Test postgresql

.github/workflows/main.yml

@@ -19,13 +19,13 @@ jobs:
 
       - name: Get all changed website files
         id: changed_website_files
-        uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1
+        uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
         with:
           files: website/**
 
       - name: Set up Node.js
         if: steps.changed_website_files.outputs.any_changed == 'true'
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 24.x
 
@@ -51,7 +51,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 24.x
 
@@ -62,4 +62,4 @@ jobs:
           corepack prepare yarn@stable --activate
           yarn install --immutable
 
-      - uses: j178/prek-action@79f765515bd648eb4d6bb1b17277b7cb22cb6468 # v2.0.0
+      - uses: j178/prek-action@53276d8b0d10f8b6672aa85b4588c6921d0370cc # v2.0.1

.github/workflows/smoketest.yml

@@ -18,10 +18,10 @@ jobs:
           persist-credentials: false
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
-          repository: eclipse/openvsx
+          repository: eclipse-openvsx/openvsx
           path: openvsx
           persist-credentials: false
-      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 18.x
       - name: Install dependencies
@@ -52,7 +52,7 @@ jobs:
         if: steps.check_version.outputs.is_version == 'true'
         working-directory: ./openvsx/webui
         run: yarn smoke-tests
-      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         if: steps.check_version.outputs.is_version == 'true'
         with:
           name: playwright-report

.github/workflows/sonar.yml

@@ -19,7 +19,7 @@ jobs:
           persist-credentials: false
           fetch-depth: 0
     - name: Cache SonarCloud packages
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306  # v5.0.3
+      uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7  # v5.0.4
       with:
         path: ~/.sonar/cache
         key: ${{ runner.os }}-sonar

Dockerfile

@@ -1,5 +1,5 @@
-ARG SERVER_VERSION=v0.33.0
-ARG SERVER_VERSION_STRING=v0.33.0
+ARG SERVER_VERSION=rate-limiting-p2
+ARG SERVER_VERSION_STRING=v0.34.0-dev
 
 # Builder image to compile the website
 FROM ubuntu:24.04 AS builder
@@ -27,7 +27,7 @@ RUN cd website \
   && yarn build
 
 # Main image derived from openvsx-server
-FROM ghcr.io/eclipse-openvsx/openvsx-server:${SERVER_VERSION}
+FROM ghcr.io/eclipse-openvsx/openvsx-server-snapshot:${SERVER_VERSION}
 ARG SERVER_VERSION
 ARG SERVER_VERSION_STRING
 

charts/openvsx/values-test.yaml

@@ -103,3 +103,20 @@ clamav:
 
 yara:
   enabled: true
+
+postgresql:
+  enabled: true
+  architecture: standalone
+
+  auth:
+    enablePostgresUser: true
+
+    # The username to auto-create
+    username: "openvsx-test-rw"
+
+    # The database to auto-create
+    database: "openvsx-test"
+
+    # Reference to an existing secret containing the passwords.
+    # Expected keys: "password" (for the username above) and "postgres-password" (for the postgres admin user).
+    existingSecret: "postgresql-test-creds"

configuration/application.yml

@@ -6,7 +6,11 @@
 logging:
   level:
     root: "info"
+    # avoid log messages like: Received invalid Accept header. Assuming all media types are accepted
+    org.springframework.boot.autoconfigure.web.servlet.WelcomePageHandlerMapping: "error"
+    io.lettuce.core.protocol: "warn"
     org.eclipse.openvsx.ratelimit: "debug"
+    org.eclipse.openvsx.scanning: "debug"
 
 server:
   address: 0.0.0.0
@@ -156,7 +160,8 @@ ovsx:
       seconds: 10800
     once-per-version: true
   extension-control:
-    update-on-start: true
+    # do not update on application start as this would trigger multiple jobs in multi-pod configuration
+    update-on-start: false
   integrity:
     key-pair: create
   registry:
@@ -195,17 +200,20 @@ ovsx:
   mail:
     from: no-reply@open-vsx.org
 
-  # tier-based rate limiting configuration
+  # dynamic tier-based rate limiting configuration
   rate-limit:
     enabled: true
-    ip-address-function: '(getHeader("X-Real-IP")?: getRemoteAddr()).trim()'
+    # on the trust boundary, "X-Real-IP" is set for any external requests
+    # for internal requests from within the cluster check first if "X-Forwarded-For" is set, otherwise use the remote addr.
+    # jetty seems to return "[127.0.0.1]" as remote addr in some cases, need to investigate why this is happening
+    ip-address-function: '(getHeader("X-Real-IP")?: getHeader("X-Forwarded-For")?: getRemoteAddr()).split(",")[0].trim()'
     usage-stats:
-      job-schedule: '*/30 * * * *'
+      job-schedule: '*/30 * * * * *'
     filters:
       - url: '/(api|vscode)/.*'
         http-response-headers:
           Access-Control-Allow-Origin: '*'
-          Access-Control-Expose-Headers: X-Rate-Limit-Retry-After-Seconds, X-Rate-Limit-Remaining
+          Access-Control-Expose-Headers: Retry-After, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
     default-http-content-type: application/json
     default-http-response-body: >
       {

mail-templates/access-token-expired.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<p>Hi <span th:text="${name}">John Doe</span>,</p>
+<p>
+    This is a notification that your Open VSX Personal Access Token <code th:if="${!#strings.isEmpty(tokenName)}" th:text="${tokenName}">Test token</code> has expired as of <strong><span th:text="${#temporals.format(expiryDate, 'MM/dd/yyyy')}">11/14/2025</span></strong>.
+</p>
+<p>
+    For your security, this token has been deactivated and can no longer be used to authenticate or publish extensions to the Open VSX Registry.
+</p>
+<p>
+    To restore access please log in to your Open VSX account, generate a new token, and update your previous integrations.
+</p>
+<p>
+    If you need help or have any questions, feel free to contact us at <a href="mailto:openvsx@eclipse-foundation.org">openvsx@eclipse-foundation.org</a>.
+</p>
+<p>
+    Best,<br />
+    Eclipse Foundation<br />
+    <em>The Open VSX Team</em>
+</p>
+</body>
+</html>

mail-templates/access-token-expiry-notification.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<p>Hi <span th:text="${name}">John Doe</span>,</p>
+<p>
+    This is a friendly reminder that your Open VSX Personal Access Token <code th:if="${!#strings.isEmpty(tokenName)}" th:text="${tokenName}">Test token</code> will expire on <strong><span th:text="${#temporals.format(expiryDate, 'MM/dd/yyyy')}">11/14/2025</span></strong>.
+</p>
+<p>
+    To prevent any disruption to your publishing workflows, automated pipelines or API access, please log in to your Open VSX account to generate a new token before this date. Be sure to rotate the new token into your CI/CD environments (such as GitHub Actions or GitLab CI).
+</p>
+<p>
+    If you have any questions or require assistance, please reach out to us at <a href="mailto:openvsx@eclipse-foundation.org">openvsx@eclipse-foundation.org</a>.
+</p>
+<p>
+    Best,<br />
+    Eclipse Foundation<br />
+    <em>The Open VSX Team</em>
+</p>
+</body>
+</html>

mail-templates/revoked-access-tokens.html

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+<p>Hello <span th:text="${name}">Contributor</span>,</p>
+
+<p>This is an automated notification to inform you that one or more of your Personal Access Tokens (PATs) for the Open VSX Registry have been revoked.</p>
+
+<p>Tokens are typically revoked for the following reasons:</p>
+<ul>
+    <li>Reaching the end of their 90-day expiration lifecycle.</li>
+    <li>Manual revocation from your account settings.</li>
+    <li>Routine security precautions.</li>
+</ul>
+
+<p><strong>Action Required:</strong><br/>
+To prevent failed deployments or interruptions in your publishing pipelines, please log in and generate a new PAT via your Open VSX account settings. Remember to update your active pipelines with the new token.</p>
+
+<p>If you believe this was a mistake or if you need assistance, please reach out to us at <a href="mailto:openvsx@eclipse-foundation.org">openvsx@eclipse-foundation.org</a>.</p>
+
+<p>
+    Best,<br />
+    Eclipse Foundation<br />
+    <em>The Open VSX Team</em>
+</p>
+</body>
+</html>

