Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
63 commits
Select commit Hold shift + click to select a range
6c764ea
ci/test-nginx: show mock-sentry logs (#1816)
alxndrsn Apr 18, 2026
0379dcf
ci/ghcr: update deprecated docker action versions (#1821)
alxndrsn Apr 18, 2026
ae72624
test/nginx/csp: rename backend-strict policy (#1823)
alxndrsn Apr 22, 2026
963b9dc
ci: only publish containers if tests passed (#1820)
alxndrsn Apr 22, 2026
94aa904
test/nginx/csp: remove duplicate test (#1860)
alxndrsn Apr 29, 2026
1431cb1
nginx/csp: blank.html: allow form-action 'self' (#1857)
alxndrsn Apr 29, 2026
e6df530
nginx/csp: enforce policy for blank.html (#1858)
alxndrsn Apr 29, 2026
9122bb2
csp: allow data: URLs in worker-src for web-forms (#1776)
alxndrsn Apr 30, 2026
711c6ad
nginx/csp: tighten favicon allowance for blank.html (#1855)
alxndrsn Apr 30, 2026
c9b359a
nginx/csp: allow favicons for backend requests (#1854)
alxndrsn Apr 30, 2026
d3eb696
Merge branch 'master' into next
matthew-white May 4, 2026
af64f1d
nginx/csp: enforce policy for central-backend (#1859)
alxndrsn May 5, 2026
625eb98
nginx: fix escaping in /fonts/ matcher (#1863)
alxndrsn May 7, 2026
97b3251
ci: simplify checkout (#1890)
alxndrsn May 9, 2026
fe411c8
Fixes: expected docker context is increased due to WF merge
sadiqkhoja May 14, 2026
448b96a
Merge pull request #1893 from sadiqkhoja/fixes/docker-context
sadiqkhoja May 14, 2026
1a9c7f9
Fixes: install openssl in service container
sadiqkhoja May 13, 2026
b9a1d3f
Merge pull request #1892 from sadiqkhoja/fixes/install-openssl
sadiqkhoja May 15, 2026
e4c7b83
service: move DB_SSL check back to runtime (#1889)
alxndrsn May 25, 2026
95717b1
nginx: enable Content Security Policies (#1909)
alxndrsn May 26, 2026
a4e5b06
test/nginx: fix comment typo (#1938)
alxndrsn Jun 4, 2026
48b7478
test/nginx/docker-compose: restrict open ports to local machine (#1927)
alxndrsn Jun 4, 2026
fc457ec
nginx: test stream interruption (#1939)
alxndrsn Jun 4, 2026
c182517
dev/docker-compose: restrict open ports to local machine (#1925)
alxndrsn Jun 4, 2026
18b9667
nginx: reject form previews with unexpected query params (#1947)
alxndrsn Jun 5, 2026
007fd5c
test: disable case-sensitive routing for express servers (#1953)
alxndrsn Jun 6, 2026
28206d5
ci: increase docker-context file size expecations (#1948)
alxndrsn Jun 6, 2026
0c07aaa
test/nginx: extract request() and add testing (#1955)
alxndrsn Jun 7, 2026
40868ce
ci: read node version from volta declaration (#1958)
alxndrsn Jun 7, 2026
f098936
test: make ExpressJS host-bindings explicit (#1954)
alxndrsn Jun 7, 2026
4ec096d
test/nginx: prevent request() from normalising paths (#1949)
alxndrsn Jun 7, 2026
0db562e
test/nginx: tidy up (#1941)
alxndrsn Jun 9, 2026
7f7d948
nginx: specify nginx version (#1937)
alxndrsn Jun 10, 2026
c20f3ed
test/check-docker-context: ignore .git directory (#1967)
alxndrsn Jun 11, 2026
96cf4ed
test: disable extended query parser for express servers (#1964)
alxndrsn Jun 11, 2026
ce03665
Upgrade Enketo to 7.6.2 (#1965)
lognaturel Jun 12, 2026
c91fe3d
fix(web-forms#535): separate enketo and web-forms into their own vue app
garethbowen Jun 14, 2026
1f0cf1e
fix: reduce runtime memory usage in nginx service
garethbowen Jun 15, 2026
6f8fe88
nginx/web-forms: assert correct HTML is served (#1980)
alxndrsn Jun 15, 2026
27cc8ef
nginx: narrow scope of NodeJS max-old-space-size (#1993)
alxndrsn Jun 15, 2026
4007043
build/nginx: reduce gc heap space allocation (#1994)
alxndrsn Jun 15, 2026
ddaf82f
service: remove volume: data/transfer (#1992)
alxndrsn Jun 15, 2026
6c70ffb
docker-compose: remove dangling volume: transfer (#1973)
alxndrsn Jun 15, 2026
e67a2fa
check-docker-context: use custom builder explicitly (#1990)
alxndrsn Jun 15, 2026
4a88431
test/nginx: remove comment re: web-forms paths (#1977)
alxndrsn Jun 15, 2026
8ecbaa7
nginx: remove misleading web-forms config (#1982)
alxndrsn Jun 16, 2026
3a437ac
nginx/web-forms: simplify try_files directive (#1983)
alxndrsn Jun 16, 2026
1288db9
nginx: merge duplicate web-forms regexes (#1984)
alxndrsn Jun 16, 2026
8967ba0
test/nginx: add more fake webforms paths (#1985)
alxndrsn Jun 16, 2026
883431c
chore: pass frontend Sentry DSN (#2005)
latin-panda Jun 22, 2026
8b8a038
client: replace submodule with specific release (#1998)
alxndrsn Jun 22, 2026
259f9fa
chore: rename variable to SENTRY_DSN_FRONTEND (#2010)
latin-panda Jun 23, 2026
7489585
chore: updates PR template (#2014)
latin-panda Jun 25, 2026
17ec5a4
Update pyxform image version to v4.5.0 (#2020)
lognaturel Jun 25, 2026
1214873
Upgrade node to 24.16.0
lognaturel Jun 25, 2026
1e4cf82
Upgrade nginx to 1.31.2
lognaturel Jun 25, 2026
ac22116
Upgrade Postgres to 14.23
lognaturel Jun 25, 2026
eb8127f
Upgrade smtp image to latest in 1.2.x
lognaturel Jun 25, 2026
41d0827
Upgrade redis to latest in 8.6.x
lognaturel Jun 25, 2026
d058b88
Upgrade test dependencies
lognaturel Jun 25, 2026
c0898a8
Upgrade playwright to fix CI
lognaturel Jun 25, 2026
2a4967e
Merge pull request #2022 from lognaturel/v2026.2-deps
lognaturel Jun 29, 2026
d30c049
Update FRONTEND_VERSION before regression testing
matthew-white Jun 29, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .env.template
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ HTTPS_PORT=443
# SENTRY_PROJECT=
# SENTRY_TRACE_RATE=

