Relocate CI workflows from the nested blocknote/hocuspocus/.github/
(which GitHub ignores) to root .github/workflows/ with path filters
so they run independently of core OpenProject CI. Update Docker
workflow tag pattern to hocuspocus-v* to avoid collisions with
OpenProject version tags, and set build context to ./blocknote/hocuspocus.
Also update all references from the old standalone repo
(opf/op-blocknote-hocuspocus) to monorepo paths, including
dependabot, package.json metadata, static_links, README badges/
instructions, docker-compose dev volume mount, and documentation.
- validation script used unmaintained npm package
- switched to actively maintained package from same maintainer
- pipe full output to stdout
- bump node major version in development backend Dockerfile
- fix two api spec errors and two random warnings - boyscout, hell yeah
* Refactor Docker build/runtime stages for slimmer images
Split runtime and build dependencies into separate stages and build the app in a dedicated stage before runtime copy.
Add a slim prune stage that removes non-runtime source trees, source maps, duplicate enterprise source videos, module test/doc folders, and extra vendored gem artifacts.
This ensures bytes are removed before the final slim copy, so layer size actually decreases while keeping runtime behavior intact.
* Add target-specific Docker image validation in CI
Introduce script/ci/docker_validate_image.sh with validations for slim, slim-bim, and all-in-one images.
Checks include runtime binary presence/absence, plugin asset/module integrity, slim pruning expectations, BIM tooling, and all-in-one API startup/embedded services.
Update docker workflow to run the validator for every matrix target before push.
* fix
* Generate YAML-safe auto Hocuspocus secret
All-in-one startup auto-generates OPENPROJECT_COLLABORATIVE__EDITING__HOCUSPOCUS__SECRET in the entrypoint.
Environment overrides are parsed through YAML, so leading punctuation in the previous charset (e.g. %) could trigger Psych parsing errors and abort boot.
Restrict generated secret characters to alphanumeric to keep parsing stable while preserving high entropy.
* Fix all-in-one hocuspocus runtime and validation
* Fix all-in-one memcached startup handover
Swiftshader is a software based fallback for WebGL context used in
Chrome without GPU access - e.g. in headless browsers for testing, or
containerized selenium browsers, like in our docker dev setup. The
automatic fallback to Swiftshader was disabled in January 2026, causing
any test using a WebGL context to fail.
See https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/gpu/swiftshader.md
To fix that, we enabled the unsafe fallback now manually for testing
contexts.
Making the CA configuration a bit more flexible, so that
choosing between Let's encrypt and Step CA is possible.
This only makes sense when not using *.local hostnames.
Klaus Zanders