nextcloud

Commit Graph

Author	SHA1	Message	Date
tobiasKaminsky	bfb535b2b2	Add funding info Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>	3 years ago
Roeland Jago Douma	da652ded26	Move fixup check to action Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	3 years ago
Roeland Jago Douma	cc18213c98	Have psalm analysis directly on github Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	3 years ago
Roeland Jago Douma	08cae2ec44	Revert "Pin Psalm version to an older one"	3 years ago
Lukas Reschke	f1d2dcdaa5	Pin Psalm version to an older one Ref https://github.com/vimeo/psalm/issues/5144 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	3 years ago
Roeland Jago Douma	fe65f8facf	Add dedicated baseline for OCP Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	3 years ago
Julius Härtl	c42385ef0f	Cleanup bundle files before checking the rebuild Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	c7a320d880	jsunit: Run jsunit with chromium/puppeteer on github actions Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Lukas Reschke	47ac8e0028	Add Psalm Taint Flow Analysis This adds the Psalm Security Analysis, as described at https://psalm.dev/docs/security_analysis/ It also adds a plugin for adding input into AppFramework. The results can be viewed in the GitHub Security tab at https://github.com/nextcloud/server/security/code-scanning Q&A: Q: Why do you not use the shipped Psalm version? A: I do a lot of changes to the Psalm Taint behaviour. Using released versions is not gonna get us the results we want. Q: How do I improve false positives? A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/ Q: How do I add custom sources? A: https://psalm.dev/docs/security_analysis/custom_taint_sources/ Q: We should run this on apps! A: Yes. Q: What will change in Psalm? A: Quite some of the PHP core functions are not yet marked to propagate the taint. This leads to results where the taint flow is lost. That's something that I am currently working on. Q: Why is the plugin MIT licensed? A: Because its the first of its kind (based on GitHub Code Search) and I want other people to copy it if they want to. Security is for all :) Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	3 years ago
Roeland Jago Douma	12f322d804	Also lint php8 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	3 years ago
Joas Schilling	a524e83be0	Fix naming of jobs and steps Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Julius Härtl	2050517d44	Add github action for oci8 Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
John Molakvoæ	1e7a82d99e	Fix php lint action	3 years ago
Morris Jobke	bb05f0e4eb	Do not commit updated composer dependencies in psalm baseline update Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Morris Jobke	f18d9cd310	Update daily "update psalm baseline" job to composer psalm Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Morris Jobke	106c8d719c	Do not fail on changes to baseline.xml Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Christoph Wurst	081e9ac47f	Use own psalm instead of a global one Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
John Molakvoæ	28df9239bb	Delete dependabot.yml	3 years ago
John Molakvoæ (skjnldsv)	d939f2fa5a	Split target-branch between stablexx branches until it supports Arrays Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	3 years ago
John Molakvoæ (skjnldsv)	91e463ff00	Move to automated dependabot merging Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	3 years ago
Morris Jobke	886466d510	Run psalm-baseline.xml update once a day Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Morris Jobke	458320e8d7	Revert "This is just to trigger the GitHub scheduled actions registration" This reverts commit `2e912990ff`.	3 years ago
Morris Jobke	2e912990ff	This is just to trigger the GitHub scheduled actions registration It is needed for #22314 and I will revert it right away afterwards. Sorry for the trouble. See the answer in https://stackoverflow.com/questions/59560214/github-action-works-on-push-but-not-scheduled	3 years ago
Morris Jobke	ebc80dba78	Run update-psalm-baseline action every 5 minutes For debugging purposed due to a GitHub bug. See #22325 Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Morris Jobke	27157051aa	Revert "This is just to trigger the GitHub scheduled actions registration"	3 years ago
Morris Jobke	f255f42991	This is just to trigger the GitHub scheduled actions It is needed for https://github.com/nextcloud/server/pull/22314 and I will revert it right away afterwards. Sorry for the trouble.	3 years ago
Morris Jobke	50784a7c51	Generate psalm-baseline.xml PR instead of requiring this from the PR author itself Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Morris Jobke	4db7829f43	Better psalm CI output Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Morris Jobke	42bb6cd7d7	Check only the baseline.xml and exclude the psalm.xml from the file check Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Morris Jobke	80056e081a	Add a check for fixes in the psalm baseline Signed-off-by: Morris Jobke <hey@morrisjobke.de>	3 years ago
Daniel Kesselberg	7257793fc4	Hello psalm Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	3 years ago
Daniel Kesselberg	08cb4b8172	Run cs:check a second time to show diff Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	3 years ago
Daniel Kesselberg	f64b47c36a	Report php-cs-fixer errors to GitHub Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	3 years ago
Joas Schilling	7f92bd9d71	Delete FUNDING.yml	4 years ago
Christoph Wurst	9e6fcd585b	Show a hint for the php-cs fix when the check fails Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	c9980ed099	Add php-cs check action Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	f88ee3a556	We don't use IRC anymore Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Daniel Kesselberg	98a2e3b628	Add text about subscribing issues and sync introduction to feature request Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago
Daniel Kesselberg	df0131539a	Change Portalm to Portal Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago
Joas Schilling	190eabf220	Add a link to the portal directly Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Daniel Kesselberg	feb642d532	Let people know that the logs not optional Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago
Daniel Kesselberg	3e9bd97ce4	Add short explanation how to use the organization search to find issues with all nextcloud repos. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago
Daniel Kesselberg	aaa1506a47	Add guidelines for submitting issues to template Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago
Gary Kim	907a27897a	Move Compile Handlebars CI to GitHub Actions Signed-off-by: Gary Kim <gary@garykim.dev>	4 years ago
Roeland Jago Douma	64665c98e1	Lint on github actions Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	4 years ago
Roeland Jago Douma	ae75e17eff	Lets just use the fixup bot The action is slower plus we can use more actions this way ;) Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	4 years ago
Christoph Wurst	b267409d38	Add webpack-based js tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Roeland Jago Douma	582ab20e9d	Use checkout v2 for npm build action Saves checking out the whole tree. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	4 years ago
Roeland Jago Douma	e639e11de3	Move npm build to github actions Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	4 years ago
Daniel Kesselberg	fc027ca801	Use proper ellipsis and replace sparkle with rocket Thanks to nextcloud/calendar Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	4 years ago

1 2

86 Commits (68a402d889536450a852c38ee39bad7b83fa19cf)