: code_copy
translation: "نسخ الكود"
website/themes/PaperMod/i18n/be.yaml
-39
View File
@@ -1,39 +0,0 @@
- id: prev_page
translation: "Папярэдняя"
- id: next_page
translation: "Наступная"
- id: read_time
translation:
zero: "0 хвілін"
one: "1 хвіліна"
few: "{{ .Count }} хвіліны"
many: "{{ .Count }} хвілін"
other: "{{ .Count }} хвілін"
- id: words
translation:
zero: "няма слоў"
one: "1 слова"
few: "{{ .Count }} слова"
many: "{{ .Count }} слоў"
other: "{{ .Count }} слова"
- id: toc
translation: "Змест"
- id: translations
translation: "Пераклады"
- id: home
translation: "Галоўная"
- id: edit_post
translation: "Рэдагаваць"
- id: code_copy
translation: "капіяваць"
- id: code_copied
translation: "скапіявана!"
website/themes/PaperMod/i18n/bg.yaml
-16
View File
@@ -1,16 +0,0 @@
- id: prev_page
translation: "Предишна страница"
- id: next_page
translation: "Следваща страница"
- id: read_time
translation:
one : "1 мин"
other: "{{ .Count }} мин"
- id: toc
translation: "Съдържание"
- id: translations
translation: "Преводи"
website/themes/PaperMod/i18n/bn.yaml
-33
View File
@@ -1,33 +0,0 @@
- id: prev_page
translation: "পূর্ববর্তী"
- id: next_page
translation: "পরবর্তী"
- id: read_time
translation:
one : "১ মিনিট"
other: "{{ .Count }} মিনিট"
- id: words
translation:
one : "১ টি শব্দ"
other: "{{ .Count }} টি শব্দ"
- id: toc
translation: "সূচিপত্র"
- id: translations
translation: "অনুবাদসমূহ"
- id: home
translation: "হোম"
- id: edit_post
translation: "সম্পাদনা করুন"
- id: code_copy
translation: "কপি করুন"
- id: code_copied
translation: "কপি হয়েছে!"
website/themes/PaperMod/i18n/ca.yaml
-33
View File
@@ -1,33 +0,0 @@
- id: prev_page
translation: "Pàgina anterior"
- id: next_page
translation: "Pàgina següent"
- id: read_time
translation:
one : "1 minut"
other: "{{ .Count }} minuts"
- id: words
translation:
one : "paraula"
other: "{{ .Count }} paraules"
- id: toc
translation: "Taula de Continguts"
- id: translations
translation: "Traduccions"
- id: home
translation: "Inici"
- id: edit_post
translation: "Editar"
- id: code_copy
translation: "copiar"
- id: code_copied
translation: "copiat!"
website/themes/PaperMod/i18n/ckb.yaml
-25
View File
@@ -1,25 +0,0 @@
- id: prev_page
translation: "پەڕەی پێشتر"
- id: next_page
translation: "پەڕەی دواتر"
- id: read_time
translation:
one : "1 خولەک"
other: "{{ .Count }} خولەک"
- id: toc
translation: "پێڕست"
- id: translations
translation: "وەرگێڕانەکان"
- id: home
translation: "ماڵەوە"
- id: code_copy
translation: "لەبەری بگرەوە"
- id: code_copied
translation: "لەبەر گیرایەوە!"
website/themes/PaperMod/i18n/cs.yaml
-33
View File
@@ -1,33 +0,0 @@
- id: prev_page
translation: "Předchozí"
- id: next_page
translation: "Další"
- id: read_time
translation:
one : "1 min"
other: "{{ .Count }} min"
- id: words
translation:
one : "slovo"
other: "{{ .Count }} slov"
- id: toc
translation: "Obsah"
- id: translations
translation: "Překlady"
- id: home
translation: "Domů"
- id: edit_post
translation: "Upravit"
- id: code_copy
translation: "kopírovat"
- id: code_copied
translation: "zkopírováno!"
website/themes/PaperMod/i18n/da.yaml
-28
View File
@@ -1,28 +0,0 @@
- id: prev_page
translation: "Forrige Side"
- id: next_page
translation: "Næste Side"
- id: read_time
translation:
one: "1 min"
other: "{{ .Count }} min"
- id: toc
translation: "Indholdsfortegnelse"
- id: translations
translation: "Oversættelser"
- id: home
translation: "Start"
- id: edit_post
translation: "Rediger"
- id: code_copy
translation: "kopier"
- id: code_copied
translation: "kopieret!"
website/themes/PaperMod/i18n/de.yaml
-33
View File
@@ -1,33 +0,0 @@
- id: prev_page
translation: "Vorherige"
- id: next_page
translation: "Nächste"
- id: read_time
translation:
one: "1 Minute"
other: "{{ .Count }} Minuten"
- id: words
translation:
one : "Wort"
other: "{{ .Count }} Wörter"
- id: toc
translation: "Inhaltsverzeichnis"
- id: translations
translation: "Übersetzungen"
- id: home
translation: "Home"
- id: edit_post
translation: "Bearbeiten"
- id: code_copy
translation: "Kopieren"
- id: code_copied
translation: "Kopiert!"
website/themes/PaperMod/i18n/el.yaml
-33
View File
@@ -1,33 +0,0 @@
- id: prev_page
translation: "Προηγούμενο"
- id: next_page
translation: "Επόμενο"
- id: read_time
translation:
one: "1 λεπτό"
other: "{{ .Count }} λεπτά"
- id: words
translation:
one: "λέξη"
other: "{{ .Count }} λέξεις"
- id: toc
translation: "Πίνακας Περιεχομένων"
- id: translations
translation: "Μεταφράσεις"
- id: home
translation: "Αρχική"
- id: edit_post
translation: "Επεξεργασία"
- id: code_copy
translation: "αντιγραφή"
- id: code_copied
translation: "αντιγράφηκε!"
website/themes/PaperMod/i18n/en.yaml
-33
View File
@@ -1,33 +0,0 @@
- id: prev_page
translation: "Prev"
- id: next_page
translation: "Next"
- id: read_time
translation:
one : "1 min"
other: "{{ .Count }} min"
- id: words
translation:
one : "word"
other: "{{ .Count }} words"
- id: toc
translation: "Table of Contents"
- id: translations
translation: "Translations"
- id: home
translation: "Home"
- id: edit_post
translation: "Edit"
- id: code_copy
translation: "copy"
- id: code_copied
translation: "copied!"
website/themes/PaperMod/i18n/eo.yaml
-25
View File
@@ -1,25 +0,0 @@
- id: prev_page
translation: "antaŭa paĝo"
- id: next_page
translation: "sekva paĝo"
- id: read_time
translation:
one : "1 min"
other: "{{ .Count }} min"
- id: toc
translation: "Enhavo"
- id: translations
translation: "tradukoj"
- id: home
translation: "ĉefpaĝo"
- id: code_copy
translation: "kopii"
- id: code_copied
translation: "kopiite!"
website/themes/PaperMod/i18n/es.yaml
-33
View File
@@ -1,33 +0,0 @@
- id: prev_page
translation: "Anterior"
- id: next_page
translation: "Siguiente"
- id: read_time
translation:
one : "1 min"
other: "{{ .Count }} min"
- id: words
translation:
one : "palabra"
other: "{{ .Count }} palabras"
- id: toc
translation: "Tabla de Contenidos"
- id: translations
translation: "Traducciones"
- id: home
translation: "Inicio"
- id: edit_post
translation: "Editar"
- id: code_copy
translation: "copiar"
- id: code_copied
translation: "¡copiado!"

Some files were not shown because too many files have changed in this diff Show More