diff --git a/.github/actions-lock.txt b/.github/actions-lock.txt index f27a702..154d834 100644 --- a/.github/actions-lock.txt +++ b/.github/actions-lock.txt @@ -1,12 +1,12 @@ # SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -c5ce8fbd4caa30c89fb31be5a9aeb25d appstore-build-publish.yml -003108ea0f5c12e1db591cd4613304d8 dependabot-approve-merge.yml -784303cf47612e5c4eac621dfab5b4f4 lint-info-xml.yml -bb17aa6898f48f4caa83922c343731dc lint-php-cs.yml -70673e479df96e3e71fe966cb07c82fa lint-php.yml -819398426e8a4f4c248068a1068b1ced psalm-matrix.yml -e2bd0fc8a290e1a8641487944e27103b reuse.yml -e3c7b8f43850ad1d31c67fc0082b6bb8 sync-workflow-templates.yml +d4697182231bf364a34d8dd8b9e52a00 appstore-build-publish.yml +e6351c608939c31ae1e32923aa82aa10 dependabot-approve-merge.yml +c5893d7af1998af66d22f8c171ff4448 lint-info-xml.yml +870b483dbcbca59479211270d61546dd lint-php-cs.yml +ee2b04d185b82fe7dd6fe6d83c6c7b45 lint-php.yml +482b8c0da56ce273cf3ee464a5ed3290 psalm-matrix.yml +3975dc58817119d596a8f6ed190352ce reuse.yml +9799b1a6a842b5c0076b76de651a0e0d sync-workflow-templates.yml a3440826636c0fd7c2d20b1de50363da update-nextcloud-ocp-approve-merge.yml -4a01b11506046d2b85415e03f682e547 update-nextcloud-ocp-matrix.yml +514949df34f4d62163224a486138db4e update-nextcloud-ocp-matrix.yml diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index 2f5c2c2..984567e 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -35,7 +35,7 @@ jobs: echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: ${{ env.APP_NAME }} @@ -157,7 +157,7 @@ jobs: unzip nextcloud.zip - name: Checkout server master fallback - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 if: ${{ steps.server-download.outcome != 'success' }} with: persist-credentials: false diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index dd28a48..95777db 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -26,6 +26,13 @@ jobs: auto-approve-merge: if: github.event.pull_request.user.login == 'dependabot[bot]' runs-on: ubuntu-latest-low + env: + # env variable for maintainers: 'true' allows to auto-merge 1.0.2 -> 2.0.0 + ALLOW_MAJOR: true + # env variable for maintainers: 'true' allows to auto-merge 1.0.2 -> 1.1.0 + ALLOW_MINOR: true + # env variable for maintainers: RegExp string to ignore some dependencies from auto-approve and auto-merge + IGNORE_PATTERN: '' permissions: # for auto-approve step to work pull-requests: write @@ -46,12 +53,32 @@ jobs: - name: Dependabot metadata id: metadata + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} - - name: GitHub actions bot approve + - name: Check for ignored dependencies in the PR + id: validate if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + env: + IGNORE_PATTERN: ${{ env.IGNORE_PATTERN }} + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} + run: | + if [[ -z ${IGNORE_PATTERN} ]]; then + echo "ignore=false" >> "$GITHUB_OUTPUT" + elif [[ -z ${DEPENDENCY_NAMES} ]]; then + echo "ignore=false" >> "$GITHUB_OUTPUT" + elif [[ ${DEPENDENCY_NAMES} =~ ${IGNORE_PATTERN} ]]; then + echo "ignore=true" >> "$GITHUB_OUTPUT" + fi + + - name: GitHub actions bot approve + id: auto_approve + if: ${{ + startsWith(steps.branchname.outputs.branch, 'dependabot/') + && steps.validate.outputs.ignore != 'true' + }} run: gh pr review --approve "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} @@ -60,6 +87,15 @@ jobs: # Enable GitHub auto merge - name: Auto merge uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # 3.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && (github.event.action == 'opened' || github.event.action == 'reopened') && (steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor') + if: ${{ + startsWith(steps.branchname.outputs.branch, 'dependabot/') + && steps.auto_approve.conclusion == 'success' + && (github.event.action == 'opened' || github.event.action == 'reopened') + && ( + steps.metadata.outputs.update-type == 'version-update:semver-patch' + || (fromJSON(env.ALLOW_MINOR) && steps.metadata.outputs.update-type == 'version-update:semver-minor') + || (fromJSON(env.ALLOW_MAJOR) && steps.metadata.outputs.update-type == 'version-update:semver-major') + ) + }} with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/dependabot-approve-merge.yml.patch b/.github/workflows/dependabot-approve-merge.yml.patch new file mode 100644 index 0000000..4fbe8e1 --- /dev/null +++ b/.github/workflows/dependabot-approve-merge.yml.patch @@ -0,0 +1,13 @@ +diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml +index 76340acb..95777dbd 100644 +--- a/.github/workflows/dependabot-approve-merge.yml ++++ b/.github/workflows/dependabot-approve-merge.yml +@@ -28,7 +28,7 @@ jobs: + runs-on: ubuntu-latest-low + env: + # env variable for maintainers: 'true' allows to auto-merge 1.0.2 -> 2.0.0 +- ALLOW_MAJOR: false ++ ALLOW_MAJOR: true + # env variable for maintainers: 'true' allows to auto-merge 1.0.2 -> 1.1.0 + ALLOW_MINOR: true + # env variable for maintainers: RegExp string to ignore some dependencies from auto-approve and auto-merge diff --git a/.github/workflows/lint-info-xml.yml b/.github/workflows/lint-info-xml.yml index f2335b7..059b2e6 100644 --- a/.github/workflows/lint-info-xml.yml +++ b/.github/workflows/lint-info-xml.yml @@ -24,7 +24,7 @@ jobs: name: info.xml lint steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index fc215b4..bb67a00 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 19d4bba..cb2684b 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -25,7 +25,7 @@ jobs: php-max: ${{ steps.versions.outputs.php-max }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/psalm-matrix.yml b/.github/workflows/psalm-matrix.yml index 2168da5..2f72873 100644 --- a/.github/workflows/psalm-matrix.yml +++ b/.github/workflows/psalm-matrix.yml @@ -25,7 +25,7 @@ jobs: php-min: ${{ steps.versions.outputs.php-min }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -47,7 +47,7 @@ jobs: name: static-psalm-analysis ${{ matrix.ocp-version }} steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index a60e9e2..4e1a741 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest-low steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/sync-workflow-templates.yml b/.github/workflows/sync-workflow-templates.yml index b16db47..85090be 100644 --- a/.github/workflows/sync-workflow-templates.yml +++ b/.github/workflows/sync-workflow-templates.yml @@ -43,14 +43,14 @@ jobs: require: admin - name: Checkout workflow repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: source repository: nextcloud/.github - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: target diff --git a/.github/workflows/update-nextcloud-ocp-matrix.yml b/.github/workflows/update-nextcloud-ocp-matrix.yml index 09af356..ecaf3d8 100644 --- a/.github/workflows/update-nextcloud-ocp-matrix.yml +++ b/.github/workflows/update-nextcloud-ocp-matrix.yml @@ -33,7 +33,7 @@ jobs: name: update-nextcloud-ocp-${{ matrix.branches }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false ref: ${{ matrix.branches }} diff --git a/REUSE.toml b/REUSE.toml index ba103ae..8d28d1f 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -12,7 +12,7 @@ SPDX-FileCopyrightText = "2016 Nextcloud GmbH and Nextcloud contributors" SPDX-License-Identifier = "AGPL-3.0-or-later" [[annotations]] -path = [".github/CODEOWNERS", ".github/dependabot.yml"] +path = [".github/CODEOWNERS", ".github/dependabot.yml", ".github/workflows/**.patch"] precedence = "aggregate" SPDX-FileCopyrightText = "none" SPDX-License-Identifier = "CC0-1.0"