.browserslistrc

@@ -1,9 +1,7 @@
 [production]
 defaults
-> 0.2%
-ios >= 15.6
+not IE 11
 not dead
-not OperaMini all
 
 [development]
 supports es6-module

.devcontainer/Dockerfile

@@ -1,15 +1,20 @@
 # For details, see https://github.com/devcontainers/images/tree/main/src/ruby
-FROM mcr.microsoft.com/devcontainers/ruby:1-3.3-bookworm
+FROM mcr.microsoft.com/devcontainers/ruby:1-3.2-bullseye
 
-# Install node version from .nvmrc
-WORKDIR /app
-COPY .nvmrc .
-RUN /bin/bash --login -i -c "nvm install"
+# Install Rails
+# RUN gem install rails webdrivers
 
-# Install additional OS packages
-RUN apt-get update && \
-    export DEBIAN_FRONTEND=noninteractive && \
-    apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libvips42 libpam-dev
+ARG NODE_VERSION="16"
+RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
 
-# Move welcome message to where VS Code expects it
-COPY .devcontainer/welcome-message.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt
+# [Optional] Uncomment this section to install additional OS packages.
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libpam-dev
+
+# [Optional] Uncomment this line to install additional gems.
+RUN gem install foreman
+
+# [Optional] Uncomment this line to install global node packages.
+RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g yarn" 2>&1
+
+COPY welcome-message.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt

.devcontainer/codespaces/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "Mastodon on GitHub Codespaces",
-  "dockerComposeFile": "../compose.yaml",
+  "dockerComposeFile": "../docker-compose.yml",
   "service": "app",
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 
@@ -23,8 +23,6 @@
     }
   },
 
-  "remoteUser": "root",
-
   "otherPortsAttributes": {
     "onAutoForward": "silent"
   },
@@ -39,7 +37,7 @@
   },
 
   "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
-  "postCreateCommand": "bin/setup",
+  "postCreateCommand": ".devcontainer/post-create.sh",
   "waitFor": "postCreateCommand",
 
   "customizations": {

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "Mastodon on local machine",
-  "dockerComposeFile": "compose.yaml",
+  "dockerComposeFile": "docker-compose.yml",
   "service": "app",
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 
@@ -23,14 +23,12 @@
     }
   },
 
-  "remoteUser": "root",
-
   "otherPortsAttributes": {
     "onAutoForward": "silent"
   },
 
   "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
-  "postCreateCommand": "bin/setup",
+  "postCreateCommand": ".devcontainer/post-create.sh",
   "waitFor": "postCreateCommand",
 
   "customizations": {

.devcontainer/docker-compose.yml

@@ -1,11 +1,12 @@
+version: '3'
+
 services:
   app:
-    working_dir: /workspaces/mastodon/
     build:
-      context: ..
-      dockerfile: .devcontainer/Dockerfile
+      context: .
+      dockerfile: Dockerfile
     volumes:
-      - ..:/workspaces/mastodon:cached
+      - ../..:/workspaces:cached
     environment:
       RAILS_ENV: development
       NODE_ENV: development
@@ -69,7 +70,7 @@ services:
         hard: -1
 
   libretranslate:
-    image: libretranslate/libretranslate:v1.5.7
+    image: libretranslate/libretranslate:v1.3.11
     restart: unless-stopped
     volumes:
       - lt-data:/home/libretranslate/.local

.devcontainer/post-create.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -e # Fail the whole script on first error
+
+# Fetch Ruby gem dependencies
+bundle config path 'vendor/bundle'
+bundle config with 'development test'
+bundle install
+
+# Make Gemfile.lock pristine again
+git checkout -- Gemfile.lock
+
+# Fetch Javascript dependencies
+yarn --frozen-lockfile
+
+# [re]create, migrate, and seed the test database
+RAILS_ENV=test ./bin/rails db:setup
+
+# [re]create, migrate, and seed the development database
+RAILS_ENV=development ./bin/rails db:setup
+
+# Precompile assets for development
+RAILS_ENV=development ./bin/rails assets:precompile
+
+# Precompile assets for test
+RAILS_ENV=test NODE_ENV=tests ./bin/rails assets:precompile

.devcontainer/welcome-message.txt

@@ -1,7 +1,8 @@
-👋 Welcome to your Mastodon Dev Container!
+👋 Welcome to "Mastodon" in GitHub Codespaces!
 
-🛠️ Your environment is fully setup with all the required software.
+🛠️  Your environment is fully setup with all the required software.
 
-💥 Run `bin/dev` to start the application processes.
+🔍 To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1).
+
+📝 Edit away, run your app as usual, and we'll automatically make it available for you to access.
 
-🥼 Run `RAILS_ENV=test bin/rails assets:precompile && RAILS_ENV=test bin/rspec` to run the test suite.

.dockerignore

@@ -8,7 +8,6 @@
 public/system
 public/assets
 public/packs
-public/packs-test
 node_modules
 neo4j
 vendor/bundle

.env.development

@@ -1,4 +0,0 @@
-# Required by ActiveRecord encryption feature
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr

.env.test

@@ -1,11 +1,5 @@
-# In test, compile the NodeJS code as if we are in production
-NODE_ENV=production
+# Node.js
+NODE_ENV=tests
 # Federation
 LOCAL_DOMAIN=cb6e6126.ngrok.io
 LOCAL_HTTPS=true
-
-# Secret values required by ActiveRecord encryption feature
-# Use `bin/rails db:encryption:init` to generate fresh secrets
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=test_determinist_key_DO_NOT_USE_IN_PRODUCTION
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=test_salt_DO_NOT_USE_IN_PRODUCTION
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=test_primary_key_DO_NOT_USE_IN_PRODUCTION

.eslintrc.js

@@ -1,7 +1,4 @@
-// @ts-check
-const { defineConfig } = require('eslint-define-config');
-
-module.exports = defineConfig({
+module.exports = {
   root: true,
 
   extends: [
@@ -12,6 +9,7 @@ module.exports = defineConfig({
     'plugin:import/recommended',
     'plugin:promise/recommended',
     'plugin:jsdoc/recommended',
+    'plugin:prettier/recommended',
   ],
 
   env: {
@@ -65,9 +63,7 @@ module.exports = defineConfig({
     'consistent-return': 'error',
     'dot-notation': 'error',
     eqeqeq: ['error', 'always', { 'null': 'ignore' }],
-    'indent': ['error', 2],
     'jsx-quotes': ['error', 'prefer-single'],
-    'semi': ['error', 'always'],
     'no-case-declarations': 'off',
     'no-catch-shadow': 'error',
     'no-console': [
@@ -120,10 +116,11 @@ module.exports = defineConfig({
     'react/jsx-uses-react': 'off', // not needed with new JSX transform
     'react/jsx-wrap-multilines': 'error',
     'react/no-deprecated': 'off',
+    'react/no-unknown-property': 'off',
     'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
     'react/self-closing-comp': 'error',
 
-    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/v6.8.0/src/index.js#L46
+    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/src/index.js
     'jsx-a11y/accessible-emoji': 'warn',
     'jsx-a11y/click-events-have-key-events': 'off',
     'jsx-a11y/label-has-associated-control': 'off',
@@ -165,7 +162,7 @@ module.exports = defineConfig({
     //   },
     // ],
     'jsx-a11y/no-noninteractive-tabindex': 'off',
-    'jsx-a11y/no-onchange': 'off',
+    'jsx-a11y/no-onchange': 'warn',
     // recommended is full 'error'
     'jsx-a11y/no-static-element-interactions': [
       'warn',
@@ -176,7 +173,7 @@ module.exports = defineConfig({
       },
     ],
 
-    // See https://github.com/import-js/eslint-plugin-import/blob/v2.29.1/config/recommended.js
+    // See https://github.com/import-js/eslint-plugin-import/blob/main/config/recommended.js
     'import/extensions': [
       'error',
       'always',
@@ -195,7 +192,6 @@ module.exports = defineConfig({
       'error',
       {
         devDependencies: [
-          '.eslintrc.js',
           'config/webpack/**',
           'app/javascript/mastodon/performance.js',
           'app/javascript/mastodon/test_setup.js',
@@ -239,13 +235,13 @@ module.exports = defineConfig({
           },
           // Common React utilities
           {
-            pattern: '{classnames,react-helmet,react-router,react-router-dom}',
+            pattern: '{classnames,react-helmet,react-router-dom}',
             group: 'external',
             position: 'before',
           },
           // Immutable / Redux / data store
           {
-            pattern: '{immutable,@reduxjs/toolkit,react-redux,react-immutable-proptypes,react-immutable-pure-component}',
+            pattern: '{immutable,react-redux,react-immutable-proptypes,react-immutable-pure-component,reselect}',
             group: 'external',
             position: 'before',
           },
@@ -283,6 +279,7 @@ module.exports = defineConfig({
     'formatjs/no-id': 'off', // IDs are used for translation keys
     'formatjs/no-invalid-icu': 'error',
     'formatjs/no-literal-string-in-jsx': 'off', // Should be looked at, but mainly flagging punctuation outside of strings
+    'formatjs/no-multiple-plurals': 'off', // Only used by hashtag.jsx
     'formatjs/no-multiple-whitespaces': 'error',
     'formatjs/no-offset': 'error',
     'formatjs/no-useless-message': 'error',
@@ -301,7 +298,6 @@ module.exports = defineConfig({
   overrides: [
     {
       files: [
-        '.eslintrc.js',
         '*.config.js',
         '.*rc.js',
         'ide-helper.js',
@@ -338,6 +334,7 @@ module.exports = defineConfig({
         'plugin:import/typescript',
         'plugin:promise/recommended',
         'plugin:jsdoc/recommended-typescript',
+        'plugin:prettier/recommended',
       ],
 
       parserOptions: {
@@ -346,27 +343,13 @@ module.exports = defineConfig({
       },
 
       rules: {
-        // Disable formatting rules that have been enabled in the base config
-        'indent': 'off',
-
-        // This is not needed as we use noImplicitReturns, which handles this in addition to understanding types
-        'consistent-return': 'off',
-
         'import/consistent-type-specifier-style': ['error', 'prefer-top-level'],
 
         '@typescript-eslint/consistent-type-definitions': ['warn', 'interface'],
         '@typescript-eslint/consistent-type-exports': 'error',
         '@typescript-eslint/consistent-type-imports': 'error',
-        "@typescript-eslint/prefer-nullish-coalescing": ['error', { ignorePrimitives: { boolean: true } }],
-        "@typescript-eslint/no-restricted-imports": [
-          "warn",
-          {
-            "name": "react-redux",
-            "importNames": ["useSelector", "useDispatch"],
-            "message": "Use typed hooks `useAppDispatch` and `useAppSelector` instead."
-          }
-        ],
-        "@typescript-eslint/restrict-template-expressions": ['warn', { allowNumber: true }],
+        "@typescript-eslint/prefer-nullish-coalescing": ['error', {ignorePrimitives: {boolean: true}}],
+
         'jsdoc/require-jsdoc': 'off',
 
         // Those rules set stricter rules for TS files
@@ -388,6 +371,14 @@ module.exports = defineConfig({
       env: {
         jest: true,
       },
-    }
+    },
+    {
+      files: [
+        'streaming/**/*',
+      ],
+      rules: {
+        'import/no-commonjs': 'off',
+      },
+    },
   ],
-});
+};

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+patreon: mastodon
+open_collective: mastodon
+custom: https://sponsor.joinmastodon.org

.github/actions/setup-javascript/action.yml

@@ -1,42 +0,0 @@
-name: 'Setup Javascript'
-description: 'Setup a Javascript environment ready to run the Mastodon code'
-inputs:
-  onlyProduction:
-    description: Only install production dependencies
-    default: 'false'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Set up Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-
-    # The following is needed because we can not use `cache: true` for `setup-node`, as it does not support Corepack yet and mess up with the cache location if ran after Node is installed
-    - name: Enable corepack
-      shell: bash
-      run: corepack enable
-
-    - name: Get yarn cache directory path
-      id: yarn-cache-dir-path
-      shell: bash
-      run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
-
-    - uses: actions/cache@v4
-      id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
-      with:
-        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-        key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-yarn-
-
-    - name: Install all yarn packages
-      shell: bash
-      run: yarn install --immutable
-      if: inputs.onlyProduction == 'false'
-
-    - name: Install all production yarn packages
-      shell: bash
-      run: yarn workspaces focus --production
-      if: inputs.onlyProduction != 'false'

.github/actions/setup-ruby/action.yml

@@ -1,23 +0,0 @@
-name: 'Setup RUby'
-description: 'Setup a Ruby environment ready to run the Mastodon code'
-inputs:
-  ruby-version:
-    description: The Ruby version to install
-    default: '.ruby-version'
-  additional-system-dependencies:
-    description: 'Additional packages to install'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Install system dependencies
-      shell: bash
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y libicu-dev libidn11-dev libvips42 ${{ inputs.additional-system-dependencies }}
-
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ inputs.ruby-version }}
-        bundler-cache: true

.github/codecov.yml

@@ -1,11 +0,0 @@
-comment: false # Do not leave PR comments
-coverage:
-  status:
-    project:
-      default:
-        # GitHub status check is not blocking
-        informational: true
-    patch:
-      default:
-        # GitHub status check is not blocking
-        informational: true

.github/renovate.json5

@@ -2,8 +2,8 @@
   $schema: 'https://docs.renovatebot.com/renovate-schema.json',
   extends: [
     'config:recommended',
-    'customManagers:dockerfileVersions',
     ':labels(dependencies)',
+    ':maintainLockFilesMonthly', // update non-direct dependencies monthly
     ':prConcurrentLimitNone', // Remove limit for open PRs at any time.
     ':prHourlyLimit2', // Rate limit PR creation to a maximum of two per hour.
   ],
@@ -13,7 +13,6 @@
   // If we do not want a package to be grouped with others, we need to set its groupName
   // to `null` after any other rule set it to something.
   dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).',
-  postUpdateOptions: ['yarnDedupeHighest'],
   packageRules: [
     {
       // Require Dependency Dashboard Approval for major version bumps of these node packages
@@ -23,7 +22,6 @@
         'react-hotkeys', // Requires code changes
 
         // Requires Webpacker upgrade or replacement
-        '@svgr/webpack',
         '@types/webpack',
         'babel-loader',
         'compression-webpack-plugin',
@@ -51,6 +49,7 @@
       matchManagers: ['bundler'],
       matchPackageNames: [
         'rack', // Needs to be synced with Rails version
+        'sprockets', // Requires manual upgrade https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
         'strong_migrations', // Requires manual upgrade
         'sidekiq', // Requires manual upgrade
         'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version
@@ -60,7 +59,7 @@
       dependencyDashboardApproval: true,
     },
     {
-      // Update GitHub Actions and Docker images weekly
+      // Update Github Actions and Docker images weekly
       matchManagers: ['github-actions', 'dockerfile', 'docker-compose'],
       extends: ['schedule:weekly'],
     },
@@ -100,16 +99,6 @@
       matchUpdateTypes: ['patch', 'minor'],
       groupName: 'eslint (non-major)',
     },
-    {
-      // Group actions/*-artifact in the same PR
-      matchManagers: ['github-actions'],
-      matchPackageNames: [
-        'actions/download-artifact',
-        'actions/upload-artifact',
-      ],
-      matchUpdateTypes: ['major'],
-      groupName: 'artifact actions (major)',
-    },
     {
       // Update @types/* packages every week, with one grouped PR
       matchPackagePrefixes: '@types/',
@@ -126,29 +115,6 @@
       ],
       groupName: null, // We dont want them to belong to any group
     },
-    {
-      // Group all RuboCop packages with `rubocop` in the same PR
-      matchManagers: ['bundler'],
-      matchPackageNames: ['rubocop'],
-      matchPackagePrefixes: ['rubocop-'],
-      matchUpdateTypes: ['patch', 'minor'],
-      groupName: 'RuboCop (non-major)',
-    },
-    {
-      // Group all RSpec packages with `rspec` in the same PR
-      matchManagers: ['bundler'],
-      matchPackageNames: ['rspec'],
-      matchPackagePrefixes: ['rspec-'],
-      matchUpdateTypes: ['patch', 'minor'],
-      groupName: 'RSpec (non-major)',
-    },
-    {
-      // Group all opentelemetry-ruby packages in the same PR
-      matchManagers: ['bundler'],
-      matchPackagePrefixes: ['opentelemetry-'],
-      matchUpdateTypes: ['patch', 'minor'],
-      groupName: 'opentelemetry-ruby (non-major)',
-    },
     // Add labels depending on package manager
     { matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] },
     { matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] },

.github/stylelint-matcher.json

@@ -0,0 +1,21 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "stylelint",
+      "pattern": [
+        {
+          "regexp": "^([^\\s].*)$",
+          "file": 1
+        },
+        {
+          "regexp": "^\\s+((\\d+):(\\d+))?\\s+(✖|×)\\s+(.*)\\s{2,}(.*)$",
+          "line": 2,
+          "column": 3,
+          "message": 5,
+          "code": 6,
+          "loop": true
+        }
+      ]
+    }
+  ]
+}

.github/workflows/build-container-image.yml

@@ -4,9 +4,6 @@ on:
       platforms:
         required: true
         type: string
-      cache:
-        type: boolean
-        default: true
       use_native_arm64_builder:
         type: boolean
       push_to_images:
@@ -21,20 +18,18 @@ on:
         type: string
       labels:
         type: string
-      file_to_build:
-        type: string
 
 jobs:
   build-image:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
 
-      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-qemu-action@v2
         if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder
 
-      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-buildx-action@v2
         id: buildx
         if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }}
 
@@ -43,7 +38,7 @@ jobs:
         run: |
           docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234
 
-      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-buildx-action@v2
         id: buildx-native
         if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
         with:
@@ -63,20 +58,20 @@ jobs:
 
       - name: Log in to Docker Hub
         if: contains(inputs.push_to_images, 'tootsuite')
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Log in to the GitHub Container registry
+      - name: Log in to the Github Container registry
         if: contains(inputs.push_to_images, 'ghcr.io')
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: docker/metadata-action@v5
+      - uses: docker/metadata-action@v4
         id: meta
         if: ${{ inputs.push_to_images != '' }}
         with:
@@ -85,10 +80,9 @@ jobs:
           tags: ${{ inputs.tags }}
           labels: ${{ inputs.labels }}
 
-      - uses: docker/build-push-action@v5
+      - uses: docker/build-push-action@v4
         with:
           context: .
-          file: ${{ inputs.file_to_build }}
           build-args: |
             MASTODON_VERSION_PRERELEASE=${{ inputs.version_prerelease }}
             MASTODON_VERSION_METADATA=${{ inputs.version_metadata }}
@@ -98,5 +92,5 @@ jobs:
           push: ${{ inputs.push_to_images != '' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: ${{ inputs.cache && 'type=gha' || '' }}
-          cache-to: ${{ inputs.cache && 'type=gha,mode=max' || '' }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/build-nightly.yml

