From a7e216cf67af681e4ef69d4107a61edb6b0b27fb Mon Sep 17 00:00:00 2001 From: nextcloud-command Date: Sun, 24 May 2026 03:27:38 +0000 Subject: [PATCH] ci(actions): Update workflow templates from organization template repository Signed-off-by: GitHub --- .github/actions-lock.txt | 28 +++--- .../block-unconventional-commits.yml | 2 +- .github/workflows/command-compile.yml | 49 ++++++---- .github/workflows/cypress.yml | 36 ++++--- .../workflows/dependabot-approve-merge.yml | 19 ++-- .github/workflows/lint-php-cs.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/node.yml | 93 ++----------------- .github/workflows/npm-audit-fix.yml | 2 +- .github/workflows/psalm.yml | 5 +- .github/workflows/sync-workflow-templates.yml | 3 +- 11 files changed, 88 insertions(+), 153 deletions(-) diff --git a/.github/actions-lock.txt b/.github/actions-lock.txt index 0bdd05fea..6017b9ebf 100644 --- a/.github/actions-lock.txt +++ b/.github/actions-lock.txt @@ -1,19 +1,19 @@ # SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -3db54dfe0671bf6c30556a5bb6487c22 block-merge-freeze.yml -30c9fe81a0a80bcf36cc7d441fcb8f9d block-unconventional-commits.yml -0c3e9b2e56e1b2590a005a80b55c3218 command-compile.yml -4cb6e4935d3f2bc1e3c99c77739118ca cypress.yml -cbffe424c47647a2e375f96f25b67af9 dependabot-approve-merge.yml +25fc4c7e69e778e20bdc9eb0cc96367e block-merge-freeze.yml +d42c24e161cb75a6394cb8bd347b9467 block-unconventional-commits.yml +a5a8fc40c0f979c2d799ae114a0b840b command-compile.yml +bdc4f186102137229b8d84db54d803a4 cypress.yml +56cf6e8b165be4343be41f47c1e79a9c dependabot-approve-merge.yml 2581a67c5bcdcd570427e6d51db767d7 fixup.yml -54f293d9abe11ac0035a7bbb96a4e453 lint-eslint.yml -ccd8a55c60e35b84becb0f7005ce1286 lint-php-cs.yml -5dcc3187a9460cb62a455235cbdb3562 lint-php.yml -cf229fbf443d2f7a303f22eb92745811 lint-stylelint.yml -c965845a0def7b39d872e47e93dd1139 node.yml -2d1e4038ee445a9fc1dcdb10c8036d34 npm-audit-fix.yml +7bcfba381bfb7c28d9ef6a7d55ac937b lint-eslint.yml +a674b6e725bcbc1064f7b68c678a2df6 lint-php-cs.yml +6078222f7c61540504fa9892729f4a04 lint-php.yml +bd5b5245dc07b5779031e13817663a3e lint-stylelint.yml +03759c9dc0fa748cb927b9f9cadf2925 node.yml +20d567b2158851c6b54170e0a7c7fc30 npm-audit-fix.yml 3c4a096b3b7dbaef0f8e5190ffe13518 pr-feedback.yml -2070d9569f327e758b9ce2b924c28fef psalm.yml +9fe5efdf1113d7fe92ba1f54f1111c4f psalm.yml 7db5b820f3750eebe988005a0bb2febd reuse.yml -9748607544294975609be21633372bdd sync-workflow-templates.yml -48c2c657b87747c9faeb589bcce08923 update-stable-titles.yml +9dc6b717be0006fc7974a50351686fd7 sync-workflow-templates.yml +22604c31b526de270a080eb19967a638 update-stable-titles.yml diff --git a/.github/workflows/block-unconventional-commits.yml b/.github/workflows/block-unconventional-commits.yml index 01c4deaf3..258951e8e 100644 --- a/.github/workflows/block-unconventional-commits.yml +++ b/.github/workflows/block-unconventional-commits.yml @@ -31,6 +31,6 @@ jobs: with: persist-credentials: false - - uses: webiny/action-conventional-commits@faccb24fc2550dd15c0390d944379d2d8ed9690e # v1.3.1 + - uses: webiny/action-conventional-commits@7f91b1595ca1951cdb671ddc9f07a49081ec5b69 # v1.4.2 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index a2beb663e..c517120a1 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -52,20 +52,20 @@ jobs: exit 1 - name: Check actor permission - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: write - name: Add reaction on start uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '+1' - name: Parse command - uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2 + uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v3.1 id: command # Init path depending on which command is run @@ -86,7 +86,7 @@ jobs: uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 if: failure() with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '-1' @@ -97,7 +97,7 @@ jobs: steps: - name: Restore cached git repository - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: .git key: git-repo @@ -105,9 +105,8 @@ jobs: - name: Checkout ${{ needs.init.outputs.head_ref }} uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - # Needed to allow force push later - persist-credentials: true - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + persist-credentials: false + token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 ref: ${{ needs.init.outputs.head_ref }} @@ -134,11 +133,13 @@ jobs: - name: Rebase to ${{ needs.init.outputs.base_ref }} if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} + env: + BASE_REF: ${{ needs.init.outputs.base_ref }} run: | - git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}' + git fetch origin "${BASE_REF}:${BASE_REF}" # Start the rebase - git rebase 'origin/${{ needs.init.outputs.base_ref }}' || { + git rebase "origin/${BASE_REF}" || { # Handle rebase conflicts in a loop while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do echo "Handling rebase conflict..." @@ -146,11 +147,11 @@ jobs: # Remove and checkout /dist and /js folders from the base branch if [ -d "dist" ]; then rm -rf dist - git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch" + git