It is in the nature of our application that errors may occur in rapid
succession if anything in the packet processing path fails. Most of the
time, these repeated errors don't add any additional information so
reporting one of them to Sentry is more than enough.
To achieve this, we add a `before_send` callback that utilizes a
concurrent cache with an upper bound of 10000 items and a TTL of 5
minutes. In other words, if we have submitted an event to Sentry that
had the exact same message in the last 5 minutes, we will not send it.
Internally, `moka` uses a concurrent hash map and therefore, the key is
hashed and not actually stored. Hash codes are u64, meaning the memory
footprint of this cache is only ~ 64kb (not accounting for constant
overhead of the cache internals).
These don't happen very often so are safe to log on INFO. That is the
default log level and it is useful to see, why we are re-connecting to
the portal.
It appears that the code generation in our `build.rs` generates the code
with different formatting and this therefore constantly shows up as
untracked changes in my editor.
Bumps the windows group in /rust with 1 update:
[windows](https://github.com/microsoft/windows-rs).
Updates `windows` from 0.61.1 to 0.61.3
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/microsoft/windows-rs/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.101 to 2.0.103.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/syn/releases">syn's
releases</a>.</em></p>
<blockquote>
<h2>2.0.103</h2>
<ul>
<li>Insert parentheses around binary operation with attribute (<a
href="https://redirect.github.com/dtolnay/syn/issues/1871">#1871</a>)</li>
</ul>
<h2>2.0.102</h2>
<ul>
<li>Fix printing of nested Expr::Index and Expr::Tuple in non-full mode
(<a
href="https://redirect.github.com/dtolnay/syn/issues/1869">#1869</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="85d427679f"><code>85d4276</code></a>
Release 2.0.103</li>
<li><a
href="6f7b0f39b3"><code>6f7b0f3</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/syn/issues/1871">#1871</a>
from dtolnay/binaryattr</li>
<li><a
href="89f88facd1"><code>89f88fa</code></a>
Correctly track bailouts in parenthesized binary expressions</li>
<li><a
href="0e07372e40"><code>0e07372</code></a>
Add binary operator attribute bailout test</li>
<li><a
href="ca8d876bde"><code>ca8d876</code></a>
Insert parentheses around binary operation with attribute</li>
<li><a
href="5be0f7121f"><code>5be0f71</code></a>
Add binary operator attribute tests</li>
<li><a
href="026bb3cf32"><code>026bb3c</code></a>
Discard paren attrs in unparenthesize test</li>
<li><a
href="217dd626aa"><code>217dd62</code></a>
Preserve attributes of Expr::Paren in FlattenParens</li>
<li><a
href="ef977c1059"><code>ef977c1</code></a>
Update test suite to nightly-2025-06-11</li>
<li><a
href="b1cc55995d"><code>b1cc559</code></a>
Release 2.0.102</li>
<li>Additional commits viewable in <a
href="https://github.com/dtolnay/syn/compare/2.0.101...2.0.103">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [nix](https://github.com/nix-rust/nix) from 0.29.0 to 0.30.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nix-rust/nix/blob/master/CHANGELOG.md">nix's
changelog</a>.</em></p>
<blockquote>
<h2>[0.30.1] - 2025-05-04</h2>
<h3>Fixed</h3>
<ul>
<li>doc.rs build
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2634">#2634</a>)</li>
</ul>
<h2>[0.30.0] - 2025-04-29</h2>
<h3>Added</h3>
<ul>
<li>Add socket option <code>IPV6_PKTINFO</code> for BSDs/Linux/Android,
also
<code>IPV6_RECVPKTINFO</code> for DragonFlyBSD
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2113">#2113</a>)</li>
<li>Add <code>fcntl</code>'s <code>F_PREALLOCATE</code> constant for
Apple targets.
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2393">#2393</a>)</li>
<li>Improve support for extracting the TTL / Hop Limit from incoming
packets
and support for DSCP (ToS / Traffic Class).
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2425">#2425</a>)</li>
<li>Add socket option IP_TOS (nix::sys::socket::sockopt::IpTos)
IPV6_TCLASS
(nix::sys::socket::sockopt::Ipv6TClass) on Android/FreeBSD
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2464">#2464</a>)</li>
<li>Add <code>SeekData</code> and <code>SeekHole</code> to
<code>Whence</code> for hurd and apple targets
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2473">#2473</a>)</li>
<li>Add <code>From</code> trait implementation between
<code>SocketAddr</code> and <code>Sockaddr</code>,
<code>Sockaddr6</code> (<a
href="https://redirect.github.com/nix-rust/nix/pull/2474">#2474</a>)</li>
<li>Added wrappers for <code>posix_spawn</code> API
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2475">#2475</a>)</li>
<li>Add the support for Emscripten.
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2477">#2477</a>)</li>
<li>Add fcntl constant <code>F_RDADVISE</code> for Apple target
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2480">#2480</a>)</li>
<li>Add fcntl constant <code>F_RDAHEAD</code> for Apple target
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2482">#2482</a>)</li>
<li>Add <code>F_LOG2PHYS</code> and <code>F_LOG2PHYS_EXT</code> for
Apple target
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2483">#2483</a>)</li>
<li><code>MAP_SHARED_VALIDATE</code> was added for all linux targets.
& <code>MAP_SYNC</code> was added
for linux with the exclusion of mips architecures, and uclibc
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2499">#2499</a>)</li>
<li>Add
<code>getregs()</code>/<code>getregset()</code>/<code>setregset()</code>
for Linux/musl/aarch64
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2502">#2502</a>)</li>
<li>Add FcntlArgs <code>F_TRANSFEREXTENTS</code> constant for Apple
targets
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2504">#2504</a>)</li>
<li>Add <code>MapFlags::MAP_STACK</code> in <code>sys::man</code> for
netbsd
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2526">#2526</a>)</li>
<li>Add support for <code>libc::LOCAL_PEERTOKEN</code> in
<code>getsockopt</code>.
(<a
href="https://redirect.github.com/nix-rust/nix/pull/2529">#2529</a>)</li>
<li>Add support for <code>syslog</code>, <code>openlog</code>,
<code>closelog</code> on all <code>unix</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3cf9007216"><code>3cf9007</code></a>
chore: drop 0.30.1</li>
<li><a
href="2845ab9e4e"><code>2845ab9</code></a>
Compile sys::mman on Redox (<a
href="https://redirect.github.com/nix-rust/nix/issues/2637">#2637</a>)</li>
<li><a
href="fccb4abfc8"><code>fccb4ab</code></a>
Fix fuchsia target triple to unbreak docs.rs build (<a
href="https://redirect.github.com/nix-rust/nix/issues/2634">#2634</a>)</li>
<li><a
href="b834171547"><code>b834171</code></a>
ci: disable hurd (<a
href="https://redirect.github.com/nix-rust/nix/issues/2638">#2638</a>)</li>
<li><a
href="9c97e1df15"><code>9c97e1d</code></a>
Clippy cleanup: dangerous_implicit_autorefs and
uninlined_format_args</li>
<li><a
href="989291d5bf"><code>989291d</code></a>
chore: release 0.30.0</li>
<li><a
href="6a1c5b8d5b"><code>6a1c5b8</code></a>
Remove Copy from PollFd (<a
href="https://redirect.github.com/nix-rust/nix/issues/2631">#2631</a>)</li>
<li><a
href="eba0f41bff"><code>eba0f41</code></a>
chore: pin libc to 0.2.171 & bump CI image (<a
href="https://redirect.github.com/nix-rust/nix/issues/2632">#2632</a>)</li>
<li><a
href="b561476e1d"><code>b561476</code></a>
socket::sockopt AttachReusePortCbpf for Linux addition. (<a
href="https://redirect.github.com/nix-rust/nix/issues/2621">#2621</a>)</li>
<li><a
href="684b79edb6"><code>684b79e</code></a>
Add sockopt::PeerPidfd (SO_PEERPIDFD) sockopt support to socket::sockopt
(<a
href="https://redirect.github.com/nix-rust/nix/issues/2620">#2620</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nix-rust/nix/compare/v0.29.0...v0.30.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thomas Eizinger <thomas@eizinger.io>
When working on the Swift codebase, I noticed that running the formatter
produced a massive diff. This PR re-formats the Swift code with `swift
format . --recursive --in-place` and adds a CI check to enforce it going
forward.
Resolves: #9534
---------
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
The removed hook dependencies are invalid because the side-effect
specified in `useEffect` does in fact not depend on them. However, as a
result of these dependencies, the `useEffect` closure appears to run in
an end-less loop, constantly sending the `update_state` command to the
backend which in turn re-sends all state to the frontend, causing a
massive CPU and memory spike.
Resolves: #9519
After updating the CSS config to use `main.css` in the portal the root
layout was updated, but there were a small number of one-off templates
that do not use the root layout and those pages were not updated with
the new `main.css` file. This commit updates those non-root templates.
Fixes#9532
We issue broadcasts and subscribes in many places throughout the portal.
