Merge branch 'main' into issue#14884

.env.example

@@ -19,11 +19,6 @@
 # instructions. This environment variable is deprecated although still supported for backward compatibility.
 # @see https://console.cal.com
 CALCOM_LICENSE_KEY=
-# Signature token for the Cal.com License API (used for self-hosted integrations)
-# We will give you a token when we provide you with a license key this ensure you and only you can communicate with the Cal.com License API for your license key
-CAL_SIGNATURE_TOKEN=
-# The route to the Cal.com License API
-CALCOM_PRIVATE_API_ROUTE=
 # ***********************************************************************************************************
 
 # - DATABASE ************************************************************************************************

.github/PULL_REQUEST_TEMPLATE.md

@@ -11,9 +11,9 @@
 
 ## Mandatory Tasks (DO NOT REMOVE)
 
-- [ ] I have self-reviewed the code (A decent size PR without self-review might be rejected)
-- [ ] I have added a Docs issue [here](https://github.com/calcom/docs/issues/new) if this PR makes changes that would require a [documentation change](https://docs.cal.com)
-- [ ] I have added or modified automated tests that prove my fix is effective or that my feature works (PRs might be rejected if logical changes are not properly tested)
+- [ ] I have self-reviewed the code (A decent size PR without self-review might be rejected).
+- [ ] I have added a Docs issue [here](https://github.com/calcom/docs/issues/new) if this PR makes changes that would require a [documentation change](https://docs.cal.com). If N/A, write N/A here and check the checkbox.
+- [ ] I confirm automated tests are in place that prove my fix is effective or that my feature works.
 
 ## How should this be tested?
 

.github/actions/cache-build/action.yml

@@ -20,13 +20,14 @@ runs:
         key-2: ${{ hashFiles('apps/**/**.[jt]s', 'apps/**/**.[jt]sx', 'packages/**/**.[jt]s', 'packages/**/**.[jt]sx', '!**/node_modules') }}
         key-3: ${{ github.event.pull_request.number || github.ref }}
         key-4: ${{ github.sha }}
+        key-5: ${{ github.event.pull_request.head.sha }}
       with:
         path: |
           ${{ github.workspace }}/apps/web/.next
           ${{ github.workspace }}/apps/web/public/embed
           **/.turbo/**
           **/dist/**
-        key: ${{ runner.os }}-${{ env.cache-name }}-${{ env.key-1 }}-${{ env.key-2 }}-${{ env.key-3 }}-${{ env.key-4 }}
+        key: ${{ runner.os }}-${{ env.cache-name }}-${{ env.key-1 }}-${{ env.key-2 }}-${{ env.key-3 }}-${{ env.key-4 }}-${{ env.key-5 }}
     - run: |
         export NODE_OPTIONS="--max_old_space_size=8192"
         yarn build

.github/actions/cache-db/action.yml

@@ -17,14 +17,15 @@ runs:
         cache-name: cache-db
         key-1: ${{ hashFiles('packages/prisma/schema.prisma', 'packages/prisma/migrations/**/**.sql', 'packages/prisma/*.ts') }}
         key-2: ${{ github.event.pull_request.number || github.ref }}
+        key-3: ${{ github.event.pull_request.head.sha }}
         DATABASE_URL: ${{ inputs.DATABASE_URL }}
         DATABASE_DIRECT_URL: ${{ inputs.DATABASE_URL }}
         E2E_TEST_CALCOM_QA_EMAIL: ${{ inputs.E2E_TEST_CALCOM_QA_EMAIL }}
         E2E_TEST_CALCOM_QA_PASSWORD: ${{ inputs.E2E_TEST_CALCOM_QA_PASSWORD }}
         E2E_TEST_CALCOM_QA_GCAL_CREDENTIALS: ${{ inputs.E2E_TEST_CALCOM_QA_GCAL_CREDENTIALS }}
       with:
         path: ${{ inputs.path }}
-        key: ${{ runner.os }}-${{ env.cache-name }}-${{ inputs.path }}-${{ env.key-1 }}-${{ env.key-2 }}
+        key: ${{ runner.os }}-${{ env.cache-name }}-${{ inputs.path }}-${{ env.key-1 }}-${{ env.key-2 }}-${{ env.key-3 }}
     - run: echo ${{ env.E2E_TEST_CALCOM_QA_GCAL_CREDENTIALS }} && yarn db-seed
       if: steps.cache-db.outputs.cache-hit != 'true'
       shell: bash

