Merge tag 'v19.0.0' into sc

* Remove unused sessionStore ([\matrix-org#2455](matrix-org#2455)).
* Implement MSC3827: Filtering of `/publicRooms` by room type ([\matrix-org#2469](matrix-org#2469)).
* expose latestLocationEvent on beacon model ([\matrix-org#2467](matrix-org#2467)). Contributed by @kerryarchibald.
* Live location share - add start time leniency ([\matrix-org#2465](matrix-org#2465)). Contributed by @kerryarchibald.
* Log real errors and not just their messages, traces are useful ([\matrix-org#2464](matrix-org#2464)).
* Various changes to `src/crypto` files for correctness ([\matrix-org#2137](matrix-org#2137)). Contributed by @ShadowJonathan.
* Update MSC3786 implementation: Check the `state_key` ([\matrix-org#2429](matrix-org#2429)).
* Timeline needs to refresh when we see a MSC2716 marker event  ([\matrix-org#2299](matrix-org#2299)). Contributed by @MadLittleMods.
* Try to load keys from key backup when a message fails to decrypt ([\matrix-org#2373](matrix-org#2373)). Fixes element-hq/element-web#21026. Contributed by @duxovni.
* Send call version `1` as a string ([\matrix-org#2471](matrix-org#2471)). Fixes element-hq/element-web#22629.
* Fix issue with `getEventTimeline` returning undefined for thread roots in main timeline ([\matrix-org#2454](matrix-org#2454)). Fixes element-hq/element-web#22539.
* Add missing `type` property on `IAuthData` ([\matrix-org#2463](matrix-org#2463)).
* Clearly indicate that `lastReply` on a Thread can return falsy ([\matrix-org#2462](matrix-org#2462)).
* Fix issues with getEventTimeline and thread roots ([\matrix-org#2444](matrix-org#2444)). Fixes element-hq/element-web#21613.
* Live location sharing - monitor liveness of beacons yet to start ([\matrix-org#2437](matrix-org#2437)). Contributed by @kerryarchibald.
* Refactor Relations to not be per-EventTimelineSet ([\matrix-org#2412](matrix-org#2412)). Fixes matrix-org#2399 and element-hq/element-web#22298.
* Add tests for sendEvent threadId handling ([\matrix-org#2435](matrix-org#2435)). Fixes element-hq/element-web#22433.
* Make sure `encryptAndSendKeysToDevices` assumes devices are unique per-user. ([\matrix-org#2136](matrix-org#2136)). Fixes matrix-org#2135. Contributed by @ShadowJonathan.
* Don't bug the user while re-checking key backups after decryption failures ([\matrix-org#2430](matrix-org#2430)). Fixes element-hq/element-web#22416. Contributed by @duxovni.

.github/workflows/notify-downstream.yaml

@@ -5,6 +5,8 @@ on:
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 jobs:
   notify-downstream:
+    # Only respect triggers from our develop branch, ignore that of forks
+    if: github.repository == 'matrix-org/matrix-js-sdk'
     continue-on-error: true
     strategy:
       fail-fast: false

.github/workflows/pull_request.yaml

@@ -2,6 +2,16 @@ name: Pull Request
 on:
   pull_request_target:
     types: [ opened, edited, labeled, unlabeled, synchronize ]
+  workflow_call:
+    inputs:
+      labels:
+        type: string
+        default: "T-Defect,T-Deprecation,T-Enhancement,T-Task"
+        required: false
+        description: "No longer used, uses allchange logic now, will be removed at a later date"
+    secrets:
+      ELEMENT_BOT_TOKEN:
+        required: true
 concurrency: ${{ github.workflow }}-${{ github.event.pull_request.head.ref }}
 jobs:
   changelog:
@@ -12,15 +22,71 @@ jobs:
       - uses: matrix-org/allchange@main
         with:
           ghToken: ${{ secrets.GITHUB_TOKEN }}
+          requireLabel: true
 
