- Updated the chrome tab launch flow to fix unexpected behaviour when
closing the browser.
- Updated the signout functionality to not delete `accountId`.
Fixes#2184Fixes#2185
Why:
* The signup page was failing to allow signups due to a change in one of
the domain functions. This happened due to the UI not having tests for
the sign up page. The sign up page has been updated to use the new
domain function signature and has also had some tests added to hopefully
prevent regressions.
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
Since commit d0302f6, the macOS tunnel extension didn't build for me
(erring commit was found using `git bisect`). It looks like that version
bump commit added a dependency to
[system-configuration](https://docs.rs/system-configuration/) that
requires linking with the SystemConfiguration macOS framework.
Not sure why the CI builds fine, but my local setup doesn't. Maybe the
issue crops up only on Apple Silicon?
- Update `CODE_SIGN_STYLE=Manual`. You'll need to make sure to click
`Download manual profiles` in `Settings -> Account` in Xcode to have
them show up and be usable for local development. This is required to do
all this stuff from GitHub Actions.
- Sign the Apple app for distribution on each PR
- Publish the Apple app builds to App Store Connect on merges to `main`
Bumps [ring](https://github.com/briansmith/ring) from 0.17.0 to 0.17.2.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/briansmith/ring/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
Bumps [proptest](https://github.com/proptest-rs/proptest) from 1.2.0 to
1.3.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b4ffe8d08"><code>0b4ffe8</code></a>
[Release] 1.3.1 -- fix for incompatible bit-set/bit-vec versions (<a
href="https://redirect.github.com/proptest-rs/proptest/issues/375">#375</a>)</li>
<li><a
href="99bdf24f8a"><code>99bdf24</code></a>
[Release] 1.3.0 (<a
href="https://redirect.github.com/proptest-rs/proptest/issues/373">#373</a>)</li>
<li><a
href="7bfc889fea"><code>7bfc889</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/357">#357</a>
from tzemanovic/tomas/clear-break-dead-code</li>
<li><a
href="eb9db9d6c3"><code>eb9db9d</code></a>
Merge branch 'master' into tomas/clear-break-dead-code</li>
<li><a
href="370b3a031c"><code>370b3a0</code></a>
Permit use of (?-u) in byte-regex strategies (<a
href="https://redirect.github.com/proptest-rs/proptest/issues/336">#336</a>)
(<a
href="https://redirect.github.com/proptest-rs/proptest/issues/337">#337</a>)</li>
<li><a
href="e395e8caa5"><code>e395e8c</code></a>
Add PathBuf Arbitrary impl with tests (<a
href="https://redirect.github.com/proptest-rs/proptest/issues/368">#368</a>)</li>
<li><a
href="fcccad0f76"><code>fcccad0</code></a>
Book tips and best practices (<a
href="https://redirect.github.com/proptest-rs/proptest/issues/367">#367</a>)</li>
<li><a
href="fc3be95ae1"><code>fc3be95</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/355">#355</a>
from tzemanovic/tomas/fix-sm-logs</li>
<li><a
href="7292965d14"><code>7292965</code></a>
Merge pull request <a
href="https://redirect.github.com/proptest-rs/proptest/issues/360">#360</a>
from psychon/remove-byteorder</li>
<li><a
href="466d59daec"><code>466d59d</code></a>
[proptest] silence clippy::arc_with_non_send_sync warning with
prop_oneof (<a
href="https://redirect.github.com/proptest-rs/proptest/issues/363">#363</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/proptest-rs/proptest/compare/v1.2.0...v1.3.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
Bumps [reqwest](https://github.com/seanmonstar/reqwest) from 0.11.20 to
0.11.22.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/seanmonstar/reqwest/releases">reqwest's
releases</a>.</em></p>
<blockquote>
<h2>v0.11.21</h2>
<h2>What's Changed</h2>
<ul>
<li>Add automatically detecting macOS proxy settings.</li>
<li>Add <code>ClientBuilder::tls_info(bool)</code>, which will put
<code>tls::TlsInfo</code> into the response extensions.</li>
<li>Fix trust-dns resolver from possible hangs.</li>
<li>Fix connect timeout to be split among multiple IP addresses.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/SpeedReach"><code>@SpeedReach</code></a> made
their first contribution in <a
href="https://redirect.github.com/seanmonstar/reqwest/pull/1960">seanmonstar/reqwest#1960</a></li>
<li><a href="https://github.com/jefflloyd"><code>@jefflloyd</code></a>
made their first contribution in <a
href="https://redirect.github.com/seanmonstar/reqwest/pull/1955">seanmonstar/reqwest#1955</a></li>
<li><a href="https://github.com/droe"><code>@droe</code></a> made their
first contribution in <a
href="https://redirect.github.com/seanmonstar/reqwest/pull/1938">seanmonstar/reqwest#1938</a></li>
<li><a
href="https://github.com/conradludgate"><code>@conradludgate</code></a>
made their first contribution in <a
href="https://redirect.github.com/seanmonstar/reqwest/pull/1940">seanmonstar/reqwest#1940</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's
changelog</a>.</em></p>
<blockquote>
<h2>v0.11.22</h2>
<ul>
<li>Fix compilation on Windows when <code>trust-dns</code> is
enabled.</li>
</ul>
<h2>v0.11.21</h2>
<ul>
<li>Add automatically detecting macOS proxy settings.</li>
<li>Add <code>ClientBuilder::tls_info(bool)</code>, which will put
<code>tls::TlsInfo</code> into the response extensions.</li>
<li>Fix trust-dns resolver from possible hangs.</li>
<li>Fix connect timeout to be split among multiple IP addresses.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5df3861a73"><code>5df3861</code></a>
v0.11.22</li>
<li><a
href="afc3a9364a"><code>afc3a93</code></a>
fix trust-dns error kind on windows (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/1992">#1992</a>)</li>
<li><a
href="d050e604e1"><code>d050e60</code></a>
v0.11.21</li>
<li><a
href="2a881fb504"><code>2a881fb</code></a>
fix: split connect timeout for multiple IPs (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/1940">#1940</a>)</li>