To help keep the cognitive overhead low, this PR consolidates all PubSub
functionality to the `Domain.PubSub` module.
This allows for:
- better maintainability
- see all of the topics we use at a glance
- consolidate repeated functionality (saved for a future PR)
- use the module hierarchy to define function names, which feels more
intuitive when reading and sets a convention
We also introduce a `Domain.Events.Hooks` behavior to ensure all hooks
comply with this simple contract, and we also introduce a convention to
standardize on topic names using the module hierarchy defined herein.
Lastly, we add convenience functions to the Presence modules to save a
bit of duplication and chance for errors.
This will make it much easier to maintain PubSub going forward.
Related: #9501
In #9513 a bug was introduced that added all service accounts to the
Everyone group. This fixes that by ensuring the `insert_all` query only
cross joins where actor type is `:account_user, :account_admin_user`.
Staging data will be manually fixed after this goes in.
I briefly considered updating the delete clause of this query to "clean
things up" by removing any found service accounts but that is a bit too
defensive in my opinion - if there's no way a service account should
make it into this group, then we shouldn't have code to expect it. This
will all be going away in #8750 which should be much less brittle.
In many places throughout the portal codebase, we called a function
"update_dynamic_group_memberships/1" which recomputed all of the
dynamic/managed memberships for a particular account, and reapplied them
to each affected group.
Since the `has_many :memberships` relationship used `on_replace:
:delete`, this caused Ecto to delete _all_ the `Everyone` group
memberships, and reinsert them on each sync.
Since each membership change triggers a policy re-evaluation for all
policies to the affected actor
(`Policies.broadcast_access_events_for/3`), this in effect was causing a
massive amount of queries to be triggered upon each sync job as each
membership deletion and insertion triggered a lookup for all resources
available to that particular actor.
To fix this, we introduce the following changes:
- Remove `dynamic` group type. This will never be used as it will create
an immense amount of complexity for any organization trying to manage
groups this way
- Refactor `update_dynamic_group_memberships/1` to use a smarter query
that first gathers all the _needed_ changes and applies them within a
transaction using Ecto.Multi. Previously all memberships would be rolled
over unconditionally due to the `on_replace: :delete` option on the
relationship. Note that the option is still there, but we generally
don't set memberships on groups any longer unless editing the affected
group directly, where the everyone group doesn't apply.
Resolves: #8407Resolves: #8408
Related: #6294
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
At present, listening for DNS server change and network change events is
handled in the GUI client. Upon an event, a message is sent to the
tunnel service which then applies the new state to `connlib`.
We can avoid some of this boilerplate by moving these listeners to the
tunnel service as part of the handler. As a result, we get a few
improvements:
- We don't need to ignore these events if we don't have a session
because the lifetime of these listeners is tied to the IPC handler on
the service side.
- We need fewer IPC messages
- We can retry the connection directly from within the tunnel service in
case we have no Internet at the time of startup
- We can more easily model out the state machine of a connlib session in
the tunnel service
- On Linux, this means we no longer shell out to `resolvectl` from the
GUI process, unifying access to the "resolvers" from the tunnel service
- On Windows, we no longer need admin privileges on the GUI client for
optimized network-change detection. This now happens in the Tunnel
process which already runs as admin.
Resolves: #9465
- removes `NavLink` in favor of using the `href` prop on `SidebarItem`.
This fixes vertical spacing between sidebar items (it was inconsistent)
and DOM structure issues caused by setting `NavLink` as a direct child
of `<SidebarItemGroup>`.
- adds `cursor-pointer` to all `<Button>`s
- adds `cursor-pointer` to the `<SidebarCollapse>`
### Before
<img width="1238" alt="Screenshot 2025-06-10 at 7 57 37 PM"
src="https://github.com/user-attachments/assets/2e5e66f2-d4c1-48b7-b81d-1803de2442fc"
/>
### After
<img width="1238" alt="Screenshot 2025-06-10 at 7 57 55 PM"
src="https://github.com/user-attachments/assets/aa676fc1-124a-4e33-859d-da8f3eaad211"
/>
In #9498, the Cloudflare response was updated to match what appears to
be a transient change on their end. It looks like this has changed
again, so to prevent this from breaking CI in the future we relax the
assertion.
We move the resource events to the WAL system. Notably, we no longer
need `fetch_and_update_breakable` for resource updates, so a bit of
refactoring is included to update the call sites for those.
Additionally, we need to add a `Flow.expire_flows_for_resource_id/1`
function to expire flows from the WAL system. This is now being called
in the WAL event handler. To prevent this from blocking the WAL
consumer/broadcaster, we wrap it with a Task.async. These will be
cleaned up when the lookup table for access is implemented next.