.github/workflows/api-v1-production-build.yml

@@ -65,7 +65,7 @@ jobs:
       - uses: ./.github/actions/yarn-install
       - uses: ./.github/actions/cache-db
       - name: Cache API v1 production build
-        uses: buildjet/cache@v3
+        uses: buildjet/cache@v4
         id: cache-api-v1-build
         env:
           cache-name: api-v1-build

.github/workflows/api-v2-production-build.yml

@@ -34,7 +34,7 @@ jobs:
       - uses: ./.github/actions/dangerous-git-checkout
       - uses: ./.github/actions/yarn-install
       - name: Cache API v2 production build
-        uses: buildjet/cache@v3
+        uses: buildjet/cache@v4
         id: cache-api-v2-build
         env:
           cache-name: api-v2-build

.github/workflows/nextjs-bundle-analysis.yml

@@ -45,13 +45,7 @@ env:
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
 
 jobs:
-  build:
-    name: Production builds
-    if: ${{ github.event_name == 'push' }}
-    uses: ./.github/workflows/production-build-without-database.yml
-    secrets: inherit
   analyze:
-    needs: build
     if: always()
     runs-on: buildjet-2vcpu-ubuntu-2204
     steps:

.github/workflows/pr-review.yml

@@ -0,0 +1,17 @@
+name: PR Reviewed
+
+on:
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  label-pr:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Label PR as ready for E2E
+        if: github.event.review.state == 'approved'
+        uses: actions-ecosystem/action-add-labels@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          labels: 'ready-for-e2e'

.github/workflows/pr.yml

@@ -4,6 +4,7 @@ on:
   pull_request_target:
     branches:
       - main
+      - gh-actions-test-branch
   workflow_dispatch:
 
 concurrency:
@@ -18,6 +19,7 @@ jobs:
       pull-requests: read
     outputs:
       has-files-requiring-all-checks: ${{ steps.filter.outputs.has-files-requiring-all-checks }}
+      commit-sha: ${{ steps.get_sha.outputs.commit-sha }}
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/dangerous-git-checkout
@@ -27,37 +29,146 @@ jobs:
           filters: |
             has-files-requiring-all-checks:
               - "!(**.md|.github/CODEOWNERS)"
+      - name: Get Latest Commit SHA
+        id: get_sha
+        run: |
+          echo "commit-sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+
+  check-label:
+    needs: [changes]
+    runs-on: buildjet-2vcpu-ubuntu-2204
+    name: Check for E2E label
+    outputs:
+      run-e2e: ${{ steps.check-if-pr-has-label.outputs.run-e2e == 'true' && (github.event.action != 'labeled' || (github.event.action == 'labeled' && github.event.label.name == 'ready-for-e2e')) }}
+    steps:
+      - name: Check if PR exists with ready-for-e2e label for this SHA
+        id: check-if-pr-has-label
+        uses: actions/github-script@v7
+        with:
+          script: |
+            let labels = [];
+
+            if (context.payload.pull_request) {
+              labels = context.payload.pull_request.labels;
+            } else {
+              try {
+                const sha = '${{ needs.changes.outputs.commit-sha }}';
+                console.log('sha', sha);
+                const { data: prs } = await github.rest.repos.listPullRequestsAssociatedWithCommit({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  commit_sha: sha
+                });
+
+                if (prs.length === 0) {
+                  core.setOutput('run-e2e', false);
+                  console.log(`No pull requests found for commit SHA ${sha}`);
+                  return;
+                }
+
+                const pr = prs[0];
+                console.log(`PR number: ${pr.number}`);
+                console.log(`PR title: ${pr.title}`);
+                console.log(`PR state: ${pr.state}`);
+                console.log(`PR URL: ${pr.html_url}`);
+
+                labels = pr.labels;
+              }
+              catch (e) {
+                core.setOutput('run-e2e', false);
+                console.log(e);
+              }
+            }
+
+            const labelFound = labels.map(l => l.name).includes('ready-for-e2e');
+            console.log('Found the label?', labelFound);
+            core.setOutput('run-e2e', labelFound);
+
   type-check:
     name: Type check
-    needs: [changes]
+    needs: [changes, check-label]
     if: ${{ needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
     uses: ./.github/workflows/check-types.yml
     secrets: inherit
 
   lint:
     name: Linters
-    needs: [changes]
+    needs: [changes, check-label]
     if: ${{ needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
     uses: ./.github/workflows/lint.yml
     secrets: inherit
 
   unit-test:
     name: Tests
-    needs: [changes]
+    needs: [changes, check-label]
     if: ${{ needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
     uses: ./.github/workflows/unit-tests.yml
     secrets: inherit
 
+  build-api-v1:
+    name: Production builds
+    needs: [changes, check-label]
+    if: ${{ needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
+    uses: ./.github/workflows/api-v1-production-build.yml
+    secrets: inherit
+
+  build-api-v2:
+    name: Production builds
+    needs: [changes, check-label]
+    if: ${{ needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
+    uses: ./.github/workflows/api-v2-production-build.yml
+    secrets: inherit
+
+  build:
+    name: Production builds
+    needs: [changes, check-label]
+    if: ${{ needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
+    uses: ./.github/workflows/production-build-without-database.yml
+    secrets: inherit
+
   integration-test:
     name: Tests
-    needs: [changes]
+    needs: [changes, check-label, build, build-api-v1, build-api-v2]
     if: ${{ needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
     uses: ./.github/workflows/integration-tests.yml
     secrets: inherit
 
+  e2e:
+    name: Tests
+    needs: [changes, check-label, build, build-api-v1, build-api-v2]
+    if: ${{ needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
+    uses: ./.github/workflows/e2e.yml
+    secrets: inherit
+
+  e2e-app-store:
+    name: Tests
+    needs: [changes, check-label, build, build-api-v1, build-api-v2]
+    if: ${{ needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
+    uses: ./.github/workflows/e2e-app-store.yml
+    secrets: inherit
+
+  e2e-embed:
+    name: Tests
+    needs: [changes, check-label, build, build-api-v1, build-api-v2]
+    if: ${{ needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
+    uses: ./.github/workflows/e2e-embed.yml
+    secrets: inherit
+
+  e2e-embed-react:
+    name: Tests
+    needs: [changes, check-label, build, build-api-v1, build-api-v2]
+    if: ${{ needs.check-label.outputs.run-e2e == 'true' && needs.changes.outputs.has-files-requiring-all-checks == 'true' }}
+    uses: ./.github/workflows/e2e-embed-react.yml
+    secrets: inherit
+
+  analyze:
+    name: Analyze Build
+    needs: [build]
+    uses: ./.github/workflows/nextjs-bundle-analysis.yml
+    secrets: inherit
+
   required:
-    needs: [changes, lint, type-check, unit-test, integration-test]
-    if: always()
+    needs: [changes, lint, type-check, unit-test, integration-test, check-label, build, build-api-v1, build-api-v2, e2e, e2e-embed, e2e-embed-react, e2e-app-store]
     runs-on: buildjet-2vcpu-ubuntu-2204
     steps:
       - name: fail if conditional jobs failed

