HedgeDoc - Ideas grow better together
Find a file
Erik Michelson 1f1231a730 ci: remove netlify deployment workflow
This workflow was used in an early stage of development of HedgeDoc 2.
It allowed the core developers to quickly check fixes, improvements or
new features to the HedgeDoc UI without the requirement to check-out
the branch locally. As not every pull request required a deployment,
this workflow was only triggered when the "ci: force deployment"
label was added. Since some time already, the frontend and backend
are so tightly coupled that the netfliy deployment doesn't make any
sense anymore and therefore hasn't been used anymore. This commit
therefore removes this leftover workflow.

@RedYetiDev contacted us privately and reported that this deployment
workflow could have been abused to invoke arbitrary commands, including
extraction of environment variables which include our tokens for the
turborepo build cache or the netlify deployment token. For this it
would have been required that somebody created a "safe" pull request,
which would have been labelled with the deployment label and then
changed afterwards since the workflow checks out the pull request
source repository, not the target. We assured that the label was only
added to pull requests from trusted members of the HedgeDoc core team.
There was never any malicious use of the workflow. Furthermore, no
released versions of HedgeDoc (1.x) could have been affected by this,
even in the worst-case scenario.

We're thankful for putting this risk at our attention!
If you too encounter something unusual regarding security in HedgeDoc
itself or our toolchain around it, don't hesitate to contact us.
Details on this are wriiten in our SECURITY.md in the root of the
repository.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
2024-07-30 08:48:38 +02:00
.github ci: remove netlify deployment workflow 2024-07-30 08:48:38 +02:00
.idea/copyright chore(reuse): remove unneeded license file 2023-10-24 11:26:16 +02:00
.reuse docs: restructure documentation 2023-09-17 21:50:21 +02:00
.yarn fix: version of resolution of dicebear/converter 2024-02-11 23:54:55 +01:00
backend feat(notes): check for equal alias or note id 2024-04-18 22:15:11 +02:00
commons fix(deps): update dependency reveal.js to v5 2024-04-09 11:40:15 +02:00
dev-reverse-proxy fix(caddy): use hostname instead of ip 2023-09-03 22:00:34 +02:00
docker fix(docker): remove docker image hashes from example docker-compose.yml 2023-03-28 09:13:29 +02:00
docs ci: remove netlify deployment workflow 2024-07-30 08:48:38 +02:00
frontend ci: remove netlify deployment workflow 2024-07-30 08:48:38 +02:00
html-to-react chore(deps): update linters 2024-03-01 17:51:22 +01:00
LICENSES feat(frontend): replace forkawesome with bootstrap icons 2023-02-24 14:31:17 +01:00
markdown-it-plugins chore(deps): update linters 2024-03-01 17:51:22 +01:00
.dockerignore misc: add turbo monorepo util 2023-02-07 21:38:40 +01:00
.env.example refactor: move .env file to repo root 2023-03-26 15:53:49 +02:00
.env.example.license refactor: move .env file to repo root 2023-03-26 15:53:49 +02:00
.gitattributes fix(repo): fix gitattributes 2022-12-01 23:51:51 +01:00
.gitignore add download directory 2024-01-24 12:14:40 +01:00
.mailmap chore: update authors file 2023-10-08 21:57:01 +02:00
.mailmap.license Change year in copyright to 2021 2021-01-06 21:36:07 +01:00
.nvmrc chore(deps): update dependency node to v20.11.0 2024-02-10 16:16:10 +01:00
.nvmrc.license fix: move nvmrc into root directory 2023-02-12 22:10:31 +01:00
.yarnrc.yml chore(deps): update yarn to v4.1.0 2024-02-10 18:00:34 +01:00
AUTHORS chore: update authors file 2023-10-08 21:57:01 +02:00
CODE_OF_CONDUCT.md Change year in copyright to 2021 2021-01-06 21:36:07 +01:00
codecov.yml fix(ci): move codecov config to top-level 2022-11-20 23:02:13 +01:00
CONTRIBUTING.md fix CODE_OF_CONDUCT.md file url , inside CONTRIBUTING.md 2023-10-19 19:30:49 +02:00
developer-certificate-of-origin.txt refactor: move dco into root 2023-09-17 21:50:21 +02:00
developer-certificate-of-origin.txt.license refactor: move dco into root 2023-09-17 21:50:21 +02:00
LICENSE fix: add new slogan 2023-07-11 21:17:19 +02:00
package.json chore(deps): update dependency @types/node to v20.11.18 2024-02-15 15:34:38 +00:00
package.json.license feat(package): adjust packages to workspaces 2022-12-04 20:59:46 +01:00
README.md Change to direct link 2024-01-12 09:41:07 +01:00
renovate.json ci: remove netlify deployment workflow 2024-07-30 08:48:38 +02:00
renovate.json.license Change year in copyright to 2021 2021-01-06 21:36:07 +01:00
SECURITY.md docs(SECURITY): Shift vulnerability reporting directly to GitHub 2023-01-24 20:07:39 +01:00
turbo.json fix(turbo): deduplicate test task config and add coverage directory 2023-09-09 09:40:06 +02:00
turbo.json.license misc: add turbo monorepo util 2023-02-07 21:38:40 +01:00
yarn.lock fix(deps): update dependency next to v14.1.1 [security] 2024-05-10 07:42:49 +00:00
yarn.lock.license feat(package): adjust packages to workspaces 2022-12-04 20:59:46 +01:00

HedgeDoc Logo

#HedgeDoc on matrix.org version POEditor Mastodon Twitter REUSE Compliance Check Nest.JS CI codecov

HedgeDoc lets you create real-time collaborative markdown notes.

Getting Started

State of the project

HedgeDoc 1.x is stable and used around the world, but the codebase has grown over time, making it hard to add new features.
We are currently working on HedgeDoc 2, a complete rewrite of HedgeDoc. Please note the following:

  • This branch contains the latest development code and does not implement all features yet. If you are looking for the 1.x source code, have a look at the master branch.
  • The 1.x release is maintenance-only. We do not accept feature requests or PRs for this release anymore and may choose to close non-critical bug reports, if the bug will be non-existent in 2.0.
  • HedgeDoc 2 will be split in two components. The backend and the frontend. Both are present in this repository.

Development

Information for setting up a local development environment can be found in the developer documentation

HedgeDoc 2 Alpha

Curious about the new look and feel of HedgeDoc 2? We provide a demo of the alpha on hedgedoc.dev.

If you want to try it out on your own devices, visit the HedgeDoc 2 docs. But be aware that these may change over time.

Contributions

We welcome contributions!
Have a look at our contribution docs to find out how you can help. If you want to contribute to HedgeDoc 2, please join our development chat.

License

Licensed under AGPLv3. For our list of contributors, see AUTHORS.

The license does not include the HedgeDoc logo, whose terms of usage can be found in the github repository.