Another thing to note is that we lose the `subject` when moving from
`Flows.expire_flows_for(%Resource{}, subject)` to
`Flows.expire_flows_for_resource_id(resource_id)` when a resource is
deleted or updated by an actor since we respond to this event in the WAL
where that data isn't available. However, we don't actually _use_ the
subject when expiring flows (other than authorize the initial resource
update), so this isn't an issue.
Related: #9501
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com>
Why:
* This commit brings our web app inline with how new Phoenix
applications manage and configure js/css/font assets. Along with that
this commit updates our Tailwind and esbuild tools.
- Adds a timeout to the required_checks workflow
- Expects all jobs to run, exiting the script early for main branch runs
- Adds `set -xe` so we catch script errors going forward
This CI run is running for over an hour, not sure which job it's waiting
on:
https://github.com/firezone/firezone/actions/runs/15565464294
When a CI job is running as part of a merge group, it's possible the
base ref is a few commits away if the merge queue has items in it. So we
update the fetch depth to 20.
Bumps androidx.security:security-crypto from 1.1.0-alpha07 to
1.1.0-beta01.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Why:
* The current README in the `/elixir` directory is a circular reference
that does not explain much. This commit updates the README to give the
basics of how to get started with Firezone Elixir development.
It appears that Cloudflare changed the response that it is sending for
the 1.1.1.1 IP so we need to adapt our integration test for packet loops
in order to make CI pass.
Until we implement #3959 for the Apple client, we need to be careful
around how we de-initialise the Rust session. Callback-based designs are
difficult to get right across boundaries because they enable
re-entrances which then lead to runtime errors.
Specifically, freeing the session needs to cleanup the tokio runtime but
that is impossible if the callback is still executed from that exact
runtime. To workaround this, we need to free the session pointer from a
new task.
Moving to #3959 will solve this in a much more intuitive way because we
can ditch the callbacks and instead move to a stream of events that the
host app can consume.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Why:
* We've seen some Stripe API requests come back with 429 responses,
which likely could be retried and succeed. This commit adds some basic
retry logic to our Stripe API client.
This isn't strictly true - in most cases we actually do set this limit
and enforce it, which is what I think is the correct thing to do.
Related: #8668
It turns out that the link checker was failing because it is matching
those URLs via regex and that the `?` in the URL was interpreted as a
regex control character.
We don't need to rebuild the Tauri clients every time we change Rust
code but we almost certainly want to rebuild them if we change any code
in the client itself so we can smoke test them.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
When evaluating the status of all required checks, we currently only look at the very first one. This is error prone and may result in `required-check` to be marked as successful too early. Instead of iterating through the list of jobs we have scheduled, we now instead look at all jobs that are running as part of the CI run. The idea here is:
- Any job that got started need to complete (one way or another)
- If _any_ job fails, we fail the required check
- If all jobs complete without a single failure, we pass the check
This plays well with "skipped" jobs which we sometimes have as part of CI.
Bumps [smallvec](https://github.com/servo/rust-smallvec) from 1.15.0 to
1.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/servo/rust-smallvec/releases">smallvec's
releases</a>.</em></p>
<blockquote>
<h2>v1.15.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Shrink code produced by <code>smallvec![]</code>. by <a
href="https://github.com/nnethercote"><code>@nnethercote</code></a> in
<a
href="https://redirect.github.com/servo/rust-smallvec/pull/386">servo/rust-smallvec#386</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/servo/rust-smallvec/compare/v1.15.0...v1.15.1">https://github.com/servo/rust-smallvec/compare/v1.15.0...v1.15.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d0f47a3ea9"><code>d0f47a3</code></a>
Version 1.15.1</li>
<li><a
href="d682405159"><code>d682405</code></a>
Shrink code produced by <code>smallvec![]</code>.</li>
<li>See full diff in <a
href="https://github.com/servo/rust-smallvec/compare/v1.15.0...v1.15.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [os_info](https://github.com/stanislav-tkach/os_info) from 3.11.0
to 3.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stanislav-tkach/os_info/releases">os_info's
releases</a>.</em></p>
<blockquote>
<h2>os_info 3.12.0</h2>
<ul>
<li>
<p>Cygwin support has been added. (<a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/405">#405</a>)</p>
</li>
<li>
<p>macOS version detection has been updated to read the
<code>SystemVersion.plist</code> file. (<a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/406">#406</a>)</p>
</li>
<li>
<p>macOS bitness detection has been updated to avoid using the
<code>getconf</code> command. (<a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/407">#407</a>)</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stanislav-tkach/os_info/blob/master/CHANGELOG.md">os_info's
changelog</a>.</em></p>
<blockquote>
<h2>[3.12.0] (2025-06-08)</h2>
<ul>
<li>
<p>Cygwin support has been added. (<a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/405">#405</a>)</p>
</li>
<li>
<p>macOS version detection has been updated to read the
<code>SystemVersion.plist</code>
file. (<a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/406">#406</a>)</p>
</li>
<li>
<p>macOS bitness detection has been updated to avoid using the
<code>getconf</code>
command. (<a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/407">#407</a>)</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="70a4d893aa"><code>70a4d89</code></a>
Merge pull request <a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/408">#408</a>
from stanislav-tkach/3-12</li>
<li><a
href="39c996cd1d"><code>39c996c</code></a>
Markdown</li>
<li><a
href="e8b5eab128"><code>e8b5eab</code></a>
Spellcheck</li>
<li><a
href="d224489609"><code>d224489</code></a>
Update changelog</li>
<li><a
href="3494e22877"><code>3494e22</code></a>
Release the 3.12 version</li>
<li><a
href="131b6aa56a"><code>131b6aa</code></a>
Merge pull request <a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/406">#406</a>
from davidkna/macos-version-from-file</li>
<li><a
href="c5fc908154"><code>c5fc908</code></a>
Merge pull request <a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/407">#407</a>
from davidkna/patch-1</li>
<li><a
href="eb8e02299a"><code>eb8e022</code></a>
Merge pull request <a
href="https://redirect.github.com/stanislav-tkach/os_info/issues/405">#405</a>
from Berrysoft/dev/cygwin</li>
<li><a
href="a317f52a67"><code>a317f52</code></a>
MacOS: Attempt to derive bitness from arch</li>
<li><a
href="260280e4fe"><code>260280e</code></a>
Use SystemVersion.plist for macOS ProductVersion</li>
<li>Additional commits viewable in <a
href="https://github.com/stanislav-tkach/os_info/compare/v3.11.0...v3.12.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
With the introduction of the "connect on start" configuration option, we
introduced a bug where the GUI client said "Signed in as ..." even
though we did not have a `connlib` session. The tray-menu handles this
state correctly and clicking sign out and sign in restores Firezone to a
functional state.
This disparity happened because we assumed that having a token means we
must have a session.
To fix this, we introduce a new `SessionViewModel` that combines the
state of the auth session and the `connlib` state. Only if we have both
do we infer that we are "signed in". This also requires us to introduce
an intermediary state where we are "loading". This is represented as a
spinner in the UI.
Last but not least, this also removes the automated hiding of the client
window. In a prior design, the only job of this window was to show the
"Sign in" button so it wasn't useful beyond clicking that. Now that we
show more things in this window, automatically hiding it might confuse
the user.
Here is what this new design looks like:
[Login
flow](https://github.com/user-attachments/assets/276e390b-4837-48e2-aaf1-eea007472816)
As a result of other improvements around "zero-click sign-in", the user
often doesn't even have to switch to the browser window because sign-in
happens in the background. Unfortunately, the tab still remains open but
that is outside of our control (at least on Linux).
This PR optimises our CI pipeline to only run workflows when certain
files change. To achieve this, we introduce a top-level `planner` job
that all other jobs primarily depend on. The `planner` job then computes
which other jobs to run and creates an output with a list of those.
Running only certain jobs is only the first half of the problem. The
second half is creating a dedicated job that we can mark as "required"
in GitHub. Without such a "required" check, the merge queue wouldn't
know, when a PR is good to be merged.
Jobs cannot have dynamic dependencies on other jobs. We therefore need
to emulate this by creating a polling loop that hits the GitHub API
every 10s and evaluates, whether all "required" jobs, i.e. the ones we
planned to run, have finished successfully.
---------
Co-authored-by: Jamil Bou Kheir <jamilbk@users.noreply.github.com>
As part of investigating #9400, I refactored the startup code of the GUI
client to play around with the initialization order of the runtime and
other parts. After finding the root cause (fixed in #9469), I figured it
would still be nice to land these improvements.
This refactors the app startup:
- Only initialize what is absolutely necessary outside of `try_main`:
The runtime and the telemetry instance.
- Settings are loaded earlier
- Telemetry is initializer earlier
- Add a bootstrap logger that logs to stdout whilst we are booting
- Re-order some code inside `gui::run` to bundle the initialization of
Tauri into a single command chain
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
