From ca61b74dd105849299bba3b004bf775204aa994f Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 31 Oct 2025 14:35:24 +0100 Subject: [PATCH 1/6] ci(actions): Update workflow actions Signed-off-by: Joas Schilling --- .github/workflows/appstore-build-publish.yml | 36 +++++++++++-------- .../workflows/dependabot-approve-merge.yml | 23 ++++++++---- .github/workflows/lint-eslint.yml | 4 +-- .github/workflows/lint-php-cs.yml | 4 +-- .github/workflows/lint-php.yml | 6 ++-- .github/workflows/node-test.yml | 6 ++-- .github/workflows/node.yml | 12 +++++-- .github/workflows/npm-audit-fix.yml | 4 +-- .github/workflows/phpunit-mariadb.yml | 10 +++--- .github/workflows/phpunit-mysql.yml | 10 +++--- .github/workflows/phpunit-oci.yml | 25 +++++++------ .github/workflows/phpunit-pgsql.yml | 10 +++--- .github/workflows/phpunit-sqlite.yml | 8 ++--- .github/workflows/pr-feedback.yml | 4 +-- .github/workflows/psalm.yml | 7 ++-- .github/workflows/reuse.yml | 4 +-- .github/workflows/update-nextcloud-ocp.yml | 7 ++-- 17 files changed, 103 insertions(+), 77 deletions(-) diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index 0a05cd1d..8b51f33e 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -35,14 +35,14 @@ jobs: echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false path: ${{ env.APP_NAME }} - name: Get app version number id: app-version - uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # master + uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # v1.0.0 with: filename: ${{ env.APP_NAME }}/appinfo/info.xml expression: "//info//version/text()" @@ -53,7 +53,7 @@ jobs: - name: Get appinfo data id: appinfo - uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # master + uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # v1.0.0 with: filename: ${{ env.APP_NAME }}/appinfo/info.xml expression: "//info//dependencies//nextcloud/@min-version" @@ -71,7 +71,7 @@ jobs: - name: Set up node ${{ steps.versions.outputs.nodeVersion }} # Skip if no package.json if: ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -87,7 +87,7 @@ jobs: filename: ${{ env.APP_NAME }}/appinfo/info.xml - name: Set up php ${{ steps.php-versions.outputs.php-min }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ steps.php-versions.outputs.php-min }} coverage: none @@ -140,23 +140,31 @@ jobs: cd ${{ env.APP_NAME }} make appstore - - name: Checkout server ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} - continue-on-error: true - id: server-checkout + - name: Check server download link for ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} run: | NCVERSION='${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}' - wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip - unzip latest-$NCVERSION.zip + DOWNLOAD_URL=$(curl -s "https://updates.nextcloud.com/updater_server/latest?channel=beta&version=$NCVERSION" | jq -r '.downloads.zip[0]') + echo "DOWNLOAD_URL=$DOWNLOAD_URL" >> $GITHUB_ENV + + - name: Download server ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} + continue-on-error: true + id: server-download + if: ${{ env.DOWNLOAD_URL != 'null' }} + run: | + echo "Downloading release tarball from $DOWNLOAD_URL" + wget $DOWNLOAD_URL -O nextcloud.zip + unzip nextcloud.zip - name: Checkout server master fallback - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - if: ${{ steps.server-checkout.outcome != 'success' }} + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + if: ${{ steps.server-download.outcome != 'success' }} with: persist-credentials: false submodules: true repository: nextcloud/server path: nextcloud + - name: Sign app run: | # Extracting release @@ -173,7 +181,7 @@ jobs: tar -zcvf ${{ env.APP_NAME }}.tar.gz ${{ env.APP_NAME }} - name: Attach tarball to github release - uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2 + uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # v2.11.2 id: attach_to_release with: repo_token: ${{ secrets.GITHUB_TOKEN }} @@ -183,7 +191,7 @@ jobs: overwrite: true - name: Upload app to Nextcloud appstore - uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1 + uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1.0.3 with: app_name: ${{ env.APP_NAME }} appstore_token: ${{ secrets.APPSTORE_TOKEN }} diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index ed902d92..c0411c05 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -3,10 +3,10 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # -# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Dependabot +name: Auto approve Dependabot PRs on: pull_request_target: # zizmor: ignore[dangerous-triggers] @@ -29,6 +29,8 @@ jobs: permissions: # for hmarr/auto-approve-action to approve PRs pull-requests: write + # for alexwilson/enable-github-automerge-action to approve PRs + contents: write steps: - name: Disabled on forks @@ -37,13 +39,20 @@ jobs: echo 'Can not approve PRs from forks' exit 1 + - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0 + id: branchname + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') with: github-token: ${{ secrets.GITHUB_TOKEN }} - # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2 + # Enable GitHub auto merge + - name: Auto merge + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') with: - target: minor - github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index 1b1d5328..0a39577a 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -56,7 +56,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -68,7 +68,7 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index b19b56f4..18086c8b 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -34,7 +34,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 - name: Set up php${{ steps.versions.outputs.php-min }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 94de4b5f..ae487584 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -24,7 +24,7 @@ jobs: php-versions: ${{ steps.versions.outputs.php-versions }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -43,12 +43,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/node-test.yml b/.github/workflows/node-test.yml index a0da09d4..478010f2 100644 --- a/.github/workflows/node-test.yml +++ b/.github/workflows/node-test.yml @@ -60,7 +60,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -72,7 +72,7 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -93,7 +93,7 @@ jobs: run: npm run test:coverage --if-present - name: Collect coverage - uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 with: files: ./coverage/lcov.info diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index d1f18a1c..c6363a63 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -53,7 +53,7 @@ jobs: name: NPM build steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -65,13 +65,19 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' + - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460 + run: | + npm i -g npm-package-lock-add-resolved@1.1.4 + npm-package-lock-add-resolved + git --no-pager diff --exit-code + - name: Install dependencies & build env: CYPRESS_INSTALL_BINARY: 0 @@ -80,7 +86,7 @@ jobs: npm ci npm run build --if-present - - name: Check webpack build changes + - name: Check build changes run: | bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index 7e7fe1da..c23b44b4 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false ref: ${{ matrix.branches }} @@ -45,7 +45,7 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/phpunit-mariadb.yml b/.github/workflows/phpunit-mariadb.yml index b02a27fa..fcc70196 100644 --- a/.github/workflows/phpunit-mariadb.yml +++ b/.github/workflows/phpunit-mariadb.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -76,7 +76,7 @@ jobs: services: mariadb: - image: ghcr.io/nextcloud/continuous-integration-mariadb-${{ matrix.mariadb-versions }}:latest + image: ghcr.io/nextcloud/continuous-integration-mariadb-${{ matrix.mariadb-versions }}:latest # zizmor: ignore[unpinned-images] ports: - 4444:3306/tcp env: @@ -91,7 +91,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false submodules: true @@ -99,13 +99,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml index 78c7da45..41b1d500 100644 --- a/.github/workflows/phpunit-mysql.yml +++ b/.github/workflows/phpunit-mysql.yml @@ -24,7 +24,7 @@ jobs: matrix: ${{ steps.versions.outputs.sparse-matrix }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -74,7 +74,7 @@ jobs: services: mysql: - image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest + image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images] ports: - 4444:3306/tcp env: @@ -89,7 +89,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false submodules: true @@ -97,13 +97,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml index 5c0f8489..8c8f860c 100644 --- a/.github/workflows/phpunit-oci.yml +++ b/.github/workflows/phpunit-oci.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -70,28 +70,27 @@ jobs: matrix: php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} + oci-versions: ['11', '18', '21', '23'] - name: OCI PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }} + name: OCI ${{ matrix.oci-versions }} PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }} services: oracle: - image: ghcr.io/gvenzl/oracle-xe:11 + image: ghcr.io/gvenzl/oracle-${{ matrix.oci-versions < 23 && 'xe' || 'free' }}:${{ matrix.oci-versions }} # Provide passwords and other environment variables to container env: - ORACLE_RANDOM_PASSWORD: true - APP_USER: autotest - APP_USER_PASSWORD: owncloud + ORACLE_PASSWORD: oracle # Forward Oracle port ports: - - 1521:1521/tcp + - 1521:1521 # Provide healthcheck script options for startup options: >- --health-cmd healthcheck.sh - --health-interval 10s - --health-timeout 5s + --health-interval 20s + --health-timeout 10s --health-retries 10 steps: @@ -102,7 +101,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false submodules: true @@ -110,13 +109,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -147,7 +146,7 @@ jobs: DB_PORT: 1521 run: | mkdir data - ./occ maintenance:install --verbose --database=oci --database-name=XE --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=autotest --database-pass=owncloud --admin-user admin --admin-pass admin + ./occ maintenance:install --verbose --database=oci --database-name=${{ matrix.oci-versions < 23 && 'XE' || 'FREE' }} --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=system --database-pass=oracle --admin-user admin --admin-pass admin ./occ app:enable --force ${{ env.APP_NAME }} - name: Check PHPUnit script is defined diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml index 9b2c8b88..513f6783 100644 --- a/.github/workflows/phpunit-pgsql.yml +++ b/.github/workflows/phpunit-pgsql.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -75,7 +75,7 @@ jobs: services: postgres: - image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest + image: ghcr.io/nextcloud/continuous-integration-postgres-16:latest # zizmor: ignore[unpinned-images] ports: - 4444:5432/tcp env: @@ -92,7 +92,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false submodules: true @@ -100,13 +100,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml index 9ddb9d21..90ace75c 100644 --- a/.github/workflows/phpunit-sqlite.yml +++ b/.github/workflows/phpunit-sqlite.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -81,7 +81,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false submodules: true @@ -89,13 +89,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml index 98e9fada..f4c0477c 100644 --- a/.github/workflows/pr-feedback.yml +++ b/.github/workflows/pr-feedback.yml @@ -36,7 +36,7 @@ jobs: blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -) echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT" - - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main + - uses: nextcloud/pr-feedback-action@f0cab224dea8e1f282f9451de322f323c78fc7a5 # main with: feedback-message: | Hello there, @@ -50,6 +50,6 @@ jobs: (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).) days-before-feedback: 14 - start-date: '2024-04-30' + start-date: '2025-06-12' exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }}' exempt-bots: true diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index e2654e37..3059026e 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -24,7 +24,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -36,7 +36,7 @@ jobs: run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml - name: Set up php${{ steps.versions.outputs.php-available }} - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ steps.versions.outputs.php-available }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite @@ -52,6 +52,9 @@ jobs: composer remove nextcloud/ocp --dev --no-scripts composer i + - name: Check for vulnerable PHP dependencies + run: composer require --dev roave/security-advisories:dev-latest + - name: Install nextcloud/ocp run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 95a8626a..0508946e 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -19,9 +19,9 @@ jobs: runs-on: ubuntu-latest-low steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: REUSE Compliance Check - uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0 + uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0 diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index 1e49dfaa..d8d6adc6 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -15,6 +15,7 @@ on: permissions: contents: read + issues: write jobs: update-nextcloud-ocp: @@ -29,7 +30,7 @@ jobs: steps: - id: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false ref: ${{ matrix.branches }} @@ -38,7 +39,7 @@ jobs: - name: Set up php8.2 if: steps.checkout.outcome == 'success' - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: 8.2 # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation @@ -58,7 +59,7 @@ jobs: if: steps.checkout.outcome == 'success' run: composer install - - name: Composer update nextcloud/ocp + - name: Composer update nextcloud/ocp # zizmor: ignore[template-injection] id: update_branch if: ${{ steps.checkout.outcome == 'success' && matrix.branches != 'main' }} run: composer require --dev 'nextcloud/ocp:dev-${{ matrix.branches }}' From 07fb1565b94413a45e6c2427a082d534b77c99d0 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 31 Oct 2025 14:41:20 +0100 Subject: [PATCH 2/6] ci(actions): Fix custom actions Signed-off-by: Joas Schilling --- .github/workflows/litmus.yml | 30 ++++++++++++++---------------- .github/workflows/playwright.yml | 13 +++++++++---- 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/.github/workflows/litmus.yml b/.github/workflows/litmus.yml index f6e5ed88..d93b9726 100644 --- a/.github/workflows/litmus.yml +++ b/.github/workflows/litmus.yml @@ -13,6 +13,8 @@ on: env: APP_NAME: files_lock +permissions: + contents: read jobs: litmus: @@ -28,7 +30,7 @@ jobs: services: postgres: - image: postgres + image: ghcr.io/nextcloud/continuous-integration-postgres-16:latest # zizmor: ignore[unpinned-images] ports: - 4445:5432/tcp env: @@ -37,34 +39,30 @@ jobs: POSTGRES_DB: nextcloud options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5 mysql: - image: mariadb:10.5 + image: ghcr.io/nextcloud/continuous-integration-mariadb-11.4:latest # zizmor: ignore[unpinned-images] ports: - 4444:3306/tcp env: - MYSQL_ROOT_PASSWORD: rootpassword - options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 5 + MARIADB_ROOT_PASSWORD: rootpassword + options: --health-cmd="mariadb-admin ping" --health-interval 5s --health-timeout 2s --health-retries 5 steps: - name: Checkout server - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: + persist-credentials: false + submodules: true repository: nextcloud/server ref: ${{ matrix.server-versions }} - - name: Checkout submodules - shell: bash - run: | - auth_header="$(git config --local --get http.https://github.com/.extraheader)" - git submodule sync --recursive - git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - - name: Checkout app - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@2.31.1 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: php-version: ${{ matrix.php-versions }} tools: phpunit @@ -109,7 +107,7 @@ jobs: run: cat data/nextcloud.log - name: Upload litmus logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: failure() with: name: Upload litmus log @@ -117,7 +115,7 @@ jobs: retention-days: 5 - name: Upload nextcloud logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: failure() with: name: Upload nextcloud log diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 4f4e343a..a5dd5b4f 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -1,21 +1,26 @@ # SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT name: Playwright Tests + on: pull_request: branches: [main] +permissions: + contents: read jobs: test: timeout-minutes: 60 runs-on: ubuntu-latest steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false - name: Check composer.json id: check_composer - uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v2 + uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 with: files: 'composer.json' @@ -31,7 +36,7 @@ jobs: fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -49,7 +54,7 @@ jobs: - name: Run Playwright tests run: npx playwright test - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: always() with: name: playwright-report From 53b1bdd78e9127ae22ce2694f1dc7cfff053b0eb Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 31 Oct 2025 15:09:13 +0100 Subject: [PATCH 3/6] fix(tests): Make the test less flaky Signed-off-by: Joas Schilling --- tests/Feature/LockFeatureTest.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/Feature/LockFeatureTest.php b/tests/Feature/LockFeatureTest.php index baae5d86..0050e313 100644 --- a/tests/Feature/LockFeatureTest.php +++ b/tests/Feature/LockFeatureTest.php @@ -65,6 +65,7 @@ public function setUp(): void { $folder->delete('test-file3'); \OC_Hook::$thrownExceptions = []; $this->overwriteService(ITimeFactory::class, $this->timeFactory); + $this->toTheFuture(0); } public function testLockUser() { @@ -432,7 +433,10 @@ private function shareFileWithUser(\OCP\Files\File $file, $owner, $user) { } private function toTheFuture(int $seconds): void { - $this->time = time() + $seconds; + if ($this->time === null) { + $this->time = time(); + } + $this->time += $seconds; } public function tearDown(): void { From 1eb58df98ad94ddb704f71813e61ba64bcb02a4e Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 31 Oct 2025 15:10:12 +0100 Subject: [PATCH 4/6] test: Update bootstrap file with new template Signed-off-by: Joas Schilling --- tests/bootstrap.php | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 7ca7b547..f1414fbe 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -1,24 +1,20 @@ addPsr4('Test\\', OC::$SERVERROOT . '/tests/lib/', true); -\OC::$composerAutoloader->addPsr4('Tests\\', OC::$SERVERROOT . '/tests/', true); - -// load all enabled apps -\OCP\Server::get(\OCP\App\IAppManager::class)->loadApps(); -\OCP\Server::get(\OCP\App\IAppManager::class)->enableApp('files_lock', true); -\OC_App::updateApp('files_lock'); - -set_include_path(get_include_path() . PATH_SEPARATOR . '/usr/share/php'); +Server::get(IAppManager::class)->loadApp('files_lock'); From b52acd2dacf5da54d4e847f269ccdf98e01179a0 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 3 Nov 2025 08:37:01 +0100 Subject: [PATCH 5/6] fix(node): Revert node validation for now Signed-off-by: Joas Schilling --- .github/workflows/node.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index c6363a63..41c3a1cd 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -72,12 +72,6 @@ jobs: - name: Set up npm ${{ steps.versions.outputs.npmVersion }} run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460 - run: | - npm i -g npm-package-lock-add-resolved@1.1.4 - npm-package-lock-add-resolved - git --no-pager diff --exit-code - - name: Install dependencies & build env: CYPRESS_INSTALL_BINARY: 0 From d9080c7ee9bc0943dc5368ca9b1e0294703ae666 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 3 Nov 2025 08:40:04 +0100 Subject: [PATCH 6/6] fix(psalm): Use lowest PHP for now to fix psalm Signed-off-by: Joas Schilling --- .github/workflows/npm-audit-fix.yml | 5 ++++- .github/workflows/psalm.yml | 4 ++-- .github/workflows/update-nextcloud-ocp.yml | 5 ++++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index c23b44b4..1cb5465f 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -24,7 +24,10 @@ jobs: strategy: fail-fast: false matrix: - branches: ['main', 'master', 'stable31', 'stable30'] + branches: + - ${{ github.event.repository.default_branch }} + - 'stable32' + - 'stable31' name: npm-audit-fix-${{ matrix.branches }} diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 3059026e..07b73fbd 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -35,10 +35,10 @@ jobs: - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml - - name: Set up php${{ steps.versions.outputs.php-available }} + - name: Set up php${{ steps.versions.outputs.php-min }} uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2.35.5 with: - php-version: ${{ steps.versions.outputs.php-available }} + php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index d8d6adc6..673d1520 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -24,7 +24,10 @@ jobs: strategy: fail-fast: false matrix: - branches: ['main', 'master', 'stable31', 'stable30'] + branches: + - ${{ github.event.repository.default_branch }} + - 'stable32' + - 'stable31' name: update-nextcloud-ocp-${{ matrix.branches }}