diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 65da1c1..4b90ada 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -28,16 +28,16 @@ jobs: steps: - name: "Checkout repository" - uses: "actions/checkout@v6.0.1" + uses: "actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8" # v6.0.1 - name: "Install PHP" - uses: "shivammathur/setup-php@2.35.5" + uses: "shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f" # 2.35.5 with: php-version: "8.3" coverage: "none" - name: "Install dependencies (Composer)" - uses: "ramsey/composer-install@3.1.1" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 - name: "Check syntax (php-parallel-lint)" run: "composer dev:lint:syntax" @@ -51,17 +51,17 @@ jobs: steps: - name: "Checkout repository" - uses: "actions/checkout@v6.0.1" + uses: "actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8" # v6.0.1 - name: "Install PHP" - uses: "shivammathur/setup-php@2.35.5" + uses: "shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f" # 2.35.5 with: php-version: "8.3" coverage: "none" ini-values: "memory_limit=-1" - name: "Install dependencies (Composer)" - uses: "ramsey/composer-install@3.1.1" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 - name: "Statically analyze code (PHPStan)" run: "composer dev:analyze:phpstan" @@ -82,22 +82,22 @@ jobs: steps: - name: "Checkout repository" - uses: "actions/checkout@v6.0.1" + uses: "actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8" # v6.0.1 - name: "Install PHP" - uses: "shivammathur/setup-php@2.35.5" + uses: "shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f" # 2.35.5 with: php-version: "8.3" coverage: "none" - name: "Install dependencies (Composer)" - uses: "ramsey/composer-install@3.1.1" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 - name: "Analyze security of code (Psalm)" run: "./vendor/bin/psalm --taint-analysis --report=build/logs/psalm.sarif" - name: "Upload security analysis results to GitHub" - uses: "github/codeql-action/upload-sarif@v4" + uses: "github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30" # v4.32.0 with: sarif_file: "build/logs/psalm.sarif" @@ -108,23 +108,23 @@ jobs: steps: - name: "Checkout repository" - uses: "actions/checkout@v6.0.1" + uses: "actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8" # v6.0.1 - name: "Install PHP" - uses: "shivammathur/setup-php@2.35.5" + uses: "shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f" # 2.35.5 with: php-version: "8.3" coverage: "pcov" ini-values: "memory_limit=-1" - name: "Install dependencies (Composer)" - uses: "ramsey/composer-install@3.1.1" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 - name: "Run unit tests (PHPUnit)" run: "composer dev:test:coverage:ci" - name: "Publish coverage report to Codecov" - uses: "codecov/codecov-action@v5.5.2" + uses: "codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de" # v5.5.2 unit-tests: name: "Unit tests" @@ -167,16 +167,16 @@ jobs: git config --system core.eol lf - name: "Checkout repository" - uses: "actions/checkout@v6.0.1" + uses: "actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8" # v6.0.1 - name: "Install PHP" - uses: "shivammathur/setup-php@2.35.5" + uses: "shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f" # 2.35.5 with: php-version: "${{ matrix.php }}" coverage: "none" - name: "Install dependencies (Composer)" - uses: "ramsey/composer-install@3.1.1" + uses: "ramsey/composer-install@3cf229dc2919194e9e36783941438d17239e8520" # 3.1.1 with: dependency-versions: "${{ matrix.composer-deps }}" composer-options: "${{ matrix.composer-options }}" diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 2ce5d13..cd3a648 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -3,10 +3,10 @@ # https://github.com/nextcloud-libraries/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # -# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Dependabot +name: Auto approve Dependabot PRs on: pull_request_target: # zizmor: ignore[dangerous-triggers] @@ -29,6 +29,8 @@ jobs: permissions: # for hmarr/auto-approve-action to approve PRs pull-requests: write + # for alexwilson/enable-github-automerge-action to approve PRs + contents: write steps: - name: Disabled on forks @@ -37,13 +39,20 @@ jobs: echo 'Can not approve PRs from forks' exit 1 + - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0 + id: branchname + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') with: github-token: ${{ secrets.GITHUB_TOKEN }} - # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2 + # Enable GitHub auto merge + - name: Auto merge + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') with: - target: minor - github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }}