diff --git a/.github/actions-lock.txt b/.github/actions-lock.txt new file mode 100644 index 000000000..3529b3e63 --- /dev/null +++ b/.github/actions-lock.txt @@ -0,0 +1,21 @@ +# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT +25fc4c7e69e778e20bdc9eb0cc96367e block-merge-freeze.yml +46e653f77f1e1054dcf113bf2bab7eab command-compile.yml +389be040fb297cf15b006d2f8094a6d0 documentation.yml +2a205b6cc57c26c31a18a7f41190f3e2 lint-eslint.yml +870b483dbcbca59479211270d61546dd lint-php-cs.yml +ee2b04d185b82fe7dd6fe6d83c6c7b45 lint-php.yml +50216efd4562e58dd14aa181e1bb5df0 lint-typescript.yml +03759c9dc0fa748cb927b9f9cadf2925 node.yml +07e60b2f304c749ee563f1256caf2793 phpunit-mysql.yml +b98798d397dd45f12c777038d230509e phpunit-oci.yml +4bf29a4d193f83443d16d368c60a7870 phpunit-pgsql.yml +21244b02c3f1ad7d78951ba1b876638f phpunit-sqlite.yml +3c4a096b3b7dbaef0f8e5190ffe13518 pr-feedback.yml +20b5d0d45766e3793f19c9c0c8d05140 psalm.yml +3a3f15a7bb92a0aadee0f39975f643ce rector-apply.yml +3975dc58817119d596a8f6ed190352ce reuse.yml +9799b1a6a842b5c0076b76de651a0e0d sync-workflow-templates.yml +a3440826636c0fd7c2d20b1de50363da update-nextcloud-ocp-approve-merge.yml +39db87018db395caf41007931817cdbd update-nextcloud-ocp.yml diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index ba5ea1f78..ccf8274c3 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -52,7 +52,7 @@ jobs: exit 1 - name: Check actor permission - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: write @@ -65,7 +65,7 @@ jobs: reactions: '+1' - name: Parse command - uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2 + uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v3.1 id: command # Init path depending on which command is run @@ -103,10 +103,9 @@ jobs: key: git-repo - name: Checkout ${{ needs.init.outputs.head_ref }} - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: - # Needed to allow force push later - persist-credentials: true + persist-credentials: false token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 ref: ${{ needs.init.outputs.head_ref }} @@ -124,7 +123,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }} cache: npm @@ -134,11 +133,13 @@ jobs: - name: Rebase to ${{ needs.init.outputs.base_ref }} if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} + env: + BASE_REF: ${{ needs.init.outputs.base_ref }} run: | - git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}' + git fetch origin "${BASE_REF}:${BASE_REF}" # Start the rebase - git rebase 'origin/${{ needs.init.outputs.base_ref }}' || { + git rebase "origin/${BASE_REF}" || { # Handle rebase conflicts in a loop while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do echo "Handling rebase conflict..." @@ -146,11 +147,11 @@ jobs: # Remove and checkout /dist and /js folders from the base branch if [ -d "dist" ]; then rm -rf dist - git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch" + git checkout "origin/${BASE_REF}" -- dist/ 2>/dev/null || echo "No dist folder in base branch" fi if [ -d "js" ]; then rm -rf js - git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch" + git checkout "origin/${BASE_REF}" -- js/ 2>/dev/null || echo "No js folder in base branch" fi # Stage all changes @@ -182,20 +183,26 @@ jobs: - name: Commit default if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --signoff -m 'chore(assets): Recompile assets' - name: Commit fixup if: ${{ contains(needs.init.outputs.arg1, 'fixup') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --fixup=HEAD --signoff - name: Commit amend if: ${{ contains(needs.init.outputs.arg1, 'amend') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --amend --no-edit --signoff # Remove any [skip ci] from the amended commit git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')" @@ -204,13 +211,19 @@ jobs: if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }} env: HEAD_REF: ${{ needs.init.outputs.head_ref }} - run: git push origin "$HEAD_REF" + BOT_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + run: | + git remote set-url origin "https://x-access-token:${BOT_TOKEN}@github.com/${{ github.repository }}.git" + git push origin "$HEAD_REF" - name: Force push if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }} env: HEAD_REF: ${{ needs.init.outputs.head_ref }} - run: git push --force-with-lease origin "$HEAD_REF" + BOT_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + run: | + git remote set-url origin "https://x-access-token:${BOT_TOKEN}@github.com/${{ github.repository }}.git" + git push --force-with-lease origin "$HEAD_REF" - name: Add reaction on failure uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index f6970a50a..ba7d9c657 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -25,12 +25,12 @@ jobs: - name: Check actor permission level # Only allow admin to deploy on release if: github.event.release - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: admin - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -42,9 +42,10 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} + package-manager-cache: false - name: Set up npm ${{ steps.versions.outputs.npmVersion }} run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' @@ -60,7 +61,7 @@ jobs: - name: Deploy # Only deploy on release if: github.event.release - uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 + uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4.1.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./dist/doc diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index af1187119..3e34f7e8c 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -56,7 +56,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -68,7 +68,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index da402086a..bb67a0042 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -34,7 +34,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Set up php${{ steps.versions.outputs.php-min }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index d1eafea62..cb2684b24 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -25,7 +25,7 @@ jobs: php-max: ${{ steps.versions.outputs.php-max }} steps: - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -34,7 +34,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 php-lint: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low needs: matrix strategy: matrix: @@ -44,12 +44,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-typescript.yml b/.github/workflows/lint-typescript.yml index 6d5fa2246..56a4215e0 100644 --- a/.github/workflows/lint-typescript.yml +++ b/.github/workflows/lint-typescript.yml @@ -55,7 +55,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -67,7 +67,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 1ee766231..9f672c2af 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -6,108 +6,27 @@ # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Node +# TODO: Remove this after a grace period of 6 months to give everyone the chance to switch to the new workflow name +# TODO: To be removed end of 2026. +name: No-op please switch to npm-build.yml on: pull_request permissions: - contents: read + contents: none concurrency: group: node-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: - changes: - runs-on: ubuntu-latest-low - permissions: - contents: read - pull-requests: read - - outputs: - src: ${{ steps.changes.outputs.src}} - - steps: - - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 - id: changes - continue-on-error: true - with: - filters: | - src: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '**.js' - - '**.ts' - - '**.vue' - - build: - runs-on: ubuntu-latest - - needs: changes - if: needs.changes.outputs.src != 'false' - - name: NPM build - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 - id: versions - with: - fallbackNode: '^24' - fallbackNpm: '^11.3' - - - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 - with: - node-version: ${{ steps.versions.outputs.nodeVersion }} - - - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - - - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460 - run: | - npm i -g npm-package-lock-add-resolved@1.1.4 - npm-package-lock-add-resolved - git --no-pager diff --exit-code - - - name: Install dependencies & build - env: - CYPRESS_INSTALL_BINARY: 0 - PUPPETEER_SKIP_DOWNLOAD: true - run: | - npm ci - npm run build --if-present - - - name: Check build changes - run: | - bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" - - - name: Show changes on failure - if: failure() - run: | - git status - git --no-pager diff - exit 1 # make it red to grab attention - summary: - permissions: - contents: none runs-on: ubuntu-latest-low - needs: [changes, build] - if: always() # This is the summary, we just avoid to rename it so that branch protection rules still match name: node steps: - - name: Summary status - run: if ${{ needs.changes.outputs.src != 'false' && needs.build.result != 'success' }}; then exit 1; fi + - name: No-op please switch to npm-build.yml + run: echo "The workflow has been renamed, please switch to npm-build.yml from organization templates"; exit 1; diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml index e0216816f..0515478c5 100644 --- a/.github/workflows/phpunit-mysql.yml +++ b/.github/workflows/phpunit-mysql.yml @@ -24,7 +24,7 @@ jobs: matrix: ${{ steps.versions.outputs.sparse-matrix }} steps: - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -89,7 +89,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -97,13 +97,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml index 535538265..caf3ea758 100644 --- a/.github/workflows/phpunit-oci.yml +++ b/.github/workflows/phpunit-oci.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -101,7 +101,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -109,13 +109,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml index 4592e6250..e7c150719 100644 --- a/.github/workflows/phpunit-pgsql.yml +++ b/.github/workflows/phpunit-pgsql.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -92,7 +92,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -100,13 +100,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml index e2e299ab1..4f7da8d4d 100644 --- a/.github/workflows/phpunit-sqlite.yml +++ b/.github/workflows/phpunit-sqlite.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -81,7 +81,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -89,13 +89,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 4d4a4ec44..82f306edd 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -24,7 +24,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -36,7 +36,7 @@ jobs: run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml - name: Set up php${{ steps.versions.outputs.php-available }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ steps.versions.outputs.php-available }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/rector-apply.yml b/.github/workflows/rector-apply.yml index 683860155..48a746a4c 100644 --- a/.github/workflows/rector-apply.yml +++ b/.github/workflows/rector-apply.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false ref: ${{ github.event.repository.default_branch }} @@ -36,7 +36,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Set up php${{ steps.versions.outputs.php-min }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite @@ -54,9 +54,9 @@ jobs: run: composer run rector - name: Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'refactor: Apply rector changes' committer: GitHub author: nextcloud-command diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 3f485f875..4e1a74194 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest-low steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/sync-workflow-templates.yml b/.github/workflows/sync-workflow-templates.yml index 93704ef34..85090be9b 100644 --- a/.github/workflows/sync-workflow-templates.yml +++ b/.github/workflows/sync-workflow-templates.yml @@ -43,14 +43,14 @@ jobs: require: admin - name: Checkout workflow repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: source repository: nextcloud/.github - name: Checkout app - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: target diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml index dfe0ef4e9..88c54da0a 100644 --- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml +++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.actor == 'nextcloud-command' runs-on: ubuntu-latest-low permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve-action to approve PRs pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,16 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - name: GitHub actions bot approve if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') - with: - github-token: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 + uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # 3.0.0 if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index 6e00570e3..6a28a33f7 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -21,6 +21,9 @@ jobs: update-nextcloud-ocp: runs-on: ubuntu-latest + # Only allowed to be run on nextcloud repositories + if: ${{ github.repository_owner == 'nextcloud' }} + strategy: fail-fast: false matrix: @@ -34,18 +37,18 @@ jobs: steps: - id: checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false ref: ${{ matrix.branches }} submodules: true continue-on-error: true - - name: Set up php8.2 + - name: Set up php8.3 if: steps.checkout.outcome == 'success' - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: - php-version: 8.2 + php-version: 8.3 # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none