release: v2.0.0 (Decidim v0.27.4)

BREAKING CHANGE: release 2.0.0 and Decidim v0.27.4
OpenSourcePolitics · Feb 22, 2024 · 5766d21 · 5766d21
2 parents 0062dc6 + 7bc1f00
commit 5766d21
Show file tree

Hide file tree

Showing 739 changed files with 180,744 additions and 149,943 deletions.
diff --git a/.env-example b/.env-example
@@ -13,6 +13,18 @@ BACKUP_S3SYNC_ACCESS_KEY=
 BACKUP_S3SYNC_SECRET_KEY=
 BACKUP_S3SYNC_BUCKET=
 BACKUP_S3RETENTION_ENABLED=
+INITIATIVES_CREATION_ENABLED=
+INITIATIVES_SIMILARITY_THRESHOLD=
+INITIATIVES_SIMILARITY_LIMIT=
+INITIATIVES_MINIMUM_COMMITTEE_MEMBERS=
+INITIATIVES_DEFAULT_SIGNATURE_TIME_PERIOD_LENGTH=
+INITIATIVES_DEFAULT_COMPONENTS=
+INITIATIVES_FIRST_NOTIFICATION_PERCENTAGE=
+INITIATIVES_SECOND_NOTIFICATION_PERCENTAGE=
+INITIATIVES_STATS_CACHE_EXPIRATION_TIME=
+INITIATIVES_MAX_TIME_IN_VALIDATING_STATE=
+INITIATIVES_PRINT_ENABLED=
+INITIATIVES_DO_NOT_REQUIRE_AUTHORIZATION=
 SPAM_DETECTION_API_AUTH_TOKEN=
 SPAM_DETECTION_API_URL=
 SPAM_DETECTION_NAME=
@@ -48,5 +60,24 @@ TRANSLATOR_API_KEY=
 TRANSLATOR_HOST=
 TRANSLATOR_DELAY=0
 GALLERY_ANIMATION_ENABLE=0
+# Deactivate DEFACE when views are already precompiled
+# More information: https://github.com/spree/deface#production--precompiling
+DEFACE_ENABLED=false
+# Admin admin password configurations
+DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS=365
+DECIDIM_ADMIN_PASSWORD_MIN_LENGTH=15
+DECIDIM_ADMIN_PASSWORD_REPETITION_TIMES=5
+DECIDIM_ADMIN_PASSWORD_STRONG="false"
+# Puma server configuration
+# PUMA_MIN_THREADS=5
+# PUMA_MAX_THREADS=5
+# PUMA_WORKERS=0
+# PUMA_PRELOAD_APP=false
 
