decidim 0.25.0 → 0.26.0

data/docs/modules/develop/pages/security.adoc

@@ -5,15 +5,7 @@
 Until we have the version 1.0 we support only the last minor and major
 version with security updates.
 
-|===
-| Version | Supported
-
-| 0.21.x
-| :white_check_mark:
-
-| \<= 0.20
-| :x:
-|===
+https://github.com/decidim/decidim/blob/doc/security-keyserver/SECURITY.adoc[See the last supported version].
 
 == Reporting a Vulnerability
 
@@ -29,5 +21,5 @@ is `C1BD 8981 D83C 23F9 D419 FE42 149A D0F9 84B9 35C4`. To download our key:
 
 [source,bash]
 ----
-gpg --keyserver pgp.key-server.io --recv 84B935C4
+gpg --keyserver pgp.mit.edu --recv 84B935C4
 ----

data/docs/modules/install/pages/manual.adoc

@@ -4,17 +4,17 @@ In order to develop on decidim, you'll need:
 
 * *Git* 2.15+
 * *PostgreSQL* 12.7+
-* *Ruby* 2.7.1
+* *Ruby* 2.7.5
 * *NodeJS* 16.9.x
 * *Npm* 7.21.x
 * *ImageMagick*
 * *Chrome* browser and https://sites.google.com/a/chromium.org/chromedriver/[chromedriver].
 
-We're starting with an Ubuntu 20.04 LTS. This is an opinionated guide, so you're free to use the technology that you are most comfortable. If you have any doubts and you're blocked you can go and ask on https://gitter.im/decidim/decidim[our Gitter].
+We're starting with an Ubuntu 20.04.2 LTS. This is an opinionated guide, so you're free to use the technology that you are most comfortable. If you have any doubts and you're blocked you can go and ask on https://matrix.to/#/#decidimdevs:matrix.org[our Matrix.org chat room for developers].
 
 We recommend to have at least some basic proficiency in Ruby on Rails (a good starting point is http://guides.rubyonrails.org/getting_started.html[Getting Started with Ruby on Rails]) and have some knowledge on how gems work.
 
-In this guide, we'll see how to install rbenv, PostgreSQL and, Decidim, and how to configure everything together.
+In this guide, we'll see how to install rbenv, PostgreSQL, Node.js and, Decidim, and how to configure everything together for a development environment. Mind that if you want to make a production deployment with real users this guide isn't enough, you should configure a web server (like nginx), backups, monitoring, etc. This is out of the scope of this guide, but you can follow the https://platoniq.github.io/decidim-install/[Platoniq guide].
 
 == 1. Installing rbenv
 
@@ -23,14 +23,14 @@ First, we're going to install https://github.com/rbenv/rbenv[rbenv], for managin
 [source,bash]
 ----
 sudo apt update
-sudo apt install -y build-essential git libssl-dev zlib1g-dev
+sudo apt install -y build-essential curl git libssl-dev zlib1g-dev
 git clone https://github.com/rbenv/rbenv.git ~/.rbenv
 echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
 echo 'eval "$(rbenv init -)"' >> ~/.bashrc
 source ~/.bashrc
 git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
-rbenv install 2.7.1
-rbenv global 2.7.1
+rbenv install 2.7.5
+rbenv global 2.7.5
 ----
 
 == 2. Installing PostgreSQL
@@ -45,13 +45,26 @@ sudo -u postgres psql -c "CREATE USER decidim_app WITH SUPERUSER CREATEDB NOCREA
 
 You need to change the password (in this example is "thepassword") and save it somewhere to configure it later with the application.
 
