Auto updated submodule references

.github/workflows/create-release-from-commit.yaml

@@ -0,0 +1,64 @@
+name: "Create Release Tag"
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'The new release tag to create (e.g., v3.8.1)'
+        required: true
+        type: string
+      commit_sha:
+        description: 'The short commit SHA from the calcom submodule to use for this release'
+        required: true
+        type: string
+
+jobs:
+  release:
+    name: "Tag Release"
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - name: "Checkout main branch to get starting point"
+        uses: "actions/checkout@v4"
+        with:
+          token: ${{ secrets.TOKEN_GITEA }}
+          # We check out main, but will create the release commit off of it
+          # without modifying the branch itself.
+          ref: 'main' 
+          submodules: true
+
+      - name: "Create Release Commit and Tag"
+        run: |
+          # Configure git user for the commit
+          git config user.email "actions@gitea.local"
+          git config user.name "Gitea Actions"
+
+          echo "Updating submodule to commit ${{ inputs.commit_sha }}..."
+          
+          # Navigate into the submodule, fetch latest history, and check out the specific commit.
+          # This modifies the submodule's checked-out version in the working directory.
+          cd calcom
+          git fetch origin
+          git checkout ${{ inputs.commit_sha }}
+          cd ..
+
+          # Stage the change to the submodule pointer.
+          git add calcom
+
+          # Create a NEW commit. This commit is NOT on the main branch.
+          # It's a "dangling" commit that only HEAD is pointing to at this moment.
+          # The parent of this new commit is the latest commit from 'main'.
+          git commit -m "release: Version ${{ inputs.version }} with calcom at ${{ inputs.commit_sha }}"
+
+          # Get the full SHA of the new commit we just created.
+          NEW_COMMIT_SHA=$(git rev-parse HEAD)
+          echo "Created new release commit: $NEW_COMMIT_SHA"
+
+          echo "Creating and pushing tag ${{ inputs.version }}..."
+          
+          # Create an annotated tag pointing directly at our new, branchless commit.
+          git tag -a "${{ inputs.version }}" -m "Release ${{ inputs.version }}" $NEW_COMMIT_SHA
+          
+          # Push ONLY the new tag to the repository. Git will automatically send
+          # the required commit object ($NEW_COMMIT_SHA) along with the tag.
+          git push origin "${{ inputs.version }}"

.github/workflows/create-release.yaml

@@ -1,60 +1,77 @@
-name: "Create Release"
+name: "Create Gitea Release"
 
-on: # yamllint disable-line rule:truthy
+# This workflow is triggered manually from the Gitea Actions UI
+on:
   workflow_dispatch:
     inputs:
       RELEASE_TAG:
-        description: 'v{Major}.{Minor}.{Patch}'  
+        description: 'The release tag to create, formatted as v{Major}.{Minor}.{Patch}'
+        required: true
 
 jobs:
   release:
     name: "Release"
-    permissions:
-      contents: write
     runs-on: "ubuntu-latest"
 
     steps:
-      
+      # Step 1: Check out the repository source code and its submodules.
+      # The TOKEN_GITEA is used here to grant permission for the later 'git push'.
       - name: Checkout source
-        uses: actions/checkout@v3
+        uses: "actions/checkout@v4"
         with:
-          token: ${{ secrets.ACTIONS_ACCESS_TOKEN }}
+          token: ${{ secrets.TOKEN_GITEA }}
           submodules: true
 
-      - name: Create branch and tag submodule
+      # Step 2: Create a new release branch, update the submodule to the specified tag,
+      # and push the new branch to the Gitea repository.
+      - name: Create Branch and Update Submodule
         run: |
-          git config user.email "actions@github.com"
-          git config user.name "actions-user"
-          git submodule update --init --remote
+          # Configure git user for the commit
+          git config user.email "actions@gitea.local"
+          git config user.name "Gitea Actions"
+
+          # Create the new release branch
           git checkout -b 'release-${{ inputs.RELEASE_TAG }}'
+
+          # Enter the submodule directory, fetch the latest tags, and check out the correct one.
+          # This points the submodule to the specific commit associated with the release tag.
           (cd calcom && git fetch --tags origin && git checkout 'refs/tags/${{ inputs.RELEASE_TAG }}')
+
+          # Stage and commit the change to the submodule pointer
           git add calcom
-          git commit -m "tag version Cal.com version ${{ inputs.RELEASE_TAG }}"
+          git commit -m "Update submodule to Cal.com version ${{ inputs.RELEASE_TAG }}"
+
+          # Push the newly created release branch to the remote Gitea repository
           git push origin 'release-${{ inputs.RELEASE_TAG }}'
 
-      # note: instead of secrets.GITHUB_TOKEN here, we need to use a PAT 
-      #       so that the release creation triggers the image build workflow
-      - name: "Create release"
-        uses: "actions/github-script@v6"
-        with:
-          github-token: "${{ secrets.ACTIONS_ACCESS_TOKEN }}"
-          script: |
-            const isPreRelease = '${{ inputs.RELEASE_TAG }}'.includes('-rc'); 
-            try {
-              const response = await github.rest.repos.createRelease({
-                draft: false,
-                generate_release_notes: true,
-                body: 'For Cal.com release details, see: https://github.com/calcom/cal.com/releases/tag/${{ inputs.RELEASE_TAG }}',
-                name: '${{ inputs.RELEASE_TAG }}',
-                target_commitish: 'release-${{ inputs.RELEASE_TAG }}',
-                owner: context.repo.owner,
-                prerelease: isPreRelease,
-                repo: context.repo.repo,
-                tag_name: '${{ inputs.RELEASE_TAG }}',
-              });
+      # Step 3: Call the Gitea API to create the official release object.
+      # This uses the same API token to authorize the action.
+      - name: "Create Gitea Release"
+        env:
+          GITEA_TOKEN: ${{ secrets.TOKEN_GITEA }}
+          GITEA_API_URL: https://git.nethery.dev/api/v1
+          OWNER: ${{ gitea.repository_owner }}
+          REPO: ${{ gitea.repository_name }}
+        run: |
+          # Determine if the tag indicates a pre-release
+          is_prerelease=false
+          if [[ "${{ inputs.RELEASE_TAG }}" == *"-rc"* || "${{ inputs.RELEASE_TAG }}" == *"-beta"* ]]; then
+            is_prerelease=true
+          fi
 
-              core.exportVariable('RELEASE_ID', response.data.id);
-              core.exportVariable('RELEASE_UPLOAD_URL', response.data.upload_url);
-            } catch (error) {
-              core.setFailed(error.message);
-            }
+          echo "Creating release ${{ inputs.RELEASE_TAG }}..."
+          echo "Is prerelease: $is_prerelease"
+
+          # Use curl to send a POST request to the Gitea API's 'create release' endpoint
+          curl --fail --silent --show-error -L -X POST \
+            -H "accept: application/json" \
+            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Content-Type: application/json" \
+            "${GITEA_API_URL}/repos/${OWNER}/${REPO}/releases" \
+            -d '{
+              "tag_name": "${{ inputs.RELEASE_TAG }}",
+              "target_commitish": "release-${{ inputs.RELEASE_TAG }}",
+              "name": "${{ inputs.RELEASE_TAG }}",
+              "body": "For Cal.com release details, see: https://github.com/calcom/cal.com/releases/tag/${{ inputs.RELEASE_TAG }}",
+              "prerelease": '${is_prerelease}'
+            }'

.github/workflows/docker-build-push-dockerhub.yml

@@ -49,6 +49,11 @@ jobs:
       #   with:
       #     ref: ${{ github.event.inputs.version }}
 
+      - name: Base requirements
+        run: |
+          # packages
+          apk update && apk add --no-cache git docker docker-compose nodejs gpg openssh npm ansible
+
       - name: checkout
         uses: actions/checkout@v4
 
@@ -59,29 +64,23 @@ jobs:
       - name: Log in to the Docker Hub registry
         uses: docker/login-action@v3
         with:
-          # Username used to log against the Docker registry
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          # Password or personal access token used to log against the Docker registry
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
-          # Log out from the Docker registry at the end of a job
-          logout: true # optional, default is true
 
       - name: Log in to the Github Container registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: nnethery
+          password: ${{ secrets.GHCR_TOKEN }}
 
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: |
-            docker.io/calendso/calendso
-            docker.io/calcom/cal.com
-            ghcr.io/calcom/cal.com
-          # Add flavor latest only on full releases, not on pre-releases
+            ghcr.io/nnethery/cal.com
+            nnethery/cal.com
           flavor: |
             latest=${{ !github.event.release.prerelease }}
 
@@ -93,8 +92,6 @@ jobs:
           eval $(sed -e '/^#/d' -e 's/^/export /' -e 's/$/;/' .env) ;
 
       # Temporarily disable ARM build due to runner performance issues
-      # - name: Set up QEMU
-      #   uses: docker/setup-qemu-action@v2
 
       - name: Start database
         run: |
@@ -107,9 +104,9 @@ jobs:
             network=container:database
           buildkitd-flags: |
             --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host
-#           config-inline: |
-#             [worker.oci]
-#               max-parallelism = 1
+#         config-inline: |
+#           [worker.oci]
+#             max-parallelism = 1
 
