Commit Graph

100 Commits

Author SHA1 Message Date
Rosa Gutierrez 92cb749e16 Fix tests for renamed fixtures and new stacked notifications
Clear assignee's existing notifications in setup since Notifier now
uses create_or_find_by instead of create, and reload the association
to avoid caching after destroy_all.

Update fixture references after rebase: use `logo_assignment_kevin`
as base notification and `logo_mentioned_david` for mention tests.
Update source to `logo_published` in tests that need generic card events.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 155fa2da97 Go back to RubyGems version of action_push_native
After releasing the new version: https://github.com/rails/action_push_native/releases/tag/v0.3.1
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 34fd62faf1 Move devices table to saas database
Use ActionPushNative's new on_load hook to configure the database connection,
following the same pattern as Active Storage and Action Text:

  ActiveSupport.on_load(:action_push_native_record) do
    connects_to database: { writing: :saas, reading: :saas }
  end

This allows ApplicationPushDevice to inherit directly from ActionPushNative::Device
without needing an intermediate abstract class.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez d3cc79a5bc Simplify device routes and use ActiveRecord validations
- Use RESTful DELETE /devices/:id where :id can be token or database ID
- Remove redundant unregister collection route
- Remove old Users::DevicesController
- Return 404 when device not found instead of silently succeeding
- Return 422 for invalid platform via ActiveRecord validation
- Update action_push_native to main branch (includes validate: true on enum)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-25 19:31:13 +01:00
Rosa Gutierrez 2121b6dc3d Use version of action_push_native with proper config paths support
See https://github.com/rails/action_push_native/pull/89

Now we can delete the OSS version of `config/push.yml`, no longer needed.
2026-02-25 19:31:13 +01:00
Fernando Olivares 3c54cd84fc Add native push notification infrastructure
- Add action_push_native gem and SaaS configuration
- Add device registration API and UI
- Add User::Devices concern
- Add NotificationPusher::Native for push delivery
- Add tests and fixtures for native push
2026-02-25 19:31:13 +01:00
Samuel Péchèr 0038641ede Update Lexxy to 0.7.6.beta 2026-02-24 20:25:07 +00:00
dependabot[bot] 395cc06f5c Bump aws-sdk-s3 from 1.211.0 to 1.213.0 (#2502)
Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.211.0 to 1.213.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

---
updated-dependencies:
- dependency-name: aws-sdk-s3
  dependency-version: 1.213.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:53:45 -05:00
dependabot[bot] b0b14ead28 Bump sqlite3 from 2.8.0 to 2.9.0 (#2386)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 2.8.0 to 2.9.0.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v2.8.0...v2.9.0)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:48:52 -05:00
dependabot[bot] 3063a40f0f Bump trilogy from 2.9.0 to 2.10.0 (#2388)
Bumps [trilogy](https://github.com/trilogy-libraries/trilogy) from 2.9.0 to 2.10.0.
- [Release notes](https://github.com/trilogy-libraries/trilogy/releases)
- [Changelog](https://github.com/trilogy-libraries/trilogy/blob/main/CHANGELOG.md)
- [Commits](https://github.com/trilogy-libraries/trilogy/compare/v2.9.0...v2.10.0)

---
updated-dependencies:
- dependency-name: trilogy
  dependency-version: 2.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:43:47 -05:00
dependabot[bot] 361d4a7a52 Bump solid_queue from 1.2.4 to 1.3.1 (#2425)
Bumps [solid_queue](https://github.com/rails/solid_queue) from 1.2.4 to 1.3.1.
- [Release notes](https://github.com/rails/solid_queue/releases)
- [Commits](https://github.com/rails/solid_queue/compare/v1.2.4...v1.3.1)

---
updated-dependencies:
- dependency-name: solid_queue
  dependency-version: 1.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 18:42:48 -05:00
dependabot[bot] 6f99e43f5b Bump puma from 7.1.0 to 7.2.0 (#2462)
* Bump puma from 7.1.0 to 7.2.0

Bumps [puma](https://github.com/puma/puma) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/main/History.md)
- [Commits](https://github.com/puma/puma/compare/v7.1.0...v7.2.0)

---
updated-dependencies:
- dependency-name: puma
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:25:30 -05:00
dependabot[bot] 85bb2aa1fa Bump turbo-rails from 2.0.21 to 2.0.23 (#2501)
* Bump turbo-rails from 2.0.21 to 2.0.23

Bumps [turbo-rails](https://github.com/hotwired/turbo-rails) from 2.0.21 to 2.0.23.
- [Release notes](https://github.com/hotwired/turbo-rails/releases)
- [Commits](https://github.com/hotwired/turbo-rails/compare/v2.0.21...v2.0.23)

---
updated-dependencies:
- dependency-name: turbo-rails
  dependency-version: 2.0.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 17:09:22 -05:00
dependabot[bot] 446640b8e9 Bump the development-dependencies group with 2 updates (#2588)
* Bump the development-dependencies group with 2 updates

Bumps the development-dependencies group with 2 updates: [brakeman](https://github.com/presidentbeef/brakeman) and [mocha](https://github.com/freerange/mocha).


