Merge tag 'v1.11.29' into sc

* Ship linux tarball with static sqlcipher ([\element-hq#597](element-hq#597)). Fixes element-hq/element-web#18486.
* Show recent room breadcrumbs on touchbar ([\element-hq#183](element-hq#183)). Fixes element-hq/element-web#15998.
* Clear electron data when logging out ([\element-hq#578](element-hq#578)).
* Send Electron crashpad reports to Sentry from Nightly ([\element-hq#579](element-hq#579)). Fixes element-hq/element-web#18263.
* Recommend element-io-archive-keyring from our Debian package ([\element-hq#566](element-hq#566)).
* Allow desktop app to expose recent rooms in UI integrations ([\#16940](element-hq/element-web#16940)).
* Add API params to mute audio and/or video in Jitsi calls by default ([\#24820](element-hq/element-web#24820)). Contributed by @dhenneke.
* Style mentions as pills in rich text editor ([\#10448](matrix-org/matrix-react-sdk#10448)). Contributed by @alunturner.
* Show room create icon if "UIComponent.roomCreation" is enabled ([\#10364](matrix-org/matrix-react-sdk#10364)). Contributed by @maheichyk.
* Mentions as links rte ([\#10463](matrix-org/matrix-react-sdk#10463)). Contributed by @alunturner.
* Better error handling in jump to date ([\#10405](matrix-org/matrix-react-sdk#10405)). Contributed by @MadLittleMods.
* Show "Invite" menu option if "UIComponent.sendInvites" is enabled. ([\#10363](matrix-org/matrix-react-sdk#10363)). Contributed by @maheichyk.
* Added `UserProfilesStore`, `LruCache` and user permalink profile caching ([\#10425](matrix-org/matrix-react-sdk#10425)). Fixes element-hq/element-web#10559.
* Mentions as links rte ([\#10422](matrix-org/matrix-react-sdk#10422)). Contributed by @alunturner.
* Implement MSC3952: intentional mentions ([\#9983](matrix-org/matrix-react-sdk#9983)).
* Implement MSC3973: Search users in the user directory with the Widget API ([\#10269](matrix-org/matrix-react-sdk#10269)). Contributed by @dhenneke.
* Permalinks to message are now displayed as pills ([\#10392](matrix-org/matrix-react-sdk#10392)). Fixes element-hq/element-web#24751 and element-hq/element-web#24706.
* Show search,dial,explore in filterContainer if "UIComponent.filterContainer" is enabled ([\#10381](matrix-org/matrix-react-sdk#10381)). Contributed by @maheichyk.
* Increase space panel collapse clickable area ([\#6084](matrix-org/matrix-react-sdk#6084)). Fixes element-hq/element-web#17379. Contributed by @jaiwanth-v.
* Add fallback for replies to Polls ([\#10380](matrix-org/matrix-react-sdk#10380)). Fixes element-hq/element-web#24197. Contributed by @kerryarchibald.
* Permalinks to rooms and users are now pillified ([\#10388](matrix-org/matrix-react-sdk#10388)). Fixes element-hq/element-web#24825.
* Poll history -  access poll history from room settings ([\#10356](matrix-org/matrix-react-sdk#10356)). Contributed by @kerryarchibald.
* Add API params to mute audio and/or video in Jitsi calls by default ([\#10376](matrix-org/matrix-react-sdk#10376)). Contributed by @dhenneke.
* Notifications: inline error message on notifications saving error ([\#10288](matrix-org/matrix-react-sdk#10288)). Contributed by @kerryarchibald.
* Support dynamic room predecessor in SpaceProvider ([\#10348](matrix-org/matrix-react-sdk#10348)). Contributed by @andybalaam.
* Support dynamic room predecessors for RoomProvider ([\#10346](matrix-org/matrix-react-sdk#10346)). Contributed by @andybalaam.
* Support dynamic room predecessors in OwnBeaconStore ([\#10339](matrix-org/matrix-react-sdk#10339)). Contributed by @andybalaam.
* Support dynamic room predecessors in ForwardDialog ([\#10344](matrix-org/matrix-react-sdk#10344)). Contributed by @andybalaam.
* Support dynamic room predecessors in SpaceHierarchy ([\#10341](matrix-org/matrix-react-sdk#10341)). Contributed by @andybalaam.