-RAILS_LOG_LEVEL=warn
+# RAILS_SESSION_STORE=active_record
+
+## Push notifications (enable when set)
+## Generate values with: bin/rails decidim:pwa:generate_vapid_keys
+# VAPID_PUBLIC_KEY
+# VAPID_PRIVATE_KEY
+RAILS_LOG_LEVEL=warn
diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
@@ -5,7 +5,7 @@ env:
   CI: "true"
   SIMPLECOV: "true"
   RSPEC_FORMAT: "documentation"
-  RUBY_VERSION: 2.7.5
+  RUBY_VERSION: 3.0.6
   RAILS_ENV: test
   NODE_VERSION: 16.9.1
   RUBYOPT: '-W:no-deprecated'
@@ -37,6 +37,22 @@ jobs:
         with:
           ruby_version: ${{ env.RUBY_VERSION }}
           node_version: ${{ env.NODE_VERSION }}
+  zeitwerk:
+    name: Check for Zeitwerk errors
+    runs-on: ubuntu-latest
+    if: "!startsWith(github.head_ref, 'chore/l10n')"
+    timeout-minutes: 60
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ env.RUBY_VERSION }}
+          bundler-cache: true
+      - name: Check for Zeitwerk errors
+        run: |
+          bundle exec rails zeitwerk:check
   tests:
     strategy:
       fail-fast: false
@@ -105,6 +121,7 @@ jobs:
           path: ./tmp/assets_manifest.json
   system_tests:
     strategy:
+      fail-fast: false
       matrix:
         slice: [ "0-4", "1-4", "2-4", "3-4" ]
     name: System tests
@@ -197,52 +214,12 @@ jobs:
           database_username: ${{ env.DATABASE_USERNAME }}
           database_password: ${{ env.DATABASE_PASSWORD }}
           database_host: ${{ env.DATABASE_HOST }}
-  deploy_develop:
-    if: "github.ref == 'refs/heads/develop'"
-    needs: [lint, tests, system_tests, test_build]
-    name: Deploy develop branch on develop instance
-    runs-on: ubuntu-latest
-    steps:
-      - name: Run Ansible playbook
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ secrets.ANSIBLE_HOST }}
-          username: ${{ secrets.ANSIBLE_USERNAME }}
-          key: ${{ secrets.ANSIBLE_KEY }}
-          port: ${{ secrets.SSH_PORT }}
-          script: ansible-playbook -u ${{ secrets.ANSIBLE_USERNAME }} --private-key="~/.ssh/ansible-deploy/ansible-deploy" -i /home/${{ secrets.ANSIBLE_USERNAME }}/ansible/decidim/inventories/develop.yml /home/${{ secrets.ANSIBLE_USERNAME }}/ansible/decidim/playbooks/update_decidim_app.yml
-  deploy_rc:
-    if: "github.ref == 'refs/heads/rc'"
-    needs: [lint, tests, system_tests, test_build]
-    name: Deploy rc branch on RC instance
-    runs-on: ubuntu-latest
-    steps:
-      - name: Run Ansible playbook
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ secrets.ANSIBLE_HOST }}
-          username: ${{ secrets.ANSIBLE_USERNAME }}
-          key: ${{ secrets.ANSIBLE_KEY }}
-          port: ${{ secrets.SSH_PORT }}
-          script: ansible-playbook -u ${{ secrets.ANSIBLE_USERNAME }} --private-key="~/.ssh/ansible-deploy/ansible-deploy" -i /home/${{ secrets.ANSIBLE_USERNAME }}/ansible/decidim/inventories/rc.yml /home/${{ secrets.ANSIBLE_USERNAME }}/ansible/decidim/playbooks/update_decidim_app.yml
-  deploy_staging:
-    if: "github.ref == 'refs/heads/master'"
-    needs: [lint, tests, system_tests, test_build]
-    name: Deploy staging branch on staging instance
-    runs-on: ubuntu-latest
-    steps:
-      - name: Run Ansible playbook
-        uses: appleboy/[email protected]
-        with:
-          host: ${{ secrets.ANSIBLE_HOST }}
-          username: ${{ secrets.ANSIBLE_USERNAME }}
-          key: ${{ secrets.ANSIBLE_KEY }}
-          port: ${{ secrets.SSH_PORT }}
-          script: ansible-playbook -u ${{ secrets.ANSIBLE_USERNAME }} --private-key="~/.ssh/ansible-deploy/ansible-deploy" -i /home/${{ secrets.ANSIBLE_USERNAME }}/ansible/decidim/inventories/staging.yml /home/${{ secrets.ANSIBLE_USERNAME }}/ansible/decidim/playbooks/update_decidim_app.yml
+          # We don't want to upload the image to the registry if the build fails, but we don't care when on a PR for speed reasons
+          push: ${{ github.ref != 'refs/heads/develop' || github.ref != 'refs/heads/master' }}
   build_and_push_image_dev:
-    name: Build and push image to Registry
     if: "github.ref == 'refs/heads/develop'"
-    needs: [lint, tests, system_tests, test_build]
+    name: Build and push image to Registry
+    needs: [ lint, zeitwerk, tests, system_tests, test_build ]
     runs-on: ubuntu-latest
     steps:
       - uses: OpenSourcePolitics/build-and-push-images-action@master
@@ -251,7 +228,7 @@ jobs:
           namespace: ${{ vars.REGISTRY_NAMESPACE }}
           password: ${{ secrets.TOKEN }}
           image_name: ${{ vars.IMAGE_NAME }}
-          tag: "develop"
+          tag: ${{ github.ref }}
   generate_release:
     name: Generate release
     needs: [lint, tests, system_tests, test_build]

diff --git a/.github/workflows/clean_dangling_images.yml b/.github/workflows/clean_dangling_images.yml
@@ -0,0 +1,17 @@
+name: Branch Deleted
+on: delete
+jobs:
+  clean_dangling_images:
+    if: github.event.ref_type == 'branch'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build and push Docker image
+        uses: OpenSourcePolitics/delete-images-action@master
+        with:
+          namespace: ${{ vars.REGISTRY_NAMESPACE }}
+          scw_access_key: ${{ secrets.ACCESS_TOKEN }}
+          scw_secret_key: ${{ secrets.TOKEN }}
+          scw_default_project_id: ${{ secrets.SCW_PROJECT_ID }}
+          scw_default_organization_id: ${{ secrets.SCW_ORGANIZATION_ID }}
+          image_name: ${{ vars.IMAGE_NAME }}
+          tag: ${{ github.event.ref }}
diff --git a/.github/workflows/deploy_production.yml b/.github/workflows/deploy_production.yml
@@ -4,7 +4,7 @@ on: [ workflow_dispatch ]
 env:
   CI: "true"
   SIMPLECOV: "true"
-  RUBY_VERSION: 2.7.5
+  RUBY_VERSION: 3.0.6
   RAILS_ENV: test
   NODE_VERSION: 16.9.1
   RUBYOPT: '-W:no-deprecated'