Updates `brakeman` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v8.0.1...v8.0.2)

Updates `mocha` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md)
- [Commits](https://github.com/freerange/mocha/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
- dependency-name: mocha
  dependency-version: 3.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:44 -05:00
dependabot[bot] d8908c4b92 Bump bootsnap from 1.22.0 to 1.23.0 (#2589)
* Bump bootsnap from 1.22.0 to 1.23.0

Bumps [bootsnap](https://github.com/rails/bootsnap) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.22.0...v1.23.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-23 16:41:17 -05:00
Mike Dalessio 3b229e9aab Pin web-console to GitHub main for Rails compatibility
web-console 4.2.1 overrides the now-renamed filter_proxies method in
ActionDispatch::RemoteIp::GetIp. The fix (rails/web-console#344) is on
main but not yet released.
2026-02-18 15:16:21 -05:00
Mike Dalessio 41c2bd38af Update Rails to 12e24ea (363 commits past 60d92e4)
Also updates transitive dependencies:
- action_text-trix ~> 2.1.15 → ~> 2.1.16
- irb 1.16.0 → 1.17.0
- json 2.18.0 → 2.18.1
- net-imap 0.6.2 → 0.6.3
- nokogiri 1.19.0 → 1.19.1
- prism 1.8.0 → 1.9.0
- rack 3.2.4 → 3.2.5
- rdoc 7.0.3 → 7.2.0
2026-02-18 13:37:13 -05:00
Mike Dalessio 1c3b3c55ef Update rails_structured_logging to v0.3.0
v0.3.0 removes usage of the INTERNAL_PARAMS constant which is being
removed from ActionController in an upcoming Rails upgrade.
2026-02-18 13:33:10 -05:00
Jeremy Daer 8da0c47a5f Add actionpack-xml_parser to Gemfile.saas (production bundle)
The prior commit added it to saas/Gemfile but the production Docker
build uses Gemfile.saas (via BUNDLE_GEMFILE). This ensures the XML
parameter parser is present in the actual runtime environment.
2026-02-17 20:37:31 -08:00
dependabot[bot] 38ff89de09 Bump bootsnap from 1.21.1 to 1.22.0 (#2544)
* Bump bootsnap from 1.21.1 to 1.22.0

Bumps [bootsnap](https://github.com/rails/bootsnap) from 1.21.1 to 1.22.0.
- [Release notes](https://github.com/rails/bootsnap/releases)
- [Changelog](https://github.com/rails/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rails/bootsnap/compare/v1.21.1...v1.22.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Sync Gemfile.saas.lock

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-02-16 16:09:22 -08:00
dependabot[bot] 0ead67f85b Bump the development-dependencies group across 1 directory with 3 updates (#2546)
* Bump the development-dependencies group across 1 directory with 3 updates

Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman), [faker](https://github.com/faker-ruby/faker) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium).


Updates `brakeman` from 7.1.2 to 8.0.1
- [Release notes](https://github.com/presidentbeef/brakeman/releases)
- [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md)
- [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.1)

Updates `faker` from 3.5.3 to 3.6.0
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v3.5.3...v3.6.0)

Updates `selenium-webdriver` from 4.39.0 to 4.40.0
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0)

---
updated-dependencies:
- dependency-name: brakeman
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: faker
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: selenium-webdriver
  dependency-version: 4.40.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Auto-sync Gemfile.saas.lock on Dependabot PRs

Dependabot can't update custom-named Gemfiles, so Gemfile.saas.lock
drifts whenever it bumps shared gems in Gemfile.lock.

Add `bin/bundle-drift forward` to push oss lockfile changes into the
saas lockfile (the reverse of `correct`), and a GitHub Actions workflow
that runs it automatically on Dependabot bundler branches.

* Update brakeman ignore fingerprint for 8.0.1

Brakeman 8.0.1 changed how it computes warning fingerprints, so the
existing ignore entry for the safe_constantize warning in Notifier
became obsolete. Update to the new fingerprint.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2026-02-16 15:29:51 -08:00
Jeremy Daer a5a5a62169 Add GVL contention metrics via gvltools (#2538)
* Add GVL contention metrics via gvltools and Yabeda

Expose per-request and process-wide GVL wait time as Prometheus metrics
to diagnose suspected GVL contention from Solid Cable and Action Cable
threads in Puma workers.

Metrics: gvl_request_wait_seconds (histogram), gvl_waiting_threads
(gauge), gvl_global_timer_total_seconds (gauge).

* Add unit: :seconds to GVL histogram for consistency
2026-02-12 16:28:29 -08:00
Mike Dalessio 851f13a934 Render inline code in card titles (#2518)
* Remove unused marked JS dependency

* Remove unused redcarpet dependency

* Render inline code in card titles

Add card_html_title helper that HTML-escapes input then converts
backtick-wrapped text to <code> elements. Apply to card titles in
board preview, card detail, public views, and notification emails.
Style inline code elements in titles to match description styling.

Co-authored-by: Andy Smith <andy@37signals.com>

---------

Co-authored-by: Andy Smith <andy@37signals.com>
2026-02-12 12:07:40 -05:00
Donal McBreen 1506624cd3 Add stackprof for profiling
So you can do something like this:

```ruby
  require "stackprof"

  report = StackProf.run(mode: :wall, interval: 100) do
    Account.find_by(external_account_id: 123)
  end

  StackProf::Report.new(report).print_text
```
2026-02-12 15:42:50 +00:00
Zoltan Hosszu 2ee745cf82 Lexxy version bump 2026-02-12 09:54:20 +01:00
Mike Dalessio bd1ef1f650 dep: bump console1984 to 746cd443 (#2495)
to pick up the session incineration fix

ref: https://3.basecamp.com/2914079/buckets/27/card_tables/cards/9552285400
2026-02-06 10:24:04 -05:00
Stanko K.R. de69d2e6fe Add import cleanup 2026-02-02 12:36:48 +01:00
Mike Dalessio 4e61b64d9a Update to feature branch of audits1984 2026-01-28 14:13:51 -05:00
Rosa Gutierrez 1083784a98 Update turbo-rails to get latest Turbo version
In preparation for offline mode.
2026-01-19 19:40:08 +01:00
Jorge Manrubia 4ab1e3ff7d Solve problem when Action Text raises on missing attachables
Reverts the previous patch. The problem was that I hadn't update
 Lexxy in the saas version https://github.com/basecamp/lexxy/pull/596
2026-01-16 17:32:41 +01:00
Stanko K.R. a811ba1b2a Bump Bootsnap to v1.21.1 2026-01-16 14:26:46 +01:00
Zoltan Hosszu 43fa7fb6aa Update to Lexxy 0.7.0beta 2026-01-15 16:34:56 +01:00
Jorge Manrubia ce1c04803e Update to latest Lexxy 2026-01-15 16:34:56 +01:00
Stanko K.R. d5f270fe3a Update development dependencies in SAAS lockfile 2026-01-13 12:06:43 +01:00
Stanko K.R. f6557856f7 Update runtime dependencies
Updated kamal, bootsnap, rqrcode, net-http-persistent, web-push, aws-sdk-s3, bcrypt & rouge
2026-01-13 12:03:43 +01:00
Rosa Gutierrez 182d36aee9 Update Rails 2026-01-02 18:56:28 +01:00
Stanko K.R. 090582cd98 Update SAAS AWS dependencies 2025-12-19 19:16:39 +01:00
Robin Brandt dddaf861d4 Bump mittens gem to support build on FreeBSD (#2196) 2025-12-18 10:56:24 -08:00
Jeremy Daer c691d39ecf Integrate fizzy-saas as vendored gem at saas/
- Update Gemfile.saas to use path: "saas" instead of GitHub source
- Update config/database.yml to reference local saas/ directory
- Update bin/setup to source saas/bin/setup directly
- Remove redundant dotfiles (ruby-version, gitignore, rubocop, github workflows)
- Add saas/db exclusions to root rubocop config
2025-12-16 12:25:22 -08:00
Jorge Manrubia ee80b87c8c Add billing system with Stripe
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Jason Zimdars <jz@37signals.com>
2025-12-16 16:44:20 +01:00
Kevin McConnell 14f337739d Update Thruster 2025-12-16 13:28:49 +00:00
Jorge Manrubia 2e66fdff4a Update lexxy to bring fixes from https://github.com/basecamp/lexxy/releases/tag/v0.1.24.beta 2025-12-14 18:53:23 +01:00
Jeremy Daer 3d3593c8f6 Bump fizzy-saas to retain fewer docker images (#2134)
References https://github.com/basecamp/fizzy-saas/pull/32
2025-12-13 10:39:01 -08:00
Mike Dalessio 43fd8ab691 Update fizzy-saas to get employee restriction in staging 2025-12-12 15:31:22 -05:00
Mike Dalessio 430caed61e saas: Bump queenbee gem for new staging location 2025-12-12 11:52:30 -05:00
Matthew Kent eb06884ea7 Bump fizzy-saas to pickup another staging change. 2025-12-11 16:19:06 -08:00
Fernando Álvarez ef3c49d9ad Bump fizzy-saas
Related to updating URL on staging environment.
2025-12-11 18:26:01 +01:00
Kevin McConnell 4edd49374a Update Gemfile.saas.lock
To bring in line with change in [36419c3600]
2025-12-11 16:04:55 +00:00
Kevin McConnell 3f2938dd8e Bump fizzy-saas to set config option 2025-12-11 12:24:59 +00:00
Jeremy Daer 90452a4236 Enforce CSP (#2070) 2025-12-10 17:55:02 -08:00