eeea952b55
Add a comment about the artefact collection
2026-05-20 15:24:19 +02:00
7834229784
Re-add DOCKER_METADATA_ANNOTATIONS_LEVELS to narrow annotations to the index
...
`docker buildx imagetools create --annotation manifest:KEY=VALUE` errors
out with "manifest annotations are not supported yet". metadata-action
defaults to emitting `manifest:` prefixed entries, so without an explicit
`DOCKER_METADATA_ANNOTATIONS_LEVELS: index` the finalize step blows up
the first time it sees a non-empty annotations list.
2026-05-20 15:22:56 +02:00
63deb0b1fd
Don't specify DOCKER_METADATA_ANNOTATIONS_LEVELS
...
We're injecting annotations manually anyway
2026-05-20 14:42:17 +02:00
d88db7deff
Simplify the injection of annotations in the final manifest
2026-05-20 14:41:53 +02:00
c2dc7c11a9
Split multi-arch Docker build into parallel jobs
...
- Modify Dockerfile to build single architecture based on TARGETARCH instead of cross-compiling both targets in one run
- Replace single build-image job with matrix job (amd64, arm64)
- Add finalize-image job that creates multi-arch manifests using `docker buildx imagetools create` and signs the final images
- Each architecture gets its own build cache
This enables parallel builds of each architecture, reducing total build time by running both simultaneously rather than sequentially.
2026-05-20 12:57:22 +02:00
750de33486
Push MAS docker images to Element OCI Registry ( #5459 )
2026-05-20 11:58:11 +02:00
6946e57ffd
Fix the release notes reference to the image
2026-05-20 10:58:01 +02:00
b9cddc84b6
Remove unused apalis dependabot config ( #5685 )
2026-05-20 10:57:12 +02:00
2d6176308d
Merge branch 'main' into hughns/apalis-dependabot
2026-05-20 10:45:24 +02:00
efb878e0a3
Increase dependabot interval from daily to monthly ( #5686 )
2026-05-20 10:44:51 +02:00
e833483070
Bump OCI login action to v4.1.0 to match the GHCR login
2026-05-20 10:44:20 +02:00
c52161d420
Merge remote-tracking branch 'origin/main' into devon/element-docker
2026-05-20 10:14:18 +02:00
bb6efd95b8
Fix the transformation of the Docker build metadata in CI ( #5683 )
2026-05-20 10:12:00 +02:00
815e9ef19a
Skip oci.element.io push on PR-labelled builds
...
Tailscale + Vault JWT auth needs a `push`-event OIDC token, so gate the
oci-push registry image and its login steps on `github.event_name == 'push'`.
PR-labelled builds (`Z-Build-Workflow`) push only to ghcr.io.
2026-05-20 09:50:18 +02:00
f0100c4fa8
Disable provenance in the metadata output
2026-05-20 09:34:26 +02:00
4e99e36f87
Automatic merge back to main ( #5690 )
2026-05-19 16:30:37 +02:00
3ab421191e
1.17.0
2026-05-19 14:19:56 +00:00
de3de3b169
Translations updates for v1.17 ( #5689 )
2026-05-19 15:17:15 +01:00
53557cb6cd
Merge branch 'release/v1.17' into actions/localazy-download/v1.17
2026-05-19 15:08:03 +01:00
e2771abd55
Bump lettre to mitigate RUSTSEC-2026-0141
...
This also bumps rustls-platform-verifier to avoid duplicated dependencies in the tree
2026-05-19 14:57:56 +01:00
eb58397b05
Translations updates
2026-05-19 13:46:32 +00:00
676e2fc75f
Increase dependabot interval from daily to monthly
2026-05-15 14:04:43 +01:00
5976430070
Remove unused apalis dependabot config
2026-05-15 14:00:53 +01:00
f6195402b1
Merge branch 'main' into quenting/fix-ci-bake-metadata
2026-05-15 13:51:35 +02:00
0b52a8573a
Bump lettre to appease cargo-deny on RUSTSEC-2026-0141 ( #5684 )
2026-05-15 13:51:16 +02:00
be444b5f1a
Bump lettre to mitigate RUSTSEC-2026-0141
...
This also bumps rustls-platform-verifier to avoid duplicated dependencies in the tree
2026-05-15 13:36:08 +02:00
f99f4f5fba
Fix the transformation of the Docker build metadata in CI
...
This broke in #5664 due to STEPS_BAKE_OUTPUTS_METADATA being too large
to be passed as an argument to a shell script.
This replaces the `jq` call with a javascript action which transforms
the output.
2026-05-15 13:29:55 +02:00
1cf0243d07
Fix TestState.reset() to retain mock homeserver in-memory state ( #5678 )
...
Spawning from https://github.com/element-hq/matrix-authentication-service/pull/5670#discussion_r3222243619
---------
Co-authored-by: Quentin Gliech <quenting@element.io >
2026-05-14 12:25:58 -05:00
1e84c6962a
Merge branch 'main' into madlittlemods/fix-test-state-reset
2026-05-13 15:56:14 -05:00
2fea1fee7c
Fix TestState.reset() to retain mock homeserver im-memory state
2026-05-13 15:43:27 -05:00
aecb172209
Add oauth.device_code_grant_enabled configuration option ( #5612 )
2026-05-13 21:40:02 +02:00
890042e6a9
Drop the device code grant type if it's disabled instead of rejecting the registration
2026-05-13 21:29:04 +02:00
566d67b76f
Harden the security of our GitHub Actions ( #5664 )
2026-05-13 15:08:17 +01:00
451761c39c
Note that clippy is synced to the Dockerfile Rust version
2026-05-13 12:50:21 +02:00
c69b4e0cc2
Correct STEPS_BAKE_OUTPUTS_METADATA line
...
Looks like this is an edge case in zizmor.
2026-05-13 12:49:06 +02:00
ea9f324e75
Use --override to set default toolchain
...
And remove now unnecessary rustup default calls.
2026-05-13 12:45:49 +02:00
49ad5c79e1
Use Rust 1.93.0 for clippy CI job
...
Revert from stable (1.95.0), which introduced new lints. We'll tackle those in a separate PR.
2026-05-13 10:58:26 +02:00
9841b24a0c
Revert 1.95.0 clippy lints
...
Let's do these in a separate PR.
2026-05-13 10:58:26 +02:00
9db7cf0aac
Document how to manually test login flows ( #5642 )
2026-05-12 15:52:53 -05:00
e91de1aeaf
Update policy violation screen when running into the session/device soft_limit in interactive contexts ( #5639 )
...
Interactive contexts like OAuth 2.0 authorization code grants, OAuth 2.0 device authorization grants, legacy `m.login.sso` compatibility login flow
We tell people to remove X number of devices and then try signing in again.
Part of https://github.com/element-hq/matrix-authentication-service/issues/4339 / https://github.com/element-hq/backend-internal/issues/199 tracking work to limit number of devices.
2026-05-12 12:15:25 -05:00
08c98ff6d2
Merge branch 'main' into madlittlemods/session-soft-limit-for-interactive-contexts
...
Conflicts:
translations/en.json
2026-05-12 11:44:21 -05:00
dcb3ae2560
Fix client linking to none on policy violation screen ( #5667 )
...
Fix client linking to `none` on policy violation screen. This happened when the there is no `client_uri` configured.
`config.yaml`
```yaml
clients:
- client_id: 00000000000000000000SEC0ND
client_name: "my-test-client"
client_auth_method: none
```
Before:
```
<a target="_blank" href="none" class="cpd-link" data-kind="primary">my-test-client</a>
```
After (plain text):
```
my-test-client
```
---
Updated with the following rules:
- Only link with `client.client_uri`
- Use `{% set client_display_name = client.client_name or client.client_id %}` for text
- Use `{% set client_display_uri = ((client.client_uri or "") | simplify_url) or "<no client_uri provided>" %}` where we want to display the URI as text
2026-05-12 11:23:11 -05:00
3e310a4fc1
Merge branch 'madlittlemods/doc-manual-testing-login-flows' of github.com:element-hq/matrix-authentication-service into madlittlemods/doc-manual-testing-login-flows
2026-05-12 11:10:22 -05:00
184f946611
Link misc/device-code-grant.sh
2026-05-12 11:08:59 -05:00
d179584221
Link areweoidcyet.com
2026-05-12 11:05:23 -05:00
2657db9e5d
Merge branch 'main' into madlittlemods/doc-manual-testing-login-flows
2026-05-12 10:54:34 -05:00
80ae3db491
Merge branch 'main' into madlittlemods/fix-client-uri-on-policy-violation-screen
...
Conflicts:
translations/en.json
2026-05-07 20:08:06 -05:00
94d73ef3c6
Automatic changes
2026-05-07 20:05:25 -05:00
31e4f22e5a
Remove redundant comments
...
(we no longer deal with the `grant` at all to care about explaining)
2026-05-07 19:57:24 -05:00
4140e83be6
Simplify to only use client_uri
2026-05-07 19:55:29 -05:00
Quentin Gliech