Bump version to v4.2.10 (#30910)

* Fix insufficient permission checking for public timeline endpoints

Note that this changes unauthenticated access failure code from 401 to 422

* Add more tests for public timelines

* Require user token in `/api/v1/statuses/:id/translate` and `/api/v1/scheduled_statuses`

.annotaterb.yml

@@ -1,59 +0,0 @@
----
-:position: before
-:position_in_additional_file_patterns: before
-:position_in_class: before
-:position_in_factory: before
-:position_in_fixture: before
-:position_in_routes: before
-:position_in_serializer: before
-:position_in_test: before
-:classified_sort: true
-:exclude_controllers: true
-:exclude_factories: true
-:exclude_fixtures: true
-:exclude_helpers: true
-:exclude_scaffolds: true
-:exclude_serializers: true
-:exclude_sti_subclasses: true
-:exclude_tests: true
-:force: false
-:format_markdown: false
-:format_rdoc: false
-:format_yard: false
-:frozen: false
-:ignore_model_sub_dir: false
-:ignore_unknown_models: false
-:include_version: false
-:show_complete_foreign_keys: false
-:show_foreign_keys: false
-:show_indexes: false
-:simple_indexes: false
-:sort: false
-:timestamp: false
-:trace: false
-:with_comment: true
-:with_column_comments: true
-:with_table_comments: true
-:active_admin: false
-:command:
-:debug: false
-:hide_default_column_types: ''
-:hide_limit_column_types: 'integer,boolean'
-:ignore_columns:
-:ignore_routes:
-:models: true
-:routes: false
-:skip_on_db_migrate: false
-:target_action: :do_annotations
-:wrapper:
-:wrapper_close:
-:wrapper_open:
-:classes_default_to_s: []
-:additional_file_patterns: []
-:model_dir:
-  - app/models
-:require: []
-:root_dir:
-  - ''
-
-:show_check_constraints: false

.browserslistrc

@@ -1,6 +1,7 @@
+[production]
 defaults
-> 0.2%
-firefox >= 78
-ios >= 15.6
+not IE 11
 not dead
-not OperaMini all
+
+[development]
+supports es6-module

.bundler-audit.yml

@@ -0,0 +1,6 @@
+---
+ignore:
+  # devise-two-factor advisory about brute-forcing TOTP
+  # We have rate-limits on authentication endpoints in place (including second
+  # factor verification) since Mastodon v3.2.0
+  - CVE-2024-0227

.devcontainer/Dockerfile

@@ -1,18 +1,20 @@
 # For details, see https://github.com/devcontainers/images/tree/main/src/ruby
-FROM mcr.microsoft.com/devcontainers/ruby:1-3.3-bookworm
+FROM mcr.microsoft.com/devcontainers/ruby:1-3.2-bullseye
 
-# Install node version from .nvmrc
-WORKDIR /app
-COPY .nvmrc .
-RUN /bin/bash --login -i -c "nvm install"
+# Install Rails
+# RUN gem install rails webdrivers
 
-# Install additional OS packages
-RUN apt-get update && \
-    export DEBIAN_FRONTEND=noninteractive && \
-    apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libvips42 libpam-dev
+ARG NODE_VERSION="16"
+RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"
 
-# Disable download prompt for Corepack
-ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0
+# [Optional] Uncomment this section to install additional OS packages.
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get -y install --no-install-recommends libicu-dev libidn11-dev ffmpeg imagemagick libpam-dev
 
-# Move welcome message to where VS Code expects it
-COPY .devcontainer/welcome-message.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt
+# [Optional] Uncomment this line to install additional gems.
+RUN gem install foreman
+
+# [Optional] Uncomment this line to install global node packages.
+RUN su vscode -c "source /usr/local/share/nvm/nvm.sh && npm install -g yarn" 2>&1
+
+COPY welcome-message.txt /usr/local/etc/vscode-dev-containers/first-run-notice.txt

.devcontainer/codespaces/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "Mastodon on GitHub Codespaces",
-  "dockerComposeFile": "../compose.yaml",
+  "dockerComposeFile": "../docker-compose.yml",
   "service": "app",
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 
@@ -23,8 +23,6 @@
     }
   },
 
-  "remoteUser": "root",
-
   "otherPortsAttributes": {
     "onAutoForward": "silent"
   },
@@ -39,7 +37,7 @@
   },
 
   "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
-  "postCreateCommand": "bin/setup",
+  "postCreateCommand": ".devcontainer/post-create.sh",
   "waitFor": "postCreateCommand",
 
   "customizations": {

.devcontainer/compose.yaml

@@ -1,93 +0,0 @@
-services:
-  app:
-    working_dir: /workspaces/mastodon/
-    build:
-      context: ..
-      dockerfile: .devcontainer/Dockerfile
-    volumes:
-      - ..:/workspaces/mastodon:cached
-    environment:
-      RAILS_ENV: development
-      NODE_ENV: development
-      VITE_RUBY_HOST: 0.0.0.0
-      BIND: 0.0.0.0
-      BOOTSNAP_CACHE_DIR: /tmp
-      REDIS_HOST: redis
-      REDIS_PORT: '6379'
-      DB_HOST: db
-      DB_USER: postgres
-      DB_PASS: postgres
-      DB_PORT: '5432'
-      ES_ENABLED: 'true'
-      ES_HOST: es
-      ES_PORT: '9200'
-      LIBRE_TRANSLATE_ENDPOINT: http://libretranslate:5000
-      LOCAL_DOMAIN: ${LOCAL_DOMAIN:-localhost:3000}
-      VITE_DEV_SERVER_PUBLIC: ${VITE_DEV_SERVER_PUBLIC:-localhost:3036}
-    # Overrides default command so things don't shut down after the process ends.
-    command: sleep infinity
-    ports:
-      - '3000:3000'
-      - '3036:3036'
-      - '4000:4000'
-    networks:
-      - external_network
-      - internal_network
-
-  db:
-    image: postgres:14-alpine
-    restart: unless-stopped
-    volumes:
-      - postgres-data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_USER: postgres
-      POSTGRES_DB: postgres
-      POSTGRES_PASSWORD: postgres
-      POSTGRES_HOST_AUTH_METHOD: trust
-    networks:
-      - internal_network
-
-  redis:
-    image: redis:7-alpine
-    restart: unless-stopped
-    volumes:
-      - redis-data:/data
-    networks:
-      - internal_network
-
-  es:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
-    restart: unless-stopped
-    environment:
-      ES_JAVA_OPTS: -Xms512m -Xmx512m
-      cluster.name: es-mastodon
-      discovery.type: single-node
-      bootstrap.memory_lock: 'true'
-    volumes:
-      - es-data:/usr/share/elasticsearch/data
-    networks:
-      - internal_network
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-
-  libretranslate:
-    image: libretranslate/libretranslate:v1.6.2
-    restart: unless-stopped
-    volumes:
-      - lt-data:/home/libretranslate/.local
-    networks:
-      - external_network
-      - internal_network
-
-volumes:
-  postgres-data:
-  redis-data:
-  es-data:
-  lt-data:
-
-networks:
-  external_network:
-  internal_network:
-    internal: true

.devcontainer/devcontainer.json

@@ -1,6 +1,6 @@
 {
   "name": "Mastodon on local machine",
-  "dockerComposeFile": "compose.yaml",
+  "dockerComposeFile": "docker-compose.yml",
   "service": "app",
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
 
@@ -23,14 +23,12 @@
     }
   },
 
-  "remoteUser": "root",
-
   "otherPortsAttributes": {
     "onAutoForward": "silent"
   },
 
   "onCreateCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
-  "postCreateCommand": "bin/setup",
+  "postCreateCommand": ".devcontainer/post-create.sh",
   "waitFor": "postCreateCommand",
 
   "customizations": {

.devcontainer/docker-compose.yml

@@ -0,0 +1,90 @@
+version: '3'
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    volumes:
+      - ../..:/workspaces:cached
+    environment:
+      RAILS_ENV: development
+      NODE_ENV: development
+      BIND: 0.0.0.0
+      REDIS_HOST: redis
+      REDIS_PORT: '6379'
+      DB_HOST: db
+      DB_USER: postgres
+      DB_PASS: postgres
+      DB_PORT: '5432'
+      ES_ENABLED: 'true'
+      ES_HOST: es
+      ES_PORT: '9200'
+      LIBRE_TRANSLATE_ENDPOINT: http://libretranslate:5000
+    # Overrides default command so things don't shut down after the process ends.
+    command: sleep infinity
+    ports:
+      - '127.0.0.1:3000:3000'
+      - '127.0.0.1:3035:3035'
+      - '127.0.0.1:4000:4000'
+    networks:
+      - external_network
+      - internal_network
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_HOST_AUTH_METHOD: trust
+    networks:
+      - internal_network
+
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - redis-data:/data
+    networks:
+      - internal_network
+
+  es:
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
+    restart: unless-stopped
+    environment:
+      ES_JAVA_OPTS: -Xms512m -Xmx512m
+      cluster.name: es-mastodon
+      discovery.type: single-node
+      bootstrap.memory_lock: 'true'
+    volumes:
+      - es-data:/usr/share/elasticsearch/data
+    networks:
+      - internal_network
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+
+  libretranslate:
+    image: libretranslate/libretranslate:v1.3.11
+    restart: unless-stopped
+    volumes:
+      - lt-data:/home/libretranslate/.local
+    networks:
+      - external_network
+      - internal_network
+
+volumes:
+  postgres-data:
+  redis-data:
+  es-data:
+  lt-data:
+
+networks:
+  external_network:
+  internal_network:
+    internal: true

.devcontainer/post-create.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -e # Fail the whole script on first error
+
+# Fetch Ruby gem dependencies
+bundle config path 'vendor/bundle'
+bundle config with 'development test'
+bundle install
+
+# Make Gemfile.lock pristine again
+git checkout -- Gemfile.lock
+
+# Fetch Javascript dependencies
+yarn --frozen-lockfile
+
+# [re]create, migrate, and seed the test database
+RAILS_ENV=test ./bin/rails db:setup
+
+# [re]create, migrate, and seed the development database
+RAILS_ENV=development ./bin/rails db:setup
+
+# Precompile assets for development
+RAILS_ENV=development ./bin/rails assets:precompile
+
+# Precompile assets for test
+RAILS_ENV=test NODE_ENV=tests ./bin/rails assets:precompile

.devcontainer/welcome-message.txt

@@ -1,7 +1,8 @@
-👋 Welcome to your Mastodon Dev Container!
+👋 Welcome to "Mastodon" in GitHub Codespaces!
 
 🛠️  Your environment is fully setup with all the required software.
 
-💥 Run `bin/dev` to start the application processes.
+🔍 To explore VS Code to its fullest, search using the Command Palette (Cmd/Ctrl + Shift + P or F1).
+
+📝 Edit away, run your app as usual, and we'll automatically make it available for you to access.
 
-🥼 Run `RAILS_ENV=test bin/rails assets:precompile && RAILS_ENV=test bin/rspec` to run the test suite.

.dockerignore

@@ -8,7 +8,6 @@
 public/system
 public/assets
 public/packs
-public/packs-test
 node_modules
 neo4j
 vendor/bundle
@@ -20,9 +19,3 @@ postgres14
 redis
 elasticsearch
 chart
-.yarn/
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/sdks
-!.yarn/versions

.env.development

@@ -1,4 +0,0 @@
-# Required by ActiveRecord encryption feature
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr

.env.production.sample

@@ -1,5 +1,5 @@
 # This is a sample configuration file. You can generate your configuration
-# with the `bundle exec rails mastodon:setup` interactive setup wizard, but to customize
+# with the `rake mastodon:setup` interactive setup wizard, but to customize
 # your setup even further, you'll need to edit it manually. This sample does
 # not demonstrate all available configuration options. Please look at
 # https://docs.joinmastodon.org/admin/config/ for the full documentation.
@@ -40,24 +40,14 @@ ES_PASS=password
 
 # Secrets
 # -------
-# Make sure to use `bundle exec rails secret` to generate secrets
+# Make sure to use `rake secret` to generate secrets
 # -------
 SECRET_KEY_BASE=
-
-# Encryption secrets
-# ------------------
-# Must be available (and set to same values) for all server processes
-# These are private/secret values, do not share outside hosting environment
-# Use `bin/rails db:encryption:init` to generate fresh secrets
-# Do NOT change these secrets once in use, as this would cause data loss and other issues
-# ------------------
-# ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
-# ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
-# ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
+OTP_SECRET=
 
 # Web Push
 # --------
-# Generate with `bundle exec rails mastodon:webpush:generate_vapid_key`
+# Generate with `rake mastodon:webpush:generate_vapid_key`
 # --------
 VAPID_PRIVATE_KEY=
 VAPID_PUBLIC_KEY=
@@ -78,9 +68,6 @@ AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
 S3_ALIAS_HOST=files.example.com
 
-# Optional list of hosts that are allowed to serve media for your instance
-# EXTRA_MEDIA_HOSTS=https://data.example1.com,https://data.example2.com
-
 # IP and session retention
 # -----------------------
 # Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
@@ -88,24 +75,3 @@ S3_ALIAS_HOST=files.example.com
 # -----------------------
 IP_RETENTION_PERIOD=31556952
 SESSION_RETENTION_PERIOD=31556952
-
-# Fetch All Replies Behavior
-# --------------------------
-# When a user expands a post (DetailedStatus view), fetch all of its replies
-# (default: false)
-FETCH_REPLIES_ENABLED=false
-
-# Period to wait between fetching replies (in minutes)
-FETCH_REPLIES_COOLDOWN_MINUTES=15
-
-# Period to wait after a post is first created before fetching its replies (in minutes)
-FETCH_REPLIES_INITIAL_WAIT_MINUTES=5
-
-# Max number of replies to fetch - total, recursively through a whole reply tree
-FETCH_REPLIES_MAX_GLOBAL=1000
-
-# Max number of replies to fetch - for a single post
-FETCH_REPLIES_MAX_SINGLE=500
-
-# Max number of replies Collection pages to fetch - total
-FETCH_REPLIES_MAX_PAGES=500

.env.test

@@ -1,11 +1,5 @@
-# In test, compile the NodeJS code as if we are in production
-NODE_ENV=production
+# Node.js
+NODE_ENV=tests
 # Federation
 LOCAL_DOMAIN=cb6e6126.ngrok.io
 LOCAL_HTTPS=true
-
-# Secret values required by ActiveRecord encryption feature
-# Use `bin/rails db:encryption:init` to generate fresh secrets
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=test_determinist_key_DO_NOT_USE_IN_PRODUCTION
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=test_salt_DO_NOT_USE_IN_PRODUCTION
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=test_primary_key_DO_NOT_USE_IN_PRODUCTION

.eslintignore

@@ -0,0 +1,13 @@
+/build/**
+/coverage/**
+/db/**
+/lib/**
+/log/**
+/node_modules/**
+/nonobox/**
+/public/**
+!/public/embed.js
+/spec/**
+/tmp/**
+/vendor/**
+!.eslintrc.js

.eslintrc.js

@@ -0,0 +1,384 @@
+module.exports = {
+  root: true,
+
+  extends: [
+    'eslint:recommended',
+    'plugin:react/recommended',
+    'plugin:react-hooks/recommended',
+    'plugin:jsx-a11y/recommended',
+    'plugin:import/recommended',
+    'plugin:promise/recommended',
+    'plugin:jsdoc/recommended',
+    'plugin:prettier/recommended',
+  ],
+
+  env: {
+    browser: true,
+    node: true,
+    es6: true,
+  },
+
+  globals: {
+    ATTACHMENT_HOST: false,
+  },
+
+  parser: '@typescript-eslint/parser',
+
+  plugins: [
+    'react',
+    'jsx-a11y',
+    'import',
+    'promise',
+    '@typescript-eslint',
+    'formatjs',
+  ],
+
+  parserOptions: {
+    sourceType: 'module',
+    ecmaFeatures: {
+      jsx: true,
+    },
+    ecmaVersion: 2021,
+    requireConfigFile: false,
+    babelOptions: {
+      configFile: false,
+      presets: ['@babel/react', '@babel/env'],
+    },
+  },
+
+  settings: {
+    react: {
+      version: 'detect',
+    },
+    'import/ignore': [
+      'node_modules',
+      '\\.(css|scss|json)$',
+    ],
+    'import/resolver': {
+      typescript: {},
+    },
+  },
+
+  rules: {
+    'consistent-return': 'error',
+    'dot-notation': 'error',
+    eqeqeq: ['error', 'always', { 'null': 'ignore' }],
+    'jsx-quotes': ['error', 'prefer-single'],
+    'no-case-declarations': 'off',
+    'no-catch-shadow': 'error',
+    'no-console': [
+      'warn',
+      {
+        allow: [
+          'error',
+          'warn',
+        ],
+      },
+    ],
+    'no-empty': 'off',
+    'no-restricted-properties': [
+      'error',
+      { property: 'substring', message: 'Use .slice instead of .substring.' },
+      { property: 'substr', message: 'Use .slice instead of .substr.' },
+    ],
+    'no-restricted-syntax': [
+      'error',
+      {
+        // eslint-disable-next-line no-restricted-syntax
+        selector: 'Literal[value=/•/], JSXText[value=/•/]',
+        // eslint-disable-next-line no-restricted-syntax
+        message: "Use '·' (middle dot) instead of '•' (bullet)",
+      },
+    ],
+    'no-self-assign': 'off',
+    'no-unused-expressions': 'error',
+    'no-unused-vars': 'off',
+    '@typescript-eslint/no-unused-vars': [
+      'error',
+      {
+        vars: 'all',
+        args: 'after-used',
+        destructuredArrayIgnorePattern: '^_',
+        ignoreRestSiblings: true,
+      },
+    ],
+    'valid-typeof': 'error',
+
+    'react/jsx-filename-extension': ['error', { extensions: ['.jsx', 'tsx'] }],
+    'react/jsx-boolean-value': 'error',
+    'react/display-name': 'off',
+    'react/jsx-fragments': ['error', 'syntax'],
+    'react/jsx-equals-spacing': 'error',
+    'react/jsx-no-bind': 'error',
+    'react/jsx-no-useless-fragment': 'error',
+    'react/jsx-no-target-blank': 'off',
+    'react/jsx-tag-spacing': 'error',
+    'react/jsx-uses-react': 'off', // not needed with new JSX transform
+    'react/jsx-wrap-multilines': 'error',
+    'react/no-deprecated': 'off',
+    'react/no-unknown-property': 'off',
+    'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
+    'react/self-closing-comp': 'error',
+
+    // recommended values found in https://github.com/jsx-eslint/eslint-plugin-jsx-a11y/blob/main/src/index.js
+    'jsx-a11y/accessible-emoji': 'warn',
+    'jsx-a11y/click-events-have-key-events': 'off',
+    'jsx-a11y/label-has-associated-control': 'off',
+    'jsx-a11y/media-has-caption': 'off',
+    'jsx-a11y/no-autofocus': 'off',
+    // recommended rule is:
+    // 'jsx-a11y/no-interactive-element-to-noninteractive-role': [
+    //   'error',
+    //   {
+    //     tr: ['none', 'presentation'],
+    //     canvas: ['img'],
+    //   },
+    // ],
+    'jsx-a11y/no-interactive-element-to-noninteractive-role': 'off',
+    // recommended rule is:
+    // 'jsx-a11y/no-noninteractive-element-interactions': [
+    //   'error',
+    //   {
+    //     body: ['onError', 'onLoad'],
+    //     iframe: ['onError', 'onLoad'],
+    //     img: ['onError', 'onLoad'],
+    //   },
+    // ],
+    'jsx-a11y/no-noninteractive-element-interactions': [
+      'warn',
+      {
+        handlers: [
+          'onClick',
+        ],
+      },
+    ],
+    // recommended rule is:
+    // 'jsx-a11y/no-noninteractive-tabindex': [
+    //   'error',
+    //   {
+    //     tags: [],
+    //     roles: ['tabpanel'],
+    //     allowExpressionValues: true,
+    //   },
+    // ],
+    'jsx-a11y/no-noninteractive-tabindex': 'off',
+    'jsx-a11y/no-onchange': 'warn',
+    // recommended is full 'error'
+    'jsx-a11y/no-static-element-interactions': [
+      'warn',
+      {
+        handlers: [
+          'onClick',
+        ],
+      },
+    ],
+
+    // See https://github.com/import-js/eslint-plugin-import/blob/main/config/recommended.js
+    'import/extensions': [
+      'error',
+      'always',
+      {
+        js: 'never',
+        jsx: 'never',
+        mjs: 'never',
+        ts: 'never',
+        tsx: 'never',
+      },
+    ],
+    'import/first': 'error',
+    'import/newline-after-import': 'error',
+    'import/no-anonymous-default-export': 'error',
+    'import/no-extraneous-dependencies': [
+      'error',
+      {
+        devDependencies: [
+          'config/webpack/**',
+          'app/javascript/mastodon/performance.js',
+          'app/javascript/mastodon/test_setup.js',
+          'app/javascript/**/__tests__/**',
+        ],
+      },
+    ],
+    'import/no-amd': 'error',
+    'import/no-commonjs': 'error',
+    'import/no-import-module-exports': 'error',
+    'import/no-relative-packages': 'error',
+    'import/no-self-import': 'error',
+    'import/no-useless-path-segments': 'error',
+    'import/no-webpack-loader-syntax': 'error',
+
+    'import/order': [
+      'error',
+      {
+        alphabetize: { order: 'asc' },
+        'newlines-between': 'always',
+        groups: [
+          'builtin',
+          'external',
+          'internal',
+          'parent',
+          ['index', 'sibling'],
+          'object',
+        ],
+        pathGroups: [
+          // React core packages
+          {
+            pattern: '{react,react-dom,react-dom/client,prop-types}',
+            group: 'builtin',
+            position: 'after',
+          },
+          // I18n
+          {
+            pattern: '{react-intl,intl-messageformat}',
+            group: 'builtin',
+            position: 'after',
+          },
+          // Common React utilities
+          {
+            pattern: '{classnames,react-helmet,react-router-dom}',
+            group: 'external',
+            position: 'before',
+          },
+          // Immutable / Redux / data store
+          {
+            pattern: '{immutable,react-redux,react-immutable-proptypes,react-immutable-pure-component,reselect}',
+            group: 'external',
+            position: 'before',
+          },
+          // Internal packages
+          {
+            pattern: '{mastodon/**}',
+            group: 'internal',
+            position: 'after',
+          },
+        ],
+        pathGroupsExcludedImportTypes: [],
+      },
+    ],
+
+    'promise/always-return': 'off',
+    'promise/catch-or-return': [
+      'error',
+      {
+        allowFinally: true,
+      },
+    ],
+    'promise/no-callback-in-promise': 'off',
+    'promise/no-nesting': 'off',
+    'promise/no-promise-in-callback': 'off',
+
+    'formatjs/blocklist-elements': 'error',
+    'formatjs/enforce-default-message': ['error', 'literal'],
+    'formatjs/enforce-description': 'off', // description values not currently used
+    'formatjs/enforce-id': 'off', // Explicit IDs are used in the project
+    'formatjs/enforce-placeholders': 'off', // Issues in short_number.jsx
+    'formatjs/enforce-plural-rules': 'error',
+    'formatjs/no-camel-case': 'off', // disabledAccount is only non-conforming
+    'formatjs/no-complex-selectors': 'error',
+    'formatjs/no-emoji': 'error',
+    'formatjs/no-id': 'off', // IDs are used for translation keys
+    'formatjs/no-invalid-icu': 'error',
+    'formatjs/no-literal-string-in-jsx': 'off', // Should be looked at, but mainly flagging punctuation outside of strings
+    'formatjs/no-multiple-plurals': 'off', // Only used by hashtag.jsx
+    'formatjs/no-multiple-whitespaces': 'error',
+    'formatjs/no-offset': 'error',
+    'formatjs/no-useless-message': 'error',
+    'formatjs/prefer-formatted-message': 'error',
+    'formatjs/prefer-pound-in-plural': 'error',
+
+    'jsdoc/check-types': 'off',
+    'jsdoc/no-undefined-types': 'off',
+    'jsdoc/require-jsdoc': 'off',
+    'jsdoc/require-param-description': 'off',
+    'jsdoc/require-property-description': 'off',
+    'jsdoc/require-returns-description': 'off',
+    'jsdoc/require-returns': 'off',
+  },
+
+  overrides: [
+    {
+      files: [
+        '*.config.js',
+        '.*rc.js',
+        'ide-helper.js',
+        'config/webpack/**/*',
+        'config/formatjs-formatter.js',
+      ],
+
+      env: {
+        commonjs: true,
+      },
+
+      parserOptions: {
+        sourceType: 'script',
+      },
+
+      rules: {
+        'import/no-commonjs': 'off',
+      },
+    },
+    {
+      files: [
+        '**/*.ts',
+        '**/*.tsx',
+      ],
+
+      extends: [
+        'eslint:recommended',
+        'plugin:@typescript-eslint/strict-type-checked',
+        'plugin:@typescript-eslint/stylistic-type-checked',
+        'plugin:react/recommended',
+        'plugin:react-hooks/recommended',
+        'plugin:jsx-a11y/recommended',
+        'plugin:import/recommended',
+        'plugin:import/typescript',
+        'plugin:promise/recommended',
+        'plugin:jsdoc/recommended-typescript',
+        'plugin:prettier/recommended',
+      ],
+
+      parserOptions: {
+        project: true,
+        tsconfigRootDir: __dirname,
+      },
+
+      rules: {
+        'import/consistent-type-specifier-style': ['error', 'prefer-top-level'],
+
+        '@typescript-eslint/consistent-type-definitions': ['warn', 'interface'],
+        '@typescript-eslint/consistent-type-exports': 'error',
+        '@typescript-eslint/consistent-type-imports': 'error',
+        "@typescript-eslint/prefer-nullish-coalescing": ['error', {ignorePrimitives: {boolean: true}}],
+
+        'jsdoc/require-jsdoc': 'off',
+
+        // Those rules set stricter rules for TS files
+        // to enforce better practices when converting from JS
+        'import/no-default-export': 'warn',
+        'react/prefer-stateless-function': 'warn',
+        'react/function-component-definition': ['error', { namedComponents: 'arrow-function' }],
+        'react/jsx-uses-react': 'off', // not needed with new JSX transform
+        'react/react-in-jsx-scope': 'off', // not needed with new JSX transform
+        'react/prop-types': 'off',
+      },
+    },
+    {
+      files: [
+        '**/__tests__/*.js',
+        '**/__tests__/*.jsx',
+      ],
+
+      env: {
+        jest: true,
+      },
+    },
+    {
+      files: [
+        'streaming/**/*',
+      ],
+      rules: {
+        'import/no-commonjs': 'off',
+      },
+    },
+  ],
+};

