feat: Use github actions

2023-07-14 13:40:39 +02:00 · 2023-07-14 13:40:39 +02:00 · 4bbb1fbba7
parent 8f79192e0b
commit 4bbb1fbba7
9 changed files with 436 additions and 380 deletions
--- a/.github/workflows/app.yml
+++ b/.github/workflows/app.yml
@ -0,0 +1,76 @@
 name: "All the sdk specific jobs"
 on:
  workflow_call:
    inputs:
      flutter_version:
        description: "The flutter version used for tests and builds"
        type: string
        required: true
      dart_version:
        description: "The dart version used for tests and builds"
        type: string
        required: true
 jobs:
  e2ee_test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        homeserver: [synapse, dendrite, conduit]
    steps:
      - uses: actions/checkout@v3
      - name: Run tests
        run: |
          export NETWORK='--network mynet'
          docker network create mynet
          # deploy homeserver instance
          scripts/integration-server-${{matrix.homeserver}}.sh
          docker run $NETWORK --env GITHUB_ACTIONS="${GITHUB_ACTIONS}" --env HOMESERVER_IMPLEMENTATION="${{matrix.homeserver}}" --env HOMESERVER="${{startsWith('dendrite', matrix.homeserver) && format('{0}:8008', matrix.homeserver) || matrix.homeserver }}" --volume="$(pwd):/workdir" --workdir /workdir ghcr.io/famedly/container-image-flutter/flutter:${{inputs.flutter_version}} /bin/bash -c "set -e
          scripts/integration-prepare-alpine.sh
          # create test user environment variables
          source scripts/integration-create-environment-variables.sh
          # properly set the homeserver IP and create test users
          scripts/integration-prepare-homeserver.sh 
          # setup OLM
          scripts/prepare.sh
          scripts/test_driver.sh"
  coverage:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/famedly/container-image-flutter/flutter:${{inputs.flutter_version}}
    steps:
      - uses: actions/checkout@v3
      - name: Run tests
        run: |
          sed -i 's/#\([^ ]\)/\1/g' pubspec.yaml
          rm -r example
          ./scripts/prepare.sh
          ./scripts/test.sh
  coverage_without_olm:
    runs-on: ubuntu-latest
    container:
      image: dart:${{inputs.dart_version}}
    env:
      NO_OLM: 1
    steps:
      - uses: actions/checkout@v3
      - name: Run tests
        run: |
          apt-get update && apt-get install --no-install-recommends --no-install-suggests -y curl lcov python3 python3-distutils
          curl -o /bin/lcov_cobertura.py https://raw.githubusercontent.com/eriwen/lcov-to-cobertura-xml/master/lcov_cobertura/lcov_cobertura.py && sed 's/env python/env python3/' -i /bin/lcov_cobertura.py && chmod +x /bin/lcov_cobertura.py
          dart pub get
          ./scripts/test.sh
  pub-dev-dry-run:
    runs-on: ubuntu-latest
    container:
      image: dart:${{inputs.dart_version}}
    steps:
      - uses: actions/checkout@v3
      - name: Run tests
        run: |
          dart pub get
          dart pub publish --dry-run
--- a/.github/workflows/issue-triage.yml
+++ b/.github/workflows/issue-triage.yml
@ -0,0 +1,18 @@
 name: Add issues to Product Management Project.
 on:
  issues:
    types:
      - opened
 jobs:
  add-to-project:
    name: Add issue to project
    runs-on: ubuntu-latest
    steps:
      - uses: actions/add-to-project@v0.5.0
        with:
          # You can target a repository in a different organization
          # to the issue
          project-url: https://github.com/orgs/famedly/projects/4
          github-token: ${{ secrets.ADD_ISSUE_TO_PROJECT_PAT }}
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -1,18 +1,35 @@
-name: Add issues to Product Management Project.
+name: CI
 on:
-  issues:
+  push:
-    types:
+    branches:
-      - opened
+      - main
  pull_request:
  merge_group:
 concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: true
 jobs:
-  add-to-project:
+  dart:
-    name: Add issue to project
+    permissions:
-    runs-on: ubuntu-latest
+      contents: read
-    steps:
+    uses: famedly/frontend-ci-templates/.github/workflows/dart.yml@main
-      - uses: actions/add-to-project@v0.5.0
+    with:
-        with:
+      flutter_version: 3.10.4
-          # You can target a repository in a different organization
+      dart_version: 3.0.0
-          # to the issue
+    secrets:
-          project-url: https://github.com/orgs/famedly/projects/4
+      ssh_key: "${{ secrets.CI_SSH_PRIVATE_KEY }}"
-          github-token: ${{ secrets.ADD_ISSUE_TO_PROJECT_PAT }}
+
  general:
    permissions:
      contents: read
    uses: famedly/frontend-ci-templates/.github/workflows/general.yml@main
  app_jobs:
    secrets: inherit
    uses: ./.github/workflows/app.yml
    with:
      flutter_version: 3.10.4
      dart_version: 3.0.3
--- a/scripts/integration-server-conduit.sh
+++ b/scripts/integration-server-conduit.sh
@ -9,4 +9,5 @@
  -e CONDUIT_TRUSTED_SERVERS="[\"conduit.rs\"]" \
  -e CONDUIT_MAX_CONCURRENT_REQUESTS="100" \
  -e CONDUIT_LOG="info,rocket=off,_=off,sled=off" \
  $NETWORK \
  --name conduit -p 80:80 matrixconduit/matrix-conduit:latest
--- a/scripts/integration-server-dendrite.sh
+++ b/scripts/integration-server-dendrite.sh
@ -11,4 +11,4 @@ docker run --rm --entrypoint="" \
  -tls-key /mnt/server.key
 docker run -d --volume="$(pwd)/test_driver/dendrite/data":/etc/dendrite:rw \
-  --name dendrite -p 80:8008 matrixdotorg/dendrite-monolith:latest -really-enable-open-registration
+  --name dendrite $NETWORK -p 80:8008 matrixdotorg/dendrite-monolith:latest -really-enable-open-registration
--- a/scripts/integration-server-synapse.sh
+++ b/scripts/integration-server-synapse.sh
@ -1,5 +1,6 @@
 #!/usr/bin/env bash
-docker run -d --name synapse --tmpfs /data \
+
 docker run -d --name synapse --tmpfs /data $NETWORK \
    --volume="$(pwd)/test_driver/synapse/data/homeserver.yaml":/data/homeserver.yaml:rw \
    --volume="$(pwd)/test_driver/synapse/data/localhost.log.config":/data/localhost.log.config:rw \
    -p 80:80 matrixdotorg/synapse:latest
--- a/scripts/test.sh
+++ b/scripts/test.sh
@ -1,38 +1,26 @@
 #!/bin/bash
 if which flutter >/dev/null; then
    flutter pub global activate junitreport
-    flutter test --coverage --machine | tee TEST-report.json
+    flutter test --coverage
-    TEST_CODE=${PIPESTATUS[0]}
+    TEST_CODE=$?
    # junit report
    flutter pub global run junitreport:tojunit --input TEST-report.json --output TEST-report.xml
    # remove shell escapes since those are invalid xml
    sed 's/&#x1B;//g' -i TEST-report.xml
    # coverage
    flutter pub global activate remove_from_coverage
    flutter pub global run remove_from_coverage:remove_from_coverage -f coverage/lcov.info -r '\.g\.dart$'
 else
-    dart pub global activate junitreport
+    dart test --coverage=coverage
    # Test coverage using dart only is broken: https://github.com/dart-lang/test/issues/1698
    #dart test --coverage=coverage --file-reporter='json:TEST-report.json'
    dart test --file-reporter='json:TEST-report.json'
    TEST_CODE=$?
    # junit report
    dart pub global run junitreport:tojunit --input TEST-report.json --output TEST-report.xml
    # remove shell escapes since those are invalid xml
    sed 's/&#x1B;//g' -i TEST-report.xml
    # coverage -> broken see https://github.com/dart-lang/test/issues/1698
-    #dart pub global activate coverage
+    dart pub global activate coverage
    #reporton="--report-on=lib/"
-    #if [ -n "$NO_OLM" ]; then reporton="--report-on=lib/src --report-on=lib/msc_extensions"; fi
+    if [ -n "$NO_OLM" ]; then reporton="--report-on=lib/src --report-on=lib/msc_extensions"; fi
-    #dart pub global run coverage:format_coverage -i coverage/  --lcov -o coverage/lcov.info $reporton
+    dart pub global run coverage:format_coverage -i coverage/  --lcov -o coverage/lcov.info $reporton
-    #dart pub global activate remove_from_coverage
+    dart pub global activate remove_from_coverage
-    #dart pub global run remove_from_coverage:remove_from_coverage -f coverage/lcov.info -r '\.g\.dart$'
+    dart pub global run remove_from_coverage:remove_from_coverage -f coverage/lcov.info -r '\.g\.dart$'
 fi
 # coverage html report
--- a/scripts/test_driver.sh
+++ b/scripts/test_driver.sh
@ -2,5 +2,5 @@
 if which flutter >/dev/null; then
    flutter --no-version-check test test_driver/matrixsdk_test.dart --dart-define=HOMESERVER=$HOMESERVER --dart-define=USER1_NAME=$USER1_NAME --dart-define=USER2_NAME=$USER2_NAME --dart-define=USER3_NAME=$USER3_NAME --dart-define=USER1_PW=$USER1_PW --dart-define=USER2_PW=$USER2_PW --dart-define=USER3_PW=$USER3_PW
 else
-    dart run -D HOMESERVER=$HOMESERVER -D USER1_NAME=$USER1_NAME -D USER2_NAME=$USER2_NAME -D USER3_NAME=$USER3_NAME -D USER1_PW=$USER1_PW -D USER2_PW=$USER2_PW -D USER3_PW=$USER3_PW test_driver/matrixsdk_test.dart -p vm
+    dart -D HOMESERVER=$HOMESERVER -D USER1_NAME=$USER1_NAME -D USER2_NAME=$USER2_NAME -D USER3_NAME=$USER3_NAME -D USER1_PW=$USER1_PW -D USER2_PW=$USER2_PW -D USER3_PW=$USER3_PW test test_driver/matrixsdk_test.dart -p vm
