nextcloud/.github/workflows/update-cacert-bundle.yml

name: Update CA certificate bundle

on:
  workflow_dispatch:
  schedule:
    - cron: "5 2 * * *"

jobs:
  update-ca-certificate-bundle:
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        branches: ["master", "stable27", "stable26", "stable25", "stable24", "stable23", "stable22"]

    name: update-ca-certificate-bundle-${{ matrix.branches }}

    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
        with:
          ref: ${{ matrix.branches }}
          submodules: true

      - name: Download CA certificate bundle from curl
        run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: "fix(security): Update CA certificate bundle"
          committer: GitHub <noreply@github.com>
          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
          signoff: true
          branch: automated/noid/${{ matrix.branches }}-update-ca-cert-bundle
          title: "[${{ matrix.branches }}] fix(security): Update CA certificate bundle"
          body: |
            Auto-generated update of CA certificate bundle from [https://curl.se/docs/caextract.html](https://curl.se/docs/caextract.html)            
          labels: |
            dependencies
            3. to review