From 17747a371ad846216676057f96a82760a0d2a442 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?John=20Molakvo=C3=A6?= Date: Fri, 9 Jun 2023 15:59:52 +0200 Subject: [PATCH] chore: update workflows from templates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: John Molakvoæ --- .github/workflows/block-merge-freeze.yml | 15 ++++++- .github/workflows/command-compile.yml | 34 ++++++++-------- .github/workflows/command-rebase.yml | 12 +++--- .../workflows/dependabot-approve-merge.yml | 10 +++-- .github/workflows/fixup.yml | 19 +++++++-- .github/workflows/lint-eslint.yml | 39 +++++++++++++------ .github/workflows/lint-php-cs.yml | 27 +++++++------ .github/workflows/lint-php.yml | 21 ++++++++-- .github/workflows/lint-stylelint.yml | 26 +++++++------ .github/workflows/node.yml | 27 ++++++++++--- .github/workflows/npm-audit-fix.yml | 30 ++++++++++---- .github/workflows/psalm.yml | 13 +++++-- 12 files changed, 188 insertions(+), 85 deletions(-) diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml index e56884ccc..f2d029c99 100644 --- a/.github/workflows/block-merge-freeze.yml +++ b/.github/workflows/block-merge-freeze.yml @@ -3,14 +3,25 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -name: Pull request checks +name: Block merges during freezes -on: pull_request +on: + pull_request: + types: [opened, ready_for_review, reopened, synchronize] + +permissions: + contents: read + +concurrency: + group: block-merge-freeze-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: block-merges-during-freeze: name: Block merges during freezes + if: github.event.pull_request.draft == false + runs-on: ubuntu-latest steps: diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index 18b9c11fd..82bdc8b8a 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -18,43 +18,43 @@ jobs: steps: - name: Check actor permission - uses: skjnldsv/check-actor-permission@v2 + uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2 with: require: write - name: Add reaction on start - uses: peter-evans/create-or-update-comment@v1 + uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1 with: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} - reaction-type: "+1" + reactions: "+1" - name: Parse command - uses: skjnldsv/parse-command-comment@master + uses: skjnldsv/parse-command-comment@7cef1df370a99dfd5bf896d50121390c96785db8 # v2 id: command # Init path depending on which command is run - name: Init path id: git-path - run: | + run: | if ${{ startsWith(steps.command.outputs.arg1, '/') }}; then - echo "::set-output name=path::${{ github.workspace }}${{steps.command.outputs.arg1}}" + echo "path=${{ github.workspace }}${{steps.command.outputs.arg1}}" >> $GITHUB_OUTPUT else - echo "::set-output name=path::${{ github.workspace }}${{steps.command.outputs.arg2}}" + echo "path=${{ github.workspace }}${{steps.command.outputs.arg2}}" >> $GITHUB_OUTPUT fi - name: Init branch - uses: xt0rted/pull-request-comment-branch@v1 + uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1 id: comment-branch - + process: runs-on: ubuntu-latest needs: init steps: - name: Checkout ${{ needs.init.outputs.head_ref }} - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 @@ -66,14 +66,14 @@ jobs: git config --local user.name "nextcloud-command" - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.2 + uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 id: package-engines-versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }} cache: npm @@ -90,7 +90,7 @@ jobs: if: ${{ needs.init.outputs.arg1 != 'fixup' && needs.init.outputs.arg1 != 'amend' }} run: | git add ${{ needs.init.outputs.git_path }} - git commit --signoff -m 'Compile assets' + git commit --signoff -m 'chore(assets): Recompile assets' git push origin ${{ needs.init.outputs.head_ref }} - name: Commit and push fixup @@ -108,10 +108,10 @@ jobs: git push --force origin ${{ needs.init.outputs.head_ref }} - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@v1 + uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1 if: failure() with: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} - reaction-type: "-1" + reactions: "-1" diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml index 78fcf5d19..ec95ccbbf 100644 --- a/.github/workflows/command-rebase.yml +++ b/.github/workflows/command-rebase.yml @@ -9,8 +9,8 @@ on: issue_comment: types: created -permissions: - contents: read +permissions: + contents: read jobs: rebase: @@ -23,7 +23,7 @@ jobs: steps: - name: Add reaction on start - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1 with: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} @@ -31,18 +31,18 @@ jobs: reaction-type: "+1" - name: Checkout the latest code - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 token: ${{ secrets.COMMAND_BOT_PAT }} - name: Automatic Rebase - uses: cirrus-actions/rebase@1.7 + uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8 env: GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1 if: failure() with: token: ${{ secrets.COMMAND_BOT_PAT }} diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 0d6e34340..9951547f7 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -15,22 +15,26 @@ on: permissions: contents: read +concurrency: + group: dependabot-approve-merge-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: auto-approve-merge: if: github.actor == 'dependabot[bot]' runs-on: ubuntu-latest permissions: # for hmarr/auto-approve-action to approve PRs - pull-requests: write + pull-requests: write steps: # Github actions bot approve - - uses: hmarr/auto-approve-action@v2 + - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@v2 + - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2 with: target: minor github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }} diff --git a/.github/workflows/fixup.yml b/.github/workflows/fixup.yml index 6092cc3a5..9548d19f2 100644 --- a/.github/workflows/fixup.yml +++ b/.github/workflows/fixup.yml @@ -3,18 +3,31 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -name: Pull request checks +name: Block fixup and squash commits -on: pull_request +on: + pull_request: + types: [opened, ready_for_review, reopened, synchronize] + +permissions: + contents: read + +concurrency: + group: fixup-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: commit-message-check: + if: github.event.pull_request.draft == false + + permissions: + pull-requests: write name: Block fixup and squash commits runs-on: ubuntu-latest steps: - name: Run check - uses: xt0rted/block-autosquash-commits-action@v2 + uses: skjnldsv/block-fixup-merge-action@42d26e1b536ce61e5cf467d65fb76caf4aa85acf # v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index 5f48fb58b..ef56db29a 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -2,16 +2,33 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# Use lint-eslint together with lint-eslint-when-unrelated to make eslint a required check for GitHub actions +# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks -name: Lint +name: Lint eslint on: pull_request: - push: - branches: - - main - - master - - stable* + paths: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '.eslintrc.*' + - '.eslintignore' + - '**.js' + - '**.ts' + - '**.vue' + +permissions: + contents: read + +concurrency: + group: lint-eslint-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: lint: @@ -21,17 +38,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.2 + uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index 9aad51409..f8d337511 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -3,14 +3,16 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -name: Lint +name: Lint php-cs -on: - pull_request: - push: - branches: - - master - - stable* +on: pull_request + +permissions: + contents: read + +concurrency: + group: lint-php-cs-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: lint: @@ -20,13 +22,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + - name: Set up php + uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2 with: - php-version: "7.4" + php-version: 8.1 coverage: none + ini-file: development + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install dependencies run: composer i diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 9cfb484e9..8d7f63f84 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -3,38 +3,51 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -name: Lint +name: Lint php on: pull_request: push: branches: + - main - master - stable* +permissions: + contents: read + +concurrency: + group: lint-php-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: php-lint: runs-on: ubuntu-latest strategy: matrix: - php-versions: ["7.4", "8.0", "8.1"] + php-versions: [ "8.0", "8.1", "8.2" ] name: php-lint steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2 with: php-version: ${{ matrix.php-versions }} coverage: none + ini-file: development + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Lint run: composer run lint summary: + permissions: + contents: none runs-on: ubuntu-latest needs: php-lint diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml index 64edcfba5..82a552521 100644 --- a/.github/workflows/lint-stylelint.yml +++ b/.github/workflows/lint-stylelint.yml @@ -3,14 +3,16 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -name: Lint +name: Lint stylelint -on: - pull_request: - push: - branches: - - master - - stable* +on: pull_request + +permissions: + contents: read + +concurrency: + group: lint-stylelint-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: lint: @@ -20,17 +22,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.1 + uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v2 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 9150d1f19..89df10487 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -7,6 +7,16 @@ name: Node on: pull_request: + paths: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '**.js' + - '**.ts' + - '**.vue' push: branches: - main @@ -16,6 +26,10 @@ on: permissions: contents: read +concurrency: + group: node-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: build: runs-on: ubuntu-latest @@ -23,17 +37,17 @@ jobs: name: node steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.2 + uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -47,10 +61,11 @@ jobs: - name: Check webpack build changes run: | - bash -c "[[ ! \"`git status --porcelain `\" ]] || exit 1" + bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" - name: Show changes on failure if: failure() run: | git status git --no-pager diff + exit 1 # make it red to grab attention diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index 34ae58003..36b2fbb68 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -3,43 +3,59 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -name: npm audit fix and compile +name: Npm audit fix and compile on: workflow_dispatch: + schedule: + # At 2:30 on Sundays + - cron: '30 2 * * 0' jobs: build: runs-on: ubuntu-latest - name: node + strategy: + fail-fast: false + matrix: + branches: ["main", "master", "stable27", "stable26", "stable25", "stable24"] + + name: npm-audit-fix-${{ matrix.branches }} + steps: - name: Checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + with: + ref: ${{ matrix.branches }} - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2 + uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 id: versions with: fallbackNode: '^16' fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" - - name: Fix npm audit, run npm ci and npm run build + - name: Fix npm audit run: | npm audit fix + + - name: Run npm ci and npm run build + if: always() + run: | npm ci npm run build --if-present - name: Create Pull Request - uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672 # v3 + if: always() + uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: "chore(deps): fix npm audit" diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 27091d53c..7be48f261 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -13,6 +13,10 @@ on: - main - stable* +concurrency: + group: psalm-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: static-analysis: runs-on: ubuntu-latest @@ -20,13 +24,16 @@ jobs: name: Nextcloud steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set up php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2 with: - php-version: 7.4 + php-version: 8.1 coverage: none + ini-file: development + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install dependencies run: composer i