diff options
Diffstat (limited to '.github/workflows')
23 files changed, 736 insertions, 255 deletions
diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index afcb4b362ad..db8f976eb52 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -54,7 +54,7 @@ jobs: steps: - name: Checkout ${{ needs.init.outputs.head_ref }} - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 @@ -86,12 +86,6 @@ jobs: npm ci npm run build --if-present - - name: Build css - run: npm run --if-present sass - - - name: Build icons css - run: npm run --if-present sass:icons - - name: Commit and push default if: ${{ needs.init.outputs.arg1 != 'fixup' && needs.init.outputs.arg1 != 'amend' }} run: | diff --git a/.github/workflows/command-pull-3rdparty.yml b/.github/workflows/command-pull-3rdparty.yml new file mode 100644 index 00000000000..83232e22c67 --- /dev/null +++ b/.github/workflows/command-pull-3rdparty.yml @@ -0,0 +1,55 @@ +name: Update 3rdparty command + +on: + issue_comment: + types: created + +permissions: + contents: read + +jobs: + rebase: + runs-on: ubuntu-latest + permissions: + contents: none + + # On pull requests and if the comment starts with `/update-3rdparty` + if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/update-3rdparty') + + steps: + - name: Add reaction on start + uses: peter-evans/create-or-update-comment@v2 + with: + token: ${{ secrets.COMMAND_BOT_PAT }} + repository: ${{ github.event.repository.full_name }} + comment-id: ${{ github.event.comment.id }} + reaction-type: "+1" + + - name: Checkout the latest code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + token: ${{ secrets.COMMAND_BOT_PAT }} + + - name: Setup git + run: | + git config --local user.email "nextcloud-command@users.noreply.github.com" + git config --local user.name "nextcloud-command" + + - name: Pull 3rdparty + run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin ${{ github.event.issue.pull_request.base.ref }}; fi' + + - name: Commit and push changes + run: | + git add 3rdparty + git commit -s -m "Update submodule 3rdparty to latest ${{ github.event.issue.pull_request.base.ref }}" + git push + + - name: Add reaction on failure + uses: peter-evans/create-or-update-comment@v2 + if: failure() + with: + token: ${{ secrets.COMMAND_BOT_PAT }} + repository: ${{ github.event.repository.full_name }} + comment-id: ${{ github.event.comment.id }} + reaction-type: "-1" diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml new file mode 100644 index 00000000000..66f3b4383fc --- /dev/null +++ b/.github/workflows/cypress.yml @@ -0,0 +1,126 @@ +name: Cypress + +on: + pull_request: + push: + branches: + - master + - stable* + +env: + APP_NAME: viewer + BRANCH: ${{ github.ref }} + TESTING: true + +jobs: + init: + runs-on: ubuntu-latest + + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + + steps: + - name: Checkout server + uses: actions/checkout@v3 + + - name: Read package.json node and npm engines version + uses: skjnldsv/read-package-engines-version-actions@v1.2 + id: versions + with: + fallbackNode: "^12" + fallbackNpm: "^6" + + - name: Set up node ${{ steps.versions.outputs.nodeVersion }} + uses: actions/setup-node@v3 + with: + cache: "npm" + node-version: ${{ steps.versions.outputs.nodeVersion }} + + - name: Set up npm ${{ steps.versions.outputs.npmVersion }} + run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + + - name: Install dependencies & build app + run: | + npm ci + TESTING=true npm run build --if-present + + - name: Save context + uses: actions/cache@v3 + with: + key: cypress-context-${{ github.run_id }} + path: /home/runner/work/server + + cypress: + runs-on: ubuntu-latest + needs: init + + strategy: + fail-fast: false + matrix: + # run multiple copies of the current job in parallel + containers: ["component", 1, 2] + + name: runner ${{ matrix.containers }} + + steps: + - name: Restore context + uses: actions/cache@v3 + with: + key: cypress-context-${{ github.run_id }} + path: /home/runner/work/server + + - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests + + uses: cypress-io/github-action@v5 + with: + record: true + parallel: true + # cypress run type + component: ${{ matrix.containers == 'component' }} + group: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} + # cypress env + ci-build-id: ${{ github.sha }}-${{ github.run_number }} + tag: ${{ github.event_name }}t + env: + # Needs to be prefixed with CYPRESS_ + CYPRESS_BRANCH: ${{ env.BRANCH }} + CYPRESS_GH: true + # https://github.com/cypress-io/github-action/issues/124 + COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }} + # Needed for some specific code workarounds + TESTING: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} + + - name: Extract NC logs + if: failure() && matrix.containers != 'component' + run: docker logs nextcloud-cypress-tests-server > nextcloud.log + + - name: Upload NC logs + uses: actions/upload-artifact@v3 + if: failure() && matrix.containers != 'component' + with: + name: nc_logs_${{ matrix.containers }} + path: nextcloud.log + + - name: Create data dir archive + if: failure() && matrix.containers != 'component' + run: docker exec nextcloud-cypress-tests-server tar -cvjf - data > data.tar + + - name: Upload data dir archive + uses: actions/upload-artifact@v3 + if: failure() && matrix.containers != 'component' + with: + name: nc_data_${{ matrix.containers }} + path: data.tar + + summary: + runs-on: ubuntu-latest + needs: [init, cypress] + + if: always() + + name: cypress-summary + + steps: + - name: Summary status + run: if ${{ needs.init.result != 'success' || ( needs.cypress.result != 'success' && needs.cypress.result != 'skipped' ) }}; then exit 1; fi diff --git a/.github/workflows/ftp.yml b/.github/workflows/ftp.yml index aa9fe3aad79..9ec0b0eaea7 100644 --- a/.github/workflows/ftp.yml +++ b/.github/workflows/ftp.yml @@ -1,4 +1,4 @@ -name: FTP +name: FTP unit tests on: push: branches: @@ -17,18 +17,20 @@ jobs: ftp-tests: runs-on: ubuntu-latest + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + strategy: # do not stop on another job's failure fail-fast: false matrix: - php-versions: ['7.4', '8.0'] + php-versions: ['8.0'] ftpd: ['proftpd', 'vsftpd', 'pure-ftpd'] name: php${{ matrix.php-versions }}-${{ matrix.ftpd }} steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: submodules: true @@ -43,8 +45,10 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - tools: phpunit + tools: phpunit:9 extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Set up Nextcloud run: | diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml new file mode 100644 index 00000000000..21133ab68b4 --- /dev/null +++ b/.github/workflows/lint-php-cs.yml @@ -0,0 +1,39 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization + +name: Lint + +on: pull_request + +permissions: + contents: read + +concurrency: + group: lint-php-cs-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + lint: + runs-on: ubuntu-latest + + name: php-cs + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up php + uses: shivammathur/setup-php@v2 + with: + php-version: "8.0" + coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Install dependencies + run: composer i + + - name: Lint + run: composer run cs:check || ( echo "Please run `composer run cs:fix` to format your code" && exit 1 ) diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml new file mode 100644 index 00000000000..5a7cbffb099 --- /dev/null +++ b/.github/workflows/lint-php.yml @@ -0,0 +1,59 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization + +name: Lint + +on: + pull_request: + push: + branches: + - main + - master + - stable* + +permissions: + contents: read + +concurrency: + group: lint-php-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + php-lint: + runs-on: ubuntu-latest + strategy: + matrix: + php-versions: [ "8.0", "8.1", "8.2" ] + + name: php-lint + + steps: + - name: Checkout + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3 + + - name: Set up php ${{ matrix.php-versions }} + uses: shivammathur/setup-php@1a18b2267f80291a81ca1d33e7c851fe09e7dfc4 # v2 + with: + php-version: ${{ matrix.php-versions }} + coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Lint + run: composer run lint + + summary: + permissions: + contents: none + runs-on: ubuntu-latest + needs: php-lint + + if: always() + + name: php-lint-summary + + steps: + - name: Summary status + run: if ${{ needs.php-lint.result != 'success' && needs.php-lint.result != 'skipped' }}; then exit 1; fi diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 983b0af6d93..00000000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Lint -on: pull_request - -jobs: - php-linters: - runs-on: ubuntu-latest - strategy: - matrix: - php-versions: ['7.4', '8.0', '8.1', '8.2'] - name: php${{ matrix.php-versions }} lint - steps: - - name: Checkout - uses: actions/checkout@master - - name: Set up php${{ matrix.php-versions }} - uses: shivammathur/setup-php@master - with: - php-version: ${{ matrix.php-versions }} - extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip - coverage: none - - name: Lint - run: composer run lint - - php-cs-fixer: - name: php-cs check - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@master - - name: Set up php - uses: shivammathur/setup-php@master - with: - php-version: 7.4 - extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip - coverage: none - tools: cs2pr - - name: Install dependencies - run: composer i - - name: Run coding standards check - run: | - composer run cs:check -- --format=checkstyle | cs2pr - composer run cs:check || ( echo 'Please run `composer run cs:fix` to format your code' && exit 1 ) - shell: bash diff --git a/.github/workflows/node-tests.yml b/.github/workflows/node-tests.yml index 6be1006a937..01afa262f19 100644 --- a/.github/workflows/node-tests.yml +++ b/.github/workflows/node-tests.yml @@ -1,4 +1,4 @@ -name: Node +name: Node tests on: pull_request: @@ -10,13 +10,16 @@ on: jobs: versions: runs-on: ubuntu-latest + + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + outputs: nodeVersion: ${{ steps.versions.outputs.nodeVersion }} npmVersion: ${{ steps.versions.outputs.npmVersion }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Read package.json node and npm engines version uses: skjnldsv/read-package-engines-version-actions@v1.1 @@ -31,7 +34,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up node ${{ needs.versions.outputs.nodeVersion }} uses: actions/setup-node@v2 @@ -53,7 +56,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up node ${{ needs.versions.outputs.nodeVersion }} uses: actions/setup-node@v2 @@ -67,7 +70,7 @@ jobs: run: npm ci - name: Test - run: ./autotest-js.sh + run: npm run test:jsunit handlebars: runs-on: ubuntu-latest @@ -75,7 +78,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up node ${{ needs.versions.outputs.nodeVersion }} uses: actions/setup-node@v2 diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 7173a224c24..443ed95dd24 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -45,12 +45,6 @@ jobs: npm ci npm run build --if-present - - name: Build css - run: npm run sass - - - name: Build icons css - run: npm run sass:icons - - name: Check webpack build changes run: | bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml new file mode 100644 index 00000000000..dededbc97ff --- /dev/null +++ b/.github/workflows/npm-audit-fix.yml @@ -0,0 +1,71 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization + +name: npm audit fix and compile + +on: + workflow_dispatch: + schedule: + # At 2:30 on Sundays + - cron: '30 2 * * 0' + +jobs: + build: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + branches: ["main", "master", "stable26", "stable25", "stable24"] + + name: npm-audit-fix-${{ matrix.branches }} + + steps: + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 + with: + ref: ${{ matrix.branches }} + + - name: Read package.json node and npm engines version + uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2 + id: versions + with: + fallbackNode: '^16' + fallbackNpm: '^7' + + - name: Set up node ${{ steps.versions.outputs.nodeVersion }} + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3 + with: + node-version: ${{ steps.versions.outputs.nodeVersion }} + + - name: Set up npm ${{ steps.versions.outputs.npmVersion }} + run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + + - name: Fix npm audit + run: | + npm audit fix + + - name: Run npm ci and npm run build + if: always() + run: | + npm ci + npm run build --if-present + + - name: Create Pull Request + if: always() + uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672 # v3 + with: + token: ${{ secrets.COMMAND_BOT_PAT }} + commit-message: "chore(deps): fix npm audit" + committer: GitHub <noreply@github.com> + author: nextcloud-command <nextcloud-command@users.noreply.github.com> + signoff: true + branch: automated/noid/${{ matrix.branches }}-fix-npm-audit + title: "[${{ matrix.branches }}] Fix npm audit" + body: | + Auto-generated fix of npm audit + labels: | + dependencies + 3. to review diff --git a/.github/workflows/oci.yml b/.github/workflows/oci.yml index 8d09578cf4e..67fe9d80663 100644 --- a/.github/workflows/oci.yml +++ b/.github/workflows/oci.yml @@ -1,48 +1,46 @@ -name: PHPUnit +name: PHPUnit oci -on: - pull_request: - push: - branches: - - master - - stable* +on: pull_request + +permissions: + contents: read + +concurrency: + group: phpunit-oci-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: - phpunit-oci8: + phpunit-oci: runs-on: ubuntu-20.04 + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + strategy: - fail-fast: false matrix: - php-versions: [ '7.4', '8.0', '8.1'] - databases: [ 'oci' ] - - name: php${{ matrix.php-versions }}-${{ matrix.databases }} + php-versions: ['8.0', '8.1', '8.2'] services: oracle: - image: deepdiver/docker-oracle-xe-11g # "wnameless/oracle-xe-11g-r2" + image: deepdiver/docker-oracle-xe-11g # 'wnameless/oracle-xe-11g-r2' ports: - - "1521:1521" + - 1521:1521/tcp steps: - name: Checkout server - uses: actions/checkout@v2 - - - name: Checkout submodules - shell: bash - run: | - auth_header="$(git config --local --get http.https://github.com/.extraheader)" - git submodule sync --recursive - git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 + uses: actions/checkout@v3 + with: + submodules: true - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,oci8,openssl,pdo_sqlite,posix,sqlite,xml,zip + extensions: ctype, curl, dom, fileinfo, gd, imagick, intl, json, mbstring, oci8, openssl, pdo_sqlite, posix, sqlite, xml, zip tools: phpunit:9 coverage: none + ini-file: development + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Set up Nextcloud run: | @@ -53,3 +51,21 @@ jobs: - name: PHPUnit working-directory: tests run: phpunit --configuration phpunit-autotest.xml --group DB,SLOWDB + + - name: Run repair steps + run: | + ./occ maintenance:repair --include-expensive + + summary: + permissions: + contents: none + runs-on: ubuntu-latest + needs: phpunit-oci + + if: always() + + name: phpunit-oci-summary + + steps: + - name: Summary status + run: if ${{ needs.phpunit-oci.result != 'success' }}; then exit 1; fi diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml index e5cbac5fe8f..44ca8954078 100644 --- a/.github/workflows/performance.yml +++ b/.github/workflows/performance.yml @@ -6,6 +6,8 @@ jobs: performance-testing: runs-on: ubuntu-latest + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + strategy: fail-fast: false matrix: @@ -24,8 +26,10 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - tools: phpunit + tools: phpunit:9 extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Set up Nextcloud run: | @@ -39,7 +43,7 @@ jobs: blueprint: tests/blueprints/basic.toml ref: ${{ github.event.pull_request.head.ref }} - name: Run before measurements - uses: nextcloud/profiler@fa03a1e6864fcb63fb92b8940fa72f5191baffbe + uses: nextcloud/profiler@1e66a9de5f76a01e9d1db4f0153bcc1cbf989b3d with: run: | curl -s -X PROPFIND -u test:test http://localhost:8080/remote.php/dav/files/test @@ -48,18 +52,20 @@ jobs: curl -s -u test:test -T README.md http://localhost:8080/remote.php/dav/files/test/new_file.txt curl -s -u test:test -X DELETE http://localhost:8080/remote.php/dav/files/test/new_file.txt output: before.json + profiler-branch: master - name: Apply PR run: | - git fetch origin ${{ github.event.pull_request.head.ref }} - git checkout ${{ github.event.pull_request.head.ref }} + git remote add pr ${{ github.event.pull_request.head.repo.clone_url }} + git fetch pr ${{ github.event.pull_request.head.ref }} + git checkout -b pr/${{ github.event.pull_request.head.ref }} git submodule update ./occ upgrade - name: Run after measurements id: compare - uses: nextcloud/profiler@fa03a1e6864fcb63fb92b8940fa72f5191baffbe + uses: nextcloud/profiler@1e66a9de5f76a01e9d1db4f0153bcc1cbf989b3d with: run: | curl -s -X PROPFIND -u test:test http://localhost:8080/remote.php/dav/files/test @@ -68,6 +74,7 @@ jobs: curl -s -u test:test -T README.md http://localhost:8080/remote.php/dav/files/test/new_file.txt curl -s -u test:test -X DELETE http://localhost:8080/remote.php/dav/files/test/new_file.txt output: after.json + profiler-branch: master compare-with: before.json - name: Upload profiles diff --git a/.github/workflows/phpunit-32bits.yml b/.github/workflows/phpunit-32bits.yml new file mode 100644 index 00000000000..ef81b2226e6 --- /dev/null +++ b/.github/workflows/phpunit-32bits.yml @@ -0,0 +1,65 @@ +name: PHPUnit 32bits + +on: + pull_request: + paths: + - 'version.php' + - '.github/workflows/phpunit-32bits.yml' + workflow_dispatch: + schedule: + - cron: "15 1 * * 1-6" + +permissions: + contents: read + +concurrency: + group: phpunit-32bits-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + phpunit-32bits: + runs-on: ubuntu-latest + + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + + container: shivammathur/node:latest-i386 + + strategy: + matrix: + php-versions: ['8.0'] + + steps: + - name: Checkout server + uses: actions/checkout@v3 + with: + submodules: true + + - name: Install tools + run: | + sudo apt-get update + sudo apt-get install -y ffmpeg imagemagick libmagickcore-6.q16-3-extra + + - name: Set up php ${{ matrix.php-versions }} + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php-versions }} + extensions: ctype, curl, dom, fileinfo, gd, imagick, intl, json, mbstring, openssl, pdo_sqlite, posix, sqlite, xml, zip, apcu + tools: phpunit:9 + coverage: none + ini-values: + apc.enabled=on, + apc.enable_cli=on + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Nextcloud + env: + DB_PORT: 4444 + run: | + mkdir data + ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=autotest --database-pass=rootpassword --admin-user admin --admin-pass admin + php -f index.php + + - name: PHPUnit + working-directory: tests + run: phpunit --configuration phpunit-autotest.xml --exclude-group PRIMARY-azure,PRIMARY-s3,PRIMARY-swift,Memcached,Redis,RoutingWeirdness diff --git a/.github/workflows/psalm-github.yml b/.github/workflows/psalm-github.yml deleted file mode 100644 index d27e0a1f143..00000000000 --- a/.github/workflows/psalm-github.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Psalm show github - -on: - pull_request: - push: - branches: - - master - - stable* - -jobs: - psalm: - name: Psalm - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - submodules: recursive - - name: Psalm - uses: docker://vimeo/psalm-github-actions:4.9.3 - continue-on-error: true - with: - composer_ignore_platform_reqs: false - report_file: results.sarif - - name: Upload Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: results.sarif diff --git a/.github/workflows/psalm-security.yml b/.github/workflows/psalm-security.yml deleted file mode 100644 index a97abba44c2..00000000000 --- a/.github/workflows/psalm-security.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Psalm Security Analysis - -on: - pull_request: - push: - branches: - - master - - stable* - -jobs: - psalm: - name: Psalm - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - submodules: recursive - - name: Psalm - uses: docker://vimeo/psalm-github-actions:4.9.3 - with: - security_analysis: true - composer_ignore_platform_reqs: false - report_file: results.sarif - - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: results.sarif diff --git a/.github/workflows/s3-external.yml b/.github/workflows/s3-external.yml index 8c2cdd7cfd1..a987f8a3f67 100644 --- a/.github/workflows/s3-external.yml +++ b/.github/workflows/s3-external.yml @@ -17,11 +17,13 @@ jobs: s3-external-tests-minio: runs-on: ubuntu-latest + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + strategy: # do not stop on another job's failure fail-fast: false matrix: - php-versions: ['7.4', '8.0'] + php-versions: ['8.0', '8.1'] name: php${{ matrix.php-versions }}-minio @@ -36,7 +38,7 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: submodules: true @@ -44,8 +46,10 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - tools: phpunit + tools: phpunit:9 extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Set up Nextcloud run: | @@ -66,11 +70,13 @@ jobs: s3-external-tests-localstack: runs-on: ubuntu-latest + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + strategy: # do not stop on another job's failure fail-fast: false matrix: - php-versions: ['7.4', '8.0'] + php-versions: ['8.0', '8.1'] name: php${{ matrix.php-versions }}-localstack @@ -85,7 +91,7 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: submodules: true @@ -93,8 +99,10 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - tools: phpunit + tools: phpunit:9 extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Set up Nextcloud run: | diff --git a/.github/workflows/s3-primary-integration.yml b/.github/workflows/s3-primary-integration.yml new file mode 100644 index 00000000000..2a2ab43f5c6 --- /dev/null +++ b/.github/workflows/s3-primary-integration.yml @@ -0,0 +1,86 @@ +name: S3 primary storage integration tests +on: + pull_request: + push: + branches: + - master + - stable* + +jobs: + s3-primary-integration-tests-minio: + runs-on: ubuntu-20.04 + + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + + strategy: + # do not stop on another job's failure + fail-fast: false + matrix: + php-versions: ['8.0'] + key: ['objectstore', 'objectstore_multibucket'] + + name: php${{ matrix.php-versions }}-${{ matrix.key }}-minio + + services: + redis: + image: redis + ports: + - "6379:6379" + minio: + env: + MINIO_ACCESS_KEY: minio + MINIO_SECRET_KEY: minio123 + image: bitnami/minio:2021.12.29 + ports: + - "9000:9000" + + steps: + - name: Checkout server + uses: actions/checkout@v3 + with: + submodules: true + + - name: Set up php ${{ matrix.php-versions }} + uses: shivammathur/setup-php@v2 + with: + php-version: ${{ matrix.php-versions }} + tools: phpunit:9 + extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd, redis + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Wait for S3 + run: | + sleep 10 + curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://localhost:9000/minio/health/ready + + - name: Set up Nextcloud + run: | + mkdir data + echo '<?php $CONFIG=["${{ matrix.key }}" => ["class" => "OC\Files\ObjectStore\S3", "arguments" => ["bucket" => "nextcloud", "autocreate" => true, "key" => "minio", "secret" => "minio123", "hostname" => "localhost", "port" => 9000, "use_ssl" => false, "use_path_style" => true, "uploadPartSize" => 52428800]]];' > config/config.php + echo '<?php $CONFIG=["redis" => ["host" => "localhost", "port" => 6379], "memcache.local" => "\OC\Memcache\Redis", "memcache.distributed" => "\OC\Memcache\Redis"];' > config/redis.config.php + ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin + php -f index.php + + - name: Integration + run: | + cd build/integration + bash run.sh --tags "~@failure-s3" features/webdav-related.feature + + - name: S3 logs + if: always() + run: | + cat data/nextcloud.log + docker ps -a + docker ps -aq | while read container ; do IMAGE=$(docker inspect --format='{{.Config.Image}}' $container); echo $IMAGE; docker logs $container; echo "\n\n" ; done + + + s3-primary-integration-summary: + runs-on: ubuntu-latest + needs: [s3-primary-integration-tests-minio] + + if: always() + + steps: + - name: Summary status + run: if ${{ needs.s3-primary-integration-tests-minio.result != 'success' }}; then exit 1; fi diff --git a/.github/workflows/s3-primary.yml b/.github/workflows/s3-primary.yml index 9fbc3f8d668..9b4269d737b 100644 --- a/.github/workflows/s3-primary.yml +++ b/.github/workflows/s3-primary.yml @@ -8,7 +8,9 @@ on: jobs: s3-primary-tests-minio: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 + + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} strategy: # do not stop on another job's failure @@ -24,13 +26,13 @@ jobs: env: MINIO_ACCESS_KEY: minio MINIO_SECRET_KEY: minio123 - image: bitnami/minio:2021.10.6 + image: bitnami/minio:2021.12.29 ports: - "9000:9000" steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: submodules: true @@ -38,8 +40,10 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} - tools: phpunit + tools: phpunit:9 extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Set up Nextcloud run: | @@ -52,8 +56,6 @@ jobs: run: | sleep 10 curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://localhost:9000/minio/health/ready - sleep 10 - curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://localhost:9000/minio/health/ready - name: PHPUnit working-directory: tests diff --git a/.github/workflows/smb-kerberos.yml b/.github/workflows/smb-kerberos.yml index 2875a7f4fbd..c069d665a6a 100644 --- a/.github/workflows/smb-kerberos.yml +++ b/.github/workflows/smb-kerberos.yml @@ -6,24 +6,23 @@ on: - stable* paths: - 'apps/files_external/**' + - '.github/workflows/smb-kerberos.yml' pull_request: paths: - 'apps/files_external/**' + - '.github/workflows/smb-kerberos.yml' jobs: smb-kerberos-tests: runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - php-versions: ['7.4', '8.0'] + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} - name: php${{ matrix.php-versions }}-${{ matrix.ftpd }} + name: smb-kerberos-sso steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: submodules: true - name: Pull images @@ -33,9 +32,12 @@ jobs: docker pull icewind1991/samba-krb-test-client - name: Setup AD-DC run: | + cp apps/files_external/tests/*.sh . mkdir data sudo chown -R 33 data