@@ -11,7 +11,6 @@ permissions:
 jobs:
   compute-suffix:
     runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
     steps:
       - id: version_vars
         env:
@@ -25,10 +24,8 @@ jobs:
     needs: compute-suffix
     uses: ./.github/workflows/build-container-image.yml
     with:
-      file_to_build: Dockerfile
       platforms: linux/amd64,linux/arm64
       use_native_arm64_builder: true
-      cache: false
       push_to_images: |
         tootsuite/mastodon
         ghcr.io/mastodon/mastodon
@@ -42,25 +39,3 @@ jobs:
         type=raw,value=nightly
         type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }}
     secrets: inherit
-
-  build-image-streaming:
-    needs: compute-suffix
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      platforms: linux/amd64,linux/arm64
-      use_native_arm64_builder: true
-      cache: false
-      push_to_images: |
-        tootsuite/mastodon-streaming
-        ghcr.io/mastodon/mastodon-streaming
-      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
-      labels: |
-        org.opencontainers.image.description=Nightly build image used for testing purposes
-      flavor: |
-        latest=auto
-      tags: |
-        type=raw,value=edge
-        type=raw,value=nightly
-        type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }}
-    secrets: inherit

.github/workflows/build-push-pr.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       # Repository needs to be cloned so `git rev-parse` below works
       - name: Clone repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
       - id: version_vars
         run: |
           echo mastodon_version_metadata=pr-${{ github.event.pull_request.number }}-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
@@ -29,7 +29,6 @@ jobs:
     needs: compute-suffix
     uses: ./.github/workflows/build-container-image.yml
     with:
-      file_to_build: Dockerfile
       platforms: linux/amd64,linux/arm64
       use_native_arm64_builder: true
       push_to_images: |
@@ -40,19 +39,3 @@ jobs:
       tags: |
         type=ref,event=pr
     secrets: inherit
-
-  build-image-streaming:
-    needs: compute-suffix
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      platforms: linux/amd64,linux/arm64
-      use_native_arm64_builder: true
-      push_to_images: |
-        ghcr.io/mastodon/mastodon-streaming
-      version_metadata: ${{ needs.compute-suffix.outputs.metadata }}
-      flavor: |
-        latest=auto
-      tags: |
-        type=ref,event=pr
-    secrets: inherit

.github/workflows/build-releases.yml

@@ -12,39 +12,15 @@ jobs:
   build-image:
     uses: ./.github/workflows/build-container-image.yml
     with:
-      file_to_build: Dockerfile
       platforms: linux/amd64,linux/arm64
       use_native_arm64_builder: true
       push_to_images: |
         tootsuite/mastodon
         ghcr.io/mastodon/mastodon
-      # Do not use cache when building releases, so apt update is always ran and the release always contain the latest packages
-      cache: false
       # Only tag with latest when ran against the latest stable branch
       # This needs to be updated after each minor version release
       flavor: |
-        latest=${{ startsWith(github.ref, 'refs/tags/v4.2.') }}
-      tags: |
-        type=pep440,pattern={{raw}}
-        type=pep440,pattern=v{{major}}.{{minor}}
-    secrets: inherit
-
-  build-image-streaming:
-    if: startsWith(github.ref, 'refs/tags/v4.3.')
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      platforms: linux/amd64,linux/arm64
-      use_native_arm64_builder: true
-      push_to_images: |
-        tootsuite/mastodon-streaming
-        ghcr.io/mastodon/mastodon-streaming
-      # Do not use cache when building releases, so apt update is always ran and the release always contain the latest packages
-      cache: false
-      # Only tag with latest when ran against the latest stable branch
-      # This needs to be updated after each minor version release
-      flavor: |
-        latest=${{ startsWith(github.ref, 'refs/tags/v4.3.') }}
+        latest=${{ startsWith(github.ref, 'refs/tags/v4.1.') }}
       tags: |
         type=pep440,pattern={{raw}}
         type=pep440,pattern=v{{major}}.{{minor}}

.github/workflows/build-security.yml

@@ -1,64 +0,0 @@
-name: Build security nightly container image
-on:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  packages: write
-
-jobs:
-  compute-suffix:
-    runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
-    steps:
-      - id: version_vars
-        env:
-          TZ: Etc/UTC
-        run: |
-          echo mastodon_version_prerelease=nightly.$(date --date='next day' +'%Y-%m-%d')-security>> $GITHUB_OUTPUT
-    outputs:
-      prerelease: ${{ steps.version_vars.outputs.mastodon_version_prerelease }}
-
-  build-image:
-    needs: compute-suffix
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: Dockerfile
-      platforms: linux/amd64,linux/arm64
-      use_native_arm64_builder: true
-      cache: false
-      push_to_images: |
-        tootsuite/mastodon
-        ghcr.io/mastodon/mastodon
-      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
-      labels: |
-        org.opencontainers.image.description=Nightly build image used for testing purposes
-      flavor: |
-        latest=auto
-      tags: |
-        type=raw,value=edge
-        type=raw,value=nightly
-        type=raw,value=${{ needs.compute-suffix.outputs.prerelease }}
-    secrets: inherit
-
-  build-image-streaming:
-    needs: compute-suffix
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      platforms: linux/amd64,linux/arm64
-      use_native_arm64_builder: true
-      cache: false
-      push_to_images: |
-        tootsuite/mastodon-streaming
-        ghcr.io/mastodon/mastodon-streaming
-      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
-      labels: |
-        org.opencontainers.image.description=Nightly build image used for testing purposes
-      flavor: |
-        latest=auto
-      tags: |
-        type=raw,value=edge
-        type=raw,value=nightly
-        type=raw,value=${{ needs.compute-suffix.outputs.prerelease }}
-    secrets: inherit

.github/workflows/bundler-audit.yml

@@ -6,12 +6,14 @@ on:
     paths:
       - 'Gemfile*'
       - '.ruby-version'
+      - '.bundler-audit.yml'
       - '.github/workflows/bundler-audit.yml'
 
   pull_request:
     paths:
       - 'Gemfile*'
       - '.ruby-version'
+      - '.bundler-audit.yml'
       - '.github/workflows/bundler-audit.yml'
 
   schedule:
@@ -21,17 +23,18 @@ jobs:
   security:
     runs-on: ubuntu-latest
 
-    env:
-      BUNDLE_ONLY: development
-
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
+
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
+          ruby-version: .ruby-version
           bundler-cache: true
 
       - name: Run bundler-audit
-        run: bundle exec bundler-audit check --update
+        run: bundle exec bundler-audit

.github/workflows/check-i18n.yml

@@ -17,13 +17,27 @@ jobs:
     runs-on: ubuntu-22.04
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: Check for missing strings in English JSON
         run: |

.github/workflows/codeql.yml

@@ -27,11 +27,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -44,7 +44,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -57,6 +57,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v2
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/crowdin-download.yml

@@ -11,11 +11,10 @@ permissions:
 jobs:
   download-translations:
     runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       - name: Increase Git http.postBuffer
         # This is needed due to a bug in Ubuntu's cURL version?
@@ -44,27 +43,33 @@ jobs:
         run: sudo chown -R runner:docker .
 
       # This is needed to run the normalize step
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
 
       - name: Run i18n normalize task
         run: bundle exec i18n-tasks normalize
 
       # Create or update the pull request
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6.0.5
+        uses: peter-evans/create-pull-request@v5.0.2
         with:
           commit-message: 'New Crowdin translations'
           title: 'New Crowdin Translations (automated)'
           author: 'GitHub Actions <noreply@github.com>'
           body: |
-            New Crowdin translations, automated with GitHub Actions
+            New Crowdin translations, automated with Github Actions
 
             See `.github/workflows/crowdin-download.yml`
 
             This PR will be updated every day with new translations.
 
-            Due to a limitation in GitHub Actions, checks are not running on this PR without manual action.
+            Due to a limitation in Github Actions, checks are not running on this PR without manual action.
             If you want to run the checks, then close and re-open it.
           branch: i18n/crowdin/translations
           base: main

.github/workflows/crowdin-upload.yml

@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
       - name: crowdin action
         uses: crowdin/github-action@v1

.github/workflows/format-check.yml

@@ -1,18 +0,0 @@
-name: Check formatting
-on:
-  push:
-  pull_request:
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone repository
-        uses: actions/checkout@v4
-
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
-
-      - name: Check formatting with Prettier
-        run: yarn format:check

.github/workflows/lint-css.yml

@@ -33,10 +33,20 @@ jobs:
 
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - uses: xt0rted/stylelint-problem-matcher@v1
+
+      - run: echo "::add-matcher::.github/stylelint-matcher.json"
 
       - name: Stylelint
-        run: yarn lint:css -f github
+        run: yarn lint:sass

.github/workflows/lint-haml.yml

@@ -26,20 +26,22 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-latest
-
-    env:
-      BUNDLE_ONLY: development
-
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
+
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
+          ruby-version: .ruby-version
           bundler-cache: true
 
       - name: Run haml-lint
         run: |
           echo "::add-matcher::.github/workflows/haml-lint-problem-matcher.json"
-          bundle exec haml-lint --reporter github
+          bundle exec haml-lint

.github/workflows/lint-js.yml

@@ -37,10 +37,16 @@ jobs:
 
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: ESLint
         run: yarn lint:js --max-warnings 0

.github/workflows/lint-json.yml

@@ -0,0 +1,44 @@
+name: JSON Linting
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+    paths:
+      - 'package.json'
+      - 'yarn.lock'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.json'
+      - '.github/workflows/lint-json.yml'
+      - '!app/javascript/mastodon/locales/*.json'
+
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'yarn.lock'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.json'
+      - '.github/workflows/lint-json.yml'
+      - '!app/javascript/mastodon/locales/*.json'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v3
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - name: Prettier
+        run: yarn lint:json

.github/workflows/lint-md.yml

@@ -0,0 +1,44 @@
+name: Markdown Linting
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+    paths:
+      - '.github/workflows/lint-md.yml'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.md'
+      - '!AUTHORS.md'
+      - 'package.json'
+      - 'yarn.lock'
+
+  pull_request:
+    paths:
+      - '.github/workflows/lint-md.yml'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.md'
+      - '!AUTHORS.md'
+      - 'package.json'
+      - 'yarn.lock'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v3
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - name: Prettier
+        run: yarn lint:md

.github/workflows/lint-ruby.yml

@@ -27,24 +27,25 @@ jobs:
   lint:
     runs-on: ubuntu-latest
 
-    env:
-      BUNDLE_ONLY: development
-
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
+
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
+          ruby-version: .ruby-version
           bundler-cache: true
 
       - name: Set-up RuboCop Problem Matcher
         uses: r7kamura/rubocop-problem-matchers-action@v1
 
       - name: Run rubocop
-        run: bin/rubocop
+        run: bundle exec rubocop
 
       - name: Run brakeman
         if: always() # Run both checks, even if the first failed
-        run: bin/brakeman
+        run: bundle exec brakeman

.github/workflows/lint-yml.yml

@@ -0,0 +1,46 @@
+name: YML Linting
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+    paths:
+      - 'package.json'
+      - 'yarn.lock'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.yaml'
+      - '**/*.yml'
+      - '.github/workflows/lint-yml.yml'
+      - '!config/locales/*.yml'
+
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'yarn.lock'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.yaml'
+      - '**/*.yml'
+      - '.github/workflows/lint-yml.yml'
+      - '!config/locales/*.yml'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v3
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - name: Prettier
+        run: yarn lint:yml

.github/workflows/rebase-needed.yml

@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - name: Check for merge conflicts
-        uses: eps1lon/actions-label-merge-conflict@v3
+        uses: eps1lon/actions-label-merge-conflict@releases/2.x
         with:
           dirtyLabel: 'rebase needed :construction:'
           repoToken: '${{ secrets.GITHUB_TOKEN }}'

.github/workflows/test-image-build.yml

@@ -7,7 +7,6 @@ on:
       - .github/workflows/build-releases.yml
       - .github/workflows/test-image-build.yml
       - Dockerfile
-      - streaming/Dockerfile
 permissions:
   contents: read
 
@@ -19,17 +18,4 @@ jobs:
 
     uses: ./.github/workflows/build-container-image.yml
     with:
-      file_to_build: Dockerfile
       platforms: linux/amd64 # Testing only on native platform so it is performant
-      cache: true
-
-  build-image-streaming:
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-streaming
-      cancel-in-progress: true
-
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      platforms: linux/amd64 # Testing only on native platform so it is performant
-      cache: true

.github/workflows/test-js.yml

@@ -33,10 +33,16 @@ jobs:
 
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
 
-      - name: JavaScript testing
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - name: Jest testing
         run: yarn jest --reporters github-actions summary

.github/workflows/test-migrations-one-step.yml

@@ -0,0 +1,111 @@
+name: Test one step migrations
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+  pull_request:
+
+jobs:
+  pre_job:
+    runs-on: ubuntu-latest
+
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@v5
+        with:
+          paths: '["Gemfile*", ".ruby-version", "**/*.rb", ".github/workflows/test-migrations-one-step.yml", "lib/tasks/tests.rake"]'
+
+  test:
+    runs-on: ubuntu-latest
+    needs: pre_job
+    if: needs.pre_job.outputs.should_skip != 'true'
+
+    strategy:
+      fail-fast: false
+
+      matrix:
+        postgres:
+          - 14-alpine
+          - 15-alpine
+
+    services:
+      postgres:
+        image: postgres:${{ matrix.postgres}}
+        env:
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_USER: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+
+      redis:
+        image: redis:7-alpine
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 6379:6379
+
+    env:
+      CONTINUOUS_INTEGRATION: true
+      DB_HOST: localhost
+      DB_USER: postgres
+      DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
+      RAILS_ENV: test
+      BUNDLE_CLEAN: true
+      BUNDLE_FROZEN: true
+      BUNDLE_WITHOUT: 'development production'
+      BUNDLE_JOBS: 3
+      BUNDLE_RETRY: 3
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Create database
+        run: './bin/rails db:create'
+
+      - name: Run migrations up to v2.0.0
+        run: './bin/rails db:migrate VERSION=20171010025614'
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2'
+
+      - name: Run migrations up to v2.4.0
+        run: './bin/rails db:migrate VERSION=20180514140000'
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2_4'
+
+      - name: Run migrations up to v2.4.3
+        run: './bin/rails db:migrate VERSION=20180707154237'
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2_4_3'
+
+      - name: Run all remaining migrations
+        run: './bin/rails db:migrate'
+
+      - name: Check migration result
+        run: './bin/rails tests:migrations:check_database'

.github/workflows/test-migrations-two-step.yml

@@ -0,0 +1,119 @@
+name: Test two step migrations
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+  pull_request:
+
+jobs:
+  pre_job:
+    runs-on: ubuntu-latest
+
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@v5
+        with:
+          paths: '["Gemfile*", ".ruby-version", "**/*.rb", ".github/workflows/test-migrations-two-step.yml", "lib/tasks/tests.rake"]'
+
+  test:
+    runs-on: ubuntu-latest
+    needs: pre_job
+    if: needs.pre_job.outputs.should_skip != 'true'
+
+    strategy:
+      fail-fast: false
+
+      matrix:
+        postgres:
+          - 14-alpine
+          - 15-alpine
+
+    services:
+      postgres:
+        image: postgres:${{ matrix.postgres}}
+        env:
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_USER: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+      redis:
+        image: redis:7-alpine
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 6379:6379
+
+    env:
+      CONTINUOUS_INTEGRATION: true
+      DB_HOST: localhost
+      DB_USER: postgres
+      DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
+      RAILS_ENV: test
+      BUNDLE_CLEAN: true
+      BUNDLE_FROZEN: true
+      BUNDLE_WITHOUT: 'development production'
+      BUNDLE_JOBS: 3
+      BUNDLE_RETRY: 3
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Create database
+        run: './bin/rails db:create'
+
+      - name: Run migrations up to v2.0.0
+        run: './bin/rails db:migrate VERSION=20171010025614'
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2'
+
+      - name: Run pre-deployment migrations up to v2.4.0
+        run: './bin/rails db:migrate VERSION=20180514140000'
+        env:
+          SKIP_POST_DEPLOYMENT_MIGRATIONS: true
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2_4'
+
+      - name: Run migrations up to v2.4.3
+        run: './bin/rails db:migrate VERSION=20180707154237'
+        env:
+          SKIP_POST_DEPLOYMENT_MIGRATIONS: true
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2_4_3'
+
+      - name: Run all remaining pre-deployment migrations
+        run: './bin/rails db:migrate'
+        env:
+          SKIP_POST_DEPLOYMENT_MIGRATIONS: true
+
+      - name: Run all post-deployment migrations
+        run: './bin/rails db:migrate'
+
+      - name: Check migration result
+        run: './bin/rails tests:migrations:check_database'

.github/workflows/test-migrations.yml

@@ -1,93 +0,0 @@
-name: Historical data migration test
-
-on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
-      - 'renovate/**'
-  pull_request:
-
-jobs:
-  pre_job:
-    runs-on: ubuntu-latest
-
-    outputs:
-      should_skip: ${{ steps.skip_check.outputs.should_skip }}
-
-    steps:
-      - id: skip_check
-        uses: fkirc/skip-duplicate-actions@v5
-        with:
-          paths: '["Gemfile*", ".ruby-version", "**/*.rb", ".github/workflows/test-migrations.yml", "lib/tasks/tests.rake"]'
-
-  test:
-    runs-on: ubuntu-latest
-    needs: pre_job
-    if: needs.pre_job.outputs.should_skip != 'true'
-
-    strategy:
-      fail-fast: false
-
-      matrix:
-        postgres:
-          - 14-alpine
-          - 15-alpine
-
-    services:
-      postgres:
-        image: postgres:${{ matrix.postgres}}
-        env:
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_USER: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 5432:5432
-
-      redis:
-        image: redis:7-alpine
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 6379:6379
-
-    env:
-      DB_HOST: localhost
-      DB_USER: postgres
-      DB_PASS: postgres
-      DISABLE_SIMPLECOV: true
-      RAILS_ENV: test
-      BUNDLE_CLEAN: true
-      BUNDLE_FROZEN: true
-      BUNDLE_WITHOUT: 'development:production'
-      BUNDLE_JOBS: 3
-      BUNDLE_RETRY: 3
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-
-      - name: Test "one step migration" flow
-        run: |
-          bin/rails db:drop
-          bin/rails db:create
-          bin/rails tests:migrations:prepare_database
-          bin/rails db:migrate
-          bin/rails tests:migrations:check_database
-
-      - name: Test "two step migration" flow
-        run: |
-          bin/rails db:drop
-          bin/rails db:create
-          SKIP_POST_DEPLOYMENT_MIGRATIONS=true bin/rails tests:migrations:prepare_database
-          SKIP_POST_DEPLOYMENT_MIGRATIONS=true bin/rails db:migrate
-          bin/rails db:migrate
-          bin/rails tests:migrations:check_database

.github/workflows/test-ruby.yml

@@ -28,34 +28,42 @@ jobs:
     env:
       RAILS_ENV: ${{ matrix.mode }}
       BUNDLE_WITH: ${{ matrix.mode }}
-      SECRET_KEY_BASE_DUMMY: 1
+      OTP_SECRET: precompile_placeholder
+      SECRET_KEY_BASE: precompile_placeholder
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
         with:
-          onlyProduction: 'true'
+          cache: yarn
+          node-version-file: '.nvmrc'
 
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - run: yarn --frozen-lockfile --production
       - name: Precompile assets
         # Previously had set this, but it's not supported
         # export NODE_OPTIONS=--openssl-legacy-provider
         run: |-
           ./bin/rails assets:precompile
 
-      - name: Archive asset artifacts
-        run: |
-          tar --exclude={"*.br","*.gz"} -zcf artifacts.tar.gz public/assets public/packs*
-
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v3
         if: matrix.mode == 'test'
         with:
           path: |-
-            ./artifacts.tar.gz
+            ./public/assets
+            ./public/packs-test
           name: ${{ github.sha }}
           retention-days: 0
 
@@ -73,9 +81,9 @@ jobs:
           POSTGRES_USER: postgres
         options: >-
           --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 5432:5432
 
@@ -83,9 +91,9 @@ jobs:
         image: redis:7-alpine
         options: >-
           --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 6379:6379
 
@@ -93,7 +101,7 @@ jobs:
       DB_HOST: localhost
       DB_USER: postgres
       DB_PASS: postgres
-      DISABLE_SIMPLECOV: ${{ matrix.ruby-version != '.ruby-version' }}
+      DISABLE_SIMPLECOV: true
       RAILS_ENV: test
       ALLOW_NOPAM: true
       PAM_ENABLED: true
@@ -104,132 +112,47 @@ jobs:
       SAML_ENABLED: true
       CAS_ENABLED: true
       BUNDLE_WITH: 'pam_authentication test'
-      GITHUB_RSPEC: ${{ matrix.ruby-version == '.ruby-version' && github.event.pull_request && 'true' }}
+      CI_JOBS: ${{ matrix.ci_job }}/4
 
     strategy:
       fail-fast: false
       matrix:
         ruby-version:
+          - '3.0'
           - '3.1'
-          - '3.2'
           - '.ruby-version'
+        ci_job:
+          - 1
+          - 2
+          - 3
+          - 4
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
 
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
-          path: './'
+          path: './public'
           name: ${{ github.sha }}
 
-      - name: Expand archived asset artifacts
-        run: |
-          tar xvzf artifacts.tar.gz
+      - name: Update package index
+        run: sudo apt-get update
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Install additional system dependencies
+        run: sudo apt-get install -y ffmpeg imagemagick libpam-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg libpam-dev
+          bundler-cache: true
 
       - name: Load database schema
         run: './bin/rails db:create db:schema:load db:seed'
 
-      - run: bin/rspec
-
-      - name: Upload coverage reports to Codecov
-        if: matrix.ruby-version == '.ruby-version'
-        uses: codecov/codecov-action@v4
-        with:
-          files: coverage/lcov/mastodon.lcov
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-  test-libvips:
-    name: Libvips tests
-    runs-on: ubuntu-24.04
-
-    needs:
-      - build
-
-    services:
-      postgres:
-        image: postgres:14-alpine
-        env:
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_USER: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 5432:5432
-
-      redis:
-        image: redis:7-alpine
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 6379:6379
-
-    env:
-      DB_HOST: localhost
-      DB_USER: postgres
-      DB_PASS: postgres
-      DISABLE_SIMPLECOV: ${{ matrix.ruby-version != '.ruby-version' }}
-      RAILS_ENV: test
-      ALLOW_NOPAM: true
-      PAM_ENABLED: true
-      PAM_DEFAULT_SERVICE: pam_test
-      PAM_CONTROLLED_SERVICE: pam_test_controlled
-      OIDC_ENABLED: true
-      OIDC_SCOPE: read
-      SAML_ENABLED: true
-      CAS_ENABLED: true
-      BUNDLE_WITH: 'pam_authentication test'
-      GITHUB_RSPEC: ${{ matrix.ruby-version == '.ruby-version' && github.event.pull_request && 'true' }}
-      MASTODON_USE_LIBVIPS: true
-
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby-version:
-          - '3.1'
-          - '3.2'
-          - '.ruby-version'
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/download-artifact@v4
-        with:
-          path: './'
-          name: ${{ github.sha }}
-
-      - name: Expand archived asset artifacts
-        run: |
-          tar xvzf artifacts.tar.gz
-
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-        with:
-          ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg libpam-dev libyaml-dev
-
-      - name: Load database schema
-        run: './bin/rails db:create db:schema:load db:seed'
-
-      - run: bin/rspec --tag paperclip_processing
-
-      - name: Upload coverage reports to Codecov
-        if: matrix.ruby-version == '.ruby-version'
-        uses: codecov/codecov-action@v4
-        with:
-          files: coverage/lcov/mastodon.lcov
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      - run: bundle exec rake rspec_chunked
 
   test-e2e:
     name: End to End testing
@@ -246,9 +169,9 @@ jobs:
           POSTGRES_USER: postgres
         options: >-
           --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 5432:5432
 
@@ -256,9 +179,9 @@ jobs:
         image: redis:7-alpine
         options: >-
           --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 6379:6379
 
@@ -269,169 +192,61 @@ jobs:
       DISABLE_SIMPLECOV: true
       RAILS_ENV: test
       BUNDLE_WITH: test
-      LOCAL_DOMAIN: localhost:3000
-      LOCAL_HTTPS: false
 
     strategy:
       fail-fast: false
       matrix:
         ruby-version:
+          - '3.0'
           - '3.1'
-          - '3.2'
           - '.ruby-version'
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
 
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
           path: './public'
           name: ${{ github.sha }}
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Update package index
+        run: sudo apt-get update
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Install additional system dependencies
+        run: sudo apt-get install -y ffmpeg imagemagick
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg
+          bundler-cache: true
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - run: yarn --frozen-lockfile
 
       - name: Load database schema
         run: './bin/rails db:create db:schema:load db:seed'
 
-      - run: bin/rspec spec/system --tag streaming --tag js
+      - run: bundle exec rake spec:system
 
       - name: Archive logs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: e2e-logs-${{ matrix.ruby-version }}
           path: log/
 
       - name: Archive test screenshots
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: e2e-screenshots
-          path: tmp/capybara/
-
-  test-search:
-    name: Elastic Search integration testing
-    runs-on: ubuntu-latest
-
-    needs:
-      - build
-
-    services:
-      postgres:
-        image: postgres:14-alpine
-        env:
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_USER: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 5432:5432
-
-      redis:
-        image: redis:7-alpine
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 6379:6379
-
-      elasticsearch:
-        image: ${{ contains(matrix.search-image, 'elasticsearch') && matrix.search-image || '' }}
-        env:
-          discovery.type: single-node
-          xpack.security.enabled: false
-        options: >-
-          --health-cmd "curl http://localhost:9200/_cluster/health"
-          --health-interval 2s
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 9200:9200
-
-      opensearch:
-        image: ${{ contains(matrix.search-image, 'opensearch') && matrix.search-image || '' }}
-        env:
-          discovery.type: single-node
-          DISABLE_INSTALL_DEMO_CONFIG: true
-          DISABLE_SECURITY_PLUGIN: true
-        options: >-
-          --health-cmd "curl http://localhost:9200/_cluster/health"
-          --health-interval 2s
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 9200:9200
-
-    env:
-      DB_HOST: localhost
-      DB_USER: postgres
-      DB_PASS: postgres
-      DISABLE_SIMPLECOV: true
-      RAILS_ENV: test
-      BUNDLE_WITH: test
-      ES_ENABLED: true
-      ES_HOST: localhost
-      ES_PORT: 9200
-
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby-version:
-          - '3.1'
-          - '3.2'
-          - '.ruby-version'
-        search-image:
-          - docker.elastic.co/elasticsearch/elasticsearch:7.17.13
-        include:
-          - ruby-version: '.ruby-version'
-            search-image: docker.elastic.co/elasticsearch/elasticsearch:8.10.2
-          - ruby-version: '.ruby-version'
-            search-image: opensearchproject/opensearch:2
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/download-artifact@v4
-        with:
-          path: './public'
-          name: ${{ github.sha }}
-
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-        with:
-          ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg
-
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
-
-      - name: Load database schema
-        run: './bin/rails db:create db:schema:load db:seed'
-
-      - run: bin/rspec --tag search
-
-      - name: Archive logs
-        uses: actions/upload-artifact@v4
-        if: failure()
-        with:
-          name: test-search-logs-${{ matrix.ruby-version }}
-          path: log/
-
-      - name: Archive test screenshots
-        uses: actions/upload-artifact@v4
-        if: failure()
-        with:
-          name: test-search-screenshots
-          path: tmp/capybara/
+          path: tmp/screenshots/

.gitignore

@@ -24,12 +24,16 @@
 /public/packs-test
 .env
 .env.production
+.env.development
 /node_modules/
 /build/
 
 # Ignore Vagrant files
 .vagrant/
 
+# Ignore Capistrano customizations
+/config/deploy/*
+
 # Ignore IDE files
 .vscode/
 .idea/
@@ -54,20 +58,8 @@ npm-debug.log
 yarn-error.log
 yarn-debug.log
 
-# From https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
-.pnp.*
-.yarn/*
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/sdks
-!.yarn/versions
-
 # Ignore vagrant log files
 *-cloudimg-console.log
 
 # Ignore Docker option files
 docker-compose.override.yml
-
-# Ignore dotenv .local files
-.env*.local

.haml-lint.yml

@@ -1,5 +1,8 @@
+inherits_from: .haml-lint_todo.yml
+
 exclude:
   - 'vendor/**/*'
+  - lib/templates/haml/scaffold/_form.html.haml
 
 require:
   - ./lib/linter/haml_middle_dot.rb
@@ -9,7 +12,3 @@ linters:
     enabled: true
   MiddleDot:
     enabled: true
-  LineLength:
-    max: 300
-  ViewLength:
-    max: 200 # Override default value of 100 inherited from rubocop

.haml-lint_todo.yml

@@ -0,0 +1,47 @@
+# This configuration was generated by
+# `haml-lint --auto-gen-config`
+# on 2023-07-20 09:47:50 -0400 using Haml-Lint version 0.48.0.
+# The point is for the user to remove these configuration records
+# one by one as the lints are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of Haml-Lint, may require this file to be generated again.
+
+linters:
+  # Offense count: 951
+  LineLength:
+    enabled: false
+
+  # Offense count: 22
+  UnnecessaryStringOutput:
+    enabled: false
+
+  # Offense count: 57
+  RuboCop:
+    enabled: false
+
+  # Offense count: 3
+  ViewLength:
+    exclude:
+      - 'app/views/admin/accounts/show.html.haml'
+      - 'app/views/admin/reports/show.html.haml'
+      - 'app/views/disputes/strikes/show.html.haml'
+
+  # Offense count: 32
+  InstanceVariables:
+    exclude:
+      - 'app/views/admin/reports/_actions.html.haml'
+      - 'app/views/admin/roles/_form.html.haml'
+      - 'app/views/admin/webhooks/_form.html.haml'
+      - 'app/views/auth/registrations/_status.html.haml'
+      - 'app/views/auth/sessions/two_factor/_otp_authentication_form.html.haml'
+      - 'app/views/authorize_interactions/_post_follow_actions.html.haml'
+      - 'app/views/invites/_form.html.haml'
+      - 'app/views/relationships/_account.html.haml'
+      - 'app/views/shared/_og.html.haml'
+
+  # Offense count: 3
+  IdNames:
+    exclude:
+      - 'app/views/authorize_interactions/error.html.haml'
+      - 'app/views/oauth/authorizations/error.html.haml'
+      - 'app/views/shared/_error_messages.html.haml'

.husky/pre-commit

@@ -1 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
 yarn lint-staged

.nanoignore

@@ -0,0 +1,19 @@
+.DS_Store
+.git/
+.gitignore
+
+.bundle/
+.cache/
+config/deploy/*
+coverage
+docs/
+.env
+log/*.log
+neo4j/
+node_modules/
+public/assets/
+public/system/
+spec/
+tmp/
+.vagrant/
+vendor/bundle/

.nvmrc

@@ -1 +1 @@
-20.14
+16.20

.prettierignore

@@ -31,6 +31,9 @@
 # Ignore Vagrant files
 .vagrant/
 
+# Ignore Capistrano customizations
+/config/deploy/*
+
 # Ignore IDE files
 .vscode/
 .idea/
@@ -54,13 +57,6 @@
 # Ignore Docker option files
 docker-compose.override.yml
 
-# Ignore public
-/public/assets
-/public/emoji
-/public/packs
-/public/packs-test
-/public/system
-
 # Ignore emoji map file
 /app/javascript/mastodon/features/emoji/emoji_map.json
 
@@ -80,6 +76,3 @@ app/javascript/styles/mastodon/reset.scss
 
 # Ignore the generated AUTHORS.md
 AUTHORS.md
-
-# Process a few selected JS files
-!lint-staged.config.js

.rubocop.yml

@@ -1,34 +1,7 @@
----
-AllCops:
-  CacheRootDirectory: tmp
-  DisplayCopNames: true
-  DisplayStyleGuide: true
-  Exclude:
-    - db/schema.rb
-    - bin/*
-    - node_modules/**/*
-    - Vagrantfile
-    - vendor/**/*
-    - config/initializers/json_ld*
-    - lib/mastodon/migration_helpers.rb
-    - lib/templates/**/*
-  ExtraDetails: true
-  NewCops: enable
-  TargetRubyVersion: 3.1 # Oldest supported ruby version
-  UseCache: true
-
-inherit_from:
-  - .rubocop/layout.yml
-  - .rubocop/metrics.yml
-  - .rubocop/naming.yml
-  - .rubocop/rails.yml
-  - .rubocop/rspec_rails.yml
-  - .rubocop/rspec.yml
-  - .rubocop/style.yml
-  - .rubocop/custom.yml
-  - .rubocop_todo.yml
-  - .rubocop/strict.yml
+# Can be removed once all rules are addressed or moved to this file as documented overrides
+inherit_from: .rubocop_todo.yml
 
+# Used for merging with exclude lists with .rubocop_todo.yml
 inherit_mode:
   merge:
     - Exclude
@@ -36,6 +9,194 @@ inherit_mode:
 require:
   - rubocop-rails
   - rubocop-rspec
-  - rubocop-rspec_rails
   - rubocop-performance
   - rubocop-capybara
+  - ./lib/linter/rubocop_middle_dot
+
+AllCops:
+  TargetRubyVersion: 3.0 # Set to minimum supported version of CI
+  DisplayCopNames: true
+  DisplayStyleGuide: true
+  ExtraDetails: true
+  UseCache: true
+  CacheRootDirectory: tmp
+  NewCops: enable # Opt-in to newly added rules
+  Exclude:
+    - db/schema.rb
+    - 'bin/*'
+    - 'node_modules/**/*'
+    - 'Vagrantfile'
+    - 'vendor/**/*'
+    - 'lib/json_ld/*' # Generated files
+    - 'lib/templates/**/*'
+
+# Reason: Prefer Hashes without extreme indentation
+# https://docs.rubocop.org/rubocop/cops_layout.html#layoutfirsthashelementindentation
+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
+
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_layout.html#layoutlinelength
+Layout/LineLength:
+  Max: 320 # Default of 120 causes a duplicate entry in generated todo file
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_lint.html#lintuselessaccessmodifier
+Lint/UselessAccessModifier:
+  ContextCreatingMethods:
+    - class_methods
+
+## Disable most Metrics/*Length cops
+# Reason: those are often triggered and force significant refactors when this happend
+#         but the team feel they are not really improving the code quality.
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocklength
+Metrics/BlockLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsclasslength
+Metrics/ClassLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmethodlength
+Metrics/MethodLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmodulelength
+Metrics/ModuleLength:
+  Enabled: false
+
+## End Disable Metrics/*Length cops
+
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsabcsize
+Metrics/AbcSize:
+  Exclude:
+    - 'lib/mastodon/cli/*.rb'
+    - db/*migrate/**/*
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocknesting
+Metrics/BlockNesting:
+  Exclude:
+    - 'lib/mastodon/cli/*.rb'
+
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricscyclomaticcomplexity
+Metrics/CyclomaticComplexity:
+  Exclude:
+    - lib/mastodon/cli/*.rb
+    - db/*migrate/**/*
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsparameterlists
+Metrics/ParameterLists:
+  CountKeywordArgs: false
+
+# Reason: Prevailing style is argument file paths
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsfilepath
+Rails/FilePath:
+  EnforcedStyle: arguments
+
+# Reason: Prevailing style uses numeric status codes, matches RSpec/Rails/HttpStatus
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railshttpstatus
+Rails/HttpStatus:
+  EnforcedStyle: numeric
+
+# Reason: Allowed in `tootctl` CLI code and in boot ENV checker
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsexit
+Rails/Exit:
+  Exclude:
+    - 'config/boot.rb'
+    - 'lib/mastodon/cli/*.rb'
+
+# Reason: Some single letter camel case files shouldn't be split
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
+RSpec/FilePath:
+  CustomTransform:
+    ActivityPub: activitypub # Ignore the snake_case due to the amount of files to rename
+    DeepL: deepl
+    FetchOEmbedService: fetch_oembed_service
+    JsonLdHelper: jsonld_helper
+    OEmbedController: oembed_controller
+    OStatus: ostatus
+    NodeInfoController: nodeinfo_controller # NodeInfo isn't snake_cased for any of the instances
+  Exclude:
+    - 'spec/config/initializers/rack_attack_spec.rb' # namespaces usually have separate folder
+    - 'spec/lib/sanitize_config_spec.rb' # namespaces usually have separate folder
+
+# Reason:
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnamedsubject
+RSpec/NamedSubject:
+  EnforcedStyle: named_only
+
+# Reason: Prevailing style choice
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnottonot
+RSpec/NotToNot:
+  EnforcedStyle: to_not
+
+# Reason: Prevailing style uses numeric status codes, matches Rails/HttpStatus
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec_rails.html#rspecrailshttpstatus
+RSpec/Rails/HttpStatus:
+  EnforcedStyle: numeric
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styleclassandmodulechildren
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+# Reason: Classes mostly self-document with their names
+# https://docs.rubocop.org/rubocop/cops_style.html#styledocumentation
+Style/Documentation:
+  Enabled: false
+
+# Reason: Enforce modern Ruby style
+# https://docs.rubocop.org/rubocop/cops_style.html#stylehashsyntax
+Style/HashSyntax:
+  EnforcedStyle: ruby19_no_mixed_keys
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#stylenumericliterals
+Style/NumericLiterals:
+  AllowedPatterns:
+    - \d{4}_\d{2}_\d{2}_\d{6} # For DB migration date version number readability
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#stylepercentliteraldelimiters
+Style/PercentLiteralDelimiters:
+  PreferredDelimiters:
+    '%i': '()'
+    '%w': '()'
+
+# Reason: Prefer less indentation in conditional assignments
+# https://docs.rubocop.org/rubocop/cops_style.html#styleredundantbegin
+Style/RedundantBegin:
+  Enabled: false
+
+# Reason: Overridden to reduce implicit StandardError rescues
+# https://docs.rubocop.org/rubocop/cops_style.html#stylerescuestandarderror
+Style/RescueStandardError:
+  EnforcedStyle: implicit
+
+# Reason: Simplify some spec layouts
+# https://docs.rubocop.org/rubocop/cops_style.html#stylesemicolon
+Style/Semicolon:
+  AllowAsExpressionSeparator: true
+
+# Reason: Originally disabled for CodeClimate, and no config consensus has been found
+# https://docs.rubocop.org/rubocop/cops_style.html#stylesymbolarray
+Style/SymbolArray:
+  Enabled: false
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainarrayliteral
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: 'comma'
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainhashliteral
+Style/TrailingCommaInHashLiteral:
+  EnforcedStyleForMultiline: 'comma'
+
+Style/MiddleDot:
+  Enabled: true

.rubocop/custom.yml

@@ -1,6 +0,0 @@
----
-require:
-  - ../lib/linter/rubocop_middle_dot
-
-Style/MiddleDot:
-  Enabled: true

.rubocop/layout.yml

@@ -1,6 +0,0 @@
----
-Layout/FirstHashElementIndentation:
-  EnforcedStyle: consistent
-
-Layout/LineLength:
-  Max: 300 # Default of 120 causes a duplicate entry in generated todo file

.rubocop/metrics.yml

@@ -1,23 +0,0 @@
----
-Metrics/AbcSize:
-  Exclude:
-    - lib/mastodon/cli/*.rb
-
-Metrics/BlockLength:
-  Enabled: false
-
-Metrics/ClassLength:
-  Enabled: false
-
-Metrics/CyclomaticComplexity:
-  Exclude:
-    - lib/mastodon/cli/*.rb
-
-Metrics/MethodLength:
-  Enabled: false
-
-Metrics/ModuleLength:
-  Enabled: false
-
-Metrics/ParameterLists:
-  CountKeywordArgs: false

.rubocop/naming.yml

@@ -1,3 +0,0 @@
----
-Naming/BlockForwarding:
-  EnforcedStyle: explicit

.rubocop/rails.yml

@@ -1,27 +0,0 @@
----
-Rails/FilePath:
-  EnforcedStyle: arguments
-
-Rails/HttpStatus:
-  EnforcedStyle: numeric
-
-Rails/LexicallyScopedActionFilter:
-  Exclude:
-    - app/controllers/auth/* # Conflicts with `Lint/UselessMethodDefinition` for inherited controller actions
-
-Rails/NegateInclude:
-  Enabled: false
-
-Rails/RakeEnvironment:
-  Exclude: # Tasks are doing local work which do not need full env loaded
-    - lib/tasks/auto_annotate_models.rake
-    - lib/tasks/emojis.rake
-    - lib/tasks/mastodon.rake
-    - lib/tasks/repo.rake
-    - lib/tasks/statistics.rake
-
-Rails/SkipsModelValidations:
-  Enabled: false
-
-Rails/UnusedIgnoredColumns:
-  Enabled: false # Preserve ability to migrate from arbitrary old versions

.rubocop/rspec.yml

@@ -1,27 +0,0 @@
----
-RSpec/ExampleLength:
-  CountAsOne: ['array', 'heredoc', 'method_call']
-  Max: 20 # Override default of 5
-
-RSpec/MultipleExpectations:
-  Max: 10 # Overrides default of 1
-
-RSpec/MultipleMemoizedHelpers:
-  Max: 20 # Overrides default of 5
-
-RSpec/NamedSubject:
-  EnforcedStyle: named_only
-
-RSpec/NestedGroups:
-  Max: 10 # Overrides default of 3
-
-RSpec/NotToNot:
-  EnforcedStyle: to_not
-
-RSpec/SpecFilePathFormat:
-  CustomTransform:
-    ActivityPub: activitypub
-    DeepL: deepl
-    FetchOEmbedService: fetch_oembed_service
-    OEmbedController: oembed_controller
-    OStatus: ostatus

.rubocop/rspec_rails.yml

@@ -1,3 +0,0 @@
----
-RSpecRails/HttpStatus:
-  EnforcedStyle: numeric

.rubocop/strict.yml

@@ -1,19 +0,0 @@
-Lint/Debugger: # Remove any `binding.pry`
-  Enabled: true
-  Exclude: []
-
-RSpec/Focus: # Require full spec run on CI
-  Enabled: true
-  Exclude: []
-
-Rails/Output: # Remove any `puts` debugging
-  Enabled: true
-  Exclude: []
-
-Rails/FindEach: # Using `each` could impact performance, use `find_each`
-  Enabled: true
-  Exclude: []
-
-Rails/UniqBeforePluck: # Require `uniq.pluck` and not `pluck.uniq`
-  Enabled: true
-  Exclude: []

.rubocop/style.yml

@@ -1,47 +0,0 @@
----
-Style/ClassAndModuleChildren:
-  Enabled: false
-
-Style/Documentation:
-  Enabled: false
-
-Style/FormatStringToken:
-  AllowedMethods:
-    - redirect_with_vary # Route redirects are not token-formatted
-  inherit_mode:
-    merge:
-      - AllowedMethods
-
-Style/HashAsLastArrayItem:
-  Enabled: false
-
-Style/HashSyntax:
-  EnforcedShorthandSyntax: either
-  EnforcedStyle: ruby19_no_mixed_keys
-
-Style/NumericLiterals:
-  AllowedPatterns:
-    - \d{4}_\d{2}_\d{2}_\d{6}
-
-Style/PercentLiteralDelimiters:
-  PreferredDelimiters:
-    '%i': ()
-    '%w': ()
-
-Style/RedundantBegin:
-  Enabled: false
-
-Style/RedundantFetchBlock:
-  Enabled: false
-
-Style/RescueStandardError:
-  EnforcedStyle: implicit
-
-Style/SymbolArray:
-  Enabled: false
-
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: comma
-
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: comma

.rubocop_todo.yml

@@ -1,18 +1,111 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.63.5.
+# using RuboCop version 1.56.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
+# Include: **/*.gemfile, **/Gemfile, **/gems.rb
+Bundler/OrderedGems:
+  Exclude:
+    - 'Gemfile'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: with_first_argument, with_fixed_indentation
+Layout/ArgumentAlignment:
+  Exclude:
+    - 'config/initializers/cors.rb'
+    - 'config/initializers/session_store.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
+# SupportedHashRocketStyles: key, separator, table
+# SupportedColonStyles: key, separator, table
+# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
+Layout/HashAlignment:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/rack_attack.rb'
+    - 'config/routes.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
+Layout/LeadingCommentSpace:
+  Exclude:
+    - 'config/application.rb'
+    - 'config/initializers/omniauth.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
+# URISchemes: http, https
+Layout/LineLength:
+  Exclude:
+    - 'app/models/account.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_no_space, require_space
+Layout/SpaceInLambdaLiteral:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/content_security_policy.rb'
+
+# Configuration parameters: AllowComments, AllowEmptyLambdas.
+Lint/EmptyBlock:
+  Exclude:
+    - 'spec/controllers/api/v2/search_controller_spec.rb'
+    - 'spec/fabricators/access_token_fabricator.rb'
+    - 'spec/fabricators/conversation_fabricator.rb'
+    - 'spec/fabricators/system_key_fabricator.rb'
+    - 'spec/lib/activitypub/adapter_spec.rb'
+    - 'spec/models/user_role_spec.rb'
+
 Lint/NonLocalExitFromIterator:
   Exclude:
     - 'app/helpers/jsonld_helper.rb'
 
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/OrAssignmentToConstant:
+  Exclude:
+    - 'lib/sanitize_ext/sanitize_config.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
+Lint/UnusedBlockArgument:
+  Exclude:
+    - 'config/initializers/content_security_policy.rb'
+    - 'config/initializers/doorkeeper.rb'
+    - 'config/initializers/paperclip.rb'
+    - 'config/initializers/simple_form.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/UselessAssignment:
+  Exclude:
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'config/initializers/omniauth.rb'
+    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
+    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
+    - 'spec/controllers/api/v1/favourites_controller_spec.rb'
+    - 'spec/controllers/concerns/account_controller_concern_spec.rb'
+    - 'spec/helpers/jsonld_helper_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/domain_block_spec.rb'
+    - 'spec/models/status_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/models/webauthn_credentials_spec.rb'
+    - 'spec/services/account_search_service_spec.rb'
+    - 'spec/services/post_status_service_spec.rb'
+    - 'spec/services/precompute_feed_service_spec.rb'
+    - 'spec/services/resolve_url_service_spec.rb'
+    - 'spec/views/statuses/show.html.haml_spec.rb'
+
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 82
+  Max: 144
 
 # Configuration parameters: CountBlocks, Max.
 Metrics/BlockNesting:
@@ -27,11 +120,433 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Max: 27
 
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
+# SupportedStyles: snake_case, normalcase, non_integer
+# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
+Naming/VariableNumber:
+  Exclude:
+    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20180514140000_revert_index_change_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20190820003045_update_statuses_index.rb'
+    - 'db/migrate/20190823221802_add_local_index_to_statuses.rb'
+    - 'db/migrate/20200119112504_add_public_index_to_statuses.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/domain_block_spec.rb'
+    - 'spec/models/user_spec.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: SafeMultiline.
+Performance/DeletePrefix:
+  Exclude:
+    - 'app/models/featured_tag.rb'
+
+Performance/MapMethodChain:
+  Exclude:
+    - 'app/models/feed.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/services/bulk_import_service_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
+RSpec/AnyInstance:
+  Exclude:
+    - 'spec/controllers/activitypub/inboxes_controller_spec.rb'
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/admin/resets_controller_spec.rb'
+    - 'spec/controllers/admin/settings/branding_controller_spec.rb'
+    - 'spec/controllers/api/v1/media_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb'
+    - 'spec/lib/request_spec.rb'
+    - 'spec/lib/status_filter_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/setting_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/validators/follow_limit_validator_spec.rb'
+    - 'spec/workers/activitypub/delivery_worker_spec.rb'
+    - 'spec/workers/web/push_notification_worker_spec.rb'
+
+# Configuration parameters: CountAsOne.
+RSpec/ExampleLength:
+  Max: 22
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: implicit, each, example
+RSpec/HookArgument:
+  Exclude:
+    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
+    - 'spec/controllers/well_known/webfinger_controller_spec.rb'
+    - 'spec/helpers/instance_helper_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/rails_helper.rb'
+    - 'spec/serializers/activitypub/note_serializer_spec.rb'
+    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
+# Configuration parameters: AssignmentOnly.
+RSpec/InstanceVariable:
+  Exclude:
+    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
+    - 'spec/controllers/auth/confirmations_controller_spec.rb'
+    - 'spec/controllers/auth/passwords_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/concerns/export_controller_concern_spec.rb'
+    - 'spec/controllers/home_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb'
+    - 'spec/controllers/statuses_cleanup_controller_spec.rb'
+    - 'spec/models/concerns/account_finder_concern_spec.rb'
+    - 'spec/models/concerns/account_interactions_spec.rb'
+    - 'spec/models/public_feed_spec.rb'
+    - 'spec/serializers/activitypub/note_serializer_spec.rb'
+    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
+    - 'spec/services/remove_status_service_spec.rb'
+    - 'spec/services/search_service_spec.rb'
+    - 'spec/services/unblock_domain_service_spec.rb'
+
+RSpec/LetSetup:
+  Exclude:
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/admin/action_logs_controller_spec.rb'
+    - 'spec/controllers/admin/instances_controller_spec.rb'
+    - 'spec/controllers/admin/reports/actions_controller_spec.rb'
+    - 'spec/controllers/admin/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v1/accounts/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/api/v1/filters_controller_spec.rb'
+    - 'spec/controllers/api/v1/followed_tags_controller_spec.rb'
+    - 'spec/controllers/api/v2/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/api/v2/filters/keywords_controller_spec.rb'
+    - 'spec/controllers/api/v2/filters/statuses_controller_spec.rb'
+    - 'spec/controllers/auth/confirmations_controller_spec.rb'
+    - 'spec/controllers/auth/passwords_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/follower_accounts_controller_spec.rb'
+    - 'spec/controllers/following_accounts_controller_spec.rb'
+    - 'spec/controllers/oauth/authorized_applications_controller_spec.rb'
+    - 'spec/controllers/oauth/tokens_controller_spec.rb'
+    - 'spec/controllers/settings/imports_controller_spec.rb'
+    - 'spec/lib/activitypub/activity/delete_spec.rb'
+    - 'spec/lib/vacuum/applications_vacuum_spec.rb'
+    - 'spec/lib/vacuum/preview_cards_vacuum_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/account_statuses_cleanup_policy_spec.rb'
+    - 'spec/models/canonical_email_block_spec.rb'
+    - 'spec/models/status_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/services/account_statuses_cleanup_service_spec.rb'
+    - 'spec/services/activitypub/fetch_featured_collection_service_spec.rb'
+    - 'spec/services/activitypub/fetch_remote_status_service_spec.rb'
+    - 'spec/services/activitypub/process_account_service_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/services/batched_remove_status_service_spec.rb'
+    - 'spec/services/block_domain_service_spec.rb'
+    - 'spec/services/bulk_import_service_spec.rb'
+    - 'spec/services/delete_account_service_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+    - 'spec/services/notify_service_spec.rb'
+    - 'spec/services/remove_status_service_spec.rb'
+    - 'spec/services/report_service_spec.rb'
+    - 'spec/services/resolve_account_service_spec.rb'
+    - 'spec/services/suspend_account_service_spec.rb'
+    - 'spec/services/unallow_domain_service_spec.rb'
+    - 'spec/services/unsuspend_account_service_spec.rb'
+    - 'spec/workers/scheduler/user_cleanup_scheduler_spec.rb'
+
+RSpec/MessageChain:
+  Exclude:
+    - 'spec/controllers/api/v1/media_controller_spec.rb'
+    - 'spec/models/concerns/remotable_spec.rb'
+    - 'spec/models/session_activation_spec.rb'
+    - 'spec/models/setting_spec.rb'
+
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: have_received, receive
+RSpec/MessageSpies:
+  Exclude:
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/helpers/admin/account_moderation_notes_helper_spec.rb'
+    - 'spec/lib/webfinger_resource_spec.rb'
+    - 'spec/models/admin/account_action_spec.rb'
+    - 'spec/models/concerns/remotable_spec.rb'
+    - 'spec/models/follow_request_spec.rb'
+    - 'spec/models/identity_spec.rb'
+    - 'spec/models/session_activation_spec.rb'
+    - 'spec/models/setting_spec.rb'
+    - 'spec/services/activitypub/fetch_replies_service_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/spec_helper.rb'
+    - 'spec/validators/status_length_validator_spec.rb'
+
+RSpec/MultipleExpectations:
+  Max: 8
+
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 21
+
+# Configuration parameters: AllowedGroups.
+RSpec/NestedGroups:
+  Max: 6
+
+RSpec/PendingWithoutReason:
+  Exclude:
+    - 'spec/models/account_spec.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Rails/ApplicationController:
+  Exclude:
+    - 'app/controllers/health_controller.rb'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/CreateTableWithTimestamps:
+  Exclude:
+    - 'db/migrate/20170508230434_create_conversation_mutes.rb'
+    - 'db/migrate/20170823162448_create_status_pins.rb'
+    - 'db/migrate/20171116161857_create_list_accounts.rb'
+    - 'db/migrate/20180929222014_create_account_conversations.rb'
+    - 'db/migrate/20181007025445_create_pghero_space_stats.rb'
+    - 'db/migrate/20190103124649_create_scheduled_statuses.rb'
+    - 'db/migrate/20220824233535_create_status_trends.rb'
+    - 'db/migrate/20221006061337_create_preview_card_trends.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Severity.
+Rails/DuplicateAssociation:
+  Exclude:
+    - 'app/serializers/activitypub/collection_serializer.rb'
+    - 'app/serializers/activitypub/note_serializer.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/HasAndBelongsToMany:
+  Exclude:
+    - 'app/models/concerns/account_associations.rb'
+    - 'app/models/preview_card.rb'
+    - 'app/models/status.rb'
+    - 'app/models/tag.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/HasManyOrHasOneDependent:
+  Exclude:
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/conversation.rb'
+    - 'app/models/custom_emoji.rb'
+    - 'app/models/custom_emoji_category.rb'
+    - 'app/models/domain_block.rb'
+    - 'app/models/invite.rb'
+    - 'app/models/status.rb'
+    - 'app/models/user.rb'
+    - 'app/models/web/push_subscription.rb'
+
+Rails/I18nLocaleTexts:
+  Exclude:
+    - 'lib/tasks/mastodon.rake'
+    - 'spec/helpers/flashes_helper_spec.rb'
+
+# Configuration parameters: Include.
+# Include: app/controllers/**/*.rb, app/mailers/**/*.rb
+Rails/LexicallyScopedActionFilter:
+  Exclude:
+    - 'app/controllers/auth/passwords_controller.rb'
+    - 'app/controllers/auth/registrations_controller.rb'
+    - 'app/controllers/auth/sessions_controller.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Rails/NegateInclude:
+  Exclude:
+    - 'app/controllers/concerns/signature_verification.rb'
+    - 'app/helpers/jsonld_helper.rb'
+    - 'app/lib/activitypub/activity/create.rb'
+    - 'app/lib/activitypub/activity/move.rb'
+    - 'app/lib/feed_manager.rb'
+    - 'app/lib/link_details_extractor.rb'
+    - 'app/models/concerns/attachmentable.rb'
+    - 'app/models/concerns/remotable.rb'
+    - 'app/models/custom_filter.rb'
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'app/services/fetch_link_card_service.rb'
+    - 'app/services/search_service.rb'
+    - 'app/workers/web/push_notification_worker.rb'
+    - 'lib/paperclip/color_extractor.rb'
+
 Rails/OutputSafety:
   Exclude:
     - 'config/initializers/simple_form.rb'
 
 # This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Include.
+# Include: **/Rakefile, **/*.rake
+Rails/RakeEnvironment:
+  Exclude:
+    - 'lib/tasks/auto_annotate_models.rake'
+    - 'lib/tasks/db.rake'
+    - 'lib/tasks/emojis.rake'
+    - 'lib/tasks/mastodon.rake'
+    - 'lib/tasks/repo.rake'
+    - 'lib/tasks/statistics.rake'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/ReversibleMigration:
+  Exclude:
+    - 'db/migrate/20160223164502_make_uris_nullable_in_statuses.rb'
+    - 'db/migrate/20161122163057_remove_unneeded_indexes.rb'
+    - 'db/migrate/20170205175257_remove_devices.rb'
+    - 'db/migrate/20170322143850_change_primary_key_to_bigint_on_statuses.rb'
+    - 'db/migrate/20170520145338_change_language_filter_to_opt_out.rb'
+    - 'db/migrate/20170609145826_remove_default_language_from_statuses.rb'
+    - 'db/migrate/20170711225116_fix_null_booleans.rb'
+    - 'db/migrate/20171129172043_add_index_on_stream_entries.rb'
+    - 'db/migrate/20171212195226_remove_duplicate_indexes_in_lists.rb'
+    - 'db/migrate/20171226094803_more_faster_index_on_notifications.rb'
+    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20180617162849_remove_unused_indexes.rb'
+    - 'db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb'
+
+# Configuration parameters: ForbiddenMethods, AllowedMethods.
+# ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
+Rails/SkipsModelValidations:
+  Exclude:
+    - 'app/controllers/admin/invites_controller.rb'
+    - 'app/controllers/concerns/session_tracking_concern.rb'
+    - 'app/models/concerns/account_merging.rb'
+    - 'app/models/concerns/expireable.rb'
+    - 'app/models/status.rb'
+    - 'app/models/trends/links.rb'
+    - 'app/models/trends/preview_card_batch.rb'
+    - 'app/models/trends/preview_card_provider_batch.rb'
+    - 'app/models/trends/status_batch.rb'
+    - 'app/models/trends/statuses.rb'
+    - 'app/models/trends/tag_batch.rb'
+    - 'app/models/trends/tags.rb'
+    - 'app/models/user.rb'
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'app/services/approve_appeal_service.rb'
+    - 'app/services/block_domain_service.rb'
+    - 'app/services/delete_account_service.rb'
+    - 'app/services/process_mentions_service.rb'
+    - 'app/services/unallow_domain_service.rb'
+    - 'app/services/unblock_domain_service.rb'
+    - 'app/services/update_status_service.rb'
+    - 'app/workers/activitypub/post_upgrade_worker.rb'
+    - 'app/workers/move_worker.rb'
+    - 'app/workers/scheduler/ip_cleanup_scheduler.rb'
+    - 'app/workers/scheduler/scheduled_statuses_scheduler.rb'
+    - 'db/migrate/20161203164520_add_from_account_id_to_notifications.rb'
+    - 'db/migrate/20170105224407_add_shortcode_to_media_attachments.rb'
+    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
+    - 'db/migrate/20170304202101_add_type_to_media_attachments.rb'
+    - 'db/migrate/20180528141303_fix_accounts_unique_index.rb'
+    - 'db/migrate/20180609104432_migrate_web_push_subscriptions2.rb'
+    - 'db/migrate/20181207011115_downcase_custom_emoji_domains.rb'
+    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
+    - 'db/migrate/20191007013357_update_pt_locales.rb'
+    - 'db/migrate/20220316233212_update_kurdish_locales.rb'
+    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
+    - 'db/post_migrate/20200917193528_migrate_notifications_type.rb'
+    - 'db/post_migrate/20201017234926_fill_account_suspension_origin.rb'
+    - 'db/post_migrate/20220617202502_migrate_roles.rb'
+    - 'db/post_migrate/20221101190723_backfill_admin_action_logs.rb'
+    - 'db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb'
+    - 'lib/mastodon/cli/accounts.rb'
+    - 'lib/mastodon/cli/main.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
+    - 'spec/lib/activitypub/activity/follow_spec.rb'
+    - 'spec/services/follow_service_spec.rb'
+    - 'spec/services/update_account_service_spec.rb'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/ThreeStateBooleanColumn:
+  Exclude:
+    - 'db/migrate/20160325130944_add_admin_to_users.rb'
+    - 'db/migrate/20161123093447_add_sensitive_to_statuses.rb'
+    - 'db/migrate/20170123203248_add_reject_media_to_domain_blocks.rb'
+    - 'db/migrate/20170127165745_add_devise_two_factor_to_users.rb'
+    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
+    - 'db/migrate/20170330163835_create_imports.rb'
+    - 'db/migrate/20170905165803_add_local_to_statuses.rb'
+    - 'db/migrate/20181203021853_add_discoverable_to_accounts.rb'
+    - 'db/migrate/20190509164208_add_by_moderator_to_tombstone.rb'
+    - 'db/migrate/20190805123746_add_capabilities_to_tags.rb'
+    - 'db/migrate/20191212163405_add_hide_collections_to_accounts.rb'
+    - 'db/migrate/20200309150742_add_forwarded_to_reports.rb'
+    - 'db/migrate/20210609202149_create_login_activities.rb'
+    - 'db/migrate/20210621221010_add_skip_sign_in_token_to_users.rb'
+    - 'db/migrate/20211031031021_create_preview_card_providers.rb'
+    - 'db/migrate/20211115032527_add_trendable_to_preview_cards.rb'
+    - 'db/migrate/20220202200743_add_trendable_to_accounts.rb'
+    - 'db/migrate/20220202200926_add_trendable_to_statuses.rb'
+    - 'db/migrate/20220303000827_add_ordered_media_attachment_ids_to_status_edits.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/UniqueValidationWithoutIndex:
+  Exclude:
+    - 'app/models/account_alias.rb'
+    - 'app/models/custom_filter_status.rb'
+    - 'app/models/identity.rb'
+    - 'app/models/webauthn_credential.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/UnusedIgnoredColumns:
+  Exclude:
+    - 'app/models/account.rb'
+    - 'app/models/account_stat.rb'
+    - 'app/models/admin/action_log.rb'
+    - 'app/models/custom_filter.rb'
+    - 'app/models/email_domain_block.rb'
+    - 'app/models/report.rb'
+    - 'app/models/status_edit.rb'
+    - 'app/models/user.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: exists, where
+Rails/WhereExists:
+  Exclude:
+    - 'app/controllers/activitypub/inboxes_controller.rb'
+    - 'app/controllers/admin/email_domain_blocks_controller.rb'
+    - 'app/controllers/auth/registrations_controller.rb'
+    - 'app/lib/activitypub/activity/create.rb'
+    - 'app/lib/delivery_failure_tracker.rb'
+    - 'app/lib/feed_manager.rb'
+    - 'app/lib/status_cache_hydrator.rb'
+    - 'app/lib/suspicious_sign_in_detector.rb'
+    - 'app/models/concerns/account_interactions.rb'
+    - 'app/models/featured_tag.rb'
+    - 'app/models/poll.rb'
+    - 'app/models/session_activation.rb'
+    - 'app/models/status.rb'
+    - 'app/models/user.rb'
+    - 'app/policies/status_policy.rb'
+    - 'app/serializers/rest/announcement_serializer.rb'
+    - 'app/serializers/rest/tag_serializer.rb'
+    - 'app/services/activitypub/fetch_remote_status_service.rb'
+    - 'app/services/app_sign_up_service.rb'
+    - 'app/services/vote_service.rb'
+    - 'app/validators/reaction_validator.rb'
+    - 'app/validators/vote_validator.rb'
+    - 'app/workers/move_worker.rb'
+    - 'db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb'
+    - 'lib/tasks/tests.rake'
+    - 'spec/models/account_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/services/purge_domain_service_spec.rb'
+    - 'spec/services/unallow_domain_service_spec.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowOnConstant, AllowOnSelfClass.
+Style/CaseEquality:
+  Exclude:
+    - 'config/initializers/trusted_proxies.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 # AllowedMethods: ==, equal?, eql?
 Style/ClassEqualityComparison:
@@ -39,23 +554,36 @@ Style/ClassEqualityComparison:
     - 'app/helpers/jsonld_helper.rb'
     - 'app/serializers/activitypub/outbox_serializer.rb'
 
+Style/ClassVars:
+  Exclude:
+    - 'config/initializers/devise.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/CombinableLoops:
+  Exclude:
+    - 'app/models/form/custom_emoji_batch.rb'
+    - 'app/models/form/ip_block_batch.rb'
+
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedVars.
 Style/FetchEnvVar:
   Exclude:
     - 'app/lib/redis_configuration.rb'
     - 'app/lib/translation_service.rb'
+    - 'config/environments/development.rb'
     - 'config/environments/production.rb'
     - 'config/initializers/2_limited_federation_mode.rb'
-    - 'config/initializers/3_omniauth.rb'
     - 'config/initializers/blacklists.rb'
     - 'config/initializers/cache_buster.rb'
+    - 'config/initializers/content_security_policy.rb'
     - 'config/initializers/devise.rb'
+    - 'config/initializers/omniauth.rb'
     - 'config/initializers/paperclip.rb'
     - 'config/initializers/vapid.rb'
+    - 'lib/mastodon/premailer_webpack_strategy.rb'
     - 'lib/mastodon/redis_config.rb'
     - 'lib/tasks/repo.rake'
-    - 'spec/system/profile_spec.rb'
+    - 'spec/features/profile_spec.rb'
 
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle, MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
@@ -63,12 +591,14 @@ Style/FetchEnvVar:
 # AllowedMethods: redirect
 Style/FormatStringToken:
   Exclude:
+    - 'app/models/privacy_policy.rb'
     - 'config/initializers/devise.rb'
     - 'lib/paperclip/color_extractor.rb'
 
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/GlobalStdStream:
   Exclude:
+    - 'config/boot.rb'
     - 'config/environments/development.rb'
     - 'config/environments/production.rb'
 
@@ -76,13 +606,17 @@ Style/GlobalStdStream:
 # Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
   Exclude:
+    - 'app/controllers/admin/confirmations_controller.rb'
+    - 'app/controllers/auth/confirmations_controller.rb'
+    - 'app/controllers/auth/passwords_controller.rb'
+    - 'app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb'
     - 'app/lib/activitypub/activity/block.rb'
     - 'app/lib/request.rb'
     - 'app/lib/request_pool.rb'
     - 'app/lib/webfinger.rb'
     - 'app/lib/webfinger_resource.rb'
-    - 'app/models/concerns/account/counters.rb'
-    - 'app/models/concerns/user/ldap_authenticable.rb'
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/concerns/ldap_authenticable.rb'
     - 'app/models/tag.rb'
     - 'app/models/user.rb'
     - 'app/services/fan_out_on_write_service.rb'
@@ -94,19 +628,59 @@ Style/GuardClause:
     - 'app/workers/redownload_media_worker.rb'
     - 'app/workers/remote_account_refresh_worker.rb'
     - 'config/initializers/devise.rb'
-    - 'lib/devise/strategies/two_factor_ldap_authenticatable.rb'
-    - 'lib/devise/strategies/two_factor_pam_authenticatable.rb'
+    - 'db/migrate/20170901141119_truncate_preview_cards.rb'
+    - 'db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb'
+    - 'lib/devise/two_factor_ldap_authenticatable.rb'
+    - 'lib/devise/two_factor_pam_authenticatable.rb'
     - 'lib/mastodon/cli/accounts.rb'
     - 'lib/mastodon/cli/maintenance.rb'
     - 'lib/mastodon/cli/media.rb'
+    - 'lib/paperclip/attachment_extensions.rb'
     - 'lib/tasks/repo.rake'
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: braces, no_braces
+Style/HashAsLastArrayItem:
+  Exclude:
+    - 'app/controllers/admin/statuses_controller.rb'
+    - 'app/controllers/api/v1/statuses_controller.rb'
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/concerns/status_threading_concern.rb'
+    - 'app/models/status.rb'
+    - 'app/services/batched_remove_status_service.rb'
+    - 'app/services/notify_service.rb'
+    - 'db/migrate/20181024224956_migrate_account_conversations.rb'
+
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/HashTransformValues:
   Exclude:
     - 'app/serializers/rest/web_push_subscription_serializer.rb'
     - 'app/services/import_service.rb'
 
+# This cop supports safe autocorrection (--autocorrect).
+Style/IfUnlessModifier:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/devise.rb'
+    - 'config/initializers/ffmpeg.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: InverseMethods, InverseBlocks.
+Style/InverseMethods:
+  Exclude:
+    - 'app/models/custom_filter.rb'
+    - 'app/services/update_account_service.rb'
+    - 'spec/controllers/activitypub/replies_controller_spec.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: line_count_dependent, lambda, literal
+Style/Lambda:
+  Exclude:
+    - 'config/initializers/simple_form.rb'
+    - 'config/routes.rb'
+
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/MapToHash:
   Exclude:
@@ -141,6 +715,13 @@ Style/OptionalBooleanParameter:
     - 'app/workers/unfollow_follow_worker.rb'
     - 'lib/mastodon/redis_config.rb'
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: PreferredDelimiters.
+Style/PercentLiteralDelimiters:
+  Exclude:
+    - 'config/deploy.rb'
+    - 'config/initializers/doorkeeper.rb'
+
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: short, verbose
@@ -154,16 +735,112 @@ Style/RedundantConstantBase:
     - 'config/environments/production.rb'
     - 'config/initializers/sidekiq.rb'
 
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: SafeForConstants.
+Style/RedundantFetchBlock:
+  Exclude:
+    - 'config/initializers/1_hosts.rb'
+    - 'config/initializers/chewy.rb'
+    - 'config/initializers/devise.rb'
+    - 'config/initializers/paperclip.rb'
+    - 'config/puma.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleReturnValues.
+Style/RedundantReturn:
+  Exclude:
+    - 'app/controllers/api/v1/directories_controller.rb'
+    - 'app/controllers/auth/confirmations_controller.rb'
+    - 'app/lib/ostatus/tag_manager.rb'
+    - 'app/models/form/import.rb'
+
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
 # AllowedMethods: present?, blank?, presence, try, try!
 Style/SafeNavigation:
   Exclude:
-    - 'app/models/concerns/account/finder_concern.rb'
+    - 'app/models/concerns/account_finder_concern.rb'
+    - 'app/models/status.rb'
 
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: WordRegex.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: only_raise, only_fail, semantic
+Style/SignalException:
+  Exclude:
+    - 'lib/devise/two_factor_ldap_authenticatable.rb'
+    - 'lib/devise/two_factor_pam_authenticatable.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/SingleArgumentDig:
+  Exclude:
+    - 'lib/webpacker/manifest_extensions.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_parentheses, require_no_parentheses
+Style/StabbyLambdaParentheses:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/content_security_policy.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/StderrPuts:
+  Exclude:
+    - 'config/boot.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Mode.
+Style/StringConcatenation:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
+# SupportedStyles: single_quotes, double_quotes
+Style/StringLiterals:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/backtrace_silencers.rb'
+    - 'config/initializers/http_client_proxy.rb'
+    - 'config/initializers/rack_attack.rb'
+    - 'config/initializers/webauthn.rb'
+    - 'config/routes.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowMethodsWithArguments, AllowedMethods, AllowedPatterns, AllowComments.
+# AllowedMethods: define_method, mail, respond_to
+Style/SymbolProc:
+  Exclude:
+    - 'config/initializers/omniauth.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, AllowSafeAssignment.
+# SupportedStyles: require_parentheses, require_no_parentheses, require_parentheses_when_complex
+Style/TernaryParentheses:
+  Exclude:
+    - 'config/environments/development.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInArguments:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInHashLiteral:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/environments/test.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, MinSize, WordRegex.
 # SupportedStyles: percent, brackets
 Style/WordArray:
-  EnforcedStyle: percent
-  MinSize: 3
+  Exclude:
+    - 'app/helpers/languages_helper.rb'
+    - 'config/initializers/cors.rb'
+    - 'spec/controllers/settings/imports_controller_spec.rb'
+    - 'spec/models/form/import_spec.rb'

.ruby-version

@@ -1 +1 @@
-3.3.3
+3.2.2

.watchmanconfig

@@ -1,3 +0,0 @@
-{
-  "ignore_dirs": ["node_modules/", "public/"]
-}

.yarn/patches/babel-plugin-lodash-npm-3.3.4-c7161075b6.patch

@@ -1,13 +0,0 @@
-diff --git a/lib/index.js b/lib/index.js
-index 16ed6be8be8f555cc99096c2ff60954b42dc313d..d009c069770d066ad0db7ad02de1ea473a29334e 100644
---- a/lib/index.js
-+++ b/lib/index.js
-@@ -99,7 +99,7 @@ function lodash(_ref) {
- 
-         var node = _ref3;
- 
--        if ((0, _types.isModuleDeclaration)(node)) {
-+        if ((0, _types.isImportDeclaration)(node)  || (0, _types.isExportDeclaration)(node)) {
-           isModule = true;
-           break;
-         }

.yarnclean

@@ -0,0 +1,49 @@
+# test directories
+__tests__
+test
+tests
+powered-test
+
+# asset directories
+docs
+doc
+website
+images
+# assets
+
+# examples
+example
+examples
+
+# code coverage directories
+coverage
+.nyc_output
+
+# build scripts
+Makefile
+Gulpfile.js
+Gruntfile.js
+
+# configs
+.tern-project
+.gitattributes
+.editorconfig
+.*ignore
+.eslintrc
+.jshintrc
+.flowconfig
+.documentup.json
+.yarn-metadata.json
+.*.yml
+*.yml
+
+# misc
+*.gz
+*.md
+
+# for specific ignore
+!.svgo.yml
+!sass-lint/**/*.yml
+
+# breaks lint-staged or generally anything using https://github.com/eemeli/yaml/issues/384
+!**/yaml/dist/**/doc

.yarnrc.yml

@@ -1 +0,0 @@
-nodeLinker: node-modules

CONTRIBUTING.md

@@ -11,10 +11,6 @@ You can contribute in the following ways:
 
 If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
 
-## API Changes and Additions
-
-Please note that any changes or additions made to the API should have an accompanying pull request on [our documentation repository](https://github.com/mastodon/documentation).
-
 ## Bug reports
 
 Bug reports and feature suggestions must use descriptive and concise titles and be submitted to [GitHub Issues](https://github.com/mastodon/mastodon/issues). Please use the search function to make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected.

Capfile

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'capistrano/setup'
+require 'capistrano/deploy'
+require 'capistrano/scm/git'
+
+install_plugin Capistrano::SCM::Git
+
+require 'capistrano/rbenv'
+require 'capistrano/bundler'
+require 'capistrano/yarn'
+require 'capistrano/rails/assets'
+require 'capistrano/rails/migrations'
+
+Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r }

Dockerfile

@@ -1,327 +1,104 @@
-# syntax=docker/dockerfile:1.7
+# syntax=docker/dockerfile:1.4
+# This needs to be bullseye-slim because the Ruby image is built on bullseye-slim
+ARG NODE_VERSION="16.20-bullseye-slim"
 
-# This file is designed for production server deployment, not local development work
-# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/README.md#docker
+FROM ghcr.io/moritzheiber/ruby-jemalloc:3.2.2-slim as ruby
+FROM node:${NODE_VERSION} as build
 
-# Please see https://docs.docker.com/engine/reference/builder for information about
-# the extended buildx capabilities used in this file.
-# Make sure multiarch TARGETPLATFORM is available for interpolation
-# See: https://docs.docker.com/build/building/multi-platform/
-ARG TARGETPLATFORM=${TARGETPLATFORM}
-ARG BUILDPLATFORM=${BUILDPLATFORM}
+COPY --link --from=ruby /opt/ruby /opt/ruby
 
-# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.3.x"]
-# renovate: datasource=docker depName=docker.io/ruby
-ARG RUBY_VERSION="3.3.3"
-# # Node version to use in base image, change with [--build-arg NODE_MAJOR_VERSION="20"]
-# renovate: datasource=node-version depName=node
-ARG NODE_MAJOR_VERSION="20"
-# Debian image to use for base image, change with [--build-arg DEBIAN_VERSION="bookworm"]
-ARG DEBIAN_VERSION="bookworm"
-# Node image to use for base image based on combined variables (ex: 20-bookworm-slim)
-FROM docker.io/node:${NODE_MAJOR_VERSION}-${DEBIAN_VERSION}-slim as node
-# Ruby image to use for base image based on combined variables (ex: 3.3.x-slim-bookworm)
-FROM docker.io/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} as ruby
+ENV DEBIAN_FRONTEND="noninteractive" \
+    PATH="${PATH}:/opt/ruby/bin"
 
-# Resulting version string is vX.X.X-MASTODON_VERSION_PRERELEASE+MASTODON_VERSION_METADATA
-# Example: v4.2.0-nightly.2023.11.09+something
-# Overwrite existence of 'alpha.0' in version.rb [--build-arg MASTODON_VERSION_PRERELEASE="nightly.2023.11.09"]
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+WORKDIR /opt/mastodon
+COPY Gemfile* package.json yarn.lock /opt/mastodon/
+
+# hadolint ignore=DL3008
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends build-essential \
+        git \
+        libicu-dev \
+        libidn11-dev \
+        libpq-dev \
+        libjemalloc-dev \
+        zlib1g-dev \
+        libgdbm-dev \
+        libgmp-dev \
+        libssl-dev \
+        libyaml-0-2 \
+        ca-certificates \
+        libreadline8 \
+        python3 \
+        shared-mime-info && \
+    bundle config set --local deployment 'true' && \
+    bundle config set --local without 'development test' && \
+    bundle config set silence_root_warning true && \
+    bundle install -j"$(nproc)" && \
+    yarn install --pure-lockfile --production --network-timeout 600000 && \
+    yarn cache clean
+
+FROM node:${NODE_VERSION}
+
+# Use those args to specify your own version flags & suffixes
 ARG MASTODON_VERSION_PRERELEASE=""
-# Append build metadata or fork information to version.rb [--build-arg MASTODON_VERSION_METADATA="pr-12345"]
 ARG MASTODON_VERSION_METADATA=""
 
-# Allow Ruby on Rails to serve static files
-# See: https://docs.joinmastodon.org/admin/config/#rails_serve_static_files
-ARG RAILS_SERVE_STATIC_FILES="true"
-# Allow to use YJIT compiler
-# See: https://github.com/ruby/ruby/blob/v3_2_4/doc/yjit/yjit.md
-ARG RUBY_YJIT_ENABLE="1"
-# Timezone used by the Docker container and runtime, change with [--build-arg TZ=Europe/Berlin]
-ARG TZ="Etc/UTC"
-# Linux UID (user id) for the mastodon user, change with [--build-arg UID=1234]
 ARG UID="991"
-# Linux GID (group id) for the mastodon user, change with [--build-arg GID=1234]
 ARG GID="991"
 
-# Apply Mastodon build options based on options above
-ENV \
-# Apply Mastodon version information
-  MASTODON_VERSION_PRERELEASE="${MASTODON_VERSION_PRERELEASE}" \
-  MASTODON_VERSION_METADATA="${MASTODON_VERSION_METADATA}" \
-# Apply Mastodon static files and YJIT options
-  RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES} \
-  RUBY_YJIT_ENABLE=${RUBY_YJIT_ENABLE} \
-# Apply timezone
-  TZ=${TZ}
+COPY --link --from=ruby /opt/ruby /opt/ruby
 
-ENV \
-# Configure the IP to bind Mastodon to when serving traffic
-  BIND="0.0.0.0" \
-# Use production settings for Yarn, Node and related nodejs based tools
-  NODE_ENV="production" \
-# Use production settings for Ruby on Rails
-  RAILS_ENV="production" \
-# Add Ruby and Mastodon installation to the PATH
-  DEBIAN_FRONTEND="noninteractive" \
-  PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin" \
-# Optimize jemalloc 5.x performance
-  MALLOC_CONF="narenas:2,background_thread:true,thp:never,dirty_decay_ms:1000,muzzy_decay_ms:0" \
-# Enable libvips, should not be changed
-  MASTODON_USE_LIBVIPS=true
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# Set default shell used for running commands
-SHELL ["/bin/bash", "-o", "pipefail", "-o", "errexit", "-c"]
+ENV DEBIAN_FRONTEND="noninteractive" \
+    PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin"
 
-ARG TARGETPLATFORM
+# Ignoring these here since we don't want to pin any versions and the Debian image removes apt-get content after use
+# hadolint ignore=DL3008,DL3009
+RUN apt-get update && \
+    echo "Etc/UTC" > /etc/localtime && \
+    groupadd -g "${GID}" mastodon && \
+    useradd -l -u "$UID" -g "${GID}" -m -d /opt/mastodon mastodon && \
+    apt-get -y --no-install-recommends install whois \
+        wget \
+        procps \
+        libssl1.1 \
+        libpq5 \
+        imagemagick \
+        ffmpeg \
+        libjemalloc2 \
+        libicu67 \
+        libidn11 \
+        libyaml-0-2 \
+        file \
+        ca-certificates \
+        tzdata \
+        libreadline8 \
+        tini && \
+    ln -s /opt/mastodon /mastodon
 
-RUN echo "Target platform is $TARGETPLATFORM"
+# Note: no, cleaning here since Debian does this automatically
+# See the file /etc/apt/apt.conf.d/docker-clean within the Docker image's filesystem
 
-RUN \
-# Remove automatic apt cache Docker cleanup scripts
-  rm -f /etc/apt/apt.conf.d/docker-clean; \
-# Sets timezone
-  echo "${TZ}" > /etc/localtime; \
-# Creates mastodon user/group and sets home directory
-  groupadd -g "${GID}" mastodon; \
-  useradd -l -u "${UID}" -g "${GID}" -m -d /opt/mastodon mastodon; \
-# Creates /mastodon symlink to /opt/mastodon
-  ln -s /opt/mastodon /mastodon;
+COPY --chown=mastodon:mastodon . /opt/mastodon
+COPY --chown=mastodon:mastodon --from=build /opt/mastodon /opt/mastodon
 
-# Set /opt/mastodon as working directory
+ENV RAILS_ENV="production" \
+    NODE_ENV="production" \
+    RAILS_SERVE_STATIC_FILES="true" \
+    BIND="0.0.0.0" \
+    MASTODON_VERSION_PRERELEASE="${MASTODON_VERSION_PRERELEASE}" \
+    MASTODON_VERSION_METADATA="${MASTODON_VERSION_METADATA}"
+
+# Set the run user
+USER mastodon
 WORKDIR /opt/mastodon
 
-# hadolint ignore=DL3008,DL3005
-RUN \
-# Mount Apt cache and lib directories from Docker buildx caches
---mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
---mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-# Apt update & upgrade to check for security updates to Debian image
-  apt-get update; \
-  apt-get dist-upgrade -yq; \
-# Install jemalloc, curl and other necessary components
-  apt-get install -y --no-install-recommends \
-    ca-certificates \
-    curl \
-    ffmpeg \
-    file \
-    libjemalloc2 \
-    patchelf \
-    procps \
-    tini \
-    tzdata \
-    wget \
-  ; \
-# Patch Ruby to use jemalloc
-  patchelf --add-needed libjemalloc.so.2 /usr/local/bin/ruby; \
-# Discard patchelf after use
-  apt-get purge -y \
-    patchelf \
-  ;
+# Precompile assets
+RUN OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile
 
-# Create temporary build layer from base image
-FROM ruby as build
-
-# Copy Node package configuration files into working directory
-COPY package.json yarn.lock .yarnrc.yml /opt/mastodon/
-COPY .yarn /opt/mastodon/.yarn
-
-COPY --from=node /usr/local/bin /usr/local/bin
-COPY --from=node /usr/local/lib /usr/local/lib
-
-ARG TARGETPLATFORM
-
-# hadolint ignore=DL3008
-RUN \
-# Mount Apt cache and lib directories from Docker buildx caches
---mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
---mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-# Install build tools and bundler dependencies from APT
-  apt-get install -y --no-install-recommends \
-    build-essential \
-    git \
-    libgdbm-dev \
-    libglib2.0-dev \
-    libgmp-dev \
-    libicu-dev \
-    libidn-dev \
-    libpq-dev \
-    libssl-dev \
-    meson \
-    pkg-config \
-    shared-mime-info \
-	# libvips components
-    libcgif-dev \
-    libexif-dev \
-    libexpat1-dev \
-    libgirepository1.0-dev \
-    libheif-dev \
-    libimagequant-dev \
-    libjpeg62-turbo-dev \
-    liblcms2-dev \
-    liborc-dev \
-    libspng-dev \
-    libtiff-dev \
-    libwebp-dev \
-  ;
-
-RUN \
-# Configure Corepack
-  rm /usr/local/bin/yarn*; \
-  corepack enable; \
-  corepack prepare --activate;
-
-# Create temporary libvips specific build layer from build layer
-FROM build as libvips
-
-# libvips version to compile, change with [--build-arg VIPS_VERSION="8.15.2"]
-# renovate: datasource=github-releases depName=libvips packageName=libvips/libvips
-ARG VIPS_VERSION=8.15.2
-# libvips download URL, change with [--build-arg VIPS_URL="https://github.com/libvips/libvips/releases/download"]
-ARG VIPS_URL=https://github.com/libvips/libvips/releases/download
-
-WORKDIR /usr/local/libvips/src
-
-RUN \
-  curl -sSL -o vips-${VIPS_VERSION}.tar.xz ${VIPS_URL}/v${VIPS_VERSION}/vips-${VIPS_VERSION}.tar.xz; \
-  tar xf vips-${VIPS_VERSION}.tar.xz; \
-  cd vips-${VIPS_VERSION}; \
-  meson setup build --prefix /usr/local/libvips --libdir=lib -Ddeprecated=false -Dintrospection=disabled -Dmodules=disabled -Dexamples=false; \
-  cd build; \
-  ninja; \
-  ninja install;
-
-# Create temporary bundler specific build layer from build layer
-FROM build as bundler
-
-ARG TARGETPLATFORM
-
-# Copy Gemfile config into working directory
-COPY Gemfile* /opt/mastodon/
-
-RUN \
-# Mount Ruby Gem caches
---mount=type=cache,id=gem-cache-${TARGETPLATFORM},target=/usr/local/bundle/cache/,sharing=locked \
-# Configure bundle to prevent changes to Gemfile and Gemfile.lock
-  bundle config set --global frozen "true"; \
-# Configure bundle to not cache downloaded Gems
-  bundle config set --global cache_all "false"; \
-# Configure bundle to only process production Gems
-  bundle config set --local without "development test"; \
-# Configure bundle to not warn about root user
-  bundle config set silence_root_warning "true"; \
-# Download and install required Gems
-  bundle install -j"$(nproc)";
-
-# Create temporary node specific build layer from build layer
-FROM build as yarn
-
-ARG TARGETPLATFORM
-
-# Copy Node package configuration files into working directory
-COPY package.json yarn.lock .yarnrc.yml /opt/mastodon/
-COPY streaming/package.json /opt/mastodon/streaming/
-COPY .yarn /opt/mastodon/.yarn
-
-# hadolint ignore=DL3008
-RUN \
---mount=type=cache,id=corepack-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/corepack,sharing=locked \
---mount=type=cache,id=yarn-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/yarn,sharing=locked \
-# Install Node packages
-  yarn workspaces focus --production @mastodon/mastodon;
-
-# Create temporary assets build layer from build layer
-FROM build as precompiler
-
-# Copy Mastodon sources into precompiler layer
-COPY . /opt/mastodon/
-
-# Copy bundler and node packages from build layer to container
-COPY --from=yarn /opt/mastodon /opt/mastodon/
-COPY --from=bundler /opt/mastodon /opt/mastodon/
-COPY --from=bundler /usr/local/bundle/ /usr/local/bundle/
-# Copy libvips components to layer for precompiler
-COPY --from=libvips /usr/local/libvips/bin /usr/local/bin
-COPY --from=libvips /usr/local/libvips/lib /usr/local/lib
-
-ARG TARGETPLATFORM
-
-RUN \
-  ldconfig; \
-# Use Ruby on Rails to create Mastodon assets
-  SECRET_KEY_BASE_DUMMY=1 \
-  bundle exec rails assets:precompile; \
-# Cleanup temporary files
-  rm -fr /opt/mastodon/tmp;
-
-# Prep final Mastodon Ruby layer
-FROM ruby as mastodon
-
-ARG TARGETPLATFORM
-
-# hadolint ignore=DL3008
-RUN \
-# Mount Apt cache and lib directories from Docker buildx caches
---mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
---mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-# Mount Corepack and Yarn caches from Docker buildx caches
---mount=type=cache,id=corepack-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/corepack,sharing=locked \
---mount=type=cache,id=yarn-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/yarn,sharing=locked \
-# Apt update install non-dev versions of necessary components
-  apt-get install -y --no-install-recommends \
-    libexpat1 \
-    libglib2.0-0 \
-    libicu72 \
-    libidn12 \
-    libpq5 \
-    libreadline8 \
-    libssl3 \
-    libyaml-0-2 \
-  # libvips components
-    libcgif0 \
-    libexif12 \
-    libheif1 \
-    libimagequant0 \
-    libjpeg62-turbo \
-    liblcms2-2 \
-    liborc-0.4-0 \
-    libspng0 \
-    libtiff6 \
-    libwebp7 \
-    libwebpdemux2 \
-    libwebpmux3 \
-  ;
-
-# Copy Mastodon sources into final layer
-COPY . /opt/mastodon/
-
-# Copy compiled assets to layer
-COPY --from=precompiler /opt/mastodon/public/packs /opt/mastodon/public/packs
-COPY --from=precompiler /opt/mastodon/public/assets /opt/mastodon/public/assets
-# Copy bundler components to layer
-COPY --from=bundler /usr/local/bundle/ /usr/local/bundle/
-# Copy libvips components to layer
-COPY --from=libvips /usr/local/libvips/bin /usr/local/bin
-COPY --from=libvips /usr/local/libvips/lib /usr/local/lib
-
-RUN \
-  ldconfig; \
-# Smoketest media processors
-  vips -v;
-
-RUN \
-  # Precompile bootsnap code for faster Rails startup
-  bundle exec bootsnap precompile --gemfile app/ lib/;
-
-RUN \
-# Pre-create and chown system volume to Mastodon user
-  mkdir -p /opt/mastodon/public/system; \
-  chown mastodon:mastodon /opt/mastodon/public/system; \
-# Set Mastodon user as owner of tmp folder
-  chown -R mastodon:mastodon /opt/mastodon/tmp;
-
-# Set the running user for resulting container
-USER mastodon
-# Expose default Puma ports
-EXPOSE 3000
-# Set container tini as default entry point
+# Set the work dir and the container entry point
 ENTRYPOINT ["/usr/bin/tini", "--"]
+EXPOSE 3000 4000

FEDERATION.md

@@ -1,35 +1,19 @@
-# Federation
-
-## Supported federation protocols and standards
-
-- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)
-- [WebFinger](https://webfinger.net/)
-- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
-- [NodeInfo](https://nodeinfo.diaspora.software/)
-
-## Supported FEPs
-
-- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
-- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
-- [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)
-- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)
-
-## ActivityPub in Mastodon
+## ActivityPub federation in Mastodon
 
 Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.
 
-- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/)
+Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/
 
 ### Required extensions
 
-#### WebFinger
+#### Webfinger
 
 In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
 This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.
 
 As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.
 
-- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/)
+More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/
 
 #### HTTP Signatures
 
@@ -37,13 +21,10 @@ In order to authenticate activities, Mastodon relies on HTTP Signatures, signing
 
 Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.
 
-- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http)
+More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http
 
 ### Optional extensions
 
-- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld)
-- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/)
-
-### Additional documentation
-
-- [Mastodon documentation](https://docs.joinmastodon.org/)
+- Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
+- Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
+- Followers collection synchronization: https://git.activitypub.dev/ActivityPubDev/Fediverse-Enhancement-Proposals/src/branch/main/feps/fep-8fcf.md

Gemfile

@@ -1,38 +1,34 @@
 # frozen_string_literal: true
 
 source 'https://rubygems.org'
-ruby '>= 3.1.0'
+ruby '>= 3.0.0'
 
-gem 'propshaft'
 gem 'puma', '~> 6.3'
-gem 'rack', '~> 2.2.7'
-gem 'rails', '~> 7.1.1'
+gem 'rails', '~> 7.0'
+gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
+gem 'rack', '~> 2.2.7'
 
-# For why irb is in the Gemfile, see: https://ruby.social/@st0012/111444685161478182
-gem 'irb', '~> 1.8'
-
-gem 'dotenv'
 gem 'haml-rails', '~>2.0'
 gem 'pg', '~> 1.5'
 gem 'pghero'
+gem 'dotenv-rails', '~> 2.8'
 
 gem 'aws-sdk-s3', '~> 1.123', require: false
-gem 'blurhash', '~> 0.1'
 gem 'fog-core', '<= 2.4.0'
-gem 'fog-openstack', '~> 1.0', require: false
+gem 'fog-openstack', '~> 0.3', require: false
 gem 'kt-paperclip', '~> 7.2'
 gem 'md-paperclip-azure', '~> 2.2', require: false
-gem 'ruby-vips', '~> 2.2', require: false
+gem 'blurhash', '~> 0.1'
 
 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
-gem 'bootsnap', '~> 1.18.0', require: false
+gem 'bootsnap', '~> 1.16.0', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
 gem 'chewy', '~> 7.3'
 gem 'devise', '~> 4.9'
-gem 'devise-two-factor'
+gem 'devise-two-factor', '~> 4.1'
 
 group :pam_authentication, optional: true do
   gem 'devise_pam_authenticatable2', '~> 9.2'
@@ -40,63 +36,65 @@ end
 
 gem 'net-ldap', '~> 0.18'
 
-gem 'omniauth', '~> 2.0'
-gem 'omniauth-cas', '~> 3.0.0.beta.1'
-gem 'omniauth_openid_connect', '~> 0.6.1'
-gem 'omniauth-rails_csrf_protection', '~> 1.0'
+# TODO: Point back at released omniauth-cas gem when PR merged
+# https://github.com/dlindahl/omniauth-cas/pull/68
+gem 'omniauth-cas', github: 'stanhu/omniauth-cas', ref: '4211e6d05941b4a981f9a36b49ec166cecd0e271'
 gem 'omniauth-saml', '~> 2.0'
+gem 'omniauth_openid_connect', '~> 0.6.1'
+gem 'omniauth', '~> 2.0'
+gem 'omniauth-rails_csrf_protection', '~> 1.0'
 
 gem 'color_diff', '~> 0.1'
-gem 'csv', '~> 3.2'
 gem 'discard', '~> 1.2'
 gem 'doorkeeper', '~> 5.6'
 gem 'ed25519', '~> 1.3'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
 gem 'hiredis', '~> 0.6'
+gem 'redis-namespace', '~> 1.10'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 5.2.0'
+gem 'http', '~> 5.1'
 gem 'http_accept_language', '~> 2.1'
-gem 'httplog', '~> 1.7.0'
-gem 'i18n'
+gem 'httplog', '~> 1.6.2'
 gem 'idn-ruby', require: 'idn'
-gem 'inline_svg'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
-gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'mime-types', '~> 3.5.0', require: 'mime/types/columnar'
 gem 'nokogiri', '~> 1.15'
-gem 'nsa'
+gem 'nsa', github: 'jhawthorn/nsa', ref: 'e020fcc3a54d993ab45b7194d89ab720296c111b'
 gem 'oj', '~> 3.14'
 gem 'ox', '~> 2.14'
 gem 'parslet'
-gem 'premailer-rails'
+gem 'posix-spawn'
 gem 'public_suffix', '~> 5.0'
 gem 'pundit', '~> 2.3'
+gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
 gem 'rack-cors', '~> 2.0', require: 'rack/cors'
 gem 'rails-i18n', '~> 7.0'
+gem 'rails-settings-cached', '~> 0.6', git: 'https://github.com/mastodon/rails-settings-cached.git', branch: 'v0.6.6-aliases-true'
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
-gem 'redis-namespace', '~> 1.10'
+gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
 gem 'rqrcode', '~> 2.2'
 gem 'ruby-progressbar', '~> 1.13'
 gem 'sanitize', '~> 6.0'
 gem 'scenic', '~> 1.7'
 gem 'sidekiq', '~> 6.5'
-gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'sidekiq-scheduler', '~> 5.0'
 gem 'sidekiq-unique-jobs', '~> 7.1'
-gem 'simple_form', '~> 5.2'
+gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'simple-navigation', '~> 4.4'
-gem 'stoplight', '~> 4.1'
-gem 'strong_migrations', '1.8.0'
+gem 'simple_form', '~> 5.2'
+gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
+gem 'stoplight', '~> 3.0.1'
+gem 'strong_migrations', '~> 0.8'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2023'
-gem 'webauthn', '~> 3.0'
 gem 'webpacker', '~> 5.4'
 gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
+gem 'webauthn', '~> 3.0'
 
 gem 'json-ld'
 gem 'json-ld-preloaded', '~> 3.2'
@@ -104,38 +102,15 @@ gem 'rdf-normalize', '~> 0.5'
 
 gem 'private_address_check', '~> 0.5'
 
-gem 'opentelemetry-api', '~> 1.2.5'
-
-group :opentelemetry do
-  gem 'opentelemetry-exporter-otlp', '~> 0.27.0', require: false
-  gem 'opentelemetry-instrumentation-active_job', '~> 0.7.1', require: false
-  gem 'opentelemetry-instrumentation-active_model_serializers', '~> 0.20.1', require: false
-  gem 'opentelemetry-instrumentation-concurrent_ruby', '~> 0.21.2', require: false
-  gem 'opentelemetry-instrumentation-excon', '~> 0.22.0', require: false
-  gem 'opentelemetry-instrumentation-faraday', '~> 0.24.1', require: false
-  gem 'opentelemetry-instrumentation-http', '~> 0.23.2', require: false
-  gem 'opentelemetry-instrumentation-http_client', '~> 0.22.3', require: false
-  gem 'opentelemetry-instrumentation-net_http', '~> 0.22.4', require: false
-  gem 'opentelemetry-instrumentation-pg', '~> 0.27.1', require: false
-  gem 'opentelemetry-instrumentation-rack', '~> 0.24.1', require: false
-  gem 'opentelemetry-instrumentation-rails', '~> 0.30.0', require: false
-  gem 'opentelemetry-instrumentation-redis', '~> 0.25.3', require: false
-  gem 'opentelemetry-instrumentation-sidekiq', '~> 0.25.2', require: false
-  gem 'opentelemetry-sdk', '~> 1.4', require: false
-end
-
 group :test do
-  # Adds RSpec Error/Warning annotations to GitHub PRs on the Files tab
-  gem 'rspec-github', '~> 2.4', require: false
+  # Used to split testing into chunks in CI
+  gem 'rspec_chunked', '~> 0.6'
 
   # RSpec progress bar formatter
   gem 'fuubar', '~> 2.5'
 
-  # RSpec helpers for email specs
-  gem 'email_spec'
-
-  # Extra RSpec extension methods and helpers for sidekiq
-  gem 'rspec-sidekiq', '~> 5.0'
+  # Extra RSpec extenion methods and helpers for sidekiq
+  gem 'rspec-sidekiq', '~> 4.0'
 
   # Browser integration testing
   gem 'capybara', '~> 3.39'
@@ -145,7 +120,13 @@ group :test do
   gem 'database_cleaner-active_record'
 
   # Used to mock environment variables
-  gem 'climate_control'
+  gem 'climate_control', '~> 0.2'
+
+  # Generating fake data for specs
+  gem 'faker', '~> 3.2'
+
+  # Generate test objects for specs
+  gem 'fabrication', '~> 2.30'
 
   # Add back helpers functions removed in Rails 5.1
   gem 'rails-controller-testing', '~> 1.0'
@@ -158,7 +139,6 @@ group :test do
 
   # Coverage formatter for RSpec test if DISABLE_SIMPLECOV is false
   gem 'simplecov', '~> 0.22', require: false
-  gem 'simplecov-lcov', '~> 0.8', require: false
 
   # Stub web requests for specs
   gem 'webmock', '~> 3.18'
@@ -171,7 +151,6 @@ group :development do
   gem 'rubocop-performance', require: false
   gem 'rubocop-rails', require: false
   gem 'rubocop-rspec', require: false
-  gem 'rubocop-rspec_rails', require: false
 
   # Annotates modules with schema
   gem 'annotate', '~> 3.2'
@@ -182,7 +161,7 @@ group :development do
 
   # Preview mail in the browser
   gem 'letter_opener', '~> 1.8'
-  gem 'letter_opener_web', '~> 3.0'
+  gem 'letter_opener_web', '~> 2.0'
 
   # Security analysis CLI tools
   gem 'brakeman', '~> 6.0', require: false
@@ -191,20 +170,17 @@ group :development do
   # Linter CLI for HAML files
   gem 'haml_lint', require: false
 
+  # Deployment automation
+  gem 'capistrano', '~> 3.17'
+  gem 'capistrano-rails', '~> 1.6'
+  gem 'capistrano-rbenv', '~> 2.2'
+  gem 'capistrano-yarn', '~> 2.0'
+
   # Validate missing i18n keys
   gem 'i18n-tasks', '~> 1.0', require: false
 end
 
 group :development, :test do
-  # Interactive Debugging tools
-  gem 'debug', '~> 1.8'
-
-  # Generate fake data values
-  gem 'faker', '~> 3.2'
-
-  # Generate factory objects
-  gem 'fabrication', '~> 2.30'
-
   # Profiling tools
   gem 'memory_profiler', require: false
   gem 'ruby-prof', require: false
@@ -219,14 +195,12 @@ group :production do
   gem 'lograge', '~> 0.12'
 end
 
-gem 'cocoon', '~> 1.2'
 gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
 gem 'xorcist', '~> 1.1'
+gem 'cocoon', '~> 1.2'
 
-gem 'net-http', '~> 0.4.0'
+gem 'net-http', '~> 0.3.2'
 gem 'rubyzip', '~> 2.3'
 
 gem 'hcaptcha', '~> 7.1'
-
-gem 'mail', '~> 2.8'

Procfile.dev

@@ -1,4 +1,4 @@
 web: env PORT=3000 RAILS_ENV=development bundle exec puma -C config/puma.rb
 sidekiq: env PORT=3000 RAILS_ENV=development bundle exec sidekiq
-stream: env PORT=4000 yarn workspace @mastodon/streaming start
+stream: env PORT=4000 yarn run start
 webpack: bin/webpack-dev-server

README.md

@@ -62,17 +62,17 @@ Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Stre
 ### Tech stack
 
 - **Ruby on Rails** powers the REST API and other web pages
-- **React.js** and **Redux** are used for the dynamic parts of the interface
+- **React.js** and Redux are used for the dynamic parts of the interface
 - **Node.js** powers the streaming API
 
 ### Requirements
 
-- **PostgreSQL** 12+
+- **PostgreSQL** 9.5+
 - **Redis** 4+
-- **Ruby** 3.1+
-- **Node.js** 18+
+- **Ruby** 2.7+
+- **Node.js** 14+
 
-The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, and **Scalingo**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
+The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
 
 ## Development
 
@@ -83,54 +83,44 @@ A **Vagrant** configuration is included for development purposes. To use it, com
 - Install Vagrant and Virtualbox
 - Install the `vagrant-hostsupdater` plugin: `vagrant plugin install vagrant-hostsupdater`
 - Run `vagrant up`
-- Run `vagrant ssh -c "cd /vagrant && bin/dev"`
+- Run `vagrant ssh -c "cd /vagrant && foreman start"`
 - Open `http://mastodon.local` in your browser
 
-### macOS
+### MacOS
 
-To set up **macOS** for native development, complete the following steps:
+To set up **MacOS** for native development, complete the following steps:
 
-- Install [Homebrew] and run `brew install postgresql@14 redis imagemagick
-libidn nvm` to install the required project dependencies
-- Use a Ruby version manager to activate the ruby in `.ruby-version` and run
-  `nvm use` to activate the node version from `.nvmrc`
-- Run the `bin/setup` script, which will install the required ruby gems and node
-  packages and prepare the database for local development
-- Finally, run the `bin/dev` script which will launch services via `overmind`
-  (if installed) or `foreman`
+- Install the latest stable Ruby version (use a Ruby version manager for easy installation and management of Ruby versions)
+- Run `brew install postgresql@14`
+- Run `brew install redis`
+- Run `brew install imagemagick`
+- Install Foreman or a similar tool (such as [overmind](https://github.com/DarthSim/overmind)) to handle multiple process launching.
+- Navigate to Mastodon's root directory and run `brew install nvm` then `nvm use` to use the version from .nvmrc
+- Run `corepack enable && yarn set version classic`
+- Run `bundle exec rails db:setup` (optionally prepend `RAILS_ENV=development` to target the dev environment)
+- Finally, run `overmind start -f Procfile.dev`
 
 ### Docker
 
-For production hosting and deployment with **Docker**, use the `Dockerfile` and
-`docker-compose.yml` in the project root directory.
+For development with **Docker**, complete the following steps:
 
-For local development, install and launch [Docker], and run:
+- Install Docker Desktop
+- Run `docker compose -f .devcontainer/docker-compose.yml up -d`
+- Run `docker compose -f .devcontainer/docker-compose.yml exec app .devcontainer/post-create.sh`
+- Finally, run `docker compose -f .devcontainer/docker-compose.yml exec app foreman start -f Procfile.dev`
 
-```shell
-docker compose -f .devcontainer/compose.yaml up -d
-docker compose -f .devcontainer/compose.yaml exec app bin/setup
-docker compose -f .devcontainer/compose.yaml exec app bin/dev
-```
-
-### Dev Containers
-
-Within IDEs that support the [Development Containers] specification, start the
-"Mastodon on local machine" container from the editor. The necessary `docker
-compose` commands to build and setup the container should run automatically. For
-**Visual Studio Code** this requires installing the [Dev Container extension].
+If you are using an IDE with [support for the Development Container specification](https://containers.dev/supporting), it will run the above `docker compose` commands automatically. For **Visual Studio Code** this requires the [Dev Container extension](https://containers.dev/supporting#dev-containers).
 
 ### GitHub Codespaces
 
-[GitHub Codespaces] provides a web-based version of VS Code and a cloud hosted
-development environment configured with the software needed for this project.
+To get you coding in just a few minutes, GitHub Codespaces provides a web-based version of Visual Studio Code and a cloud-hosted development environment fully configured with the software needed for this project..
 
-[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)][codespace]
-
-- Click the button to create a new codespace, and confirm the options
-- Wait for the environment to build (takes a few minutes)
-- When the editor is ready, run `bin/dev` in the terminal
-- Wait for an _Open in Browser_ prompt. This will open Mastodon
-- On the _Ports_ tab "stream" setting change _Port visibility_ → _Public_
+- Click this button to create a new codespace:<br>
+  [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=52281283&devcontainer_path=.devcontainer%2Fcodespaces%2Fdevcontainer.json)
+- Wait for the environment to build. This will take a few minutes.
+- When the editor is ready, run `foreman start -f Procfile.dev` in the terminal.
+- After a few seconds, a popup will appear with a button labeled _Open in Browser_. This will open Mastodon.
+- On the _Ports_ tab, right click on the “stream” row and select _Port visibility_ → _Public_.
 
 ## Contributing
 
@@ -142,17 +132,10 @@ You can open issues for bugs you've found or features you think are missing. You
 
 ## License
 
-Copyright (C) 2016-2024 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
+Copyright (C) 2016-2022 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
 
 This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 
 This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
 
 You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-[codespace]: https://codespaces.new/mastodon/mastodon?quickstart=1&devcontainer_path=.devcontainer%2Fcodespaces%2Fdevcontainer.json
-[Dev Container extension]: https://containers.dev/supporting#dev-containers
-[Development Containers]: https://containers.dev/supporting
-[Docker]: https://docs.docker.com
-[GitHub Codespaces]: https://docs.github.com/en/codespaces
-[Homebrew]: https://brew.sh

SECURITY.md

@@ -2,7 +2,7 @@
 
 If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can either:
 
-- open a [GitHub security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new)
+- open a [Github security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new)
 - reach us at <security@joinmastodon.org>
 
 You should _not_ report such issues on public GitHub issues or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
@@ -15,6 +15,7 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
 
 | Version | Supported |
 | ------- | --------- |
-| 4.2.x   | Yes       |
 | 4.1.x   | Yes       |
-| < 4.1   | No        |
+| 4.0.x   | Yes       |
+| 3.5.x   | Yes       |
+| < 3.5   | No        |

Vagrantfile

@@ -10,11 +10,7 @@ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 sudo apt-add-repository 'deb https://dl.yarnpkg.com/debian/ stable main'
 
 # Add repo for NodeJS
-sudo mkdir -p /etc/apt/keyrings
-curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
-NODE_MAJOR=20
-echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
-sudo apt-get update
+curl -sL https://deb.nodesource.com/setup_16.x | sudo bash -
 
 # Add firewall rule to redirect 80 to PORT and save
 sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port #{ENV["PORT"]}
@@ -80,8 +76,7 @@ path.logs: /var/log/elasticsearch
 network.host: 0.0.0.0
 http.port: 9200
 discovery.seed_hosts: ["localhost"]
-cluster.initial_master_nodes: ["node-1"]
-xpack.security.enabled: false' > /etc/elasticsearch/elasticsearch.yml
+cluster.initial_master_nodes: ["node-1"]' > /etc/elasticsearch/elasticsearch.yml
 
 sudo systemctl restart elasticsearch
 
@@ -116,11 +111,11 @@ bundle install
 
 # Install node modules
 sudo corepack enable
-corepack prepare
+yarn set version classic
 yarn install
 
 # Build Mastodon
-export RAILS_ENV=development
+export RAILS_ENV=development 
 export $(cat ".env.vagrant" | xargs)
 bundle exec rails db:setup
 
@@ -151,12 +146,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     vb.customize ["modifyvm", :id, "--nictype2", "virtio"]
   end
 
-  config.vm.provider :libvirt do |libvirt|
-    libvirt.cpus = 3
-    libvirt.memory = 8192
-  end
-
-
   # This uses the vagrant-hostsupdater plugin, and lets you
   # access the development site at http://mastodon.local.
   # If you change it, also change it in .env.vagrant before provisioning
@@ -179,7 +168,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
   # Otherwise, you can access the site at http://localhost:3000 and http://localhost:4000 , http://localhost:8080
   config.vm.network :forwarded_port, guest: 3000, host: 3000
-  config.vm.network :forwarded_port, guest: 3035, host: 3035
   config.vm.network :forwarded_port, guest: 4000, host: 4000
   config.vm.network :forwarded_port, guest: 8080, host: 8080
   config.vm.network :forwarded_port, guest: 9200, host: 9200
@@ -195,7 +183,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
   config.vm.post_up_message = <<MESSAGE
 To start server
-  $ vagrant ssh -c "cd /vagrant && bin/dev"
+  $ vagrant ssh -c "cd /vagrant && foreman start"
 MESSAGE
 
 end

app/chewy/accounts_index.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class AccountsIndex < Chewy::Index
-  include DatetimeClampingConcern
-
   settings index: index_preset(refresh_interval: '30s'), analysis: {
     filter: {
       english_stop: {
@@ -62,7 +60,7 @@ class AccountsIndex < Chewy::Index
     field(:following_count, type: 'long')
     field(:followers_count, type: 'long')
     field(:properties, type: 'keyword', value: ->(account) { account.searchable_properties })
-    field(:last_status_at, type: 'date', value: ->(account) { clamp_date(account.last_status_at || account.created_at) })
+    field(:last_status_at, type: 'date', value: ->(account) { account.last_status_at || account.created_at })
     field(:display_name, type: 'text', analyzer: 'verbatim') { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
     field(:username, type: 'text', analyzer: 'verbatim', value: ->(account) { [account.username, account.domain].compact.join('@') }) { field :edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'verbatim' }
     field(:text, type: 'text', analyzer: 'verbatim', value: ->(account) { account.searchable_text }) { field :stemmed, type: 'text', analyzer: 'natural' }

app/chewy/concerns/datetime_clamping_concern.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-module DatetimeClampingConcern
-  extend ActiveSupport::Concern
-
-  MIN_ISO8601_DATETIME = '0000-01-01T00:00:00Z'.to_datetime.freeze
-  MAX_ISO8601_DATETIME = '9999-12-31T23:59:59Z'.to_datetime.freeze
-
-  class_methods do
-    def clamp_date(datetime)
-      datetime.clamp(MIN_ISO8601_DATETIME, MAX_ISO8601_DATETIME)
-    end
-  end
-end

app/chewy/public_statuses_index.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class PublicStatusesIndex < Chewy::Index
-  include DatetimeClampingConcern
-
   settings index: index_preset(refresh_interval: '30s', number_of_shards: 5), analysis: {
     filter: {
       english_stop: {
@@ -55,7 +53,7 @@ class PublicStatusesIndex < Chewy::Index
   index_scope ::Status.unscoped
                       .kept
                       .indexable
-                      .includes(:media_attachments, :preloadable_poll, :tags, preview_cards_status: :preview_card)
+                      .includes(:media_attachments, :preloadable_poll, :preview_cards, :tags)
 
   root date_detection: false do
     field(:id, type: 'long')
@@ -64,6 +62,6 @@ class PublicStatusesIndex < Chewy::Index
     field(:tags, type: 'text', analyzer: 'hashtag', value: ->(status) { status.tags.map(&:display_name) })
     field(:language, type: 'keyword')
     field(:properties, type: 'keyword', value: ->(status) { status.searchable_properties })
-    field(:created_at, type: 'date', value: ->(status) { clamp_date(status.created_at) })
+    field(:created_at, type: 'date')
   end
 end

app/chewy/statuses_index.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class StatusesIndex < Chewy::Index
-  include DatetimeClampingConcern
-
   settings index: index_preset(refresh_interval: '30s', number_of_shards: 5), analysis: {
     filter: {
       english_stop: {
@@ -52,7 +50,7 @@ class StatusesIndex < Chewy::Index
     },
   }
 
-  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :local_mentioned, :local_favorited, :local_reblogged, :local_bookmarked, :tags, preview_cards_status: :preview_card, preloadable_poll: :local_voters), delete_if: ->(status) { status.searchable_by.empty? }
+  index_scope ::Status.unscoped.kept.without_reblogs.includes(:media_attachments, :preview_cards, :local_mentioned, :local_favorited, :local_reblogged, :local_bookmarked, :tags, preloadable_poll: :local_voters), delete_if: ->(status) { status.searchable_by.empty? }
 
   root date_detection: false do
     field(:id, type: 'long')
@@ -62,6 +60,6 @@ class StatusesIndex < Chewy::Index
     field(:searchable_by, type: 'long', value: ->(status) { status.searchable_by })
     field(:language, type: 'keyword')
     field(:properties, type: 'keyword', value: ->(status) { status.searchable_properties })
-    field(:created_at, type: 'date', value: ->(status) { clamp_date(status.created_at) })
+    field(:created_at, type: 'date')
   end
 end

app/chewy/tags_index.rb

@@ -1,8 +1,6 @@
 # frozen_string_literal: true
 
 class TagsIndex < Chewy::Index
-  include DatetimeClampingConcern
-
   settings index: index_preset(refresh_interval: '30s'), analysis: {
     analyzer: {
       content: {
@@ -44,6 +42,6 @@ class TagsIndex < Chewy::Index
     field(:name, type: 'text', analyzer: 'content', value: :display_name) { field(:edge_ngram, type: 'text', analyzer: 'edge_ngram', search_analyzer: 'content') }
     field(:reviewed, type: 'boolean', value: ->(tag) { tag.reviewed? })
     field(:usage, type: 'long', value: ->(tag, crutches) { tag.history.aggregate(crutches.time_period).accounts })
-    field(:last_status_at, type: 'date', value: ->(tag) { clamp_date(tag.last_status_at || tag.created_at) })
+    field(:last_status_at, type: 'date', value: ->(tag) { tag.last_status_at || tag.created_at })
   end
 end

app/controllers/about_controller.rb

@@ -5,7 +5,15 @@ class AboutController < ApplicationController
 
   skip_before_action :require_functional!
 
+  before_action :set_instance_presenter
+
   def show
     expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.day) unless user_signed_in?
   end
+
+  private
+
+  def set_instance_presenter
+    @instance_presenter = InstancePresenter.new
+  end
 end

app/controllers/accounts_controller.rb

@@ -18,6 +18,8 @@ class AccountsController < ApplicationController
     respond_to do |format|
       format.html do
         expires_in(15.seconds, public: true, stale_while_revalidate: 30.seconds, stale_if_error: 1.hour) unless user_signed_in?
+
+        @rss_url = rss_url
       end
 
       format.rss do
@@ -25,7 +27,7 @@ class AccountsController < ApplicationController
 
         limit     = params[:limit].present? ? [params[:limit].to_i, PAGE_SIZE_MAX].min : PAGE_SIZE
         @statuses = filtered_statuses.without_reblogs.limit(limit)
-        @statuses = preload_collection(@statuses, Status)
+        @statuses = cache_collection(@statuses, Status)
       end
 
       format.json do
@@ -46,11 +48,11 @@ class AccountsController < ApplicationController
   end
 
   def default_statuses
-    @account.statuses.distributable_visibility
+    @account.statuses.where(visibility: [:public, :unlisted])
   end
 
   def only_media_scope
-    Status.joins(:media_attachments).merge(@account.media_attachments).group(:id)
+    Status.joins(:media_attachments).merge(@account.media_attachments.reorder(nil)).group(:id)
   end
 
   def no_replies_scope
@@ -82,21 +84,29 @@ class AccountsController < ApplicationController
       short_account_url(@account, format: 'rss')
     end
   end
-  helper_method :rss_url
 
   def media_requested?
-    path_without_format.end_with?('/media') && !tag_requested?
+    request.path.split('.').first.end_with?('/media') && !tag_requested?
   end
 
   def replies_requested?
-    path_without_format.end_with?('/with_replies') && !tag_requested?
+    request.path.split('.').first.end_with?('/with_replies') && !tag_requested?
   end
 
   def tag_requested?
-    path_without_format.end_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
+    request.path.split('.').first.end_with?(Addressable::URI.parse("/tagged/#{params[:tag]}").normalize)
   end
 
-  def path_without_format
-    request.path.split('.').first
+  def cached_filtered_status_page
+    cache_collection_paginated_by_id(
+      filtered_statuses,
+      Status,
+      PAGE_SIZE,
+      params_slice(:max_id, :min_id, :since_id)
+    )
+  end
+
+  def params_slice(*keys)
+    params.slice(*keys).permit(*keys)
   end
 end

app/controllers/activitypub/base_controller.rb

@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 class ActivityPub::BaseController < Api::BaseController
-  include SignatureVerification
-  include AccountOwnedConcern
-
   skip_before_action :require_authenticated_user!
   skip_before_action :require_not_suspended!
   skip_around_action :set_locale

app/controllers/activitypub/claims_controller.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class ActivityPub::ClaimsController < ActivityPub::BaseController
+  include SignatureVerification
+  include AccountOwnedConcern
+
   skip_before_action :authenticate_user!
 
   before_action :require_account_signature!

app/controllers/activitypub/collections_controller.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class ActivityPub::CollectionsController < ActivityPub::BaseController
+  include SignatureVerification
+  include AccountOwnedConcern
+
   vary_by -> { 'Signature' if authorized_fetch_mode? }
 
   before_action :require_account_signature!, if: :authorized_fetch_mode?
@@ -18,7 +21,7 @@ class ActivityPub::CollectionsController < ActivityPub::BaseController
   def set_items
     case params[:id]
     when 'featured'
-      @items = for_signed_account { preload_collection(@account.pinned_statuses, Status) }
+      @items = for_signed_account { cache_collection(@account.pinned_statuses, Status) }
       @items = @items.map { |item| item.distributable? ? item : ActivityPub::TagManager.instance.uri_for(item) }
     when 'tags'
       @items = for_signed_account { @account.featured_tags }

app/controllers/activitypub/followers_synchronizations_controller.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseController
+  include SignatureVerification
+  include AccountOwnedConcern
+
   vary_by -> { 'Signature' if authorized_fetch_mode? }
 
   before_action :require_account_signature!
@@ -21,7 +24,7 @@ class ActivityPub::FollowersSynchronizationsController < ActivityPub::BaseContro
   end
 
   def set_items
-    @items = @account.followers.matches_uri_prefix(uri_prefix).pluck(:uri)
+    @items = @account.followers.where(Account.arel_table[:uri].matches("#{Account.sanitize_sql_like(uri_prefix)}/%", false, true)).or(@account.followers.where(uri: uri_prefix)).pluck(:uri)
   end
 
   def collection_presenter

app/controllers/activitypub/inboxes_controller.rb

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 
 class ActivityPub::InboxesController < ActivityPub::BaseController
+  include SignatureVerification
   include JsonLdHelper
+  include AccountOwnedConcern
 
   before_action :skip_unknown_actor_activity
   before_action :require_actor_signature!
@@ -22,7 +24,7 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
 
   def unknown_affected_account?
     json = Oj.load(body, mode: :strict)
-    json.is_a?(Hash) && %w(Delete Update).include?(json['type']) && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.exists?(uri: json['actor'])
+    json.is_a?(Hash) && %w(Delete Update).include?(json['type']) && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
   rescue Oj::ParseError
     false
   end
@@ -60,10 +62,11 @@ class ActivityPub::InboxesController < ActivityPub::BaseController
     return if raw_params.blank? || ENV['DISABLE_FOLLOWERS_SYNCHRONIZATION'] == 'true' || signed_request_account.nil?
 
     # Re-using the syntax for signature parameters
-    params = SignatureParser.parse(raw_params)
+    tree   = SignatureParamsParser.new.parse(raw_params)
+    params = SignatureParamsTransformer.new.apply(tree)
 
     ActivityPub::PrepareFollowersSynchronizationService.new.call(signed_request_account, params)
-  rescue SignatureParser::ParsingError
+  rescue Parslet::ParseFailed
     Rails.logger.warn 'Error parsing Collection-Synchronization header'
   end
 

app/controllers/activitypub/outboxes_controller.rb

@@ -3,6 +3,9 @@
 class ActivityPub::OutboxesController < ActivityPub::BaseController
   LIMIT = 20
 
+  include SignatureVerification
+  include AccountOwnedConcern
+
   vary_by -> { 'Signature' if authorized_fetch_mode? || page_requested? }
 
   before_action :require_account_signature!, if: :authorized_fetch_mode?
@@ -60,7 +63,7 @@ class ActivityPub::OutboxesController < ActivityPub::BaseController
   def set_statuses
     return unless page_requested?
 
-    @statuses = preload_collection_paginated_by_id(
+    @statuses = cache_collection_paginated_by_id(
       AccountStatusesFilter.new(@account, signed_request_account).results,
       Status,
       LIMIT,

app/controllers/activitypub/replies_controller.rb

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 
 class ActivityPub::RepliesController < ActivityPub::BaseController
+  include SignatureVerification
   include Authorization
+  include AccountOwnedConcern
 
   DESCENDANTS_LIMIT = 60
 
@@ -31,7 +33,7 @@ class ActivityPub::RepliesController < ActivityPub::BaseController
 
   def set_replies
     @replies = only_other_accounts? ? Status.where.not(account_id: @account.id).joins(:account).merge(Account.without_suspended) : @account.statuses
-    @replies = @replies.distributable_visibility.where(in_reply_to_id: @status.id)
+    @replies = @replies.where(in_reply_to_id: @status.id, visibility: [:public, :unlisted])
     @replies = @replies.paginate_by_min_id(DESCENDANTS_LIMIT, params[:min_id])
   end
 

app/controllers/admin/account_actions_controller.rb

@@ -21,7 +21,7 @@ module Admin
       account_action.save!
 
       if account_action.with_report?
-        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: resource_params[:report_id])
+        redirect_to admin_reports_path, notice: I18n.t('admin.reports.processed_msg', id: params[:report_id])
       else
         redirect_to admin_account_path(@account.id)
       end

app/controllers/admin/account_moderation_notes_controller.rb

@@ -16,7 +16,7 @@ module Admin
         @moderation_notes = @account.targeted_moderation_notes.latest
         @warnings         = @account.strikes.custom.latest
 
-        render 'admin/accounts/show'
+        render template: 'admin/accounts/show'
       end
     end
 

app/controllers/admin/action_logs_controller.rb

@@ -6,7 +6,7 @@ module Admin
 
     def index
       authorize :audit_log, :index?
-      @auditable_accounts = Account.auditable.select(:id, :username)
+      @auditable_accounts = Account.where(id: Admin::ActionLog.reorder(nil).select('distinct account_id')).select(:id, :username)
     end
 
     private

app/controllers/admin/confirmations_controller.rb

@@ -3,11 +3,11 @@
 module Admin
   class ConfirmationsController < BaseController
     before_action :set_user
-    before_action :redirect_confirmed_user, only: [:resend], if: :user_confirmed?
+    before_action :check_confirmation, only: [:resend]
 
     def create
       authorize @user, :confirm?
-      @user.mark_email_as_confirmed!
+      @user.confirm!
       log_action :confirm, @user
       redirect_to admin_accounts_path
     end
@@ -25,13 +25,11 @@ module Admin
 
     private
 
-    def redirect_confirmed_user
-      flash[:error] = I18n.t('admin.accounts.resend_confirmation.already_confirmed')
-      redirect_to admin_accounts_path
-    end
-
-    def user_confirmed?
-      @user.confirmed?
+    def check_confirmation
+      if @user.confirmed?
+        flash[:error] = I18n.t('admin.accounts.resend_confirmation.already_confirmed')
+        redirect_to admin_accounts_path
+      end
     end
   end
 end

app/controllers/admin/disputes/appeals_controller.rb

@@ -20,7 +20,7 @@ class Admin::Disputes::AppealsController < Admin::BaseController
     authorize @appeal, :approve?
     log_action :reject, @appeal
     @appeal.reject!(current_account)
-    UserMailer.appeal_rejected(@appeal.account.user, @appeal).deliver_later
+    UserMailer.appeal_rejected(@appeal.account.user, @appeal)
     redirect_to disputes_strike_path(@appeal.strike)
   end
 

app/controllers/admin/domain_allows_controller.rb

@@ -25,8 +25,6 @@ class Admin::DomainAllowsController < Admin::BaseController
   def destroy
     authorize @domain_allow, :destroy?
     UnallowDomainService.new.call(@domain_allow)
-    log_action :destroy, @domain_allow
-
     redirect_to admin_instances_path, notice: I18n.t('admin.domain_allows.destroyed_msg')
   end
 

app/controllers/admin/domain_blocks_controller.rb

@@ -4,18 +4,6 @@ module Admin
   class DomainBlocksController < BaseController
     before_action :set_domain_block, only: [:destroy, :edit, :update]
 
-    PERMITTED_PARAMS = %i(
-      domain
-      obfuscate
-      private_comment
-      public_comment
-      reject_media
-      reject_reports
-      severity
-    ).freeze
-
-    PERMITTED_UPDATE_PARAMS = PERMITTED_PARAMS.without(:domain).freeze
-
     def batch
       authorize :domain_block, :create?
       @form = Form::DomainBlockBatch.new(form_domain_block_batch_params.merge(current_account: current_account, action: action_from_button))
@@ -45,7 +33,7 @@ module Admin
 
       # Disallow accidentally downgrading a domain block
       if existing_domain_block.present? && !@domain_block.stricter_than?(existing_domain_block)
-        @domain_block.validate
+        @domain_block.save
         flash.now[:alert] = I18n.t('admin.domain_blocks.existing_domain_block_html', name: existing_domain_block.domain, unblock_url: admin_domain_block_path(existing_domain_block)).html_safe
         @domain_block.errors.delete(:domain)
         return render :new
@@ -100,17 +88,11 @@ module Admin
     end
 
     def update_params
-      params
-        .require(:domain_block)
-        .slice(*PERMITTED_UPDATE_PARAMS)
-        .permit(*PERMITTED_UPDATE_PARAMS)
+      params.require(:domain_block).permit(:severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
     end
 
     def resource_params
-      params
-        .require(:domain_block)
-        .slice(*PERMITTED_PARAMS)
-        .permit(*PERMITTED_PARAMS)
+      params.require(:domain_block).permit(:domain, :severity, :reject_media, :reject_reports, :private_comment, :public_comment, :obfuscate)
     end
 
     def form_domain_block_batch_params

app/controllers/admin/email_domain_blocks_controller.rb

@@ -38,9 +38,9 @@ module Admin
           log_action :create, @email_domain_block
 
           (@email_domain_block.other_domains || []).uniq.each do |domain|
-            next if EmailDomainBlock.exists?(domain: domain)
+            next if EmailDomainBlock.where(domain: domain).exists?
 
-            other_email_domain_block = EmailDomainBlock.create!(domain: domain, allow_with_approval: @email_domain_block.allow_with_approval, parent: @email_domain_block)
+            other_email_domain_block = EmailDomainBlock.create!(domain: domain, parent: @email_domain_block)
             log_action :create, other_email_domain_block
           end
         end
@@ -65,7 +65,7 @@ module Admin
     end
 
     def resource_params
-      params.require(:email_domain_block).permit(:domain, :allow_with_approval, other_domains: [])
+      params.require(:email_domain_block).permit(:domain, other_domains: [])
     end
 
     def form_email_domain_block_batch_params