From 0764bd9724c9a82109db9d12c0cf46b9cd17ea5f Mon Sep 17 00:00:00 2001 From: "backportbot[bot]" <63340225+backportbot[bot]@users.noreply.github.com> Date: Wed, 23 Apr 2025 13:47:43 +0200 Subject: [PATCH] [stable30] chore: update workflows from templates (#6921) * chore: update workflows from templates Signed-off-by: grnd-alt * chore: set minimum phpVersion for psalm Signed-off-by: grnd-alt --------- Signed-off-by: grnd-alt Co-authored-by: grnd-alt --- .github/workflows/appstore-build-publish.yml | 18 +++++++++++++++++- .../workflows/dependabot-approve-merge.yml | 4 ++-- .github/workflows/lint-php-cs.yml | 6 ++++-- .github/workflows/phpunit-mysql.yml | 9 ++++++++- .github/workflows/phpunit-pgsql.yml | 9 ++++++++- .github/workflows/phpunit-sqlite.yml | 9 ++++++++- .github/workflows/pr-feedback.yml | 2 +- .github/workflows/psalm.yml | 19 ++++++++++++++++--- .github/workflows/reuse.yml | 3 +++ .../update-nextcloud-ocp-approve-merge.yml | 4 ++-- .github/workflows/update-nextcloud-ocp.yml | 4 ++++ psalm.xml | 1 + 12 files changed, 74 insertions(+), 14 deletions(-) diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index aa8d7dc54..97250fa48 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -12,6 +12,9 @@ on: release: types: [published] +permissions: + contents: write + jobs: build_and_publish: runs-on: ubuntu-latest @@ -34,11 +37,23 @@ jobs: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false path: ${{ env.APP_NAME }} + - name: Get app version number + id: app-version + uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # master + with: + filename: ${{ env.APP_NAME }}/appinfo/info.xml + expression: "//info//version/text()" + + - name: Validate app version against tag + run: | + [ "${{ env.APP_VERSION }}" = "v${{ fromJSON(steps.app-version.outputs.result).version }}" ] + - name: Get appinfo data id: appinfo - uses: skjnldsv/xpath-action@7e6a7c379d0e9abc8acaef43df403ab4fc4f770c # master + uses: skjnldsv/xpath-action@f5b036e9d973f42c86324833fd00be90665fbf77 # master with: filename: ${{ env.APP_NAME }}/appinfo/info.xml expression: "//info//dependencies//nextcloud/@min-version" @@ -137,6 +152,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 if: ${{ steps.server-checkout.outcome != 'success' }} with: + persist-credentials: false submodules: true repository: nextcloud/server path: nextcloud diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index efe8bfe37..ed902d928 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -9,7 +9,7 @@ name: Dependabot on: - pull_request_target: + pull_request_target: # zizmor: ignore[dangerous-triggers] branches: - main - master @@ -24,7 +24,7 @@ concurrency: jobs: auto-approve-merge: - if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]' + if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]' runs-on: ubuntu-latest-low permissions: # for hmarr/auto-approve-action to approve PRs diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index 510834889..d1cd51c79 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -34,7 +34,7 @@ jobs: - name: Set up php${{ steps.versions.outputs.php-available }} uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1 with: - php-version: ${{ steps.versions.outputs.php-available }} + php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development @@ -42,7 +42,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install dependencies - run: composer i + run: | + composer remove nextcloud/ocp --dev + composer i - name: Lint run: composer run cs:check || ( echo 'Please run `composer run cs:fix` to format your code' && exit 1 ) diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml index c0f4c69b3..0c987dba5 100644 --- a/.github/workflows/phpunit-mysql.yml +++ b/.github/workflows/phpunit-mysql.yml @@ -81,6 +81,7 @@ jobs: steps: - name: Set app env + if: ${{ env.APP_NAME == '' }} run: | # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV @@ -88,6 +89,7 @@ jobs: - name: Checkout server uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false submodules: true repository: nextcloud/server ref: ${{ matrix.server-versions }} @@ -95,6 +97,7 @@ jobs: - name: Checkout app uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} @@ -105,6 +108,8 @@ jobs: extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, mysql, pdo_mysql coverage: none ini-file: development + # Temporary workaround for missing pcntl_* in PHP 8.3 + ini-values: disable_functions= env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -123,7 +128,9 @@ jobs: # Only run if phpunit config file exists if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} - run: composer i + run: | + composer remove nextcloud/ocp --dev + composer i - name: Set up Nextcloud env: diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml index 2a23e02e6..fa3de6f8a 100644 --- a/.github/workflows/phpunit-pgsql.yml +++ b/.github/workflows/phpunit-pgsql.yml @@ -84,6 +84,7 @@ jobs: steps: - name: Set app env + if: ${{ env.APP_NAME == '' }} run: | # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV @@ -91,6 +92,7 @@ jobs: - name: Checkout server uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false submodules: true repository: nextcloud/server ref: ${{ matrix.server-versions }} @@ -98,6 +100,7 @@ jobs: - name: Checkout app uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} @@ -108,6 +111,8 @@ jobs: extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql coverage: none ini-file: development + # Temporary workaround for missing pcntl_* in PHP 8.3 + ini-values: disable_functions= env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -121,7 +126,9 @@ jobs: # Only run if phpunit config file exists if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} - run: composer i + run: | + composer remove nextcloud/ocp --dev + composer i - name: Set up Nextcloud env: diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml index be9e33243..88663c4dd 100644 --- a/.github/workflows/phpunit-sqlite.yml +++ b/.github/workflows/phpunit-sqlite.yml @@ -73,6 +73,7 @@ jobs: steps: - name: Set app env + if: ${{ env.APP_NAME == '' }} run: | # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV @@ -80,6 +81,7 @@ jobs: - name: Checkout server uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false submodules: true repository: nextcloud/server ref: ${{ matrix.server-versions }} @@ -87,6 +89,7 @@ jobs: - name: Checkout app uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false path: apps/${{ env.APP_NAME }} - name: Set up php ${{ matrix.php-versions }} @@ -97,6 +100,8 @@ jobs: extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development + # Temporary workaround for missing pcntl_* in PHP 8.3 + ini-values: disable_functions= env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -110,7 +115,9 @@ jobs: # Only run if phpunit config file exists if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} - run: composer i + run: | + composer remove nextcloud/ocp --dev + composer i - name: Set up Nextcloud env: diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml index 6a01fa09b..ac3434f8e 100644 --- a/.github/workflows/pr-feedback.yml +++ b/.github/workflows/pr-feedback.yml @@ -31,7 +31,7 @@ jobs: blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -) echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT" - - uses: marcelklehr/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 + - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main with: feedback-message: | Hello there, diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index e9258903b..9e1f4e1e7 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -14,6 +14,9 @@ concurrency: group: psalm-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: static-analysis: runs-on: ubuntu-latest @@ -27,18 +30,28 @@ jobs: id: versions uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 + - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml + run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml + - name: Set up php${{ steps.versions.outputs.php-available }} uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1 with: - php-version: ${{ steps.versions.outputs.php-available }} + php-version: ${{ steps.versions.outputs.php-min }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development + # Temporary workaround for missing pcntl_* in PHP 8.3 + ini-values: disable_functions= env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install dependencies - run: composer i + run: | + composer remove nextcloud/ocp --dev + composer i + + - name: Install nextcloud/ocp + run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies - name: Run coding standards check - run: composer run psalm + run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 95eaba80e..8fa6b1507 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -11,6 +11,9 @@ name: REUSE Compliance Check on: [pull_request] +permissions: + contents: read + jobs: reuse-compliance-check: runs-on: ubuntu-latest diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml index 1b967a1f2..dfe0ef4e9 100644 --- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml +++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml @@ -9,7 +9,7 @@ name: Auto approve nextcloud/ocp on: - pull_request_target: + pull_request_target: # zizmor: ignore[dangerous-triggers] branches: - main - master @@ -52,7 +52,7 @@ jobs: # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # main + uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0 if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index 6e705cc8c..4109d166d 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -13,6 +13,9 @@ on: schedule: - cron: "5 2 * * 0" +permissions: + contents: read + jobs: update-nextcloud-ocp: runs-on: ubuntu-latest @@ -28,6 +31,7 @@ jobs: - id: checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: + persist-credentials: false ref: ${{ matrix.branches }} submodules: true continue-on-error: true diff --git a/psalm.xml b/psalm.xml index a8bbb415e..fe9c87e23 100644 --- a/psalm.xml +++ b/psalm.xml @@ -6,6 +6,7 @@ xmlns="https://getpsalm.org/schema/config" xsi:schemaLocation="https://getpsalm.org/schema/config" errorBaseline="tests/psalm-baseline.xml" + phpVersion="8.1" >