# Optional: configure frontend error reporting
# SENTRY_DSN_FRONTEND=

# Optional: configure S3-compatible storage for binary files
# S3_SERVER=
# S3_ACCESS_KEY=
Expand Down
10 changes: 4 additions & 6 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
> [!WARNING]
> Branch off and target `next`, not `master`. The `master` is stable and used in production (exception: documentation/infrastructure-only changes).

Closes #

#### What has been done to verify that this works as intended?

#### Why is this the best possible solution? Were any other approaches considered?

#### How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?
#### How does this change impact users? Describe intentional behavior changes from code updates. What are the regression risks?

#### Does this change require updates to documentation? If so, please file an issue [here](https://github.com/getodk/docs/issues/new) and include the link below.

#### Before submitting this PR, please make sure you have:

- [ ] branched off and targeted the `next` branch OR only changed documentation/infrastructure (`master` is stable and used in production)
- [ ] verified that any code or assets from external sources are properly credited in comments or that everything is internally sourced
61 changes: 0 additions & 61 deletions .github/workflows/ghcr.yml

This file was deleted.

173 changes: 173 additions & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
name: Test, Build, Publish

on:
push:
pull_request:
workflow_dispatch:
inputs:
publish_image:
description: 'Publish image to registry?'
required: true
type: boolean
default: false

jobs:
test-misc: # quick, simple checks
timeout-minutes: 2
runs-on: ubuntu-latest
steps:
- run: docker --version
- run: docker compose version
- uses: actions/checkout@v5
- run: ./test/check-submodules.sh
- run: ./test/test-with-pgenvblock.sh
- run: sudo apt-get install shellcheck
- run: ./test/check-scripts.sh
- run: ./test/check-for-large-files.sh
- run: ./test/check-dockerfiles.sh
- run: cd test && npm clean-install
- run: cd test && npm run lint
- run: cd test && npm run test:github-actions
test-envsub:
timeout-minutes: 2
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- run: cd test/envsub && ./run-tests.sh
test-nginx:
timeout-minutes: 4
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
with:
node-version-file: test/package.json
- run: cd test/nginx && npm clean-install
- run: cd test/nginx && ./setup-tests.sh
- run: cd test/nginx && npm run test:nginx:mocha
- run: cd test/nginx && ./lint-config.sh

- run: cd test/nginx && npx playwright install --with-deps chromium-headless-shell
- run: cd test/nginx && npm run test:nginx:playwright

- if: always()
run: cd test/nginx && docker compose -f nginx.test.docker-compose.yml logs --no-log-prefix nginx-ssl-selfsign
- if: always()
run: cd test/nginx && docker compose -f nginx.test.docker-compose.yml logs --no-log-prefix nginx-ssl-upstream
- if: always()
run: cd test/nginx && docker compose -f nginx.test.docker-compose.yml logs --no-log-prefix service
- if: always()
run: cd test/nginx && docker compose -f nginx.test.docker-compose.yml logs --no-log-prefix enketo
- if: always()
run: cd test/nginx && docker compose -f nginx.test.docker-compose.yml logs --no-log-prefix sentry-mock
test-secrets:
timeout-minutes: 2
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- run: ./test/test-secrets.sh
test-service:
timeout-minutes: 5
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
submodules: true
- uses: actions/setup-node@v5
with:
node-version-file: test/package.json
- run: cd test/nginx && npm clean-install
- run: cd test/nginx && npm run test:service
test-images:
timeout-minutes: 10
needs:
- test-misc
- test-envsub
- test-nginx
- test-secrets
- test-service
runs-on: ubuntu-latest # TODO matrix to run on all expected versions?
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
fetch-tags: true
submodules: recursive

- run: ./test/check-docker-context.sh --min-size 5000 --max-size 10000 --min-count 600 --max-count 700

- name: Extract FRONTEND_VERSION
run: |
touch .env
echo "FRONTEND_VERSION=$(
docker compose config --format json | jq -r .services.nginx.build.args.FRONTEND_VERSION
)" >> "$GITHUB_ENV"

- run: FRONTEND_BUILD_MODE=fetch ./test/test-images.sh

# Check out the current frontend version referenced by docker-compose, as it should build OK.
- run: |
git clone \
--depth 1 \
--branch "$FRONTEND_VERSION" \
https://github.com/getodk/central-frontend.git \
client
- run: FRONTEND_BUILD_MODE=source ./test/test-images.sh

- if: always()
run: docker compose logs
build-push-image:
if: |
(github.event_name == 'workflow_dispatch' && inputs.publish_image == true) ||
(github.event_name != 'workflow_dispatch' && (
github.ref == 'refs/heads/master' ||
startsWith(github.ref, 'refs/tags/v')
))
needs:
- test-images
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
strategy:
matrix:
image: [nginx, service]
env:
REGISTRY: ghcr.io
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
fetch-depth: 0
fetch-tags: true
submodules: recursive
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v4
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Show Docker Context
run: ./test/check-docker-context.sh --report

- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v6
with:
images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/central-${{ matrix.image }}

- name: Set up QEMU emulator for multi-arch images
uses: docker/setup-qemu-action@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4

- name: Build and push ${{ matrix.image }} Docker image
uses: docker/build-push-action@v7
with:
file: ${{ matrix.image }}.dockerfile
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: 'linux/amd64,linux/arm64'
85 changes: 0 additions & 85 deletions .github/workflows/test.yml

This file was deleted.

1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
*.swp
*.swo
/.env
/client/
/docker-compose.override.yml
/version.txt

Expand Down
3 changes: 0 additions & 3 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
[submodule "server"]
path = server
url = https://github.com/getodk/central-backend.git
[submodule "client"]
path = client
url = https://github.com/getodk/central-frontend.git
10 changes: 10 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,16 @@ This repository serves administrative functions, but it also contains the Docker

To learn how to run such a stack in production, please take a look at [our DigitalOcean installation guide](https://docs.getodk.org/central-install-digital-ocean/).

### Sentry (optional)

To enable frontend error reporting and performance monitoring via Sentry, set `SENTRY_DSN_FRONTEND` in your `.env` file (see `.env.template`) and restart:

```sh
docker compose up -d
```

Deployments that omit this variable are unaffected — Sentry will remain disabled.

## Node.js version

We aim to use the latest [active LTS version of Node.js](https://github.com/nodejs/release/blob/main/README.md#release-schedule). This means that we generally update the major Node version used across all Central components once a year. Each time we do a Central release, we update to the latest version within the active LTS line. Node updates are done near the end of the release cycle but before regression testing.
Expand Down
1 change: 0 additions & 1 deletion client
Submodule client deleted from 56b6bb
Loading
Loading