-== 3. Installing Decidim
+== 3. Installing Node.js
+
+An important component for Decidim is Node.js and Yarn. With this commands you will install them:
+
+[source,bash]
+----
+curl -sL https://deb.nodesource.com/setup_16.x | sudo -E bash -
+sudo apt-get install -y nodejs
+curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
+echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
+sudo apt-get update && sudo apt-get install -y yarn
+----
+
+== 4. Installing Decidim
 
 Next, we need to install the `decidim` gem with its dependencies:
 
 [source,bash]
 ----
-sudo apt install -y libicu-dev nodejs imagemagick
+sudo apt install -y libicu-dev imagemagick
 gem install decidim
 ----
 
@@ -71,43 +84,34 @@ git add .
 git commit -m "Initial commit. Generated with Decidim https://decidim.org"
 ----
 
-== 4. Configure the database
+== 5. Configure the database
 
-Modify your secrets (see `config/database.yml`). For this you can use https://github.com/laserlemon/figaro[figaro], https://github.com/bkeepers/dotenv[dotenv] or https://github.com/rbenv/rbenv-vars[rbenv-vars]. You should always be careful of not uploading your plain secrets on git or your version control system. You can also upload the encrypted secrets, using the sekrets gem or if you're on Ruby on Rails greater than 5.1 you can do it natively.
+Modify your secrets (see `config/database.yml`). For this you can use https://github.com/laserlemon/figaro[figaro], https://github.com/bkeepers/dotenv[dotenv] or https://github.com/rbenv/rbenv-vars[rbenv-vars]. You
+should always be careful of not uploading your plain secrets on git or your version control system. You can also upload the encrypted secrets, using the sekrets gem or if you're on Ruby on Rails greater than 5.1 you can do it natively.
 
-For instance, for working with figaro, add this to your `Gemfile`:
+For a development environment, and if you are using rbenv, we strongly recommend you to use the https://github.com/rbenv/rbenv-vars[rbenv-vars] to facilitate the edition of ENV vars.
 
-[source,ruby]
-----
-gem "figaro"
-----
-
-Then install it:
+First you'll need to install the rbenv-vars plugin:
 
 [source,bash]
 ----
-bundle install
-bundle exec figaro install
+git clone https://github.com/rbenv/rbenv-vars.git "$(rbenv root)"/plugins/rbenv-vars
 ----
 
-Next, add this to your `config/application.yml`, using the setup PostgreSQL database name, user and, password that you've configured before.
-
-[source,yaml]
-----
-DATABASE_HOST: localhost
-DATABASE_USERNAME: decidim_app
-DATABASE_PASSWORD: thepassword
-----
-
-Finally, save it all to git:
+Then, in **any folder above your decidim generated application**, you need to create a file named `.rbenv-vars` and put your variables there:
 
 [source,bash]
 ----
-git add .
-git commit -m "Add figaro configuration management"
+cat << EOF > .rbenv-vars
+DATABASE_HOST=localhost
+DATABASE_USERNAME=decidim_app
+DATABASE_PASSWORD=thepassword
+EOF
 ----
 
-== 5. Initializing your app for local development
+Be careful where you put the `.rbenv-vars` file, as if you put it in the same folder of your decidim generated application, and if you use a version control system (like `git`, which we strongly recommend), then you should ignore this file (ie with the `.gitignore` file).
+
+== 6. Initializing your app for local development
 
 We should now create your database:
 
@@ -119,7 +123,7 @@ bin/rails db:seed
 
 This will also create some default data so you can start testing the app, with an administrator account with email admin@example.org and password `decidim123456`
 
-== 6. Start your web server
+== 7. Start your web server
 
 You can now start your server!
 

data/lib/decidim/version.rb

@@ -3,6 +3,6 @@
 # This holds the decidim version and the faker version it uses.
 module Decidim
   def self.version
-    "0.25.0"
+    "0.26.0"
   end
 end

data/lib/tasks/common_passwords_tasks.rake

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "decidim/common_passwords"
+
+namespace :decidim do
+  namespace :common_passwords do
+    desc "Update common passwords list"
+    task :update do
+      Decidim::CommonPasswords.update_passwords!
+    end
+  end
+end