Mirrors/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2024-08-27 05:55:24 +02:00
Code Issues Actions 27 Packages Projects Releases Wiki Activity
71,536 Commits 428 Branches 1,023 Tags 5.4 GiB
141d1e9026
Commit Graph

274 Commits

Author SHA1 Message Date
Daniel Kesselberg
6cfc7f5dd3
Reset composer for automated psalm baseline update 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2021-10-07 09:27:21 +02:00
Vincent Petry
442eb6cc0e
Merge pull request #29050 from nextcloud/debt/noid/job-to-update-psalm-baseline-broken 
Fix job to update psalm baseline
 2021-10-06 09:21:45 +02:00
Daniel Kesselberg
20da1080fa
Fix job to update psalm baseline 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2021-10-03 20:31:10 +02:00
Morris Jobke
b4403201dc
Change output format of Psalm to Github 
This automatically inlines the errors into the diff view.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2021-10-03 14:41:31 +02:00
Julius Härtl
1e266e8b38 Run oci against all php versions 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-09-27 14:24:05 +02:00
Julius Härtl
cab44b6311 Run oci tests against phpunit9/php8 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-09-27 14:24:05 +02:00
Christoph Wurst
7559a4a97d
Pin Psalm version for security analysis 
The action will otherwise pull dev-master and this can break easily as
we just experience.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-09-03 13:52:04 +02:00
Nextcloud bot
ed36b8b7f0 Updating command-compile.yml workflow from template 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
 2021-08-06 07:33:28 +00:00
Nextcloud bot
c854a3fd38 Updating command-rebase.yml workflow from template 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
 2021-08-02 08:44:50 +00:00
John Molakvoæ
fabd0a87b3
Update update-psalm-baseline.yml 2021-07-28 18:04:40 +02:00
John Molakvoæ
640f339b7d
Add checkout token 2021-07-28 07:40:58 +02:00
John Molakvoæ
525460c04d
Use COMMAND_BOT_PAT 2021-07-28 07:34:47 +02:00
John Molakvoæ
39931cab94
Update dependabot-approve-merge.yml 2021-07-27 08:16:41 +02:00
John Molakvoæ
f304633fbc
Add command-compile 2021-07-26 18:44:29 +02:00
John Molakvoæ (skjnldsv)
00105dca82
Add proper node testing 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-07-22 13:30:56 +02:00
John Molakvoæ (skjnldsv)
49b490ce6d
Migrate to npm 7 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-07-22 13:06:17 +02:00
John Molakvoæ
3508976156
Add files via upload 2021-07-16 09:13:20 +02:00
Nextcloud bot
472a51e845 Updating dependabot-approve-merge.yml workflow from template 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
 2021-07-02 15:43:33 +00:00
Nextcloud bot
b4cb5e2cff Updating dependabot-approve-merge.yml workflow from template 
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
 2021-06-29 19:06:49 +00:00
skjnldsv
2fdd8c40ef Updating command-rebase.yml workflow from template 
Signed-off-by: GitHub <noreply@github.com>
 2021-06-29 07:46:40 +00:00
Lukas Reschke
53695dac53
Merge pull request #27687 from nextcloud/szaimen-patch-1 
Create rebase command
 2021-06-28 19:09:49 +02:00
Julius Härtl
b18a7b8d22
Auto approve/merge also on stable branches 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-06-28 12:11:12 +02:00
szaimen
716dd54af2
Create rebase command 
Signed-off-by: szaimen <szaimen@e.mail.de>
 2021-06-26 13:36:32 +02:00
Morris Jobke
deaf0f3aa2
Change reviewers of Psalm baseline update 
Change reviewers from Roeland and Me to Julius and Louis

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2021-06-16 09:19:43 +02:00
John Molakvoæ
8c8777a841
Fix name 2021-05-29 09:12:37 +02:00
John Molakvoæ
38a19c263b
Add fixup.yml 2021-05-29 09:09:03 +02:00
John Molakvoæ
162229dbff
Fix psalm action 2021-05-28 18:17:58 +02:00
John Molakvoæ
fb583d5665
Fix psalm action 2021-05-28 18:17:42 +02:00
John Molakvoæ
018e18bf8a
Fix dependabot config 2021-05-28 12:25:03 +02:00
Christoph Wurst
ab3424ad44
Add ext-zip as platform dependency 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-05-03 10:10:28 +02:00
Joas Schilling
6a43948a6e
FIx Oracle by testing on Ubuntu 20.04 until oci8.so is available for 21.04 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-22 16:57:00 +02:00
John Molakvoæ (skjnldsv)
fb183b457c
Add eslint testing 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-03-17 13:03:38 +01:00
Roeland Jago Douma
da652ded26 Move fixup check to action 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-07 19:42:40 +01:00
Roeland Jago Douma
cc18213c98 Have psalm analysis directly on github 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-02-10 14:57:36 +01:00
Roeland Jago Douma
08cae2ec44
Revert "Pin Psalm version to an older one" 2021-02-02 22:08:01 +01:00
Lukas Reschke
f1d2dcdaa5 Pin Psalm version to an older one 
Ref https://github.com/vimeo/psalm/issues/5144

