diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml index f2d029c99..2e4b3e25d 100644 --- a/.github/workflows/block-merge-freeze.yml +++ b/.github/workflows/block-merge-freeze.yml @@ -22,11 +22,15 @@ jobs: if: github.event.pull_request.draft == false - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low steps: - - name: Download version.php from ${{ github.base_ref }} - run: curl https://raw.githubusercontent.com/nextcloud/server/${{ github.base_ref }}/version.php --output version.php + - name: Register server reference to fallback to master branch + run: | + server_ref="$(if [ "${{ github.base_ref }}" = "main" ]; then echo -n "master"; else echo -n "${{ github.base_ref }}"; fi)" + echo "server_ref=$server_ref" >> $GITHUB_ENV + - name: Download version.php from ${{ env.server_ref }} + run: curl https://raw.githubusercontent.com/nextcloud/server/${{ env.server_ref }}/version.php --output version.php - name: Run check run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC' diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index 69c0117bb..d70e0312d 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -15,15 +15,16 @@ jobs: arg1: ${{ steps.command.outputs.arg1 }} arg2: ${{ steps.command.outputs.arg2 }} head_ref: ${{ steps.comment-branch.outputs.head_ref }} + base_ref: ${{ steps.comment-branch.outputs.base_ref }} steps: - name: Check actor permission - uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 with: require: write - name: Add reaction on start - uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} @@ -31,7 +32,7 @@ jobs: reactions: "+1" - name: Parse command - uses: skjnldsv/parse-command-comment@7cef1df370a99dfd5bf896d50121390c96785db8 # v2 + uses: skjnldsv/parse-command-comment@d8c0034c481b791dd6348fcacd9c510dc3a4cb4f # v2 id: command # Init path depending on which command is run @@ -39,9 +40,9 @@ jobs: id: git-path run: | if ${{ startsWith(steps.command.outputs.arg1, '/') }}; then - echo "path=${{ github.workspace }}${{steps.command.outputs.arg1}}" >> $GITHUB_OUTPUT + echo "path=${{steps.command.outputs.arg1}}" >> $GITHUB_OUTPUT else - echo "path=${{ github.workspace }}${{steps.command.outputs.arg2}}" >> $GITHUB_OUTPUT + echo "path=${{steps.command.outputs.arg2}}" >> $GITHUB_OUTPUT fi - name: Init branch @@ -76,16 +77,22 @@ jobs: id: package-engines-versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }} - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v3 + uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3 with: node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }} cache: npm - name: Set up npm ${{ steps.package-engines-versions.outputs.npmVersion }} run: npm i -g npm@"${{ steps.package-engines-versions.outputs.npmVersion }}" + + - name: Rebase to ${{ needs.init.outputs.base_ref }} + if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} + run: | + git fetch origin ${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }} + git rebase origin/${{ needs.init.outputs.base_ref }} - name: Install dependencies & build env: @@ -95,29 +102,36 @@ jobs: npm ci npm run build --if-present - - name: Commit and push default - if: ${{ needs.init.outputs.arg1 != 'fixup' && needs.init.outputs.arg1 != 'amend' }} + - name: Commit default + if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }} run: | - git add ${{ needs.init.outputs.git_path }} + git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} git commit --signoff -m 'chore(assets): Recompile assets' - git push origin ${{ needs.init.outputs.head_ref }} - - - name: Commit and push fixup - if: ${{ needs.init.outputs.arg1 == 'fixup' }} + + - name: Commit fixup + if: ${{ contains(needs.init.outputs.arg1, 'fixup') }} run: | - git add ${{ needs.init.outputs.git_path }} + git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} git commit --fixup=HEAD --signoff - git push origin ${{ needs.init.outputs.head_ref }} - - name: Commit and push amend - if: ${{ needs.init.outputs.arg1 == 'amend' }} + - name: Commit amend + if: ${{ contains(needs.init.outputs.arg1, 'amend') }} run: | - git add ${{ needs.init.outputs.git_path }} + git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} git commit --amend --no-edit --signoff - git push --force origin ${{ needs.init.outputs.head_ref }} + # Remove any [skip ci] from the amended commit + git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')" + + - name: Push normally + if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }} + run: git push origin ${{ needs.init.outputs.head_ref }} + + - name: Force push + if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }} + run: git push --force origin ${{ needs.init.outputs.head_ref }} - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 if: failure() with: token: ${{ secrets.COMMAND_BOT_PAT }} diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index 271dd3c31..58bb0414f 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -32,7 +32,7 @@ jobs: - name: Check composer.json id: check_composer - uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2 + uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v2 with: files: "composer.json" @@ -45,10 +45,10 @@ jobs: id: versions with: fallbackNode: "^20" - fallbackNpm: "^9" + fallbackNpm: "^10" - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -88,7 +88,7 @@ jobs: path: ./ - name: Set up node ${{ needs.init.outputs.nodeVersion }} - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 