From 3b045190333d37a94dd494729a77b57b659c3447 Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Sun, 17 May 2026 03:26:48 +0000 Subject: [PATCH 1/2] ci(actions): Update workflow templates from organization template repository Signed-off-by: GitHub --- .github/actions-lock.txt | 30 +++--- .github/workflows/command-compile.yml | 39 +++++--- .github/workflows/command-openapi.yml | 4 +- .../workflows/dependabot-approve-merge.yml | 19 ++-- .github/workflows/lint-php-cs.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/node.yml | 93 ++----------------- .github/workflows/npm-audit-fix.yml | 1 + .github/workflows/openapi.yml | 2 +- .github/workflows/phpunit-mysql.yml | 2 +- .github/workflows/phpunit-oci.yml | 2 +- .github/workflows/phpunit-pgsql.yml | 2 +- .github/workflows/phpunit-sqlite.yml | 2 +- .github/workflows/psalm.yml | 2 +- .../update-nextcloud-ocp-approve-merge.yml | 13 +-- .github/workflows/update-nextcloud-ocp.yml | 3 +- 16 files changed, 80 insertions(+), 138 deletions(-) diff --git a/.github/actions-lock.txt b/.github/actions-lock.txt index 6b3c746df..932607fbf 100644 --- a/.github/actions-lock.txt +++ b/.github/actions-lock.txt @@ -3,25 +3,25 @@ 9f2b534bea27e8ec2dda7c1d772a664b block-merge-eol.yml 25fc4c7e69e778e20bdc9eb0cc96367e block-merge-freeze.yml d42c24e161cb75a6394cb8bd347b9467 block-unconventional-commits.yml -a1c367dbac08581d6565e3b84a0eaf96 command-compile.yml -d08f542086876f6bfa037c7829f1b169 command-openapi.yml -7dd8d21d9dd013196cd4bdbf7c24db6f dependabot-approve-merge.yml +a5a8fc40c0f979c2d799ae114a0b840b command-compile.yml +779a27fda482f862faafbc191753d32a command-openapi.yml +d00c282925ce19918cc26ec0827d9726 dependabot-approve-merge.yml 2581a67c5bcdcd570427e6d51db767d7 fixup.yml 7bcfba381bfb7c28d9ef6a7d55ac937b lint-eslint.yml 80a58e5584612def0e751fcfb7669814 lint-info-xml.yml -ccd8a55c60e35b84becb0f7005ce1286 lint-php-cs.yml -5dcc3187a9460cb62a455235cbdb3562 lint-php.yml +058024e4560ae1f18f6e4be9ecc0dacb lint-php-cs.yml +d86aa09feb6ce2ad244926aff7adcb36 lint-php.yml bd5b5245dc07b5779031e13817663a3e lint-stylelint.yml -c98e518ff87d052a1236ac3fc40d2bc1 node.yml -e54d4276168426a10219333cf10e0d10 npm-audit-fix.yml -3488e09e545319403424fa66a02e6c05 openapi.yml -5846b994639ccab0059bf23e141d389a phpunit-mysql.yml -ec7d1084fbb3a6803dbabf3acdd17ac8 phpunit-oci.yml -29b359a5b76e7ff8cd85af34b3bf36e3 phpunit-pgsql.yml -182cc739d33a2441d3a9278a9bff55b4 phpunit-sqlite.yml +03759c9dc0fa748cb927b9f9cadf2925 node.yml +20d567b2158851c6b54170e0a7c7fc30 npm-audit-fix.yml +887e74a10fb81844981217e649551793 openapi.yml +efac00595fcf8c91902a40467bb8e58a phpunit-mysql.yml +ea1ad2b41d5c8730af03c2923fd0d90d phpunit-oci.yml +5f7de35e496afb4f1206fe18017d6320 phpunit-pgsql.yml +10d907363827d671d37831b78c0a1137 phpunit-sqlite.yml 3c4a096b3b7dbaef0f8e5190ffe13518 pr-feedback.yml -a6d8aa0050107ce4d8b6d166d25ca8aa psalm.yml +a965b7d4820a97cc232a24f6caf90d95 psalm.yml 7db5b820f3750eebe988005a0bb2febd reuse.yml -800d5b188aa885626cf4169fa2dfea9e update-nextcloud-ocp-approve-merge.yml -90f22641445623fb227102f8d2d87cc0 update-nextcloud-ocp.yml +78bd5cbcc4b48cb9b0d1b0fbbb4403d7 update-nextcloud-ocp-approve-merge.yml +c62537b3800cce229cae328bd206a3d4 update-nextcloud-ocp.yml 22604c31b526de270a080eb19967a638 update-stable-titles.yml diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index 487ec6819..c517120a1 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -52,7 +52,7 @@ jobs: exit 1 - name: Check actor permission - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: write @@ -65,7 +65,7 @@ jobs: reactions: '+1' - name: Parse command - uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2 + uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v3.1 id: command # Init path depending on which command is run @@ -105,8 +105,7 @@ jobs: - name: Checkout ${{ needs.init.outputs.head_ref }} uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - # Needed to allow force push later - persist-credentials: true + persist-credentials: false token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 ref: ${{ needs.init.outputs.head_ref }} @@ -134,11 +133,13 @@ jobs: - name: Rebase to ${{ needs.init.outputs.base_ref }} if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} + env: + BASE_REF: ${{ needs.init.outputs.base_ref }} run: | - git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}' + git fetch origin "${BASE_REF}:${BASE_REF}" # Start