 fi
--- a/test_driver/synapse/data/homeserver.yaml
+++ b/test_driver/synapse/data/homeserver.yaml
@ -6,7 +6,6 @@
 #
 # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
 ## Modules ##
 # Server admins can expand Synapse's functionality with external modules.
@ -21,7 +20,6 @@ modules:
  #- module: my_other_super_module.SomeClass
  #  config: {}
 ## Server ##
 # The public-facing domain of the server
@ -350,7 +348,6 @@ manhole_settings:
 #
 #dummy_events_threshold: 5
 ## Homeserver blocking ##
 # How to reach the server admin, used in ResourceLimitError
@ -528,7 +525,6 @@ templates:
 #exclude_rooms_from_sync:
 #    - !foo:example.com
 # Message retention policy at the server level.
 #
 # Room admins and mods can define a retention period for their rooms using the
@ -598,7 +594,6 @@ retention:
  #  - shortest_max_lifetime: 3d
  #    interval: 1d
 ## TLS ##
 # PEM-encoded X509 certificate for TLS.
@ -658,7 +653,6 @@ retention:
 #  - myCA2.pem
 #  - myCA3.pem
 ## Federation ##
 # Restrict federation to the following whitelist of domains.
@ -695,7 +689,6 @@ retention:
 #
 #allow_device_name_lookup_over_federation: true
 ## Caching ##
 # Caching can be configured through the following options.
@ -760,7 +753,6 @@ caches:
  #
  #sync_response_cache_duration: 2m
 ## Database ##
 # The 'database' setting defines the database that synapse uses to store all of
@ -816,7 +808,6 @@ database:
  args:
    database: /data/homeserver.db
 ## Logging ##
 # A yaml python logging config file as described by
@ -824,7 +815,6 @@ database:
 #
 log_config: "/data/localhost.log.config"
 ## Ratelimiting ##
 # Ratelimiting settings for client actions (registration, login, messaging).
@ -944,8 +934,6 @@ log_config: "/data/localhost.log.config"
 #
 #federation_rr_transactions_per_room_per_second: 50
 ## Media Store ##
 # Enable the media store service in the Synapse master. Uncomment the
@ -1126,7 +1114,6 @@ media_store_path: "/data/media_store"
 url_preview_accept_language:
 #   - en
 # oEmbed allows for easier embedding content from a website. It can be
 # used for generating URLs previews of services which support it.
 #
@ -1147,7 +1134,6 @@ oembed:
  #additional_providers:
  #  - oembed/my_providers.json
 ## Captcha ##
 # See docs/CAPTCHA_SETUP.md for full details of configuring this.
@ -1172,7 +1158,6 @@ oembed:
 #
 #recaptcha_siteverify_api: "https://my.recaptcha.site"
 ## TURN ##
 # The public URIs of the TURN server to give to clients
@ -1201,7 +1186,6 @@ oembed:
 #
 #turn_allow_guests: true
 ## Registration ##
 #
 # Registration can be rate-limited using the parameters in the "Ratelimiting"
@ -1358,8 +1342,8 @@ registration_shared_secret: "*_854H=YMj.QsE;~~3S,+785vsc#f9f=~nw8aa0Da&~Ye=24=l"
 # https://matrix.org/docs/spec/identity_service/latest
 #
 account_threepid_delegates:
-    #email: https://example.com     # Delegate email sending to example.com
+  #email: https://example.com     # Delegate email sending to example.com
-    #msisdn: http://localhost:8090  # Delegate SMS sending to this local process
+  #msisdn: http://localhost:8090  # Delegate SMS sending to this local process
 # Whether users are allowed to change their displayname after it has
 # been initially set. Useful when provisioning users based on the
@ -1473,7 +1457,6 @@ account_threepid_delegates:
 #
 #inhibit_user_in_use_error: true
 ## Metrics ###
 # Enable collection and rendering of performance metrics
@ -1494,11 +1477,11 @@ account_threepid_delegates:
 # enabled by default, either for performance reasons or limited use.
 #
 metrics_flags:
-    # Publish synapse_federation_known_servers, a gauge of the number of
+  # Publish synapse_federation_known_servers, a gauge of the number of
-    # servers this homeserver knows about, including itself. May cause
+  # servers this homeserver knows about, including itself. May cause
-    # performance problems on large homeservers.
+  # performance problems on large homeservers.
-    #
+  #
-    #known_servers: true
+  #known_servers: true
 # Whether or not to report anonymized homeserver usage statistics.
 #
@ -1509,36 +1492,35 @@ report_stats: false
 #
 #report_stats_endpoint: https://example.com/report-usage-stats/push
 ## API Configuration ##
 # Controls for the state that is shared with users who receive an invite
 # to a room
 #
 room_prejoin_state:
-   # By default, the following state event types are shared with users who
+  # By default, the following state event types are shared with users who
-   # receive invites to the room:
+  # receive invites to the room:
-   #
+  #
-   # - m.room.join_rules
+  # - m.room.join_rules
-   # - m.room.canonical_alias
+  # - m.room.canonical_alias
-   # - m.room.avatar
+  # - m.room.avatar
-   # - m.room.encryption
+  # - m.room.encryption
-   # - m.room.name
+  # - m.room.name
-   # - m.room.create
+  # - m.room.create
-   # - m.room.topic
+  # - m.room.topic
-   #
+  #
-   # Uncomment the following to disable these defaults (so that only the event
+  # Uncomment the following to disable these defaults (so that only the event
-   # types listed in 'additional_event_types' are shared). Defaults to 'false'.
+  # types listed in 'additional_event_types' are shared). Defaults to 'false'.
-   #
+  #
-   #disable_default_event_types: true
+  #disable_default_event_types: true
-   # Additional state event types to share with users when they are invited
+  # Additional state event types to share with users when they are invited
-   # to a room.
+  # to a room.
-   #
+  #
-   # By default, this list is empty (so only the default event types are shared).
+  # By default, this list is empty (so only the default event types are shared).
-   #
+  #
-   #additional_event_types:
+  #additional_event_types:
-   #  - org.example.custom.event.type
+  #  - org.example.custom.event.type
 # We record the IP address of clients used to access the API for various
 # reasons, including displaying it to the user in the "Where you're signed in"
@ -1555,7 +1537,6 @@ room_prejoin_state:
 #
 #track_puppeted_user_ips: true
 # A list of application service config files to use
 #
 #app_service_config_files:
@ -1567,7 +1548,6 @@ room_prejoin_state:
 #
 #track_appservice_user_ips: true
 # a secret which is used to sign access tokens. If none is specified,
 # the registration_shared_secret is used, if one is given; otherwise,
 # a secret key is derived from the signing key.
@ -1662,7 +1642,6 @@ trusted_key_servers:
 #
 #key_server_signing_keys_path: "key_server_signing_keys.key"
 ## Single sign-on integration ##
 # The following settings can be used to make Synapse use a single sign-on
@ -1841,7 +1820,6 @@ saml2_config:
  #
  #idp_entityid: 'https://our_idp/entityid'
 # List of OpenID Connect (OIDC) / OAuth 2.0 identity providers, for registration
 # and login.
 #
@ -2034,7 +2012,6 @@ oidc_providers:
  #    - attribute: userGroup
  #      value: "synapseUsers"
 # Enable Central Authentication Service (CAS) for registration and login.
 #
 cas_config:
@ -2063,7 +2040,6 @@ cas_config:
  #  userGroup: "staff"
  #  department: None
 # Additional settings to use with single-sign on systems such as OpenID Connect,
 # SAML2 and CAS.
 #
@ -2071,36 +2047,35 @@ cas_config:
 # https://matrix-org.github.io/synapse/latest/templates.html for more information.
 #
 sso:
-    # A list of client URLs which are whitelisted so that the user does not
+  # A list of client URLs which are whitelisted so that the user does not
-    # have to confirm giving access to their account to the URL. Any client
+  # have to confirm giving access to their account to the URL. Any client
-    # whose URL starts with an entry in the following list will not be subject
+  # whose URL starts with an entry in the following list will not be subject
-    # to an additional confirmation step after the SSO login is completed.
+  # to an additional confirmation step after the SSO login is completed.
-    #
+  #
-    # WARNING: An entry such as "https://my.client" is insecure, because it
+  # WARNING: An entry such as "https://my.client" is insecure, because it
-    # will also match "https://my.client.evil.site", exposing your users to
+  # will also match "https://my.client.evil.site", exposing your users to
-    # phishing attacks from evil.site. To avoid this, include a slash after the
+  # phishing attacks from evil.site. To avoid this, include a slash after the
-    # hostname: "https://my.client/".
+  # hostname: "https://my.client/".
-    #
+  #
-    # The login fallback page (used by clients that don't natively support the
+  # The login fallback page (used by clients that don't natively support the
-    # required login flows) is whitelisted in addition to any URLs in this list.
+  # required login flows) is whitelisted in addition to any URLs in this list.
-    #
+  #
-    # By default, this list contains only the login fallback page.
+  # By default, this list contains only the login fallback page.
-    #
+  #
-    #client_whitelist:
+  #client_whitelist:
-    #  - https://riot.im/develop
+  #  - https://riot.im/develop
-    #  - https://my.custom.client/
+  #  - https://my.custom.client/
    # Uncomment to keep a user's profile fields in sync with information from
    # the identity provider. Currently only syncing the displayname is
    # supported. Fields are checked on every SSO login, and are updated
    # if necessary.
    #
    # Note that enabling this option will override user profile information,
    # regardless of whether users have opted-out of syncing that
    # information when first signing in. Defaults to false.
    #
    #update_profile_information: true
  # Uncomment to keep a user's profile fields in sync with information from
  # the identity provider. Currently only syncing the displayname is
  # supported. Fields are checked on every SSO login, and are updated
  # if necessary.
  #
  # Note that enabling this option will override user profile information,
  # regardless of whether users have opted-out of syncing that
  # information when first signing in. Defaults to false.
  #
  #update_profile_information: true
 # JSON web token integration. The following settings can be used to make
 # Synapse JSON web tokens for authentication, instead of its internal
@ -2118,122 +2093,120 @@ sso:
 # See https://matrix-org.github.io/synapse/latest/jwt.html.
 #
 #jwt_config:
-    # Uncomment the following to enable authorization using JSON web
+# Uncomment the following to enable authorization using JSON web
-    # tokens. Defaults to false.
+# tokens. Defaults to false.
 #
 #enabled: true
 # This is either the private shared secret or the public key used to
 # decode the contents of the JSON web token.
 #
 # Required if 'enabled' is true.
 #
 #secret: "provided-by-your-issuer"
 # The algorithm used to sign the JSON web token.
 #
 # Supported algorithms are listed at
 # https://pyjwt.readthedocs.io/en/latest/algorithms.html
 #
 # Required if 'enabled' is true.
 #
 #algorithm: "provided-by-your-issuer"
 # Name of the claim containing a unique identifier for the user.
 #
 # Optional, defaults to `sub`.
 #
 #subject_claim: "sub"
 # The issuer to validate the "iss" claim against.
 #
 # Optional, if provided the "iss" claim will be required and
 # validated for all JSON web tokens.
 #
 #issuer: "provided-by-your-issuer"
 # A list of audiences to validate the "aud" claim against.
 #
 # Optional, if provided the "aud" claim will be required and
 # validated for all JSON web tokens.
 #
 # Note that if the "aud" claim is included in a JSON web token then
 # validation will fail without configuring audiences.
 #
 #audiences:
 #    - "provided-by-your-issuer"
 password_config:
  # Uncomment to disable password login
  #
  #enabled: false
  # Uncomment to disable authentication against the local password
  # database. This is ignored if `enabled` is false, and is only useful
  # if you have other password_providers.
  #
  #localdb_enabled: false
  # Uncomment and change to a secret random string for extra security.
  # DO NOT CHANGE THIS AFTER INITIAL SETUP!
  #
  #pepper: "EVEN_MORE_SECRET"
  # Define and enforce a password policy. Each parameter is optional.
  # This is an implementation of MSC2000.
  #
  policy:
    # Whether to enforce the password policy.
    # Defaults to 'false'.
    #
    #enabled: true
-    # This is either the private shared secret or the public key used to
+    # Minimum accepted length for a password.
-    # decode the contents of the JSON web token.
+    # Defaults to 0.
    #
-    # Required if 'enabled' is true.
+    #minimum_length: 15
    # Whether a password must contain at least one digit.
    # Defaults to 'false'.
    #
-    #secret: "provided-by-your-issuer"
+    #require_digit: true
-    # The algorithm used to sign the JSON web token.
+    # Whether a password must contain at least one symbol.
    # A symbol is any character that's not a number or a letter.
    # Defaults to 'false'.
    #
-    # Supported algorithms are listed at
+    #require_symbol: true
-    # https://pyjwt.readthedocs.io/en/latest/algorithms.html
+
    # Whether a password must contain at least one lowercase letter.
    # Defaults to 'false'.
    #
-    # Required if 'enabled' is true.
+    #require_lowercase: true
    # Whether a password must contain at least one uppercase letter.
    # Defaults to 'false'.
    #
-    #algorithm: "provided-by-your-issuer"
+    #require_uppercase: true
    # Name of the claim containing a unique identifier for the user.
    #
    # Optional, defaults to `sub`.
    #
    #subject_claim: "sub"
    # The issuer to validate the "iss" claim against.
    #
    # Optional, if provided the "iss" claim will be required and
    # validated for all JSON web tokens.
    #
    #issuer: "provided-by-your-issuer"
