diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index bbf195fe5..b5174ffc1 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -35,14 +35,14 @@ jobs: echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false path: ${{ env.APP_NAME }} - name: Get app version number id: app-version - uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # master + uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # v1.0.0 with: filename: ${{ env.APP_NAME }}/appinfo/info.xml expression: "//info//version/text()" @@ -53,7 +53,7 @@ jobs: - name: Get appinfo data id: appinfo - uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # master + uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # v1.0.0 with: filename: ${{ env.APP_NAME }}/appinfo/info.xml expression: "//info//dependencies//nextcloud/@min-version" @@ -65,8 +65,8 @@ jobs: continue-on-error: true with: path: ${{ env.APP_NAME }} - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} # Skip if no package.json @@ -140,23 +140,31 @@ jobs: cd ${{ env.APP_NAME }} make appstore - - name: Checkout server ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} - continue-on-error: true - id: server-checkout + - name: Check server download link for ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} run: | NCVERSION='${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}' - wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip - unzip latest-$NCVERSION.zip + DOWNLOAD_URL=$(curl -s "https://updates.nextcloud.com/updater_server/latest?channel=beta&version=$NCVERSION" | jq -r '.downloads.zip[0]') + echo "DOWNLOAD_URL=$DOWNLOAD_URL" >> $GITHUB_ENV + + - name: Download server ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} + continue-on-error: true + id: server-download + if: ${{ env.DOWNLOAD_URL != 'null' }} + run: | + echo "Downloading release tarball from $DOWNLOAD_URL" + wget $DOWNLOAD_URL -O nextcloud.zip + unzip nextcloud.zip - name: Checkout server master fallback - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - if: ${{ steps.server-checkout.outcome != 'success' }} + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + if: ${{ steps.server-download.outcome != 'success' }} with: persist-credentials: false submodules: true repository: nextcloud/server path: nextcloud + - name: Sign app run: | # Extracting release @@ -183,7 +191,7 @@ jobs: overwrite: true - name: Upload app to Nextcloud appstore - uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1 + uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1.0.3 with: app_name: ${{ env.APP_NAME }} appstore_token: ${{ secrets.APPSTORE_TOKEN }} diff --git a/.github/workflows/cypress-e2e.yml b/.github/workflows/cypress-e2e.yml index c01f21b0c..e1c6932c8 100644 --- a/.github/workflows/cypress-e2e.yml +++ b/.github/workflows/cypress-e2e.yml @@ -7,6 +7,9 @@ on: - main - stable* +permissions: + contents: read + env: APP_NAME: deck CYPRESS_baseUrl: http://localhost:8081/index.php @@ -24,13 +27,9 @@ jobs: php-versions: [ '8.2' ] server-versions: [ 'stable31' ] - env: - extensions: mbstring, iconv, fileinfo, intl, sqlite, pdo_sqlite, zip, gd, apcu - key: cache-v1 - services: postgres: - image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest + image: ghcr.io/nextcloud/continuous-integration-postgres-17:latest # zizmor: ignore[unpinned-images] ports: - 4444:5432/tcp env: @@ -51,53 +50,39 @@ jobs: echo "text_app_ref=$text_app_ref" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: + persist-credentials: false repository: nextcloud/server + submodules: true ref: ${{ matrix.server-versions }} - - name: Checkout submodules - shell: bash - run: | - auth_header="$(git config --local --get http.https://github.com/.extraheader)" - git submodule sync --recursive - git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - - name: Checkout ${{ env.APP_NAME }} - uses: actions/checkout@v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Checkout text - uses: actions/checkout@v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: + persist-credentials: false repository: nextcloud/text ref: ${{ env.text_app_ref }} path: apps/text - - name: Setup cache environment - id: extcache - uses: shivammathur/cache-extensions@v1 - with: - php-version: ${{ matrix.php-versions }} - extensions: ${{ env.extensions }} - key: ${{ env.key }} - - - name: Cache extensions - uses: actions/cache@v4 - with: - path: ${{ steps.extcache.outputs.dir }} - key: ${{ steps.extcache.outputs.key }} - restore-keys: ${{ steps.extcache.outputs.key }} - - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@2.31.1 with: - php-version: ${{ matrix.php-versions }} - extensions: ${{ env.extensions }} - ini-values: - apc.enable_cli=on - coverage: none + php-version: ${{ matrix.php-versions }} + # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation + extensions: apcu, bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite + coverage: none + ini-file: development + # Temporary workaround for missing pcntl_* in PHP + ini-values: apc.enable_cli=on, disable_functions= + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install composer dependencies working-directory: apps/${{ env.APP_NAME }} @@ -123,7 +108,7 @@ jobs: curl -v http://localhost:8081/index.php/login - name: Cypress run - uses: cypress-io/github-action@v6 + uses: cypress-io/github-action@2ad32e649e4db26c07674ebae31a297601dbcbaf # v6.10.8 with: build: npm run dev record: false diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index ed902d928..c0411c057 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -3,10 +3,10 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # -# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Dependabot +name: Auto approve Dependabot PRs on: pull_request_target: # zizmor: ignore[dangerous-triggers] @@ -29,6 +29,8 @@ jobs: permissions: # for hmarr/auto-approve-action to approve PRs pull-requests: write + # for alexwilson/enable-github-automerge-action to approve PRs + contents: write steps: - name: Disabled on forks @@ -37,13 +39,20 @@ jobs: echo 'Can not approve PRs from forks' exit 1 + - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0 + id: branchname + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') with: github-token: ${{ secrets.GITHUB_TOKEN }} - # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2 + # Enable GitHub auto merge + - name: Auto merge + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') with: - target: minor - github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index e6902d4e4..5a7fe6fa6 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -16,6 +16,10 @@ on: - master - stable* +permissions: + contents: read + pull-requests: write + env: APP_NAME: deck @@ -52,8 +56,9 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: + persist-credentials: false repository: nextcloud/server ref: ${{ matrix.server-versions }} @@ -65,13 +70,15 @@ jobs: git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - name: Checkout app - uses: actions/checkout@v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Checkout activity - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: + persist-credentials: false repository: nextcloud/activity ref: ${{ matrix.server-versions }} path: apps/activity @@ -117,7 +124,7 @@ jobs: - name: Query count if: ${{ matrix.databases == 'mysql' }} - uses: actions/github-script@v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index 104a05c42..c15e055ba 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -56,7 +56,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -64,8 +64,8 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index b2fd8a1cf..f80c0dfa5 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -45,7 +45,7 @@ jobs: - name: Install dependencies run: | - composer remove nextcloud/ocp --dev + composer remove nextcloud/ocp --dev --no-scripts composer i - name: Lint diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index adaa50b8a..8620f1556 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -24,7 +24,7 @@ jobs: php-versions: ${{ steps.versions.outputs.php-versions }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml index 9601a972f..da866cc3f 100644 --- a/.github/workflows/lint-stylelint.yml +++ b/.github/workflows/lint-stylelint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -33,8 +33,8 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index 5c7cdba51..1a61fe496 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -2,6 +2,9 @@ name: Node CI on: [push] +permissions: + contents: read + jobs: build: @@ -31,4 +34,30 @@ jobs: npm run build --if-present -- --profile --json | tail -n +6 > js/webpack-stats.json npx relative-ci-agent + - name: Read package.json node and npm engines version + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 + id: versions + with: + fallbackNode: '^24' + fallbackNpm: '^11.3' + + - name: Set up node ${{ steps.versions.outputs.nodeVersion }} + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + with: + node-version: ${{ steps.versions.outputs.nodeVersion }} + + - name: Set up npm ${{ steps.versions.outputs.npmVersion }} + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' + + - name: Run npm ci and npm run build + run: | + npm ci + - name: build + env: + RELATIVE_CI_KEY: ${{ secrets.RELATIVE_CI_KEY }} + RELATIVE_CI_SLUG: nextcloud/deck + run: | + mkdir -p js + npm run build --if-present -- --profile --json | tail -n +6 > js/webpack-stats.json + npx relative-ci-agent diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index ef8093bd8..eb149b2d1 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -35,8 +35,8 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml index 9c898a613..0be0d0fa9 100644 --- a/.github/workflows/phpunit-mysql.yml +++ b/.github/workflows/phpunit-mysql.yml @@ -24,7 +24,7 @@ jobs: matrix: ${{ steps.versions.outputs.sparse-matrix }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -74,7 +74,7 @@ jobs: services: mysql: - image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest + image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images] ports: - 4444:3306/tcp env: @@ -89,7 +89,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false submodules: true @@ -97,7 +97,7 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false path: apps/${{ env.APP_NAME }} @@ -131,7 +131,7 @@ jobs: if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} run: | - composer remove nextcloud/ocp --dev + composer remove nextcloud/ocp --dev --no-scripts composer i - name: Set up Nextcloud diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml index 284efa294..016d4a0f9 100644 --- a/.github/workflows/phpunit-pgsql.yml +++ b/.github/workflows/phpunit-pgsql.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -75,7 +75,7 @@ jobs: services: postgres: - image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest + image: ghcr.io/nextcloud/continuous-integration-postgres-16:latest # zizmor: ignore[unpinned-images] ports: - 4444:5432/tcp env: @@ -92,7 +92,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false submodules: true @@ -100,7 +100,7 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false path: apps/${{ env.APP_NAME }} @@ -129,7 +129,7 @@ jobs: if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} run: | - composer remove nextcloud/ocp --dev + composer remove nextcloud/ocp --dev --no-scripts composer i - name: Set up Nextcloud diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml index bdbc39bef..70831c417 100644 --- a/.github/workflows/phpunit-sqlite.yml +++ b/.github/workflows/phpunit-sqlite.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -81,7 +81,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false submodules: true @@ -89,7 +89,7 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false path: apps/${{ env.APP_NAME }} @@ -118,7 +118,7 @@ jobs: if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} run: | - composer remove nextcloud/ocp --dev + composer remove nextcloud/ocp --dev --no-scripts composer i - name: Set up Nextcloud diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml index 04e976811..d714f00ee 100644 --- a/.github/workflows/pr-feedback.yml +++ b/.github/workflows/pr-feedback.yml @@ -31,7 +31,7 @@ jobs: blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -) echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT" - - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main + - uses: nextcloud/pr-feedback-action@f0cab224dea8e1f282f9451de322f323c78fc7a5 # main with: feedback-message: | Hello there, @@ -45,6 +45,6 @@ jobs: (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).) days-before-feedback: 14 - start-date: '2024-04-30' + start-date: '2025-06-12' exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }}' exempt-bots: true diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index f653a87e3..d2051914d 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -24,7 +24,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -49,9 +49,12 @@ jobs: - name: Install dependencies run: | - composer remove nextcloud/ocp --dev + composer remove nextcloud/ocp --dev --no-scripts composer i + - name: Check for vulnerable PHP dependencies + run: composer require --dev roave/security-advisories:dev-latest + - name: Install nextcloud/ocp run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 0d8e1962a..89c3f7801 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index ebb1d9f26..c92b8bf38 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -15,6 +15,7 @@ on: permissions: contents: read + issues: write jobs: update-nextcloud-ocp: @@ -29,7 +30,7 @@ jobs: steps: - id: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false ref: ${{ matrix.branches }} @@ -58,7 +59,7 @@ jobs: if: steps.checkout.outcome == 'success' run: composer install - - name: Composer update nextcloud/ocp + - name: Composer update nextcloud/ocp # zizmor: ignore[template-injection] id: update_branch if: ${{ steps.checkout.outcome == 'success' && matrix.branches != 'main' }} run: composer require --dev 'nextcloud/ocp:dev-${{ matrix.branches }}'