Switch product and installation telemetry to OTLP/Grafana across runtime config, CI injection, docs, and tests to unify telemetry transport and simplify privacy-focused opt-in behavior.
Add trigger-demo-deploy job to cd-release workflow that POSTs to
Render deploy hook when TimeTrackerDemoRender org secret is set.
Runs after build-and-push; skips gracefully if secret is not
configured. Include demo deploy status in release summary.
Document in RENDER.md, CI_CD_DOCUMENTATION.md, and
GITHUB_ACTIONS_SETUP.md.
- Add optional step before Docker build: write DONATE_HIDE_PUBLIC_KEY_PEM secret to donate_hide_public.pem
- Image then contains key at /app/donate_hide_public.pem when secret is set; build still succeeds if unset
Co-authored-by: Cursor <cursoragent@cursor.com>
- Make InstallationConfig config dir overridable via INSTALLATION_CONFIG_DIR
so tests and CI use a writable path instead of /data (fixes PermissionError
on redirect to /admin/settings after logo upload).
- Set INSTALLATION_CONFIG_DIR in conftest before app import and in
ci-comprehensive.yml for integration-tests and full-test-suite jobs.
- In Settings.get_settings(), add _session_in_flush() and a re-entrancy
guard to skip add+commit when called during another commit's flush,
fixing ResourceClosedError in currency_display test setup.
- Update test_installation_config fixture to set INSTALLATION_CONFIG_DIR
so it continues to use its temp dir with the new env-based behavior.
- test_client_portal_dashboard_requires_access: expect 302 redirect to
client portal login instead of 403. The client portal 403 handler
redirects authenticated non-portal users to login by design.
- Run routes unit group with -n 0 in CI to avoid SQLite 'database is
locked' errors from audit logging under pytest-xdist parallel workers;
fixes client_portal and admin client-portal test failures.
- Add iOS archive creation step to build-mobile.yml
- Enhance error handling and diagnostics in cd-release.yml
- Add file existence checks and directory listings for debugging
- Change artifact upload from 'ignore' to 'error' for better failure detection
- Comment out mobile app tests as source code is incomplete
- Tests exist but lib/ source code is missing
- Allows CI/CD to continue building while mobile app is in development
- Enhance build scripts with better error handling and Windows support
- Add Windows-specific build scripts and PowerShell utilities
- Add asset preparation and verification scripts
- Update GitHub Actions workflows for desktop and mobile builds
- Add build configuration and troubleshooting utilities
- Improve cross-platform build compatibility
- Add GitHub Actions workflow for building Flutter mobile apps
- Add GitHub Actions workflow for building Electron desktop apps
- Update release workflow to include mobile and desktop build jobs
- Support cross-platform builds (Android, iOS, Windows, macOS, Linux)
- Add artifact publishing for built applications
Changes:
- Add step to convert image names to lowercase in CD workflow
- Update docker-compose.production.yml generation to use lowercase image names
- Enhance production deployment with nginx reverse proxy and certgen service
- Update CSRF configuration documentation with IP access guidance
- Improve deployment manifest generation with better service orchestration
- Normalize line endings from CRLF to LF across all files to match .editorconfig
- Standardize quote style from single quotes to double quotes
- Normalize whitespace and formatting throughout codebase
- Apply consistent code style across 372 files including:
* Application code (models, routes, services, utils)
* Test files
* Configuration files
* CI/CD workflows
This ensures consistency with the project's .editorconfig settings and
improves code maintainability.
Improved the Release Build workflow to clearly show that PostHog and Sentry
credentials are being injected from the GitHub Secret Store, providing better
transparency and auditability.
Changes:
- Enhanced workflow step name to explicitly mention "GitHub Secrets"
- Added comprehensive logging with visual separators and clear sections
- Added before/after file content display showing placeholder replacement
- Added secret availability verification with format validation
- Added detailed error messages with step-by-step fix instructions
- Enhanced release summary to highlight successful credential injection
- Updated build configuration documentation with cross-references
Benefits:
- Developers can immediately see credentials come from GitHub Secret Store
- Security teams have clear audit trail of credential injection process
- Better troubleshooting with detailed error messages
- Secrets remain protected with proper redaction (first 8 + last 4 chars)
- Multiple validation steps ensure correct injection
The workflow now outputs 50+ lines of structured logging showing:
- Secret store location (Settings → Secrets and variables → Actions)
- Target file being modified (app/config/analytics_defaults.py)
- Verification that secrets are available
- Format validation (phc_* pattern for PostHog)
- Confirmation of successful placeholder replacement
- Summary with redacted credential previews
Workflow: .github/workflows/cd-release.yml
Documentation: docs/cicd/README_BUILD_CONFIGURATION.md
Fully backward compatible - no breaking changes.
Refactor GitHub Actions workflows to support a release candidate (RC)
branch workflow instead of direct develop->main flow.
Changes:
- cd-development.yml: Trigger on PRs to RC branches (not push to develop)
* Updated summary to show PR context (source/target branches)
* Build development images when code is promoted to RC
- cd-release.yml: Trigger on PRs from RC to main/master
* Added path filters for code changes only
* Enables release validation before merge to main
- ci-comprehensive.yml: Run tests on PRs to RC branches
* Full test suite now runs for PRs to main, master, and RC branches
* Ensures code quality before RC promotion
New workflow:
develop (push) -> no actions
develop -> rc (PR) -> run tests + development build
rc -> main (PR) -> run tests + release build
Supports both single RC branch (rc) and versioned RC branches (rc/*)
Breaking change: Development builds no longer trigger on push to develop.
They now require a PR to an RC branch.
Implement comprehensive analytics and monitoring system with PostHog integration,
complete observability stack (Prometheus, Grafana, Loki, Promtail), and CI/CD
workflows for automated builds.
Features:
- Add PostHog telemetry integration with privacy-focused event tracking
- Implement installation flow for opt-in telemetry configuration
- Add telemetry management UI in admin panel with detailed transparency
- Track key user events across all major features (projects, tasks, timer, etc.)
Infrastructure:
- Set up Prometheus for metrics collection
- Configure Grafana for visualization dashboards
- Integrate Loki and Promtail for log aggregation
- Add separate analytics docker-compose configuration
CI/CD:
- Add GitHub Actions workflows for building and publishing Docker images
- Implement separate dev and production build pipelines
- Configure automated image publishing to registry
Documentation:
- Restructure documentation into organized docs/ directory
- Add comprehensive guides for telemetry, analytics, and local development
- Create transparency documentation for tracked events
- Add CI/CD and build configuration guides
Code improvements:
- Integrate telemetry hooks across all route handlers
- Add feature flags and configuration management
- Refactor test suite for analytics functionality
- Clean up root directory by moving docs and removing test artifacts
Breaking changes:
- Requires new environment variables for PostHog configuration
- Docker compose setup now supports analytics stack
Changes: 73 files changed, 955 insertions(+), 14126 deletions(-)
Dries Peeters