Run spam checker callbacks for invites early during room creation

.github/workflows/docker-famedly.yml

@@ -0,0 +1,20 @@
+---
+name: Docker
+
+on:
+  push:
+    tags: [ 'v*.*.*_*' ]
+
+jobs:
+  docker:
+    uses: famedly/github-workflows/.github/workflows/docker.yml@6da23b565deec84c38ad29b0499479b86d597ce4
+    with:
+      push: ${{ github.event_name != 'pull_request' }} # Always build, don't publish on pull requests
+      registry_user: famedly-ci
+      registry: docker-oss.nexus.famedly.de
+      image_name: synapse
+      file: docker/Dockerfile
+      tags: |
+        type=match,group=1,pattern=(v\d+.\d+.\d+)_\d+
+        type=match,group=1,pattern=(v\d+.\d+.\d+_\d+)
+    secrets: inherit

.gitlab-ci.yml

@@ -0,0 +1,101 @@
+image: alpine
+
+default:
+  tags:
+    - famedly
+    - docker
+
+stages:
+  - test
+  - build
+
+.docker-template:
+  image: docker:latest
+  stage: build
+  variables:
+    DOCKER_BUILDKIT: 1
+  services:
+    - docker:dind
+  before_script:
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+
+lint+mypy+test:
+  stage: test
+  image: docker.io/python:3.9-slim
+  script:
+    - apt-get update && apt-get install -y git build-essential libffi-dev libjpeg-dev libpq-dev libssl-dev libwebp-dev libxml++2.6-dev libxslt1-dev zlib1g-dev curl
+    - curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain stable --profile minimal --component clippy --component rustfmt
+    - source "$HOME/.cargo/env"
+    - pip install poetry
+    - poetry install --extras all --no-interaction --sync -vvv
+    - sed -i -e 's/python -m black/python -m black --check --diff/' ./scripts-dev/lint.sh
+    - poetry run ./scripts-dev/lint.sh
+    - poetry run trial -j"$(nproc)" tests
+
+complement:
+  image: deb11-docker.qcow2
+  stage: test
+  tags:
+    - famedly
+    - libvirt
+    - generic
+  variables:
+    COMPLEMENT_REF: main
+  before_script:
+    - sudo bash -c "echo 'deb http://deb.debian.org/debian bullseye-backports main' >  /etc/apt/sources.list.d/backports.list"
+    - sudo apt-get -y update --allow-releaseinfo-change
+    - sudo apt-get -y install libolm-dev golang-go/bullseye-backports golang-src/bullseye-backports wget g++ bash
+    - curl -LJO "https://gitlab-runner-downloads.s3.amazonaws.com/latest/deb/gitlab-runner_amd64.deb"
+    - sudo dpkg -i gitlab-runner_amd64.deb
+  script:
+    - go install gotest.tools/gotestsum@latest
+    - export PATH="$PATH:$HOME/go/bin"
+    - sed -i -e 's/,msc2716//' -e 's|go test -v|gotestsum --junitfile report.xml --format standard-verbose -- |' ./scripts-dev/complement.sh
+    - ./scripts-dev/complement.sh
+  allow_failure: true
+  artifacts:
+    when: always
+    reports:
+      junit: complement-master/report.xml
+
+sytest:
+  extends: .docker-template
+  stage: test
+  before_script:
+    - apk add curl perl perl-utils make perl-xml-generator
+  script:
+    - mkdir logs
+    - docker run -i -e SYTEST_BRANCH="master" -v $(pwd)/logs:/logs -v $(pwd):/src:ro matrixdotorg/sytest-synapse:buster
+  after_script:
+    - curl -LOJ https://raw.githubusercontent.com/matrix-org/sytest/b4f61a88af44fe5850bddac4e170ca1f4e3be79a/tap-to-junit-xml.pl
+    - perl tap-to-junit-xml.pl --input logs/results.tap --output report.xml  --puretap
+  artifacts:
+    when: always
+    reports:
+      junit: report.xml
+
+docker-release:
+  extends: .docker-template
+  rules:
+    - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+_\d+$/'
+  script:
+    - docker build --pull -t "${CI_REGISTRY_IMAGE}:latest" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}" -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG%_*}" -f docker/Dockerfile .
+    - docker push "${CI_REGISTRY_IMAGE}:latest"
+    - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"
+    - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG%_*}"
+
+docker-tags:
+  extends: .docker-template
+  rules:
+    - if: '$CI_COMMIT_TAG && $CI_COMMIT_TAG !~ /^v\d+\.\d+\.\d+_\d+$/'
+  script:
+    - docker build --pull -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}" -f docker/Dockerfile .
+    - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"
+
+docker-branches:
+  extends: .docker-template
+  rules:
+    - if: $CI_COMMIT_BRANCH
+  script:
+    - docker build --pull -t "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}" -f docker/Dockerfile .
+    - docker push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"

README.rst

@@ -27,6 +27,30 @@ SLAs. ESS can be used to support any Matrix-based frontend client.
 
 .. contents::
 
+Rebasing this fork
+==================
+
+TL;DR: There's a `./make_release.sh` script which does the things below.
+It currently doesn't handle rebase conflicts gracefully yet.
+
+This is the Famedly Fork of synapse. It applies a few patches, which need to
+be rebased upon every synapse release. To do this, the following workflow is used:
+
+- Checkout `master` of the fork, then `fetch -a` from the upstream
+
+- Rebase all commits (from our master) upon `upstream/master`: `git rebase upstream/master`
+
+- Switch to the `release-vM.m.f` branch (comes from upstream), and merge the
+  master into it using `git merge --ff-only master`. Then push the `release-*`
+  branch to the famedly-remote.
+
+- The CI is configured in a way that creating a tag on the `release-`-branch
+  will create a new release. The tag needs to have the form `v$originalSynapseVersion_$count`,
+  so `v1.29.0_1`, `v1.29.0_2` and so on - as content, we suggest `v$synapseVersion - $date`.
+  If we change our patchset after we already released a version of synapse, we force-push to
+  the `release-` branch and increase the counter and push a new tag.
+
+
 🛠️ Installing and configuration
 ===============================
 

docker/Dockerfile

@@ -134,6 +134,17 @@ COPY --from=requirements /synapse/requirements.txt /synapse/
 RUN --mount=type=cache,target=/root/.cache/pip \
   pip install --prefix="/install" --no-deps --no-warn-script-location -r /synapse/requirements.txt
 
+# Install famedly required addons
+
+RUN --mount=type=cache,target=/root/.cache/pip \
+  pip install setuptools \
+  && pip install --prefix="/install" --no-warn-script-location synapse-token-authenticator==0.6.0 \
+  && pip install --prefix="/install" --no-warn-script-location synapse-s3-storage-provider \
+  && pip install --prefix="/install" --no-warn-script-location synapse-auto-accept-invite \
+  && pip install --prefix="/install" --no-warn-script-location synapse-invite-checker==0.2.0 \
+  && pip install --prefix="/install" --no-warn-script-location git+https://github.com/famedly/synapse-invite-policies.git@main \
+  && pip install --prefix="/install" --no-warn-script-location git+https://github.com/famedly/synapse-domain-rule-checker.git@main
+
 # Copy over the rest of the synapse source code.
 COPY synapse /synapse/synapse/
 COPY rust /synapse/rust/