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-02-02 13:54:18 +00:00
Roeland Jago Douma
c96bb21ab9
Merge pull request #24903 from nextcloud/enh/psalm-ocp 
Add dedicated baseline for OCP
 2020-12-30 13:23:25 +01:00
Roeland Jago Douma
fe65f8facf
Add dedicated baseline for OCP 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-30 11:06:00 +01:00
Julius Härtl
c42385ef0f
Cleanup bundle files before checking the rebuild 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-29 12:20:32 +01:00
Julius Härtl
c7a320d880 jsunit: Run jsunit with chromium/puppeteer on github actions 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-29 08:42:27 +01:00
Morris Jobke
6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis 
Add Psalm Security Analysis
 2020-11-21 00:04:37 +01:00
Lukas Reschke
47ac8e0028
Add Psalm Taint Flow Analysis 
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/

Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2020-11-20 23:12:00 +01:00
Roeland Jago Douma
12f322d804
Also lint php8 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-20 16:49:09 +01:00
Joas Schilling
a524e83be0
Fix naming of jobs and steps 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-11-10 21:39:19 +01:00
Julius Härtl
2050517d44
Add github action for oci8 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-11-10 15:34:35 +01:00
John Molakvoæ
1e7a82d99e
Fix php lint action 2020-11-05 09:34:04 +01:00
Morris Jobke
bb05f0e4eb
Do not commit updated composer dependencies in psalm baseline update 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-10-30 10:48:01 +01:00
Morris Jobke
f18d9cd310
Update daily "update psalm baseline" job to composer psalm 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-10-29 09:58:25 +01:00
Morris Jobke
106c8d719c
Do not fail on changes to baseline.xml 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-10-13 21:55:37 +02:00
Christoph Wurst
081e9ac47f
Use own psalm instead of a global one 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-13 17:55:37 +02:00
John Molakvoæ (skjnldsv)
91e463ff00
Move to automated dependabot merging 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2020-09-07 14:45:53 +02:00
Morris Jobke
886466d510
Run psalm-baseline.xml update once a day 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-20 12:51:51 +02:00
Morris Jobke
458320e8d7
Revert "This is just to trigger the GitHub scheduled actions registration" 
This reverts commit 2e912990ff.
 2020-08-20 12:50:57 +02:00
Morris Jobke
2e912990ff
This is just to trigger the GitHub scheduled actions registration 
It is needed for #22314 and I will revert it right away afterwards.

Sorry for the trouble.

See the answer in https://stackoverflow.com/questions/59560214/github-action-works-on-push-but-not-scheduled
 2020-08-20 12:50:27 +02:00
Morris Jobke
ebc80dba78
Run update-psalm-baseline action every 5 minutes 
For debugging purposed due to a GitHub bug.

See #22325 

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-20 12:44:03 +02:00
Morris Jobke
27157051aa
Revert "This is just to trigger the GitHub scheduled actions registration" 2020-08-20 12:41:47 +02:00
Morris Jobke
f255f42991
This is just to trigger the GitHub scheduled actions 
It is needed for https://github.com/nextcloud/server/pull/22314 and I will revert it right away afterwards.

Sorry for the trouble.
 2020-08-20 12:40:42 +02:00
Morris Jobke
50784a7c51
Generate psalm-baseline.xml PR instead of requiring this from the PR author itself 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-20 12:34:29 +02:00
Morris Jobke
4db7829f43
Better psalm CI output 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-19 18:16:35 +02:00
Morris Jobke
42bb6cd7d7
Check only the baseline.xml and exclude the psalm.xml from the file check 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-18 13:01:10 +02:00
Morris Jobke
80056e081a
Add a check for fixes in the psalm baseline 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-18 13:01:05 +02:00
Daniel Kesselberg
7257793fc4
Hello psalm 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-08-18 08:58:19 +02:00
Daniel Kesselberg
08cb4b8172
Run cs:check a second time to show diff 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-07-15 15:35:58 +02:00
Daniel Kesselberg
f64b47c36a
Report php-cs-fixer errors to GitHub 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-07-13 16:04:31 +02:00
Christoph Wurst
9e6fcd585b
Show a hint for the php-cs fix when the check fails 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-14 22:11:41 +02:00
Christoph Wurst
c9980ed099
Add php-cs check action 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-14 17:44:08 +02:00
Gary Kim
907a27897a
Move Compile Handlebars CI to GitHub Actions 
Signed-off-by: Gary Kim <gary@garykim.dev>
 2020-02-23 12:13:48 +08:00
Roeland Jago Douma
df4ca949f5 Merge pull request #19384 from nextcloud/enh/actions/lint 
Lint on github actions
 2020-02-10 11:39:29 +01:00
Roeland Jago Douma
64665c98e1
Lint on github actions 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-02-10 09:32:45 +01:00
Roeland Jago Douma
ae75e17eff
Lets just use the fixup bot 
The action is slower plus we can use more actions this way ;)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-02-10 09:20:20 +01:00
Christoph Wurst
b267409d38
Add webpack-based js tests 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-02-07 16:56:35 +01:00
Roeland Jago Douma
582ab20e9d
Use checkout v2 for npm build action 
Saves checking out the whole tree.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-02-03 21:55:24 +01:00
Roeland Jago Douma
e639e11de3
Move npm build to github actions 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-02-03 09:42:23 +01:00
Roeland Jago Douma
31dfe01d96
Move away from fixupbot 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-12-06 11:46:10 +01:00