Merge pull request #117 from djmitche/security-scan-weekly

run the security scan weekly, not daily
2025-06-26 10:54:29 +02:00 · 2025-06-01 20:44:27 -04:00 · 2025-06-01 20:41:21 -04:00 · 2025-05-23 20:42:56 -04:00 · 2025-05-24 00:01:02 +00:00 · 2025-05-12 21:46:44 -04:00
10 changed files with 453 additions and 326 deletions
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@ -2,7 +2,7 @@ name: security

 on:
  schedule:
-    - cron: '0 0 * * *'
+    - cron: '33 0 * * THU'
  push:
    paths:
      - '**/Cargo.toml'
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -8,8 +8,8 @@ members = [
 rust-version = "1.81.0" # MSRV

 [workspace.dependencies]
-uuid = { version = "^1.15.1", features = ["serde", "v4"] }
-actix-web = "^4.9.0"
+uuid = { version = "^1.17.0", features = ["serde", "v4"] }
+actix-web = "^4.11.0"
 anyhow = "1.0"
 thiserror = "2.0"
 futures = "^0.3.25"
@ -17,7 +17,7 @@ serde_json = "^1.0"
 serde = { version = "^1.0.147", features = ["derive"] }
 clap = { version = "^4.5.6", features = ["string", "env"] }
 log = "^0.4.17"
-env_logger = "^0.11.5"
+env_logger = "^0.11.7"
 rusqlite = { version = "0.32", features = ["bundled"] }
 chrono = { version = "^0.4.38", features = ["serde"] }
 actix-rt = "2"
--- a/2
+++ b/2
@ -19,7 +19,7 @@ RUN apk add --no-cache su-exec && \
  -g taskchampion taskchampion && \
  install -d -m1755 -o1092 -g1092 "/var/lib/taskchampion-sync-server"
 EXPOSE 8080
-VOLUME /var/lib/task-champion-sync-server/data
+VOLUME /var/lib/taskchampion-sync-server/data
 COPY docker-entrypoint.sh /bin
 ENTRYPOINT [ "/bin/docker-entrypoint.sh" ]
 CMD [ "/bin/taskchampion-sync-server" ]
--- a/README.md
+++ b/README.md
@ -33,7 +33,7 @@ Every release of the server generates a Docker image in
 and `0.5.1`.

 The
-[`docker-compose.yml`](https://raw.githubusercontent.com/GothenburgBitFactory/taskchampion-sync-server/refs/tags/v0.6.0/docker-compose.yml)
+[`docker-compose.yml`](https://raw.githubusercontent.com/GothenburgBitFactory/taskchampion-sync-server/refs/tags/v0.6.1/docker-compose.yml)
 file in this repository is sufficient to run taskchampion-sync-server,
 including setting up TLS certificates using Lets Encrypt, thanks to
 [Caddy](https://caddyserver.com/).
@ -46,9 +46,14 @@ On that server, download `docker-compose.yml` from the link above (it is pinned
 to the latest release) into the current directory. Then run

 ```sh
-TASKCHAMPION_SYNC_SERVER_HOSTNAME=taskwarrior.example.com docker compose up
+TASKCHAMPION_SYNC_SERVER_HOSTNAME=taskwarrior.example.com \
+TASKCHAMPION_SYNC_SERVER_CLIENT_ID=your-client-id \
+docker compose up
 ```

+The `TASKCHAMPION_SYNC_SERVER_CLIENT_ID` limits the server to the given client
+ID; omit it to allow all client IDs.
+
 It can take a few minutes to obtain the certificate; the caddy container will
 log a message "certificate obtained successfully" when this is complete, or
 error messages if the process fails. Once this process is complete, configure
@ -56,8 +61,8 @@ your `.taskrc`'s to point to the server:

 ```
 sync.server.url=https://taskwarrior.example.com
-sync.server.client_id=[your client-id]
-sync.encryption_secret=[your encryption secret]
+sync.server.client_id=your-client-id
+sync.encryption_secret=your-encryption-secret
 ```

 The docker-compose images store data in a docker volume named
@ -149,4 +154,12 @@ docker run -t -d \

 This start TaskChampion Sync-Server and publish the port to host. Please
 note that this is a basic run, all data will be destroyed after stop and
-delete container.
+delete container. You may also set `DATA_DIR`, `CLIENT_ID`, or `LISTEN` with `-e`, e.g.,
+
+```sh
+docker run -t -d \
+  --name=taskchampion \
+  -e LISTEN=0.0.0.0:9000 \
+  -p 9000:9000 \
+  taskchampion-sync-server
+```
--- a/core/Cargo.toml
+++ b/core/Cargo.toml
@ -1,9 +1,11 @@
 [package]
 name = "taskchampion-sync-server-core"
-version = "0.6.0"
+version = "0.6.2-pre"
 authors = ["Dustin J. Mitchell <dustin@mozilla.com>"]
 edition = "2021"
 description = "Core of sync protocol for TaskChampion"
+homepage = "https://github.com/GothenburgBitFactory/taskchampion"
+repository = "https://github.com/GothenburgBitFactory/taskchampion-sync-server"
 license = "MIT"

 [dependencies]
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -43,12 +43,13 @@ services:
        condition: service_completed_successfully

  tss:
-    image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server:0.6.0
+    image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server:0.6.1
    restart: unless-stopped
    environment:
      - "RUST_LOG=info"
      - "DATA_DIR=/var/lib/taskchampion-sync-server/data"
      - "LISTEN=0.0.0.0:8080"
+      - "CLIENT_ID=${TASKCHAMPION_SYNC_SERVER_CLIENT_ID}"
    volumes:
      - type: volume
        source: data
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -2,12 +2,28 @@
 set -e
 echo "starting entrypoint script..."
 if [ "$1" = "/bin/taskchampion-sync-server" ]; then
-    echo "setting data directories"
-    mkdir -p "/var/lib/taskchampion-sync-server/data"
-    chown -R 1092:1092 "/var/lib/taskchampion-sync-server/data"
-    chmod -R 700 "/var/lib/taskchampion-sync-server/data"
+    : ${DATA_DIR:=/var/lib/taskchampion-sync-server}
+    export DATA_DIR
+    echo "setting up data directory ${DATA_DIR}"
+    mkdir -p "${DATA_DIR}"
+    chown -R taskchampion:users "${DATA_DIR}"
+    chmod -R 700 "${DATA_DIR}"
+
+    : ${LISTEN:=0.0.0.0:8080}
+    export LISTEN
+    echo "Listen set to ${LISTEN}"
+
+    if [ -n "${CLIENT_ID}" ]; then
+        export CLIENT_ID
+        echo "Limiting to client ID ${CLIENT_ID}"
+    else
+        unset CLIENT_ID
+    fi
+
    if [ "$(id -u)" = "0" ]; then
-        echo "switching to user 'taskchampion'"
+        echo "Running server as user 'taskchampion'"
        exec su-exec taskchampion "$@"
    fi
+else
+    eval "${@}"
 fi
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "taskchampion-sync-server"
-version = "0.6.0"
+version = "0.6.2-pre"
 authors = ["Dustin J. Mitchell <dustin@mozilla.com>"]
 edition = "2021"
 publish = false
--- a/sqlite/Cargo.toml
+++ b/sqlite/Cargo.toml
@ -1,13 +1,15 @@
 [package]
 name = "taskchampion-sync-server-storage-sqlite"
-version = "0.6.0"
+version = "0.6.2-pre"
 authors = ["Dustin J. Mitchell <dustin@mozilla.com>"]
 edition = "2021"
 description = "SQLite backend for TaskChampion-sync-server"
+homepage = "https://github.com/GothenburgBitFactory/taskchampion"
+repository = "https://github.com/GothenburgBitFactory/taskchampion-sync-server"
 license = "MIT"

 [dependencies]
-taskchampion-sync-server-core = { path = "../core", version = "0.6.0" }
+taskchampion-sync-server-core = { path = "../core", version = "0.6.2-pre" }
 uuid.workspace = true
 anyhow.workspace = true
 thiserror.workspace = true
Author	SHA1	Message	Date
Dustin J. Mitchell	953411bff8	Merge pull request #117 from djmitche/security-scan-weekly run the security scan weekly, not daily	2025-06-01 20:44:27 -04:00
Dustin J. Mitchell	91763641c6	run the security scan weekly, not daily	2025-06-01 20:41:21 -04:00
Dustin J. Mitchell	721957d7c7	Merge pull request #116 from GothenburgBitFactory/dependabot/cargo/uuid-1.17.0 Bump uuid from 1.16.0 to 1.17.0	2025-05-23 20:42:56 -04:00
dependabot[bot]	35a4eefda3	Bump uuid from 1.16.0 to 1.17.0 Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/uuid-rs/uuid/releases) - [Commits](https://github.com/uuid-rs/uuid/compare/v1.16.0...v1.17.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-24 00:01:02 +00:00
Dustin J. Mitchell	ad01f28a40	Merge pull request #115 from GothenburgBitFactory/dependabot/cargo/actix-web-4.11.0 Bump actix-web from 4.10.2 to 4.11.0	2025-05-12 21:46:44 -04:00
Dustin J. Mitchell	29a4214117	Merge pull request #114 from GothenburgBitFactory/dependabot/cargo/tempfile-3.20.0 Bump tempfile from 3.19.1 to 3.20.0	2025-05-12 21:46:02 -04:00
dependabot[bot]	b9cdae975b	Bump actix-web from 4.10.2 to 4.11.0 Bumps [actix-web](https://github.com/actix/actix-web) from 4.10.2 to 4.11.0. - [Release notes](https://github.com/actix/actix-web/releases) - [Changelog](https://github.com/actix/actix-web/blob/master/CHANGES.md) - [Commits](https://github.com/actix/actix-web/compare/web-v4.10.2...web-v4.11.0) --- updated-dependencies: - dependency-name: actix-web dependency-version: 4.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-12 23:59:38 +00:00
dependabot[bot]	271e5eaf3d	Bump tempfile from 3.19.1 to 3.20.0 Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.19.1 to 3.20.0. - [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md) - [Commits](https://github.com/Stebalien/tempfile/compare/v3.19.1...v3.20.0) --- updated-dependencies: - dependency-name: tempfile dependency-version: 3.20.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-05-12 23:54:47 +00:00
Dustin J. Mitchell	67b441081d	Merge pull request #112 from awilkins/fix/data-path Make path to data folder consistent	2025-04-15 14:16:32 -04:00
Adrian Wilkins	5abb89c421	Make path to data folder consistent	2025-04-14 23:07:41 +01:00
Dustin J. Mitchell	cd15b2377b	Merge pull request #111 from djmitche/issue110 Cargo update, including tokio for RUSTSEC-2025-0023	2025-04-07 22:37:16 -04:00
Dustin J. Mitchell	ceed460707	Cargo update, including tokio for RUSTSEC-2025-0023	2025-04-07 22:31:43 -04:00
Dustin J. Mitchell	8a7df6d9d5	Merge pull request #108 from GothenburgBitFactory/dependabot/cargo/uuid-1.16.0 Bump uuid from 1.15.1 to 1.16.0	2025-03-14 20:13:19 -04:00
dependabot[bot]	92206f2488	Bump uuid from 1.15.1 to 1.16.0 Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.15.1 to 1.16.0. - [Release notes](https://github.com/uuid-rs/uuid/releases) - [Commits](https://github.com/uuid-rs/uuid/compare/v1.15.1...v1.16.0) --- updated-dependencies: - dependency-name: uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-03-14 23:50:45 +00:00
Dustin J. Mitchell	db8fbb3919	Merge pull request #107 from djmitche/env-logger update env_logger to stop using humantime	2025-03-10 23:07:26 -04:00
Dustin J. Mitchell	ba69f98195	update env_logger to stop using humantime	2025-03-10 23:07:02 -04:00
Dustin J. Mitchell	cae0bb3fd8	Merge pull request #105 from GothenburgBitFactory/dependabot/cargo/actix-web-4.10.2 Bump actix-web from 4.9.0 to 4.10.2	2025-03-10 22:53:21 -04:00
dependabot[bot]	7bec7ce25d	Bump actix-web from 4.9.0 to 4.10.2 Bumps [actix-web](https://github.com/actix/actix-web) from 4.9.0 to 4.10.2. - [Release notes](https://github.com/actix/actix-web/releases) - [Changelog](https://github.com/actix/actix-web/blob/master/CHANGES.md) - [Commits](https://github.com/actix/actix-web/compare/web-v4.9.0...web-v4.10.2) --- updated-dependencies: - dependency-name: actix-web dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-03-10 23:42:25 +00:00
Dustin J. Mitchell	4b55423595	Bump to -pre version	2025-03-03 22:43:37 +00:00
Dustin J. Mitchell	a9b9921833	v0.6.1	2025-03-03 22:41:40 +00:00
Dustin J. Mitchell	a7dc9e84b4	Allow specifying client ID when running docker-compose (#101 ) This also fixes up some handling of default values in the entrypoint.	2025-03-03 17:39:59 -05:00
Dustin J. Mitchell	7430d6feec	add homepage / repository to published crates (#100 )	2025-03-03 16:59:09 -05:00
Dustin J. Mitchell	ecdfb6bdfd	Use DATA_DIR and taskchampion username in entrypoint (#99 ) In fact, there is no taskchampion group (1092 is not a defined gid). Instead taskchampion is in the `users` group.	2025-03-03 16:53:53 -05:00
Dustin J. Mitchell	55892d3b2d	Bump to -pre version	2025-03-01 18:21:09 +00:00