diff options
author | Joas Schilling <coding@schilljs.com> | 2024-06-07 15:40:12 +0200 |
---|---|---|
committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2024-06-08 14:44:35 +0200 |
commit | 54edf993d6b240ca6b592734fc56eda217723ece (patch) | |
tree | 70ad33610647b63f66874f6af516e70f9fbc85b2 /.github | |
parent | 49c42c36aedf69ea8393c6cbc4387e04adc84761 (diff) | |
download | nextcloud-server-54edf993d6b240ca6b592734fc56eda217723ece.tar.gz nextcloud-server-54edf993d6b240ca6b592734fc56eda217723ece.zip |
fix(actions): Harden workflows when using variables in strings
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to '.github')
22 files changed, 78 insertions, 87 deletions
diff --git a/.github/workflows/block-merge-eol.yml b/.github/workflows/block-merge-eol.yml index 2c6f35ac989..292494c72cd 100644 --- a/.github/workflows/block-merge-eol.yml +++ b/.github/workflows/block-merge-eol.yml @@ -26,15 +26,15 @@ jobs: runs-on: ubuntu-latest-low steps: - - name: Download updater config - run: curl https://raw.githubusercontent.com/nextcloud/updater_server/production/config/config.php --output config.php - - name: Set server major version environment run: | # retrieve version number from branch reference server_major=$(echo "${{ github.base_ref }}" | sed -En 's/stable//p') echo "server_major=$server_major" >> $GITHUB_ENV + echo "current_month=$(date +%Y-%m)" >> $GITHUB_ENV - name: Checking if ${{ env.server_major }} is EOL run: | - php -r 'echo json_encode(require_once "config.php");' | jq --arg version "${{ env.server_major }}" '.stable[$version]["100"].eol // .beta[$version]["100"].eol // "NotEOL"' | grep -q "NotEOL" + curl -s https://raw.githubusercontent.com/nextcloud-releases/updater_server/production/config/major_versions.json \ + | jq '.["${{ env.server_major }}"]["eol"] // "9999-99" | . >= "${{ env.current_month }}"' \ + | grep -q true diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml index 3c22b5fb98b..d052668b310 100644 --- a/.github/workflows/block-merge-freeze.yml +++ b/.github/workflows/block-merge-freeze.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Download version.php from ${{ github.base_ref }} - run: curl https://raw.githubusercontent.com/nextcloud/server/${{ github.base_ref }}/version.php --output version.php + run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ github.base_ref }}/version.php' --output version.php - name: Run check run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC' diff --git a/.github/workflows/block-outdated-3rdparty.yml b/.github/workflows/block-outdated-3rdparty.yml index eb4f6466b8f..dba3f5f3e7a 100644 --- a/.github/workflows/block-outdated-3rdparty.yml +++ b/.github/workflows/block-outdated-3rdparty.yml @@ -46,8 +46,8 @@ jobs: - name: Compare if 3rdparty commits are different run: | echo '3rdparty/ seems to not point to the last commit of the dedicated branch:' - echo "Branch has: ${{ steps.actual.outputs.commit }}" - echo "${{ github.base_ref }} has: ${{ steps.target.outputs.commit }}" + echo 'Branch has: ${{ steps.actual.outputs.commit }}' + echo '${{ github.base_ref }} has: ${{ steps.target.outputs.commit }}' - name: Fail if 3rdparty commits are different if: ${{ steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }} diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index adc9c9d60ff..6156d900905 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -37,7 +37,7 @@ jobs: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} - reactions: "+1" + reactions: '+1' - name: Parse command uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2 @@ -77,8 +77,8 @@ jobs: - name: Setup git run: | - git config --local user.email "nextcloud-command@users.noreply.github.com" - git config --local user.name "nextcloud-command" + git config --local user.email 'nextcloud-command@users.noreply.github.com' + git config --local user.name 'nextcloud-command' - name: Read package.json node and npm engines version uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 @@ -94,13 +94,13 @@ jobs: cache: npm - name: Set up npm ${{ steps.package-engines-versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.package-engines-versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.package-engines-versions.outputs.npmVersion }}' - name: Rebase to ${{ needs.init.outputs.base_ref }} if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} run: | - git fetch origin ${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }} - git rebase origin/${{ needs.init.outputs.base_ref }} + git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}' + git rebase 'origin/${{ needs.init.outputs.base_ref }}' - name: Install dependencies & build env: @@ -113,30 +113,30 @@ jobs: - name: Commit default if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }} run: | - git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} + git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' git commit --signoff -m 'chore(assets): Recompile assets' - name: Commit fixup if: ${{ contains(needs.init.outputs.arg1, 'fixup') }} run: | - git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} + git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' git commit --fixup=HEAD --signoff - name: Commit amend if: ${{ contains(needs.init.outputs.arg1, 'amend') }} run: | - git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} + git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' git commit --amend --no-edit --signoff # Remove any [skip ci] from the amended commit git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')" - name: Push normally if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }} - run: git push origin ${{ needs.init.outputs.head_ref }} + run: git push origin '${{ needs.init.outputs.head_ref }}' - name: Force push if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }} - run: git push --force origin ${{ needs.init.outputs.head_ref }} + run: git push --force origin '${{ needs.init.outputs.head_ref }}' - name: Add reaction on failure uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 diff --git a/.github/workflows/command-pull-3rdparty.yml b/.github/workflows/command-pull-3rdparty.yml index d73fa27444a..551518896e8 100644 --- a/.github/workflows/command-pull-3rdparty.yml +++ b/.github/workflows/command-pull-3rdparty.yml @@ -25,7 +25,7 @@ jobs: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} - reactions: "+1" + reactions: '+1' - name: Init branch uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1 @@ -40,16 +40,16 @@ jobs: - name: Setup git run: | - git config --local user.email "nextcloud-command@users.noreply.github.com" - git config --local user.name "nextcloud-command" + git config --local user.email 'nextcloud-command@users.noreply.github.com' + git config --local user.name 'nextcloud-command' - name: Pull 3rdparty - run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin ${{ github.event.issue.pull_request.base.ref }}; fi' + run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ github.event.issue.pull_request.base.ref }}'"'"'; fi' - name: Commit and push changes run: | git add 3rdparty - git commit -s -m "Update submodule 3rdparty to latest ${{ github.event.issue.pull_request.base.ref }}" + git commit -s -m 'Update submodule 3rdparty to latest ${{ github.event.issue.pull_request.base.ref }}' git push - name: Add reaction on failure @@ -59,4 +59,4 @@ jobs: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} - reactions: "-1" + reactions: '-1' diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index 7b4e5134575..b1782cc2d1f 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -17,6 +17,7 @@ concurrency: env: # Adjust APP_NAME if your repository name is different APP_NAME: ${{ github.event.repository.name }} + # Server requires head_ref instead of base_ref, as we want to test the PR branch BRANCH: ${{ github.head_ref || github.ref_name }} @@ -52,7 +53,7 @@ jobs: id: versions with: fallbackNode: "^20" - fallbackNpm: "^9" + fallbackNpm: "^10" - name: Set up node ${{ steps.versions.outputs.nodeVersion }} uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 @@ -60,7 +61,7 @@ jobs: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Install node dependencies & build app run: | @@ -85,9 +86,9 @@ jobs: matrix: # Run multiple copies of the current job in parallel # Please increase the number or runners as your tests suite grows (0 based index for e2e tests) - containers: ["component", 0, 1, 2, 3, 4, 5] + containers: ["component", '0', '1', '2', '3', '4', '5'] # Hack as strategy.job-total includes the component and GitHub does not allow math expressions - # Always aling this number with the total of e2e runners (max. index + 1) + # Always align this number with the total of e2e runners (max. index + 1) total-containers: [6] name: runner ${{ matrix.containers }} @@ -106,7 +107,7 @@ jobs: node-version: ${{ needs.init.outputs.nodeVersion }} - name: Set up npm ${{ needs.init.outputs.npmVersion }} - run: npm i -g npm@"${{ needs.init.outputs.npmVersion }}" + run: npm i -g 'npm@${{ needs.init.outputs.npmVersion }}' - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests uses: cypress-io/github-action@f88a151c986cab2e339cdbede6a5c4468bb62c17 # v6.7.0 diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index b5a8f0b8ccd..0d6b2c26d15 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -31,7 +31,7 @@ jobs: pull-requests: write steps: - # Github actions bot approve + # GitHub actions bot approve - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/files-external-s3.yml b/.github/workflows/files-external-s3.yml index 2928df49e63..c75f0f5a36d 100644 --- a/.github/workflows/files-external-s3.yml +++ b/.github/workflows/files-external-s3.yml @@ -56,7 +56,7 @@ jobs: MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ= MINIO_DEFAULT_BUCKETS: nextcloud ports: - - "9000:9000" + - '9000:9000' steps: - name: Checkout server diff --git a/.github/workflows/files-external-sftp.yml b/.github/workflows/files-external-sftp.yml index 954b5c5d1b9..c75fb7a73a4 100644 --- a/.github/workflows/files-external-sftp.yml +++ b/.github/workflows/files-external-sftp.yml @@ -61,7 +61,7 @@ jobs: run: | sudo mkdir /tmp/sftp sudo chown -R 0777 /tmp/sftp - if [[ "${{ matrix.sftpd }}" == 'openssh' ]]; then docker run -p 2222:22 --name sftp -d -v /tmp/sftp:/home/test atmoz/sftp "test:test:::data"; fi + if [[ '${{ matrix.sftpd }}' == 'openssh' ]]; then docker run -p 2222:22 --name sftp -d -v /tmp/sftp:/home/test atmoz/sftp 'test:test:::data'; fi - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d #v2.25.2 diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index 0f490cba433..83ad8604b65 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -8,8 +8,7 @@ name: Lint eslint -on: - pull_request: +on: pull_request permissions: contents: read @@ -61,15 +60,15 @@ jobs: id: versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Install dependencies env: diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index b7ea8319baa..709b6a4da59 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -50,10 +50,11 @@ jobs: - name: Checkout uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - name: Set up php + - name: Set up php8.1 uses: shivammathur/setup-php@c665c7a15b5295c2488ac8a87af9cb806cd72198 # v2 with: php-version: 8.1 + extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development env: diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 228c02a0d59..97fd257defb 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -8,8 +8,7 @@ name: Lint php -on: - pull_request: +on: pull_request permissions: contents: read @@ -21,10 +20,8 @@ concurrency: jobs: changes: runs-on: ubuntu-latest-low - outputs: src: ${{ steps.changes.outputs.src}} - steps: - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: changes @@ -50,7 +47,7 @@ jobs: strategy: matrix: - php-versions: [ "8.1", "8.2", "8.3" ] + php-versions: [ '8.1', '8.2', '8.3' ] name: php-lint diff --git a/.github/workflows/node-test.yml b/.github/workflows/node-test.yml index 2a982ed9867..c6e43b2645a 100644 --- a/.github/workflows/node-test.yml +++ b/.github/workflows/node-test.yml @@ -88,7 +88,7 @@ jobs: node-version: ${{ needs.versions.outputs.nodeVersion }} - name: Set up npm ${{ needs.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ needs.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}' - name: Install dependencies & build run: | @@ -122,7 +122,7 @@ jobs: node-version: ${{ needs.versions.outputs.nodeVersion }} - name: Set up npm ${{ needs.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ needs.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}' - name: Install dependencies run: npm ci @@ -150,7 +150,7 @@ jobs: node-version: ${{ needs.versions.outputs.nodeVersion }} - name: Set up npm ${{ needs.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ needs.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}' - name: Install dependencies run: npm ci diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index f948b11bdfb..0cc517b7273 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -8,8 +8,7 @@ name: Node -on: - pull_request: +on: pull_request permissions: contents: read @@ -59,15 +58,15 @@ jobs: id: versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Install dependencies & build env: diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index a7843383dc8..9cc4dcc3dfd 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -21,7 +21,7 @@ jobs: strategy: fail-fast: false matrix: - branches: ["main", "master", "stable29", "stable28", "stable27"] + branches: ['main', 'master', 'stable29', 'stable28', 'stable27'] name: npm-audit-fix-${{ matrix.branches }} @@ -36,25 +36,24 @@ jobs: id: versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Fix npm audit - run: | - npm audit fix + id: npm-audit + uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0 - name: Run npm ci and npm run build if: always() env: CYPRESS_INSTALL_BINARY: 0 - PUPPETEER_SKIP_DOWNLOAD: true run: | npm ci npm run build --if-present @@ -64,14 +63,13 @@ jobs: uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: token: ${{ secrets.COMMAND_BOT_PAT }} - commit-message: "fix(deps): fix npm audit" + commit-message: 'fix(deps): Fix npm audit' committer: GitHub <noreply@github.com> author: nextcloud-command <nextcloud-command@users.noreply.github.com> signoff: true branch: automated/noid/${{ matrix.branches }}-fix-npm-audit - title: "[${{ matrix.branches }}] Fix npm audit" - body: | - Auto-generated fix of npm audit + title: '[${{ matrix.branches }}] Fix npm audit' + body: ${{ steps.npm-audit.outputs.markdown }} labels: | dependencies 3. to review diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml index 999034b78d2..12b256ee115 100644 --- a/.github/workflows/openapi.yml +++ b/.github/workflows/openapi.yml @@ -34,10 +34,11 @@ jobs: php-version: '8.2' extensions: xml coverage: none + ini-file: development env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Composer install + - name: Set up dependencies run: composer i - name: OpenAPI checker diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml index 3f0895096b1..3d2049c9cba 100644 --- a/.github/workflows/performance.yml +++ b/.github/workflows/performance.yml @@ -62,9 +62,9 @@ jobs: - name: Apply PR run: | - git remote add pr ${{ github.event.pull_request.head.repo.clone_url }} - git fetch pr ${{ github.event.pull_request.head.ref }} - git checkout -b pr/${{ github.event.pull_request.head.ref }} + git remote add pr '${{ github.event.pull_request.head.repo.clone_url }}' + git fetch pr '${{ github.event.pull_request.head.ref }}' + git checkout -b 'pr/${{ github.event.pull_request.head.ref }}' git submodule update ./occ upgrade diff --git a/.github/workflows/phpunit-mariadb.yml b/.github/workflows/phpunit-mariadb.yml index 6c80c299aa1..b9c66256941 100644 --- a/.github/workflows/phpunit-mariadb.yml +++ b/.github/workflows/phpunit-mariadb.yml @@ -105,7 +105,7 @@ jobs: - name: Enable ONLY_FULL_GROUP_BY MariaDB option run: | echo "SET GLOBAL sql_mode=(SELECT CONCAT(@@sql_mode,',ONLY_FULL_GROUP_BY'));" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword - echo "SELECT @@sql_mode;" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword + echo 'SELECT @@sql_mode;' | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword - name: Set up Nextcloud env: @@ -127,11 +127,6 @@ jobs: files: ./clover.db.xml flags: phpunit-mariadb - - name: Print logs - if: always() - run: | - cat data/nextcloud.log - summary: permissions: contents: none diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml index be0d028f95c..7b68226f89d 100644 --- a/.github/workflows/pr-feedback.yml +++ b/.github/workflows/pr-feedback.yml @@ -35,7 +35,7 @@ jobs: with: feedback-message: | Hello there, - Thank you so much for taking the time and effort to create a pull request to our Nextcloud project. + Thank you so much for taking the time and effort to create a pull request to our Nextcloud project. We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. @@ -45,6 +45,6 @@ jobs: (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).) days-before-feedback: 14 - start-date: "2024-04-30" - exempt-authors: "${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }},nextcloud-command,nextcloud-android-bot" + start-date: '2024-04-30' + exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }},nextcloud-command,nextcloud-android-bot' exempt-bots: true diff --git a/.github/workflows/update-cacert-bundle.yml b/.github/workflows/update-cacert-bundle.yml index a0894708792..c6c2c2233e3 100644 --- a/.github/workflows/update-cacert-bundle.yml +++ b/.github/workflows/update-cacert-bundle.