checkout "origin/${BASE_REF}" -- dist/ 2>/dev/null || echo "No dist folder in base branch" fi if [ -d "js" ]; then rm -rf js - git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch" + git checkout "origin/${BASE_REF}" -- js/ 2>/dev/null || echo "No js folder in base branch" fi # Stage all changes @@ -182,20 +183,26 @@ jobs: - name: Commit default if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --signoff -m 'chore(assets): Recompile assets' - name: Commit fixup if: ${{ contains(needs.init.outputs.arg1, 'fixup') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --fixup=HEAD --signoff - name: Commit amend if: ${{ contains(needs.init.outputs.arg1, 'amend') }} + env: + GIT_PATH: ${{ needs.init.outputs.git_path }} run: | - git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' + git add "${GITHUB_WORKSPACE}${GIT_PATH}" git commit --amend --no-edit --signoff # Remove any [skip ci] from the amended commit git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')" @@ -204,19 +211,25 @@ jobs: if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }} env: HEAD_REF: ${{ needs.init.outputs.head_ref }} - run: git push origin "$HEAD_REF" + BOT_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + run: | + git remote set-url origin "https://x-access-token:${BOT_TOKEN}@github.com/${{ github.repository }}.git" + git push origin "$HEAD_REF" - name: Force push if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }} env: HEAD_REF: ${{ needs.init.outputs.head_ref }} - run: git push --force-with-lease origin "$HEAD_REF" + BOT_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + run: | + git remote set-url origin "https://x-access-token:${BOT_TOKEN}@github.com/${{ github.repository }}.git" + git push --force-with-lease origin "$HEAD_REF" - name: Add reaction on failure uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 if: failure() with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} reactions: '-1' diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index 26819dde9..3e13d4f50 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -81,7 +81,7 @@ jobs: TESTING=true npm run build --if-present - name: Save context - uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: key: cypress-context-${{ github.run_id }} path: ./ @@ -93,17 +93,15 @@ jobs: strategy: fail-fast: false matrix: - # Please increase the number or runners as your tests suite grows (0 based index for e2e tests) - containers: [0, 1, 2, 3, 4, 5, 6, 7] - # Hack as strategy.job-total includes the component and GitHub does not allow math expressions - # Always align this number with the total of e2e runners (max. index + 1) - total-containers: [8] + # Run multiple copies of the current job in parallel + # Please increase the number or runners as your tests suite grows + containers: ['component', '1', '2', '3'] name: runner ${{ matrix.containers }} steps: - name: Restore context - uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: fail-on-cache-miss: true key: cypress-context-${{ github.run_id }} @@ -117,18 +115,17 @@ jobs: - name: Set up npm ${{ needs.init.outputs.npmVersion }} run: npm i -g 'npm@${{ needs.init.outputs.npmVersion }}' - - name: Install cypress - run: ./node_modules/cypress/bin/cypress install - - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests - uses: cypress-io/github-action@b7a7441d775af8f8b9d19945c10dd689a51dba68 # v7.2.0 + uses: cypress-io/github-action@dace029018fcdf86e0df89a31bc3cfa5b32570d8 # v7.3.0 with: - # We already installed the dependencies in the init job - install: false + record: ${{ secrets.CYPRESS_RECORD_KEY && true }} + parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }} # cypress run type component: ${{ matrix.containers == 'component' }} - # Do not add Cypress record key config as this conflicts with cypress-split - # Cypress again tries to force users to buy their dashboard... + group: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_GROUP }} + # cypress env + ci-build-id: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_BUILD_ID }} + tag: ${{ secrets.CYPRESS_RECORD_KEY && github.event_name }} env: # Needs to be prefixed with CYPRESS_ CYPRESS_BRANCH: ${{ env.BRANCH }} @@ -137,11 +134,12 @@ jobs: # Needed for some specific code workarounds TESTING: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SPLIT: ${{ matrix.total-containers }} - SPLIT_INDEX: ${{ matrix.containers == 'component' && 0 || matrix.containers }} + CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} + CYPRESS_BUILD_ID: ${{ github.sha }}-${{ github.run_number }} + CYPRESS_GROUP: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} - name: Upload snapshots - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: snapshots_${{ matrix.containers }} @@ -152,7 +150,7 @@ jobs: run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log - name: Upload NC logs - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: failure() && matrix.containers != 'component' with: name: nc_logs_${{ matrix.containers }} diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index f84397b83..ea6b17c9c 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.event.pull_request.user.login == 'dependabot[bot]' runs-on: ubuntu-latest-low permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve step to work pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,22 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} + - name: GitHub actions bot approve + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # 2.0.0 + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && (github.event.action == 'opened' || github.event.action == 'reopened') && (steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index da402086a..60102e892 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -34,7 +34,7 @@ jobs: uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2 - name: Set up php${{ steps.versions.outputs.php-min }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index d1eafea62..985037251 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -49,7 +49,7 @@ jobs: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 417d97a21..9f672c2af 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -6,108 +6,27 @@ # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT -name: Node +# TODO: Remove this after a grace period of 6 months to give everyone the chance to switch to the new workflow name +# TODO: To be removed end of 2026. +name: No-op please switch to npm-build.yml on: pull_request permissions: - contents: read + contents: none concurrency: group: node-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: - changes: - runs-on: ubuntu-latest-low - permissions: - contents: read - pull-requests: read - - outputs: - src: ${{ steps.changes.outputs.src}} - - steps: - - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 - id: changes - continue-on-error: true - with: - filters: | - src: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '**.js' - - '**.ts' - - '**.vue' - - build: - runs-on: ubuntu-latest - - needs: changes - if: needs.changes.outputs.src != 'false' - - name: NPM build - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 - id: versions - with: - fallbackNode: '^24' - fallbackNpm: '^11.3' - - - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 - with: - node-version: ${{ steps.versions.outputs.nodeVersion }} - - - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - - - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460 - run: | - npm i -g npm-package-lock-add-resolved@1.1.4 - npm-package-lock-add-resolved - git --no-pager diff --exit-code - - - name: Install dependencies & build - env: - CYPRESS_INSTALL_BINARY: 0 - PUPPETEER_SKIP_DOWNLOAD: true - run: | - npm ci - npm run build --if-present - - - name: Check build changes - run: | - bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" - - - name: Show changes on failure - if: failure() - run: | - git status - git --no-pager diff - exit 1 # make it red to grab attention - summary: - permissions: - contents: none runs-on: ubuntu-latest-low - needs: [changes, build] - if: always() # This is the summary, we just avoid to rename it so that branch protection rules still match name: node steps: - - name: Summary status - run: if ${{ needs.changes.outputs.src != 'false' && needs.build.result != 'success' }}; then exit 1; fi + - name: No-op please switch to npm-build.yml + run: echo "The workflow has been renamed, please switch to npm-build.yml from organization templates"; exit 1; diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index a86d9fbc1..82fa89f5c 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -72,7 +72,7 @@ jobs: if: steps.checkout.outcome == 'success' uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_PAT }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(deps): Fix npm audit' committer: GitHub author: nextcloud-command diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index d69fd2884..ff2884e3b 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -36,7 +36,7 @@ jobs: run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml - name: Set up php${{ steps.versions.outputs.php-available }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ steps.versions.outputs.php-available }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite @@ -52,9 +52,6 @@ jobs: composer remove nextcloud/ocp --dev --no-scripts composer i - - name: Check for vulnerable PHP dependencies - run: composer require --dev roave/security-advisories:dev-latest - - name: Install nextcloud/ocp run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies diff --git a/.github/workflows/sync-workflow-templates.yml b/.github/workflows/sync-workflow-templates.yml index c80d19447..93704ef34 100644 --- a/.github/workflows/sync-workflow-templates.yml +++ b/.github/workflows/sync-workflow-templates.yml @@ -26,6 +26,7 @@ jobs: matrix: branches: - ${{ github.event.repository.default_branch }} + - 'stable34' - 'stable33' - 'stable32' @@ -122,7 +123,7 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: - token: ${{ secrets.COMMAND_BOT_WORKFLOWS }} # zizmor: ignore[secrets-outside-env] + token: ${{ secrets.COMMAND_BOT_WORKFLOWS }} commit-message: 'ci(actions): Update workflow templates from organization template repository' committer: GitHub author: nextcloud-command