From cac14626aab419bc6629e2109712247eb71d7f9f Mon Sep 17 00:00:00 2001 From: Benjamin Date: Fri, 13 Jun 2025 15:50:40 -0400 Subject: [PATCH 01/10] Make changes --- .gitlab-ci.yml | 10 ++-------- package.json | 2 +- pnpm-lock.yaml | 2 +- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d465e38ba..fd9aab2a4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -38,20 +38,14 @@ check: fi script: - start_section "Install Dependencies" - # temporarily replace FontAwesomePro dependency with its fake version as the CI can’t access it - # the name needs to be changed in both package.json and pnpm-lock.yaml - - 'sed -i "s/git+ssh:\/\/git@gitlab.com:Avris\/FontAwesomePro.git/git+https:\/\/gitlab.com\/Avris\/FakeFontAwesomePro.git/" package.json pnpm-lock.yaml' - # the referenced SHA needs to be additionally changed in pnpm-lock.yaml - - 'sed -i "s/git@gitlab.com+Avris\/FontAwesomePro\/f00db606f659dca78b143b7bcab5671b2cb459a8/gitlab.com\/Avris\/FakeFontAwesomePro\/0d322c775cbe9bf99da261700be30251291b51a8/" pnpm-lock.yaml' - - 'sed -i "s/resolution: {commit: f00db606f659dca78b143b7bcab5671b2cb459a8, repo: git@gitlab.com:Avris\/FontAwesomePro.git, type: git}/resolution: { tarball: https:\/\/gitlab.com\/api\/v4\/projects\/Avris%2FFakeFontAwesomePro\/repository\/archive.tar.gz?sha=0d322c775cbe9bf99da261700be30251291b51a8 }/" pnpm-lock.yaml' + - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" > ~/.git-credentials + - git config set --global credential.helper store - corepack enable pnpm - pnpm install || record_failure - end_section - start_section "Setup environment" - make install || record_failure - # revert the changes for the FontAwesomePro dependency only now because `make install` calls `pnpm install` - - git restore package.json pnpm-lock.yaml - end_section - start_section "Type checking" diff --git a/package.json b/package.json index d84116cef..760e6a9cb 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "@aws-sdk/client-polly": "^3.525.0", "@aws-sdk/client-s3": "^3.525.0", "@floating-ui/vue": "^1.1.5", - "@fortawesome/fontawesome-pro": "git+ssh://git@gitlab.com:Avris/FontAwesomePro.git", + "@fortawesome/fontawesome-pro": "https://gitlab.com/Avris/FontAwesomePro", "@sentry/browser": "^7.109.0", "@sentry/cli": "^2.31.0", "@sentry/node": "^7.109.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0f218089c..fbc78cd7d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -21,7 +21,7 @@ importers: specifier: ^1.1.5 version: 1.1.5(vue@3.5.16(typescript@5.8.3)) '@fortawesome/fontawesome-pro': - specifier: git+ssh://git@gitlab.com:Avris/FontAwesomePro.git + specifier: https://gitlab.com/Avris/FontAwesomePro version: git+https://git@gitlab.com:Avris/FontAwesomePro.git#f00db606f659dca78b143b7bcab5671b2cb459a8 '@sentry/browser': specifier: ^7.109.0 From b4604e580d54bc30e718deb8f080b91790736ff2 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Sat, 14 Jun 2025 14:28:11 -0400 Subject: [PATCH 02/10] try and fix git --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fd9aab2a4..33f2e47e6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -39,7 +39,7 @@ check: script: - start_section "Install Dependencies" - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" > ~/.git-credentials - - git config set --global credential.helper store + - git config --global credential.helper store - corepack enable pnpm - pnpm install || record_failure - end_section From 36d63d1e1d2212a240194d434fd56241cc5dbe0b Mon Sep 17 00:00:00 2001 From: Benjamin Date: Sat, 14 Jun 2025 21:39:32 -0400 Subject: [PATCH 03/10] update readme to show the changes made and reduce un-needed steps used in the pipeline --- .gitlab-ci.yml | 9 ++------- README.md | 4 ++-- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 33f2e47e6..660899656 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -37,14 +37,10 @@ check: apt-get install build-essential libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev -y fi script: - - start_section "Install Dependencies" + - start_section "Install Dependencies & Setup Environment" - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" > ~/.git-credentials - git config --global credential.helper store - corepack enable pnpm - - pnpm install || record_failure - - end_section - - - start_section "Setup environment" - make install || record_failure - end_section @@ -53,8 +49,7 @@ check: - end_section - start_section "Unit Tests" - - > - pnpm vitest --reporter=default --reporter=junit --outputFile=junit.xml --coverage || record_failure + - pnpm vitest --reporter=default --reporter=junit --outputFile=junit.xml --coverage || record_failure - end_section - start_section "Check linting rules" diff --git a/README.md b/README.md index ccde2b433..680dcf670 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ We're using FontAwesome Pro, so to set up a local copy without having a FA licen open `package.json` and replace ``` -"@fortawesome/fontawesome-pro": "git+ssh://git@gitlab.com:Avris/FontAwesomePro.git", +"@fortawesome/fontawesome-pro": "https://gitlab.com/Avris/FontAwesomePro", ``` with @@ -26,7 +26,7 @@ with or, for Git via HTTPS: ``` -"@fortawesome/fontawesome-pro": "git+https://git@gitlab.com/Avris/FakeFontAwesomePro.git", +"@fortawesome/fontawesome-pro": "https://gitlab.com/Avris/FakeFontAwesomePro", ``` Do not commit that change! From 00d08ed5c373d96f2ebc8d07209aa2d1f0d15b70 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Sun, 15 Jun 2025 11:42:56 -0400 Subject: [PATCH 04/10] enable additional checks --- .gitlab-ci.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 660899656..0da328ca4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -203,7 +203,12 @@ deploy test/purple: ENVIRONMENT_INSTANCE: 'purple' ENVIRONMENT_DOMAIN: 'test-purple.pronouns.page' -# include: -# - template: Security/Dependency-Scanning.gitlab-ci.yml +include: + - template: Jobs/Dependency-Scanning.gitlab-ci.yml + - template: Jobs/SAST.gitlab-ci.yml + +variables: + AST_ENABLE_MR_PIPELINES: "true" + # # Pending resolution of: https://gitlab.com/PronounsPage/PronounsPage/-/merge_requests/453#note_1911466136 From 9d998162329abb40bc5d975b9fe8e071968fe28d Mon Sep 17 00:00:00 2001 From: Benjamin Date: Sun, 15 Jun 2025 11:49:09 -0400 Subject: [PATCH 05/10] (lint) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0da328ca4..8c7188e5a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -208,7 +208,7 @@ include: - template: Jobs/SAST.gitlab-ci.yml variables: - AST_ENABLE_MR_PIPELINES: "true" + AST_ENABLE_MR_PIPELINES: 'true' # # Pending resolution of: https://gitlab.com/PronounsPage/PronounsPage/-/merge_requests/453#note_1911466136 From 85c1f2638ebdc2a7c3916394f962fc1e760c3d4c Mon Sep 17 00:00:00 2001 From: Benjamin Date: Sun, 15 Jun 2025 12:12:53 -0400 Subject: [PATCH 06/10] remove SAST --- .gitlab-ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8c7188e5a..758e1b4bf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -205,10 +205,8 @@ deploy test/purple: include: - template: Jobs/Dependency-Scanning.gitlab-ci.yml - - template: Jobs/SAST.gitlab-ci.yml variables: AST_ENABLE_MR_PIPELINES: 'true' -# # Pending resolution of: https://gitlab.com/PronounsPage/PronounsPage/-/merge_requests/453#note_1911466136 From 6923f8ba44d856610bcfc29c4004f8f206e1d7b2 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 19 Jun 2025 18:01:04 -0400 Subject: [PATCH 07/10] (ci) Fix Dependency Scanning --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 758e1b4bf..acf099c9d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -207,6 +207,6 @@ include: - template: Jobs/Dependency-Scanning.gitlab-ci.yml variables: - AST_ENABLE_MR_PIPELINES: 'true' - -# Pending resolution of: https://gitlab.com/PronounsPage/PronounsPage/-/merge_requests/453#note_1911466136 + AST_ENABLE_MR_PIPELINES: true + DS_EXCLUDED_ANALYZERS: gemnasium-python + DS_MAX_DEPTH: 4 From d7a04436bf3b881c6644b2fb3cf66272c645fa3e Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 19 Jun 2025 18:23:01 -0400 Subject: [PATCH 08/10] (ci) add more security pipelines --- .gitlab-ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index acf099c9d..b6434da0f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -204,9 +204,14 @@ deploy test/purple: ENVIRONMENT_DOMAIN: 'test-purple.pronouns.page' include: + - template: Jobs/Secret-Detection.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml - template: Jobs/Dependency-Scanning.gitlab-ci.yml + - template: Jobs/SAST.gitlab-ci.yml + - template: Jobs/SAST-IaC.gitlab-ci.yml variables: AST_ENABLE_MR_PIPELINES: true DS_EXCLUDED_ANALYZERS: gemnasium-python DS_MAX_DEPTH: 4 + CS_QUIET: true From 434f20d8965ec85176537180b77b84c9c25a9664 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 19 Jun 2025 18:43:47 -0400 Subject: [PATCH 09/10] (ci) Disable Container Scanning Container Scanning requires OS image(s) to specifically be specified. Until proper ones are able to be identified, this should remain disabled --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b6434da0f..97495a46b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -205,7 +205,7 @@ deploy test/purple: include: - template: Jobs/Secret-Detection.gitlab-ci.yml - - template: Jobs/Container-Scanning.gitlab-ci.yml + # - template: Jobs/Container-Scanning.gitlab-ci.yml --- TODO: Configure Images - template: Jobs/Dependency-Scanning.gitlab-ci.yml - template: Jobs/SAST.gitlab-ci.yml - template: Jobs/SAST-IaC.gitlab-ci.yml From 10a3ca10b17fc06f021c7d15db9fd863093d8be1 Mon Sep 17 00:00:00 2001 From: fo contributors Date: Fri, 20 Jun 2025 14:19:25 +0200 Subject: [PATCH 10/10] (fo)(trans) --- locale/fo/translations.suml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/locale/fo/translations.suml b/locale/fo/translations.suml index cc3ffc43c..4824e1e93 100644 --- a/locale/fo/translations.suml +++ b/locale/fo/translations.suml @@ -1036,7 +1036,7 @@ profile: duplicateDescription: 'Lýsingin má vera øðrvísi enn arðar' invalidOpinion: 'Valdað ímyndin var ikki at finna í frágreiðingini omanfyri' kys: 'Okkara tænastutreytir banna at eggja til sjálvskaða og/ella sjálvmorð. ' - custom: 'Sergjørd, lagt afturat av:' + custom: 'Sergjørd, lagt afturat av brúkarinum:' expendableList: more: '… og %count% fleiri lutir' show: '(trýst fyri at vísa)' @@ -1494,7 +1494,7 @@ mode: automatic: 'Sjálvvirkandi' dark: 'Myrkt tema' accessibility: 'Atkomuligheitsinnstillingar' - reducedColours: 'Minkaðir litir' + reducedColours: 'Kámari litir' reducedItems: 'Minkað tal av vístum lutum' ban: