Merge branch 'develop' into johannes/node-check

.eslintrc.cjs

@@ -1,5 +1,5 @@
 module.exports = {
-    plugins: ["matrix-org", "import", "jsdoc"],
+    plugins: ["matrix-org", "import", "jsdoc", "n"],
     extends: ["plugin:matrix-org/babel", "plugin:matrix-org/jest", "plugin:import/typescript"],
     parserOptions: {
         project: ["./tsconfig.json"],
@@ -63,6 +63,10 @@ module.exports = {
                 name: "setImmediate",
                 message: "Use setTimeout instead.",
             },
+            {
+                name: "global",
+                message: "Use globalThis instead.",
+            },
         ],
 
         "import/no-restricted-paths": [
@@ -108,10 +112,8 @@ module.exports = {
                 "@typescript-eslint/ban-ts-comment": "off",
                 // We're okay with assertion errors when we ask for them
                 "@typescript-eslint/no-non-null-assertion": "off",
-
-                // The non-TypeScript rule produces false positives
-                "func-call-spacing": "off",
-                "@typescript-eslint/func-call-spacing": ["error"],
+                // We do this sometimes to brand interfaces
+                "@typescript-eslint/no-empty-object-type": "off",
 
                 "quotes": "off",
                 // We use a `logger` intermediary module
@@ -128,6 +130,14 @@ module.exports = {
                 // These need a bit more work before we can enable
                 // "jsdoc/check-param-names": "error",
                 // "jsdoc/check-indentation": "error",
+                // Ensure .ts extension on imports outside of tests
+                "n/file-extension-in-import": [
+                    "error",
+                    "always",
+                    {
+                        tryExtensions: [".ts"],
+                    },
+                ],
             },
         },
         {

.github/CODEOWNERS

@@ -8,6 +8,7 @@
 /spec/*/webrtc            @matrix-org/element-call-reviewers
 /spec/*/matrixrtc            @matrix-org/element-call-reviewers
 
+/src/crypto-api           @matrix-org/element-crypto-web-reviewers
 /src/crypto               @matrix-org/element-crypto-web-reviewers
 /src/rust-crypto          @matrix-org/element-crypto-web-reviewers
 /spec/integ/crypto        @matrix-org/element-crypto-web-reviewers

.github/actions/sign-release-tarball/action.yml

@@ -22,7 +22,7 @@ runs:
 
         - name: Upload tarball signature
           if: ${{ inputs.upload-url }}
-          uses: shogo82148/actions-upload-release-asset@aac270e08f6b4547ada0b3800f88e1eb3ce9d400 # v1
+          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ env.VERSION }}.tar.gz.asc

.github/actions/upload-release-assets/action.yml

@@ -29,13 +29,13 @@ runs:
 
         - name: Upload asset signatures
           if: inputs.gpg-fingerprint
-          uses: shogo82148/actions-upload-release-asset@aac270e08f6b4547ada0b3800f88e1eb3ce9d400 # v1
+          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ inputs.asset-path }}.asc
 
         - name: Upload assets
-          uses: shogo82148/actions-upload-release-asset@aac270e08f6b4547ada0b3800f88e1eb3ce9d400 # v1
+          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ inputs.asset-path }}

.github/workflows/backport.yml

@@ -10,7 +10,7 @@ on:
 jobs:
     backport:
         name: Backport
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         # Only react to merged PRs for security reasons.
         # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target.
         if: >

.github/workflows/docs-pr-netlify.yaml

@@ -9,7 +9,7 @@ on:
 jobs:
     netlify:
         if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         steps:
             - name: 📥 Download artifact
               uses: actions/download-artifact@v4

.github/workflows/downstream-end-to-end-tests.yml

@@ -21,14 +21,13 @@ concurrency:
 jobs:
     playwright:
         name: Playwright
-        uses: element-hq/matrix-react-sdk/.github/workflows/end-to-end-tests.yaml@develop
+        uses: element-hq/element-web/.github/workflows/end-to-end-tests.yaml@develop
         permissions:
             actions: read
             issues: read
             pull-requests: read
         with:
             matrix-js-sdk-sha: ${{ github.sha }}
-            react-sdk-repository: element-hq/matrix-react-sdk
             # We only want to run the playwright tests on merge queue to prevent regressions
             # from creeping in. They take a long time to run and consume multiple concurrent runners.
             skip: ${{ github.event_name != 'merge_group' }}

.github/workflows/notify-downstream.yaml

@@ -14,10 +14,8 @@ jobs:
                 include:
                     - repo: element-hq/element-web
                       event: element-web-notify
-                    - repo: element-hq/matrix-react-sdk
-                      event: upstream-sdk-notify
 
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         steps:
             - name: Notify matrix-react-sdk repo that a new SDK build is on develop so it can CI against it
               uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3

.github/workflows/pull_request.yaml

@@ -12,7 +12,7 @@ concurrency: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || gi
 jobs:
     changelog:
         name: Preview Changelog
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         steps:
             - uses: mheap/github-action-required-labels@d25134c992b943fb6ad00c25ea00eb5988c0a9dd # v5
               if: github.event_name != 'merge_group'
@@ -29,7 +29,7 @@ jobs:
 
     prevent-blocked:
         name: Prevent Blocked
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         permissions:
             pull-requests: read
         steps:
@@ -42,7 +42,7 @@ jobs:
 
     community-prs:
         name: Label Community PRs
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         if: github.event.action == 'opened'
         steps:
             - name: Check membership
@@ -69,7 +69,7 @@ jobs:
 
     close-if-fork-develop:
         name: Forbid develop branch fork contributions
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         if: >
             github.event.action == 'opened' &&
             github.event.pull_request.head.ref == 'develop' &&

.github/workflows/release-drafter-workflow.yml

@@ -10,7 +10,7 @@ on:
 concurrency: release-drafter-action
 jobs:
     draft:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         steps:
             - name: 🧮 Checkout code
               uses: actions/checkout@v4

.github/workflows/release-gitflow.yml

@@ -15,7 +15,7 @@ on:
 concurrency: ${{ github.workflow }}
 jobs:
     merge:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         steps:
             - uses: actions/checkout@v4
               with:
@@ -49,9 +49,6 @@ jobs:
                   git checkout develop
                   git merge -X ours master
 
-            - name: Run post-merge-master script to revert package.json fields
-              run: ./.action-repo/scripts/release/post-merge-master.sh
-
             - name: Reset dependencies
               if: inputs.dependencies
               run: |
@@ -61,26 +58,25 @@ jobs:
                       CURRENT_VERSION=$(cat package.json | jq -r .dependencies[\"$PACKAGE\"])
                       echo "Current $PACKAGE version is $CURRENT_VERSION"
 
-                      if [ "$CURRENT_VERSION" == "null" ]
+                      if [[ "$CURRENT_VERSION" == "null" ]]
                       then
                           echo "Unable to find $PACKAGE in package.json"
                           exit 1
                       fi
 
-                      if [ "$CURRENT_VERSION" == "develop" ]
+                      if [[ "$CURRENT_VERSION" == *"#develop" ]]
                       then
                           echo "Not updating dependency $PACKAGE"
                           continue
                       fi
 
-                      echo "Resetting $1 to develop branch..."
+                      echo "Resetting $PACKAGE to develop branch..."
                       yarn add "github:matrix-org/$PACKAGE#develop"
                       git add -u
                       git commit -m "Reset $PACKAGE back to develop branch"
                   done <<< "$DEPENDENCIES"
               env:
                   DEPENDENCIES: ${{ inputs.dependencies }}
-                  FINAL: ${{ inputs.final }}
 
             - name: Push changes
               run: git push origin develop

.github/workflows/release-make.yml

@@ -41,13 +41,13 @@ on:
 jobs:
     release:
         name: Release
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         environment: Release
         steps:
             - name: Load GPG key
               id: gpg
               if: inputs.gpg-fingerprint
-              uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6
+              uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6
               with:
                   gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
                   passphrase: ${{ secrets.GPG_PASSPHRASE }}
@@ -136,7 +136,9 @@ jobs:
                   done
 
             - name: Bump package.json version
-              run: yarn version --no-git-tag-version --new-version "${VERSION#v}"
+              run: |
+                  yarn version --no-git-tag-version --new-version "${VERSION#v}"
+                  git add package.json
 
             - name: Add to CHANGELOG.md
               if: inputs.final
@@ -158,11 +160,6 @@ jobs:
               env:
                   RELEASE_NOTES: ${{ steps.draft-release.outputs.body }}
 
-            - name: Run pre-release script to update package.json fields
-              run: |
-                  ./.action-repo/scripts/release/pre-release.sh
-                  git add package.json
-
             - name: Commit changes
               run: git commit -m "$VERSION"
 
@@ -276,7 +273,7 @@ jobs:
     post-release:
         name: Post release steps
         needs: release
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         steps:
             - id: repository
               run: echo "REPO=${GITHUB_REPOSITORY#*/}" >> $GITHUB_OUTPUT
@@ -304,7 +301,7 @@ jobs:
     bump-downstreams:
         name: Update npm dependency in downstream projects
         needs: npm
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         if: inputs.downstreams
         strategy:
             matrix:

.github/workflows/release-npm.yml

@@ -11,7 +11,7 @@ on:
 jobs:
     npm:
         name: Publish to npm
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         outputs:
             id: ${{ steps.npm-publish.outputs.id }}
         steps:
@@ -39,6 +39,10 @@ jobs:
                   tag: next
                   ignore-scripts: false
 
+            - name: Check npm package was published
+              if: steps.npm-publish.outputs.id == ''
+              run: exit 1
+
             - name: 🎖️ Add `latest` dist-tag to final releases
               if: steps.npm-publish.outputs.id && !contains(steps.npm-publish.outputs.id, '-rc.')
               run: npm dist-tag add "$release" latest

.github/workflows/release.yml

@@ -28,13 +28,13 @@ jobs:
         with:
             final: ${{ inputs.mode == 'final' }}
             npm: ${{ inputs.npm }}
-            downstreams: '["element-hq/matrix-react-sdk", "element-hq/element-web"]'
+            downstreams: '["element-hq/element-web"]'
 
     docs:
         name: Publish Documentation
         needs: release
         if: inputs.docs
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         steps:
             - name: 🧮 Checkout code
               uses: actions/checkout@v4
@@ -60,7 +60,7 @@ jobs:
         environment:
             name: github-pages
             url: ${{ steps.deployment.outputs.page_url }}
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         needs: docs
         # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
         permissions:

.github/workflows/sonarcloud.yml

@@ -14,7 +14,7 @@ on:
                 description: "Whether to combine multiple LCOV and jest-sonar-report files in coverage artifact"
 jobs:
     sonarqube:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
         if: |
             github.event.workflow_run.conclusion == 'success' &&
             github.event.workflow_run.event != 'merge_group'
@@ -30,7 +30,7 @@ jobs:
                   target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
 
             - name: "🧮 Checkout code"
-              uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
               with:
                   repository: ${{ github.event.workflow_run.head_repository.full_name }}
                   ref: ${{ github.event.workflow_run.head_branch }} # checkout commit that triggered this workflow
@@ -63,7 +63,7 @@ jobs:
 
             - name: "🩻 SonarCloud Scan"
               id: sonarcloud
-              uses: matrix-org/sonarcloud-workflow-action@v3.2
+              uses: matrix-org/sonarcloud-workflow-action@v3.3
               # workflow_run fails report against the develop commit always, we don't want that for PRs
               continue-on-error: ${{ github.event.workflow_run.head_branch != 'develop' }}
               with: