Roeland Jago Douma
fe65f8facf
Add dedicated baseline for OCP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
3 yıl önce
Julius Härtl
c42385ef0f
Cleanup bundle files before checking the rebuild
Signed-off-by: Julius Härtl <jus@bitgrid.net>
3 yıl önce
Julius Härtl
c7a320d880
jsunit: Run jsunit with chromium/puppeteer on github actions
Signed-off-by: Julius Härtl <jus@bitgrid.net>
3 yıl önce
Lukas Reschke
47ac8e0028
Add Psalm Taint Flow Analysis
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
3 yıl önce
Roeland Jago Douma
12f322d804
Also lint php8
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
3 yıl önce
Joas Schilling
a524e83be0
Fix naming of jobs and steps
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 yıl önce
Julius Härtl
2050517d44
Add github action for oci8
Signed-off-by: Julius Härtl <jus@bitgrid.net>
3 yıl önce
John Molakvoæ
1e7a82d99e
Fix php lint action
3 yıl önce
Morris Jobke
bb05f0e4eb
Do not commit updated composer dependencies in psalm baseline update
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Morris Jobke
f18d9cd310
Update daily "update psalm baseline" job to composer psalm
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Morris Jobke
106c8d719c
Do not fail on changes to baseline.xml
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Christoph Wurst
081e9ac47f
Use own psalm instead of a global one
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
3 yıl önce
John Molakvoæ
28df9239bb
Delete dependabot.yml
3 yıl önce
John Molakvoæ (skjnldsv)
d939f2fa5a
Split target-branch between stablexx branches until it supports Arrays
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
3 yıl önce
John Molakvoæ (skjnldsv)
91e463ff00
Move to automated dependabot merging
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
3 yıl önce
Morris Jobke
886466d510
Run psalm-baseline.xml update once a day
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Morris Jobke
458320e8d7
Revert "This is just to trigger the GitHub scheduled actions registration"
This reverts commit 2e912990ff
.
3 yıl önce
Morris Jobke
2e912990ff
This is just to trigger the GitHub scheduled actions registration
It is needed for #22314 and I will revert it right away afterwards.
Sorry for the trouble.
See the answer in https://stackoverflow.com/questions/59560214/github-action-works-on-push-but-not-scheduled
3 yıl önce
Morris Jobke
ebc80dba78
Run update-psalm-baseline action every 5 minutes
For debugging purposed due to a GitHub bug.
See #22325
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Morris Jobke
27157051aa
Revert "This is just to trigger the GitHub scheduled actions registration"
3 yıl önce
Morris Jobke
f255f42991
This is just to trigger the GitHub scheduled actions
It is needed for https://github.com/nextcloud/server/pull/22314 and I will revert it right away afterwards.
Sorry for the trouble.
3 yıl önce
Morris Jobke
50784a7c51
Generate psalm-baseline.xml PR instead of requiring this from the PR author itself
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Morris Jobke
4db7829f43
Better psalm CI output
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Morris Jobke
42bb6cd7d7
Check only the baseline.xml and exclude the psalm.xml from the file check
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Morris Jobke
80056e081a
Add a check for fixes in the psalm baseline
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
3 yıl önce
Daniel Kesselberg
7257793fc4
Hello psalm
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Daniel Kesselberg
08cb4b8172
Run cs:check a second time to show diff
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Daniel Kesselberg
f64b47c36a
Report php-cs-fixer errors to GitHub
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Joas Schilling
7f92bd9d71
Delete FUNDING.yml
4 yıl önce
Christoph Wurst
9e6fcd585b
Show a hint for the php-cs fix when the check fails
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 yıl önce
Christoph Wurst
c9980ed099
Add php-cs check action
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 yıl önce
Christoph Wurst
f88ee3a556
We don't use IRC anymore
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 yıl önce
Daniel Kesselberg
98a2e3b628
Add text about subscribing issues and sync introduction to feature request
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Daniel Kesselberg
df0131539a
Change Portalm to Portal
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Joas Schilling
190eabf220
Add a link to the portal directly
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 yıl önce
Daniel Kesselberg
feb642d532
Let people know that the logs not optional
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Daniel Kesselberg
3e9bd97ce4
Add short explanation how to use the organization search to find issues with all nextcloud repos.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Daniel Kesselberg
aaa1506a47
Add guidelines for submitting issues to template
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Gary Kim
907a27897a
Move Compile Handlebars CI to GitHub Actions
Signed-off-by: Gary Kim <gary@garykim.dev>
4 yıl önce
Roeland Jago Douma
64665c98e1
Lint on github actions
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
4 yıl önce
Roeland Jago Douma
ae75e17eff
Lets just use the fixup bot
The action is slower plus we can use more actions this way ;)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
4 yıl önce
Christoph Wurst
b267409d38
Add webpack-based js tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
4 yıl önce
Roeland Jago Douma
582ab20e9d
Use checkout v2 for npm build action
Saves checking out the whole tree.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
4 yıl önce
Roeland Jago Douma
e639e11de3
Move npm build to github actions
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
4 yıl önce
Daniel Kesselberg
fc027ca801
Use proper ellipsis and replace sparkle with rocket
Thanks to nextcloud/calendar
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Daniel Kesselberg
06c20a5138
Add link to help.nextcloud.com and bugbounty
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
Roeland Jago Douma
31dfe01d96
Move away from fixupbot
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
4 yıl önce
Rillian Grant
c879da4286
Minor typo
Colon outside of italics in the bug report issue template when in every similar instance of this in this file it is inside.
Signed-off-by: Rillian Grant <rillian.grant@hotmail.com>
4 yıl önce
Daniel Kesselberg
63062625dd
security@nextcloud.com is not being monitored and mails are being dropped.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
4 yıl önce
kesselb
577876905a
Update .github/ISSUE_TEMPLATE/Feature_request.md
Co-Authored-By: Gary Kim <gary@garykim.dev>
4 yıl önce