aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndy Scherzinger <info@andy-scherzinger.de>2025-05-22 18:56:42 +0200
committerAndy Scherzinger <info@andy-scherzinger.de>2025-05-22 19:23:31 +0200
commit3aa1706c64f1ea48592af24f7f320373761e8c71 (patch)
tree58cd4c1d99e5d00bac73f9583ff4f4bb62ad6e01
parentc85f6a6f4f30066f5c1918f92ac182222e25d997 (diff)
downloadnextcloud-server-ci/noid/ghActionSync.tar.gz
nextcloud-server-ci/noid/ghActionSync.zip
ci(gh): Update actions based on latest templatesci/noid/ghActionSync
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
-rw-r--r--.github/workflows/block-unconventional-commits.yml2
-rw-r--r--.github/workflows/command-compile.yml6
-rw-r--r--.github/workflows/cypress.yml28
-rw-r--r--.github/workflows/dependabot-approve-merge.yml4
-rw-r--r--.github/workflows/files-external-ftp.yml2
-rw-r--r--.github/workflows/files-external-s3.yml4
-rw-r--r--.github/workflows/files-external-sftp.yml2
-rw-r--r--.github/workflows/files-external-smb.yml2
-rw-r--r--.github/workflows/files-external-webdav.yml2
-rw-r--r--.github/workflows/files-external.yml2
-rw-r--r--.github/workflows/lint-eslint.yml7
-rw-r--r--.github/workflows/lint-php-cs.yml2
-rw-r--r--.github/workflows/lint-php.yml4
-rw-r--r--.github/workflows/lint-stylelint.yml4
-rw-r--r--.github/workflows/node-test.yml13
-rw-r--r--.github/workflows/node.yml7
-rw-r--r--.github/workflows/npm-audit-fix.yml18
-rw-r--r--.github/workflows/object-storage-azure.yml2
-rw-r--r--.github/workflows/object-storage-s3.yml2
-rw-r--r--.github/workflows/object-storage-swift.yml2
-rw-r--r--.github/workflows/openapi.yml4
-rw-r--r--.github/workflows/phpunit-mariadb.yml8
-rw-r--r--.github/workflows/phpunit-memcached.yml2
-rw-r--r--.github/workflows/phpunit-mysql-sharding.yml2
-rw-r--r--.github/workflows/phpunit-mysql.yml10
-rw-r--r--.github/workflows/phpunit-nodb.yml2
-rw-r--r--.github/workflows/phpunit-oci.yml8
-rw-r--r--.github/workflows/phpunit-pgsql.yml8
-rw-r--r--.github/workflows/phpunit-sqlite.yml8
-rw-r--r--.github/workflows/pr-feedback.yml9
-rw-r--r--.github/workflows/reuse.yml15
31 files changed, 131 insertions, 60 deletions
diff --git a/.github/workflows/block-unconventional-commits.yml b/.github/workflows/block-unconventional-commits.yml
index b4239109cd0..6bf1a79c941 100644
--- a/.github/workflows/block-unconventional-commits.yml
+++ b/.github/workflows/block-unconventional-commits.yml
@@ -28,6 +28,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0
with:
diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml
index 3308491be3f..d5ecf01af61 100644
--- a/.github/workflows/command-compile.yml
+++ b/.github/workflows/command-compile.yml
@@ -11,6 +11,9 @@ on:
issue_comment:
types: [created]
+permissions:
+ contents: read
+
jobs:
init:
runs-on: ubuntu-latest
@@ -102,6 +105,7 @@ jobs:
- name: Checkout ${{ needs.init.outputs.head_ref }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ # Needed to allow force push later
persist-credentials: true
token: ${{ secrets.COMMAND_BOT_PAT }}
fetch-depth: 0
@@ -120,7 +124,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
cache: npm
diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
index 117b5a37228..fa469a783e9 100644
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -18,9 +18,16 @@ env:
# Adjust APP_NAME if your repository name is different
APP_NAME: ${{ github.event.repository.name }}
- # Server requires head_ref instead of base_ref, as we want to test the PR branch
+ # This represents the server branch to checkout.
+ # Usually it's the base branch of the PR, but for pushes it's the branch itself.
+ # e.g. 'main', 'stable27' or 'feature/my-feature'
+ # n.b. server will use head_ref, as we want to test the PR branch.
BRANCH: ${{ github.head_ref || github.ref_name }}
+
+permissions:
+ contents: read
+
jobs:
init:
runs-on: ubuntu-latest
@@ -43,6 +50,7 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
# We need to checkout submodules for 3rdparty
submodules: true
@@ -64,7 +72,7 @@ jobs:
fallbackNpm: "^10"
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
@@ -80,7 +88,7 @@ jobs:
run: npm run cypress:version
- name: Save context
- uses: buildjet/cache/save@v4
+ uses: buildjet/cache/save@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
with:
key: cypress-context-${{ github.run_id }}
path: ./
@@ -94,7 +102,7 @@ jobs:
matrix:
# Run multiple copies of the current job in parallel
# Please increase the number or runners as your tests suite grows (0 based index for e2e tests)
- containers: ["component", '0', '1', '2', '3', '4', '5', '6', '7']
+ containers: ['component', '0', '1', '2', '3', '4', '5', '6', '7']
# Hack as strategy.job-total includes the component and GitHub does not allow math expressions
# Always align this number with the total of e2e runners (max. index + 1)
total-containers: [8]
@@ -103,14 +111,14 @@ jobs:
steps:
- name: Restore context
- uses: buildjet/cache/restore@v4
+ uses: buildjet/cache/restore@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
with:
fail-on-cache-miss: true
key: cypress-context-${{ github.run_id }}
path: ./
- name: Set up node ${{ needs.init.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ needs.init.outputs.nodeVersion }}
@@ -142,8 +150,8 @@ jobs:
SPLIT: ${{ matrix.total-containers }}
SPLIT_INDEX: ${{ matrix.containers == 'component' && 0 || matrix.containers }}
- - name: Upload snapshots and videos
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+ - name: Upload snapshots
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: snapshots_videos_${{ matrix.containers }}
@@ -156,7 +164,7 @@ jobs:
run: docker logs nextcloud-cypress-tests_${{ env.APP_NAME }} > nextcloud.log
- name: Upload NC logs
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: failure() && matrix.containers != 'component'
with:
name: nc_logs_${{ matrix.containers }}
@@ -167,7 +175,7 @@ jobs:
run: docker exec nextcloud-cypress-tests_${{ env.APP_NAME }} tar -cvjf - data > data.tar
- name: Upload data dir archive
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: failure() && matrix.containers != 'component'
with:
name: nc_data_${{ matrix.containers }}
diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml
index efe8bfe37f7..ed902d92807 100644
--- a/.github/workflows/dependabot-approve-merge.yml
+++ b/.github/workflows/dependabot-approve-merge.yml
@@ -9,7 +9,7 @@
name: Dependabot
on:
- pull_request_target:
+ pull_request_target: # zizmor: ignore[dangerous-triggers]
branches:
- main
- master
@@ -24,7 +24,7 @@ concurrency:
jobs:
auto-approve-merge:
- if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
+ if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
runs-on: ubuntu-latest-low
permissions:
# for hmarr/auto-approve-action to approve PRs
diff --git a/.github/workflows/files-external-ftp.yml b/.github/workflows/files-external-ftp.yml
index 43bbacac7e1..f99a41b457c 100644
--- a/.github/workflows/files-external-ftp.yml
+++ b/.github/workflows/files-external-ftp.yml
@@ -100,7 +100,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-ftp
diff --git a/.github/workflows/files-external-s3.yml b/.github/workflows/files-external-s3.yml
index 890a47569c7..ecf23b73023 100644
--- a/.github/workflows/files-external-s3.yml
+++ b/.github/workflows/files-external-s3.yml
@@ -98,7 +98,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-s3
@@ -165,7 +165,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-s3
diff --git a/.github/workflows/files-external-sftp.yml b/.github/workflows/files-external-sftp.yml
index 3c18c2a01f2..dd7a5871a97 100644
--- a/.github/workflows/files-external-sftp.yml
+++ b/.github/workflows/files-external-sftp.yml
@@ -89,7 +89,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-sftp
diff --git a/.github/workflows/files-external-smb.yml b/.github/workflows/files-external-smb.yml
index 9b33fd4e54a..23b20782126 100644
--- a/.github/workflows/files-external-smb.yml
+++ b/.github/workflows/files-external-smb.yml
@@ -94,7 +94,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v4.1.1
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-smb
diff --git a/.github/workflows/files-external-webdav.yml b/.github/workflows/files-external-webdav.yml
index d2e1a2a9a0a..657139db5e9 100644
--- a/.github/workflows/files-external-webdav.yml
+++ b/.github/workflows/files-external-webdav.yml
@@ -91,7 +91,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v4.1.1
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-webdav
diff --git a/.github/workflows/files-external.yml b/.github/workflows/files-external.yml
index 123e281e98e..8461cd99ab6 100644
--- a/.github/workflows/files-external.yml
+++ b/.github/workflows/files-external.yml
@@ -79,7 +79,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-generic
diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml
index 1442b995f37..43e964b5aaf 100644
--- a/.github/workflows/lint-eslint.yml
+++ b/.github/workflows/lint-eslint.yml
@@ -20,6 +20,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
+ permissions:
+ contents: read
+ pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src}}
@@ -54,6 +57,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -63,7 +68,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v3
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml
index 003feb52ef3..9d6858b16a6 100644
--- a/.github/workflows/lint-php-cs.yml
+++ b/.github/workflows/lint-php-cs.yml
@@ -51,7 +51,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up php8.1
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+ uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: 8.1
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 2f9b7266155..a29db2af4e2 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -54,9 +54,11 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Set up php ${{ matrix.php-versions }}
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+ uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
coverage: none
diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml
index e7324f3708a..22c0f445801 100644
--- a/.github/workflows/lint-stylelint.yml
+++ b/.github/workflows/lint-stylelint.yml
@@ -26,6 +26,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -35,7 +37,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/node-test.yml b/.github/workflows/node-test.yml
index e4c9e2f608d..bf073fbda4d 100644
--- a/.github/workflows/node-test.yml
+++ b/.github/workflows/node-test.yml
@@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
+ permissions:
+ contents: read
+ pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src}}
@@ -60,6 +63,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -83,7 +88,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up node ${{ needs.versions.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ needs.versions.outputs.nodeVersion }}
@@ -99,7 +104,7 @@ jobs:
run: npm run test:coverage --if-present
- name: Collect coverage
- uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v4.3.1
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./coverage/lcov.info
@@ -117,7 +122,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up node ${{ needs.versions.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ needs.versions.outputs.nodeVersion }}
@@ -145,7 +150,7 @@ jobs:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up node ${{ needs.versions.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ needs.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml
index 6f0ddb780a2..7bd4338ae9e 100644
--- a/.github/workflows/node.yml
+++ b/.github/workflows/node.yml
@@ -20,6 +20,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
+ permissions:
+ contents: read
+ pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src}}
@@ -54,6 +57,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -63,7 +68,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v3
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml
index c373b3f6f4b..7e7fe1dabc6 100644
--- a/.github/workflows/npm-audit-fix.yml
+++ b/.github/workflows/npm-audit-fix.yml
@@ -14,6 +14,9 @@ on:
# At 2:30 on Sundays
- cron: '30 2 * * 0'
+permissions:
+ contents: read
+
jobs:
build:
runs-on: ubuntu-latest
@@ -21,15 +24,18 @@ jobs:
strategy:
fail-fast: false
matrix:
- branches: ['main', 'master', 'stable30', 'stable29', 'stable28']
+ branches: ['main', 'master', 'stable31', 'stable30']
name: npm-audit-fix-${{ matrix.branches }}
steps:
- name: Checkout
+ id: checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
ref: ${{ matrix.branches }}
+ continue-on-error: true
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -39,7 +45,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v3
+ uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
@@ -48,10 +54,10 @@ jobs:
- name: Fix npm audit
id: npm-audit
- uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0
+ uses: nextcloud-libraries/npm-audit-action@1b1728b2b4a7a78d69de65608efcf4db0e3e42d0 # v0.2.0
- name: Run npm ci and npm run build
- if: always()
+ if: steps.checkout.outcome == 'success'
env:
CYPRESS_INSTALL_BINARY: 0
run: |
@@ -59,8 +65,8 @@ jobs:
npm run build --if-present
- name: Create Pull Request
- if: always()
- uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+ if: steps.checkout.outcome == 'success'
+ uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: 'fix(deps): Fix npm audit'
diff --git a/.github/workflows/object-storage-azure.yml b/.github/workflows/object-storage-azure.yml
index 69424c0dc8e..92971a85900 100644
--- a/.github/workflows/object-storage-azure.yml
+++ b/.github/workflows/object-storage-azure.yml
@@ -105,7 +105,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-azure
diff --git a/.github/workflows/object-storage-s3.yml b/.github/workflows/object-storage-s3.yml
index 67ab40cf270..4d4f0949cbe 100644
--- a/.github/workflows/object-storage-s3.yml
+++ b/.github/workflows/object-storage-s3.yml
@@ -111,7 +111,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-s3
diff --git a/.github/workflows/object-storage-swift.yml b/.github/workflows/object-storage-swift.yml
index c6a408bf336..d19aff53928 100644
--- a/.github/workflows/object-storage-swift.yml
+++ b/.github/workflows/object-storage-swift.yml
@@ -101,7 +101,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-swift
diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml
index 5f981ee0de6..ec686844f03 100644
--- a/.github/workflows/openapi.yml
+++ b/.github/workflows/openapi.yml
@@ -27,9 +27,11 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Set up php
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+ uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: '8.1'
extensions: ctype, curl, dom, fileinfo, gd, json, libxml, mbstring, openssl, pcntl, pdo, posix, session, simplexml, xml, xmlreader, xmlwriter, zip, zlib
diff --git a/.github/workflows/phpunit-mariadb.yml b/.github/workflows/phpunit-mariadb.yml
index 2c259bada90..a941f361ac3 100644
--- a/.github/workflows/phpunit-mariadb.yml
+++ b/.github/workflows/phpunit-mariadb.yml
@@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
+ permissions:
+ contents: read
+ pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src}}
@@ -88,10 +91,11 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+ uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -124,7 +128,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-mariadb
diff --git a/.github/workflows/phpunit-memcached.yml b/.github/workflows/phpunit-memcached.yml
index f4de2d1cd3b..7acb65cc904 100644
--- a/.github/workflows/phpunit-memcached.yml
+++ b/.github/workflows/phpunit-memcached.yml
@@ -101,7 +101,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-memcached
diff --git a/.github/workflows/phpunit-mysql-sharding.yml b/.github/workflows/phpunit-mysql-sharding.yml
index 02d55ef4941..ec7f7288bcf 100644
--- a/.github/workflows/phpunit-mysql-sharding.yml
+++ b/.github/workflows/phpunit-mysql-sharding.yml
@@ -159,7 +159,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-mysql
diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml
index 91e42a9341d..78ec0fe70a1 100644
--- a/.github/workflows/phpunit-mysql.yml
+++ b/.github/workflows/phpunit-mysql.yml
@@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
+ permissions:
+ contents: read
+ pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src }}
@@ -86,12 +89,13 @@ jobs:
steps:
- name: Checkout server
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+ uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -124,7 +128,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-mysql
diff --git a/.github/workflows/phpunit-nodb.yml b/.github/workflows/phpunit-nodb.yml
index d687d16e922..0dbb1f112aa 100644
--- a/.github/workflows/phpunit-nodb.yml
+++ b/.github/workflows/phpunit-nodb.yml
@@ -107,7 +107,7 @@ jobs:
- name: Upload nodb code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.nodb.xml
flags: phpunit-nodb
diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml
index fa4fdf680ca..635bbb947fd 100644
--- a/.github/workflows/phpunit-oci.yml
+++ b/.github/workflows/phpunit-oci.yml
@@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
+ permissions:
+ contents: read
+ pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src }}
@@ -100,10 +103,11 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+ uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -129,7 +133,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-oci
diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml
index c1e73f34029..55153d8c5b7 100644
--- a/.github/workflows/phpunit-pgsql.yml
+++ b/.github/workflows/phpunit-pgsql.yml
@@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
+ permissions:
+ contents: read
+ pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src }}
@@ -88,10 +91,11 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+ uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -119,7 +123,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-postgres
diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml
index a3feda9b7f6..8b38b6b13dc 100644
--- a/.github/workflows/phpunit-sqlite.yml
+++ b/.github/workflows/phpunit-sqlite.yml
@@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
+ permissions:
+ contents: read
+ pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src }}
@@ -73,10 +76,11 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+ uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -105,7 +109,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
- uses: codecov/codecov-action@v5.0.7
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-sqlite
diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml
index 7b68226f89d..bc5560796e3 100644
--- a/.github/workflows/pr-feedback.yml
+++ b/.github/workflows/pr-feedback.yml
@@ -15,12 +15,17 @@ on:
schedule:
- cron: '30 1 * * *'
+permissions:
+ contents: read
+ pull-requests: write
+
jobs:
pr-feedback:
+ if: ${{ github.repository_owner == 'nextcloud' }}
runs-on: ubuntu-latest
steps:
- name: The get-github-handles-from-website action
- uses: marcelklehr/get-github-handles-from-website-action@a739600f6b91da4957f51db0792697afbb2f143c # v1.0.0
+ uses: marcelklehr/get-github-handles-from-website-action@06b2239db0a48fe1484ba0bfd966a3ab81a08308 # v1.0.1
id: scrape
with:
website: 'https://nextcloud.com/team/'
@@ -31,7 +36,7 @@ jobs:
blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -)
echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT"
- - uses: marcelklehr/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4
+ - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main
with:
feedback-message: |
Hello there,
diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml
index 62bb8b11d4c..95a8626a4a5 100644
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -11,12 +11,17 @@ name: REUSE Compliance Check
on: [pull_request]
+permissions:
+ contents: read
+
jobs:
reuse-compliance-check:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-latest-low
steps:
- - name: Checkout
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ - name: Checkout
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- - name: REUSE Compliance Check
- uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0
+ - name: REUSE Compliance Check
+ uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0