-  enforce-label:
-    name: Enforce Labels
+  prevent-blocked:
+    name: Prevent Blocked
     runs-on: ubuntu-latest
     permissions:
       pull-requests: read
     steps:
-      - uses: yogevbd/[email protected]
+      - name: Add notice
+        uses: actions/github-script@v5
+        if: contains(github.event.pull_request.labels.*.name, 'X-Blocked')
         with:
-          REQUIRED_LABELS_ANY: "T-Defect,T-Deprecation,T-Enhancement,T-Task"
-          BANNED_LABELS: "X-Blocked"
-          BANNED_LABELS_DESCRIPTION: "Preventing merge whilst PR is marked blocked!"
+          script: |
+            core.setFailed("Preventing merge whilst PR is marked blocked!");
+
+  community-prs:
+    name: Label Community PRs
+    runs-on: ubuntu-latest
+    if: github.event.action == 'opened'
+    steps:
+      - name: Check membership
+        uses: tspascoal/get-user-teams-membership@v1
+        id: teams
+        with:
+          username: ${{ github.event.pull_request.user.login }}
+          organization: matrix-org
+          team: Core Team
+          GITHUB_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
+
+      - name: Add label
+        if: ${{ steps.teams.outputs.isTeamMember == 'false' }}
+        uses: actions/github-script@v5
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['Z-Community-PR']
+            });
+
+  close-if-fork-develop:
+    name: Forbid develop branch fork contributions
+    runs-on: ubuntu-latest
+    if: >
+      github.event.action == 'opened' &&
+      github.event.pull_request.head.ref == 'develop' &&
+      github.event.pull_request.head.repo.full_name != github.repository
+    steps:
+      - name: Close pull request
+        uses: actions/github-script@v5
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: "Thanks for opening this pull request, unfortunately we do not accept contributions from the main" +
+                " branch of your fork, please re-open once you switch to an alternative branch for everyone's sanity." +
+                " See https://github.com/matrix-org/matrix-js-sdk/blob/develop/CONTRIBUTING.md",
+            });
+
+            github.rest.pulls.update({
+              pull_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'closed'
+            });

.github/workflows/sonarcloud.yml

@@ -2,91 +2,23 @@
 name: SonarCloud
 on:
   workflow_call:
-    inputs:
-      repo:
-        type: string
-        required: true
-        description: The full name of the repo in org/repo format
-      head_branch:
-        type: string
-        required: true
-        description: The name of the head branch
-      # We cannot use ${{ github.sha }} here as for pull requests it'll be a simulated merge commit instead
-      revision:
-        type: string
-        required: true
-        description: The git revision with which this sonar run should be associated
-
-      # Coverage specific parameters, assumes coverage reports live in a /coverage/ directory
-      coverage_workflow_name:
-        type: string
-        required: false
-        description: The name of the workflow which uploaded the `coverage` artifact, if any
-      coverage_run_id:
-        type: string
-        required: false
-        description: The run_id of the workflow which upload the coverage relevant to this run
-
-      # PR specific parameters
-      pr_id:
-        type: string
-        required: false
-        description: The ID number of the PR if this workflow is being triggered due to one
-      base_branch:
-        type: string
-        required: false
-        description: The base branch of the PR if this workflow is being triggered due to one
     secrets:
       SONAR_TOKEN:
         required: true
 jobs:
-  analysis:
-    name: Analysis
+  sonarqube:
     runs-on: ubuntu-latest
+    if: github.event.workflow_run.conclusion == 'success'
     steps:
-      - name: "🧮 Checkout code"
-        uses: actions/checkout@v3
-        with:
-          repository: ${{ inputs.repo }}
-          ref: ${{ inputs.head_branch }} # checkout commit that triggered this workflow
-          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
-
-      # Fetch base branch from the upstream repo so that Sonar can identify new code in PR builds
-      - name: "📕 Fetch upstream base branch"
-        # workflow_call retains the github context of the caller, so `repository` will be upstream always due
-        # to it running on `workflow_run` which is called from the context of the target repo and not the fork.
-        if: inputs.base_branch
-        run: |
-          git remote add upstream https://github.com/${{ github.repository }}
-          git rev-parse HEAD
-          git fetch upstream ${{ inputs.base_branch }}:${{ inputs.base_branch }}
-          git status
-          git rev-parse HEAD
-
-      # There's a 'download artifact' action, but it hasn't been updated for the workflow_run action
-      # (https://github.com/actions/download-artifact/issues/60) so instead we get this alternative:
-      - name: "📥 Download Coverage Report"
-        uses: dawidd6/action-download-artifact@v2
-        if: inputs.coverage_workflow_name
-        with:
-          workflow: ${{ inputs.coverage_workflow_name }}
-          run_id: ${{ inputs.coverage_run_id }}
-          name: coverage
-          path: coverage
-
-      - name: "🔍 Read package.json version"
-        id: version
-        uses: martinbeentjes/npm-get-version-action@main
-
       - name: "🩻 SonarCloud Scan"
-        uses: SonarSource/sonarcloud-github-action@master
+        uses: matrix-org/sonarcloud-workflow-action@v2.2
         with:
-          args: >
-            -Dsonar.projectVersion=${{ steps.version.outputs.current-version }}
-            -Dsonar.scm.revision=${{ inputs.revision }}
-            -Dsonar.pullrequest.key=${{ inputs.pr_id }}
-            -Dsonar.pullrequest.branch=${{ inputs.pr_id && inputs.head_branch }}
-            -Dsonar.pullrequest.base=${{ inputs.pr_id && inputs.base_branch }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          repository: ${{ github.event.workflow_run.head_repository.full_name }}
+          is_pr: ${{ github.event.workflow_run.event == 'pull_request' }}
+          version_cmd: 'cat package.json | jq -r .version'
+          branch: ${{ github.event.workflow_run.head_branch }}
+          revision: ${{ github.event.workflow_run.head_sha }}
+          token: ${{ secrets.SONAR_TOKEN }}
+          coverage_run_id: ${{ github.event.workflow_run.id }}
+          coverage_workflow_name: tests.yml
+          coverage_extract_path: coverage

.github/workflows/sonarqube.yml

@@ -8,30 +8,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch }}
   cancel-in-progress: true
 jobs:
-  prdetails:
-    name: ℹ️ PR Details
-    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
-    uses: matrix-org/matrix-js-sdk/.github/workflows/pr_details.yml@develop
-    with:
-      owner: ${{ github.event.workflow_run.head_repository.owner.login }}
-      branch: ${{ github.event.workflow_run.head_branch }}
-
   sonarqube:
     name: 🩻 SonarQube
-    needs: prdetails
-    # Only wait for prdetails if it isn't skipped
-    if: |
-      always() &&
-      (needs.prdetails.result == 'success' || needs.prdetails.result == 'skipped') &&
-      github.event.workflow_run.conclusion == 'success'
     uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
-    with:
-      repo: ${{ github.event.workflow_run.head_repository.full_name }}
-      pr_id: ${{ needs.prdetails.outputs.pr_id }}
-      head_branch: ${{ needs.prdetails.outputs.head_branch || github.event.workflow_run.head_branch }}
-      base_branch: ${{ needs.prdetails.outputs.base_branch }}
-      revision: ${{ github.event.workflow_run.head_sha }}
-      coverage_workflow_name: tests.yml
-      coverage_run_id: ${{ github.event.workflow_run.id }}
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

CHANGELOG.md

@@ -1,3 +1,31 @@
+Changes in [19.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v19.0.0) (2022-07-05)
+==================================================================================================
+
+## 🚨 BREAKING CHANGES
+ * Remove unused sessionStore ([\#2455](https://github.com/matrix-org/matrix-js-sdk/pull/2455)).
+
+## ✨ Features
+ * Implement MSC3827: Filtering of `/publicRooms` by room type ([\#2469](https://github.com/matrix-org/matrix-js-sdk/pull/2469)).
+ * expose latestLocationEvent on beacon model ([\#2467](https://github.com/matrix-org/matrix-js-sdk/pull/2467)). Contributed by @kerryarchibald.
+ * Live location share - add start time leniency ([\#2465](https://github.com/matrix-org/matrix-js-sdk/pull/2465)). Contributed by @kerryarchibald.
+ * Log real errors and not just their messages, traces are useful ([\#2464](https://github.com/matrix-org/matrix-js-sdk/pull/2464)).
+ * Various changes to `src/crypto` files for correctness ([\#2137](https://github.com/matrix-org/matrix-js-sdk/pull/2137)). Contributed by @ShadowJonathan.
+ * Update MSC3786 implementation: Check the `state_key` ([\#2429](https://github.com/matrix-org/matrix-js-sdk/pull/2429)).
+ * Timeline needs to refresh when we see a MSC2716 marker event  ([\#2299](https://github.com/matrix-org/matrix-js-sdk/pull/2299)). Contributed by @MadLittleMods.
+ * Try to load keys from key backup when a message fails to decrypt ([\#2373](https://github.com/matrix-org/matrix-js-sdk/pull/2373)). Fixes vector-im/element-web#21026. Contributed by @duxovni.
+
+## 🐛 Bug Fixes
+ * Send call version `1` as a string ([\#2471](https://github.com/matrix-org/matrix-js-sdk/pull/2471)). Fixes vector-im/element-web#22629.
+ * Fix issue with `getEventTimeline` returning undefined for thread roots in main timeline ([\#2454](https://github.com/matrix-org/matrix-js-sdk/pull/2454)). Fixes vector-im/element-web#22539.
+ * Add missing `type` property on `IAuthData` ([\#2463](https://github.com/matrix-org/matrix-js-sdk/pull/2463)).
+ * Clearly indicate that `lastReply` on a Thread can return falsy ([\#2462](https://github.com/matrix-org/matrix-js-sdk/pull/2462)).
+ * Fix issues with getEventTimeline and thread roots ([\#2444](https://github.com/matrix-org/matrix-js-sdk/pull/2444)). Fixes vector-im/element-web#21613.
+ * Live location sharing - monitor liveness of beacons yet to start ([\#2437](https://github.com/matrix-org/matrix-js-sdk/pull/2437)). Contributed by @kerryarchibald.
+ * Refactor Relations to not be per-EventTimelineSet ([\#2412](https://github.com/matrix-org/matrix-js-sdk/pull/2412)). Fixes #2399 and vector-im/element-web#22298.
+ * Add tests for sendEvent threadId handling ([\#2435](https://github.com/matrix-org/matrix-js-sdk/pull/2435)). Fixes vector-im/element-web#22433.
+ * Make sure `encryptAndSendKeysToDevices` assumes devices are unique per-user. ([\#2136](https://github.com/matrix-org/matrix-js-sdk/pull/2136)). Fixes #2135. Contributed by @ShadowJonathan.
+ * Don't bug the user while re-checking key backups after decryption failures ([\#2430](https://github.com/matrix-org/matrix-js-sdk/pull/2430)). Fixes vector-im/element-web#22416. Contributed by @duxovni.
+
 Changes in [18.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v18.1.0) (2022-06-07)
 ==================================================================================================
 