    # A list of audiences to validate the "aud" claim against.
    #
    # Optional, if provided the "aud" claim will be required and
    # validated for all JSON web tokens.
    #
    # Note that if the "aud" claim is included in a JSON web token then
    # validation will fail without configuring audiences.
    #
    #audiences:
    #    - "provided-by-your-issuer"
 password_config:
   # Uncomment to disable password login
   #
   #enabled: false
   # Uncomment to disable authentication against the local password
   # database. This is ignored if `enabled` is false, and is only useful
   # if you have other password_providers.
   #
   #localdb_enabled: false
   # Uncomment and change to a secret random string for extra security.
   # DO NOT CHANGE THIS AFTER INITIAL SETUP!
   #
   #pepper: "EVEN_MORE_SECRET"
   # Define and enforce a password policy. Each parameter is optional.
   # This is an implementation of MSC2000.
   #
   policy:
      # Whether to enforce the password policy.
      # Defaults to 'false'.
      #
      #enabled: true
      # Minimum accepted length for a password.
      # Defaults to 0.
      #
      #minimum_length: 15
      # Whether a password must contain at least one digit.
      # Defaults to 'false'.
      #
      #require_digit: true
      # Whether a password must contain at least one symbol.
      # A symbol is any character that's not a number or a letter.
      # Defaults to 'false'.
      #
      #require_symbol: true
      # Whether a password must contain at least one lowercase letter.
      # Defaults to 'false'.
      #
      #require_lowercase: true
      # Whether a password must contain at least one uppercase letter.
      # Defaults to 'false'.
      #
      #require_uppercase: true
 ui_auth:
-    # The amount of time to allow a user-interactive authentication session
+  # The amount of time to allow a user-interactive authentication session
-    # to be active.
+  # to be active.
-    #
+  #
-    # This defaults to 0, meaning the user is queried for their credentials
+  # This defaults to 0, meaning the user is queried for their credentials
-    # before every action, but this can be overridden to allow a single
+  # before every action, but this can be overridden to allow a single
-    # validation to be re-used.  This weakens the protections afforded by
+  # validation to be re-used.  This weakens the protections afforded by
-    # the user-interactive authentication process, by allowing for multiple
+  # the user-interactive authentication process, by allowing for multiple
-    # (and potentially different) operations to use the same validation session.
+  # (and potentially different) operations to use the same validation session.
-    #
+  #
-    # This is ignored for potentially "dangerous" operations (including
+  # This is ignored for potentially "dangerous" operations (including
-    # deactivating an account, modifying an account password, and
+  # deactivating an account, modifying an account password, and
-    # adding a 3PID).
+  # adding a 3PID).
-    #
+  #
-    # Uncomment below to allow for credential validation to last for 15
+  # Uncomment below to allow for credential validation to last for 15
-    # seconds.
+  # seconds.
-    #
+  #
-    #session_timeout: "15s"
+  #session_timeout: "15s"
 # Configuration for sending emails from Synapse.
 #
@ -2326,64 +2299,62 @@ email:
  #
  #subjects:
-    # Subjects for notification emails.
+  # Subjects for notification emails.
-    #
+  #
-    # On top of the '%(app)s' placeholder, these can use the following
+  # On top of the '%(app)s' placeholder, these can use the following
-    # placeholders:
+  # placeholders:
-    #
+  #
-    #   * '%(person)s', which will be replaced by the display name of the user(s)
+  #   * '%(person)s', which will be replaced by the display name of the user(s)
-    #      that sent the message(s), e.g. "Alice and Bob".
+  #      that sent the message(s), e.g. "Alice and Bob".
-    #   * '%(room)s', which will be replaced by the name of the room the
+  #   * '%(room)s', which will be replaced by the name of the room the
-    #      message(s) have been sent to, e.g. "My super room".
+  #      message(s) have been sent to, e.g. "My super room".
-    #
+  #
-    # See the example provided for each setting to see which placeholder can be
+  # See the example provided for each setting to see which placeholder can be
-    # used and how to use them.
+  # used and how to use them.
-    #
+  #
-    # Subject to use to notify about one message from one or more user(s) in a
+  # Subject to use to notify about one message from one or more user(s) in a
-    # room which has a name.
+  # room which has a name.
-    #message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..."
+  #message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..."
-    #
+  #
-    # Subject to use to notify about one message from one or more user(s) in a
+  # Subject to use to notify about one message from one or more user(s) in a
-    # room which doesn't have a name.
+  # room which doesn't have a name.
-    #message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..."
+  #message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..."
-    #
+  #
-    # Subject to use to notify about multiple messages from one or more users in
+  # Subject to use to notify about multiple messages from one or more users in
-    # a room which doesn't have a name.
+  # a room which doesn't have a name.
-    #messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..."
+  #messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..."
-    #
+  #
-    # Subject to use to notify about multiple messages in a room which has a
+  # Subject to use to notify about multiple messages in a room which has a
-    # name.
+  # name.
-    #messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..."
+  #messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..."
-    #
+  #
-    # Subject to use to notify about multiple messages in multiple rooms.
+  # Subject to use to notify about multiple messages in multiple rooms.
-    #messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..."
+  #messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..."
-    #
+  #
-    # Subject to use to notify about multiple messages from multiple persons in
+  # Subject to use to notify about multiple messages from multiple persons in
-    # multiple rooms. This is similar to the setting above except it's used when
+  # multiple rooms. This is similar to the setting above except it's used when
-    # the room in which the notification was triggered has no name.
+  # the room in which the notification was triggered has no name.
-    #messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..."
+  #messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..."
-    #
+  #
-    # Subject to use to notify about an invite to a room which has a name.
+  # Subject to use to notify about an invite to a room which has a name.
-    #invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..."
+  #invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..."
-    #
+  #
-    # Subject to use to notify about an invite to a room which doesn't have a
+  # Subject to use to notify about an invite to a room which doesn't have a
-    # name.
+  # name.
-    #invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..."
+  #invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..."
    # Subject for emails related to account administration.
    #
    # On top of the '%(app)s' placeholder, these one can use the
    # '%(server_name)s' placeholder, which will be replaced by the value of the
    # 'server_name' setting in your Synapse configuration.
    #
    # Subject to use when sending a password reset email.
    #password_reset: "[%(server_name)s] Password reset"
    #
    # Subject to use when sending a verification email to assert an address's
    # ownership.
    #email_validation: "[%(server_name)s] Validate your email"
  # Subject for emails related to account administration.
  #
  # On top of the '%(app)s' placeholder, these one can use the
  # '%(server_name)s' placeholder, which will be replaced by the value of the
  # 'server_name' setting in your Synapse configuration.
  #
  # Subject to use when sending a password reset email.
  #password_reset: "[%(server_name)s] Password reset"
  #
  # Subject to use when sending a verification email to assert an address's
  # ownership.
  #email_validation: "[%(server_name)s] Validate your email"
 ## Push ##
@ -2415,7 +2386,6 @@ push:
  #
  #group_unread_count_by_room: false
 ## Rooms ##
 # Controls whether locally-created rooms should be end-to-end encrypted by
@ -2435,7 +2405,6 @@ push:
 #
 #encryption_enabled_by_default_for_room_type: invite
 # Uncomment to allow non-server-admin users to create groups on this server
 #
 #enable_group_creation: true
@ -2445,44 +2414,41 @@ push:
 #
 #group_creation_prefix: "unofficial_"
 # User Directory configuration
 #
 user_directory:
-    # Defines whether users can search the user directory. If false then
+  # Defines whether users can search the user directory. If false then
-    # empty responses are returned to all queries. Defaults to true.
+  # empty responses are returned to all queries. Defaults to true.
-    #
+  #
-    # Uncomment to disable the user directory.
+  # Uncomment to disable the user directory.
-    #
+  #
-    #enabled: false
+  #enabled: false
-    # Defines whether to search all users visible to your HS when searching
+  # Defines whether to search all users visible to your HS when searching
-    # the user directory. If false, search results will only contain users
+  # the user directory. If false, search results will only contain users
-    # visible in public rooms and users sharing a room with the requester.
+  # visible in public rooms and users sharing a room with the requester.
-    # Defaults to false.
+  # Defaults to false.
-    #
+  #
-    # NB. If you set this to true, and the last time the user_directory search
+  # NB. If you set this to true, and the last time the user_directory search
-    # indexes were (re)built was before Synapse 1.44, you'll have to
+  # indexes were (re)built was before Synapse 1.44, you'll have to
-    # rebuild the indexes in order to search through all known users.
+  # rebuild the indexes in order to search through all known users.
-    # These indexes are built the first time Synapse starts; admins can
+  # These indexes are built the first time Synapse starts; admins can
-    # manually trigger a rebuild via API following the instructions at
+  # manually trigger a rebuild via API following the instructions at
-    #     https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run
+  #     https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run
-    #
+  #
-    # Uncomment to return search results containing all known users, even if that
+  # Uncomment to return search results containing all known users, even if that
-    # user does not share a room with the requester.
+  # user does not share a room with the requester.
-    #
+  #
-    #search_all_users: true
+  #search_all_users: true
    # Defines whether to prefer local users in search query results.
    # If True, local users are more likely to appear above remote users
    # when searching the user directory. Defaults to false.
    #
    # Uncomment to prefer local over remote users in user directory search
    # results.
    #
    #prefer_local_users: true
  # Defines whether to prefer local users in search query results.
  # If True, local users are more likely to appear above remote users
  # when searching the user directory. Defaults to false.
  #
  # Uncomment to prefer local over remote users in user directory search
  # results.
  #
  #prefer_local_users: true
 # User Consent configuration
 #
@ -2534,8 +2500,6 @@ user_directory:
 #  policy_name: Privacy Policy
 #
 # Settings for local room and user statistics collection. See
 # https://matrix-org.github.io/synapse/latest/room_and_user_statistics.html.
 #
@ -2546,7 +2510,6 @@ stats:
  #
  #enabled: false
 # Server Notices room configuration
 #
 # Uncomment this section to enable a room which can be used to send notices
@ -2566,8 +2529,6 @@ stats:
 #  system_mxid_avatar_url: "mxc://server.com/oumMVlgDnLYFaPVkExemNVVZ"
 #  room_name: "Server Notices"
 # Uncomment to disable searching the public room list. When disabled
 # blocks searching local and remote room lists for local and remote
 # users by always returning an empty list for all queries.
@ -2631,7 +2592,6 @@ stats:
 #    room_id: "*"
 #    action: allow
 ## Opentracing ##
 # These settings enable opentracing, which implements distributed tracing.
@ -2641,44 +2601,43 @@ stats:
 # (specifically those implemented with Jaeger).
 #
 opentracing:
-    # tracing is disabled by default. Uncomment the following line to enable it.
+  # tracing is disabled by default. Uncomment the following line to enable it.
-    #
+  #
-    #enabled: true
+  #enabled: true
-    # The list of homeservers we wish to send and receive span contexts and span baggage.
+  # The list of homeservers we wish to send and receive span contexts and span baggage.
-    # See https://matrix-org.github.io/synapse/latest/opentracing.html.
+  # See https://matrix-org.github.io/synapse/latest/opentracing.html.
-    #
+  #
-    # This is a list of regexes which are matched against the server_name of the
+  # This is a list of regexes which are matched against the server_name of the
-    # homeserver.
+  # homeserver.
-    #
+  #
-    # By default, it is empty, so no servers are matched.
+  # By default, it is empty, so no servers are matched.
-    #
+  #
-    #homeserver_whitelist:
+  #homeserver_whitelist:
-    #  - ".*"
+  #  - ".*"
-    # A list of the matrix IDs of users whose requests will always be traced,
+  # A list of the matrix IDs of users whose requests will always be traced,
-    # even if the tracing system would otherwise drop the traces due to
+  # even if the tracing system would otherwise drop the traces due to
-    # probabilistic sampling.
+  # probabilistic sampling.
-    #
+  #
-    # By default, the list is empty.
+  # By default, the list is empty.
-    #
+  #
-    #force_tracing_for_users:
+  #force_tracing_for_users:
-    #  - "@user1:server_name"
+  #  - "@user1:server_name"
-    #  - "@user2:server_name"
+  #  - "@user2:server_name"
    # Jaeger can be configured to sample traces at different rates.
    # All configuration options provided by Jaeger can be set here.
    # Jaeger's configuration is mostly related to trace sampling which
    # is documented here:
    # https://www.jaegertracing.io/docs/latest/sampling/.
    #
    #jaeger_config:
    #  sampler:
    #    type: const
    #    param: 1
    #  logging:
    #    false
  # Jaeger can be configured to sample traces at different rates.
  # All configuration options provided by Jaeger can be set here.
  # Jaeger's configuration is mostly related to trace sampling which
  # is documented here:
  # https://www.jaegertracing.io/docs/latest/sampling/.
  #
  #jaeger_config:
  #  sampler:
  #    type: const
  #    param: 1
  #  logging:
  #    false
 ## Workers ##
@ -2726,7 +2685,6 @@ opentracing:
 #
 #worker_replication_secret: ""
 # Configuration for Redis when using workers. This *must* be enabled when
 # using workers (unless using old style direct TCP configuration).
 #
@ -2745,7 +2703,6 @@ redis:
  #
  #password: <secret_password>
 ## Background Updates ##
 # Background updates are database updates that are run in the background in batches.
@ -2753,29 +2710,27 @@ redis:
 # sleep can all be configured. This is helpful to speed up or slow down the updates.
 #
 background_updates:
-    # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set
+  # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set
-    # a time to change the default.
+  # a time to change the default.
-    #
+  #
-    #background_update_duration_ms: 500
+  #background_update_duration_ms: 500
-    # Whether to sleep between updates. Defaults to True. Uncomment to change the default.
+  # Whether to sleep between updates. Defaults to True. Uncomment to change the default.
-    #
+  #
-    #sleep_enabled: false
+  #sleep_enabled: false
-    # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment
+  # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment
-    # and set a duration to change the default.
+  # and set a duration to change the default.
-    #
+  #
-    #sleep_duration_ms: 300
+  #sleep_duration_ms: 300
    # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and
    # set a size to change the default.
    #
    #min_batch_size: 10
    # The batch size to use for the first iteration of a new background update. The default is 100.
    # Uncomment and set a size to change the default.
    #
    #default_batch_size: 50
  # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and
  # set a size to change the default.
  #
  #min_batch_size: 10
  # The batch size to use for the first iteration of a new background update. The default is 100.
  # Uncomment and set a size to change the default.
  #
  #default_batch_size: 50
 # vim:ft=yaml