apps config - apps/files_external/tests/setup-krb.sh + DC_IP=$(./start-dc.sh) + ./start-apache.sh $DC_IP $PWD + echo "DC_IP=$DC_IP" >> $GITHUB_ENV - name: Set up Nextcloud run: | docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password @@ -44,7 +46,8 @@ jobs: # setup user_saml docker exec --user 33 apache ./occ app:enable user_saml --force docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable' - docker exec --user 33 apache ./occ config:app:set user_saml general-uid_mapping --value REMOTE_USER + docker exec --user 33 apache ./occ saml:config:create + docker exec --user 33 apache ./occ saml:config:set 1 --general-uid_mapping=REMOTE_USER # setup external storage docker exec --user 33 apache ./occ app:enable files_external --force @@ -54,25 +57,18 @@ jobs: docker exec --user 33 apache ./occ files_external:list - name: Test SSO run: | - mkdir cookies - chmod 0777 cookies + mkdir /tmp/shared/cookies + chmod 0777 /tmp/shared/cookies - DC_IP=$(docker inspect dc --format '{{.NetworkSettings.IPAddress}}') - docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \ - curl -c /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login - CONTENT=$(docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \ - curl -b /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt) - echo $CONTENT - CONTENT=$(echo $CONTENT | tr -d '[:space:]') + echo "SAML login" + ./client-cmd.sh ${{ env.DC_IP }} curl -c /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login + echo "Check we are logged in" + CONTENT=$(./client-cmd.sh ${{ env.DC_IP }} curl -b /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt) + CONTENT=$(echo $CONTENT | head -n 1 | tr -d '[:space:]') [[ $CONTENT == "testfile" ]] - - - smb-kerberos-summary: - runs-on: ubuntu-latest - needs: smb-kerberos-tests - - if: always() - - steps: - - name: Summary status - run: if ${{ needs.smb-kerberos-tests.result != 'success' }}; then exit 1; fi + - name: Show logs + if: failure() + run: | + docker exec --user 33 apache ./occ log:file + FILEPATH=$(docker exec --user 33 apache ./occ log:file | grep "Log file:" | cut -d' ' -f3) + docker exec --user 33 apache cat $FILEPATH diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 13dc697664c..29e680b4698 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,12 +7,13 @@ on: jobs: stale: - runs-on: ubuntu-latest - + + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + permissions: issues: write - + steps: - uses: actions/stale@v5 with: @@ -29,4 +30,4 @@ jobs: days-before-stale: 30 days-before-close: 14 # debug-only: true - + diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index 31ee0f89fa2..6f18f77c48e 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -1,56 +1,101 @@ -name: Static code analysis +name: Psalm static code analysis -on: [pull_request] +on: + pull_request: + push: + branches: + - master + - stable* jobs: - static-code-analysis: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Checkout submodules - shell: bash - run: | - auth_header="$(git config --local --get http.https://github.com/.extraheader)" - git submodule sync --recursive - git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - - name: Set up php7.4 - uses: shivammathur/setup-php@master - with: - php-version: 7.4 - extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip - coverage: none - - name: Composer install - run: composer i - - name: Psalm - run: composer run psalm -- --monochrome --no-progress --output-format=github --update-baseline || ( git diff -- . ':!lib/composer' && exit 1 ) - - name: Check diff - run: git diff -- . ':!lib/composer' - - name: Show potential changes in Psalm baseline - run: | - bash -c "[[ ! \"`git status --porcelain build/psalm-baseline.xml`\" ]] || ( echo 'Uncommited changes in Psalm baseline' && git status && git diff build/psalm-baseline.xml)" - - static-code-analysis-ocp: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Checkout submodules - shell: bash - run: | - auth_header="$(git config --local --get http.https://github.com/.extraheader)" - git submodule sync --recursive - git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - - name: Set up php7.4 - uses: shivammathur/setup-php@master - with: - php-version: 7.4 - extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip - coverage: none - - name: Composer install - run: composer i - - name: Psalm - run: composer run psalm -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline || ( git diff -- . ':!lib/composer' && exit 1 ) - - name: Check diff - run: git diff -- . ':!lib/composer' - - name: Show potential changes in Psalm baseline - run: | - bash -c "[[ ! \"`git status --porcelain build/psalm-baseline-ocp.xml`\" ]] || ( echo 'Uncommited changes in Psalm baseline' && git status && git diff build/psalm-baseline.xml)" + static-code-analysis: + runs-on: ubuntu-latest + + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Set up php + uses: shivammathur/setup-php@v2 + with: + php-version: '8.0' + extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip + coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Composer install + run: composer i + + - name: Psalm + run: composer run psalm -- --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif + + - name: Show potential changes in Psalm baseline + if: always() + run: git diff -- . ':!lib/composer' + + - name: Upload Analysis results to GitHub + if: always() + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif + + static-code-analysis-security: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + submodules: true + + - name: Set up php + uses: shivammathur/setup-php@master + with: + php-version: '8.0' + extensions: ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip + coverage: none + + - name: Composer install + run: composer i + + - name: Psalm taint analysis + run: composer run psalm -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis + + - name: Upload Security Analysis results to GitHub + if: always() + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif + + static-code-analysis-ocp: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + submodules: true + + - name: Set up php + uses: shivammathur/setup-php@v2 + with: + php-version: '8.0' + extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip + coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Composer install + run: composer i + + - name: Psalm + run: composer run psalm -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline + + - name: Show potential changes in Psalm baseline + if: always() + run: git diff -- . ':!lib/composer' diff --git a/.github/workflows/update-cacert-bundle.yml b/.github/workflows/update-cacert-bundle.yml index 8d0e9d79d52..f599ae62ef1 100644 --- a/.github/workflows/update-cacert-bundle.yml +++ b/.github/workflows/update-cacert-bundle.yml @@ -3,7 +3,7 @@ name: Update CA certificate bundle on: workflow_dispatch: schedule: - - cron: "5 4 * * *" + - cron: "5 2 * * *" jobs: update-ca-certificate-bundle: @@ -12,7 +12,7 @@ jobs: strategy: fail-fast: false matrix: - branches: ["master", "stable25", "stable24", "stable23", "stable22"] + branches: ["master", "stable26", "stable25", "stable24", "stable23", "stable22"] name: update-ca-certificate-bundle-${{ matrix.branches }} diff --git a/.github/workflows/update-psalm-baseline.yml b/.github/workflows/update-psalm-baseline.yml index 5e699f623af..6f70d2ff978 100644 --- a/.github/workflows/update-psalm-baseline.yml +++ b/.github/workflows/update-psalm-baseline.yml @@ -3,31 +3,35 @@ name: Update Psalm baseline on: workflow_dispatch: schedule: - - cron: "5 4 * * *" + - cron: "5 2 * * *" jobs: update-psalm-baseline: runs-on: ubuntu-latest + if: ${{ github.repository_owner != 'nextcloud-gmbh' }} + strategy: fail-fast: false matrix: - branches: ["master", "stable24", "stable23", "stable22"] + branches: ["master", "stable26", "stable25", "stable24", "stable23"] name: update-psalm-baseline-${{ matrix.branches }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: ref: ${{ matrix.branches }} submodules: true - - name: Set up php7.4 + - name: Set up php uses: shivammathur/setup-php@v2 with: - php-version: 7.4 + php-version: '8.0' extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Composer install run: composer install @@ -36,13 +40,17 @@ jobs: run: composer run psalm -- --monochrome --no-progress --output-format=text --update-baseline continue-on-error: true + - name: Psalm OCP + run: composer run psalm -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline + continue-on-error: true + - name: Reset composer run: | git clean -f lib/composer git checkout composer.json composer.lock lib/composer - name: Create Pull Request - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v4 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: Update psalm baseline |