the rebase - git rebase 'origin/${{ needs.init.outputs.base_ref }}' || { + git rebase "origin/${BASE_REF}" || { # Handle rebase conflicts in a loop while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do echo "Handling rebase conflict..." @@ -146,11 +147,11 @@ jobs: # Remove and checkout /dist and /js folders from the base branch if [ -d "dist" ]; then rm -rf dist - git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch" + git checkout "origin/${BASE_REF}" -- dist/ 2>/dev/null || echo "No dist folder in base branch" fi if [ -d "js" ]; then rm -rf js - git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch" + git checkout "origin/${BASE_REF}" -- js/ 2>/dev/null || echo "No js folder in base branch" fi # Stage all changes @@ -182,20 +183,26 @@ jobs: - name: Commit default if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --signoff -m 'chore(assets): Recompile assets' - name: Commit fixup if: ${{ contains(needs.init.outputs.arg1, 'fixup') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --fixup=HEAD --signoff - name: Commit amend if: ${{ contains(needs.init.outputs.arg1, 'amend') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --amend --no-edit --signoff # Remove any [skip ci] from the amended commit git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')" @@ -204,13 +211,19 @@ jobs: if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }} env: HEAD_REF: ${{ needs.init.outputs.head_ref }} - run: git push origin "$HEAD_REF" + BOT_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + run: | + git remote set-url origin "https://x-access-token:${BOT_TOKEN}@github.com/${{ github.repository }}.git" + git push origin "$HEAD_REF" - name: Force push if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }} env: HEAD_REF: ${{ needs.init.outputs.head_ref }} - run: git push --force-with-lease origin "$HEAD_REF" + BOT_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + run: | + git remote set-url origin "https://x-access-token:${BOT_TOKEN}@github.com/${{ github.repository }}.git" + git push --force-with-lease origin "$HEAD_REF" - name: Add reaction on failure uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 diff --git a/.github/workflows/command-openapi.yml b/.github/workflows/command-openapi.yml index 82ee65591..44ab38cb7 100644 --- a/.github/workflows/command-openapi.yml +++ b/.github/workflows/command-openapi.yml @@ -52,7 +52,7 @@ jobs: exit 1 - name: Check actor permission - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: write @@ -65,7 +65,7 @@ jobs: reactions: '+1' - name: Parse command - uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2 + uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v3.1 id: command # Init path depending on which command is run diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 71261f465..06587548f 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.event.pull_request.user.login == 'dependabot[bot]' runs-on: ubuntu-latest-low permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve step to work pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,22 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} + - name: GitHub actions bot approve + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && (github.event.pull_request.action == 'opened' || github.event.pull_request.action == 'reopened') + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # 2.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && (github.event.action == 'opened' || github.event.action == 'reopened') && (steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index da402086a..57f7a2b1d 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -34,7 +34,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Set up php${{ steps.versions.outputs.php-min }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index d1eafea62..47e4dc4f4 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -49,7 +49,7 @@ jobs: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 417d97a21..9f672c2af 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -6,108 +6,27 @@ # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Node +# TODO: Remove this after a grace period of 6 months to give everyone the chance to switch to the new workflow name +# TODO: To be removed end of 2026. +name: No-op please switch to npm-build.yml on: pull_request permissions: - contents: read + contents: none