mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1000 Wiki Activity
Browse Source

fix(actions): Harden workflows when using variables in strings 

Signed-off-by: Joas Schilling <coding@schilljs.com>
pull/45710/head
Joas Schilling 1 week ago
parent
49c42c36ae
commit
54edf993d6
22 changed files with 78 additions and 87 deletions
Split View Show Diff Stats
  1. 4
    4
      .github/workflows/block-merge-eol.yml
  2. 1
    1
      .github/workflows/block-merge-freeze.yml
  3. 2
    2
      .github/workflows/block-outdated-3rdparty.yml
  4. 11
    11
      .github/workflows/command-compile.yml
  5. 6
    6
      .github/workflows/command-pull-3rdparty.yml
  6. 6
    5
      .github/workflows/cypress.yml
  7. 1
    1
      .github/workflows/dependabot-approve-merge.yml
  8. 1
    1
      .github/workflows/files-external-s3.yml
  9. 1
    1
      .github/workflows/files-external-sftp.yml
  10. 4
    5
      .github/workflows/lint-eslint.yml
  11. 2
    1
      .github/workflows/lint-php-cs.yml
  12. 2
    5
      .github/workflows/lint-php.yml
  13. 3
    3
      .github/workflows/node-test.yml
  14. 4
    5
      .github/workflows/node.yml
  15. 9
    11
      .github/workflows/npm-audit-fix.yml
  16. 2
    1
      .github/workflows/openapi.yml
  17. 3
    3
      .github/workflows/performance.yml
  18. 1
    6
      .github/workflows/phpunit-mariadb.yml
  19. 3
    3
      .github/workflows/pr-feedback.yml
  20. 4
    4
      .github/workflows/update-cacert-bundle.yml
  21. 4
    4
      .github/workflows/update-code-signing-crl.yml
  22. 4
    4
      .github/workflows/update-psalm-baseline.yml

+ 4
- 4
.github/workflows/block-merge-eol.yml View File

@@ -26,15 +26,15 @@ jobs:
runs-on: ubuntu-latest-low

steps:
- name: Download updater config
run: curl https://raw.githubusercontent.com/nextcloud/updater_server/production/config/config.php --output config.php

- name: Set server major version environment
run: |
# retrieve version number from branch reference
server_major=$(echo "${{ github.base_ref }}" | sed -En 's/stable//p')
echo "server_major=$server_major" >> $GITHUB_ENV
echo "current_month=$(date +%Y-%m)" >> $GITHUB_ENV

- name: Checking if ${{ env.server_major }} is EOL
run: |
php -r 'echo json_encode(require_once "config.php");' | jq --arg version "${{ env.server_major }}" '.stable[$version]["100"].eol // .beta[$version]["100"].eol // "NotEOL"' | grep -q "NotEOL"
curl -s https://raw.githubusercontent.com/nextcloud-releases/updater_server/production/config/major_versions.json \
| jq '.["${{ env.server_major }}"]["eol"] // "9999-99" | . >= "${{ env.current_month }}"' \
| grep -q true

+ 1
- 1
.github/workflows/block-merge-freeze.yml View File

@@ -29,7 +29,7 @@ jobs:

steps:
- name: Download version.php from ${{ github.base_ref }}
run: curl https://raw.githubusercontent.com/nextcloud/server/${{ github.base_ref }}/version.php --output version.php
run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ github.base_ref }}/version.php' --output version.php

- name: Run check
run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC'

+ 2
- 2
.github/workflows/block-outdated-3rdparty.yml View File

@@ -46,8 +46,8 @@ jobs:
- name: Compare if 3rdparty commits are different
run: |
echo '3rdparty/ seems to not point to the last commit of the dedicated branch:'
echo "Branch has: ${{ steps.actual.outputs.commit }}"
echo "${{ github.base_ref }} has: ${{ steps.target.outputs.commit }}"
echo 'Branch has: ${{ steps.actual.outputs.commit }}'
echo '${{ github.base_ref }} has: ${{ steps.target.outputs.commit }}'

- name: Fail if 3rdparty commits are different
if: ${{ steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}

+ 11
- 11
.github/workflows/command-compile.yml View File

@@ -37,7 +37,7 @@ jobs:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: "+1"
reactions: '+1'

- name: Parse command
uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2
@@ -77,8 +77,8 @@ jobs:

- name: Setup git
run: |
git config --local user.email "nextcloud-command@users.noreply.github.com"
git config --local user.name "nextcloud-command"
git config --local user.email 'nextcloud-command@users.noreply.github.com'
git config --local user.name 'nextcloud-command'

- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -94,13 +94,13 @@ jobs:
cache: npm

- name: Set up npm ${{ steps.package-engines-versions.outputs.npmVersion }}
run: npm i -g npm@"${{ steps.package-engines-versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ steps.package-engines-versions.outputs.npmVersion }}'
- name: Rebase to ${{ needs.init.outputs.base_ref }}
if: ${{ contains(needs.init.outputs.arg1, 'rebase') }}
run: |
git fetch origin ${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}
git rebase origin/${{ needs.init.outputs.base_ref }}
git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}'
git rebase 'origin/${{ needs.init.outputs.base_ref }}'

- name: Install dependencies & build
env:
@@ -113,30 +113,30 @@ jobs:
- name: Commit default
if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }}
run: |
git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}'
git commit --signoff -m 'chore(assets): Recompile assets'
- name: Commit fixup
if: ${{ contains(needs.init.outputs.arg1, 'fixup') }}
run: |
git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}'
git commit --fixup=HEAD --signoff

- name: Commit amend
if: ${{ contains(needs.init.outputs.arg1, 'amend') }}
run: |
git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}'
git commit --amend --no-edit --signoff
# Remove any [skip ci] from the amended commit
git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')"
- name: Push normally
if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }}
run: git push origin ${{ needs.init.outputs.head_ref }}
run: git push origin '${{ needs.init.outputs.head_ref }}'

- name: Force push
if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }}
run: git push --force origin ${{ needs.init.outputs.head_ref }}
run: git push --force origin '${{ needs.init.outputs.head_ref }}'

- name: Add reaction on failure
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0

+ 6
- 6
.github/workflows/command-pull-3rdparty.yml View File

@@ -25,7 +25,7 @@ jobs:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: "+1"
reactions: '+1'

- name: Init branch
uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1
@@ -40,16 +40,16 @@ jobs:

- name: Setup git
run: |
git config --local user.email "nextcloud-command@users.noreply.github.com"
git config --local user.name "nextcloud-command"
git config --local user.email 'nextcloud-command@users.noreply.github.com'
git config --local user.name 'nextcloud-command'

- name: Pull 3rdparty
run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin ${{ github.event.issue.pull_request.base.ref }}; fi'
run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ github.event.issue.pull_request.base.ref }}'"'"'; fi'

- name: Commit and push changes
run: |
git add 3rdparty
git commit -s -m "Update submodule 3rdparty to latest ${{ github.event.issue.pull_request.base.ref }}"
git commit -s -m 'Update submodule 3rdparty to latest ${{ github.event.issue.pull_request.base.ref }}'
git push

- name: Add reaction on failure
@@ -59,4 +59,4 @@ jobs:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: "-1"
reactions: '-1'

+ 6
- 5
.github/workflows/cypress.yml View File

@@ -17,6 +17,7 @@ concurrency:
env:
# Adjust APP_NAME if your repository name is different
APP_NAME: ${{ github.event.repository.name }}

# Server requires head_ref instead of base_ref, as we want to test the PR branch
BRANCH: ${{ github.head_ref || github.ref_name }}

@@ -52,7 +53,7 @@ jobs:
id: versions
with:
fallbackNode: "^20"
fallbackNpm: "^9"
fallbackNpm: "^10"

- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
@@ -60,7 +61,7 @@ jobs:
node-version: ${{ steps.versions.outputs.nodeVersion }}

- name: Set up npm ${{ steps.versions.outputs.npmVersion }}
run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'

- name: Install node dependencies & build app
run: |
@@ -85,9 +86,9 @@ jobs:
matrix:
# Run multiple copies of the current job in parallel
# Please increase the number or runners as your tests suite grows (0 based index for e2e tests)
containers: ["component", 0, 1, 2, 3, 4, 5]
containers: ["component", '0', '1', '2', '3', '4', '5']
# Hack as strategy.job-total includes the component and GitHub does not allow math expressions
# Always aling this number with the total of e2e runners (max. index + 1)
# Always align this number with the total of e2e runners (max. index + 1)
total-containers: [6]

name: runner ${{ matrix.containers }}
@@ -106,7 +107,7 @@ jobs:
node-version: ${{ needs.init.outputs.nodeVersion }}

- name: Set up npm ${{ needs.init.outputs.npmVersion }}
run: npm i -g npm@"${{ needs.init.outputs.npmVersion }}"
run: npm i -g 'npm@${{ needs.init.outputs.npmVersion }}'

- name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests
uses: cypress-io/github-action@f88a151c986cab2e339cdbede6a5c4468bb62c17 # v6.7.0

+ 1
- 1
.github/workflows/dependabot-approve-merge.yml View File

@@ -31,7 +31,7 @@ jobs:
pull-requests: write

steps:
# Github actions bot approve
# GitHub actions bot approve
- uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

+ 1
- 1
.github/workflows/files-external-s3.yml View File

@@ -56,7 +56,7 @@ jobs:
MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
MINIO_DEFAULT_BUCKETS: nextcloud
ports:
- "9000:9000"
- '9000:9000'

steps:
- name: Checkout server

+ 1
- 1
.github/workflows/files-external-sftp.yml View File

@@ -61,7 +61,7 @@ jobs:
run: |
sudo mkdir /tmp/sftp
sudo chown -R 0777 /tmp/sftp
if [[ "${{ matrix.sftpd }}" == 'openssh' ]]; then docker run -p 2222:22 --name sftp -d -v /tmp/sftp:/home/test atmoz/sftp "test:test:::data"; fi
if [[ '${{ matrix.sftpd }}' == 'openssh' ]]; then docker run -p 2222:22 --name sftp -d -v /tmp/sftp:/home/test atmoz/sftp 'test:test:::data'; fi

- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d #v2.25.2

+ 4
- 5
.github/workflows/lint-eslint.yml View File

@@ -8,8 +8,7 @@

name: Lint eslint

on:
pull_request:
on: pull_request

permissions:
contents: read
@@ -61,15 +60,15 @@ jobs:
id: versions
with:
fallbackNode: '^20'
fallbackNpm: '^9'
fallbackNpm: '^10'

- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}

- name: Set up npm ${{ steps.versions.outputs.npmVersion }}
run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'

- name: Install dependencies
env:

+ 2
- 1
.github/workflows/lint-php-cs.yml View File

@@ -50,10 +50,11 @@ jobs:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6

- name: Set up php
- name: Set up php8.1
uses: shivammathur/setup-php@c665c7a15b5295c2488ac8a87af9cb806cd72198 # v2
with:
php-version: 8.1
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
coverage: none
ini-file: development
env:

+ 2
- 5
.github/workflows/lint-php.yml View File

@@ -8,8 +8,7 @@

name: Lint php

on:
pull_request:
on: pull_request

permissions:
contents: read
@@ -21,10 +20,8 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low

outputs:
src: ${{ steps.changes.outputs.src}}

steps:
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: changes
@@ -50,7 +47,7 @@ jobs:

strategy:
matrix:
php-versions: [ "8.1", "8.2", "8.3" ]
php-versions: [ '8.1', '8.2', '8.3' ]

name: php-lint


+ 3
- 3
.github/workflows/node-test.yml View File

@@ -88,7 +88,7 @@ jobs:
node-version: ${{ needs.versions.outputs.nodeVersion }}

- name: Set up npm ${{ needs.versions.outputs.npmVersion }}
run: npm i -g npm@"${{ needs.versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'

- name: Install dependencies & build
run: |
@@ -122,7 +122,7 @@ jobs:
node-version: ${{ needs.versions.outputs.nodeVersion }}

- name: Set up npm ${{ needs.versions.outputs.npmVersion }}
run: npm i -g npm@"${{ needs.versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'

- name: Install dependencies
run: npm ci
@@ -150,7 +150,7 @@ jobs:
node-version: ${{ needs.versions.outputs.nodeVersion }}

- name: Set up npm ${{ needs.versions.outputs.npmVersion }}
run: npm i -g npm@"${{ needs.versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'

- name: Install dependencies
run: npm ci

+ 4
- 5
.github/workflows/node.yml View File

@@ -8,8 +8,7 @@

name: Node

on:
pull_request:
on: pull_request

permissions:
contents: read
@@ -59,15 +58,15 @@ jobs:
id: versions
with:
fallbackNode: '^20'
fallbackNpm: '^9'
fallbackNpm: '^10'

- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}

- name: Set up npm ${{ steps.versions.outputs.npmVersion }}
run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'

- name: Install dependencies & build
env:

+ 9
- 11
.github/workflows/npm-audit-fix.yml View File

@@ -21,7 +21,7 @@ jobs:
strategy:
fail-fast: false
matrix:
branches: ["main", "master", "stable29", "stable28", "stable27"]
branches: ['main', 'master', 'stable29', 'stable28', 'stable27']

name: npm-audit-fix-${{ matrix.branches }}

@@ -36,25 +36,24 @@ jobs:
id: versions
with:
fallbackNode: '^20'
fallbackNpm: '^9'
fallbackNpm: '^10'

- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}

- name: Set up npm ${{ steps.versions.outputs.npmVersion }}
run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'

- name: Fix npm audit
run: |
npm audit fix
id: npm-audit
uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0

- name: Run npm ci and npm run build
if: always()
env:
CYPRESS_INSTALL_BINARY: 0
PUPPETEER_SKIP_DOWNLOAD: true
run: |
npm ci
npm run build --if-present
@@ -64,14 +63,13 @@ jobs:
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: "fix(deps): fix npm audit"
commit-message: 'fix(deps): Fix npm audit'
committer: GitHub <noreply@github.com>
author: nextcloud-command <nextcloud-command@users.noreply.github.com>
signoff: true
branch: automated/noid/${{ matrix.branches }}-fix-npm-audit
title: "[${{ matrix.branches }}] Fix npm audit"
body: |
Auto-generated fix of npm audit
title: '[${{ matrix.branches }}] Fix npm audit'
body: ${{ steps.npm-audit.outputs.markdown }}
labels: |
dependencies
3. to review

+ 2
- 1
.github/workflows/openapi.yml View File

@@ -34,10 +34,11 @@ jobs:
php-version: '8.2'
extensions: xml
coverage: none
ini-file: development
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Composer install
- name: Set up dependencies
run: composer i

- name: OpenAPI checker

+ 3
- 3
.github/workflows/performance.yml View File

@@ -62,9 +62,9 @@ jobs:

- name: Apply PR
run: |
git remote add pr ${{ github.event.pull_request.head.repo.clone_url }}
git fetch pr ${{ github.event.pull_request.head.ref }}
git checkout -b pr/${{ github.event.pull_request.head.ref }}
git remote add pr '${{ github.event.pull_request.head.repo.clone_url }}'
git fetch pr '${{ github.event.pull_request.head.ref }}'
git checkout -b 'pr/${{ github.event.pull_request.head.ref }}'
git submodule update

./occ upgrade

+ 1
- 6
.github/workflows/phpunit-mariadb.yml View File

@@ -105,7 +105,7 @@ jobs:
- name: Enable ONLY_FULL_GROUP_BY MariaDB option
run: |
echo "SET GLOBAL sql_mode=(SELECT CONCAT(@@sql_mode,',ONLY_FULL_GROUP_BY'));" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
echo "SELECT @@sql_mode;" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
echo 'SELECT @@sql_mode;' | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword

- name: Set up Nextcloud
env:
@@ -127,11 +127,6 @@ jobs:
files: ./clover.db.xml
flags: phpunit-mariadb

- name: Print logs
if: always()
run: |
cat data/nextcloud.log

summary:
permissions:
contents: none

+ 3
- 3
.github/workflows/pr-feedback.yml View File

@@ -35,7 +35,7 @@ jobs:
with:
feedback-message: |
Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

@@ -45,6 +45,6 @@ jobs:

(If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).)
days-before-feedback: 14
start-date: "2024-04-30"
exempt-authors: "${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }},nextcloud-command,nextcloud-android-bot"
start-date: '2024-04-30'
exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }},nextcloud-command,nextcloud-android-bot'
exempt-bots: true

+ 4
- 4
.github/workflows/update-cacert-bundle.yml View File

@@ -14,7 +14,7 @@ jobs:
strategy:
fail-fast: false
matrix:
branches: ["master", "stable29", "stable28", "stable27", "stable26", "stable25", "stable24", "stable23", "stable22"]
branches: ['master', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']

name: update-ca-certificate-bundle-${{ matrix.branches }}

@@ -31,12 +31,12 @@ jobs:
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: "fix(security): Update CA certificate bundle"
commit-message: 'fix(security): Update CA certificate bundle'
committer: GitHub <noreply@github.com>
author: nextcloud-command <nextcloud-command@users.noreply.github.com>
signoff: true
branch: automated/noid/${{ matrix.branches }}-update-ca-cert-bundle
title: "[${{ matrix.branches }}] fix(security): Update CA certificate bundle"
branch: 'automated/noid/${{ matrix.branches }}-update-ca-cert-bundle'
title: '[${{ matrix.branches }}] fix(security): Update CA certificate bundle'
body: |
Auto-generated update of CA certificate bundle from [https://curl.se/docs/caextract.html](https://curl.se/docs/caextract.html)
labels: |

+ 4
- 4
.github/workflows/update-code-signing-crl.yml View File

@@ -14,7 +14,7 @@ jobs:
strategy:
fail-fast: false
matrix:
branches: ["master", "stable28", "stable27", "stable26", "stable25", "stable24", "stable23", "stable22"]
branches: ['master', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']

name: update-code-signing-crl-${{ matrix.branches }}

@@ -34,12 +34,12 @@ jobs:
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: "fix(security): Update code signing revocation list"
commit-message: 'fix(security): Update code signing revocation list'
committer: GitHub <noreply@github.com>
author: nextcloud-command <nextcloud-command@users.noreply.github.com>
signoff: true
branch: automated/noid/${{ matrix.branches }}-update-code-signing-crl
title: "[${{ matrix.branches }}] fix(security): Update code signing revocation list"
branch: 'automated/noid/${{ matrix.branches }}-update-code-signing-crl'
title: '[${{ matrix.branches }}] fix(security): Update code signing revocation list'
body: |
Auto-generated update of code signing revocation list from [Appstore](https://github.com/nextcloud/appstore/commits/master/nextcloudappstore/certificate/nextcloud.crl)
labels: |

+ 4
- 4
.github/workflows/update-psalm-baseline.yml View File

@@ -16,7 +16,7 @@ jobs:
strategy:
fail-fast: false
matrix:
branches: ["master", "stable29", "stable28", "stable27"]
branches: ['master', 'stable29', 'stable28', 'stable27']

name: update-psalm-baseline-${{ matrix.branches }}

@@ -55,12 +55,12 @@ jobs:
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: "chore(tests): Update psalm baseline"
commit-message: 'chore(tests): Update psalm baseline'
committer: GitHub <noreply@github.com>
author: nextcloud-command <nextcloud-command@users.noreply.github.com>
signoff: true
branch: automated/noid/${{ matrix.branches }}-update-psalm-baseline
title: "[${{ matrix.branches }}] Update psalm-baseline.xml"
branch: 'automated/noid/${{ matrix.branches }}-update-psalm-baseline'
title: '[${{ matrix.branches }}] Update psalm-baseline.xml'
body: |
Auto-generated update psalm-baseline.xml with fixed psalm warnings
labels: |

Write Preview
Loading…
Cancel
Save