* Support dynamic room predecessors in AddExistingToSpaceDialog ([\#10342](matrix-org/matrix-react-sdk#10342)). Contributed by @andybalaam.
* Support dynamic room predecessors in leave-behaviour ([\#10340](matrix-org/matrix-react-sdk#10340)). Contributed by @andybalaam.
* Support dynamic room predecessors in StopGapWidgetDriver ([\#10338](matrix-org/matrix-react-sdk#10338)). Contributed by @andybalaam.
* Support dynamic room predecessors in WidgetLayoutStore ([\#10326](matrix-org/matrix-react-sdk#10326)). Contributed by @andybalaam.
* Support dynamic room predecessors in SpaceStore ([\#10332](matrix-org/matrix-react-sdk#10332)). Contributed by @andybalaam.
* Sync polls push rules on changes to account_data ([\#10287](matrix-org/matrix-react-sdk#10287)). Contributed by @kerryarchibald.
* Support dynamic room predecessors in BreadcrumbsStore ([\#10295](matrix-org/matrix-react-sdk#10295)). Contributed by @andybalaam.
* Improved a11y for Field feedback and Secure Phrase input ([\#10320](matrix-org/matrix-react-sdk#10320)). Contributed by @Sebbones.
* Support dynamic room predecessors in RoomNotificationStateStore ([\#10297](matrix-org/matrix-react-sdk#10297)). Contributed by @andybalaam.
* Run build_linux in docker using an older glibc ([\element-hq#599](element-hq#599)). Fixes element-hq/element-web#24981.
* Use a newly generated access_token while joining Jitsi ([\#24646](element-hq/element-web#24646)). Fixes element-hq/element-web#24687. Contributed by @emrahcom.
* Fix cloudflare action pointing at commit hash instead of tag ([\#24777](element-hq/element-web#24777)). Contributed by @justjanne.
* Allow editing with RTE to overflow for autocomplete visibility ([\#10499](matrix-org/matrix-react-sdk#10499)). Contributed by @alunturner.
* Added auto focus to Github URL on opening of debug logs modal ([\#10479](matrix-org/matrix-react-sdk#10479)). Contributed by @ShivamSpm.
* Fix detection of encryption for all users in a room ([\#10487](matrix-org/matrix-react-sdk#10487)). Fixes element-hq/element-web#24995.
* Properly generate mentions when editing a reply with MSC3952 ([\#10486](matrix-org/matrix-react-sdk#10486)). Fixes element-hq/element-web#24924. Contributed by @kerryarchibald.
* Improve performance of rendering a room with many hidden events ([\#10131](matrix-org/matrix-react-sdk#10131)). Contributed by @andybalaam.
* Prevent future date selection in jump to date ([\#10419](matrix-org/matrix-react-sdk#10419)). Fixes element-hq/element-web#20800. Contributed by @MadLittleMods.
* Add aria labels to message search bar to improve accessibility ([\#10476](matrix-org/matrix-react-sdk#10476)). Fixes element-hq/element-web#24921.
* Fix decryption failure bar covering the timeline ([\#10360](matrix-org/matrix-react-sdk#10360)). Fixes element-hq/element-web#24780 element-hq/element-web#24074 and element-hq/element-web#24183. Contributed by @luixxiul.
* Improve profile picture settings accessibility ([\#10470](matrix-org/matrix-react-sdk#10470)). Fixes element-hq/element-web#24919.
* Handle group call redaction ([\#10465](matrix-org/matrix-react-sdk#10465)).
* Display relative timestamp for threads on the same calendar day ([\#10399](matrix-org/matrix-react-sdk#10399)). Fixes element-hq/element-web#24841. Contributed by @kerryarchibald.
* Fix timeline list and paragraph display issues ([\#10424](matrix-org/matrix-react-sdk#10424)). Fixes element-hq/element-web#24602. Contributed by @alunturner.
* Use unique keys for voice broadcast pips ([\#10457](matrix-org/matrix-react-sdk#10457)). Fixes element-hq/element-web#24959.
* Fix "show read receipts sent by other users" not applying to threads ([\#10445](matrix-org/matrix-react-sdk#10445)). Fixes element-hq/element-web#24910.
* Fix joining public rooms without aliases in search dialog ([\#10437](matrix-org/matrix-react-sdk#10437)). Fixes element-hq/element-web#23937.
* Add input validation for `m.direct` in `DMRoomMap` ([\#10436](matrix-org/matrix-react-sdk#10436)). Fixes element-hq/element-web#24909.
* Reduce height reserved for "collapse" button's line on IRC layout ([\#10211](matrix-org/matrix-react-sdk#10211)). Fixes element-hq/element-web#24605. Contributed by @luixxiul.
* Fix `creatorUserId is required` error when opening sticker picker ([\#10423](matrix-org/matrix-react-sdk#10423)).
* Fix block/inline Element descendants error noise in `NewRoomIntro.tsx` ([\#10412](matrix-org/matrix-react-sdk#10412)). Contributed by @MadLittleMods.
* Fix profile resizer to make first character of a line selectable in IRC layout ([\#10396](matrix-org/matrix-react-sdk#10396)). Fixes element-hq/element-web#14764. Contributed by @luixxiul.
* Ensure space between wrapped lines of room name on IRC layout ([\#10188](matrix-org/matrix-react-sdk#10188)). Fixes element-hq/element-web#24742. Contributed by @luixxiul.
* Remove unreadable alt attribute from the room status bar warning icon (nonsense to screenreaders) ([\#10402](matrix-org/matrix-react-sdk#10402)). Contributed by @MadLittleMods.
* Fix big date separators when jump to date is enabled ([\#10404](matrix-org/matrix-react-sdk#10404)). Fixes element-hq/element-web#22969. Contributed by @MadLittleMods.
* Fixes user authentication when registering via the module API ([\#10257](matrix-org/matrix-react-sdk#10257)). Contributed by @maheichyk.
* Handle more edge cases in Space Hierarchy ([\#10280](matrix-org/matrix-react-sdk#10280)). Contributed by @justjanne.
* Further improve performance with lots of hidden events ([\#10353](matrix-org/matrix-react-sdk#10353)). Fixes element-hq/element-web#24480. Contributed by @andybalaam.
* Respect user cancelling upload flow by dismissing spinner ([\#10373](matrix-org/matrix-react-sdk#10373)). Fixes element-hq/element-web#24667.
* When starting a DM, the end-to-end encryption status icon does now only appear if the DM can be encrypted ([\#10394](matrix-org/matrix-react-sdk#10394)). Fixes element-hq/element-web#24397.
* Fix `[object Object]` in feedback metadata ([\#10390](matrix-org/matrix-react-sdk#10390)).
* Fix pinned messages card saying nothing pinned while loading ([\#10385](matrix-org/matrix-react-sdk#10385)). Fixes element-hq/element-web#24615.
* Fix import e2e key dialog staying disabled after paste ([\#10375](matrix-org/matrix-react-sdk#10375)). Fixes element-hq/element-web#24818.
* Show all labs even if incompatible, with appropriate tooltip explaining requirements ([\#10369](matrix-org/matrix-react-sdk#10369)). Fixes element-hq/element-web#24813.
* Fix UIFeature.Registration not applying to all paths ([\#10371](matrix-org/matrix-react-sdk#10371)). Fixes element-hq/element-web#24814.
* Clicking on a user pill does now only open the profile in the right panel and no longer navigates to the home view. ([\#10359](matrix-org/matrix-react-sdk#10359)). Fixes element-hq/element-web#24797.
* Fix start DM with pending third party invite ([\#10347](matrix-org/matrix-react-sdk#10347)). Fixes element-hq/element-web#24781.
* Fix long display name overflowing reply tile on IRC layout ([\#10343](matrix-org/matrix-react-sdk#10343)). Fixes element-hq/element-web#24738. Contributed by @luixxiul.
* Display redacted body on ThreadView in the same way as normal messages ([\#9016](matrix-org/matrix-react-sdk#9016)). Fixes element-hq/element-web#24729. Contributed by @luixxiul.
* Handle more edge cases in ACL updates ([\#10279](matrix-org/matrix-react-sdk#10279)). Contributed by @justjanne.
* Allow parsing png files to fail if thumbnailing is successful ([\#10308](matrix-org/matrix-react-sdk#10308)).