with: node-version: ${{ needs.init.outputs.nodeVersion }} @@ -96,7 +96,7 @@ jobs: run: npm i -g npm@"${{ needs.init.outputs.npmVersion }}" - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests - uses: cypress-io/github-action@ebe8b24c4428922d0f793a5c4c96853a633180e3 # v6.6.0 + uses: cypress-io/github-action@1b70233146622b69e789ccdd4f9452adc638d25a # v6.6.1 with: record: true parallel: true @@ -117,7 +117,7 @@ jobs: CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} - name: Upload snapshots - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 if: always() with: name: snapshots_${{ matrix.containers }} @@ -128,7 +128,7 @@ jobs: run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log - name: Upload NC logs - uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 + uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 if: failure() && matrix.containers != 'component' with: name: nc_logs_${{ matrix.containers }} diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index e81d209bf..00b019613 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -21,8 +21,8 @@ concurrency: jobs: auto-approve-merge: - if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]' - runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest-low permissions: # for hmarr/auto-approve-action to approve PRs pull-requests: write diff --git a/.github/workflows/fixup.yml b/.github/workflows/fixup.yml index 9548d19f2..98d49927a 100644 --- a/.github/workflows/fixup.yml +++ b/.github/workflows/fixup.yml @@ -24,7 +24,7 @@ jobs: pull-requests: write name: Block fixup and squash commits - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low steps: - name: Run check diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index 99b624d1a..5344620b0 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -19,13 +19,13 @@ concurrency: jobs: changes: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low outputs: src: ${{ steps.changes.outputs.src}} steps: - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 id: changes continue-on-error: true with: @@ -60,10 +60,10 @@ jobs: id: versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v3 + uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -82,7 +82,7 @@ jobs: summary: permissions: contents: none - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low needs: [changes, lint] if: always() diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index 163706eaa..bfdcb1460 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -25,9 +25,10 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php8.2 - uses: shivammathur/setup-php@e6f75134d35752277f093989e72e140eaa222f35 # v2 + uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # v2 with: php-version: 8.2 + extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development env: diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index dfe724673..ace42769c 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -28,9 +28,10 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@e6f75134d35752277f093989e72e140eaa222f35 # v2 + uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # v2 with: php-version: ${{ matrix.php-versions }} + extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development env: @@ -42,7 +43,7 @@ jobs: summary: permissions: contents: none - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low needs: php-lint if: always() diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml index 684bb6198..a736046da 100644 --- a/.github/workflows/lint-stylelint.yml +++ b/.github/workflows/lint-stylelint.yml @@ -29,10 +29,10 @@ jobs: id: versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v3 + uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 5355805ad..946646670 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -16,13 +16,13 @@ concurrency: jobs: changes: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low outputs: src: ${{ steps.changes.outputs.src}} steps: - - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 + - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 id: changes continue-on-error: true with: @@ -54,10 +54,10 @@ jobs: id: versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v3 + uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -94,7 +94,7 @@ jobs: summary: permissions: contents: none - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low needs: [changes, build] if: always() diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index 39ccd584d..33ea8029b 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -33,10 +33,10 @@ jobs: id: versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v3 + uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -57,7 +57,7 @@ jobs: - name: Create Pull Request if: always() - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5 + uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v5 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: "chore(deps): fix npm audit" diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 8e7ffd024..ff526a2a0 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -21,9 +21,10 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up php8.2 - uses: shivammathur/setup-php@e6f75134d35752277f093989e72e140eaa222f35 # v2 + uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # v2 with: php-version: 8.2 + extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development env: