Fernando Álvarez
ef3c49d9ad
Bump fizzy-saas
...
Related to updating URL on staging environment.
2025-12-11 18:26:01 +01:00
Zoltan Hosszu
761fd8ccfb
Make list style same for every indentation
...
Adds 'list-style: disc' to ordered and unordered lists in rich-text-content.css to ensure consistent bullet styling.
2025-12-11 18:11:50 +01:00
Jason Zimdars
2a17976f9c
Merge pull request #1972 from viniciussoares/fix/auto-close-knob-bug-ios-safari
...
Fix auto-close knob showing range thumb on iOS Safari
2025-12-11 11:05:25 -06:00
Kevin McConnell
ddf4d2454d
Merge pull request #2085 from basecamp/gemfile-lock-fix
...
Update Gemfile.saas.lock
2025-12-11 16:10:54 +00:00
Andy Smith
00d870c502
Merge pull request #2061 from nqst/blank-slates-updates
...
Blank slate adjustments
2025-12-11 10:08:56 -06:00
Kevin McConnell
4edd49374a
Update Gemfile.saas.lock
...
To bring in line with change in [36419c3600 ]
2025-12-11 16:04:55 +00:00
Jason Zimdars
1e59bc9f6f
Merge pull request #2023 from basecamp/theme-switcher-revised
...
Theme switcher revised
2025-12-11 09:46:11 -06:00
Jason Zimdars
941ce1f775
Need to use has*Target to check for optional static targets to prevent console errors
2025-12-11 09:38:34 -06:00
Jason Zimdars
2a0cf4efe9
Turn #theme into a proper setter
2025-12-11 09:31:12 -06:00
Jason Zimdars
21586291fa
Prefer normal if/else conditional
2025-12-11 08:59:13 -06:00
Thiago Youssef
36419c3600
Bump rails version to remove svg renderer patch ( #2081 )
2025-12-11 15:15:54 +01:00
Kevin McConnell
193a28f6c8
Merge pull request #2035 from harisadam/single_tenant
...
Add env-configurable option to disable public signups
2025-12-11 13:08:19 +00:00
Kevin McConnell
05d176cc31
Test that sign in respects single tenant state
2025-12-11 12:49:03 +00:00
Kevin McConnell
3f2938dd8e
Bump fizzy-saas to set config option
2025-12-11 12:24:59 +00:00
Stanko Krtalić
f89838ba96
Merge pull request #2079 from basecamp/fix-direct-uploads-via-api
...
Fix direct uploads via API
2025-12-11 13:04:58 +01:00
Kevin McConnell
06bfe2c982
Scope the config option
...
Also use a `configure` block to set it up.
2025-12-11 11:28:32 +00:00
Kevin McConnell
dece2d08d1
Update namespacing & naming
2025-12-11 11:21:09 +00:00
Kevin McConnell
5d2ca6759d
Naming
2025-12-11 11:20:43 +00:00
Kevin McConnell
cad1e97e8a
Don't need to call this out
2025-12-11 11:20:43 +00:00
Kevin McConnell
0e443d3602
Use initializer to configure tenant mode
2025-12-11 11:20:43 +00:00
Kevin McConnell
a5580666a7
Single tenant by default & update tests
2025-12-11 11:20:43 +00:00
Stanko K.R.
fb77d85b0d
Explain that the upload URL is account-scope
2025-12-11 12:00:51 +01:00
Stanko K.R.
5ee10800a2
Allow direct uploads via API
2025-12-11 11:52:38 +01:00
Jorge Manrubia
dcdd8537af
Merge pull request #2066 from basecamp/text-change-for-golden-tickets
...
Update tip text for turning a card into a Golden Ticket
2025-12-11 07:36:22 +01:00
Adam Haris
f76309d116
Merge branch 'main' into single_tenant
2025-12-11 06:08:01 +01:00
Jeremy Daer
5d181af391
Storage: ignore jobs for now-deleted targets
2025-12-10 20:13:19 -08:00
Jankees van Woezik
477b4d65f2
API: Support created_at for API card and comment creation ( #2056 )
...
* Add support to set `created_at`
Discussed in
https://github.com/basecamp/fizzy/pull/1766#issuecomment-3637846074 ,
this allows users to import cards from another system with entries from
the past. For instance I'm importing all our Github issues (including
the closed onces) to Fizzy.
* Iron out published state tracking
---------
Co-authored-by: Jeremy Daer <jeremy@37signals.com >
2025-12-10 19:57:38 -08:00
Jeremy Daer
90452a4236
Enforce CSP ( #2070 )
2025-12-10 17:55:02 -08:00
Jeremy Daer
22da6dc19d
CSP: full config with env vars per source ( #2069 )
...
* Configure all sources with CSP_* vars. Space separated source list.
* Fall back to `config.x.content_security_policy.*`
* Move our sources to fizzy-saas
References https://github.com/basecamp/fizzy-saas/pull/24
2025-12-10 17:21:09 -08:00
Jeremy Daer
761d0b4a76
Speedy, auditable, deadlock-resistant storage tracking ( #2026 )
...
An append-only storage ledger replaces deadlock-prone synchronous
counter updates and drift-prone async updates.