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+patreon: mastodon
+open_collective: mastodon
+custom: https://sponsor.joinmastodon.org

.github/ISSUE_TEMPLATE/1.web_bug_report.yml

@@ -1,7 +1,6 @@
 name: Bug Report (Web Interface)
-description: There is a problem using Mastodon's web interface.
-labels: ['status/to triage', 'area/web interface']
-type: Bug
+description: If you are using Mastodon's web interface and something is not working as expected
+labels: [bug, 'status/to triage', 'area/web interface']
 body:
   - type: markdown
     attributes:
@@ -48,8 +47,8 @@ body:
     attributes:
       label: Mastodon version
       description: |
-        This is displayed at the bottom of the About page, eg. `v4.4.0-beta.1`
-      placeholder: v4.4.0-beta.1
+        This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627`
+      placeholder: v4.1.2
     validations:
       required: true
   - type: input
@@ -57,7 +56,7 @@ body:
       label: Browser name and version
       description: |
         What browser are you using when getting this bug? Please specify the version as well.
-      placeholder: Firefox 139.0.0
+      placeholder: Firefox 105.0.3
     validations:
       required: true
   - type: input
@@ -65,7 +64,7 @@ body:
       label: Operating system
       description: |
         What OS are you running? Please specify the version as well.
-      placeholder: macOS 15.5
+      placeholder: macOS 13.4.1
     validations:
       required: true
   - type: textarea

.github/ISSUE_TEMPLATE/2.server_bug_report.yml

@@ -1,8 +1,7 @@
 name: Bug Report (server / API)
 description: |
-  There is a problem with the HTTP server, REST API, ActivityPub interaction, etc.
-labels: ['status/to triage']
-type: 'Bug'
+  If something is not working as expected, but is not from using the web interface.
+labels: [bug, 'status/to triage']
 body:
   - type: markdown
     attributes:
@@ -49,8 +48,8 @@ body:
     attributes:
       label: Mastodon version
       description: |
-        This is displayed at the bottom of the About page, eg. `v4.4.0-beta.1`
-      placeholder: v4.4.0-beta.1
+        This is displayed at the bottom of the About page, eg. `v4.1.2+nightly-20230627`
+      placeholder: v4.1.2
     validations:
       required: false
   - type: textarea
@@ -60,7 +59,7 @@ body:
         Any additional technical details you may have, like logs or error traces
       value: |
         If this is happening on your own Mastodon server, please fill out those:
-        - Ruby version: (from `ruby --version`, eg. v3.4.4)
-        - Node.js version: (from `node --version`, eg. v22.16.0)
+        - Ruby version: (from `ruby --version`, eg. v3.1.2)
+        - Node.js version: (from `node --version`, eg. v18.16.0)
     validations:
       required: false

.github/ISSUE_TEMPLATE/3.feature_request.yml

@@ -0,0 +1,22 @@
+name: Feature Request
+description: I have a suggestion
+labels: [suggestion]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please use a concise and distinct title for the issue.
+
+        Consider: Could it be implemented as a 3rd party app using the REST API instead?
+  - type: textarea
+    attributes:
+      label: Pitch
+      description: Describe your idea for a feature. Make sure it has not already been suggested/implemented/turned down before.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Motivation
+      description: Why do you think this feature is needed? Who would benefit from it?
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/3.troubleshooting.yml

@@ -1,74 +0,0 @@
-name: Deployment troubleshooting
-description: |
-  You are a server administrator and you are encountering a technical issue during installation, upgrade or operations of Mastodon.
-labels: ['status/to triage']
-type: 'Troubleshooting'
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Make sure that you are submitting a new bug that was not previously reported or already fixed.
-
-        Please use a concise and distinct title for the issue.
-  - type: textarea
-    attributes:
-      label: Steps to reproduce the problem
-      description: What were you trying to do?
-      value: |
-        1.
-        2.
-        3.
-        ...
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Expected behaviour
-      description: What should have happened?
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Actual behaviour
-      description: What happened?
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Detailed description
-    validations:
-      required: false
-  - type: input
-    attributes:
-      label: Mastodon instance
-      description: The address of the Mastodon instance where you experienced the issue
-      placeholder: mastodon.social
-    validations:
-      required: true
-  - type: input
-    attributes:
-      label: Mastodon version
-      description: |
-        This is displayed at the bottom of the About page, eg. `v4.4.0-alpha.1`
-      placeholder: v4.4.0-beta.1
-    validations:
-      required: false
-  - type: textarea
-    attributes:
-      label: Environment
-      description: |
-        Details about your environment, like how Mastodon is deployed, if containers are used, version numbers, etc.
-      value: |
-        Please at least include those informations:
-        - Operating system: (eg. Ubuntu 24.04.2)
-        - Ruby version: (from `ruby --version`, eg. v3.4.4)
-        - Node.js version: (from `node --version`, eg. v22.16.0)
-    validations:
-      required: false
-  - type: textarea
-    attributes:
-      label: Technical details
-      description: |
-        Any additional technical details you may have, like logs or error traces
-    validations:
-      required: false

.github/ISSUE_TEMPLATE/4.feature_request.yml

@@ -1,22 +0,0 @@
-name: Feature Request
-description: I have a suggestion
-type: Suggestion
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Please use a concise and distinct title for the issue.
-
-        Consider: Could it be implemented as a 3rd party app using the REST API instead?
-  - type: textarea
-    attributes:
-      label: Pitch
-      description: Describe your idea for a feature. Make sure it has not already been suggested/implemented/turned down before.
-    validations:
-      required: true
-  - type: textarea
-    attributes:
-      label: Motivation
-      description: Why do you think this feature is needed? Who would benefit from it?
-    validations:
-      required: true

.github/actions/setup-javascript/action.yml

@@ -1,42 +0,0 @@
-name: 'Setup Javascript'
-description: 'Setup a Javascript environment ready to run the Mastodon code'
-inputs:
-  onlyProduction:
-    description: Only install production dependencies
-    default: 'false'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Set up Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version-file: '.nvmrc'
-
-    # The following is needed because we can not use `cache: true` for `setup-node`, as it does not support Corepack yet and mess up with the cache location if ran after Node is installed
-    - name: Enable corepack
-      shell: bash
-      run: corepack enable
-
-    - name: Get yarn cache directory path
-      id: yarn-cache-dir-path
-      shell: bash
-      run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
-
-    - uses: actions/cache@v4
-      id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
-      with:
-        path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-        key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-yarn-
-
-    - name: Install all yarn packages
-      shell: bash
-      run: yarn install --immutable
-      if: inputs.onlyProduction == 'false'
-
-    - name: Install all production yarn packages
-      shell: bash
-      run: yarn workspaces focus --production
-      if: inputs.onlyProduction != 'false'

.github/actions/setup-ruby/action.yml

@@ -1,23 +0,0 @@
-name: 'Setup RUby'
-description: 'Setup a Ruby environment ready to run the Mastodon code'
-inputs:
-  ruby-version:
-    description: The Ruby version to install
-    default: '.ruby-version'
-  additional-system-dependencies:
-    description: 'Additional packages to install'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Install system dependencies
-      shell: bash
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y libicu-dev libidn11-dev libvips42 ${{ inputs.additional-system-dependencies }}
-
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ inputs.ruby-version }}
-        bundler-cache: true

.github/codecov.yml

@@ -1,13 +0,0 @@
-comment: false # Do not leave PR comments
-coverage:
-  status:
-    project:
-      default:
-        # GitHub status check is not blocking
-        informational: true
-    patch:
-      default:
-        # GitHub status check is not blocking
-        informational: true
-github_checks:
-  annotations: false

.github/renovate.json5

@@ -2,21 +2,17 @@
   $schema: 'https://docs.renovatebot.com/renovate-schema.json',
   extends: [
     'config:recommended',
-    'customManagers:dockerfileVersions',
     ':labels(dependencies)',
+    ':maintainLockFilesMonthly', // update non-direct dependencies monthly
     ':prConcurrentLimitNone', // Remove limit for open PRs at any time.
     ':prHourlyLimit2', // Rate limit PR creation to a maximum of two per hour.
   ],
-  rebaseWhen: 'conflicted',
   minimumReleaseAge: '3', // Wait 3 days after the package has been published before upgrading it
   // packageRules order is important, they are applied from top to bottom and are merged,
   // meaning the most important ones must be at the bottom, for example grouping rules
   // If we do not want a package to be grouped with others, we need to set its groupName
   // to `null` after any other rule set it to something.
   dependencyDashboardHeader: 'This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. Before approving any upgrade: read the description and comments in the [`renovate.json5` file](https://github.com/mastodon/mastodon/blob/main/.github/renovate.json5).',
-  postUpdateOptions: ['yarnDedupeHighest'],
-  // The types are now included in recent versions,we ignore them here until we upgrade and remove the dependency
-  ignoreDeps: ['@types/emoji-mart'],
   packageRules: [
     {
       // Require Dependency Dashboard Approval for major version bumps of these node packages
@@ -25,12 +21,25 @@
         'tesseract.js', // Requires code changes
         'react-hotkeys', // Requires code changes
 
+        // Requires Webpacker upgrade or replacement
+        '@types/webpack',
+        'babel-loader',
+        'compression-webpack-plugin',
+        'css-loader',
+        'imports-loader',
+        'mini-css-extract-plugin',
+        'postcss-loader',
+        'sass-loader',
+        'terser-webpack-plugin',
+        'webpack',
+        'webpack-assets-manifest',
+        'webpack-bundle-analyzer',
+        'webpack-dev-server',
+        'webpack-cli',
+
         // react-router: Requires manual upgrade
         'history',
         'react-router-dom',
-
-        // react-spring: Requires manual upgrade when upgrading react
-        '@react-spring/web',
       ],
       matchUpdateTypes: ['major'],
       dependencyDashboardApproval: true,
@@ -39,6 +48,8 @@
       // Require Dependency Dashboard Approval for major version bumps of these Ruby packages
       matchManagers: ['bundler'],
       matchPackageNames: [
+        'rack', // Needs to be synced with Rails version
+        'sprockets', // Requires manual upgrade https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
         'strong_migrations', // Requires manual upgrade
         'sidekiq', // Requires manual upgrade
         'sidekiq-unique-jobs', // Requires manual upgrades and sync with Sidekiq version
@@ -48,7 +59,7 @@
       dependencyDashboardApproval: true,
     },
     {
-      // Update GitHub Actions and Docker images weekly
+      // Update Github Actions and Docker images weekly
       matchManagers: ['github-actions', 'dockerfile', 'docker-compose'],
       extends: ['schedule:weekly'],
     },
@@ -75,7 +86,6 @@
     },
     {
       // Update devDependencies every week, with one grouped PR
-      matchManagers: ['npm'],
       matchDepTypes: 'devDependencies',
       matchUpdateTypes: ['patch', 'minor'],
       groupName: 'devDependencies (non-major)',
@@ -84,30 +94,14 @@
     {
       // Group all eslint-related packages with `eslint` in the same PR
       matchManagers: ['npm'],
-      matchPackageNames: [
-        'eslint',
-        'eslint-*',
-        'typescript-eslint',
-        '@eslint/*',
-        'globals',
-      ],
+      matchPackageNames: ['eslint'],
+      matchPackagePrefixes: ['eslint-', '@typescript-eslint/'],
       matchUpdateTypes: ['patch', 'minor'],
       groupName: 'eslint (non-major)',
     },
-    {
-      // Group actions/*-artifact in the same PR
-      matchManagers: ['github-actions'],
-      matchPackageNames: [
-        'actions/download-artifact',
-        'actions/upload-artifact',
-      ],
-      matchUpdateTypes: ['major'],
-      groupName: 'artifact actions (major)',
-    },
     {
       // Update @types/* packages every week, with one grouped PR
-      matchManagers: ['npm'],
-      matchPackageNames: '@types/*',
+      matchPackagePrefixes: '@types/',
       matchUpdateTypes: ['patch', 'minor'],
       groupName: 'DefinitelyTyped types (non-major)',
       extends: ['schedule:weekly'],
@@ -121,27 +115,6 @@
       ],
       groupName: null, // We dont want them to belong to any group
     },
-    {
-      // Group all RuboCop packages with `rubocop` in the same PR
-      matchManagers: ['bundler'],
-      matchPackageNames: ['rubocop', 'rubocop-*'],
-      matchUpdateTypes: ['patch', 'minor'],
-      groupName: 'RuboCop (non-major)',
-    },
-    {
-      // Group all RSpec packages with `rspec` in the same PR
-      matchManagers: ['bundler'],
-      matchPackageNames: ['rspec', 'rspec-*'],
-      matchUpdateTypes: ['patch', 'minor'],
-      groupName: 'RSpec (non-major)',
-    },
-    {
-      // Group all opentelemetry-ruby packages in the same PR
-      matchManagers: ['bundler'],
-      matchPackageNames: ['opentelemetry-*'],
-      matchUpdateTypes: ['patch', 'minor'],
-      groupName: 'opentelemetry-ruby (non-major)',
-    },
     // Add labels depending on package manager
     { matchManagers: ['npm', 'nvm'], addLabels: ['javascript'] },
     { matchManagers: ['bundler', 'ruby-version'], addLabels: ['ruby'] },

.github/stylelint-matcher.json

@@ -0,0 +1,21 @@
+{
+  "problemMatcher": [
+    {
+      "owner": "stylelint",
+      "pattern": [
+        {
+          "regexp": "^([^\\s].*)$",
+          "file": 1
+        },
+        {
+          "regexp": "^\\s+((\\d+):(\\d+))?\\s+(✖|×)\\s+(.*)\\s{2,}(.*)$",
+          "line": 2,
+          "column": 3,
+          "message": 5,
+          "code": 6,
+          "loop": true
+        }
+      ]
+    }
+  ]
+}

.github/workflows/build-container-image.yml

@@ -1,9 +1,14 @@
 on:
   workflow_call:
     inputs:
+      platforms:
+        required: true
+        type: string
       cache:
         type: boolean
         default: true
+      use_native_arm64_builder:
+        type: boolean
       push_to_images:
         type: string
       version_prerelease:
@@ -16,140 +21,61 @@ on:
         type: string
       labels:
         type: string
-      file_to_build:
-        type: string
 
-# This builds multiple images with one runner each, allowing us to build for multiple architectures
-# using Github's runners.
-# The two-step process is adapted form:
-# https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
 jobs:
-  # Build each (amd64 and arm64) image separately
   build-image:
-    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-24.04' }}
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
 
-      - name: Prepare
-        env:
-          PUSH_TO_IMAGES: ${{ inputs.push_to_images }}
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-          # Transform multi-line variable into comma-separated variable
-          image_names=${PUSH_TO_IMAGES//$'\n'/,}
-          echo "IMAGE_NAMES=${image_names%,}" >> $GITHUB_ENV
+      - uses: docker/setup-qemu-action@v2
+        if: contains(inputs.platforms, 'linux/arm64') && !inputs.use_native_arm64_builder
 
-      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-buildx-action@v2
         id: buildx
+        if: ${{ !(inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')) }}
 
-      - name: Log in to Docker Hub
-        if: contains(inputs.push_to_images, 'tootsuite')
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Log in to the GitHub Container registry
-        if: contains(inputs.push_to_images, 'ghcr.io')
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        if: ${{ inputs.push_to_images != '' }}
-        with:
-          images: ${{ inputs.push_to_images }}
-          flavor: ${{ inputs.flavor }}
-          labels: ${{ inputs.labels }}
-
-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: ${{ inputs.file_to_build }}
-          build-args: |
-            MASTODON_VERSION_PRERELEASE=${{ inputs.version_prerelease }}
-            MASTODON_VERSION_METADATA=${{ inputs.version_metadata }}
-            SOURCE_COMMIT=${{ github.sha }}
-          platforms: ${{ matrix.platform }}
-          provenance: false
-          push: ${{ inputs.push_to_images != '' }}
-          cache-from: ${{ inputs.cache && 'type=gha' || '' }}
-          cache-to: ${{ inputs.cache && 'type=gha,mode=max' || '' }}
-          outputs: type=image,"name=${{ env.IMAGE_NAMES }}",push-by-digest=true,name-canonical=true,push=${{ inputs.push_to_images != '' }}
-
-      - name: Export digest
-        if: ${{ inputs.push_to_images != '' }}
+      - name: Start a local Docker Builder
+        if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
         run: |
-          mkdir -p "${{ runner.temp }}/digests"
-          digest="${{ steps.build.outputs.digest }}"
-          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+          docker run --rm -d --name buildkitd -p 1234:1234 --privileged moby/buildkit:latest --addr tcp://0.0.0.0:1234
 
-      - name: Upload digest
-        if: ${{ inputs.push_to_images != '' }}
-        uses: actions/upload-artifact@v4
+      - uses: docker/setup-buildx-action@v2
+        id: buildx-native
+        if: inputs.use_native_arm64_builder && contains(inputs.platforms, 'linux/arm64')
         with:
-          # `hashFiles` is used to disambiguate between streaming and non-streaming images
-          name: digests-${{ hashFiles(inputs.file_to_build) }}-${{ env.PLATFORM_PAIR }}
-          path: ${{ runner.temp }}/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  # Then merge the docker images into a single one
-  merge-images:
-    if: ${{ inputs.push_to_images != '' }}
-    runs-on: ubuntu-24.04
-    needs:
-      - build-image
-
+          driver: remote
+          endpoint: tcp://localhost:1234
+          platforms: linux/amd64
+          append: |
+            - endpoint: tcp://${{ vars.DOCKER_BUILDER_HETZNER_ARM64_01_HOST }}:13865
+              platforms: linux/arm64
+              name: mastodon-docker-builder-arm64-01
+              driver-opts:
+                - servername=mastodon-docker-builder-arm64-01
         env:
-      PUSH_TO_IMAGES: ${{ inputs.push_to_images }}
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Download digests
-        uses: actions/download-artifact@v4
-        with:
-          path: ${{ runner.temp }}/digests
-          # `hashFiles` is used to disambiguate between streaming and non-streaming images
-          pattern: digests-${{ hashFiles(inputs.file_to_build) }}-*
-          merge-multiple: true
+          BUILDER_NODE_1_AUTH_TLS_CACERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CACERT }}
+          BUILDER_NODE_1_AUTH_TLS_CERT: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_CERT }}
+          BUILDER_NODE_1_AUTH_TLS_KEY: ${{ secrets.DOCKER_BUILDER_HETZNER_ARM64_01_KEY }}
 
       - name: Log in to Docker Hub
         if: contains(inputs.push_to_images, 'tootsuite')
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Log in to the GitHub Container registry
+      - name: Log in to the Github Container registry
         if: contains(inputs.push_to_images, 'ghcr.io')
-        uses: docker/login-action@v3
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Docker meta
+      - uses: docker/metadata-action@v4
         id: meta
-        uses: docker/metadata-action@v5
         if: ${{ inputs.push_to_images != '' }}
         with:
           images: ${{ inputs.push_to_images }}
@@ -157,14 +83,17 @@ jobs:
           tags: ${{ inputs.tags }}
           labels: ${{ inputs.labels }}
 
-      - name: Create manifest list and push
-        working-directory: ${{ runner.temp }}/digests
-        run: |
-          echo "$PUSH_TO_IMAGES" | xargs -I{} \
-            docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-              $(printf '{}@sha256:%s ' *)
-
-      - name: Inspect image
-        run: |
-          echo "$PUSH_TO_IMAGES" | xargs -i{} \
-            docker buildx imagetools inspect {}:${{ steps.meta.outputs.version }}
+      - uses: docker/build-push-action@v4
+        with:
+          context: .
+          build-args: |
+            MASTODON_VERSION_PRERELEASE=${{ inputs.version_prerelease }}
+            MASTODON_VERSION_METADATA=${{ inputs.version_metadata }}
+          platforms: ${{ inputs.platforms }}
+          provenance: false
+          builder: ${{ steps.buildx.outputs.name || steps.buildx-native.outputs.name }}
+          push: ${{ inputs.push_to_images != '' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: ${{ inputs.cache && 'type=gha' || '' }}
+          cache-to: ${{ inputs.cache && 'type=gha,mode=max' || '' }}

.github/workflows/build-nightly.yml

@@ -11,7 +11,6 @@ permissions:
 jobs:
   compute-suffix:
     runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
     steps:
       - id: version_vars
         env:
@@ -25,7 +24,8 @@ jobs:
     needs: compute-suffix
     uses: ./.github/workflows/build-container-image.yml
     with:
-      file_to_build: Dockerfile
+      platforms: linux/amd64,linux/arm64
+      use_native_arm64_builder: true
       cache: false
       push_to_images: |
         tootsuite/mastodon
@@ -40,23 +40,3 @@ jobs:
         type=raw,value=nightly
         type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }}
     secrets: inherit
-
-  build-image-streaming:
-    needs: compute-suffix
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      cache: false
-      push_to_images: |
-        tootsuite/mastodon-streaming
-        ghcr.io/mastodon/mastodon-streaming
-      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
-      labels: |
-        org.opencontainers.image.description=Nightly build image used for testing purposes
-      flavor: |
-        latest=auto
-      tags: |
-        type=raw,value=edge
-        type=raw,value=nightly
-        type=schedule,pattern=${{ needs.compute-suffix.outputs.prerelease }}
-    secrets: inherit