concurrency: group: node-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: - changes: - runs-on: ubuntu-latest-low - permissions: - contents: read - pull-requests: read - - outputs: - src: ${{ steps.changes.outputs.src}} - - steps: - - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 - id: changes - continue-on-error: true - with: - filters: | - src: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '**.js' - - '**.ts' - - '**.vue' - - build: - runs-on: ubuntu-latest - - needs: changes - if: needs.changes.outputs.src != 'false' - - name: NPM build - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 - id: versions - with: - fallbackNode: '^24' - fallbackNpm: '^11.3' - - - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 - with: - node-version: ${{ steps.versions.outputs.nodeVersion }} - - - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - - - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460 - run: | - npm i -g npm-package-lock-add-resolved@1.1.4 - npm-package-lock-add-resolved - git --no-pager diff --exit-code - - - name: Install dependencies & build - env: - CYPRESS_INSTALL_BINARY: 0 - PUPPETEER_SKIP_DOWNLOAD: true - run: | - npm ci - npm run build --if-present - - - name: Check build changes - run: | - bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" - - - name: Show changes on failure - if: failure() - run: | - git status - git --no-pager diff - exit 1 # make it red to grab attention - summary: - permissions: - contents: none runs-on: ubuntu-latest-low - needs: [changes, build] - if: always() # This is the summary, we just avoid to rename it so that branch protection rules still match name: node steps: - - name: Summary status - run: if ${{ needs.changes.outputs.src != 'false' && needs.build.result != 'success' }}; then exit 1; fi + - name: No-op please switch to npm-build.yml + run: echo "The workflow has been renamed, please switch to npm-build.yml from organization templates"; exit 1; diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index 2074c4c38..82fa89f5c 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -26,6 +26,7 @@ jobs: matrix: branches: - ${{ github.event.repository.default_branch }} + - 'stable34' - 'stable33' - 'stable32' diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml index d0f349150..f97254c6a 100644 --- a/.github/workflows/openapi.yml +++ b/.github/workflows/openapi.yml @@ -35,7 +35,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Set up php - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ steps.php_versions.outputs.php-available }} extensions: xml diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml index ccda16a8d..7abea782c 100644 --- a/.github/workflows/phpunit-mysql.yml +++ b/.github/workflows/phpunit-mysql.yml @@ -103,7 +103,7 @@ jobs: path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml index 4ef492f0a..05e728759 100644 --- a/.github/workflows/phpunit-oci.yml +++ b/.github/workflows/phpunit-oci.yml @@ -115,7 +115,7 @@ jobs: path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml index e8ebedd15..c56c0f222 100644 --- a/.github/workflows/phpunit-pgsql.yml +++ b/.github/workflows/phpunit-pgsql.yml @@ -106,7 +106,7 @@ jobs: path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml index 62d8979ff..991b63fcd 100644 --- a/.github/workflows/phpunit-sqlite.yml +++ b/.github/workflows/phpunit-sqlite.yml @@ -95,7 +95,7 @@ jobs: path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 4d4a4ec44..1784f416c 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -36,7 +36,7 @@ jobs: run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml - name: Set up php${{ steps.versions.outputs.php-available }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: ${{ steps.versions.outputs.php-available }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml index dfe0ef4e9..51735a76d 100644 --- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml +++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.actor == 'nextcloud-command' runs-on: ubuntu-latest-low permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve-action to approve PRs pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,16 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - name: GitHub actions bot approve if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') - with: - github-token: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # 2.0.0 if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index 284ae29aa..9b3755516 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -26,6 +26,7 @@ jobs: matrix: branches: - ${{ github.event.repository.default_branch }} + - 'stable34' - 'stable33' - 'stable32' @@ -42,7 +43,7 @@ jobs: - name: Set up php8.2 if: steps.checkout.outcome == 'success' - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 with: php-version: 8.2 # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation From 13ac2bd975722d38c7db1ab4840cfb98def762cf Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sun, 17 May 2026 15:10:26 +0200 Subject: [PATCH 2/2] ci: Migrate to npm-build action Signed-off-by: Joas Schilling --- .github/workflows/node.yml | 32 --------- .github/workflows/npm-build.yml | 113 ++++++++++++++++++++++++++++++++ 2 files changed, 113 insertions(+), 32 deletions(-) delete mode 100644 .github/workflows/node.yml create mode 100644 .github/workflows/npm-build.yml diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml deleted file mode 100644 index 9f672c2af..000000000 --- a/.github/workflows/node.yml +++ /dev/null @@ -1,32 +0,0 @@ -# This workflow is provided via the organization template repository -# -# https://github.com/nextcloud/.github -# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -# -# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors -# SPDX-License-Identifier: MIT - -# TODO: Remove this after a grace period of 6 months to give everyone the chance to switch to the new workflow name -# TODO: To be removed end of 2026. -name: No-op please switch to npm-build.yml - -on: pull_request - -permissions: - contents: none - -concurrency: - group: node-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - summary: - runs-on: ubuntu-latest-low - if: always() - - # This is the summary, we just avoid to rename it so that branch protection rules still match - name: node - - steps: - - name: No-op please switch to npm-build.yml - run: echo "The workflow has been renamed, please switch to npm-build.yml from organization templates"; exit 1; diff --git a/.github/workflows/npm-build.yml b/.github/workflows/npm-build.yml new file mode 100644 index 000000000..896bb7b8b --- /dev/null +++ b/.github/workflows/npm-build.yml @@ -0,0 +1,113 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT + +name: Build Javascript + +on: pull_request + +permissions: + contents: read + +concurrency: + group: node-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + changes: + runs-on: ubuntu-latest-low + permissions: + contents: read + pull-requests: read + + outputs: + src: ${{ steps.changes.outputs.src}} + + steps: + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 + id: changes + continue-on-error: true + with: + filters: | + src: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '**.js' + - '**.ts' + - '**.vue' + + build: + runs-on: ubuntu-latest + + needs: changes + if: needs.changes.outputs.src != 'false' + + name: NPM build + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Read package.json node and npm engines version + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 + id: versions + with: + fallbackNode: '^24' + fallbackNpm: '^11.3' + + - name: Set up node ${{ steps.versions.outputs.nodeVersion }} + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: ${{ steps.versions.outputs.nodeVersion }} + + - name: Set up npm ${{ steps.versions.outputs.npmVersion }} + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' + + - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460 + run: | + npm i -g npm-package-lock-add-resolved@1.1.4 + npm-package-lock-add-resolved + git --no-pager diff --exit-code + + - name: Install dependencies & build + env: + CYPRESS_INSTALL_BINARY: 0 + PUPPETEER_SKIP_DOWNLOAD: true + run: | + npm ci + npm run build --if-present + + - name: Check build changes + run: | + bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" + + - name: Show changes on failure + if: failure() + run: | + git status + git --no-pager diff + exit 1 # make it red to grab attention + + summary: + permissions: + contents: none + runs-on: ubuntu-latest-low + needs: [changes, build] + + if: always() + + # This is the summary, we just avoid to rename it so that branch protection rules still match + name: node + + steps: + - name: Summary status + run: if ${{ needs.changes.outputs.src != 'false' && needs.build.result != 'success' }}; then exit 1; fi