WIP: Release/3.0.0#251
Draft
tuj wants to merge 552 commits into
Draft
Conversation
4 tasks
Release 3.0.0 - replace abandoned dependencies (lodash, react-quill)
…26-01-05 Align release/3.0.0 branch with changes to develop.
…t-variable-names Align environment variable names
Applied changes from release/2.7.0 (admin and templates) to release/3.0.0
Release 3.0.0-rc1
The node compose service ran as root, leaving root-owned files in the bind-mounted node_modules/. The runner-side Cleanup before packaging step then could not rm them and the release was never created. - Add overridable user to the node service (defaults to root so local-dev behavior is unchanged). - Set COMPOSE_NODE_USER to the runner UID:GID and pass HOME=/tmp so npm can write its cache when not running as root. - Align .dockerignore with the workflow's cleanup list (phpstan-baseline.neon, /playwright/). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…-permissions Fix Create Github Release workflow node_modules permissions
The 3.0.0-rc1 image rebuild changed WORKDIR from /app to /var/www/html. That silently broke every existing 2.x deployment: the deploy compose mounts ./jwt:/app/config/jwt, so the Lexik JWT keys land in a path the app no longer reads, and login fails on the first OIDC token exchange with a JWTEncodeFailureException at runtime — no startup error. Restoring /app aligns the published image with 2.x, with the local docker-compose.yml / docker-compose.override.yml (already on /app), and with the os2display-docker-server-v3 deploy compose. Existing JWT and media volume mounts work without compose changes on upgrade. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…result when no locationEndpoint is set
Fixed Calendar and Colibo feed configuration urls
The committed .env defaults APP_ENV to dev for local development, but the API image only ships prod dependencies (composer install --no-dev). Tooling that reads .env directly without our docker-entrypoint.sh would bootstrap a dev environment that can't resolve its services. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix: rewrite APP_ENV to prod in baked-in .env
- Replace deprecated LABEL maintainer with org.opencontainers.image.authors.
- Add org.opencontainers.image.{vendor,documentation,base.name} in both
Dockerfiles' final stages — these aren't emitted by docker/metadata-action.
- Drop redundant LABEL maintainer from builder stages (only the final FROM's
labels reach the published image).
- Override the Nginx image's title/description in build-images.yml so it
stops inheriting the source-repo defaults; metadata-action's --label
flags win over Dockerfile LABELs, hence the workflow rather than the
Dockerfile.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…age/support
The repository ships under the Mozilla Public License 2.0 (see `LICENSE`)
but `composer.json` still declared `proprietary` — wrong for a published
open-source project and contradicts the bundled license file. Switching to
the SPDX identifier `MPL-2.0` aligns the package metadata with reality.
Also fills in two adjacent fields that downstream tooling (Composer,
Packagist, GitHub dependency graph, SBOM generators) expects on a public
project:
- `homepage` — points at the canonical repo
- `support.issues` / `support.source` — the GitHub issue tracker and
source URL, used by `composer support` and surfaced in dependency
listings
`authors` and `keywords` are intentionally left out — both want input on
who/what to list and were not the immediate gap.
Verified with `composer validate --strict` (green) and `composer normalize
--dry-run` (already normalised).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Redis 8 GA'd 2025-05 (back to OSI-approved AGPLv3 licensing) and ships
RedisJSON / RediSearch / RedisTimeSeries / RedisBloom in-tree.
No Symfony / phpredis changes needed:
- symfony/cache 6.4 RedisTrait only checks `redis_version >= 2.8` (SCAN)
and `>= 4.0` (UNLINK); Redis 8 satisfies both.
- itkdev/php8.4-fpm ships phpredis 6.3, which fully supports Redis 8.
- DSN format and `--maxmemory{,-policy}` flags are unchanged.
Verified locally: stack boots on `redis:8.6.3`, all six redis-backed
cache pools clear cleanly via `cache:pool:clear`, full PHPUnit suite
(143 tests, 607 assertions) passes.
Production deployments are unaffected — operators bring their own Redis;
this only touches `docker-compose.override.yml`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
chore: bump local dev redis image to redis:8
framework.session.handler_id now reads from SESSION_HANDLER_DSN, which defaults to the existing REDIS_CACHE_DSN so dev (and prod that has Redis available) gets Redis-backed sessions out of the box. Operators can set SESSION_HANDLER_DSN= (empty) to fall back to PHP's native file handler. Why move: - Removes the per-session flock that serialises parallel session-touching requests on the file handler (visible as inconsistent tail latency when the React admin fires concurrent fetches). - Sessions survive container restarts without mounting /tmp as a volume. - Multi-pod deployments share session state without sticky routing — the OIDC handshake works regardless of which pod handles the callback. The new RedisSessionHandler is auto-built by Symfony from the DSN; it prefixes keys with `sf_s` so they don't collide with cache keys on the same Redis DB. when@test forces handler_id back to null, since MockFileSessionStorage doesn't go through a handler and we don't want the test container to compile a Redis handler against an env that may not point at a reachable Redis. Verified locally: HTTP request to /v2/authentication/oidc/urls writes a `sf_s<id>` key into Redis; full PHPUnit suite (143 tests, 607 assertions) passes with redis DBSIZE=0 after, confirming the test override works. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous rebase commit silently committed CHANGELOG.md with `<<<<<<<` / `=======` / `>>>>>>>` markers still in place — the Edit that resolved them lost a race against the git rebase tooling touching the same file, but `git add CHANGELOG.md` accepted the broken bytes and `git rebase --continue` succeeded. CI's markdownlint job (MD032) caught it. Both bullets are kept. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
feat: move Symfony sessions to Redis, env-configurable
- docker-compose.yml: pin local default to upstream `mariadb:11.4` (LTS until 2029-05); override via `MARIADB_IMAGE`. Drops the unused `ENCRYPT=1` toggle that only existed on the itkdev/mariadb wrapper. - .env / .env.test: parametrize Doctrine `serverVersion` via `MARIADB_VERSION` (default `11.4.4-MariaDB`). Also fixes the prior inconsistency where .env claimed `10.11.5-MariaDB` and .env.test claimed the EOL `mariadb-10.5.13`. - phpunit.yaml + doctrine.yaml: matrix-test on `mariadb:10.11` (LTS until 2028-02) and `mariadb:11.4`. `fail-fast: false` so a regression on one major doesn't mask the other. Both jobs are renamed to `... (matrix.mariadb.image)` for clarity in the Checks tab. - README: document `MARIADB_IMAGE` / `MARIADB_VERSION` overrides. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous arrangement put MARIADB_VERSION directly above DATABASE_URL with no intervening comment, which fails scripts/check-env-coverage.sh's "every variable in .env has a preceding description comment" rule. Move MARIADB_VERSION (with its own comment block) above the DATABASE_URL comment block so both variables retain a comment immediately above them. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
feat: support MariaDB 10 and 11; default local to 11 LTS, matrix CI
…reen-text feat: configurable login screen text
fix: align composer.json license with LICENSE (MPL-2.0)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Link to issue
#249
Description
Release 3.0.0