diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml index f28a02101..616608083 100644 --- a/.github/workflows/block-merge-freeze.yml +++ b/.github/workflows/block-merge-freeze.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Register server reference to fallback to master branch - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/block-unconventional-commits.yml b/.github/workflows/block-unconventional-commits.yml index 6bf1a79c9..ca938801a 100644 --- a/.github/workflows/block-unconventional-commits.yml +++ b/.github/workflows/block-unconventional-commits.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index 7b74107f9..549f16be2 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Get repository from pull request comment - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 id: get-repository with: github-token: ${{secrets.GITHUB_TOKEN}} @@ -57,7 +57,7 @@ jobs: require: write - name: Add reaction on start - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} @@ -83,7 +83,7 @@ jobs: id: comment-branch - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 if: failure() with: token: ${{ secrets.COMMAND_BOT_PAT }} @@ -103,7 +103,7 @@ jobs: key: git-repo - name: Checkout ${{ needs.init.outputs.head_ref }} - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: # Needed to allow force push later persist-credentials: true @@ -120,11 +120,11 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: package-engines-versions with: - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }} cache: npm @@ -136,35 +136,35 @@ jobs: if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} run: | git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}' - + # Start the rebase git rebase 'origin/${{ needs.init.outputs.base_ref }}' || { # Handle rebase conflicts in a loop while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do echo "Handling rebase conflict..." - + # Remove and checkout /dist and /js folders from the base branch if [ -d "dist" ]; then rm -rf dist git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch" fi if [ -d "js" ]; then - rm -rf js + rm -rf js git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch" fi - + # Stage all changes git add . - + # Check if there are any changes after resolving conflicts if git diff --cached --quiet; then echo "No changes after conflict resolution, skipping commit" git rebase --skip else - echo "Changes found, continuing rebase" - git rebase --continue + echo "Changes found, continuing rebase without editing commit message" + git -c core.editor=true rebase --continue fi - + # Break if rebase is complete if [ ! -d .git/rebase-merge ] && [ ! -d .git/rebase-apply ]; then break @@ -213,7 +213,7 @@ jobs: run: git push --force-with-lease origin "$HEAD_REF" - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 if: failure() with: token: ${{ secrets.COMMAND_BOT_PAT }} diff --git a/.github/workflows/cypress-snapshot-update.yml b/.github/workflows/cypress-snapshot-update.yml index 6ae8cd306..01747eafb 100644 --- a/.github/workflows/cypress-snapshot-update.yml +++ b/.github/workflows/cypress-snapshot-update.yml @@ -8,6 +8,10 @@ on: # At 2:30 on Sundays - cron: '20 1 * * 0' +permissions: + contents: read + issues: write + jobs: update: runs-on: ubuntu-latest @@ -15,14 +19,15 @@ jobs: strategy: fail-fast: false matrix: - branches: ["master", "stable30", "stable31"] - + branches: ["master", "stable31", "stable32"] + name: cypress-snapshot-update-${{ matrix.branches }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: + persist-credentials: false ref: ${{ matrix.branches }} - name: Read package.json node and npm engines version @@ -33,7 +38,7 @@ jobs: fallbackNpm: "^10" - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -50,7 +55,7 @@ jobs: - name: Create Pull Request if: always() - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v5 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: "chore(deps): cypress snapshot update" diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index 3ad76f162..7310dce8a 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -46,7 +46,7 @@ jobs: exit 1 - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -54,7 +54,7 @@ jobs: id: check_composer uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 with: - files: "composer.json" + files: 'composer.json' - name: Install composer dependencies if: steps.check_composer.outputs.files_exists == 'true' @@ -64,11 +64,11 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: "^20" - fallbackNpm: "^10" + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -110,7 +110,7 @@ jobs: path: ./ - name: Set up node ${{ needs.init.outputs.nodeVersion }} - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ needs.init.outputs.nodeVersion }} @@ -121,7 +121,7 @@ jobs: run: ./node_modules/cypress/bin/cypress install - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests - uses: cypress-io/github-action@57b70560982e6a11d23d4b8bec7f8a487cdbb71b # v6.7.8 + uses: cypress-io/github-action@7ef72e250a9e564efb4ed4c2433971ada4cc38b4 # v6.10.4 with: # We already installed the dependencies in the init job install: false @@ -129,7 +129,6 @@ jobs: component: ${{ matrix.containers == 'component' }} # Do not add Cypress record key config as this conflicts with cypress-split # Cypress again tries to force users to buy their dashboard... - env: # Needs to be prefixed with CYPRESS_ CYPRESS_BRANCH: ${{ env.BRANCH }} @@ -142,7 +141,7 @@ jobs: SPLIT_INDEX: ${{ matrix.containers == 'component' && 0 || matrix.containers }} - name: Upload snapshots - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: always() with: name: snapshots_${{ matrix.containers }} @@ -153,7 +152,7 @@ jobs: run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log - name: Upload NC logs - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 if: failure() && matrix.containers != 'component' with: name: nc_logs_${{ matrix.containers }} diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index ed902d928..c0411c057 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -3,10 +3,10 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # -# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Dependabot +name: Auto approve Dependabot PRs on: pull_request_target: # zizmor: ignore[dangerous-triggers] @@ -29,6 +29,8 @@ jobs: permissions: # for hmarr/auto-approve-action to approve PRs pull-requests: write + # for alexwilson/enable-github-automerge-action to approve PRs + contents: write steps: - name: Disabled on forks @@ -37,13 +39,20 @@ jobs: echo 'Can not approve PRs from forks' exit 1 + - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0 + id: branchname + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') with: github-token: ${{ secrets.GITHUB_TOKEN }} - # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2 + # Enable GitHub auto merge + - name: Auto merge + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') with: - target: minor - github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index 104a05c42..cdb2b9e7a 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -56,7 +56,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -64,11 +64,11 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index 519b345ea..47bcd2df7 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -34,7 +34,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 - name: Set up php${{ steps.versions.outputs.php-min }} - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite @@ -45,7 +45,7 @@ jobs: - name: Install dependencies run: | - composer remove nextcloud/ocp --dev + composer remove nextcloud/ocp --dev --no-scripts composer i - name: Lint diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index adaa50b8a..b53d7b5ea 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -24,7 +24,7 @@ jobs: php-versions: ${{ steps.versions.outputs.php-versions }} steps: - name: Checkout app - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -43,12 +43,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml index 9601a972f..bc2f2a644 100644 --- a/.github/workflows/lint-stylelint.yml +++ b/.github/workflows/lint-stylelint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -33,11 +33,11 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index d1f18a1c0..0d7c372dd 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -53,7 +53,7 @@ jobs: name: NPM build steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -61,17 +61,23 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' + - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460 + run: | + npm i -g npm-package-lock-add-resolved@1.1.4 + npm-package-lock-add-resolved + git --no-pager diff --exit-code + - name: Install dependencies & build env: CYPRESS_INSTALL_BINARY: 0 @@ -80,7 +86,7 @@ jobs: npm ci npm run build --if-present - - name: Check webpack build changes + - name: Check build changes run: | bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index 2f804dc18..c72c4b4a6 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -26,15 +26,15 @@ jobs: matrix: branches: - ${{ github.event.repository.default_branch }} + - 'stable32' - 'stable31' - - 'stable30' name: npm-audit-fix-${{ matrix.branches }} steps: - name: Checkout id: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false ref: ${{ matrix.branches }} @@ -44,11 +44,11 @@ jobs: uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^20' - fallbackNpm: '^10' + fallbackNode: '^24' + fallbackNpm: '^11.3' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -69,7 +69,7 @@ jobs: - name: Create Pull Request if: steps.checkout.outcome == 'success' - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(deps): Fix npm audit' diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml index 98e9fada7..f4c0477ce 100644 --- a/.github/workflows/pr-feedback.yml +++ b/.github/workflows/pr-feedback.yml @@ -36,7 +36,7 @@ jobs: blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -) echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT" - - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main + - uses: nextcloud/pr-feedback-action@f0cab224dea8e1f282f9451de322f323c78fc7a5 # main with: feedback-message: | Hello there, @@ -50,6 +50,6 @@ jobs: (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).) days-before-feedback: 14 - start-date: '2024-04-30' + start-date: '2025-06-12' exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }}' exempt-bots: true diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 452186eea..90f8f37d2 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -24,7 +24,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -36,7 +36,7 @@ jobs: run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml - name: Set up php${{ steps.versions.outputs.php-available }} - uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ steps.versions.outputs.php-available }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite @@ -49,9 +49,12 @@ jobs: - name: Install dependencies run: | - composer remove nextcloud/ocp --dev + composer remove nextcloud/ocp --dev --no-scripts composer i + - name: Check for vulnerable PHP dependencies + run: composer require --dev roave/security-advisories:dev-latest + - name: Install nextcloud/ocp run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 95a8626a4..d65f3b0cb 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -19,9 +19,9 @@ jobs: runs-on: ubuntu-latest-low steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - name: REUSE Compliance Check - uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0 + uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0 diff --git a/.github/workflows/update-stable-titles.yml b/.github/workflows/update-stable-titles.yml index 65a1003b6..565e9bcc7 100644 --- a/.github/workflows/update-stable-titles.yml +++ b/.github/workflows/update-stable-titles.yml @@ -14,7 +14,6 @@ concurrency: jobs: update-pr-title: - if: github.event.pull_request.user.login != 'renovate[bot]' runs-on: ubuntu-latest-low permissions: pull-requests: write @@ -25,9 +24,9 @@ jobs: run: sleep 15 - name: Get PR details and update title - # Renovate already have ùatching branch in the title + # Renovate already have target branch in the title if: github.event.pull_request.user.login != 'renovate[bot]' - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: |