CONTRIBUTING.md

@@ -23,19 +23,25 @@ Things that should go into your PR description:
  * A changelog entry in the `Notes` section (see below)
  * References to any bugs fixed by the change (in GitHub's `Fixes` notation)
  * Describe the why and what is changing in the PR description so it's easy for
-   onlookers and reviewers to onboard and context switch.
+   onlookers and reviewers to onboard and context switch. This information is
+   also helpful when we come back to look at this in 6 months and ask "why did
+   we do it like that?" we have a chance of finding out.
+      * Why didn't it work before? Why does it work now? What use cases does it
+        unlock?
+      * If you find yourself adding information on how the code works or why you
+        chose to do it the way you did, make sure this information is instead
+        written as comments in the code itself.
+      * Sometimes a PR can change considerably as it is developed. In this case,
+        the description should be updated to reflect the most recent state of
+        the PR. (It can be helpful to retain the old content under a suitable
+        heading, for additional context.)
  * Include both **before** and **after** screenshots to easily compare and discuss
    what's changing.
  * Include a step-by-step testing strategy so that a reviewer can check out the
    code locally and easily get to the point of testing your change.
  * Add comments to the diff for the reviewer that might help them to understand
    why the change is necessary or how they might better understand and review it.
 
-Things that should *not* go into your PR description:
- * Any information on how the code works or why you chose to do it the way
-   you did. If this isn't obvious from your code, you haven't written enough
-   comments.
-
 We rely on information in pull request to populate the information that goes
 into the changelogs our users see, both for the JS SDK itself and also for some
 projects based on it. This is picked up from both labels on the pull request and
@@ -129,6 +135,16 @@ When writing unit tests, please aim for a high level of test coverage
 for new code - 80% or greater. If you cannot achieve that, please document
 why it's not possible in your PR.
 
+Some sections of code are not sensible to add coverage for, such as those
+which explicitly inhibit noisy logging for tests. Which can be hidden using
+an istanbul magic comment as [documented here][1]. See example:
+```javascript
+/* istanbul ignore if */
+if (process.env.NODE_ENV !== "test") {
+    logger.error("Log line that is noisy enough in tests to want to skip");
+}
+```
+
 Tests validate that your change works as intended and also document
 concisely what is being changed. Ideally, your new tests fail
 prior to your change, and succeed once it has been applied. You may
@@ -244,6 +260,12 @@ on Git 2.17+ you can mass signoff using rebase:
 git rebase --signoff origin/develop
 ```
 
+Review expectations
+===================
+
+See https://github.com/vector-im/element-meta/wiki/Review-process
+
+
 Merge Strategy
 ==============
 
@@ -258,3 +280,5 @@ When stacking pull requests, you may wish to do the following:
 2. Branch from your base branch (branch1) to your work branch (branch2), push commits and open a pull request configuring the base to be branch1, saying in the description that it is based on your other PR.
 3. Merge the first PR using a merge commit otherwise your stacked PR will need a rebase. Github will automatically adjust the base branch of your other PR to be develop.
 
+
+[1]: https://github.com/gotwarlost/istanbul/blob/master/ignoring-code-for-coverage.md