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -0,0 +1,27 @@
+# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '0 8 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'Stale issue message'
+        stale-pr-message: 'Stale pull request message'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'
diff --git a/.gitignore b/.gitignore
@@ -95,3 +95,8 @@ yarn-debug.log*
 .yarn-integrity
 .idea
 coverage/
+public/sw.js*
+app/compiled_views/
+certificate-https-local/
+
+.DS_Store
diff --git a/.rubocop_rails.yml b/.rubocop_rails.yml
@@ -94,6 +94,9 @@ Rails/Validation:
   Include:
     - app/models/**/*.rb
 
+Rails/CompactBlank:
+  Enabled: false
+
 Rails/BulkChangeTable:
   Exclude:
     - db/**/*

diff --git a/.rubocop_ruby.yml b/.rubocop_ruby.yml
@@ -16,6 +16,7 @@ AllCops:
     - "vendor/**/*"
     - "node_modules/**/*"
     - "db/schema.rb"
+    - "db/migrate/*.rb"
     - "bin/*"
   # Default formatter will be used if no -f/--format option is given.
   DefaultFormatter: progress
@@ -67,12 +68,7 @@ AllCops:
   # If a value is specified for TargetRubyVersion then it is used.
   # Else if .ruby-version exists and it contains an MRI version it is used.
   # Otherwise we fallback to the oldest officially supported Ruby version (2.0).
-  TargetRubyVersion: 2.7
-
-  RSpec:
-    Patterns:
-      - "(?:^|/)spec/"
-      - "(?:^|/)test/"
+  TargetRubyVersion: 3.0
 
 Lint/SafeNavigationChain:
   Exclude:
@@ -287,6 +283,9 @@ Style/HashEachMethods:
 Style/HashLikeCase:
   MinBranchesCount: 5
 
+Style/OpenStructUse:
+  Enabled: false
+
 # Indentation of `when`.
 Layout/CaseIndentation:
   EnforcedStyle: case
@@ -1272,10 +1271,11 @@ RSpec/NamedSubject:
   Enabled: false
 
 RSpec/RepeatedExampleGroupDescription:
-  Enabled: false
+  Enabled: true
 
 RSpec/RepeatedExampleGroupBody:
-  Enabled: false
+  Enabled: true
+
 RSpec/VerifiedDoubles:
   Enabled: false
 

diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-2.7.5
+3.0.6
diff --git a/Dockerfile b/Dockerfile
@@ -1,39 +1,56 @@
-FROM ruby:2.7.5
+FROM ruby:3.0.6-slim as builder
 
 ENV RAILS_ENV=production \
     SECRET_KEY_BASE=dummy
 
 WORKDIR /app
 
-# Install NodeJS
-RUN --mount=type=cache,target=/var/cache/apt \
+RUN apt-get update && \
+    apt-get -y install libpq-dev curl git libicu-dev build-essential && \
     curl https://deb.nodesource.com/setup_16.x | bash && \
-    apt install -y nodejs && \
-    apt update && \
-    npm install -g [email protected] && \
+    apt-get install -y nodejs  && \
     npm install --global yarn && \
-    apt install -y libicu-dev postgresql-client && \
-    gem install bundler:2.2.17 && \
-    rm -rf /var/lib/apt/lists/*
+    gem install bundler:2.4.9
 
 COPY Gemfile* ./
-RUN bundle config set --local without 'development test' && bundle install
+RUN bundle config set --local without 'development test' && \
+    bundle install -j"$(nproc)"
 
 COPY package* ./
 COPY yarn.lock .
 COPY packages packages
-RUN yarn install
+RUN yarn install --frozen-lockfile
 
 COPY . .
 
 RUN bundle exec bootsnap precompile --gemfile app/ lib/ config/ bin/ db/ && \
     bundle exec rails assets:precompile && \
     bundle exec rails deface:precompile
 
-# Configure endpoint.
-COPY ./entrypoint.sh /usr/bin/
-RUN chmod +x /usr/bin/entrypoint.sh
-ENTRYPOINT ["entrypoint.sh"]
-EXPOSE 3000
+RUN rm -rf node_modules tmp/cache vendor/bundle spec \
+    && rm -rf /usr/local/bundle/cache/*.gem \
+    && find /usr/local/bundle/gems/ -name "*.c" -delete \
+    && find /usr/local/bundle/gems/ -name "*.o" -delete \
+    && find /usr/local/bundle/gems/ -type d -name "spec" -prune -exec rm -rf {} \; \
+    && rm -rf log/*.log
+
+FROM ruby:3.0.6-slim as runner
+
+ENV RAILS_ENV=production \
+    SECRET_KEY_BASE=dummy \
+    RAILS_LOG_TO_STDOUT=true
+
+RUN apt update && \
+    apt install -y postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \
+    gem install bundler:2.4.9
 
+WORKDIR /app
+
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+COPY --from=builder /app /app
+
+ENV LD_PRELOAD="libjemalloc.so.2" \
+    MALLOC_CONF="background_thread:true,metadata_thp:auto,dirty_decay_ms:5000,muzzy_decay_ms:5000,narenas:2"
+
+EXPOSE 3000
 CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0"]