       - name: Build image
         id: docker_build
@@ -118,8 +115,8 @@ jobs:
           context: ./
           file: ./Dockerfile
           load: true  # Load the image into the Docker daemon
-          push: false  # Do not push the image at this stage
-          platforms: linux/amd64
+          push: false # Do not push the image at this stage
+          platforms: linux/arm64 # Changed from linux/amd64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
@@ -130,47 +127,49 @@ jobs:
             DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }}
             DATABASE_DIRECT_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@${{ env.DATABASE_HOST }}/${{ env.POSTGRES_DB }}
 
-      - name: Test runtime
-        run: |
-          tags="${{ steps.meta.outputs.tags }}"
-          IFS=',' read -ra ADDR <<< "$tags"  # Convert string to array using ',' as delimiter
-          tag=${ADDR[0]}  # Get the first tag
+      # - name: Test runtime
+      #   run: |
+      #     tags="${{ steps.meta.outputs.tags }}"
+      #     IFS=',' read -ra ADDR <<< "$tags"  # Convert string to array using ',' as delimiter
+      #     tag=${ADDR[0]}  # Get the first tag
 
-          docker run --rm --network stack \
-            -p 3000:3000 \
-            -e DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@database/${{ env.POSTGRES_DB }} \
-            -e DATABASE_DIRECT_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@database/${{ env.POSTGRES_DB }} \
-            -e NEXTAUTH_SECRET=${{ env.NEXTAUTH_SECRET }} \
-            -e CALENDSO_ENCRYPTION_KEY=${{ env.CALENDSO_ENCRYPTION_KEY }} \
-            $tag &
+      #     docker run --rm --network stack \
+      #       -p 3000:3000 \
+      #       -e DATABASE_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@database/${{ env.POSTGRES_DB }} \
+      #       -e DATABASE_DIRECT_URL=postgresql://${{ env.POSTGRES_USER }}:${{ env.POSTGRES_PASSWORD }}@database/${{ env.POSTGRES_DB }} \
+      #       -e NEXTAUTH_SECRET=${{ env.NEXTAUTH_SECRET }} \
+      #       -e CALENDSO_ENCRYPTION_KEY=${{ env.CALENDSO_ENCRYPTION_KEY }} \
+      #       $tag &
 
-            server_pid=$!
+      #       server_pid=$!
 
 
-            echo "Waiting for the server to start..."
-            sleep 120
+      #       echo "Waiting for the server to start..."
+      #       sleep 120
 
-            echo ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login
+      #       echo ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login
 
-            for i in {1..60}; do
-              echo "Checking server health ($i/60)..."
-              response=$(curl -o /dev/null -s -w "%{http_code}" ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login)
-              echo "HTTP Status Code: $response"
-              if [[ "$response" == "200" ]] || [[ "$response" == "307" ]]; then
-                echo "Server is healthy"
-                # Now, shutdown the server
-                kill $server_pid
-                exit 0
-              fi
-              sleep 1
-            done
+      #       apk add curl
 
-            echo "Server health check failed"
-            kill $server_pid
-            exit 1
-        env:
-          NEXTAUTH_SECRET: 'EI4qqDpcfdvf4A+0aQEEx8JjHxHSy4uWiZw/F32K+pA='
-          CALENDSO_ENCRYPTION_KEY: '0zfLtY99wjeLnsM7qsa8xsT+Q0oSgnOL'
+      #       for i in {1..60}; do
+      #         echo "Checking server health ($i/60)..."
+      #         response=$(curl -o /dev/null -s -w "%{http_code}" ${{ env.NEXT_PUBLIC_WEBAPP_URL }}/auth/login)
+      #         echo "HTTP Status Code: $response"
+      #         if [[ "$response" == "200" ]] || [[ "$response" == "307" ]]; then
+      #           echo "Server is healthy"
+      #           # Now, shutdown the server
+      #           kill $server_pid
+      #           exit 0
+      #         fi
+      #         sleep 1
+      #       done
+
+      #       echo "Server health check failed"
+      #       kill $server_pid
+      #       exit 1
+      #   env:
+      #     NEXTAUTH_SECRET: 'EI4qqDpcfdvf4A+0aQEEx8JjHxHSy4uWiZw/F32K+pA='
+      #     CALENDSO_ENCRYPTION_KEY: '0zfLtY99wjeLnsM7qsa8xsT+Q0oSgnOL'
 
       - name: Push image
         id: docker_push
@@ -179,7 +178,7 @@ jobs:
           context: ./
           file: ./Dockerfile
           push: true
-          platforms: linux/amd64
+          platforms: linux/arm64 # Changed from linux/amd64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |

.github/workflows/scarf-data-export.yml

@@ -1,14 +0,0 @@
-name: Export Scarf data
-on:
-  schedule:
-    - cron: '0 0 * * *'
-
-jobs:
-  export-scarf-data:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: docker://scarf.docker.scarf.sh/scarf-sh/scarf-postgres-exporter:latest
-        env:
-          SCARF_API_TOKEN: ${{ secrets.SCARF_API_TOKEN }}
-          SCARF_ENTITY_NAME: Calcom
-          PSQL_CONN_STRING: ${{ secrets.PSQL_CONN_STRING }}