website/.gitignore

@@ -12,3 +12,4 @@ node_modules/
 /dev/static/bundle.*
 /dev/static/report-*
 yarn-error.log
+stats.html

website/configs/base.tsconfig.json

@@ -1,15 +1,11 @@
 {
   "compilerOptions": {
-    "target": "es6",
-    "module": "es6",
+    "target": "es2020",
+    "module": "es2020",
     "moduleResolution": "bundler",
     "allowSyntheticDefaultImports": true,
-    "lib": [
-      "es6", "es2020.string", "dom"
-    ],
-    "typeRoots": [
-      "node_modules/@types", "typings"
-    ],
+    "lib": ["es2020", "dom"],
+    "typeRoots": ["node_modules/@types", "typings"],
     "sourceMap": true,
     "declaration": true,
     "declarationMap": true,

website/eslint.config.mjs

@@ -24,7 +24,7 @@ export default [
         'plugin:react/recommended'
     ),
     {
-        files: ['**/*.ts', '**/*.tsx'],
+        files: ['**/*.ts', '**/*.tsx', '**/*.mts'],
         plugins: {
             '@typescript-eslint': typescriptEslint,
             '@stylistic': stylistic,
@@ -45,6 +45,14 @@ export default [
             '@typescript-eslint/ban-types': 'off',
             '@/brace-style': ['warn', '1tbs'],
 
+            // https://mui.com/material-ui/guides/minimizing-bundle-size/#enforce-best-practices-with-eslint
+            'no-restricted-imports': [
+                'error',
+                {
+                    'patterns': [{ 'regex': '^@mui/[^/]+$' }]
+                }
+            ],
+
             '@/comma-spacing': [
                 'warn',
                 {

website/index.html

@@ -18,9 +18,9 @@
 
     <!-- Eclipse Cookie Consent -->
     <link rel="stylesheet" type="text/css"
-        href="//www.eclipse.org/eclipse.org-common/themes/solstice/public/stylesheets/vendor/cookieconsent/cookieconsent.min.css" />
+        href="https://www.eclipse.org/eclipse.org-common/themes/solstice/public/stylesheets/vendor/cookieconsent/cookieconsent.min.css" />
     <script
-        src="//www.eclipse.org/eclipse.org-common/themes/solstice/public/javascript/vendor/cookieconsent/default.min.js">
+        src="https://www.eclipse.org/eclipse.org-common/themes/solstice/public/javascript/vendor/cookieconsent/default.min.js" type="">
     </script>
     <style>
         a.cc-btn.cc-allow {

website/package.json

@@ -8,8 +8,9 @@
   "engines": {
     "node": ">=22.0.0"
   },
+  "type": "module",
   "dependencies": {
-    "openvsx-webui": "npm:openvsx-webui@0.19.0"
+    "openvsx-webui": "npm:openvsx-webui-test@0.20.0-dev.2"
   },
   "resolutions": {
     "qs": "^6.14.1"
@@ -29,6 +30,7 @@
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-react": "^7.37.0",
     "prettier": "^3.8.1",
+    "rollup-plugin-visualizer": "^7.0.1",
     "typescript": "^5.9.0",
     "typescript-eslint": "^8.57.0",
     "vite": "^7.3.0",

website/src/about.tsx

@@ -8,7 +8,9 @@
  * SPDX-License-Identifier: EPL-2.0
  ********************************************************************************/
 
-import { Link, Typography, Container } from '@mui/material';
+import Link from '@mui/material/Link';
+import Typography from '@mui/material/Typography';
+import Container from '@mui/material/Container';
 import { styled, Theme } from '@mui/material/styles';
 
 const Heading = styled(Typography)(({ theme }: { theme: Theme }) => ({

website/src/adopters.tsx

@@ -11,7 +11,10 @@
  * SPDX-License-Identifier: EPL-2.0
  *****************************************************************************/
 
-import { Container, Typography, Box, Button } from '@mui/material';
+import Box from '@mui/material/Box';
+import Button from '@mui/material/Button';
+import Container from '@mui/material/Container';
+import Typography from '@mui/material/Typography';
 import { styled, Theme } from '@mui/material/styles';
 import AdoptersList from './components/adopters-list';
 

website/src/components/adopters-list.tsx

@@ -9,7 +9,11 @@
  ********************************************************************************/
 
 import { FunctionComponent, useState, useEffect, useContext, useRef } from 'react';
-import { CircularProgress, Grid, Box, Link, Typography } from '@mui/material';
+import CircularProgress from '@mui/material/CircularProgress';
+import Grid from '@mui/material/Grid';
+import Box from '@mui/material/Box';
+import Link from '@mui/material/Link';
+import Typography from '@mui/material/Typography';
 import { styled, Theme } from '@mui/material/styles';
 import { MainContext } from 'openvsx-webui/lib/context';
 

website/src/components/members-list.tsx

@@ -9,7 +9,11 @@
  ********************************************************************************/
 
 import { FunctionComponent, useState, useEffect, useRef } from 'react';
-import { CircularProgress, Grid, Box, Link, Typography } from '@mui/material';
+import CircularProgress from '@mui/material/CircularProgress';
+import Grid from '@mui/material/Grid';
+import Box from '@mui/material/Box';
+import Link from '@mui/material/Link';
+import Typography from '@mui/material/Typography';
 import { styled, Theme } from '@mui/material/styles';
 
 type MembershipLevel = 'SD' | 'AP' | 'AS';

website/src/document.tsx

@@ -9,7 +9,7 @@
  ********************************************************************************/
 
 import { FunctionComponent, useContext, useEffect, useRef, useState } from 'react';
-import { Box } from '@mui/material';
+import Box from '@mui/material/Box';
 import { SanitizedMarkdown } from 'openvsx-webui/lib/components/sanitized-markdown';
 import { DelayedLoadIndicator } from 'openvsx-webui/lib/components/delayed-load-indicator';
 import { MainContext } from 'openvsx-webui/lib/context';

website/src/footer-content.tsx

@@ -10,8 +10,12 @@
 
 import { FunctionComponent, useState } from 'react';
 import { styled } from '@mui/material/styles';
-import { Link, Theme, Box, useMediaQuery, useTheme } from '@mui/material';
+import Box from '@mui/material/Box';
+import Link from '@mui/material/Link';
+import useMediaQuery from '@mui/material/useMediaQuery';
 import { Link as RouteLink } from 'react-router-dom';
+import { Theme } from '@mui/material/styles/createTheme';
+import useTheme from '@mui/material/styles/useTheme';
 import GitHubIcon from '@mui/icons-material/GitHub';
 import ExpandLessIcon from '@mui/icons-material/ExpandLess';
 import ExpandMoreIcon from '@mui/icons-material/ExpandMore';

website/src/main.tsx

@@ -13,7 +13,7 @@ import { FunctionComponent, useMemo } from 'react';
 import { HelmetProvider } from 'react-helmet-async';
 import { BrowserRouter } from 'react-router-dom';
 import { ThemeProvider } from '@mui/material/styles';
-import { useMediaQuery } from '@mui/material';
+import useMediaQuery from '@mui/material/useMediaQuery';
 import { Main, ExtensionRegistryService } from 'openvsx-webui';
 import createDefaultTheme from 'openvsx-webui/lib/default/theme';
 import createPageSettings from './page-settings';