.github/workflows/build_and_deploy.yaml

@@ -90,22 +90,37 @@ jobs:
             base-url: https://packages.element.io/${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
             version: ${{ needs.prepare.outputs.macos-version }}
 
+    # We do not put this call into deploy-mode as we do not want it to add to the packages.element.io artifact
+    # We ship this build via reprepro only
     linux:
         if: github.event_name != 'workflow_dispatch' || inputs.linux
         needs: prepare
-        name: Linux
+        name: Linux (sqlcipher system)
         uses: ./.github/workflows/build_linux.yaml
         with:
             config: element.io/${{ inputs.mode || 'nightly' }}
             sqlcipher: system
             version: ${{ needs.prepare.outputs.linux-version }}
 
-    # This deploy job only handles Windows & macOS as those are stateless and static.
+    # We ship the static build via static tarball only
+    linux_static:
+        if: github.event_name != 'workflow_dispatch' || inputs.linux
+        needs: prepare
+        name: Linux (sqlcipher static)
+        uses: ./.github/workflows/build_linux.yaml
+        with:
+            deploy-mode: true
+            config: element.io/${{ inputs.mode || 'nightly' }}
+            sqlcipher: static
+            version: ${{ needs.prepare.outputs.linux-version }}
+
+    # This deploy job only handles Windows, macOS & linux_static as those are stateless and static.
     # Linux will be deployed via reprepro after it, but we list it as a dependency to abort if it fails.
     deploy:
         needs:
             - macos
             - linux
+            - linux_static
             - windows_32bit
             - windows_64bit
         runs-on: ubuntu-latest

.github/workflows/build_and_test.yaml

@@ -80,7 +80,7 @@ jobs:
                   cache: "yarn"
 
             - name: Install Deps
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
             - uses: actions/download-artifact@v3
               with:

.github/workflows/build_linux.yaml

@@ -16,11 +16,15 @@ on:
                 type: string
                 required: true
                 description: "How to link sqlcipher, one of 'system' | 'static'"
+            deploy-mode:
+                type: boolean
+                required: false
+                description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones"
 jobs:
     build:
         runs-on: ubuntu-latest
         container:
-            image: ghcr.io/vector-im/element-desktop-dockerbuild:t3chguy-dockerbuild
+            image: ghcr.io/vector-im/element-desktop-dockerbuild:${{ github.ref_name == 'master' && 'master' || 'develop' }}
         defaults:
             run:
                 shell: bash
@@ -35,7 +39,7 @@ jobs:
               id: cache
               uses: actions/cache@v3
               with:
-                  key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
+                  key: ${{ runner.os }}-${{ inputs.sqlcipher }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
                   path: |
                       ./.hak
 
@@ -48,7 +52,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
             - name: Build Natives
               if: steps.cache.outputs.cache-hit != 'true'
@@ -68,7 +72,7 @@ jobs:
                   if [ -f changelog.Debian ]; then
                       echo "config-args=--deb-changelog changelog.Debian" >> $GITHUB_OUTPUT
                   fi
-                  
+
                   cp "$DIR/control.template" debcontrol
                   VERSION=${INPUT_VERSION:-$(cat package.json | jq -r .version)}
                   echo "Version: $VERSION" >> debcontrol
@@ -78,12 +82,56 @@ jobs:
 
             - name: Build App
               run: |
-                  npx ts-node scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --deb-custom-control=debcontrol
+                  npx ts-node scripts/generate-builder-config.ts \
+                      ${{ steps.nightly.outputs.config-args }} \
+                      ${{ steps.debian.outputs.config-args }} \
+                      --deb-custom-control=debcontrol
                   yarn build --publish never -l --config electron-builder.json
 
+            - name: Check ldd
+              run: |
+                  ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node
+                  if [ "$SQLCIPHER_STATIC" == "1" ]; then
+                      ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node | grep -v libsqlcipher.so.0
+                      ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node | grep libcrypto.so.1.1
+                  else
+                      ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node | grep libsqlcipher.so.0
+                      ldd dist/linux-unpacked/resources/app.asar.unpacked/node_modules/matrix-seshat/native/index.node | grep -v libcrypto.so.1.1
+                  fi
+              env:
+                  SQLCIPHER_STATIC: ${{ inputs.sqlcipher == 'static' && '1' || '' }}
+
+            - name: Stash deb package
+              if: inputs.deploy-mode
+              uses: actions/upload-artifact@v3
+              with:
+                  name: linux-sqlcipher-${{ inputs.sqlcipher }}-deb
+                  path: dist/*.deb
+                  retention-days: 1
+
+            - name: Prepare artifacts for deployment
+              if: inputs.deploy-mode
+              run: |
+                  mv dist _dist
+                  mkdir -p "dist/install/linux/glibc-x86-64/"
+                  mv _dist/*.tar.gz "dist/install/linux/glibc-x86-64"
+
+            # We don't wish to store the tarball for every nightly ever, so we only keep the latest
+            - name: "[Nightly] Strip version from tarball"
+              if: inputs.deploy-mode && inputs.version != ''
+              run: |
+                  mv dist/install/linux/glibc-x86-64/*.tar.gz "dist/install/linux/glibc-x86-64/element-desktop-nightly.tar.gz"
+
+            - name: "[Release] Prepare release latest symlink"
+              if: inputs.deploy-mode && inputs.version == ''
+              shell: bash
+              run: |
+                  ln -s "$(find . -type f -iname "*.tar.gz" | xargs -0 -n1 -- basename)" "element-desktop.tar.gz"
+              working-directory: "dist/install/linux/glibc-x86-64"
+
             - name: Upload Artifacts
               uses: actions/upload-artifact@v3
               with:
-                  name: linux-sqlcipher-${{ inputs.sqlcipher }}
+                  name: ${{ inputs.deploy-mode && 'packages.element.io' || format('linux-sqlcipher-{0}', inputs.sqlcipher) }}
                   path: dist
                   retention-days: 1

.github/workflows/build_macos.yaml

@@ -24,7 +24,7 @@ on:
                 required: false
                 description: "Whether to sign & notarise the build, requires 'packages.element.io' environment"
             deploy-mode:
-                type: string
+                type: boolean
                 required: false
                 description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones"
             base-url:
@@ -64,7 +64,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
             - name: Build Natives
               if: steps.cache.outputs.cache-hit != 'true'

.github/workflows/build_prepare.yaml

@@ -56,7 +56,7 @@ jobs:
                   cache: "yarn"
 
             - name: Install Deps
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
             - name: Fetch Element Web
               run: yarn run fetch --noverify -d ${{ inputs.config }} ${{ inputs.version }}
@@ -108,8 +108,9 @@ jobs:
                   echo "element-desktop ($VERSION) default; urgency=medium" >> changelog.Debian
                   echo "$BODY" | sed 's/^##/\n  */g;s/^\*/  */g' | perl -pe 's/\[.+?]\((.+?)\)/\1/g' >> changelog.Debian
                   echo "" >> changelog.Debian
-                  echo " -- ${{ github.actor }} <support@element.io>  $TIME" >> changelog.Debian
+                  echo " -- $ACTOR <support@element.io>  $TIME" >> changelog.Debian
               env:
+                  ACTOR: ${{ github.actor }}
                   VERSION: v${{ steps.package.outputs.version }}
                   BODY: ${{ steps.release.outputs.body }}
                   PUBLISHED_AT: ${{ steps.release.outputs.published_at }}

.github/workflows/build_windows.yaml

@@ -24,7 +24,7 @@ on:
                 required: false
                 description: "Whether to sign & notarise the build, requires 'packages.element.io' environment"
             deploy-mode:
-                type: string
+                type: boolean
                 required: false
                 description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones"
 jobs:
@@ -107,7 +107,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
             - name: Build Natives
               if: steps.cache.outputs.cache-hit != 'true'

.github/workflows/codeql.yml

@@ -0,0 +1,51 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "develop", master, staging ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "develop" ]
+  schedule:
+    - cron: '19 9 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # We have a single C file for the rebrand_stub which we don't want/need to analyse
+        # but it prevents us from using the built-in CodeQL scanner
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/dockerbuild.yaml

@@ -0,0 +1,43 @@
+name: Dockerbuild
+on:
+    workflow_dispatch: {}
+    push:
+        branches: [master, develop]
+        paths:
+            - "dockerbuild/**"
+concurrency: ${{ github.workflow }}-${{ github.ref_name }}
+env:
+    REGISTRY: ghcr.io
+    IMAGE_NAME: ${{ github.repository }}-dockerbuild
+jobs:
+    build:
+        name: Docker Build
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            packages: write
+        steps:
+            - uses: actions/checkout@v3
+
+            - name: Log in to the Container registry
+              uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+              with:
+                  registry: ${{ env.REGISTRY }}
+                  username: ${{ github.actor }}
+                  password: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Extract metadata for Docker
+              id: meta
+              uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+              with:
+                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+                  tags: |
+                      type=ref,event=branch
+
+            - name: Build and push Docker image
+              uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+              with:
+                  context: dockerbuild
+                  push: true
+                  tags: ${{ steps.meta.outputs.tags }}
+                  labels: ${{ steps.meta.outputs.labels }}

.github/workflows/static_analysis.yaml

@@ -16,7 +16,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
             - name: Typecheck
               run: "yarn run lint:types"
@@ -37,7 +37,7 @@ jobs:
 
             # Does not need branch matching as only analyses this layer
             - name: Install Deps
-              run: "yarn install --pure-lockfile"
+              run: "yarn install --frozen-lockfile"
 
             - name: Run Linter
               run: "yarn run lint:js"