diff --git a/.github/actions-lock.txt b/.github/actions-lock.txt index 6b3c746df..932607fbf 100644 --- a/.github/actions-lock.txt +++ b/.github/actions-lock.txt @@ -3,25 +3,25 @@ 9f2b534bea27e8ec2dda7c1d772a664b block-merge-eol.yml 25fc4c7e69e778e20bdc9eb0cc96367e block-merge-freeze.yml d42c24e161cb75a6394cb8bd347b9467 block-unconventional-commits.yml -a1c367dbac08581d6565e3b84a0eaf96 command-compile.yml -d08f542086876f6bfa037c7829f1b169 command-openapi.yml -7dd8d21d9dd013196cd4bdbf7c24db6f dependabot-approve-merge.yml +a5a8fc40c0f979c2d799ae114a0b840b command-compile.yml +779a27fda482f862faafbc191753d32a command-openapi.yml +d00c282925ce19918cc26ec0827d9726 dependabot-approve-merge.yml 2581a67c5bcdcd570427e6d51db767d7 fixup.yml 7bcfba381bfb7c28d9ef6a7d55ac937b lint-eslint.yml 80a58e5584612def0e751fcfb7669814 lint-info-xml.yml -ccd8a55c60e35b84becb0f7005ce1286 lint-php-cs.yml -5dcc3187a9460cb62a455235cbdb3562 lint-php.yml +058024e4560ae1f18f6e4be9ecc0dacb lint-php-cs.yml +d86aa09feb6ce2ad244926aff7adcb36 lint-php.yml bd5b5245dc07b5779031e13817663a3e lint-stylelint.yml -c98e518ff87d052a1236ac3fc40d2bc1 node.yml -e54d4276168426a10219333cf10e0d10 npm-audit-fix.yml -3488e09e545319403424fa66a02e6c05 openapi.yml -5846b994639ccab0059bf23e141d389a phpunit-mysql.yml -ec7d1084fbb3a6803dbabf3acdd17ac8 phpunit-oci.yml -29b359a5b76e7ff8cd85af34b3bf36e3 phpunit-pgsql.yml -182cc739d33a2441d3a9278a9bff55b4 phpunit-sqlite.yml +03759c9dc0fa748cb927b9f9cadf2925 node.yml +20d567b2158851c6b54170e0a7c7fc30 npm-audit-fix.yml +887e74a10fb81844981217e649551793 openapi.yml +efac00595fcf8c91902a40467bb8e58a phpunit-mysql.yml +ea1ad2b41d5c8730af03c2923fd0d90d phpunit-oci.yml +5f7de35e496afb4f1206fe18017d6320 phpunit-pgsql.yml +10d907363827d671d37831b78c0a1137 phpunit-sqlite.yml 3c4a096b3b7dbaef0f8e5190ffe13518 pr-feedback.yml -a6d8aa0050107ce4d8b6d166d25ca8aa psalm.yml +a965b7d4820a97cc232a24f6caf90d95 psalm.yml 7db5b820f3750eebe988005a0bb2febd reuse.yml -800d5b188aa885626cf4169fa2dfea9e update-nextcloud-ocp-approve-merge.yml -90f22641445623fb227102f8d2d87cc0 update-nextcloud-ocp.yml +78bd5cbcc4b48cb9b0d1b0fbbb4403d7 update-nextcloud-ocp-approve-merge.yml +c62537b3800cce229cae328bd206a3d4 update-nextcloud-ocp.yml 22604c31b526de270a080eb19967a638 update-stable-titles.yml diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index 487ec6819..c517120a1 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -52,7 +52,7 @@ jobs: exit 1 - name: Check actor permission - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: write @@ -65,7 +65,7 @@ jobs: reactions: '+1' - name: Parse command - uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2 + uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v3.1 id: command # Init path depending on which command is run @@ -105,8 +105,7 @@ jobs: - name: Checkout ${{ needs.init.outputs.head_ref }} uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - # Needed to allow force push later - persist-credentials: true + persist-credentials: false token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 ref: ${{ needs.init.outputs.head_ref }} @@ -134,11 +133,13 @@ jobs: - name: Rebase to ${{ needs.init.outputs.base_ref }} if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} + env: + BASE_REF: ${{ needs.init.outputs.base_ref }} run: | - git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}' + git fetch origin "${BASE_REF}:${BASE_REF}" # Start the rebase - git rebase 'origin/${{ needs.init.outputs.base_ref }}' || { + git rebase "origin/${BASE_REF}" || { # Handle rebase conflicts in a loop while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do echo "Handling rebase conflict..." @@ -146,11 +147,11 @@ jobs: # Remove and checkout /dist and /js folders from the base branch if [ -d "dist" ]; then rm -rf dist - git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch" + git checkout "origin/${BASE_REF}" -- dist/ 2>/dev/null || echo "No dist folder in base branch" fi if [ -d "js" ]; then rm -rf js - git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch" + git checkout "origin/${BASE_REF}" -- js/ 2>/dev/null || echo "No js folder in base branch" fi # Stage all changes @@ -182,20 +183,26 @@ jobs: - name: Commit default if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --signoff -m 'chore(assets): Recompile assets' - name: Commit fixup if: ${{ contains(needs.init.outputs.arg1, 'fixup') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --fixup=HEAD --signoff - name: Commit amend if: ${{ contains(needs.init.outputs.arg1, 'amend') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --amend --no-edit --signoff # Remove any [skip ci] from the amended commit git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')" @@ -204,13 +211,19 @@ jobs: if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }} env: HEAD_REF: ${{ needs.init.outputs.head_ref }} - run: git push origin "$HEAD_REF" + BOT_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + run: | + git remote set-url origin "https://x-access-token:${BOT_TOKEN}@github.com/${{ github.repository }}.git" + git push origin "$HEAD_REF" - name: Force push if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }} env: HEAD_REF: ${{ needs.init.outputs.head_ref }} - run: git push --force-with-lease origin "$HEAD_REF" + BOT_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + run: | + git remote set-url origin "https://x-access-token:${BOT_TOKEN}@github.com/${{ github.repository }}.git" + git push --force-with-lease origin "$HEAD_REF" - name: Add reaction on failure uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 diff --git a/.github/workflows/command-openapi.yml b/.github/workflows/command-openapi.yml index 82ee65591..44ab38cb7 100644 --- a/.github/workflows/command-openapi.yml +++ b/.github/workflows/command-openapi.yml @@ -52,7 +52,7 @@ jobs: exit 1 - name: Check actor permission - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: write @@ -65,7 +65,7 @@ jobs: reactions: '+1' - name: Parse command - uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2 + uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v3.1 id: command # Init path depending on which command is run diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 71261f465..06587548f 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.event.pull_request.user.login == 'dependabot[bot]' runs-on: ubuntu-latest-low permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve step to work pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,22 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} + - name: GitHub actions bot approve + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && (github.event.pull_request.action == 'opened' || github.event.pull_request.action == 'reopened') + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # 2.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && (github.event.action == 'opened' || github.event.action == 'reopened') && (steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index da402086a..57f7a2b1d 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -34,7 +34,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Set up php${{ steps.versions.outputs.php-min }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index d1eafea62..47e4dc4f4 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -49,7 +49,7 @@ jobs: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index 2074c4c38..82fa89f5c 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -26,6 +26,7 @@ jobs: matrix: branches: - ${{ github.event.repository.default_branch }} + - 'stable34' - 'stable33' - 'stable32' diff --git a/.github/workflows/node.yml b/.github/workflows/npm-build.yml similarity index 99% rename from .github/workflows/node.yml rename to .github/workflows/npm-build.yml index 417d97a21..896bb7b8b 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/npm-build.yml @@ -6,7 +6,7 @@ # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Node +name: Build Javascript on: pull_request diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml index d0f349150..f97254c6a 100644 --- a/.github/workflows/openapi.yml +++ b/.github/workflows/openapi.yml @@ -35,7 +35,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Set up php - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ steps.php_versions.outputs.php-available }} extensions: xml diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml index ccda16a8d..7abea782c 100644 --- a/.github/workflows/phpunit-mysql.yml +++ b/.github/workflows/phpunit-mysql.yml @@ -103,7 +103,7 @@ jobs: path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml index 4ef492f0a..05e728759 100644 --- a/.github/workflows/phpunit-oci.yml +++ b/.github/workflows/phpunit-oci.yml @@ -115,7 +115,7 @@ jobs: path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml index e8ebedd15..c56c0f222 100644 --- a/.github/workflows/phpunit-pgsql.yml +++ b/.github/workflows/phpunit-pgsql.yml @@ -106,7 +106,7 @@ jobs: path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml index 62d8979ff..991b63fcd 100644 --- a/.github/workflows/phpunit-sqlite.yml +++ b/.github/workflows/phpunit-sqlite.yml @@ -95,7 +95,7 @@ jobs: path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 4d4a4ec44..1784f416c 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -36,7 +36,7 @@ jobs: run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml - name: Set up php${{ steps.versions.outputs.php-available }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ steps.versions.outputs.php-available }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml index dfe0ef4e9..51735a76d 100644 --- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml +++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.actor == 'nextcloud-command' runs-on: ubuntu-latest-low permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve-action to approve PRs pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,16 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - name: GitHub actions bot approve if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') - with: - github-token: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # 2.0.0 if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index 284ae29aa..9b3755516 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -26,6 +26,7 @@ jobs: matrix: branches: - ${{ github.event.repository.default_branch }} + - 'stable34' - 'stable33' - 'stable32' @@ -42,7 +43,7 @@ jobs: - name: Set up php8.2 if: steps.checkout.outcome == 'success' - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: 8.2 # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation