diff --git a/.github/workflows/app-upgrade-mysql.yml b/.github/workflows/app-upgrade-mysql.yml index 655bba9e5..fb61bf54b 100644 --- a/.github/workflows/app-upgrade-mysql.yml +++ b/.github/workflows/app-upgrade-mysql.yml @@ -51,7 +51,7 @@ jobs: services: mysql: - image: ghcr.io/nextcloud/continuous-integration-mysql-8.0:latest + image: ghcr.io/nextcloud/continuous-integration-mysql-8.0:latest # zizmor: ignore[unpinned-images] ports: - 4444:3306/tcp env: @@ -65,8 +65,9 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false submodules: true repository: nextcloud/server ref: ${{ matrix.server-versions }} @@ -77,15 +78,17 @@ jobs: echo "text_app_ref=$text_app_ref" >> $GITHUB_ENV - name: Checkout text app - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false repository: nextcloud/text path: apps/text ref: ${{ env.text_app_ref }} - name: Checkout viewer app - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false repository: nextcloud/viewer path: apps/viewer ref: ${{ matrix.server-versions }} @@ -117,8 +120,9 @@ jobs: ./occ app:enable --force ${{ env.APP_NAME }} - name: Checkout app - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up dependencies @@ -131,7 +135,7 @@ jobs: ./occ app:list - name: Upload nextcloud logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 if: always() with: name: nextcloud.log diff --git a/.github/workflows/cypress-component.yml b/.github/workflows/cypress-component.yml index e16ee1291..7d19f2364 100644 --- a/.github/workflows/cypress-component.yml +++ b/.github/workflows/cypress-component.yml @@ -29,10 +29,12 @@ jobs: steps: - name: Checkout app - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false - name: Set up Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: ${{ matrix.node-version }} cache: 'npm' @@ -48,7 +50,7 @@ jobs: run: npm run tests:component - name: Upload test failure screenshots - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 if: failure() with: name: cypress-component-screenshots-node${{ matrix.node-version }} @@ -56,7 +58,7 @@ jobs: retention-days: 5 - name: Upload test videos - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 if: failure() with: name: cypress-component-videos-node${{ matrix.node-version }} diff --git a/.github/workflows/cypress-custom.yml b/.github/workflows/cypress-custom.yml index 1a8b69f88..00bd25b5a 100644 --- a/.github/workflows/cypress-custom.yml +++ b/.github/workflows/cypress-custom.yml @@ -37,7 +37,7 @@ jobs: services: mysql: - image: ghcr.io/nextcloud/continuous-integration-mariadb-10.6:latest + image: ghcr.io/nextcloud/continuous-integration-mariadb-10.6:latest # zizmor: ignore[unpinned-images] ports: - 4444:3306/tcp env: @@ -47,21 +47,17 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false + submodules: true repository: nextcloud/server ref: ${{ matrix.server-versions }} - - name: Checkout submodules - shell: bash - run: | - auth_header="$(git config --local --get http.https://github.com/.extraheader)" - git submodule sync --recursive - git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - - name: Checkout viewer - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false repository: nextcloud/viewer ref: ${{ matrix.server-versions }} path: apps/viewer @@ -87,12 +83,13 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up node from version file - uses: actions/setup-node@v4 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: cache: 'npm' cache-dependency-path: apps/${{ env.APP_NAME}}/package-lock.json @@ -107,12 +104,12 @@ jobs: - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: node-version: ${{ matrix.node-version }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, zip, zlib, sqlite, pdo_sqlite, apcu, pgsql, pdo_pgsql,mysql, pdo_mysql @@ -144,7 +141,7 @@ jobs: cat data/nextcloud.log - name: Cypress run - uses: cypress-io/github-action@v4 + uses: cypress-io/github-action@8a35f965fbd13e3b18d9fb3bdc5f50ae2f4a5e76 # v7.1.0 with: wait-on: '${{ env.CYPRESS_baseUrl }}' working-directory: 'apps/${{ env.APP_NAME }}' @@ -164,7 +161,7 @@ jobs: cat data/nextcloud.log - name: Upload test failure screenshots ${{ matrix.node-version }}-${{ matrix.php-versions }}-${{ matrix.server-versions }}-${{ matrix.databases }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 if: failure() with: name: Upload screenshots ${{ matrix.node-version }}-${{ matrix.php-versions }}-${{ matrix.server-versions }}-${{ matrix.databases }} @@ -172,7 +169,7 @@ jobs: retention-days: 5 - name: Upload nextcloud logs ${{ matrix.node-version }}-${{ matrix.php-versions }}-${{ matrix.server-versions }}-${{ matrix.databases }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 if: failure() with: name: Upload nextcloud log ${{ matrix.node-version }}-${{ matrix.php-versions }}-${{ matrix.server-versions }}-${{ matrix.databases }} diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 9b18b2360..ac59f0d59 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -74,7 +74,7 @@ jobs: services: postgres: - image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest + image: ghcr.io/nextcloud/continuous-integration-postgres-14:latest # zizmor: ignore[unpinned-images] ports: - 4445:5432/tcp env: @@ -83,7 +83,7 @@ jobs: POSTGRES_DB: nextcloud options: --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5 mysql: - image: ghcr.io/nextcloud/continuous-integration-mariadb-10.6:latest + image: ghcr.io/nextcloud/continuous-integration-mariadb-10.6:latest # zizmor: ignore[unpinned-images] ports: - 4444:3306/tcp env: @@ -92,25 +92,21 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false + submodules: true repository: nextcloud/server ref: ${{ matrix.server-versions }} - - name: Checkout submodules - shell: bash - run: | - auth_header="$(git config --local --get http.https://github.com/.extraheader)" - git submodule sync --recursive - git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - - name: Checkout app - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@2.34.1 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, zip, zlib, sqlite, pdo_sqlite, apcu, pgsql, pdo_pgsql,mysql, pdo_mysql diff --git a/renovate.json b/renovate.json index ce1e66ed1..6f2dcabf9 100644 --- a/renovate.json +++ b/renovate.json @@ -1,10 +1,11 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["config:base", ":semanticCommits", ":gitSignOff"], + "extends": ["config:base", ":semanticCommits", ":gitSignOff", "helpers:pinGitHubActionDigests"], "timezone": "Europe/Berlin", "schedule": ["every weekend"], "labels": ["dependencies", "3. to review"], "rangeStrategy": "bump", + "minimumReleaseAge": "7 days", "rebaseWhen": "conflicted", "ignoreUnstable": false, "baseBranches": ["main", "stable1.0", "stable0.9"],