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: false matrix: - branches: ["master", "stable29", "stable28", "stable27", "stable26", "stable25", "stable24", "stable23", "stable22"] + branches: ['master', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22'] name: update-ca-certificate-bundle-${{ matrix.branches }} @@ -31,12 +31,12 @@ jobs: uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e with: token: ${{ secrets.COMMAND_BOT_PAT }} - commit-message: "fix(security): Update CA certificate bundle" + commit-message: 'fix(security): Update CA certificate bundle' committer: GitHub <noreply@github.com> author: nextcloud-command <nextcloud-command@users.noreply.github.com> signoff: true - branch: automated/noid/${{ matrix.branches }}-update-ca-cert-bundle - title: "[${{ matrix.branches }}] fix(security): Update CA certificate bundle" + branch: 'automated/noid/${{ matrix.branches }}-update-ca-cert-bundle' + title: '[${{ matrix.branches }}] fix(security): Update CA certificate bundle' body: | Auto-generated update of CA certificate bundle from [https://curl.se/docs/caextract.html](https://curl.se/docs/caextract.html) labels: | diff --git a/.github/workflows/update-code-signing-crl.yml b/.github/workflows/update-code-signing-crl.yml index b8ad4ff32a5..a49151be7dd 100644 --- a/.github/workflows/update-code-signing-crl.yml +++ b/.github/workflows/update-code-signing-crl.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: false matrix: - branches: ["master", "stable28", "stable27", "stable26", "stable25", "stable24", "stable23", "stable22"] + branches: ['master', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22'] name: update-code-signing-crl-${{ matrix.branches }} @@ -34,12 +34,12 @@ jobs: uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e with: token: ${{ secrets.COMMAND_BOT_PAT }} - commit-message: "fix(security): Update code signing revocation list" + commit-message: 'fix(security): Update code signing revocation list' committer: GitHub <noreply@github.com> author: nextcloud-command <nextcloud-command@users.noreply.github.com> signoff: true - branch: automated/noid/${{ matrix.branches }}-update-code-signing-crl - title: "[${{ matrix.branches }}] fix(security): Update code signing revocation list" + branch: 'automated/noid/${{ matrix.branches }}-update-code-signing-crl' + title: '[${{ matrix.branches }}] fix(security): Update code signing revocation list' body: | Auto-generated update of code signing revocation list from [Appstore](https://github.com/nextcloud/appstore/commits/master/nextcloudappstore/certificate/nextcloud.crl) labels: | diff --git a/.github/workflows/update-psalm-baseline.yml b/.github/workflows/update-psalm-baseline.yml index d4b1761dea3..ae66962b369 100644 --- a/.github/workflows/update-psalm-baseline.yml +++ b/.github/workflows/update-psalm-baseline.yml @@ -16,7 +16,7 @@ jobs: strategy: fail-fast: false matrix: - branches: ["master", "stable29", "stable28", "stable27"] + branches: ['master', 'stable29', 'stable28', 'stable27'] name: update-psalm-baseline-${{ matrix.branches }} @@ -55,12 +55,12 @@ jobs: uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e with: token: ${{ secrets.COMMAND_BOT_PAT }} - commit-message: "chore(tests): Update psalm baseline" + commit-message: 'chore(tests): Update psalm baseline' committer: GitHub <noreply@github.com> author: nextcloud-command <nextcloud-command@users.noreply.github.com> signoff: true - branch: automated/noid/${{ matrix.branches }}-update-psalm-baseline - title: "[${{ matrix.branches }}] Update psalm-baseline.xml" + branch: 'automated/noid/${{ matrix.branches }}-update-psalm-baseline' + title: '[${{ matrix.branches }}] Update psalm-baseline.xml' body: | Auto-generated update psalm-baseline.xml with fixed psalm warnings labels: | |