All content storage (card images, card/comment/board description embeds)
is tracked. Account exports (which expire) and avatars are not tracked.
Storage is accounted for by Account and Board. Both consume the same
event stream independently: no bubble-up storage bumps triggering
deadlocks due to lock sequencing. Each calculates its own total from
the underlying ledger with independent cursors and materialization.
* Storage::Entry: Append-only ledger recording attach/detach/transfer
events with delta bytes. Single event stream indexed for both
Account and Board cursor queries.
* Storage::Total: Polymorphic snapshot cache with cursor (last_entry_id)
tracking which entries have been materialized.
* Storage::Totaled concern: Provides bytes_used (fast snapshot) and
bytes_used_exact (snapshot + pending) query modes, plus
materialize_storage! to roll up pending entries.
* Storage::Tracked concern: For models owning attachments (Card,
Comment, Board). Provides board_for_storage_tracking for models
where board is determined differently (Board returns self).
Handles board transfers by recording transfer_out/transfer_in entries.
* Storage::AttachmentTracking: Hooks ActiveStorage::Attachment lifecycle
to record attach/detach entries. Handles ActionText::RichText embeds
by traversing to the actual model. Snapshots context in before_destroy
to handle cascading deletes where parent record may be gone by
after_destroy_commit.
* MaterializeJob: Rolls up pending entries into snapshot. Concurrency
limited per owner to prevent duplicate work.
* ReconcileJob: On-demand reconciliation against actual attachment
storage for support/debugging. Compares ledger total to real bytes
from card images, card embeds, comment embeds, and board embeds.
Usage:
* account.bytes_used / board.bytes_used: fast, slightly stale bytesize
* account.bytes_used_exact / board.bytes_used_exact: real-time bytesize
* Storage::Entry: audit trail for debugging and point-in-time queries
2025-12-10 16:04:30 -08:00
Jason Zimdars
04d3ac50b2
Clean-up post merge and rework layout to accomodate API and Appearance blocks
2025-12-10 16:46:58 -06:00
Jason Zimdars
6f25b70b7f
Merge branch 'main' into theme-switcher-revised
2025-12-10 16:30:36 -06:00
Jeremy Daer
94e991df07
Gitleaks: ignore legit non-sensitive API keys and tokens in docs/ and test/ ( #2068 )
2025-12-10 14:23:55 -08:00
Jason Zimdars
2d359fa230
Clean-up styles and JS controller, use radios
2025-12-10 16:15:45 -06:00
Mike Dalessio
d750c9e5f2
Merge pull request #2067 from basecamp/flavorjones/gitleaks-20251210
...
Get gitleaks-audit green again
2025-12-10 17:14:40 -05:00
Mike Dalessio
3191c4ec1e
Get gitleaks-audit green again
2025-12-10 17:05:19 -05:00
dependabot[bot]
ef538abb4f
Bump actions/checkout from 4 to 6 ( #2047 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:42 -08:00
dependabot[bot]
19cd7bfeec
Bump docker/login-action from 3.5.0 to 3.6.0 ( #2046 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3.5.0...v3.6.0 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: 3.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:17 -08:00
dependabot[bot]
9ee8b131c5
Bump docker/metadata-action from 5.8.0 to 5.10.0 ( #2045 )
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 5.8.0 to 5.10.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](https://github.com/docker/metadata-action/compare/v5.8.0...v5.10.0 )
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: 5.10.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:25:02 -08:00
dependabot[bot]
a90ad88bab
Bump sigstore/cosign-installer from 3.9.2 to 4.0.0 ( #2044 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.2 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.9.2...v4.0.0 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 13:24:47 -08:00
Hosmel Quintana
df9a4b255c
make MySQL SSL mode configurable via env var ( #2036 )
2025-12-10 13:22:38 -08:00
Brian Bailey
aad3d51e15
Update tip text for turning a card into a Golden Ticket
...
Clarified with JF after noticing language like "turning it into a Golden card" in the help content. We're okay with using "ticket" in this case.
2025-12-10 15:48:14 -05:00
Andy Smith
bed0e4bd9e
Merge pull request #2009 from nqst/clickable-checkbox-labels
...
Make toggle switch labels clickable
2025-12-10 14:47:51 -06:00
Andy Smith
0e9350d637
Revert "Fix Lexxy prompt list padding by lowering rich-text specificity"
...
This reverts commit 31fec69822 .
2025-12-10 14:12:34 -06:00
Andy Smith
31fec69822
Fix Lexxy prompt list padding by lowering rich-text specificity
2025-12-10 14:12:14 -06:00
Stanko Krtalić
96b6c6e9dc
Merge pull request #2060 from basecamp/improve-api-docs-phrasing
...
Improve phrasing
2025-12-10 20:54:34 +01:00
Stanko K.R.
3f2e3e6b62
Improve phrasing
2025-12-10 20:49:36 +01:00
Alexander Zaytsev
8930b1d8c6
Adjust blank slate spacing in Fizzy menu
2025-12-10 20:28:37 +01:00
Alexander Zaytsev
78b62e692e
Apply blank slate styles to .search__empty
2025-12-10 20:26:44 +01:00
Alexander Zaytsev
afc59cd7c9
Hide Previously Seen section when empty
2025-12-10 20:25:58 +01:00