Dockerfile

@@ -3,6 +3,8 @@ FROM node:18 AS builder
 WORKDIR /calcom
 
 ARG NEXT_PUBLIC_LICENSE_CONSENT
+ARG NEXT_PUBLIC_WEBSITE_TERMS_URL
+ARG NEXT_PUBLIC_WEBSITE_PRIVACY_POLICY_URL
 ARG CALCOM_TELEMETRY_DISABLED
 ARG DATABASE_URL
 ARG NEXTAUTH_SECRET=secret
@@ -13,6 +15,8 @@ ARG NEXT_PUBLIC_API_V2_URL
 ENV NEXT_PUBLIC_WEBAPP_URL=http://NEXT_PUBLIC_WEBAPP_URL_PLACEHOLDER \
     NEXT_PUBLIC_API_V2_URL=$NEXT_PUBLIC_API_V2_URL \
     NEXT_PUBLIC_LICENSE_CONSENT=$NEXT_PUBLIC_LICENSE_CONSENT \
+    NEXT_PUBLIC_WEBSITE_TERMS_URL=$NEXT_PUBLIC_WEBSITE_TERMS_URL \
+    NEXT_PUBLIC_WEBSITE_PRIVACY_POLICY_URL=$NEXT_PUBLIC_WEBSITE_PRIVACY_POLICY_URL \
     CALCOM_TELEMETRY_DISABLED=$CALCOM_TELEMETRY_DISABLED \
     DATABASE_URL=$DATABASE_URL \
     DATABASE_DIRECT_URL=$DATABASE_URL \
@@ -21,7 +25,7 @@ ENV NEXT_PUBLIC_WEBAPP_URL=http://NEXT_PUBLIC_WEBAPP_URL_PLACEHOLDER \
     NODE_OPTIONS=--max-old-space-size=${MAX_OLD_SPACE_SIZE} \
     BUILD_STANDALONE=true
 
-COPY calcom/package.json calcom/yarn.lock calcom/.yarnrc.yml calcom/playwright.config.ts calcom/turbo.json calcom/git-init.sh calcom/git-setup.sh calcom/i18n.json ./
+COPY calcom/package.json calcom/yarn.lock calcom/.yarnrc.yml calcom/playwright.config.ts calcom/turbo.json calcom/i18n.json ./
 COPY calcom/.yarn ./.yarn
 COPY calcom/apps/web ./apps/web
 COPY calcom/apps/api/v2 ./apps/api/v2

README.md

@@ -219,6 +219,8 @@ Updating these variables is not required for evaluation, but is required for run
 | --- | --- | --- | --- |
 | NEXT_PUBLIC_WEBAPP_URL | Base URL injected into static files | optional | `http://localhost:3000` |
 | NEXT_PUBLIC_LICENSE_CONSENT | license consent - true/false |  |  |
+| NEXT_PUBLIC_WEBSITE_TERMS_URL | custom URL for terms and conditions website | optional | `https://cal.com/terms` |
+| NEXT_PUBLIC_WEBSITE_PRIVACY_POLICY_URL | custom URL for privacy policy website | optional | `https://cal.com/privacy` |
 | CALCOM_TELEMETRY_DISABLED | Allow cal.com to collect anonymous usage data (set to `1` to disable) | | |
 | DATABASE_URL | database url with credentials - if using a connection pooler, this setting should point there | required | `postgresql://unicorn_user:magical_password@database:5432/calendso` |
 | DATABASE_DIRECT_URL | direct database url with credentials if using a connection pooler (e.g. PgBouncer, Prisma Accelerate, etc.) | optional | |

docker-compose.yaml

@@ -28,6 +28,8 @@ services:
         NEXT_PUBLIC_WEBAPP_URL: ${NEXT_PUBLIC_WEBAPP_URL}
         NEXT_PUBLIC_API_V2_URL: ${NEXT_PUBLIC_API_V2_URL}
         NEXT_PUBLIC_LICENSE_CONSENT: ${NEXT_PUBLIC_LICENSE_CONSENT}
+        NEXT_PUBLIC_WEBSITE_TERMS_URL: ${EXT_PUBLIC_WEBSITE_TERMS_URL}
+        NEXT_PUBLIC_WEBSITE_PRIVACY_POLICY_URL: ${NEXT_PUBLIC_WEBSITE_PRIVACY_POLICY_URL}
         CALCOM_TELEMETRY_DISABLED: ${CALCOM_TELEMETRY_DISABLED}
         NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
         CALENDSO_ENCRYPTION_KEY: ${CALENDSO_ENCRYPTION_KEY}