From 99be4a44711ef378b317b25882d660f10de8ed0a Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Sun, 7 Jun 2026 03:31:24 +0000 Subject: [PATCH] ci(actions): Update workflow templates from organization template repository Signed-off-by: GitHub --- .github/actions-lock.txt | 18 ++++ .github/workflows/block-merge-freeze.yml | 2 +- .github/workflows/documentation.yml | 9 +- .github/workflows/lint-eslint.yml | 6 +- .github/workflows/lint-php-cs.yml | 6 +- .github/workflows/lint-php.yml | 13 +-- .github/workflows/lint-typescript.yml | 6 +- .github/workflows/node.yml | 93 ++----------------- .github/workflows/phpunit-mysql.yml | 14 +-- .github/workflows/phpunit-oci.yml | 16 ++-- .github/workflows/phpunit-pgsql.yml | 14 +-- .github/workflows/phpunit-sqlite.yml | 14 +-- .github/workflows/psalm.yml | 9 +- .github/workflows/reuse.yml | 2 +- .../update-nextcloud-ocp-approve-merge.yml | 13 +-- .github/workflows/update-nextcloud-ocp.yml | 72 +++++++------- 16 files changed, 118 insertions(+), 189 deletions(-) create mode 100644 .github/actions-lock.txt diff --git a/.github/actions-lock.txt b/.github/actions-lock.txt new file mode 100644 index 000000000..06486847d --- /dev/null +++ b/.github/actions-lock.txt @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT +25fc4c7e69e778e20bdc9eb0cc96367e block-merge-freeze.yml +1d9ba7950f4e501aecdb833291ffc427 documentation.yml +7bcfba381bfb7c28d9ef6a7d55ac937b lint-eslint.yml +a674b6e725bcbc1064f7b68c678a2df6 lint-php-cs.yml +6078222f7c61540504fa9892729f4a04 lint-php.yml +082385f85afa5bd2c42664b2ca2d6707 lint-typescript.yml +03759c9dc0fa748cb927b9f9cadf2925 node.yml +1a3ce26e019f736c5f96c37675d8c530 phpunit-mysql.yml +522d07fdeead55df5af751ef5e71b45b phpunit-oci.yml +6862d78a56829d63a77c267be1099860 phpunit-pgsql.yml +d17de282ccd37f12a5fd78d68a74df96 phpunit-sqlite.yml +3c4a096b3b7dbaef0f8e5190ffe13518 pr-feedback.yml +9fe5efdf1113d7fe92ba1f54f1111c4f psalm.yml +7db5b820f3750eebe988005a0bb2febd reuse.yml +a3440826636c0fd7c2d20b1de50363da update-nextcloud-ocp-approve-merge.yml +94d83c701a5583dc4b36a5f471bb9e41 update-nextcloud-ocp.yml diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml index 616608083..3a9d5cc37 100644 --- a/.github/workflows/block-merge-freeze.yml +++ b/.github/workflows/block-merge-freeze.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Register server reference to fallback to master branch - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 8eacfa4bb..690071714 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -25,12 +25,12 @@ jobs: - name: Check actor permission level # Only allow admin to deploy on release if: github.event.release - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: admin - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -42,9 +42,10 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} + package-manager-cache: false - name: Set up npm ${{ steps.versions.outputs.npmVersion }} run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' @@ -60,7 +61,7 @@ jobs: - name: Deploy # Only deploy on release if: github.event.release - uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 + uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4.1.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./dist/doc diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index cdb2b9e7a..734368546 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -28,7 +28,7 @@ jobs: src: ${{ steps.changes.outputs.src}} steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes continue-on-error: true with: @@ -56,7 +56,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -68,7 +68,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index dacf2d016..60102e892 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -25,16 +25,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get php version id: versions - uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 + uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Set up php${{ steps.versions.outputs.php-min }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 238d2c484..985037251 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -21,34 +21,35 @@ jobs: matrix: runs-on: ubuntu-latest-low outputs: - php-versions: ${{ steps.versions.outputs.php-versions }} + php-min: ${{ steps.versions.outputs.php-min }} + php-max: ${{ steps.versions.outputs.php-max }} steps: - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get version matrix id: versions - uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.0.0 + uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 php-lint: runs-on: ubuntu-latest needs: matrix strategy: matrix: - php-versions: ${{fromJson(needs.matrix.outputs.php-versions)}} + php-versions: ['${{ needs.matrix.outputs.php-min }}', '${{ needs.matrix.outputs.php-max }}'] name: php-lint steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-typescript.yml b/.github/workflows/lint-typescript.yml index 5ccd4da9b..6cecc809a 100644 --- a/.github/workflows/lint-typescript.yml +++ b/.github/workflows/lint-typescript.yml @@ -34,7 +34,7 @@ jobs: src: ${{ steps.changes.outputs.src}} steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes continue-on-error: true with: @@ -55,7 +55,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -67,7 +67,7 @@ jobs: fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 0d7c372dd..9f672c2af 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -6,108 +6,27 @@ # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Node +# TODO: Remove this after a grace period of 6 months to give everyone the chance to switch to the new workflow name +# TODO: To be removed end of 2026. +name: No-op please switch to npm-build.yml on: pull_request permissions: - contents: read + contents: none concurrency: group: node-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: - changes: - runs-on: ubuntu-latest-low - permissions: - contents: read - pull-requests: read - - outputs: - src: ${{ steps.changes.outputs.src}} - - steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: changes - continue-on-error: true - with: - filters: | - src: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '**.js' - - '**.ts' - - '**.vue' - - build: - runs-on: ubuntu-latest - - needs: changes - if: needs.changes.outputs.src != 'false' - - name: NPM build - steps: - - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - persist-credentials: false - - - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 - id: versions - with: - fallbackNode: '^24' - fallbackNpm: '^11.3' - - - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 - with: - node-version: ${{ steps.versions.outputs.nodeVersion }} - - - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - - - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460 - run: | - npm i -g npm-package-lock-add-resolved@1.1.4 - npm-package-lock-add-resolved - git --no-pager diff --exit-code - - - name: Install dependencies & build - env: - CYPRESS_INSTALL_BINARY: 0 - PUPPETEER_SKIP_DOWNLOAD: true - run: | - npm ci - npm run build --if-present - - - name: Check build changes - run: | - bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" - - - name: Show changes on failure - if: failure() - run: | - git status - git --no-pager diff - exit 1 # make it red to grab attention - summary: - permissions: - contents: none runs-on: ubuntu-latest-low - needs: [changes, build] - if: always() # This is the summary, we just avoid to rename it so that branch protection rules still match name: node steps: - - name: Summary status - run: if ${{ needs.changes.outputs.src != 'false' && needs.build.result != 'success' }}; then exit 1; fi + - name: No-op please switch to npm-build.yml + run: echo "The workflow has been renamed, please switch to npm-build.yml from organization templates"; exit 1; diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml index 08a95fabf..fe87c2bd3 100644 --- a/.github/workflows/phpunit-mysql.yml +++ b/.github/workflows/phpunit-mysql.yml @@ -24,13 +24,13 @@ jobs: matrix: ${{ steps.versions.outputs.sparse-matrix }} steps: - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get version matrix id: versions - uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 + uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 with: matrix: '{"mysql-versions": ["8.4"]}' @@ -44,7 +44,7 @@ jobs: src: ${{ steps.changes.outputs.src}} steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes continue-on-error: true with: @@ -89,7 +89,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false submodules: true @@ -97,13 +97,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -122,7 +122,7 @@ jobs: - name: Check composer file existence id: check_composer - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 + uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0 with: files: apps/${{ env.APP_NAME }}/composer.json diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml index 7e948c07e..7d7afeb35 100644 --- a/.github/workflows/phpunit-oci.yml +++ b/.github/workflows/phpunit-oci.yml @@ -25,13 +25,13 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get version matrix id: versions - uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 + uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 changes: runs-on: ubuntu-latest-low @@ -43,7 +43,7 @@ jobs: src: ${{ steps.changes.outputs.src }} steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes continue-on-error: true with: @@ -70,7 +70,7 @@ jobs: matrix: php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} - oci-versions: ['11', '18', '21', '23'] + oci-versions: ['18', '21', '23'] name: OCI ${{ matrix.oci-versions }} PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }} @@ -101,7 +101,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false submodules: true @@ -109,13 +109,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -129,7 +129,7 @@ jobs: - name: Check composer file existence id: check_composer - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 + uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0 with: files: apps/${{ env.APP_NAME }}/composer.json diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml index 841ecee90..1923ad8e1 100644 --- a/.github/workflows/phpunit-pgsql.yml +++ b/.github/workflows/phpunit-pgsql.yml @@ -25,13 +25,13 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get version matrix id: versions - uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 + uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 changes: runs-on: ubuntu-latest-low @@ -43,7 +43,7 @@ jobs: src: ${{ steps.changes.outputs.src }} steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes continue-on-error: true with: @@ -92,7 +92,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false submodules: true @@ -100,13 +100,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -120,7 +120,7 @@ jobs: - name: Check composer file existence id: check_composer - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 + uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0 with: files: apps/${{ env.APP_NAME }}/composer.json diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml index e50f8e87e..8be2c0c1c 100644 --- a/.github/workflows/phpunit-sqlite.yml +++ b/.github/workflows/phpunit-sqlite.yml @@ -25,13 +25,13 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get version matrix id: versions - uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 + uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 changes: runs-on: ubuntu-latest-low @@ -43,7 +43,7 @@ jobs: src: ${{ steps.changes.outputs.src}} steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes continue-on-error: true with: @@ -81,7 +81,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false submodules: true @@ -89,13 +89,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -109,7 +109,7 @@ jobs: - name: Check composer file existence id: check_composer - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 + uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0 with: files: apps/${{ env.APP_NAME }}/composer.json diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 660d91ef8..ff2884e3b 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -24,19 +24,19 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get php version id: versions - uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 + uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml - name: Set up php${{ steps.versions.outputs.php-available }} - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ steps.versions.outputs.php-available }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite @@ -52,9 +52,6 @@ jobs: composer remove nextcloud/ocp --dev --no-scripts composer i - - name: Check for vulnerable PHP dependencies - run: composer require --dev roave/security-advisories:dev-latest - - name: Install nextcloud/ocp run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index d65f3b0cb..3f485f875 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest-low steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml index dfe0ef4e9..88c54da0a 100644 --- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml +++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.actor == 'nextcloud-command' runs-on: ubuntu-latest-low permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve-action to approve PRs pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,16 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - name: GitHub actions bot approve if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') - with: - github-token: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 + uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # 3.0.0 if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index 47dc00992..ba9f3d70f 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -26,14 +26,15 @@ jobs: matrix: branches: - ${{ github.event.repository.default_branch }} + - 'stable34' + - 'stable33' - 'stable32' - - 'stable31' name: update-nextcloud-ocp-${{ matrix.branches }} steps: - id: checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false ref: ${{ matrix.branches }} @@ -42,7 +43,7 @@ jobs: - name: Set up php8.2 if: steps.checkout.outcome == 'success' - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: 8.2 # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -62,56 +63,42 @@ jobs: if: steps.checkout.outcome == 'success' run: composer install - - name: Composer update nextcloud/ocp # zizmor: ignore[template-injection] - id: update_branch - if: ${{ steps.checkout.outcome == 'success' && matrix.branches != 'main' }} - run: composer require --dev 'nextcloud/ocp:dev-${{ matrix.branches }}' - - - name: Raise on issue on failure - uses: dacbd/create-issue-action@cdb57ab6ff8862aa09fee2be6ba77a59581921c2 # v2.0.0 - if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_branch.conclusion == 'failure' }} + - name: Check composer bin for nextcloud/ocp exists + id: check_composer_bin + uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0 with: - token: ${{ secrets.GITHUB_TOKEN }} - title: 'Failed to update nextcloud/ocp package on branch ${{ matrix.branches }}' - body: 'Please check the output of the GitHub action and manually resolve the issues
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
${{ steps.codeowners.outputs.codeowners }}' + files: vendor-bin/nextcloud-ocp/composer.json - name: Composer update nextcloud/ocp - id: update_main - if: ${{ steps.checkout.outcome == 'success' && matrix.branches == 'main' }} - run: composer require --dev nextcloud/ocp:dev-master + id: update_branch + env: + USE_COMPOSER_BIN: ${{ steps.check_composer_bin.outputs.files_exists }} + BRANCH_NAME: ${{ matrix.branches }} + run: | + COMPOSER_CMD='composer' + if [[ "$USE_COMPOSER_BIN" == 'true' ]]; then + COMPOSER_CMD='composer bin nextcloud-ocp' + fi + + PACKAGE_VERSION="nextcloud/ocp:dev-$BRANCH_NAME" + if [[ "$BRANCH_NAME" == 'main' ]]; then + PACKAGE_VERSION='nextcloud/ocp:dev-master' + fi + + echo $COMPOSER_CMD require --dev $PACKAGE_VERSION + $COMPOSER_CMD require --dev $PACKAGE_VERSION - name: Raise on issue on failure uses: dacbd/create-issue-action@cdb57ab6ff8862aa09fee2be6ba77a59581921c2 # v2.0.0 - if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_main.conclusion == 'failure' }} + if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_branch.conclusion == 'failure' }} with: token: ${{ secrets.GITHUB_TOKEN }} title: 'Failed to update nextcloud/ocp package on branch ${{ matrix.branches }}' body: 'Please check the output of the GitHub action and manually resolve the issues
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
${{ steps.codeowners.outputs.codeowners }}' - - name: Reset checkout 3rdparty - if: steps.checkout.outcome == 'success' - run: | - git clean -f 3rdparty - git checkout 3rdparty - continue-on-error: true - - - name: Reset checkout vendor - if: steps.checkout.outcome == 'success' - run: | - git clean -f vendor - git checkout vendor - continue-on-error: true - - - name: Reset checkout vendor-bin - if: steps.checkout.outcome == 'success' - run: | - git clean -f vendor-bin - git checkout vendor-bin - continue-on-error: true - - name: Create Pull Request if: steps.checkout.outcome == 'success' - uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'chore(dev-deps): Bump nextcloud/ocp package' @@ -120,6 +107,11 @@ jobs: signoff: true branch: 'automated/noid/${{ matrix.branches }}-update-nextcloud-ocp' title: '[${{ matrix.branches }}] Update nextcloud/ocp dependency' + add-path: | + composer.json + composer.lock + vendor-bin/nextcloud-ocp/composer.json + vendor-bin/nextcloud-ocp/composer.lock body: | Auto-generated update of [nextcloud/ocp](https://github.com/nextcloud-deps/ocp/) dependency labels: |