Merge pull request #53115 from nextcloud/ci/noid/more-action-hardeningfeat/image-size-metadata

author: Kate <26026535+provokateurin@users.noreply.github.com> 2025-05-26 10:45:38 +0200
committer: GitHub <noreply@github.com> 2025-05-26 10:45:38 +0200
commit: 27149b7f247490eb9d3c6018ce7b2ea61b29000b (patch)
tree: 87c97c53bcc2a21a0d64d5e422f696ff3902d170
parent: 74d164e77090128bb79be293a7538fdcfa7f8c54 (diff)
parent: a4bbdefcdfe8b5df8d9ccdfc76634c08c7796bfc (diff)
download: nextcloud-server-feat/image-size-metadata.tar.gz
nextcloud-server-feat/image-size-metadata.zip
3 files changed, 12 insertions, 7 deletions
diff --git a/.github/workflows/block-outdated-3rdparty.yml b/.github/workflows/block-outdated-3rdparty.yml
index d02eb25aacc..8d35a2125c9 100644
--- a/.github/workflows/block-outdated-3rdparty.yml
+++ b/.github/workflows/block-outdated-3rdparty.yml
@@ -56,22 +56,24 @@ jobs:
                 core.exportVariable('server_ref', match[0]);
                 console.log('Setting server_ref to ' + match[0]);
               } else {
-                console.log('Not based on master/main/stable*, so skipping freeze check');
+                console.log('Not based on master/main/stable*, so skipping outdated 3rdparty check');
               }
             }
 
       - name: Last 3rdparty commit on target branch
+        if: ${{ env.server_ref != '' }}
         id: target
         run: |
           echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ env.server_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT"
 
       - name: Compare if 3rdparty commits are different
+        if: ${{ env.server_ref != '' }}
         run: |
           echo '3rdparty/ seems to not point to the last commit of the dedicated branch:'
           echo 'Branch has: ${{ steps.actual.outputs.commit }}'
           echo '${{ env.server_ref }} has: ${{ steps.target.outputs.commit }}'
 
       - name: Fail if 3rdparty commits are different
-        if: ${{ steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}
+        if: ${{ env.server_ref != '' && steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}
         run: |
           exit 1
diff --git a/.github/workflows/command-pull-3rdparty.yml b/.github/workflows/command-pull-3rdparty.yml
index e204a5c489d..597c37c98d7 100644
--- a/.github/workflows/command-pull-3rdparty.yml
+++ b/.github/workflows/command-pull-3rdparty.yml
@@ -61,7 +61,7 @@ jobs:
                 core.exportVariable('server_ref', match[0]);
                 console.log('Setting server_ref to ' + match[0]);
               } else {
-                console.log('Not based on master/main/stable*, so skipping freeze check');
+                console.log('Not based on master/main/stable*, so skipping pull 3rdparty command');
               }
             }
 
diff --git a/.github/workflows/generate-release-changelog.yml b/.github/workflows/generate-release-changelog.yml
index c0945bde953..1660b77d974 100644
--- a/.github/workflows/generate-release-changelog.yml
+++ b/.github/workflows/generate-release-changelog.yml
@@ -50,8 +50,9 @@ jobs:
           PREVIOUS_TAG=$(echo "$TAGS" | grep -v 'rc\|beta\|alpha' | sed -n '2p')
           echo "CURRENT_TAG=$CURRENT_TAG" >> $GITHUB_ENV
           echo "PREVIOUS_TAG=$PREVIOUS_TAG" >> $GITHUB_ENV
-          
-      - name: Verify current tag
+
+      # Since this action only runs on nextcloud-releases, ignoring is okay
+      - name: Verify current tag # zizmor: ignore[template-injection]
         run: |
          if [ "${{ github.ref_name }}" != "${{ env.CURRENT_TAG }}" ]; then
            echo "Current tag does not match the release tag. Exiting."
@@ -71,7 +72,8 @@ jobs:
         run: |
           echo '{"username": "github-actions"}' > github_helper/credentials.json
 
-      - name: Generate changelog between ${{ env.PREVIOUS_TAG }} and ${{ github.ref_name }}
+      # Since this action only runs on nextcloud-releases, ignoring is okay
+      - name: Generate changelog between ${{ env.PREVIOUS_TAG }} and ${{ github.ref_name }} # zizmor: ignore[template-injection]
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
@@ -79,7 +81,8 @@ jobs:
           composer install
           php index.php generate:changelog --no-bots --format=forum server ${{ env.PREVIOUS_TAG }} ${{ github.ref_name }} > changelog.md
 
-      - name: Set changelog to release
+      # Since this action only runs on nextcloud-releases, ignoring is okay
+      - name: Set changelog to release # zizmor: ignore[template-injection]
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
author	Kate <26026535+provokateurin@users.noreply.github.com>	2025-05-26 10:45:38 +0200
committer	GitHub <noreply@github.com>	2025-05-26 10:45:38 +0200
commit	27149b7f247490eb9d3c6018ce7b2ea61b29000b (patch)
tree	87c97c53bcc2a21a0d64d5e422f696ff3902d170
parent	74d164e77090128bb79be293a7538fdcfa7f8c54 (diff)
parent	a4bbdefcdfe8b5df8d9ccdfc76634c08c7796bfc (diff)
download	nextcloud-server-feat/image-size-metadata.tar.gz nextcloud-server-feat/image-size-metadata.zip