Release OpenProject 13.2.1

.github/workflows/codeql-scan-core.yml

@@ -1,35 +1,43 @@
 name: codeql
 
 on:
+  push:
+    branches: [ "dev", "release/*", "stable/*" ]
   pull_request:
-    branches:
-      - dev
-      - release/*
+    branches: [ "dev", "release/*", "stable/*" ]
   schedule:
-    - cron: '55 5 * * 1-5'
+    - cron: '32 1 * * 2'
 
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: 'ubuntu-latest'
+    timeout-minutes: 120
     permissions:
+      # required for all workflows
+      security-events: write
+
+      # only required for workflows in private repositories
       actions: read
       contents: read
-      security-events: write
 
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript', 'ruby' ]
+        language: [ 'javascript-typescript', 'ruby' ]
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          queries: security-extended,security-and-quality
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/docker.yml

@@ -10,8 +10,8 @@ on:
       - v*
   workflow_dispatch:
     inputs:
-      version:
-        description: "The version to release. Note that this happens by default on the tag push. Only run this action when something went wrong!"
+      tag:
+        description: "The tag to release. Note that this happens by default on the tag push. Only run this action when something went wrong!"
         required: true
 
 permissions:
@@ -23,7 +23,7 @@ env:
 jobs:
   build:
     if: github.repository == 'opf/openproject'
-    runs-on: ubuntu-latest
+    runs-on: [ self-hosted, aws, ubuntu22, x64, 2XL ]
     strategy:
       matrix:
         include:
@@ -33,17 +33,32 @@ jobs:
             target: slim
           - platform: linux/amd64
             target: all-in-one
+          - platform: linux/ppc64le
+            bim_support: false
+            target: all-in-one
           - platform: linux/arm64/v8
             bim_support: false
             target: all-in-one
     steps:
+      - name: Extract version
+        id: extract_version
+        run: |
+          if [[ ${{ github.event_name }} == 'push' ]]; then
+            TAG_REF=${GITHUB_REF#refs/tags/}
+          elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
+            TAG_REF=${{ inputs.tag }}
+          fi
+          
+          VERSION=${TAG_REF#v}
+          echo "Version: $VERSION"
+          echo "::set-output name=version::$VERSION"
       - name: Checkout current release
         if: ${{ github.event_name == 'push' }}
         uses: actions/checkout@v3
       - name: Checkout specific version
         if: ${{ github.event_name != 'push' }}
         with:
-          ref: ${{ inputs.version }}
+          ref: ${{ inputs.tag }}
         uses: actions/checkout@v3
       - name: Prepare docker files
         run: |
@@ -62,6 +77,8 @@ jobs:
         id: meta
         uses: docker/metadata-action@v4
         with:
+          tags: |
+            type=semver,pattern={{version}},value=${{ steps.extract_version.outputs.version }}
           images: |
             ${{ env.REGISTRY_IMAGE }}
       - name: Build image
@@ -142,13 +159,17 @@ jobs:
         uses: docker/metadata-action@v4
         with:
           images: ${{ env.REGISTRY_IMAGE }}
+          labels: |
+            io.artifacthub.package.readme-url="https://www.openproject.org/docs/installation-and-operations/installation/docker/"
+            org.opencontainers.image.documentation="https://www.openproject.org/docs/"
+            org.opencontainers.image.vendor="OpenProject GmbH"
           flavor: |
             latest=false
             suffix=${{ steps.set_suffix.outputs.suffix }}
           tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
+            type=semver,pattern={{version}},value=${{ steps.extract_version.outputs.version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ steps.extract_version.outputs.version }}
+            type=semver,pattern={{major}},value=${{ steps.extract_version.outputs.version }}
             type=raw,value=dev,priority=200,enable={{is_default_branch}}
       - name: Login to Docker Hub
         uses: docker/login-action@v2

README.md

@@ -62,10 +62,6 @@ See [COPYRIGHT](COPYRIGHT) and [LICENSE](LICENSE) files for details.
 
 Thanks to Vincent Le Moign and his fabulous Minicons icons on [webalys.com](http://www.webalys.com/minicons/icons-free-pack.php).
 
-### Lato Font
-
-Thanks to Łukasz Dziedzic (aka "tyPoland") for his 'Lato' font.
-
 ### OpenProject icon font
 Published and created by the OpenProject Foundation (OPF) under [Creative Commons Attribution 3.0 Unported License](http://creativecommons.org/licenses/by/3.0/)
 with icons from the following sources

app/controllers/work_packages/bulk_controller.rb

@@ -85,9 +85,13 @@ def destroy
 
   def setup_edit
     @available_statuses = @projects.map { |p| Workflow.available_statuses(p) }.inject(&:&)
-    @custom_fields = @projects.map(&:all_work_package_custom_fields).inject(&:&)
     @assignables = @responsibles = Principal.possible_assignee(@projects)
     @types = @projects.map(&:types).inject(&:&)
+
+    # Display only the custom fields that are enabled on the projects and on types too.
+    @custom_fields =
+      @projects.map(&:all_work_package_custom_fields).inject(&:&) &
+      WorkPackageCustomField.joins(:types).where(types: @types)
   end
 
   def destroy_work_packages(work_packages)

app/models/queries/operators/concerns/contains_all_values.rb

@@ -35,7 +35,7 @@ def sql_for_field(values, db_table, db_field)
         values
           .first
           .split(/\s+/)
-          .map { |substr| "#{db_table}.#{db_field} ILIKE '%#{connection.quote_string(substr)}%'" }
+          .map { |token| "#{db_table}.#{db_field} ILIKE '%#{OpenProject::SqlSanitization.quoted_sanitized_sql_like(token)}%'" }
           .join(' AND ')
       end
     end

app/models/work_package/pdf_export/markdown.rb

@@ -91,7 +91,7 @@ def handle_unknown_html_tag(_tag, _node, opts)
     end
 
     def warn(text, element, node)
-      Rails.logger.warn "PDF-Export: #{text}\nGot #{element} at #{node.sourcepos.inspect}\n\n"
+      Rails.logger.warn "PDF-Export: #{text}\nGot #{element} at #{node.source_position.inspect}\n\n"
     end
   end
 

app/services/copy/dependency.rb

@@ -84,6 +84,8 @@ def perform(params:)
         copy_dependency(params:)
       rescue StandardError => e
         Rails.logger.error { "Failed to copy dependency #{self.class.identifier}: #{e.message}" }
+        ::OpenProject.logger.error e
+
         result.success = false
         result.errors.add(:base, :could_not_be_copied, dependency: self.class.human_name)
       end

app/services/users/login_service.rb

@@ -48,9 +48,9 @@ def call!
         User.current = user
 
         set_autologin_cookie if autologin_requested
-
-        successful_login
       end
+
+      successful_login
     end
 
     private

app/services/work_packages/set_attributes_service.rb

@@ -313,6 +313,8 @@ def reassign_type
     return if available_types.include?(work_package.type) && work_package.type
 
     work_package.type = available_types.first
+    update_duration
+    unify_milestone_dates
 
     reassign_status assignable_statuses
   end

app/services/work_packages/shared/update_ancestors.rb

@@ -51,8 +51,13 @@ def update_ancestors_all_attributes(work_packages)
       end
 
       def update_each_ancestor(work_packages, changes)
-        work_packages.map do |wp|
-          inherit_to_ancestors(wp, changes)
+        updated_work_package_ids = Set.new
+        work_packages.filter_map do |wp|
+          next if updated_work_package_ids.include?(wp.id)
+
+          result = inherit_to_ancestors(wp, changes)
+          updated_work_package_ids = updated_work_package_ids.merge(result.all_results.map(&:id))
+          result
         end
       end
 

app/views/versions/_overview.html.erb

@@ -54,7 +54,9 @@ See COPYRIGHT and LICENSE files for more details.
 <% end %>
 
 <% if version.work_packages.count > 0 %>
-  <%= progress_bar([version.closed_percent, version.completed_percent], width: '40%', legend: ('%0.0f' % version.completed_percent)) %>
+  <% closed = version.closed_percent %>
+  <% done = version.completed_percent - closed %>
+  <%= progress_bar([closed, done], width: '40%', legend: ('%0.0f' % version.completed_percent)) %>
   <p class="progress-info">
     <%= link_to_if(version.closed_issues_count > 0,
                    t(:label_x_closed_work_packages_abbr, count: version.closed_issues_count),