.github/workflows/build-push-pr.yml

@@ -21,17 +21,16 @@ jobs:
         uses: actions/checkout@v4
       - id: version_vars
         run: |
-          echo mastodon_version_metadata=pr-${{ github.event.pull_request.number }}-$(git rev-parse --short ${{github.event.pull_request.head.sha}}) >> $GITHUB_OUTPUT
-          echo mastodon_short_sha=$(git rev-parse --short ${{github.event.pull_request.head.sha}}) >> $GITHUB_OUTPUT
+          echo mastodon_version_metadata=pr-${{ github.event.pull_request.number }}-$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
     outputs:
       metadata: ${{ steps.version_vars.outputs.mastodon_version_metadata }}
-      short_sha: ${{ steps.version_vars.outputs.mastodon_short_sha }}
 
   build-image:
     needs: compute-suffix
     uses: ./.github/workflows/build-container-image.yml
     with:
-      file_to_build: Dockerfile
+      platforms: linux/amd64,linux/arm64
+      use_native_arm64_builder: true
       push_to_images: |
         ghcr.io/mastodon/mastodon
       version_metadata: ${{ needs.compute-suffix.outputs.metadata }}
@@ -39,20 +38,4 @@ jobs:
         latest=auto
       tags: |
         type=ref,event=pr
-        type=ref,event=pr,suffix=-${{ needs.compute-suffix.outputs.short_sha }}
-    secrets: inherit
-
-  build-image-streaming:
-    needs: compute-suffix
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      push_to_images: |
-        ghcr.io/mastodon/mastodon-streaming
-      version_metadata: ${{ needs.compute-suffix.outputs.metadata }}
-      flavor: |
-        latest=auto
-      tags: |
-        type=ref,event=pr
-        type=ref,event=pr,suffix=-${{ needs.compute-suffix.outputs.short_sha }}
     secrets: inherit

.github/workflows/build-releases.yml

@@ -12,7 +12,8 @@ jobs:
   build-image:
     uses: ./.github/workflows/build-container-image.yml
     with:
-      file_to_build: Dockerfile
+      platforms: linux/amd64,linux/arm64
+      use_native_arm64_builder: true
       push_to_images: |
         tootsuite/mastodon
         ghcr.io/mastodon/mastodon
@@ -21,25 +22,7 @@ jobs:
       # Only tag with latest when ran against the latest stable branch
       # This needs to be updated after each minor version release
       flavor: |
-        latest=${{ startsWith(github.ref, 'refs/tags/v4.3.') }}
-      tags: |
-        type=pep440,pattern={{raw}}
-        type=pep440,pattern=v{{major}}.{{minor}}
-    secrets: inherit
-
-  build-image-streaming:
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      push_to_images: |
-        tootsuite/mastodon-streaming
-        ghcr.io/mastodon/mastodon-streaming
-      # Do not use cache when building releases, so apt update is always ran and the release always contain the latest packages
-      cache: false
-      # Only tag with latest when ran against the latest stable branch
-      # This needs to be updated after each minor version release
-      flavor: |
-        latest=${{ startsWith(github.ref, 'refs/tags/v4.3.') }}
+        latest=${{ startsWith(github.ref, 'refs/tags/v4.2.') }}
       tags: |
         type=pep440,pattern={{raw}}
         type=pep440,pattern=v{{major}}.{{minor}}

.github/workflows/build-security.yml

@@ -1,60 +0,0 @@
-name: Build security nightly container image
-on:
-  workflow_dispatch:
-
-permissions:
-  contents: read
-  packages: write
-
-jobs:
-  compute-suffix:
-    runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
-    steps:
-      - id: version_vars
-        env:
-          TZ: Etc/UTC
-        run: |
-          echo mastodon_version_prerelease=nightly.$(date --date='next day' +'%Y-%m-%d')-security>> $GITHUB_OUTPUT
-    outputs:
-      prerelease: ${{ steps.version_vars.outputs.mastodon_version_prerelease }}
-
-  build-image:
-    needs: compute-suffix
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: Dockerfile
-      cache: false
-      push_to_images: |
-        tootsuite/mastodon
-        ghcr.io/mastodon/mastodon
-      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
-      labels: |
-        org.opencontainers.image.description=Nightly build image used for testing purposes
-      flavor: |
-        latest=auto
-      tags: |
-        type=raw,value=edge
-        type=raw,value=nightly
-        type=raw,value=${{ needs.compute-suffix.outputs.prerelease }}
-    secrets: inherit
-
-  build-image-streaming:
-    needs: compute-suffix
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      cache: false
-      push_to_images: |
-        tootsuite/mastodon-streaming
-        ghcr.io/mastodon/mastodon-streaming
-      version_prerelease: ${{ needs.compute-suffix.outputs.prerelease }}
-      labels: |
-        org.opencontainers.image.description=Nightly build image used for testing purposes
-      flavor: |
-        latest=auto
-      tags: |
-        type=raw,value=edge
-        type=raw,value=nightly
-        type=raw,value=${{ needs.compute-suffix.outputs.prerelease }}
-    secrets: inherit

.github/workflows/bundler-audit.yml

@@ -1,19 +1,19 @@
 name: Bundler Audit
 on:
-  merge_group:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches-ignore:
+      - 'dependabot/**'
     paths:
       - 'Gemfile*'
       - '.ruby-version'
+      - '.bundler-audit.yml'
       - '.github/workflows/bundler-audit.yml'
 
   pull_request:
     paths:
       - 'Gemfile*'
       - '.ruby-version'
+      - '.bundler-audit.yml'
       - '.github/workflows/bundler-audit.yml'
 
   schedule:
@@ -23,17 +23,18 @@ jobs:
   security:
     runs-on: ubuntu-latest
 
-    env:
-      BUNDLE_ONLY: development
-
     steps:
       - name: Clone repository
         uses: actions/checkout@v4
 
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
+          ruby-version: .ruby-version
           bundler-cache: true
 
       - name: Run bundler-audit
-        run: bin/bundler-audit check --update
+        run: bundle exec bundler-audit

.github/workflows/check-i18n.yml

@@ -2,13 +2,9 @@ name: Check i18n
 
 on:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches: [main]
   pull_request:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches: [main]
 
 env:
   RAILS_ENV: test
@@ -18,16 +14,30 @@ permissions:
 
 jobs:
   check-i18n:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: Check for missing strings in English JSON
         run: |
@@ -35,18 +45,18 @@ jobs:
           git diff --exit-code
 
       - name: Check locale file normalization
-        run: bin/i18n-tasks check-normalized
+        run: bundle exec i18n-tasks check-normalized
 
       - name: Check for unused strings
-        run: bin/i18n-tasks unused
+        run: bundle exec i18n-tasks unused
 
       - name: Check for missing strings in English YML
         run: |
-          bin/i18n-tasks add-missing -l en
+          bundle exec i18n-tasks add-missing -l en
           git diff --exit-code
 
       - name: Check for wrong string interpolations
-        run: bin/i18n-tasks check-consistent-interpolations
+        run: bundle exec i18n-tasks check-consistent-interpolations
 
       - name: Check that all required locale files exist
-        run: bin/rake repo:check_locales_files
+        run: bundle exec rake repo:check_locales_files

.github/workflows/chromatic.yml

@@ -1,41 +0,0 @@
-name: 'Chromatic'
-
-on:
-  push:
-    branches-ignore:
-      - renovate/*
-      - stable-*
-    paths:
-      - 'package.json'
-      - 'yarn.lock'
-      - '**/*.js'
-      - '**/*.jsx'
-      - '**/*.ts'
-      - '**/*.tsx'
-      - '**/*.css'
-      - '**/*.scss'
-      - '.github/workflows/chromatic.yml'
-
-jobs:
-  chromatic:
-    name: Run Chromatic
-    runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
-
-      - name: Build Storybook
-        run: yarn build-storybook
-
-      - name: Run Chromatic
-        uses: chromaui/action@v12
-        with:
-          # ⚠️ Make sure to configure a `CHROMATIC_PROJECT_TOKEN` repository secret
-          projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
-          zip: true
-          storybookBuildDir: 'storybook-static'

.github/workflows/codeql.yml

@@ -1,15 +1,11 @@
 name: 'CodeQL'
 
 on:
-  merge_group:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches: ['main']
   pull_request:
-    branches:
-      - 'main'
-      - 'stable-*'
+    # The branches below must be a subset of the branches above
+    branches: ['main']
   schedule:
     - cron: '22 6 * * 1'
 
@@ -35,7 +31,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -48,7 +44,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -61,6 +57,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v2
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/crowdin-download-stable.yml

@@ -1,69 +0,0 @@
-name: Crowdin / Download translations (stable branches)
-on:
-  workflow_dispatch:
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  download-translations-stable:
-    runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Increase Git http.postBuffer
-        # This is needed due to a bug in Ubuntu's cURL version?
-        # See https://github.com/orgs/community/discussions/55820
-        run: |
-          git config --global http.version HTTP/1.1
-          git config --global http.postBuffer 157286400
-
-      # Download the translation files from Crowdin
-      - name: crowdin action
-        uses: crowdin/github-action@v2
-        with:
-          upload_sources: false
-          upload_translations: false
-          download_translations: true
-          crowdin_branch_name: ${{ github.base_ref || github.ref_name }}
-          push_translations: false
-          create_pull_request: false
-        env:
-          CROWDIN_PROJECT_ID: ${{ vars.CROWDIN_PROJECT_ID }}
-          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
-
-      # As the files are extracted from a Docker container, they belong to root:root
-      # We need to fix this before the next steps
-      - name: Fix file permissions
-        run: sudo chown -R runner:docker .
-
-      # This is needed to run the normalize step
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-
-      - name: Run i18n normalize task
-        run: bin/i18n-tasks normalize
-
-      # Create or update the pull request
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7.0.6
-        with:
-          commit-message: 'New Crowdin translations'
-          title: 'New Crowdin Translations for ${{ github.base_ref || github.ref_name }} (automated)'
-          author: 'GitHub Actions <noreply@github.com>'
-          body: |
-            New Crowdin translations, automated with GitHub Actions
-
-            See `.github/workflows/crowdin-download.yml`
-
-            This PR will be updated every day with new translations.
-
-            Due to a limitation in GitHub Actions, checks are not running on this PR without manual action.
-            If you want to run the checks, then close and re-open it.
-          branch: i18n/crowdin/translations-${{ github.base_ref || github.ref_name }}
-          base: ${{ github.base_ref || github.ref_name }}
-          labels: i18n

.github/workflows/crowdin-download.yml

@@ -11,7 +11,6 @@ permissions:
 jobs:
   download-translations:
     runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
 
     steps:
       - name: Checkout
@@ -26,7 +25,7 @@ jobs:
 
       # Download the translation files from Crowdin
       - name: crowdin action
-        uses: crowdin/github-action@v2
+        uses: crowdin/github-action@v1
         with:
           upload_sources: false
           upload_translations: false
@@ -44,27 +43,33 @@ jobs:
         run: sudo chown -R runner:docker .
 
       # This is needed to run the normalize step
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
 
       - name: Run i18n normalize task
-        run: bin/i18n-tasks normalize
+        run: bundle exec i18n-tasks normalize
 
       # Create or update the pull request
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v5.0.2
         with:
           commit-message: 'New Crowdin translations'
           title: 'New Crowdin Translations (automated)'
           author: 'GitHub Actions <noreply@github.com>'
           body: |
-            New Crowdin translations, automated with GitHub Actions
+            New Crowdin translations, automated with Github Actions
 
             See `.github/workflows/crowdin-download.yml`
 
             This PR will be updated every day with new translations.
 
-            Due to a limitation in GitHub Actions, checks are not running on this PR without manual action.
+            Due to a limitation in Github Actions, checks are not running on this PR without manual action.
             If you want to run the checks, then close and re-open it.
           branch: i18n/crowdin/translations
           base: main

.github/workflows/crowdin-upload.yml

@@ -3,8 +3,7 @@ name: Crowdin / Upload translations
 on:
   push:
     branches:
-      - 'main'
-      - 'stable-*'
+      - main
     paths:
       - crowdin.yml
       - app/javascript/mastodon/locales/en.json
@@ -18,19 +17,18 @@ on:
 jobs:
   upload-translations:
     runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: crowdin action
-        uses: crowdin/github-action@v2
+        uses: crowdin/github-action@v1
         with:
           upload_sources: true
           upload_translations: false
           download_translations: false
-          crowdin_branch_name: ${{ github.base_ref || github.ref_name }}
+          crowdin_branch_name: main
 
         env:
           CROWDIN_PROJECT_ID: ${{ vars.CROWDIN_PROJECT_ID }}

.github/workflows/format-check.yml

@@ -1,22 +0,0 @@
-name: Check formatting
-on:
-  merge_group:
-  push:
-    branches:
-      - 'main'
-      - 'stable-*'
-  pull_request:
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Clone repository
-        uses: actions/checkout@v4
-
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
-
-      - name: Check formatting with Prettier
-        run: yarn format:check

.github/workflows/lint-css.yml

@@ -1,10 +1,9 @@
 name: CSS Linting
 on:
-  merge_group:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
     paths:
       - 'package.json'
       - 'yarn.lock'
@@ -36,8 +35,18 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - uses: xt0rted/stylelint-problem-matcher@v1
+
+      - run: echo "::add-matcher::.github/stylelint-matcher.json"
 
       - name: Stylelint
-        run: yarn lint:css --custom-formatter @csstools/stylelint-formatter-github
+        run: yarn lint:sass

.github/workflows/lint-haml.yml

@@ -1,10 +1,9 @@
 name: Haml Linting
 on:
-  merge_group:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
     paths:
       - '.github/workflows/haml-lint-problem-matcher.json'
       - '.github/workflows/lint-haml.yml'
@@ -27,20 +26,22 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-latest
-
-    env:
-      BUNDLE_ONLY: development
-
     steps:
       - name: Clone repository
         uses: actions/checkout@v4
 
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
+          ruby-version: .ruby-version
           bundler-cache: true
 
       - name: Run haml-lint
         run: |
           echo "::add-matcher::.github/workflows/haml-lint-problem-matcher.json"
-          bin/haml-lint --reporter github
+          bundle exec haml-lint

.github/workflows/lint-js.yml

@@ -1,17 +1,16 @@
 name: JavaScript Linting
 on:
-  merge_group:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
     paths:
       - 'package.json'
       - 'yarn.lock'
       - 'tsconfig.json'
       - '.nvmrc'
       - '.prettier*'
-      - 'eslint.config.mjs'
+      - '.eslint*'
       - '**/*.js'
       - '**/*.jsx'
       - '**/*.ts'
@@ -25,7 +24,7 @@ on:
       - 'tsconfig.json'
       - '.nvmrc'
       - '.prettier*'
-      - 'eslint.config.mjs'
+      - '.eslint*'
       - '**/*.js'
       - '**/*.jsx'
       - '**/*.ts'
@@ -40,11 +39,17 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
 
       - name: ESLint
-        run: yarn workspaces foreach --all --parallel run lint:js --max-warnings 0
+        run: yarn lint:js --max-warnings 0
 
       - name: Typecheck
         run: yarn typecheck

.github/workflows/lint-json.yml

@@ -0,0 +1,44 @@
+name: JSON Linting
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+    paths:
+      - 'package.json'
+      - 'yarn.lock'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.json'
+      - '.github/workflows/lint-json.yml'
+      - '!app/javascript/mastodon/locales/*.json'
+
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'yarn.lock'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.json'
+      - '.github/workflows/lint-json.yml'
+      - '!app/javascript/mastodon/locales/*.json'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - name: Prettier
+        run: yarn lint:json

.github/workflows/lint-md.yml

@@ -0,0 +1,44 @@
+name: Markdown Linting
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+    paths:
+      - '.github/workflows/lint-md.yml'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.md'
+      - '!AUTHORS.md'
+      - 'package.json'
+      - 'yarn.lock'
+
+  pull_request:
+    paths:
+      - '.github/workflows/lint-md.yml'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.md'
+      - '!AUTHORS.md'
+      - 'package.json'
+      - 'yarn.lock'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - name: Prettier
+        run: yarn lint:md

.github/workflows/lint-ruby.yml

@@ -1,15 +1,13 @@
 name: Ruby Linting
 on:
-  merge_group:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
     paths:
       - 'Gemfile*'
       - '.rubocop*.yml'
       - '.ruby-version'
-      - 'bin/rubocop'
       - 'config/brakeman.ignore'
       - '**/*.rb'
       - '**/*.rake'
@@ -20,7 +18,6 @@ on:
       - 'Gemfile*'
       - '.rubocop*.yml'
       - '.ruby-version'
-      - 'bin/rubocop'
       - 'config/brakeman.ignore'
       - '**/*.rb'
       - '**/*.rake'
@@ -30,24 +27,25 @@ jobs:
   lint:
     runs-on: ubuntu-latest
 
-    env:
-      BUNDLE_ONLY: development
-
     steps:
       - name: Clone repository
         uses: actions/checkout@v4
 
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
+          ruby-version: .ruby-version
           bundler-cache: true
 
       - name: Set-up RuboCop Problem Matcher
         uses: r7kamura/rubocop-problem-matchers-action@v1
 
       - name: Run rubocop
-        run: bin/rubocop
+        run: bundle exec rubocop
 
       - name: Run brakeman
         if: always() # Run both checks, even if the first failed
-        run: bin/brakeman
+        run: bundle exec brakeman

.github/workflows/lint-yml.yml

@@ -0,0 +1,46 @@
+name: YML Linting
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+    paths:
+      - 'package.json'
+      - 'yarn.lock'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.yaml'
+      - '**/*.yml'
+      - '.github/workflows/lint-yml.yml'
+      - '!config/locales/*.yml'
+
+  pull_request:
+    paths:
+      - 'package.json'
+      - 'yarn.lock'
+      - '.nvmrc'
+      - '.prettier*'
+      - '**/*.yaml'
+      - '**/*.yml'
+      - '.github/workflows/lint-yml.yml'
+      - '!config/locales/*.yml'
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - name: Prettier
+        run: yarn lint:yml

.github/workflows/rebase-needed.yml

@@ -10,7 +10,6 @@ permissions:
 jobs:
   label-rebase-needed:
     runs-on: ubuntu-latest
-    if: github.repository == 'mastodon/mastodon'
 
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,7 +17,7 @@ jobs:
 
     steps:
       - name: Check for merge conflicts
-        uses: eps1lon/actions-label-merge-conflict@v3
+        uses: eps1lon/actions-label-merge-conflict@releases/2.x
         with:
           dirtyLabel: 'rebase needed :construction:'
           repoToken: '${{ secrets.GITHUB_TOKEN }}'

.github/workflows/test-image-build.yml

@@ -7,8 +7,6 @@ on:
       - .github/workflows/build-releases.yml
       - .github/workflows/test-image-build.yml
       - Dockerfile
-      - streaming/Dockerfile
-      - .dockerignore
 permissions:
   contents: read
 
@@ -20,15 +18,4 @@ jobs:
 
     uses: ./.github/workflows/build-container-image.yml
     with:
-      file_to_build: Dockerfile
-      cache: true
-
-  build-image-streaming:
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}-streaming
-      cancel-in-progress: true
-
-    uses: ./.github/workflows/build-container-image.yml
-    with:
-      file_to_build: streaming/Dockerfile
-      cache: true
+      platforms: linux/amd64 # Testing only on native platform so it is performant

.github/workflows/test-js.yml

@@ -1,10 +1,9 @@
 name: JavaScript Testing
 on:
-  merge_group:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
     paths:
       - 'package.json'
       - 'yarn.lock'
@@ -36,8 +35,14 @@ jobs:
       - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
 
-      - name: JavaScript testing
-        run: yarn test:js
+      - name: Install all yarn packages
+        run: yarn --frozen-lockfile
+
+      - name: Jest testing
+        run: yarn jest --reporters github-actions summary

.github/workflows/test-migrations-one-step.yml

@@ -0,0 +1,111 @@
+name: Test one step migrations
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+  pull_request:
+
+jobs:
+  pre_job:
+    runs-on: ubuntu-latest
+
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@v5
+        with:
+          paths: '["Gemfile*", ".ruby-version", "**/*.rb", ".github/workflows/test-migrations-one-step.yml", "lib/tasks/tests.rake"]'
+
+  test:
+    runs-on: ubuntu-latest
+    needs: pre_job
+    if: needs.pre_job.outputs.should_skip != 'true'
+
+    strategy:
+      fail-fast: false
+
+      matrix:
+        postgres:
+          - 14-alpine
+          - 15-alpine
+
+    services:
+      postgres:
+        image: postgres:${{ matrix.postgres}}
+        env:
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_USER: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+
+      redis:
+        image: redis:7-alpine
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 6379:6379
+
+    env:
+      CONTINUOUS_INTEGRATION: true
+      DB_HOST: localhost
+      DB_USER: postgres
+      DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
+      RAILS_ENV: test
+      BUNDLE_CLEAN: true
+      BUNDLE_FROZEN: true
+      BUNDLE_WITHOUT: 'development production'
+      BUNDLE_JOBS: 3
+      BUNDLE_RETRY: 3
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Create database
+        run: './bin/rails db:create'
+
+      - name: Run migrations up to v2.0.0
+        run: './bin/rails db:migrate VERSION=20171010025614'
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2'
+
+      - name: Run migrations up to v2.4.0
+        run: './bin/rails db:migrate VERSION=20180514140000'
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2_4'
+
+      - name: Run migrations up to v2.4.3
+        run: './bin/rails db:migrate VERSION=20180707154237'
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2_4_3'
+
+      - name: Run all remaining migrations
+        run: './bin/rails db:migrate'
+
+      - name: Check migration result
+        run: './bin/rails tests:migrations:check_database'

.github/workflows/test-migrations-two-step.yml

@@ -0,0 +1,119 @@
+name: Test two step migrations
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
+  pull_request:
+
+jobs:
+  pre_job:
+    runs-on: ubuntu-latest
+
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@v5
+        with:
+          paths: '["Gemfile*", ".ruby-version", "**/*.rb", ".github/workflows/test-migrations-two-step.yml", "lib/tasks/tests.rake"]'
+
+  test:
+    runs-on: ubuntu-latest
+    needs: pre_job
+    if: needs.pre_job.outputs.should_skip != 'true'
+
+    strategy:
+      fail-fast: false
+
+      matrix:
+        postgres:
+          - 14-alpine
+          - 15-alpine
+
+    services:
+      postgres:
+        image: postgres:${{ matrix.postgres}}
+        env:
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_USER: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+      redis:
+        image: redis:7-alpine
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 6379:6379
+
+    env:
+      CONTINUOUS_INTEGRATION: true
+      DB_HOST: localhost
+      DB_USER: postgres
+      DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
+      RAILS_ENV: test
+      BUNDLE_CLEAN: true
+      BUNDLE_FROZEN: true
+      BUNDLE_WITHOUT: 'development production'
+      BUNDLE_JOBS: 3
+      BUNDLE_RETRY: 3
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install native Ruby dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - name: Create database
+        run: './bin/rails db:create'
+
+      - name: Run migrations up to v2.0.0
+        run: './bin/rails db:migrate VERSION=20171010025614'
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2'
+
+      - name: Run pre-deployment migrations up to v2.4.0
+        run: './bin/rails db:migrate VERSION=20180514140000'
+        env:
+          SKIP_POST_DEPLOYMENT_MIGRATIONS: true
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2_4'
+
+      - name: Run migrations up to v2.4.3
+        run: './bin/rails db:migrate VERSION=20180707154237'
+        env:
+          SKIP_POST_DEPLOYMENT_MIGRATIONS: true
+
+      - name: Populate database with test data
+        run: './bin/rails tests:migrations:populate_v2_4_3'
+
+      - name: Run all remaining pre-deployment migrations
+        run: './bin/rails db:migrate'
+        env:
+          SKIP_POST_DEPLOYMENT_MIGRATIONS: true
+
+      - name: Run all post-deployment migrations
+        run: './bin/rails db:migrate'
+
+      - name: Check migration result
+        run: './bin/rails tests:migrations:check_database'

.github/workflows/test-migrations.yml

@@ -1,112 +0,0 @@
-name: Historical data migration test
-
-on:
-  merge_group:
-  push:
-    branches:
-      - 'main'
-      - 'stable-*'
-    paths:
-      - 'Gemfile*'
-      - '.ruby-version'
-      - '**/*.rb'
-      - '.github/workflows/test-migrations.yml'
-      - 'lib/tasks/tests.rake'
-      - 'lib/tasks/db.rake'
-
-  pull_request:
-    paths:
-      - 'Gemfile*'
-      - '.ruby-version'
-      - '**/*.rb'
-      - '.github/workflows/test-migrations.yml'
-      - 'lib/tasks/tests.rake'
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-
-      matrix:
-        postgres:
-          - 14-alpine
-          - 15-alpine
-          - 16-alpine
-          - 17-alpine
-
-    services:
-      postgres:
-        image: postgres:${{ matrix.postgres}}
-        env:
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_USER: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 5432:5432
-
-      redis:
-        image: redis:7-alpine
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 6379:6379
-
-    env:
-      DB_HOST: localhost
-      DB_USER: postgres
-      DB_PASS: postgres
-      RAILS_ENV: test
-      BUNDLE_CLEAN: true
-      BUNDLE_FROZEN: true
-      BUNDLE_WITHOUT: 'development:production'
-      BUNDLE_JOBS: 3
-      BUNDLE_RETRY: 3
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-
-      - name: Ensure no errors with `db:prepare`
-        run: |
-          bin/rails db:drop
-          bin/rails db:prepare
-          bin/rails db:migrate
-
-      - name: Ensure no errors with `db:prepare` and SKIP_POST_DEPLOYMENT_MIGRATIONS
-        run: |
-          bin/rails db:drop
-          SKIP_POST_DEPLOYMENT_MIGRATIONS=true bin/rails db:prepare
-          bin/rails db:migrate
-
-      - name: Test "one step migration" flow
-        run: |
-          bin/rails db:drop
-          bin/rails db:create
-          bin/rails tests:migrations:prepare_database
-          bin/rails db:migrate
-          bin/rails tests:migrations:check_database
-
-      - name: Test "two step migration" flow
-        run: |
-          bin/rails db:drop
-          bin/rails db:create
-          SKIP_POST_DEPLOYMENT_MIGRATIONS=true bin/rails tests:migrations:prepare_database
-
-          # Migrate up to v4.2.0 breakpoint
-          bin/rails db:migrate VERSION=20230907150100
-
-          # Migrate the rest
-          SKIP_POST_DEPLOYMENT_MIGRATIONS=true bin/rails db:migrate
-          bin/rails db:migrate
-          bin/rails tests:migrations:check_database

.github/workflows/test-ruby.yml

@@ -1,11 +1,10 @@
 name: Ruby Testing
 
 on:
-  merge_group:
   push:
-    branches:
-      - 'main'
-      - 'stable-*'
+    branches-ignore:
+      - 'dependabot/**'
+      - 'renovate/**'
   pull_request:
 
 env:
@@ -29,47 +28,42 @@ jobs:
     env:
       RAILS_ENV: ${{ matrix.mode }}
       BUNDLE_WITH: ${{ matrix.mode }}
-      SECRET_KEY_BASE_DUMMY: 1
+      OTP_SECRET: precompile_placeholder
+      SECRET_KEY_BASE: precompile_placeholder
 
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
         with:
-          onlyProduction: 'true'
+          cache: yarn
+          node-version-file: '.nvmrc'
 
-      - name: Cache assets from compilation
-        uses: actions/cache@v4
-        with:
-          path: |
-            public/assets
-            public/packs
-            public/packs-test
-            tmp/cache/vite
-          key: ${{ matrix.mode }}-assets-${{ github.head_ref || github.ref_name }}-${{ github.sha }}
-          restore-keys: |
-            ${{ matrix.mode }}-assets-${{ github.head_ref || github.ref_name }}-${{ github.sha }}
-            ${{ matrix.mode }}-assets-${{ github.head_ref || github.ref_name }}
-            ${{ matrix.mode }}-assets-main
-            ${{ matrix.mode }}-assets
-
-      - name: Precompile assets
-        run: |-
-          bin/rails assets:precompile
-
-      - name: Archive asset artifacts
+      - name: Install native Ruby dependencies
         run: |
-          tar --exclude={"*.br","*.gz"} -zcf artifacts.tar.gz public/assets public/packs* tmp/cache/vite/last-build*.json
+          sudo apt-get update
+          sudo apt-get install -y libicu-dev libidn11-dev
 
-      - uses: actions/upload-artifact@v4
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+
+      - run: yarn --frozen-lockfile --production
+      - name: Precompile assets
+        # Previously had set this, but it's not supported
+        # export NODE_OPTIONS=--openssl-legacy-provider
+        run: |-
+          ./bin/rails assets:precompile
+
+      - uses: actions/upload-artifact@v3
         if: matrix.mode == 'test'
         with:
           path: |-
-            ./artifacts.tar.gz
+            ./public/assets
+            ./public/packs-test
           name: ${{ github.sha }}
           retention-days: 0
 
@@ -87,9 +81,9 @@ jobs:
           POSTGRES_USER: postgres
         options: >-
           --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 5432:5432
 
@@ -97,9 +91,9 @@ jobs:
         image: redis:7-alpine
         options: >-
           --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 6379:6379
 
@@ -107,7 +101,7 @@ jobs:
       DB_HOST: localhost
       DB_USER: postgres
       DB_PASS: postgres
-      COVERAGE: ${{ matrix.ruby-version == '.ruby-version' }}
+      DISABLE_SIMPLECOV: true
       RAILS_ENV: test
       ALLOW_NOPAM: true
       PAM_ENABLED: true
@@ -118,147 +112,47 @@ jobs:
       SAML_ENABLED: true
       CAS_ENABLED: true
       BUNDLE_WITH: 'pam_authentication test'
-      GITHUB_RSPEC: ${{ matrix.ruby-version == '.ruby-version' && github.event.pull_request && 'true' }}
+      CI_JOBS: ${{ matrix.ci_job }}/4
 
     strategy:
       fail-fast: false
       matrix:
         ruby-version:
-          - '3.2'
-          - '3.3'
+          - '3.0'
+          - '3.1'
           - '.ruby-version'
+        ci_job:
+          - 1
+          - 2
+          - 3
+          - 4
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
-          path: './'
+          path: './public'
           name: ${{ github.sha }}
 
-      - name: Expand archived asset artifacts
-        run: |
-          tar xvzf artifacts.tar.gz
+      - name: Update package index
+        run: sudo apt-get update
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Install additional system dependencies
+        run: sudo apt-get install -y ffmpeg imagemagick libpam-dev
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg libpam-dev
-
-      - name: Load database schema
-        run: |
-          bin/rails db:setup
-          bin/flatware fan bin/rails db:test:prepare
-
-      - name: Cache RSpec persistence file
-        uses: actions/cache@v4
-        with:
-          path: |
-            tmp/rspec/examples.txt
-          key: rspec-persistence-${{ github.head_ref || github.ref_name }}-${{ github.sha }}
-          restore-keys: |
-            rspec-persistence-${{ github.head_ref || github.ref_name }}-${{ github.sha }}-${{ matrix.ruby-version }}
-            rspec-persistence-${{ github.head_ref || github.ref_name }}-${{ github.sha }}
-            rspec-persistence-${{ github.head_ref || github.ref_name }}
-            rspec-persistence-main
-            rspec-persistence
-
-      - run: bin/flatware rspec -r ./spec/flatware_helper.rb
-
-      - name: Upload coverage reports to Codecov
-        if: matrix.ruby-version == '.ruby-version'
-        uses: codecov/codecov-action@v5
-        with:
-          files: coverage/lcov/*.lcov
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-  test-imagemagick:
-    name: ImageMagick tests
-    runs-on: ubuntu-latest
-
-    needs:
-      - build
-
-    services:
-      postgres:
-        image: postgres:14-alpine
-        env:
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_USER: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 5432:5432
-
-      redis:
-        image: redis:7-alpine
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 6379:6379
-
-    env:
-      DB_HOST: localhost
-      DB_USER: postgres
-      DB_PASS: postgres
-      COVERAGE: ${{ matrix.ruby-version == '.ruby-version' }}
-      RAILS_ENV: test
-      ALLOW_NOPAM: true
-      PAM_ENABLED: true
-      PAM_DEFAULT_SERVICE: pam_test
-      PAM_CONTROLLED_SERVICE: pam_test_controlled
-      OIDC_ENABLED: true
-      OIDC_SCOPE: read
-      SAML_ENABLED: true
-      CAS_ENABLED: true
-      BUNDLE_WITH: 'pam_authentication test'
-      GITHUB_RSPEC: ${{ matrix.ruby-version == '.ruby-version' && github.event.pull_request && 'true' }}
-      MASTODON_USE_LIBVIPS: false
-
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby-version:
-          - '3.2'
-          - '3.3'
-          - '.ruby-version'
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/download-artifact@v4
-        with:
-          path: './'
-          name: ${{ github.sha }}
-
-      - name: Expand archived asset artifacts
-        run: |
-          tar xvzf artifacts.tar.gz
-
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
-        with:
-          ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg imagemagick libpam-dev
+          bundler-cache: true
 
       - name: Load database schema
         run: './bin/rails db:create db:schema:load db:seed'
 
-      - run: bin/rspec --tag attachment_processing
-
-      - name: Upload coverage reports to Codecov
-        if: matrix.ruby-version == '.ruby-version'
-        uses: codecov/codecov-action@v5
-        with:
-          files: coverage/lcov/mastodon.lcov
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      - run: bundle exec rake rspec_chunked
 
   test-e2e:
     name: End to End testing
@@ -275,9 +169,9 @@ jobs:
           POSTGRES_USER: postgres
         options: >-
           --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 5432:5432
 
@@ -285,9 +179,9 @@ jobs:
         image: redis:7-alpine
         options: >-
           --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 6379:6379
 
@@ -295,76 +189,70 @@ jobs:
       DB_HOST: localhost
       DB_USER: postgres
       DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
       RAILS_ENV: test
       BUNDLE_WITH: test
-      LOCAL_DOMAIN: localhost:3000
-      LOCAL_HTTPS: false
 
     strategy:
       fail-fast: false
       matrix:
         ruby-version:
-          - '3.2'
-          - '3.3'
+          - '3.0'
+          - '3.1'
           - '.ruby-version'
 
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
-          path: './'
+          path: './public'
           name: ${{ github.sha }}
 
-      - name: Expand archived asset artifacts
-        run: |
-          tar xvzf artifacts.tar.gz
+      - name: Update package index
+        run: sudo apt-get update
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Install additional system dependencies
+        run: sudo apt-get install -y ffmpeg imagemagick
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg
+          bundler-cache: true
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - run: yarn --frozen-lockfile
 
       - name: Load database schema
         run: './bin/rails db:create db:schema:load db:seed'
 
-      - name: Cache Playwright Chromium browser
-        id: playwright-cache
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/ms-playwright
-          key: playwright-browsers-${{ runner.os }}-${{ hashFiles('yarn.lock') }}
-
-      - name: Install Playwright Chromium browser (with deps)
-        if: steps.playwright-cache.outputs.cache-hit != 'true'
-        run: yarn run playwright install --with-deps chromium
-
-      - name: Install Playwright Chromium browser deps
-        if: steps.playwright-cache.outputs.cache-hit == 'true'
-        run: yarn run playwright install-deps chromium
-
-      - run: bin/rspec spec/system --tag streaming --tag js
+      - run: bundle exec rake spec:system
 
       - name: Archive logs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: e2e-logs-${{ matrix.ruby-version }}
           path: log/
 
       - name: Archive test screenshots
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
-          name: e2e-screenshots-${{ matrix.ruby-version }}
-          path: tmp/capybara/
+          name: e2e-screenshots
+          path: tmp/screenshots/
 
   test-search:
-    name: Elastic Search integration testing
+    name: Testing search
     runs-on: ubuntu-latest
 
     needs:
@@ -378,9 +266,9 @@ jobs:
           POSTGRES_USER: postgres
         options: >-
           --health-cmd pg_isready
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 5432:5432
 
@@ -388,36 +276,22 @@ jobs:
         image: redis:7-alpine
         options: >-
           --health-cmd "redis-cli ping"
-          --health-interval 10ms
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
         ports:
           - 6379:6379
 
       elasticsearch:
-        image: ${{ contains(matrix.search-image, 'elasticsearch') && matrix.search-image || '' }}
+        image: docker.elastic.co/elasticsearch/elasticsearch:7.17.13
         env:
           discovery.type: single-node
           xpack.security.enabled: false
         options: >-
           --health-cmd "curl http://localhost:9200/_cluster/health"
-          --health-interval 2s
-          --health-timeout 3s
-          --health-retries 50
-        ports:
-          - 9200:9200
-
-      opensearch:
-        image: ${{ contains(matrix.search-image, 'opensearch') && matrix.search-image || '' }}
-        env:
-          discovery.type: single-node
-          DISABLE_INSTALL_DEMO_CONFIG: true
-          DISABLE_SECURITY_PLUGIN: true
-        options: >-
-          --health-cmd "curl http://localhost:9200/_cluster/health"
-          --health-interval 2s
-          --health-timeout 3s
-          --health-retries 50
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 10
         ports:
           - 9200:9200
 
@@ -425,6 +299,7 @@ jobs:
       DB_HOST: localhost
       DB_USER: postgres
       DB_PASS: postgres
+      DISABLE_SIMPLECOV: true
       RAILS_ENV: test
       BUNDLE_WITH: test
       ES_ENABLED: true
@@ -435,49 +310,56 @@ jobs:
       fail-fast: false
       matrix:
         ruby-version:
-          - '3.2'
-          - '3.3'
+          - '3.0'
+          - '3.1'
           - '.ruby-version'
-        search-image:
-          - docker.elastic.co/elasticsearch/elasticsearch:7.17.13
-        include:
-          - ruby-version: '.ruby-version'
-            search-image: docker.elastic.co/elasticsearch/elasticsearch:8.10.2
-          - ruby-version: '.ruby-version'
-            search-image: opensearchproject/opensearch:2
 
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v3
         with:
-          path: './'
+          path: './public'
           name: ${{ github.sha }}
 
-      - name: Set up Ruby environment
-        uses: ./.github/actions/setup-ruby
+      - name: Update package index
+        run: sudo apt-get update
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          cache: yarn
+          node-version-file: '.nvmrc'
+
+      - name: Install native Ruby dependencies
+        run: sudo apt-get install -y libicu-dev libidn11-dev
+
+      - name: Install additional system dependencies
+        run: sudo apt-get install -y ffmpeg imagemagick
+
+      - name: Set up bundler cache
+        uses: ruby/setup-ruby@v1
         with:
           ruby-version: ${{ matrix.ruby-version}}
-          additional-system-dependencies: ffmpeg
+          bundler-cache: true
 
-      - name: Set up Javascript environment
-        uses: ./.github/actions/setup-javascript
+      - run: yarn --frozen-lockfile
 
       - name: Load database schema
         run: './bin/rails db:create db:schema:load db:seed'
 
-      - run: bin/rspec --tag search
+      - run: bundle exec rake spec:search
 
       - name: Archive logs
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: test-search-logs-${{ matrix.ruby-version }}
           path: log/
 
       - name: Archive test screenshots
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: test-search-screenshots
-          path: tmp/capybara/
+          path: tmp/screenshots/

.gitignore

@@ -21,16 +21,19 @@
 /public/system
 /public/assets
 /public/packs
-/public/packs-dev
 /public/packs-test
 .env
 .env.production
-node_modules/
+.env.development
+/node_modules/
 /build/
 
 # Ignore Vagrant files
 .vagrant/
 
+# Ignore Capistrano customizations
+/config/deploy/*
+
 # Ignore IDE files
 .vscode/
 .idea/
@@ -55,26 +58,8 @@ npm-debug.log
 yarn-error.log
 yarn-debug.log
 
-# From https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
-.pnp.*
-.yarn/*
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/sdks
-!.yarn/versions
-
 # Ignore vagrant log files
 *-cloudimg-console.log
 
 # Ignore Docker option files
 docker-compose.override.yml
-
-# Ignore dotenv .local files
-.env*.local
-
-# Ignore local-only rspec configuration
-.rspec-local
-
-*storybook.log
-storybook-static

.haml-lint.yml

@@ -1,5 +1,8 @@
+inherits_from: .haml-lint_todo.yml
+
 exclude:
   - 'vendor/**/*'
+  - lib/templates/haml/scaffold/_form.html.haml
 
 require:
   - ./lib/linter/haml_middle_dot.rb
@@ -9,7 +12,3 @@ linters:
     enabled: true
   MiddleDot:
     enabled: true
-  LineLength:
-    max: 300
-  ViewLength:
-    max: 200 # Override default value of 100 inherited from rubocop

.haml-lint_todo.yml

@@ -0,0 +1,47 @@
+# This configuration was generated by
+# `haml-lint --auto-gen-config`
+# on 2023-07-20 09:47:50 -0400 using Haml-Lint version 0.48.0.
+# The point is for the user to remove these configuration records
+# one by one as the lints are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of Haml-Lint, may require this file to be generated again.
+
+linters:
+  # Offense count: 951
+  LineLength:
+    enabled: false
+
+  # Offense count: 22
+  UnnecessaryStringOutput:
+    enabled: false
+
+  # Offense count: 57
+  RuboCop:
+    enabled: false
+
+  # Offense count: 3
+  ViewLength:
+    exclude:
+      - 'app/views/admin/accounts/show.html.haml'
+      - 'app/views/admin/reports/show.html.haml'
+      - 'app/views/disputes/strikes/show.html.haml'
+
+  # Offense count: 32
+  InstanceVariables:
+    exclude:
+      - 'app/views/admin/reports/_actions.html.haml'
+      - 'app/views/admin/roles/_form.html.haml'
+      - 'app/views/admin/webhooks/_form.html.haml'
+      - 'app/views/auth/registrations/_status.html.haml'
+      - 'app/views/auth/sessions/two_factor/_otp_authentication_form.html.haml'
+      - 'app/views/authorize_interactions/_post_follow_actions.html.haml'
+      - 'app/views/invites/_form.html.haml'
+      - 'app/views/relationships/_account.html.haml'
+      - 'app/views/shared/_og.html.haml'
+
+  # Offense count: 3
+  IdNames:
+    exclude:
+      - 'app/views/authorize_interactions/error.html.haml'
+      - 'app/views/oauth/authorizations/error.html.haml'
+      - 'app/views/shared/_error_messages.html.haml'

.husky/pre-commit

@@ -1 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
 yarn lint-staged

.nanoignore

@@ -0,0 +1,19 @@
+.DS_Store
+.git/
+.gitignore
+
+.bundle/
+.cache/
+config/deploy/*
+coverage
+docs/
+.env
+log/*.log
+neo4j/
+node_modules/
+public/assets/
+public/system/
+spec/
+tmp/
+.vagrant/
+vendor/bundle/

.nvmrc

@@ -1 +1 @@
-22.16
+20.7

.prettierignore

@@ -18,6 +18,10 @@
 !/log/.keep
 /tmp
 /coverage
+/public/system
+/public/assets
+/public/packs
+/public/packs-test
 .env
 .env.production
 .env.development
@@ -27,6 +31,9 @@
 # Ignore Vagrant files
 .vagrant/
 
+# Ignore Capistrano customizations
+/config/deploy/*
+
 # Ignore IDE files
 .vscode/
 .idea/
@@ -50,17 +57,8 @@
 # Ignore Docker option files
 docker-compose.override.yml
 
-# Ignore public
-/public/assets
-/public/emoji
-/public/packs
-/public/packs-test
-/public/system
-/public/vite*
-
 # Ignore emoji map file
 /app/javascript/mastodon/features/emoji/emoji_map.json
-/app/javascript/mastodon/features/emoji/emoji_data.json
 
 # Ignore locale files
 /app/javascript/mastodon/locales/*.json
@@ -78,6 +76,3 @@ app/javascript/styles/mastodon/reset.scss
 
 # Ignore the generated AUTHORS.md
 AUTHORS.md
-
-# Process a few selected JS files
-!lint-staged.config.js

.prettierrc.js

@@ -1,4 +1,4 @@
 module.exports = {
   singleQuote: true,
   jsxSingleQuote: true
-};
+}

.profile

@@ -0,0 +1 @@
+LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/app/.apt/lib/x86_64-linux-gnu:/app/.apt/usr/lib/x86_64-linux-gnu/mesa:/app/.apt/usr/lib/x86_64-linux-gnu/pulseaudio:/app/.apt/usr/lib/x86_64-linux-gnu/openblas-pthread

.rspec

@@ -1,2 +1,3 @@
 --color
 --require spec_helper
+--format Fuubar

.rubocop.yml

@@ -1,36 +1,202 @@
----
-AllCops:
-  CacheRootDirectory: tmp
-  DisplayStyleGuide: true
-  Exclude:
-    - Vagrantfile
-    - config/initializers/json_ld*
-    - lib/mastodon/migration_helpers.rb
-  ExtraDetails: true
-  NewCops: enable
-  TargetRubyVersion: 3.2 # Oldest supported ruby version
-
-inherit_from:
-  - .rubocop/layout.yml
-  - .rubocop/metrics.yml
-  - .rubocop/naming.yml
-  - .rubocop/rails.yml
-  - .rubocop/rspec_rails.yml
-  - .rubocop/rspec.yml
-  - .rubocop/style.yml
-  - .rubocop/i18n.yml
-  - .rubocop/custom.yml
-  - .rubocop_todo.yml
-  - .rubocop/strict.yml
+# Can be removed once all rules are addressed or moved to this file as documented overrides
+inherit_from: .rubocop_todo.yml
 
+# Used for merging with exclude lists with .rubocop_todo.yml
 inherit_mode:
   merge:
     - Exclude
 
-plugins:
-  - rubocop-capybara
-  - rubocop-i18n
-  - rubocop-performance
+require:
   - rubocop-rails
   - rubocop-rspec
-  - rubocop-rspec_rails
+  - rubocop-performance
+  - rubocop-capybara
+  - ./lib/linter/rubocop_middle_dot
+
+AllCops:
+  TargetRubyVersion: 3.0 # Set to minimum supported version of CI
+  DisplayCopNames: true
+  DisplayStyleGuide: true
+  ExtraDetails: true
+  UseCache: true
+  CacheRootDirectory: tmp
+  NewCops: enable # Opt-in to newly added rules
+  Exclude:
+    - db/schema.rb
+    - 'bin/*'
+    - 'node_modules/**/*'
+    - 'Vagrantfile'
+    - 'vendor/**/*'
+    - 'lib/json_ld/*' # Generated files
+    - 'lib/templates/**/*'
+
+# Reason: Prefer Hashes without extreme indentation
+# https://docs.rubocop.org/rubocop/cops_layout.html#layoutfirsthashelementindentation
+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
+
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_layout.html#layoutlinelength
+Layout/LineLength:
+  Max: 320 # Default of 120 causes a duplicate entry in generated todo file
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_lint.html#lintuselessaccessmodifier
+Lint/UselessAccessModifier:
+  ContextCreatingMethods:
+    - class_methods
+
+## Disable most Metrics/*Length cops
+# Reason: those are often triggered and force significant refactors when this happend
+#         but the team feel they are not really improving the code quality.
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocklength
+Metrics/BlockLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsclasslength
+Metrics/ClassLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmethodlength
+Metrics/MethodLength:
+  Enabled: false
+
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsmodulelength
+Metrics/ModuleLength:
+  Enabled: false
+
+## End Disable Metrics/*Length cops
+
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsabcsize
+Metrics/AbcSize:
+  Exclude:
+    - 'lib/mastodon/cli/*.rb'
+    - db/*migrate/**/*
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsblocknesting
+Metrics/BlockNesting:
+  Exclude:
+    - 'lib/mastodon/cli/*.rb'
+
+# Reason: Currently disabled in .rubocop_todo.yml
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricscyclomaticcomplexity
+Metrics/CyclomaticComplexity:
+  Exclude:
+    - lib/mastodon/cli/*.rb
+    - db/*migrate/**/*
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_metrics.html#metricsparameterlists
+Metrics/ParameterLists:
+  CountKeywordArgs: false
+
+# Reason: Prevailing style is argument file paths
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsfilepath
+Rails/FilePath:
+  EnforcedStyle: arguments
+
+# Reason: Prevailing style uses numeric status codes, matches RSpec/Rails/HttpStatus
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railshttpstatus
+Rails/HttpStatus:
+  EnforcedStyle: numeric
+
+# Reason: Allowed in `tootctl` CLI code and in boot ENV checker
+# https://docs.rubocop.org/rubocop-rails/cops_rails.html#railsexit
+Rails/Exit:
+  Exclude:
+    - 'config/boot.rb'
+    - 'lib/mastodon/cli/*.rb'
+
+# Reason: Some single letter camel case files shouldn't be split
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecfilepath
+RSpec/FilePath:
+  CustomTransform:
+    ActivityPub: activitypub # Ignore the snake_case due to the amount of files to rename
+    DeepL: deepl
+    FetchOEmbedService: fetch_oembed_service
+    JsonLdHelper: jsonld_helper
+    OEmbedController: oembed_controller
+    OStatus: ostatus
+    NodeInfoController: nodeinfo_controller # NodeInfo isn't snake_cased for any of the instances
+  Exclude:
+    - 'spec/config/initializers/rack_attack_spec.rb' # namespaces usually have separate folder
+    - 'spec/lib/sanitize_config_spec.rb' # namespaces usually have separate folder
+
+# Reason:
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnamedsubject
+RSpec/NamedSubject:
+  EnforcedStyle: named_only
+
+# Reason: Prevailing style choice
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec.html#rspecnottonot
+RSpec/NotToNot:
+  EnforcedStyle: to_not
+
+# Reason: Prevailing style uses numeric status codes, matches Rails/HttpStatus
+# https://docs.rubocop.org/rubocop-rspec/cops_rspec_rails.html#rspecrailshttpstatus
+RSpec/Rails/HttpStatus:
+  EnforcedStyle: numeric
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styleclassandmodulechildren
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+# Reason: Classes mostly self-document with their names
+# https://docs.rubocop.org/rubocop/cops_style.html#styledocumentation
+Style/Documentation:
+  Enabled: false
+
+# Reason: Enforce modern Ruby style
+# https://docs.rubocop.org/rubocop/cops_style.html#stylehashsyntax
+Style/HashSyntax:
+  EnforcedStyle: ruby19_no_mixed_keys
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#stylenumericliterals
+Style/NumericLiterals:
+  AllowedPatterns:
+    - \d{4}_\d{2}_\d{2}_\d{6} # For DB migration date version number readability
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#stylepercentliteraldelimiters
+Style/PercentLiteralDelimiters:
+  PreferredDelimiters:
+    '%i': '()'
+    '%w': '()'
+
+# Reason: Prefer less indentation in conditional assignments
+# https://docs.rubocop.org/rubocop/cops_style.html#styleredundantbegin
+Style/RedundantBegin:
+  Enabled: false
+
+# Reason: Overridden to reduce implicit StandardError rescues
+# https://docs.rubocop.org/rubocop/cops_style.html#stylerescuestandarderror
+Style/RescueStandardError:
+  EnforcedStyle: implicit
+
+# Reason: Simplify some spec layouts
+# https://docs.rubocop.org/rubocop/cops_style.html#stylesemicolon
+Style/Semicolon:
+  AllowAsExpressionSeparator: true
+
+# Reason: Originally disabled for CodeClimate, and no config consensus has been found
+# https://docs.rubocop.org/rubocop/cops_style.html#stylesymbolarray
+Style/SymbolArray:
+  Enabled: false
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainarrayliteral
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: 'comma'
+
+# Reason:
+# https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainhashliteral
+Style/TrailingCommaInHashLiteral:
+  EnforcedStyleForMultiline: 'comma'
+
+Style/MiddleDot:
+  Enabled: true

.rubocop/custom.yml

@@ -1,6 +0,0 @@
----
-require:
-  - ../lib/linter/rubocop_middle_dot
-
-Style/MiddleDot:
-  Enabled: true

.rubocop/i18n.yml

@@ -1,12 +0,0 @@
-I18n/RailsI18n:
-  Enabled: true
-  Exclude:
-    - 'config/**/*'
-    - 'db/**/*'
-    - 'lib/**/*'
-    - 'spec/**/*'
-I18n/GetText:
-  Enabled: false
-
-I18n/RailsI18n/DecorateStringFormattingUsingInterpolation:
-  Enabled: false

.rubocop/layout.yml

@@ -1,6 +0,0 @@
----
-Layout/FirstHashElementIndentation:
-  EnforcedStyle: consistent
-
-Layout/LineLength:
-  Max: 300 # Default of 120 causes a duplicate entry in generated todo file

.rubocop/metrics.yml

@@ -1,23 +0,0 @@
----
-Metrics/AbcSize:
-  Exclude:
-    - lib/mastodon/cli/*.rb
-
-Metrics/BlockLength:
-  Enabled: false
-
-Metrics/ClassLength:
-  Enabled: false
-
-Metrics/CyclomaticComplexity:
-  Exclude:
-    - lib/mastodon/cli/*.rb
-
-Metrics/MethodLength:
-  Enabled: false
-
-Metrics/ModuleLength:
-  Enabled: false
-
-Metrics/ParameterLists:
-  CountKeywordArgs: false

.rubocop/naming.yml

@@ -1,6 +0,0 @@
----
-Naming/BlockForwarding:
-  EnforcedStyle: explicit
-
-Naming/PredicateMethod:
-  Enabled: false

.rubocop/rails.yml

@@ -1,26 +0,0 @@
----
-Rails/BulkChangeTable:
-  Enabled: false # Conflicts with strong_migrations features
-
-Rails/Delegate:
-  Enabled: false
-
-Rails/FilePath:
-  EnforcedStyle: arguments
-
-Rails/HttpStatus:
-  EnforcedStyle: numeric
-
-Rails/NegateInclude:
-  Enabled: false
-
-Rails/RakeEnvironment:
-  Exclude: # Tasks are doing local work which do not need full env loaded
-    - lib/tasks/auto_annotate_models.rake
-    - lib/tasks/emojis.rake
-    - lib/tasks/mastodon.rake
-    - lib/tasks/repo.rake
-    - lib/tasks/statistics.rake
-
-Rails/SkipsModelValidations:
-  Enabled: false

.rubocop/rspec.yml

@@ -1,27 +0,0 @@
----
-RSpec/ExampleLength:
-  CountAsOne: ['array', 'heredoc', 'method_call']
-  Max: 20 # Override default of 5
-
-RSpec/MultipleExpectations:
-  Max: 10 # Overrides default of 1
-
-RSpec/MultipleMemoizedHelpers:
-  Max: 20 # Overrides default of 5
-
-RSpec/NamedSubject:
-  EnforcedStyle: named_only
-
-RSpec/NestedGroups:
-  Max: 10 # Overrides default of 3
-
-RSpec/NotToNot:
-  EnforcedStyle: to_not
-
-RSpec/SpecFilePathFormat:
-  CustomTransform:
-    ActivityPub: activitypub
-    DeepL: deepl
-    FetchOEmbedService: fetch_oembed_service
-    OEmbedController: oembed_controller
-    OStatus: ostatus

.rubocop/rspec_rails.yml

@@ -1,3 +0,0 @@
----
-RSpecRails/HttpStatus:
-  EnforcedStyle: numeric

.rubocop/strict.yml

@@ -1,24 +0,0 @@
-Lint/Debugger: # Remove any `binding.pry`
-  Enabled: true
-  Exclude: []
-
-RSpec/Focus: # Require full spec run on CI
-  Enabled: true
-  Exclude: []
-
-Rails/Output: # Remove any `puts` debugging
-  inherit_mode:
-    merge:
-      - Include
-  Enabled: true
-  Exclude: []
-  Include:
-    - spec/**/*.rb
-
-Rails/FindEach: # Using `each` could impact performance, use `find_each`
-  Enabled: true
-  Exclude: []
-
-Rails/UniqBeforePluck: # Require `uniq.pluck` and not `pluck.uniq`
-  Enabled: true
-  Exclude: []

.rubocop/style.yml

@@ -1,63 +0,0 @@
----
-Style/ArrayIntersect:
-  Enabled: false
-
-Style/ClassAndModuleChildren:
-  Enabled: false
-
-Style/Documentation:
-  Enabled: false
-
-Style/FormatStringToken:
-  AllowedMethods:
-    - redirect_with_vary # Route redirects are not token-formatted
-  inherit_mode:
-    merge:
-      - AllowedMethods
-
-Style/HashAsLastArrayItem:
-  Enabled: false
-
-Style/HashSyntax:
-  EnforcedShorthandSyntax: either
-  EnforcedStyle: ruby19_no_mixed_keys
-
-Style/IfUnlessModifier:
-  Exclude:
-    - '**/*.haml'
-
-Style/KeywordArgumentsMerging:
-  Enabled: false
-
-Style/NumericLiterals:
-  AllowedPatterns:
-    - \d{4}_\d{2}_\d{2}_\d{6}
-
-Style/PercentLiteralDelimiters:
-  PreferredDelimiters:
-    '%i': ()
-    '%w': ()
-
-Style/RedundantBegin:
-  Enabled: false
-
-Style/RedundantFetchBlock:
-  Enabled: false
-
-Style/RescueStandardError:
-  EnforcedStyle: implicit
-
-Style/SafeNavigationChainLength:
-  Enabled: false
-
-Style/SymbolArray:
-  Enabled: false
-
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: comma
-
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: comma
-
-Style/WordArray:
-  MinSize: 3 # Override default of 2

.rubocop_todo.yml

@@ -1,20 +1,113 @@
 # This configuration was generated by
-# `rubocop --auto-gen-config --auto-gen-only-exclude --no-offense-counts --no-auto-gen-timestamp`
-# using RuboCop version 1.76.1.
+# `rubocop --auto-gen-config --auto-gen-only-exclude --no-exclude-limit --no-offense-counts --no-auto-gen-timestamp`
+# using RuboCop version 1.56.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
+# Include: **/*.gemfile, **/Gemfile, **/gems.rb
+Bundler/OrderedGems:
+  Exclude:
+    - 'Gemfile'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: with_first_argument, with_fixed_indentation
+Layout/ArgumentAlignment:
+  Exclude:
+    - 'config/initializers/cors.rb'
+    - 'config/initializers/session_store.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
+# SupportedHashRocketStyles: key, separator, table
+# SupportedColonStyles: key, separator, table
+# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
+Layout/HashAlignment:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/rack_attack.rb'
+    - 'config/routes.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
+Layout/LeadingCommentSpace:
+  Exclude:
+    - 'config/application.rb'
+    - 'config/initializers/3_omniauth.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
+# URISchemes: http, https
+Layout/LineLength:
+  Exclude:
+    - 'app/models/account.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_no_space, require_space
+Layout/SpaceInLambdaLiteral:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/content_security_policy.rb'
+
+# Configuration parameters: AllowComments, AllowEmptyLambdas.
+Lint/EmptyBlock:
+  Exclude:
+    - 'spec/controllers/api/v2/search_controller_spec.rb'
+    - 'spec/fabricators/access_token_fabricator.rb'
+    - 'spec/fabricators/conversation_fabricator.rb'
+    - 'spec/fabricators/system_key_fabricator.rb'
+    - 'spec/lib/activitypub/adapter_spec.rb'
+    - 'spec/models/user_role_spec.rb'
+
 Lint/NonLocalExitFromIterator:
   Exclude:
-    - 'app/helpers/json_ld_helper.rb'
+    - 'app/helpers/jsonld_helper.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/OrAssignmentToConstant:
+  Exclude:
+    - 'lib/sanitize_ext/sanitize_config.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments.
+Lint/UnusedBlockArgument:
+  Exclude:
+    - 'config/initializers/content_security_policy.rb'
+    - 'config/initializers/doorkeeper.rb'
+    - 'config/initializers/paperclip.rb'
+    - 'config/initializers/simple_form.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Lint/UselessAssignment:
+  Exclude:
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'config/initializers/3_omniauth.rb'
+    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
+    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
+    - 'spec/controllers/api/v1/favourites_controller_spec.rb'
+    - 'spec/controllers/concerns/account_controller_concern_spec.rb'
+    - 'spec/helpers/jsonld_helper_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/domain_block_spec.rb'
+    - 'spec/models/status_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/models/webauthn_credentials_spec.rb'
+    - 'spec/services/account_search_service_spec.rb'
+    - 'spec/services/post_status_service_spec.rb'
+    - 'spec/services/precompute_feed_service_spec.rb'
+    - 'spec/services/resolve_url_service_spec.rb'
+    - 'spec/views/statuses/show.html.haml_spec.rb'
 
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 82
+  Max: 144
 
-# Configuration parameters: CountBlocks, CountModifierForms, Max.
+# Configuration parameters: CountBlocks, Max.
 Metrics/BlockNesting:
   Exclude:
     - 'lib/tasks/mastodon.rake'
@@ -27,13 +120,723 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Max: 27
 
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
+# SupportedStyles: snake_case, normalcase, non_integer
+# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
+Naming/VariableNumber:
+  Exclude:
+    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20180514140000_revert_index_change_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20190820003045_update_statuses_index.rb'
+    - 'db/migrate/20190823221802_add_local_index_to_statuses.rb'
+    - 'db/migrate/20200119112504_add_public_index_to_statuses.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/domain_block_spec.rb'
+    - 'spec/models/user_spec.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: SafeMultiline.
+Performance/DeletePrefix:
+  Exclude:
+    - 'app/models/featured_tag.rb'
+
+Performance/MapMethodChain:
+  Exclude:
+    - 'app/models/feed.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/services/bulk_import_service_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
+RSpec/AnyInstance:
+  Exclude:
+    - 'spec/controllers/activitypub/inboxes_controller_spec.rb'
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/admin/resets_controller_spec.rb'
+    - 'spec/controllers/admin/settings/branding_controller_spec.rb'
+    - 'spec/controllers/api/v1/media_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/confirmations_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/recovery_codes_controller_spec.rb'
+    - 'spec/lib/request_spec.rb'
+    - 'spec/lib/status_filter_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/setting_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/validators/follow_limit_validator_spec.rb'
+    - 'spec/workers/activitypub/delivery_worker_spec.rb'
+    - 'spec/workers/web/push_notification_worker_spec.rb'
+
+# Configuration parameters: CountAsOne.
+RSpec/ExampleLength:
+  Max: 22
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: implicit, each, example
+RSpec/HookArgument:
+  Exclude:
+    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
+    - 'spec/controllers/well_known/webfinger_controller_spec.rb'
+    - 'spec/helpers/instance_helper_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/rails_helper.rb'
+    - 'spec/serializers/activitypub/note_serializer_spec.rb'
+    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+
+# Configuration parameters: AssignmentOnly.
+RSpec/InstanceVariable:
+  Exclude:
+    - 'spec/controllers/api/v1/streaming_controller_spec.rb'
+    - 'spec/controllers/auth/confirmations_controller_spec.rb'
+    - 'spec/controllers/auth/passwords_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/concerns/export_controller_concern_spec.rb'
+    - 'spec/controllers/home_controller_spec.rb'
+    - 'spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb'
+    - 'spec/controllers/statuses_cleanup_controller_spec.rb'
+    - 'spec/models/concerns/account_finder_concern_spec.rb'
+    - 'spec/models/concerns/account_interactions_spec.rb'
+    - 'spec/models/public_feed_spec.rb'
+    - 'spec/serializers/activitypub/note_serializer_spec.rb'
+    - 'spec/serializers/activitypub/update_poll_serializer_spec.rb'
+    - 'spec/services/remove_status_service_spec.rb'
+    - 'spec/services/search_service_spec.rb'
+    - 'spec/services/unblock_domain_service_spec.rb'
+
+RSpec/LetSetup:
+  Exclude:
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/admin/action_logs_controller_spec.rb'
+    - 'spec/controllers/admin/instances_controller_spec.rb'
+    - 'spec/controllers/admin/reports/actions_controller_spec.rb'
+    - 'spec/controllers/admin/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v1/accounts/statuses_controller_spec.rb'
+    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/api/v1/filters_controller_spec.rb'
+    - 'spec/controllers/api/v1/followed_tags_controller_spec.rb'
+    - 'spec/controllers/api/v2/admin/accounts_controller_spec.rb'
+    - 'spec/controllers/api/v2/filters/keywords_controller_spec.rb'
+    - 'spec/controllers/api/v2/filters/statuses_controller_spec.rb'
+    - 'spec/controllers/auth/confirmations_controller_spec.rb'
+    - 'spec/controllers/auth/passwords_controller_spec.rb'
+    - 'spec/controllers/auth/sessions_controller_spec.rb'
+    - 'spec/controllers/follower_accounts_controller_spec.rb'
+    - 'spec/controllers/following_accounts_controller_spec.rb'
+    - 'spec/controllers/oauth/authorized_applications_controller_spec.rb'
+    - 'spec/controllers/oauth/tokens_controller_spec.rb'
+    - 'spec/controllers/settings/imports_controller_spec.rb'
+    - 'spec/lib/activitypub/activity/delete_spec.rb'
+    - 'spec/lib/vacuum/applications_vacuum_spec.rb'
+    - 'spec/lib/vacuum/preview_cards_vacuum_spec.rb'
+    - 'spec/models/account_spec.rb'
+    - 'spec/models/account_statuses_cleanup_policy_spec.rb'
+    - 'spec/models/canonical_email_block_spec.rb'
+    - 'spec/models/status_spec.rb'
+    - 'spec/models/user_spec.rb'
+    - 'spec/services/account_statuses_cleanup_service_spec.rb'
+    - 'spec/services/activitypub/fetch_featured_collection_service_spec.rb'
+    - 'spec/services/activitypub/fetch_remote_status_service_spec.rb'
+    - 'spec/services/activitypub/process_account_service_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/services/batched_remove_status_service_spec.rb'
+    - 'spec/services/block_domain_service_spec.rb'
+    - 'spec/services/bulk_import_service_spec.rb'
+    - 'spec/services/delete_account_service_spec.rb'
+    - 'spec/services/import_service_spec.rb'
+    - 'spec/services/notify_service_spec.rb'
+    - 'spec/services/remove_status_service_spec.rb'
+    - 'spec/services/report_service_spec.rb'
+    - 'spec/services/resolve_account_service_spec.rb'
+    - 'spec/services/suspend_account_service_spec.rb'
+    - 'spec/services/unallow_domain_service_spec.rb'
+    - 'spec/services/unsuspend_account_service_spec.rb'
+    - 'spec/workers/scheduler/user_cleanup_scheduler_spec.rb'
+
+RSpec/MessageChain:
+  Exclude:
+    - 'spec/controllers/api/v1/media_controller_spec.rb'
+    - 'spec/models/concerns/remotable_spec.rb'
+    - 'spec/models/session_activation_spec.rb'
+    - 'spec/models/setting_spec.rb'
+
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: have_received, receive
+RSpec/MessageSpies:
+  Exclude:
+    - 'spec/controllers/admin/accounts_controller_spec.rb'
+    - 'spec/helpers/admin/account_moderation_notes_helper_spec.rb'
+    - 'spec/lib/webfinger_resource_spec.rb'
+    - 'spec/models/admin/account_action_spec.rb'
+    - 'spec/models/concerns/remotable_spec.rb'
+    - 'spec/models/follow_request_spec.rb'
+    - 'spec/models/identity_spec.rb'
+    - 'spec/models/session_activation_spec.rb'
+    - 'spec/models/setting_spec.rb'
+    - 'spec/services/activitypub/fetch_replies_service_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/spec_helper.rb'
+    - 'spec/validators/status_length_validator_spec.rb'
+
+RSpec/MultipleExpectations:
+  Max: 8
+
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 21
+
+# Configuration parameters: AllowedGroups.
+RSpec/NestedGroups:
+  Max: 6
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Rails/ApplicationController:
+  Exclude:
+    - 'app/controllers/health_controller.rb'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/CreateTableWithTimestamps:
+  Exclude:
+    - 'db/migrate/20170508230434_create_conversation_mutes.rb'
+    - 'db/migrate/20170823162448_create_status_pins.rb'
+    - 'db/migrate/20171116161857_create_list_accounts.rb'
+    - 'db/migrate/20180929222014_create_account_conversations.rb'
+    - 'db/migrate/20181007025445_create_pghero_space_stats.rb'
+    - 'db/migrate/20190103124649_create_scheduled_statuses.rb'
+    - 'db/migrate/20220824233535_create_status_trends.rb'
+    - 'db/migrate/20221006061337_create_preview_card_trends.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Severity.
+Rails/DuplicateAssociation:
+  Exclude:
+    - 'app/serializers/activitypub/collection_serializer.rb'
+    - 'app/serializers/activitypub/note_serializer.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/HasAndBelongsToMany:
+  Exclude:
+    - 'app/models/concerns/account_associations.rb'
+    - 'app/models/preview_card.rb'
+    - 'app/models/status.rb'
+    - 'app/models/tag.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/HasManyOrHasOneDependent:
+  Exclude:
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/conversation.rb'
+    - 'app/models/custom_emoji.rb'
+    - 'app/models/custom_emoji_category.rb'
+    - 'app/models/domain_block.rb'
+    - 'app/models/invite.rb'
+    - 'app/models/status.rb'
+    - 'app/models/user.rb'
+    - 'app/models/web/push_subscription.rb'
+
+Rails/I18nLocaleTexts:
+  Exclude:
+    - 'lib/tasks/mastodon.rake'
+    - 'spec/helpers/flashes_helper_spec.rb'
+
+# Configuration parameters: Include.
+# Include: app/controllers/**/*.rb, app/mailers/**/*.rb
+Rails/LexicallyScopedActionFilter:
+  Exclude:
+    - 'app/controllers/auth/passwords_controller.rb'
+    - 'app/controllers/auth/registrations_controller.rb'
+    - 'app/controllers/auth/sessions_controller.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Rails/NegateInclude:
+  Exclude:
+    - 'app/controllers/concerns/signature_verification.rb'
+    - 'app/helpers/jsonld_helper.rb'
+    - 'app/lib/activitypub/activity/create.rb'
+    - 'app/lib/activitypub/activity/move.rb'
+    - 'app/lib/feed_manager.rb'
+    - 'app/lib/link_details_extractor.rb'
+    - 'app/models/concerns/attachmentable.rb'
+    - 'app/models/concerns/remotable.rb'
+    - 'app/models/custom_filter.rb'
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'app/services/fetch_link_card_service.rb'
+    - 'app/services/search_service.rb'
+    - 'app/workers/web/push_notification_worker.rb'
+    - 'lib/paperclip/color_extractor.rb'
+
+Rails/OutputSafety:
+  Exclude:
+    - 'config/initializers/simple_form.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Include.
+# Include: **/Rakefile, **/*.rake
+Rails/RakeEnvironment:
+  Exclude:
+    - 'lib/tasks/auto_annotate_models.rake'
+    - 'lib/tasks/db.rake'
+    - 'lib/tasks/emojis.rake'
+    - 'lib/tasks/mastodon.rake'
+    - 'lib/tasks/repo.rake'
+    - 'lib/tasks/statistics.rake'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/ReversibleMigration:
+  Exclude:
+    - 'db/migrate/20160223164502_make_uris_nullable_in_statuses.rb'
+    - 'db/migrate/20161122163057_remove_unneeded_indexes.rb'
+    - 'db/migrate/20170205175257_remove_devices.rb'
+    - 'db/migrate/20170322143850_change_primary_key_to_bigint_on_statuses.rb'
+    - 'db/migrate/20170520145338_change_language_filter_to_opt_out.rb'
+    - 'db/migrate/20170609145826_remove_default_language_from_statuses.rb'
+    - 'db/migrate/20170711225116_fix_null_booleans.rb'
+    - 'db/migrate/20171129172043_add_index_on_stream_entries.rb'
+    - 'db/migrate/20171212195226_remove_duplicate_indexes_in_lists.rb'
+    - 'db/migrate/20171226094803_more_faster_index_on_notifications.rb'
+    - 'db/migrate/20180106000232_add_index_on_statuses_for_api_v1_accounts_account_id_statuses.rb'
+    - 'db/migrate/20180617162849_remove_unused_indexes.rb'
+    - 'db/migrate/20220827195229_change_canonical_email_blocks_nullable.rb'
+
+# Configuration parameters: ForbiddenMethods, AllowedMethods.
+# ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
+Rails/SkipsModelValidations:
+  Exclude:
+    - 'app/controllers/admin/invites_controller.rb'
+    - 'app/controllers/concerns/session_tracking_concern.rb'
+    - 'app/models/concerns/account_merging.rb'
+    - 'app/models/concerns/expireable.rb'
+    - 'app/models/status.rb'
+    - 'app/models/trends/links.rb'
+    - 'app/models/trends/preview_card_batch.rb'
+    - 'app/models/trends/preview_card_provider_batch.rb'
+    - 'app/models/trends/status_batch.rb'
+    - 'app/models/trends/statuses.rb'
+    - 'app/models/trends/tag_batch.rb'
+    - 'app/models/trends/tags.rb'
+    - 'app/models/user.rb'
+    - 'app/services/activitypub/process_status_update_service.rb'
+    - 'app/services/approve_appeal_service.rb'
+    - 'app/services/block_domain_service.rb'
+    - 'app/services/delete_account_service.rb'
+    - 'app/services/process_mentions_service.rb'
+    - 'app/services/unallow_domain_service.rb'
+    - 'app/services/unblock_domain_service.rb'
+    - 'app/services/update_status_service.rb'
+    - 'app/workers/activitypub/post_upgrade_worker.rb'
+    - 'app/workers/move_worker.rb'
+    - 'app/workers/scheduler/ip_cleanup_scheduler.rb'
+    - 'app/workers/scheduler/scheduled_statuses_scheduler.rb'
+    - 'db/migrate/20161203164520_add_from_account_id_to_notifications.rb'
+    - 'db/migrate/20170105224407_add_shortcode_to_media_attachments.rb'
+    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
+    - 'db/migrate/20170304202101_add_type_to_media_attachments.rb'
+    - 'db/migrate/20180528141303_fix_accounts_unique_index.rb'
+    - 'db/migrate/20180609104432_migrate_web_push_subscriptions2.rb'
+    - 'db/migrate/20181207011115_downcase_custom_emoji_domains.rb'
+    - 'db/migrate/20190511134027_add_silenced_at_suspended_at_to_accounts.rb'
+    - 'db/migrate/20191007013357_update_pt_locales.rb'
+    - 'db/migrate/20220316233212_update_kurdish_locales.rb'
+    - 'db/post_migrate/20190511152737_remove_suspended_silenced_account_fields.rb'
+    - 'db/post_migrate/20200917193528_migrate_notifications_type.rb'
+    - 'db/post_migrate/20201017234926_fill_account_suspension_origin.rb'
+    - 'db/post_migrate/20220617202502_migrate_roles.rb'
+    - 'db/post_migrate/20221101190723_backfill_admin_action_logs.rb'
+    - 'db/post_migrate/20221206114142_backfill_admin_action_logs_again.rb'
+    - 'lib/mastodon/cli/accounts.rb'
+    - 'lib/mastodon/cli/main.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'spec/controllers/api/v1/admin/accounts_controller_spec.rb'
+    - 'spec/lib/activitypub/activity/follow_spec.rb'
+    - 'spec/services/follow_service_spec.rb'
+    - 'spec/services/update_account_service_spec.rb'
+
+# Configuration parameters: Include.
+# Include: db/**/*.rb
+Rails/ThreeStateBooleanColumn:
+  Exclude:
+    - 'db/migrate/20160325130944_add_admin_to_users.rb'
+    - 'db/migrate/20161123093447_add_sensitive_to_statuses.rb'
+    - 'db/migrate/20170123203248_add_reject_media_to_domain_blocks.rb'
+    - 'db/migrate/20170127165745_add_devise_two_factor_to_users.rb'
+    - 'db/migrate/20170209184350_add_reply_to_statuses.rb'
+    - 'db/migrate/20170330163835_create_imports.rb'
+    - 'db/migrate/20170905165803_add_local_to_statuses.rb'
+    - 'db/migrate/20181203021853_add_discoverable_to_accounts.rb'
+    - 'db/migrate/20190509164208_add_by_moderator_to_tombstone.rb'
+    - 'db/migrate/20190805123746_add_capabilities_to_tags.rb'
+    - 'db/migrate/20191212163405_add_hide_collections_to_accounts.rb'
+    - 'db/migrate/20200309150742_add_forwarded_to_reports.rb'
+    - 'db/migrate/20210609202149_create_login_activities.rb'
+    - 'db/migrate/20210621221010_add_skip_sign_in_token_to_users.rb'
+    - 'db/migrate/20211031031021_create_preview_card_providers.rb'
+    - 'db/migrate/20211115032527_add_trendable_to_preview_cards.rb'
+    - 'db/migrate/20220202200743_add_trendable_to_accounts.rb'
+    - 'db/migrate/20220202200926_add_trendable_to_statuses.rb'
+    - 'db/migrate/20220303000827_add_ordered_media_attachment_ids_to_status_edits.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/UniqueValidationWithoutIndex:
+  Exclude:
+    - 'app/models/account_alias.rb'
+    - 'app/models/custom_filter_status.rb'
+    - 'app/models/identity.rb'
+    - 'app/models/webauthn_credential.rb'
+
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/UnusedIgnoredColumns:
+  Exclude:
+    - 'app/models/account.rb'
+    - 'app/models/account_stat.rb'
+    - 'app/models/admin/action_log.rb'
+    - 'app/models/custom_filter.rb'
+    - 'app/models/email_domain_block.rb'
+    - 'app/models/report.rb'
+    - 'app/models/status_edit.rb'
+    - 'app/models/user.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: exists, where
+Rails/WhereExists:
+  Exclude:
+    - 'app/controllers/activitypub/inboxes_controller.rb'
+    - 'app/controllers/admin/email_domain_blocks_controller.rb'
+    - 'app/controllers/auth/registrations_controller.rb'
+    - 'app/lib/activitypub/activity/create.rb'
+    - 'app/lib/delivery_failure_tracker.rb'
+    - 'app/lib/feed_manager.rb'
+    - 'app/lib/status_cache_hydrator.rb'
+    - 'app/lib/suspicious_sign_in_detector.rb'
+    - 'app/models/concerns/account_interactions.rb'
+    - 'app/models/featured_tag.rb'
+    - 'app/models/poll.rb'
+    - 'app/models/session_activation.rb'
+    - 'app/models/status.rb'
+    - 'app/models/user.rb'
+    - 'app/policies/status_policy.rb'
+    - 'app/serializers/rest/announcement_serializer.rb'
+    - 'app/serializers/rest/tag_serializer.rb'
+    - 'app/services/activitypub/fetch_remote_status_service.rb'
+    - 'app/services/app_sign_up_service.rb'
+    - 'app/services/vote_service.rb'
+    - 'app/validators/reaction_validator.rb'
+    - 'app/validators/vote_validator.rb'
+    - 'app/workers/move_worker.rb'
+    - 'db/migrate/20190529143559_preserve_old_layout_for_existing_users.rb'
+    - 'lib/tasks/tests.rake'
+    - 'spec/models/account_spec.rb'
+    - 'spec/services/activitypub/process_collection_service_spec.rb'
+    - 'spec/services/purge_domain_service_spec.rb'
+    - 'spec/services/unallow_domain_service_spec.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowOnConstant, AllowOnSelfClass.
+Style/CaseEquality:
+  Exclude:
+    - 'config/initializers/trusted_proxies.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+# AllowedMethods: ==, equal?, eql?
+Style/ClassEqualityComparison:
+  Exclude:
+    - 'app/helpers/jsonld_helper.rb'
+    - 'app/serializers/activitypub/outbox_serializer.rb'
+
+Style/ClassVars:
+  Exclude:
+    - 'config/initializers/devise.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/CombinableLoops:
+  Exclude:
+    - 'app/models/form/custom_emoji_batch.rb'
+    - 'app/models/form/ip_block_batch.rb'
+
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedVars.
 Style/FetchEnvVar:
   Exclude:
+    - 'app/lib/redis_configuration.rb'
+    - 'app/lib/translation_service.rb'
+    - 'config/environments/development.rb'
+    - 'config/environments/production.rb'
+    - 'config/initializers/2_limited_federation_mode.rb'
+    - 'config/initializers/3_omniauth.rb'
+    - 'config/initializers/blacklists.rb'
+    - 'config/initializers/cache_buster.rb'
+    - 'config/initializers/content_security_policy.rb'
+    - 'config/initializers/devise.rb'
     - 'config/initializers/paperclip.rb'
+    - 'config/initializers/vapid.rb'
+    - 'lib/mastodon/premailer_webpack_strategy.rb'
+    - 'lib/mastodon/redis_config.rb'
+    - 'lib/tasks/repo.rake'
+    - 'spec/features/profile_spec.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
+# SupportedStyles: annotated, template, unannotated
+# AllowedMethods: redirect
+Style/FormatStringToken:
+  Exclude:
+    - 'app/models/privacy_policy.rb'
+    - 'config/initializers/devise.rb'
+    - 'lib/paperclip/color_extractor.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/GlobalStdStream:
+  Exclude:
+    - 'config/boot.rb'
+    - 'config/environments/development.rb'
+    - 'config/environments/production.rb'
 
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
-  Enabled: false
+  Exclude:
+    - 'app/controllers/admin/confirmations_controller.rb'
+    - 'app/controllers/auth/confirmations_controller.rb'
+    - 'app/controllers/auth/passwords_controller.rb'
+    - 'app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb'
+    - 'app/lib/activitypub/activity/block.rb'
+    - 'app/lib/request.rb'
+    - 'app/lib/request_pool.rb'
+    - 'app/lib/webfinger.rb'
+    - 'app/lib/webfinger_resource.rb'
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/concerns/ldap_authenticable.rb'
+    - 'app/models/tag.rb'
+    - 'app/models/user.rb'
+    - 'app/services/fan_out_on_write_service.rb'
+    - 'app/services/post_status_service.rb'
+    - 'app/services/process_hashtags_service.rb'
+    - 'app/workers/move_worker.rb'
+    - 'app/workers/redownload_avatar_worker.rb'
+    - 'app/workers/redownload_header_worker.rb'
+    - 'app/workers/redownload_media_worker.rb'
+    - 'app/workers/remote_account_refresh_worker.rb'
+    - 'config/initializers/devise.rb'
+    - 'db/migrate/20170901141119_truncate_preview_cards.rb'
+    - 'db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb'
+    - 'lib/devise/two_factor_ldap_authenticatable.rb'
+    - 'lib/devise/two_factor_pam_authenticatable.rb'
+    - 'lib/mastodon/cli/accounts.rb'
+    - 'lib/mastodon/cli/maintenance.rb'
+    - 'lib/mastodon/cli/media.rb'
+    - 'lib/paperclip/attachment_extensions.rb'
+    - 'lib/tasks/repo.rake'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: braces, no_braces
+Style/HashAsLastArrayItem:
+  Exclude:
+    - 'app/controllers/admin/statuses_controller.rb'
+    - 'app/controllers/api/v1/statuses_controller.rb'
+    - 'app/models/concerns/account_counters.rb'
+    - 'app/models/concerns/status_threading_concern.rb'
+    - 'app/models/status.rb'
+    - 'app/services/batched_remove_status_service.rb'
+    - 'app/services/notify_service.rb'
+    - 'db/migrate/20181024224956_migrate_account_conversations.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/HashTransformValues:
+  Exclude:
+    - 'app/serializers/rest/web_push_subscription_serializer.rb'
+    - 'app/services/import_service.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/IfUnlessModifier:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/devise.rb'
+    - 'config/initializers/ffmpeg.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: InverseMethods, InverseBlocks.
+Style/InverseMethods:
+  Exclude:
+    - 'app/models/custom_filter.rb'
+    - 'app/services/update_account_service.rb'
+    - 'spec/controllers/activitypub/replies_controller_spec.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: line_count_dependent, lambda, literal
+Style/Lambda:
+  Exclude:
+    - 'config/initializers/simple_form.rb'
+    - 'config/routes.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/MapToHash:
+  Exclude:
+    - 'app/models/status.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: literals, strict
+Style/MutableConstant:
+  Exclude:
+    - 'app/models/tag.rb'
+    - 'app/services/delete_account_service.rb'
+    - 'lib/mastodon/migration_warning.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/NilLambda:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: respond_to_missing?
+Style/OptionalBooleanParameter:
+  Exclude:
+    - 'app/helpers/admin/account_moderation_notes_helper.rb'
+    - 'app/helpers/jsonld_helper.rb'
+    - 'app/lib/admin/system_check/message.rb'
+    - 'app/lib/request.rb'
+    - 'app/lib/webfinger.rb'
+    - 'app/services/block_domain_service.rb'
+    - 'app/services/fetch_resource_service.rb'
+    - 'app/workers/domain_block_worker.rb'
+    - 'app/workers/unfollow_follow_worker.rb'
+    - 'lib/mastodon/redis_config.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: PreferredDelimiters.
+Style/PercentLiteralDelimiters:
+  Exclude:
+    - 'config/deploy.rb'
+    - 'config/initializers/doorkeeper.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: short, verbose
+Style/PreferredHashMethods:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/RedundantConstantBase:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/sidekiq.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: SafeForConstants.
+Style/RedundantFetchBlock:
+  Exclude:
+    - 'config/initializers/1_hosts.rb'
+    - 'config/initializers/chewy.rb'
+    - 'config/initializers/devise.rb'
+    - 'config/initializers/paperclip.rb'
+    - 'config/puma.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleReturnValues.
+Style/RedundantReturn:
+  Exclude:
+    - 'app/controllers/api/v1/directories_controller.rb'
+    - 'app/controllers/auth/confirmations_controller.rb'
+    - 'app/lib/ostatus/tag_manager.rb'
+    - 'app/models/form/import.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods, MaxChainLength.
+# AllowedMethods: present?, blank?, presence, try, try!
+Style/SafeNavigation:
+  Exclude:
+    - 'app/models/concerns/account_finder_concern.rb'
+    - 'app/models/status.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: only_raise, only_fail, semantic
+Style/SignalException:
+  Exclude:
+    - 'lib/devise/two_factor_ldap_authenticatable.rb'
+    - 'lib/devise/two_factor_pam_authenticatable.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+Style/SingleArgumentDig:
+  Exclude:
+    - 'lib/webpacker/manifest_extensions.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: require_parentheses, require_no_parentheses
+Style/StabbyLambdaParentheses:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/content_security_policy.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+Style/StderrPuts:
+  Exclude:
+    - 'config/boot.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: Mode.
+Style/StringConcatenation:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline.
+# SupportedStyles: single_quotes, double_quotes
+Style/StringLiterals:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/initializers/backtrace_silencers.rb'
+    - 'config/initializers/http_client_proxy.rb'
+    - 'config/initializers/rack_attack.rb'
+    - 'config/initializers/webauthn.rb'
+    - 'config/routes.rb'
+
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: AllowMethodsWithArguments, AllowedMethods, AllowedPatterns, AllowComments.
+# AllowedMethods: define_method, mail, respond_to
+Style/SymbolProc:
+  Exclude:
+    - 'config/initializers/3_omniauth.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, AllowSafeAssignment.
+# SupportedStyles: require_parentheses, require_no_parentheses, require_parentheses_when_complex
+Style/TernaryParentheses:
+  Exclude:
+    - 'config/environments/development.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInArguments:
+  Exclude:
+    - 'config/initializers/paperclip.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyleForMultiline.
+# SupportedStylesForMultiline: comma, consistent_comma, no_comma
+Style/TrailingCommaInHashLiteral:
+  Exclude:
+    - 'config/environments/production.rb'
+    - 'config/environments/test.rb'
+
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, MinSize, WordRegex.
+# SupportedStyles: percent, brackets
+Style/WordArray:
+  Exclude:
+    - 'app/helpers/languages_helper.rb'
+    - 'config/initializers/cors.rb'
+    - 'spec/controllers/settings/imports_controller_spec.rb'
+    - 'spec/models/form/import_spec.rb'

.ruby-version

@@ -1 +1 @@
-3.4.4
+3.2.3

.storybook/main.ts

@@ -1,16 +0,0 @@
-import type { StorybookConfig } from '@storybook/react-vite';
-
-const config: StorybookConfig = {
-  stories: ['../app/javascript/**/*.stories.@(js|jsx|mjs|ts|tsx)'],
-  addons: [
-    '@storybook/addon-docs',
-    '@storybook/addon-a11y',
-    '@storybook/addon-vitest',
-  ],
-  framework: {
-    name: '@storybook/react-vite',
-    options: {},
-  },
-};
-
-export default config;

.storybook/manager.ts

@@ -1,7 +0,0 @@
-import { addons } from 'storybook/manager-api';
-
-import theme from './storybook-theme';
-
-addons.setConfig({
-  theme,
-});

.storybook/preview-head.html

@@ -1,18 +0,0 @@
-<style>
-	/* Increase docs font size */
-	.sbdocs.sbdocs-content :where(p:not(.sb-anchor, .sb-unstyled, .sb-unstyled p)),
-	.sbdocs.sbdocs-content :where(li:not(.sb-anchor, .sb-unstyled, .sb-unstyled li)) {
-		font-size: 1.0666rem; /* 17px */
-		line-height: 1.585; /* 27px */
-	}
-
-	.sbdocs.sbdocs-content :where(p:not(.sb-anchor, .sb-unstyled, .sb-unstyled p)) code,
-	.sbdocs.sbdocs-content :where(li:not(.sb-anchor, .sb-unstyled, .sb-unstyled li)) code {
-		font-size: 0.875rem; /* ~15px */
-	}
-
-	/* Bring numbers back for ordered lists */
-	ol {
-		list-style: revert !important;
-	}
-</style>

.storybook/preview.ts

@@ -1,29 +0,0 @@
-import type { Preview } from '@storybook/react-vite';
-
-// If you want to run the dark theme during development,
-// you can change the below to `/application.scss`
-import '../app/javascript/styles/mastodon-light.scss';
-
-const preview: Preview = {
-  // Auto-generate docs: https://storybook.js.org/docs/writing-docs/autodocs
-  tags: ['autodocs'],
-  parameters: {
-    layout: 'centered',
-
-    controls: {
-      matchers: {
-        color: /(background|color)$/i,
-        date: /Date$/i,
-      },
-    },
-
-    a11y: {
-      // 'todo' - show a11y violations in the test UI only
-      // 'error' - fail CI on a11y violations
-      // 'off' - skip a11y checks entirely
-      test: 'todo',
-    },
-  },
-};
-
-export default preview;

.storybook/storybook-addon-vitest.d.ts

@@ -1,7 +0,0 @@
-// The addon package.json incorrectly exports types, so we need to override them here.
-// See: https://github.com/storybookjs/storybook/blob/v9.0.4/code/addons/vitest/package.json#L70-L76
-declare module '@storybook/addon-vitest/vitest-plugin' {
-  export * from '@storybook/addon-vitest/dist/vitest-plugin/index';
-}
-
-export {};

.storybook/storybook-theme.ts

@@ -1,7 +0,0 @@
-import { create } from 'storybook/theming';
-
-export default create({
-  base: 'light',
-  brandTitle: 'Mastodon Storybook',
-  brandImage: 'https://joinmastodon.org/logos/wordmark-black-text.svg',
-});

.storybook/vitest.setup.ts

@@ -1,8 +0,0 @@
-import * as a11yAddonAnnotations from '@storybook/addon-a11y/preview';
-import { setProjectAnnotations } from '@storybook/react-vite';
-
-import * as projectAnnotations from './preview';
-
-// This is an important step to apply the right configuration when testing your stories.
-// More info at: https://storybook.js.org/docs/api/portable-stories/portable-stories-vitest#setprojectannotations
-setProjectAnnotations([a11yAddonAnnotations, projectAnnotations]);

.watchmanconfig

@@ -1,3 +0,0 @@
-{
-  "ignore_dirs": ["node_modules/", "public/"]
-}

.yarn/patches/babel-plugin-lodash-npm-3.3.4-c7161075b6.patch

@@ -1,13 +0,0 @@
-diff --git a/lib/index.js b/lib/index.js
-index 16ed6be8be8f555cc99096c2ff60954b42dc313d..d009c069770d066ad0db7ad02de1ea473a29334e 100644
---- a/lib/index.js
-+++ b/lib/index.js
-@@ -99,7 +99,7 @@ function lodash(_ref) {
- 
-         var node = _ref3;
- 
--        if ((0, _types.isModuleDeclaration)(node)) {
-+        if ((0, _types.isImportDeclaration)(node)  || (0, _types.isExportDeclaration)(node)) {
-           isModule = true;
-           break;
-         }

.yarnclean

@@ -0,0 +1,49 @@
+# test directories
+__tests__
+test
+tests
+powered-test
+
+# asset directories
+docs
+doc
+website
+images
+# assets
+
+# examples
+example
+examples
+
+# code coverage directories
+coverage
+.nyc_output
+
+# build scripts
+Makefile
+Gulpfile.js
+Gruntfile.js
+
+# configs
+.tern-project
+.gitattributes
+.editorconfig
+.*ignore
+.eslintrc
+.jshintrc
+.flowconfig
+.documentup.json
+.yarn-metadata.json
+.*.yml
+*.yml
+
+# misc
+*.gz
+*.md
+
+# for specific ignore
+!.svgo.yml
+!sass-lint/**/*.yml
+
+# breaks lint-staged or generally anything using https://github.com/eemeli/yaml/issues/384
+!**/yaml/dist/**/doc

.yarnrc.yml

@@ -1 +0,0 @@
-nodeLinker: node-modules

Aptfile

@@ -1,5 +1,5 @@
-libidn12
-# for idn-ruby on heroku-24 stack
-
-# use https://github.com/heroku/heroku-buildpack-activestorage-preview
-# in place for ffmpeg and its dependent packages to reduce slag size
+ffmpeg
+libopenblas0-pthread
+libpq-dev
+libxdamage1
+libxfixes3

CONTRIBUTING.md

@@ -9,56 +9,21 @@ You can contribute in the following ways:
 - Contributing code to Mastodon by fixing bugs or implementing features
 - Improving the documentation
 
-Please review the org-level [contribution guidelines] for high-level acceptance
-criteria guidance and the [DEVELOPMENT] guide for environment-specific details.
+If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
 
-## API Changes and Additions
+## Bug reports
 
-Any changes or additions made to the API should have an accompanying pull
-request on our [documentation repository].
-
-## Bug Reports
-
-Bug reports and feature suggestions must use descriptive and concise titles and
-be submitted to [GitHub Issues]. Please use the search function to make sure
-there are not duplicate bug reports or feature requests.
-
-## Security Issues
-
-If you believe you have identified a security issue in Mastodon or our own apps,
-check [SECURITY].
+Bug reports and feature suggestions must use descriptive and concise titles and be submitted to [GitHub Issues](https://github.com/mastodon/mastodon/issues). Please use the search function to make sure that you are not submitting duplicates, and that a similar report or request has not already been resolved or rejected.
 
 ## Translations
 
-Translations are community contributed via [Crowdin]. They are periodically
-reviewed and merged into the codebase.
+You can submit translations via [Crowdin](https://crowdin.com/project/mastodon). They are periodically merged into the codebase.
 
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)](https://crowdin.com/project/mastodon)
 
-## Pull Requests
+## Pull requests
 
-### Size and Scope
-
-Our time is limited and PRs making large, unsolicited changes are unlikely to
-get a response. Changes which link to an existing confirmed issue, or which come
-from a "help wanted" issue or other request are more likely to be reviewed.
-
-The smaller and more narrowly focused the changes in a PR are, the easier they
-are to review and potentially merge. If the change only makes sense in some
-larger context of future ongoing work, note that in the description, but still
-aim to keep each distinct PR to a "smallest viable change" chunk of work.
-
-### Description of Changes
-
-Unless the Pull Request is about refactoring code, updating dependencies or
-other internal tasks, assume that the audience are not developers, but a
-Mastodon user or server admin, and try to describe it from their perspective.
-
-The final commit in the main branch will carry the title from the PR. The main
-branch is then fed into the changelog and ultimately into release notes. We try
-to follow the [keepachangelog] spec, and while that does not prescribe how
-exactly the entries ought to be named, starting titles using one of the verbs
-"Add", "Change", "Deprecate", "Remove", or "Fix" (present tense) is helpful.
+**Please use clean, concise titles for your pull requests.** Unless the pull request is about refactoring code, updating dependencies or other internal tasks, assume that the person reading the pull request title is not a programmer or Mastodon developer, but instead a Mastodon user or server administrator, and **try to describe your change or fix from their perspective**. We use commit squashing, so the final commit in the main branch will carry the title of the pull request, and commits from the main branch are fed into the changelog. The changelog is separated into [keepachangelog.com categories](https://keepachangelog.com/en/1.0.0/), and while that spec does not prescribe how the entries ought to be named, for easier sorting, start your pull request titles using one of the verbs "Add", "Change", "Deprecate", "Remove", or "Fix" (present tense).
 
 Example:
 
@@ -66,26 +31,16 @@ Example:
 | ------------------------------------ | ------------------------------------------------------------- |
 | Fixed NoMethodError in RemovalWorker | Fix nil error when removing statuses caused by race condition |
 
-### Technical Requirements
+It is not always possible to phrase every change in such a manner, but it is desired.
 
-Pull requests that do not pass automated checks on CI may not be reviewed. In
-particular, please keep in mind:
+**The smaller the set of changes in the pull request is, the quicker it can be reviewed and merged.** Splitting tasks into multiple smaller pull requests is often preferable.
 
-- Unit and integration tests (rspec, vitest)
+**Pull requests that do not pass automated checks may not be reviewed**. In particular, you need to keep in mind:
+
+- Unit and integration tests (rspec, jest)
 - Code style rules (rubocop, eslint)
 - Normalization of locale files (i18n-tasks)
-- Relevant accessibility or performance concerns
 
 ## Documentation
 
-The [Mastodon documentation] is a statically generated site that contains guides
-and API docs. Improvements are made via PRs to the [documentation repository].
-
-[contribution guidelines]: https://github.com/mastodon/.github/blob/main/CONTRIBUTING.md
-[Crowdin]: https://crowdin.com/project/mastodon
-[DEVELOPMENT]: docs/DEVELOPMENT.md
-[documentation repository]: https://github.com/mastodon/documentation
-[GitHub Issues]: https://github.com/mastodon/mastodon/issues
-[keepachangelog]: https://keepachangelog.com/en/1.0.0/
-[Mastodon documentation]: https://docs.joinmastodon.org
-[SECURITY]: SECURITY.md
+The [Mastodon documentation](https://docs.joinmastodon.org) is a statically generated site. You can [submit merge requests to mastodon/documentation](https://github.com/mastodon/documentation).

Capfile

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require 'capistrano/setup'
+require 'capistrano/deploy'
+require 'capistrano/scm/git'
+
+install_plugin Capistrano::SCM::Git
+
+require 'capistrano/rbenv'
+require 'capistrano/bundler'
+require 'capistrano/yarn'
+require 'capistrano/rails/assets'
+require 'capistrano/rails/migrations'
+
+Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r }

Dockerfile

@@ -1,404 +1,105 @@
-# syntax=docker/dockerfile:1.12
+# syntax=docker/dockerfile:1.4
+# This needs to be bookworm-slim because the Ruby image is built on bookworm-slim
+ARG NODE_VERSION="20.6-bookworm-slim"
 
-# This file is designed for production server deployment, not local development work
-# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/docs/DEVELOPMENT.md#docker
+FROM ghcr.io/moritzheiber/ruby-jemalloc:3.2.3-slim as ruby
+FROM node:${NODE_VERSION} as build
 
-# Please see https://docs.docker.com/engine/reference/builder for information about
-# the extended buildx capabilities used in this file.
-# Make sure multiarch TARGETPLATFORM is available for interpolation
-# See: https://docs.docker.com/build/building/multi-platform/
-ARG TARGETPLATFORM=${TARGETPLATFORM}
-ARG BUILDPLATFORM=${BUILDPLATFORM}
-ARG BASE_REGISTRY="docker.io"
+COPY --link --from=ruby /opt/ruby /opt/ruby
 
-# Ruby image to use for base image, change with [--build-arg RUBY_VERSION="3.4.x"]
-# renovate: datasource=docker depName=docker.io/ruby
-ARG RUBY_VERSION="3.4.4"
-# # Node.js version to use in base image, change with [--build-arg NODE_MAJOR_VERSION="20"]
-# renovate: datasource=node-version depName=node
-ARG NODE_MAJOR_VERSION="22"
-# Debian image to use for base image, change with [--build-arg DEBIAN_VERSION="bookworm"]
-ARG DEBIAN_VERSION="bookworm"
-# Node.js image to use for base image based on combined variables (ex: 20-bookworm-slim)
-FROM ${BASE_REGISTRY}/node:${NODE_MAJOR_VERSION}-${DEBIAN_VERSION}-slim AS node
-# Ruby image to use for base image based on combined variables (ex: 3.4.x-slim-bookworm)
-FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS ruby
+ENV DEBIAN_FRONTEND="noninteractive" \
+    PATH="${PATH}:/opt/ruby/bin"
 
-# Resulting version string is vX.X.X-MASTODON_VERSION_PRERELEASE+MASTODON_VERSION_METADATA
-# Example: v4.3.0-nightly.2023.11.09+pr-123456
-# Overwrite existence of 'alpha.X' in version.rb [--build-arg MASTODON_VERSION_PRERELEASE="nightly.2023.11.09"]
-ARG MASTODON_VERSION_PRERELEASE=""
-# Append build metadata or fork information to version.rb [--build-arg MASTODON_VERSION_METADATA="pr-123456"]
-ARG MASTODON_VERSION_METADATA=""
-# Will be available as Mastodon::Version.source_commit
-ARG SOURCE_COMMIT=""
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# Allow Ruby on Rails to serve static files
-# See: https://docs.joinmastodon.org/admin/config/#rails_serve_static_files
-ARG RAILS_SERVE_STATIC_FILES="true"
-# Allow to use YJIT compiler
-# See: https://github.com/ruby/ruby/blob/v3_2_4/doc/yjit/yjit.md
-ARG RUBY_YJIT_ENABLE="1"
-# Timezone used by the Docker container and runtime, change with [--build-arg TZ=Europe/Berlin]
-ARG TZ="Etc/UTC"
-# Linux UID (user id) for the mastodon user, change with [--build-arg UID=1234]
-ARG UID="991"
-# Linux GID (group id) for the mastodon user, change with [--build-arg GID=1234]
-ARG GID="991"
-
-# Apply Mastodon build options based on options above
-ENV \
-  # Apply Mastodon version information
-  MASTODON_VERSION_PRERELEASE="${MASTODON_VERSION_PRERELEASE}" \
-  MASTODON_VERSION_METADATA="${MASTODON_VERSION_METADATA}" \
-  SOURCE_COMMIT="${SOURCE_COMMIT}" \
-  # Apply Mastodon static files and YJIT options
-  RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES} \
-  RUBY_YJIT_ENABLE=${RUBY_YJIT_ENABLE} \
-  # Apply timezone
-  TZ=${TZ}
-
-ENV \
-  # Configure the IP to bind Mastodon to when serving traffic
-  BIND="0.0.0.0" \
-  # Use production settings for Yarn, Node.js and related tools
-  NODE_ENV="production" \
-  # Use production settings for Ruby on Rails
-  RAILS_ENV="production" \
-  # Add Ruby and Mastodon installation to the PATH
-  DEBIAN_FRONTEND="noninteractive" \
-  PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin" \
-  # Optimize jemalloc 5.x performance
-  MALLOC_CONF="narenas:2,background_thread:true,thp:never,dirty_decay_ms:1000,muzzy_decay_ms:0" \
-  # Enable libvips, should not be changed
-  MASTODON_USE_LIBVIPS=true \
-  # Sidekiq will touch tmp/sidekiq_process_has_started_and_will_begin_processing_jobs to indicate it is ready. This can be used for a readiness check in Kubernetes
-  MASTODON_SIDEKIQ_READY_FILENAME=sidekiq_process_has_started_and_will_begin_processing_jobs
-
-# Set default shell used for running commands
-SHELL ["/bin/bash", "-o", "pipefail", "-o", "errexit", "-c"]
-
-ARG TARGETPLATFORM
-
-RUN echo "Target platform is $TARGETPLATFORM"
-
-RUN \
-  # Remove automatic apt cache Docker cleanup scripts
-  rm -f /etc/apt/apt.conf.d/docker-clean; \
-  # Sets timezone
-  echo "${TZ}" > /etc/localtime; \
-  # Creates mastodon user/group and sets home directory
-  groupadd -g "${GID}" mastodon; \
-  useradd -l -u "${UID}" -g "${GID}" -m -d /opt/mastodon mastodon; \
-  # Creates /mastodon symlink to /opt/mastodon
-  ln -s /opt/mastodon /mastodon;
-
-# Set /opt/mastodon as working directory
 WORKDIR /opt/mastodon
-
-# Add backport repository for some specific packages where we need the latest version
-RUN echo 'deb http://deb.debian.org/debian bookworm-backports main' >> /etc/apt/sources.list
-
-# hadolint ignore=DL3008,DL3005
-RUN \
-  # Mount Apt cache and lib directories from Docker buildx caches
-  --mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-  # Apt update & upgrade to check for security updates to Debian image
-  apt-get update; \
-  apt-get dist-upgrade -yq; \
-  # Install jemalloc, curl and other necessary components
-  apt-get install -y --no-install-recommends \
-  curl \
-  file \
-  libjemalloc2 \
-  patchelf \
-  procps \
-  tini \
-  tzdata \
-  wget \
-  ; \
-  # Patch Ruby to use jemalloc
-  patchelf --add-needed libjemalloc.so.2 /usr/local/bin/ruby; \
-  # Discard patchelf after use
-  apt-get purge -y \
-  patchelf \
-  ;
-
-# Create temporary build layer from base image
-FROM ruby AS build
-
-ARG TARGETPLATFORM
+COPY Gemfile* package.json yarn.lock /opt/mastodon/
 
 # hadolint ignore=DL3008
-RUN \
-  # Mount Apt cache and lib directories from Docker buildx caches
-  --mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-  # Install build tools and bundler dependencies from APT
-  apt-get install -y --no-install-recommends \
-  autoconf \
-  automake \
-  build-essential \
-  cmake \
+RUN apt-get update && \
+    apt-get -yq dist-upgrade && \
+    apt-get install -y --no-install-recommends build-essential \
         git \
-  libgdbm-dev \
-  libglib2.0-dev \
-  libgmp-dev \
         libicu-dev \
         libidn-dev \
         libpq-dev \
+        libjemalloc-dev \
+        zlib1g-dev \
+        libgdbm-dev \
+        libgmp-dev \
         libssl-dev \
-  libtool \
-  libyaml-dev \
-  meson \
-  nasm \
-  pkg-config \
-  shared-mime-info \
-  xz-utils \
-  # libvips components
-  libcgif-dev \
-  libexif-dev \
-  libexpat1-dev \
-  libgirepository1.0-dev \
-  libheif-dev/bookworm-backports \
-  libimagequant-dev \
-  libjpeg62-turbo-dev \
-  liblcms2-dev \
-  liborc-dev \
-  libspng-dev \
-  libtiff-dev \
-  libwebp-dev \
-  # ffmpeg components
-  libdav1d-dev \
-  liblzma-dev \
-  libmp3lame-dev \
-  libopus-dev \
-  libsnappy-dev \
-  libvorbis-dev \
-  libvpx-dev \
-  libx264-dev \
-  libx265-dev \
-  ;
+        libyaml-0-2 \
+        ca-certificates \
+        libreadline8 \
+        python3 \
+        shared-mime-info && \
+    bundle config set --local deployment 'true' && \
+    bundle config set --local without 'development test' && \
+    bundle config set silence_root_warning true && \
+    bundle install -j"$(nproc)" && \
+    yarn install --pure-lockfile --production --network-timeout 600000 && \
+    yarn cache clean
 
-# Create temporary libvips specific build layer from build layer
-FROM build AS libvips
+FROM node:${NODE_VERSION}
 
-# libvips version to compile, change with [--build-arg VIPS_VERSION="8.15.2"]
-# renovate: datasource=github-releases depName=libvips packageName=libvips/libvips
-ARG VIPS_VERSION=8.17.0
-# libvips download URL, change with [--build-arg VIPS_URL="https://github.com/libvips/libvips/releases/download"]
-ARG VIPS_URL=https://github.com/libvips/libvips/releases/download
+# Use those args to specify your own version flags & suffixes
+ARG MASTODON_VERSION_PRERELEASE=""
+ARG MASTODON_VERSION_METADATA=""
 
-WORKDIR /usr/local/libvips/src
-# Download and extract libvips source code
-ADD ${VIPS_URL}/v${VIPS_VERSION}/vips-${VIPS_VERSION}.tar.xz /usr/local/libvips/src/
-RUN tar xf vips-${VIPS_VERSION}.tar.xz;
+ARG UID="991"
+ARG GID="991"
 
-WORKDIR /usr/local/libvips/src/vips-${VIPS_VERSION}
+COPY --link --from=ruby /opt/ruby /opt/ruby
 
-# Configure and compile libvips
-RUN \
-  meson setup build --prefix /usr/local/libvips --libdir=lib -Ddeprecated=false -Dintrospection=disabled -Dmodules=disabled -Dexamples=false; \
-  cd build; \
-  ninja; \
-  ninja install;
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# Create temporary ffmpeg specific build layer from build layer
-FROM build AS ffmpeg
+ENV DEBIAN_FRONTEND="noninteractive" \
+    PATH="${PATH}:/opt/ruby/bin:/opt/mastodon/bin"
 
-# ffmpeg version to compile, change with [--build-arg FFMPEG_VERSION="7.0.x"]
-# renovate: datasource=repology depName=ffmpeg packageName=openpkg_current/ffmpeg
-ARG FFMPEG_VERSION=7.1
-# ffmpeg download URL, change with [--build-arg FFMPEG_URL="https://ffmpeg.org/releases"]
-ARG FFMPEG_URL=https://ffmpeg.org/releases
-
-WORKDIR /usr/local/ffmpeg/src
-# Download and extract ffmpeg source code
-ADD ${FFMPEG_URL}/ffmpeg-${FFMPEG_VERSION}.tar.xz /usr/local/ffmpeg/src/
-RUN tar xf ffmpeg-${FFMPEG_VERSION}.tar.xz;
-
-WORKDIR /usr/local/ffmpeg/src/ffmpeg-${FFMPEG_VERSION}
-
-# Configure and compile ffmpeg
-RUN \
-  ./configure \
-  --prefix=/usr/local/ffmpeg \
-  --toolchain=hardened \
-  --disable-debug \
-  --disable-devices \
-  --disable-doc \
-  --disable-ffplay \
-  --disable-network \
-  --disable-static \
-  --enable-ffmpeg \
-  --enable-ffprobe \
-  --enable-gpl \
-  --enable-libdav1d \
-  --enable-libmp3lame \
-  --enable-libopus \
-  --enable-libsnappy \
-  --enable-libvorbis \
-  --enable-libvpx \
-  --enable-libwebp \
-  --enable-libx264 \
-  --enable-libx265 \
-  --enable-shared \
-  --enable-version3 \
-  ; \
-  make -j$(nproc); \
-  make install;
-
-# Create temporary bundler specific build layer from build layer
-FROM build AS bundler
-
-ARG TARGETPLATFORM
-
-# Copy Gemfile config into working directory
-COPY Gemfile* /opt/mastodon/
-
-RUN \
-  # Mount Ruby Gem caches
-  --mount=type=cache,id=gem-cache-${TARGETPLATFORM},target=/usr/local/bundle/cache/,sharing=locked \
-  # Configure bundle to prevent changes to Gemfile and Gemfile.lock
-  bundle config set --global frozen "true"; \
-  # Configure bundle to not cache downloaded Gems
-  bundle config set --global cache_all "false"; \
-  # Configure bundle to only process production Gems
-  bundle config set --local without "development test"; \
-  # Configure bundle to not warn about root user
-  bundle config set silence_root_warning "true"; \
-  # Download and install required Gems
-  bundle install -j"$(nproc)";
-
-# Create temporary assets build layer from build layer
-FROM build AS precompiler
-
-ARG TARGETPLATFORM
-
-# Copy Mastodon sources into layer
-COPY . /opt/mastodon/
-
-# Copy Node.js binaries/libraries into layer
-COPY --from=node /usr/local/bin /usr/local/bin
-COPY --from=node /usr/local/lib /usr/local/lib
-
-RUN \
-  # Configure Corepack
-  rm /usr/local/bin/yarn*; \
-  corepack enable; \
-  corepack prepare --activate;
-
-# hadolint ignore=DL3008
-RUN \
-  --mount=type=cache,id=corepack-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/corepack,sharing=locked \
-  --mount=type=cache,id=yarn-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/yarn,sharing=locked \
-  # Install Node.js packages
-  yarn workspaces focus --production @mastodon/mastodon;
-
-# Copy libvips components into layer for precompiler
-COPY --from=libvips /usr/local/libvips/bin /usr/local/bin
-COPY --from=libvips /usr/local/libvips/lib /usr/local/lib
-# Copy bundler packages into layer for precompiler
-COPY --from=bundler /opt/mastodon /opt/mastodon/
-COPY --from=bundler /usr/local/bundle/ /usr/local/bundle/
-
-RUN \
-  ldconfig; \
-  # Use Ruby on Rails to create Mastodon assets
-  SECRET_KEY_BASE_DUMMY=1 \
-  bundle exec rails assets:precompile; \
-  # Cleanup temporary files
-  rm -fr /opt/mastodon/tmp;
-
-# Prep final Mastodon Ruby layer
-FROM ruby AS mastodon
-
-ARG TARGETPLATFORM
-
-# hadolint ignore=DL3008
-RUN \
-  # Mount Apt cache and lib directories from Docker buildx caches
-  --mount=type=cache,id=apt-cache-${TARGETPLATFORM},target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=apt-lib-${TARGETPLATFORM},target=/var/lib/apt,sharing=locked \
-  # Mount Corepack and Yarn caches from Docker buildx caches
-  --mount=type=cache,id=corepack-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/corepack,sharing=locked \
-  --mount=type=cache,id=yarn-cache-${TARGETPLATFORM},target=/usr/local/share/.cache/yarn,sharing=locked \
-  # Apt update install non-dev versions of necessary components
-  apt-get install -y --no-install-recommends \
-  libexpat1 \
-  libglib2.0-0 \
+# Ignoring these here since we don't want to pin any versions and the Debian image removes apt-get content after use
+# hadolint ignore=DL3008,DL3009
+RUN apt-get update && \
+    echo "Etc/UTC" > /etc/localtime && \
+    groupadd -g "${GID}" mastodon && \
+    useradd -l -u "$UID" -g "${GID}" -m -d /opt/mastodon mastodon && \
+    apt-get -y --no-install-recommends install whois \
+        wget \
+        procps \
+        libssl3 \
+        libpq5 \
+        imagemagick \
+        ffmpeg \
+        libjemalloc2 \
         libicu72 \
         libidn12 \
-  libpq5 \
-  libreadline8 \
-  libssl3 \
         libyaml-0-2 \
-  # libvips components
-  libcgif0 \
-  libexif12 \
-  libheif1/bookworm-backports \
-  libimagequant0 \
-  libjpeg62-turbo \
-  liblcms2-2 \
-  liborc-0.4-0 \
-  libspng0 \
-  libtiff6 \
-  libwebp7 \
-  libwebpdemux2 \
-  libwebpmux3 \
-  # ffmpeg components
-  libdav1d6 \
-  libmp3lame0 \
-  libopencore-amrnb0 \
-  libopencore-amrwb0 \
-  libopus0 \
-  libsnappy1v5 \
-  libtheora0 \
-  libvorbis0a \
-  libvorbisenc2 \
-  libvorbisfile3 \
-  libvpx7 \
-  libx264-164 \
-  libx265-199 \
-  ;
+        file \
+        ca-certificates \
+        tzdata \
+        libreadline8 \
+        tini && \
+    ln -s /opt/mastodon /mastodon
 
-# Copy Mastodon sources into final layer
-COPY . /opt/mastodon/
+# Note: no, cleaning here since Debian does this automatically
+# See the file /etc/apt/apt.conf.d/docker-clean within the Docker image's filesystem
 
-# Copy compiled assets to layer
-COPY --from=precompiler /opt/mastodon/public/packs /opt/mastodon/public/packs
-COPY --from=precompiler /opt/mastodon/public/assets /opt/mastodon/public/assets
-# Copy bundler components to layer
-COPY --from=bundler /usr/local/bundle/ /usr/local/bundle/
-# Copy libvips components to layer
-COPY --from=libvips /usr/local/libvips/bin /usr/local/bin
-COPY --from=libvips /usr/local/libvips/lib /usr/local/lib
-# Copy ffpmeg components to layer
-COPY --from=ffmpeg /usr/local/ffmpeg/bin /usr/local/bin
-COPY --from=ffmpeg /usr/local/ffmpeg/lib /usr/local/lib
+COPY --chown=mastodon:mastodon . /opt/mastodon
+COPY --chown=mastodon:mastodon --from=build /opt/mastodon /opt/mastodon
 
-RUN \
-  ldconfig; \
-  # Smoketest media processors
-  vips -v; \
-  ffmpeg -version; \
-  ffprobe -version;
+ENV RAILS_ENV="production" \
+    NODE_ENV="production" \
+    RAILS_SERVE_STATIC_FILES="true" \
+    BIND="0.0.0.0" \
+    MASTODON_VERSION_PRERELEASE="${MASTODON_VERSION_PRERELEASE}" \
+    MASTODON_VERSION_METADATA="${MASTODON_VERSION_METADATA}"
 
-RUN \
-  # Precompile bootsnap code for faster Rails startup
-  bundle exec bootsnap precompile --gemfile app/ lib/;
-
-RUN \
-  # Pre-create and chown system volume to Mastodon user
-  mkdir -p /opt/mastodon/public/system; \
-  chown mastodon:mastodon /opt/mastodon/public/system; \
-  # Set Mastodon user as owner of tmp folder
-  chown -R mastodon:mastodon /opt/mastodon/tmp;
-
-# Set the running user for resulting container
+# Set the run user
 USER mastodon
-# Expose default Puma ports
-EXPOSE 3000
-# Set container tini as default entry point
+WORKDIR /opt/mastodon
+
+# Precompile assets
+RUN OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder rails assets:precompile
+
+# Set the work dir and the container entry point
 ENTRYPOINT ["/usr/bin/tini", "--"]
+EXPOSE 3000 4000

FEDERATION.md

@@ -1,36 +1,19 @@
-# Federation
-
-## Supported federation protocols and standards
-
-- [ActivityPub](https://www.w3.org/TR/activitypub/) (Server-to-Server)
-- [WebFinger](https://webfinger.net/)
-- [Http Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures)
-- [NodeInfo](https://nodeinfo.diaspora.software/)
-
-## Supported FEPs
-
-- [FEP-67ff: FEDERATION.md](https://codeberg.org/fediverse/fep/src/branch/main/fep/67ff/fep-67ff.md)
-- [FEP-f1d5: NodeInfo in Fediverse Software](https://codeberg.org/fediverse/fep/src/branch/main/fep/f1d5/fep-f1d5.md)
-- [FEP-8fcf: Followers collection synchronization across servers](https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md)
-- [FEP-5feb: Search indexing consent for actors](https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md)
-- [FEP-044f: Consent-respecting quote posts](https://codeberg.org/fediverse/fep/src/branch/main/fep/044f/fep-044f.md): partial support for incoming quote-posts
-
-## ActivityPub in Mastodon
+## ActivityPub federation in Mastodon
 
 Mastodon largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Mastodon at all.
 
-- [Supported ActivityPub vocabulary](https://docs.joinmastodon.org/spec/activitypub/)
+Supported vocabulary: https://docs.joinmastodon.org/spec/activitypub/
 
 ### Required extensions
 
-#### WebFinger
+#### Webfinger
 
 In Mastodon, users are identified by a `username` and `domain` pair (e.g., `Gargron@mastodon.social`).
 This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Mastodon's database design from its very beginnings.
 
 As a result, Mastodon requires that each ActivityPub actor uniquely maps back to an `acct:` URI that can be resolved via WebFinger.
 
-- [WebFinger information and examples](https://docs.joinmastodon.org/spec/webfinger/)
+More information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/
 
 #### HTTP Signatures
 
@@ -38,13 +21,11 @@ In order to authenticate activities, Mastodon relies on HTTP Signatures, signing
 
 Mastodon requires all `POST` requests to be signed, and MAY require `GET` requests to be signed, depending on the configuration of the Mastodon server.
 
-- [HTTP Signatures information and examples](https://docs.joinmastodon.org/spec/security/#http)
+More information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http
 
 ### Optional extensions
 
-- [Linked-Data Signatures](https://docs.joinmastodon.org/spec/security/#ld)
-- [Bearcaps](https://docs.joinmastodon.org/spec/bearcaps/)
-
-### Additional documentation
-
-- [Mastodon documentation](https://docs.joinmastodon.org/)
+- Linked-Data Signatures: https://docs.joinmastodon.org/spec/security/#ld
+- Bearcaps: https://docs.joinmastodon.org/spec/bearcaps/
+- Followers collection synchronization: https://codeberg.org/fediverse/fep/src/branch/main/fep/8fcf/fep-8fcf.md
+- Search indexing consent for actors: https://codeberg.org/fediverse/fep/src/branch/main/fep/5feb/fep-5feb.md

Gemfile

@@ -1,35 +1,34 @@
 # frozen_string_literal: true
 
 source 'https://rubygems.org'
-ruby '>= 3.2.0', '< 3.5.0'
+ruby '>= 3.0.0'
 
-gem 'propshaft'
 gem 'puma', '~> 6.3'
-gem 'rails', '~> 8.0'
+gem 'rails', '~> 7.0'
+gem 'sprockets', '~> 3.7.2'
 gem 'thor', '~> 1.2'
+gem 'rack', '~> 2.2.7'
 
-gem 'dotenv'
 gem 'haml-rails', '~>2.0'
 gem 'pg', '~> 1.5'
 gem 'pghero'
+gem 'dotenv-rails', '~> 2.8'
 
-gem 'aws-sdk-core', '< 3.216.0', require: false # TODO: https://github.com/mastodon/mastodon/pull/34173#issuecomment-2733378873
 gem 'aws-sdk-s3', '~> 1.123', require: false
-gem 'blurhash', '~> 0.1'
-gem 'fog-core', '<= 2.6.0'
-gem 'fog-openstack', '~> 1.0', require: false
-gem 'jd-paperclip-azure', '~> 3.0', require: false
+gem 'fog-core', '<= 2.4.0'
+gem 'fog-openstack', '~> 0.3', require: false
 gem 'kt-paperclip', '~> 7.2'
-gem 'ruby-vips', '~> 2.2', require: false
+gem 'md-paperclip-azure', '~> 2.2', require: false
+gem 'blurhash', '~> 0.1'
 
 gem 'active_model_serializers', '~> 0.10'
 gem 'addressable', '~> 2.8'
-gem 'bootsnap', '~> 1.18.0', require: false
+gem 'bootsnap', '~> 1.16.0', require: false
 gem 'browser'
 gem 'charlock_holmes', '~> 0.7.7'
 gem 'chewy', '~> 7.3'
 gem 'devise', '~> 4.9'
-gem 'devise-two-factor'
+gem 'devise-two-factor', '~> 4.1'
 
 group :pam_authentication, optional: true do
   gem 'devise_pam_authenticatable2', '~> 9.2'
@@ -37,125 +36,108 @@ end
 
 gem 'net-ldap', '~> 0.18'
 
-gem 'omniauth', '~> 2.0'
-gem 'omniauth-cas', '~> 3.0.0.beta.1'
-gem 'omniauth_openid_connect', '~> 0.8.0'
-gem 'omniauth-rails_csrf_protection', '~> 1.0'
+# TODO: Point back at released omniauth-cas gem when PR merged
+# https://github.com/dlindahl/omniauth-cas/pull/68
+gem 'omniauth-cas', github: 'stanhu/omniauth-cas', ref: '4211e6d05941b4a981f9a36b49ec166cecd0e271'
 gem 'omniauth-saml', '~> 2.0'
+gem 'omniauth_openid_connect', '~> 0.6.1'
+gem 'omniauth', '~> 2.0'
+gem 'omniauth-rails_csrf_protection', '~> 1.0'
 
 gem 'color_diff', '~> 0.1'
-gem 'csv', '~> 3.2'
 gem 'discard', '~> 1.2'
 gem 'doorkeeper', '~> 5.6'
-gem 'faraday-httpclient'
+gem 'ed25519', '~> 1.3'
 gem 'fast_blank', '~> 1.0'
 gem 'fastimage'
 gem 'hiredis', '~> 0.6'
-gem 'hiredis-client'
+gem 'redis-namespace', '~> 1.10'
 gem 'htmlentities', '~> 4.3'
-gem 'http', '~> 5.3.0'
+gem 'http', '~> 5.1'
 gem 'http_accept_language', '~> 2.1'
-gem 'httplog', '~> 1.7.0', require: false
-gem 'i18n'
+gem 'httplog', '~> 1.6.2'
 gem 'idn-ruby', require: 'idn'
-gem 'inline_svg'
-gem 'irb', '~> 1.8'
 gem 'kaminari', '~> 1.2'
 gem 'link_header', '~> 0.0'
-gem 'linzer', '~> 0.7.2'
-gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
-gem 'mime-types', '~> 3.7.0', require: 'mime/types/columnar'
-gem 'mutex_m'
+gem 'mime-types', '~> 3.5.0', require: 'mime/types/columnar'
 gem 'nokogiri', '~> 1.15'
+gem 'nsa'
 gem 'oj', '~> 3.14'
 gem 'ox', '~> 2.14'
 gem 'parslet'
-gem 'premailer-rails'
-gem 'public_suffix', '~> 6.0'
+gem 'public_suffix', '~> 5.0'
 gem 'pundit', '~> 2.3'
+gem 'premailer-rails'
 gem 'rack-attack', '~> 6.6'
-gem 'rack-cors', require: 'rack/cors'
-gem 'rails-i18n', '~> 8.0'
+gem 'rack-cors', '~> 2.0', require: 'rack/cors'
+gem 'rails-i18n', '~> 7.0'
+gem 'rails-settings-cached', '~> 0.6', git: 'https://github.com/mastodon/rails-settings-cached.git', branch: 'v0.6.6-aliases-true'
 gem 'redcarpet', '~> 3.6'
 gem 'redis', '~> 4.5', require: ['redis', 'redis/connection/hiredis']
-gem 'rqrcode', '~> 3.0'
+gem 'mario-redis-lock', '~> 1.2', require: 'redis_lock'
+gem 'rqrcode', '~> 2.2'
 gem 'ruby-progressbar', '~> 1.13'
-gem 'sanitize', '~> 7.0'
+gem 'sanitize', '~> 6.0'
 gem 'scenic', '~> 1.7'
-gem 'sidekiq', '< 8'
-gem 'sidekiq-bulk', '~> 0.2.0'
+gem 'sidekiq', '~> 6.5'
 gem 'sidekiq-scheduler', '~> 5.0'
-gem 'sidekiq-unique-jobs', '> 8'
-gem 'simple_form', '~> 5.2'
+gem 'sidekiq-unique-jobs', '~> 7.1'
+gem 'sidekiq-bulk', '~> 0.2.0'
 gem 'simple-navigation', '~> 4.4'
-gem 'stoplight', '~> 4.1'
-gem 'strong_migrations'
+gem 'simple_form', '~> 5.2'
+gem 'sprockets-rails', '~> 3.4', require: 'sprockets/railtie'
+gem 'stoplight', '~> 3.0.1'
+gem 'strong_migrations', '~> 0.8'
 gem 'tty-prompt', '~> 0.23', require: false
 gem 'twitter-text', '~> 3.1.0'
 gem 'tzinfo-data', '~> 1.2023'
+gem 'webpacker', '~> 5.4'
+gem 'webpush', github: 'ClearlyClaire/webpush', ref: 'f14a4d52e201128b1b00245d11b6de80d6cfdcd9'
 gem 'webauthn', '~> 3.0'
-gem 'webpush', github: 'mastodon/webpush', ref: '9631ac63045cfabddacc69fc06e919b4c13eb913'
 
 gem 'json-ld'
 gem 'json-ld-preloaded', '~> 3.2'
 gem 'rdf-normalize', '~> 0.5'
 
-gem 'prometheus_exporter', '~> 2.2', require: false
-
-gem 'opentelemetry-api', '~> 1.5.0'
-
-group :opentelemetry do
-  gem 'opentelemetry-exporter-otlp', '~> 0.30.0', require: false
-  gem 'opentelemetry-instrumentation-active_job', '~> 0.8.0', require: false
-  gem 'opentelemetry-instrumentation-active_model_serializers', '~> 0.22.0', require: false
-  gem 'opentelemetry-instrumentation-concurrent_ruby', '~> 0.22.0', require: false
-  gem 'opentelemetry-instrumentation-excon', '~> 0.23.0', require: false
-  gem 'opentelemetry-instrumentation-faraday', '~> 0.27.0', require: false
-  gem 'opentelemetry-instrumentation-http', '~> 0.24.0', require: false
-  gem 'opentelemetry-instrumentation-http_client', '~> 0.23.0', require: false
-  gem 'opentelemetry-instrumentation-net_http', '~> 0.23.0', require: false
-  gem 'opentelemetry-instrumentation-pg', '~> 0.30.0', require: false
-  gem 'opentelemetry-instrumentation-rack', '~> 0.26.0', require: false
-  gem 'opentelemetry-instrumentation-rails', '~> 0.36.0', require: false
-  gem 'opentelemetry-instrumentation-redis', '~> 0.26.0', require: false
-  gem 'opentelemetry-instrumentation-sidekiq', '~> 0.26.0', require: false
-  gem 'opentelemetry-sdk', '~> 1.4', require: false
-end
+gem 'private_address_check', '~> 0.5'
 
 group :test do
-  # Enable usage of all available CPUs/cores during spec runs
-  gem 'flatware-rspec'
+  # Used to split testing into chunks in CI
+  gem 'rspec_chunked', '~> 0.6'
 
-  # Adds RSpec Error/Warning annotations to GitHub PRs on the Files tab
-  gem 'rspec-github', '~> 3.0', require: false
+  # RSpec progress bar formatter
+  gem 'fuubar', '~> 2.5'
 
-  # RSpec helpers for email specs
-  gem 'email_spec'
-
-  # Extra RSpec extension methods and helpers for sidekiq
-  gem 'rspec-sidekiq', '~> 5.0'
+  # Extra RSpec extenion methods and helpers for sidekiq
+  gem 'rspec-sidekiq', '~> 4.0'
 
   # Browser integration testing
   gem 'capybara', '~> 3.39'
-  gem 'capybara-playwright-driver'
+  gem 'selenium-webdriver'
 
   # Used to reset the database between system tests
   gem 'database_cleaner-active_record'
 
   # Used to mock environment variables
-  gem 'climate_control'
+  gem 'climate_control', '~> 0.2'
+
+  # Generating fake data for specs
+  gem 'faker', '~> 3.2'
+
+  # Generate test objects for specs
+  gem 'fabrication', '~> 2.30'
+
+  # Add back helpers functions removed in Rails 5.1
+  gem 'rails-controller-testing', '~> 1.0'
 
   # Validate schemas in specs
-  gem 'json-schema', '~> 5.0'
+  gem 'json-schema', '~> 4.0'
 
   # Test harness fo rack components
   gem 'rack-test', '~> 2.1'
 
-  gem 'shoulda-matchers'
-
-  # Coverage formatter for RSpec
+  # Coverage formatter for RSpec test if DISABLE_SIMPLECOV is false
   gem 'simplecov', '~> 0.22', require: false
-  gem 'simplecov-lcov', '~> 0.8', require: false
 
   # Stub web requests for specs
   gem 'webmock', '~> 3.18'
@@ -165,14 +147,12 @@ group :development do
   # Code linting CLI and plugins
   gem 'rubocop', require: false
   gem 'rubocop-capybara', require: false
-  gem 'rubocop-i18n', require: false
   gem 'rubocop-performance', require: false
   gem 'rubocop-rails', require: false
   gem 'rubocop-rspec', require: false
-  gem 'rubocop-rspec_rails', require: false
 
   # Annotates modules with schema
-  gem 'annotaterb', '~> 4.13', require: false
+  gem 'annotate', '~> 3.2'
 
   # Enhanced error message pages for development
   gem 'better_errors', '~> 2.9'
@@ -180,53 +160,48 @@ group :development do
 
   # Preview mail in the browser
   gem 'letter_opener', '~> 1.8'
-  gem 'letter_opener_web', '~> 3.0'
+  gem 'letter_opener_web', '~> 2.0'
 
   # Security analysis CLI tools
-  gem 'brakeman', '~> 7.0', require: false
+  gem 'brakeman', '~> 6.0', require: false
   gem 'bundler-audit', '~> 0.9', require: false
 
   # Linter CLI for HAML files
   gem 'haml_lint', require: false
 
+  # Deployment automation
+  gem 'capistrano', '~> 3.17'
+  gem 'capistrano-rails', '~> 1.6'
+  gem 'capistrano-rbenv', '~> 2.2'
+  gem 'capistrano-yarn', '~> 2.0'
+
   # Validate missing i18n keys
   gem 'i18n-tasks', '~> 1.0', require: false
 end
 
 group :development, :test do
-  # Interactive Debugging tools
-  gem 'debug', '~> 1.8', require: false
-
-  # Generate fake data values
-  gem 'faker', '~> 3.2'
-
-  # Generate factory objects
-  gem 'fabrication'
-
   # Profiling tools
   gem 'memory_profiler', require: false
   gem 'ruby-prof', require: false
   gem 'stackprof', require: false
-  gem 'test-prof', require: false
+  gem 'test-prof'
 
   # RSpec runner for rails
-  gem 'rspec-rails', '~> 8.0'
+  gem 'rspec-rails', '~> 6.0'
 end
 
 group :production do
   gem 'lograge', '~> 0.12'
 end
 
-gem 'cocoon', '~> 1.2'
 gem 'concurrent-ruby', require: false
 gem 'connection_pool', require: false
 gem 'xorcist', '~> 1.1'
+gem 'cocoon', '~> 1.2'
 
-gem 'net-http', '~> 0.6.0'
+gem 'net-http', '~> 0.3.2'
 gem 'rubyzip', '~> 2.3'
 
 gem 'hcaptcha', '~> 7.1'
 
 gem 'mail', '~> 2.8'
-
-gem 'vite_rails', '~> 3.0.19'

Procfile

@@ -11,4 +11,4 @@ worker: bundle exec sidekiq
 #
 # and let the main app use the separate app:
 #
-# heroku config:set STREAMING_API_BASE_URL=wss://<streaming-app-random>.herokuapp.com -a <main-app>
+# heroku config:set STREAMING_API_BASE_URL=wss://<streaming-app>.herokuapp.com -a <main-app>

Procfile.dev

@@ -1,4 +1,4 @@
 web: env PORT=3000 RAILS_ENV=development bundle exec puma -C config/puma.rb
 sidekiq: env PORT=3000 RAILS_ENV=development bundle exec sidekiq
-stream: env PORT=4000 yarn workspace @mastodon/streaming start
-vite: yarn dev
+stream: env PORT=4000 yarn run start
+webpack: bin/webpack-dev-server

README.md

@@ -1,24 +1,24 @@
-> [!NOTE]
-> Want to learn more about Mastodon?
-> Click below to find out more in a video.
+<h1><picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./lib/assets/wordmark.dark.png?raw=true">
+  <source media="(prefers-color-scheme: light)" srcset="./lib/assets/wordmark.light.png?raw=true">
+  <img alt="Mastodon" src="./lib/assets/wordmark.light.png?raw=true" height="34">
+</picture></h1>
 
-<p align="center">
-  <a style="text-decoration:none" href="https://www.youtube.com/watch?v=IPSbNdBmWKE">
-    <img alt="Mastodon hero image" src="https://github.com/user-attachments/assets/ef53f5e9-c0d8-484d-9f53-00efdebb92c3" />
-  </a>
-</p>
+[![GitHub release](https://img.shields.io/github/release/mastodon/mastodon.svg)][releases]
+[![Ruby Testing](https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml/badge.svg)](https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml)
+[![Crowdin](https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg)][crowdin]
 
-<p align="center">
-  <a style="text-decoration:none" href="https://github.com/mastodon/mastodon/releases">
-    <img src="https://img.shields.io/github/release/mastodon/mastodon.svg" alt="Release" /></a>
-  <a style="text-decoration:none" href="https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml">
-    <img src="https://github.com/mastodon/mastodon/actions/workflows/test-ruby.yml/badge.svg" alt="Ruby Testing" /></a>
-  <a style="text-decoration:none" href="https://crowdin.com/project/mastodon">
-    <img src="https://d322cqt584bo4o.cloudfront.net/mastodon/localized.svg" alt="Crowdin" /></a>
-</p>
+[releases]: https://github.com/mastodon/mastodon/releases
+[crowdin]: https://crowdin.com/project/mastodon
 
 Mastodon is a **free, open-source social network server** based on ActivityPub where users can follow friends and discover new ones. On Mastodon, users can publish anything they want: links, pictures, text, and video. All Mastodon servers are interoperable as a federated network (users on one server can seamlessly communicate with users from another one, including non-Mastodon software that implements ActivityPub!)
 
+Click below to **learn more** in a video:
+
+[![Screenshot](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/ezgif-2-60f1b00403.gif)][youtube_demo]
+
+[youtube_demo]: https://www.youtube.com/watch?v=IPSbNdBmWKE
+
 ## Navigation
 
 - [Project homepage 🐘](https://joinmastodon.org)
@@ -37,67 +37,105 @@ Mastodon is a **free, open-source social network server** based on ActivityPub w
 
 <img src="/app/javascript/images/elephant_ui_working.svg?raw=true" align="right" width="30%" />
 
-**No vendor lock-in: Fully interoperable with any conforming platform** - It doesn't have to be Mastodon; whatever implements ActivityPub is part of the social network! [Learn more](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/)
+### No vendor lock-in: Fully interoperable with any conforming platform
 
-**Real-time, chronological timeline updates** - updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!
+It doesn't have to be Mastodon; whatever implements ActivityPub is part of the social network! [Learn more](https://blog.joinmastodon.org/2018/06/why-activitypub-is-the-future/)
 
-**Media attachments like images and short videos** - upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos loop continuously!
+### Real-time, chronological timeline updates
 
-**Safety and moderation tools** - Mastodon includes private posts, locked accounts, phrase filtering, muting, blocking, and all sorts of other features, along with a reporting and moderation system. [Learn more](https://blog.joinmastodon.org/2018/07/cage-the-mastodon/)
+Updates of people you're following appear in real-time in the UI via WebSockets. There's a firehose view as well!
 
-**OAuth2 and a straightforward REST API** - Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Streaming APIs. This results in a rich app ecosystem with a lot of choices!
+### Media attachments like images and short videos
+
+Upload and view images and WebM/MP4 videos attached to the updates. Videos with no audio track are treated like GIFs; normal videos loop continuously!
+
+### Safety and moderation tools
+
+Mastodon includes private posts, locked accounts, phrase filtering, muting, blocking, and all sorts of other features, along with a reporting and moderation system. [Learn more](https://blog.joinmastodon.org/2018/07/cage-the-mastodon/)
+
+### OAuth2 and a straightforward REST API
+
+Mastodon acts as an OAuth2 provider, so 3rd party apps can use the REST and Streaming APIs. This results in a rich app ecosystem with a lot of choices!
 
 ## Deployment
 
 ### Tech stack
 
 - **Ruby on Rails** powers the REST API and other web pages
-- **React.js** and **Redux** are used for the dynamic parts of the interface
+- **React.js** and Redux are used for the dynamic parts of the interface
 - **Node.js** powers the streaming API
 
 ### Requirements
 
-- **PostgreSQL** 13+
-- **Redis** 6.2+
-- **Ruby** 3.2+
-- **Node.js** 20+
+- **PostgreSQL** 9.5+
+- **Redis** 4+
+- **Ruby** 2.7+
+- **Node.js** 14+
 
-The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, and **Scalingo**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
+The repository includes deployment configurations for **Docker and docker-compose** as well as specific platforms like **Heroku**, **Scalingo**, and **Nanobox**. For Helm charts, reference the [mastodon/chart repository](https://github.com/mastodon/chart). The [**standalone** installation guide](https://docs.joinmastodon.org/admin/install/) is available in the documentation.
+
+## Development
+
+### Vagrant
+
+A **Vagrant** configuration is included for development purposes. To use it, complete the following steps:
+
+- Install Vagrant and Virtualbox
+- Install the `vagrant-hostsupdater` plugin: `vagrant plugin install vagrant-hostsupdater`
+- Run `vagrant up`
+- Run `vagrant ssh -c "cd /vagrant && foreman start"`
+- Open `http://mastodon.local` in your browser
+
+### MacOS
+
+To set up **MacOS** for native development, complete the following steps:
+
+- Install the latest stable Ruby version (use a Ruby version manager for easy installation and management of Ruby versions)
+- Run `brew install postgresql@14`
+- Run `brew install redis`
+- Run `brew install imagemagick`
+- Install Foreman or a similar tool (such as [overmind](https://github.com/DarthSim/overmind)) to handle multiple process launching.
+- Navigate to Mastodon's root directory and run `brew install nvm` then `nvm use` to use the version from .nvmrc
+- Run `corepack enable && yarn set version classic`
+- Run `bundle exec rails db:setup` (optionally prepend `RAILS_ENV=development` to target the dev environment)
+- Finally, run `overmind start -f Procfile.dev`
+
+### Docker
+
+For development with **Docker**, complete the following steps:
+
+- Install Docker Desktop
+- Run `docker compose -f .devcontainer/docker-compose.yml up -d`
+- Run `docker compose -f .devcontainer/docker-compose.yml exec app .devcontainer/post-create.sh`
+- Finally, run `docker compose -f .devcontainer/docker-compose.yml exec app foreman start -f Procfile.dev`
+
+If you are using an IDE with [support for the Development Container specification](https://containers.dev/supporting), it will run the above `docker compose` commands automatically. For **Visual Studio Code** this requires the [Dev Container extension](https://containers.dev/supporting#dev-containers).
+
+### GitHub Codespaces
+
+To get you coding in just a few minutes, GitHub Codespaces provides a web-based version of Visual Studio Code and a cloud-hosted development environment fully configured with the software needed for this project..
+
+- Click this button to create a new codespace:<br>
+  [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=52281283&devcontainer_path=.devcontainer%2Fcodespaces%2Fdevcontainer.json)
+- Wait for the environment to build. This will take a few minutes.
+- When the editor is ready, run `foreman start -f Procfile.dev` in the terminal.
+- After a few seconds, a popup will appear with a button labeled _Open in Browser_. This will open Mastodon.
+- On the _Ports_ tab, right click on the “stream” row and select _Port visibility_ → _Public_.
 
 ## Contributing
 
 Mastodon is **free, open-source software** licensed under **AGPLv3**.
 
-You can open issues for bugs you've found or features you think are missing. You
-can also submit pull requests to this repository or translations via Crowdin. To
-get started, look at the [CONTRIBUTING] and [DEVELOPMENT] guides. For changes
-accepted into Mastodon, you can request to be paid through our [OpenCollective].
+You can open issues for bugs you've found or features you think are missing. You can also submit pull requests to this repository or submit translations using Crowdin. To get started, take a look at [CONTRIBUTING.md](CONTRIBUTING.md). If your contributions are accepted into Mastodon, you can request to be paid through [our OpenCollective](https://opencollective.com/mastodon).
 
-**IRC channel**: #mastodon on [`irc.libera.chat`](https://libera.chat)
+**IRC channel**: #mastodon on irc.libera.chat
 
 ## License
 
-Copyright (c) 2016-2025 Eugen Rochko (+ [`mastodon authors`](AUTHORS.md))
+Copyright (C) 2016-2023 Eugen Rochko & other Mastodon contributors (see [AUTHORS.md](AUTHORS.md))
 
-Licensed under GNU Affero General Public License as stated in the [LICENSE](LICENSE):
+This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 
-```
-Copyright (c) 2016-2025 Eugen Rochko & other Mastodon contributors
+This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
 
-This program is free software: you can redistribute it and/or modify it under
-the terms of the GNU Affero General Public License as published by the Free
-Software Foundation, either version 3 of the License, or (at your option) any
-later version.
-
-This program is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-details.
-
-You should have received a copy of the GNU Affero General Public License along
-with this program. If not, see https://www.gnu.org/licenses/
-```
-
-[CONTRIBUTING]: CONTRIBUTING.md
-[DEVELOPMENT]: docs/DEVELOPMENT.md
-[OpenCollective]: https://opencollective.com/mastodon
+You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Rakefile

@@ -3,6 +3,6 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require_relative 'config/application'
+require File.expand_path('config/application', __dir__)
 
 Rails.application.load_tasks