<li><a
href="17c893ffc0"><code>17c893f</code></a>
Bump actions/checkout from 3 to 4 (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/1968">#1968</a>)</li>
<li><a
href="10d9d23f88"><code>10d9d23</code></a>
Add <code>tls_info</code> / <code>TlsInfo</code> for access to peer's
leaf certificate (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/1938">#1938</a>)</li>
<li><a
href="d3d95a5b56"><code>d3d95a5</code></a>
Optimize <code>TrustDnsResolver</code> (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/1967">#1967</a>)</li>
<li><a
href="0292486aba"><code>0292486</code></a>
dep: Upgrade trust-dns-resolver from v0.22 to v0.23 (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/1965">#1965</a>)</li>
<li><a
href="70d100c1b8"><code>70d100c</code></a>
Feature: auto detect MacOS proxy settings (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/1955">#1955</a>)</li>
<li><a
href="34f6c70134"><code>34f6c70</code></a>
Added wasm in the docs. (<a
href="https://redirect.github.com/seanmonstar/reqwest/issues/1960">#1960</a>)</li>
<li>See full diff in <a
href="https://github.com/seanmonstar/reqwest/compare/v0.11.20...v0.11.22">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gabi <gabrielalejandro7@gmail.com>
What is common across all our usages of the phoenix channel is that we
wait for some kind of `init` message before we fully start-up. We
extract this pattern into a dedicated function within the
`phoenix-channel` crate.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
- Cache build outputs as well as package manager resolved cache
- Write a new cache on `main` if anything in `swift/` or `rust/`
changes, and match on successively broader `restore-keys`. Swift loves
cached builds but its build cache is fairly large, so I thought this
might be an improvement over simply writing the cache to `github.sha` in
case anything outside of those directories changes.
- ~~Split macOS `x86_64` and `aarch64` builds with a matrix to
parallelize them, will join them into the final bundle during the `cd`
stage~~ Edit: We want to build these together in order to create a
Universal Binary artifact more easily.
Should be easier to review commit by commit.
The gist of this commit is:
* `onAddRoute` on Android now takes an address+prefix as to minimize
parsing
* `onAddRoute` recreates the vpn service each time(TODO: is this too bad
for performance?)
* `on_add_route` and `onAddRoute` returns the new fd
* on android after `on_add_route` we recreate `IfaceConfig` and
`DeviceIo` and we store the new values
* `peer_handler` now runs on a loop, where each time we fail a write
with an error code 9(bad descriptor) we try to take the new `DeviceIo`
* we keep an
[`AbortHandle`](https://docs.rs/tokio/latest/tokio/task/struct.AbortHandle.html)
from the `iface_handler` task, since closing the fd doesn't awake the
`read` task for `AsyncFd`(I tried it, right now `close` is only called
after dropping the fd) so we explicitly abort the task and start a new
one with the new `device_io`.
* in android `DeviceIo` has an atomic which tells if it's closed or open
and we change it to closed after `on_add_route`, we use this as to never
double-close the fd, instead we wait until it's dropped. This *might*
affect performance on android since we use non-`Ordering::Relaxed`
atomic operation each read/write but it won't affect perfromance in
other platforms, furthermore I believe the performance gains if we
remove this will be minimal.
Fixes#2227
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
- Fix `restore-keys` to progressively search broader and broader ranges
- Fix plt cache key name so that `restore-keys` works
- Replace `hashFiles('**')` with explicit paths to prevent
`pnpm-lock.yaml` in the `website/` directory from busting the cache for
the application
fixes#2013
Stops the reconnect loop on a 4xx error.
Right now it seems like android doesn't handle `on_disconnect` properly,
just logging instead of going back to sign-in screen.
- `ubuntu-22.04-firezone` is a 16-core builder for ~~kotlin~~ and docker
- ~~`macos-13-xlarge` is an M1 builder for Apple and docker arm64~~
- Configure the Gradle build cache
- Upgrade kotlin plugins, Android minSDK to 30, and gradle to 8.4
Edit: It appears that even using the largest runners for kotin and swift
don't speed the builds up that much (~30%), but will substantially
increase our cost, so I've reverted them to free.
Fixes#2210
Upsides:
1. We don't need to maintain a separate repo and Dockerfile just for
Elixir image (permissions, runner labels, etc)
2. No need to push intermediate images to the container registry
3. No need to copy-paste alpine/erlang/elixir version and hashes from
`firezone/containers` to `elixir/dockerfile` every time they change
4. No need to cross-compile for local dev environments, better
experience building with slow internet connection
5. One command to test if our code works on our containers but a
different alpine/erlang/elixir version
Downsides:
1. Locally devs will need to compile Erlang at least once per version,
but the whole build takes ~6 minutes on my M1 Max. It also takes only 8
minutes on the free GitHub Actions runner without any cache.
2. Worse experience on slow machines
FYI: there is no performance penalty once we have cache layers, still
takes 30 seconds on CI.
Copying the `rust-toolchain.toml` file in is one thing but if we want to
avoid repeatedly installing it, we should do that in the same layer too.
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
When you change the user in a Dockerfile using USER default, the process inside the container runs with the permissions of that user. In COS, only the root user (or processes with elevated privileges) can bind to ports below 1024. So, if our application is trying to bind to a port below 1024, and it's not running as root, we are getting an error.