apps/api/v1/instrumentation.ts

@@ -4,8 +4,6 @@ export function register() {
   if (process.env.NEXT_RUNTIME === "nodejs") {
     Sentry.init({
       dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
-      // reduce sample rate to 10% on production
-      tracesSampleRate: process.env.NODE_ENV !== "production" ? 1.0 : 0.1,
     });
   }
 

apps/api/v1/lib/helpers/rateLimitApiKey.test.ts

@@ -0,0 +1,90 @@
+import type { Request, Response } from "express";
+import type { NextApiResponse, NextApiRequest } from "next";
+import { createMocks } from "node-mocks-http";
+import { describe, it, expect, vi } from "vitest";
+
+import { checkRateLimitAndThrowError } from "@calcom/lib/checkRateLimitAndThrowError";
+
+import { rateLimitApiKey } from "~/lib/helpers/rateLimitApiKey";
+
+type CustomNextApiRequest = NextApiRequest & Request;
+type CustomNextApiResponse = NextApiResponse & Response;
+
+vi.mock("@calcom/lib/checkRateLimitAndThrowError", () => ({
+  checkRateLimitAndThrowError: vi.fn(),
+}));
+
+describe("rateLimitApiKey middleware", () => {
+  it("should return 401 if no apiKey is provided", async () => {
+    const { req, res } = createMocks<CustomNextApiRequest, CustomNextApiResponse>({
+      method: "GET",
+      query: {},
+    });
+
+    await rateLimitApiKey(req, res, vi.fn() as any);
+
+    expect(res._getStatusCode()).toBe(401);
+    expect(res._getJSONData()).toEqual({ message: "No apiKey provided" });
+  });
+
+  it("should call checkRateLimitAndThrowError with correct parameters", async () => {
+    const { req, res } = createMocks({
+      method: "GET",
+      query: { apiKey: "test-key" },
+    });
+
+    (checkRateLimitAndThrowError as any).mockResolvedValueOnce({
+      limit: 100,
+      remaining: 99,
+      reset: Date.now(),
+    });
+
+    // @ts-expect-error weird typing between middleware and createMocks
+    await rateLimitApiKey(req, res, vi.fn() as any);
+
+    expect(checkRateLimitAndThrowError).toHaveBeenCalledWith({
+      identifier: "test-key",
+      rateLimitingType: "api",
+      onRateLimiterResponse: expect.any(Function),
+    });
+  });
+
+  it("should set rate limit headers correctly", async () => {
+    const { req, res } = createMocks({
+      method: "GET",
+      query: { apiKey: "test-key" },
+    });
+
+    const rateLimiterResponse = {
+      limit: 100,
+      remaining: 99,
+      reset: Date.now(),
+    };
+
+    (checkRateLimitAndThrowError as any).mockImplementationOnce(({ onRateLimiterResponse }) => {
+      onRateLimiterResponse(rateLimiterResponse);
+    });
+
+    // @ts-expect-error weird typing between middleware and createMocks
+    await rateLimitApiKey(req, res, vi.fn() as any);
+
+    expect(res.getHeader("X-RateLimit-Limit")).toBe(rateLimiterResponse.limit);
+    expect(res.getHeader("X-RateLimit-Remaining")).toBe(rateLimiterResponse.remaining);
+    expect(res.getHeader("X-RateLimit-Reset")).toBe(rateLimiterResponse.reset);
+  });
+
+  it("should return 429 if rate limit is exceeded", async () => {
+    const { req, res } = createMocks({
+      method: "GET",
+      query: { apiKey: "test-key" },
+    });
+
+    (checkRateLimitAndThrowError as any).mockRejectedValue(new Error("Rate limit exceeded"));
+
+    // @ts-expect-error weird typing between middleware and createMocks
+    await rateLimitApiKey(req, res, vi.fn() as any);
+
+    expect(res._getStatusCode()).toBe(429);
+    expect(res._getJSONData()).toEqual({ message: "Rate limit exceeded" });
+  });
+});