diff --git a/.github/workflows/block-merge-eol.yml b/.github/workflows/block-merge-eol.yml index 99042c44..31f84a99 100644 --- a/.github/workflows/block-merge-eol.yml +++ b/.github/workflows/block-merge-eol.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Set server major version environment - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml index ff4d1570..f28a0210 100644 --- a/.github/workflows/block-merge-freeze.yml +++ b/.github/workflows/block-merge-freeze.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Register server reference to fallback to master branch - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index e9e39751..70b29b29 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -11,6 +11,9 @@ on: issue_comment: types: [created] +permissions: + contents: read + jobs: init: runs-on: ubuntu-latest diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index ff4417a8..ed902d92 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -24,7 +24,7 @@ concurrency: jobs: auto-approve-merge: - if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]' + if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]' runs-on: ubuntu-latest-low permissions: # for hmarr/auto-approve-action to approve PRs diff --git a/.github/workflows/phpunit-mariadb.yml b/.github/workflows/phpunit-mariadb.yml index 597ca1c5..3edb0268 100644 --- a/.github/workflows/phpunit-mariadb.yml +++ b/.github/workflows/phpunit-mariadb.yml @@ -70,7 +70,7 @@ jobs: matrix: php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} - mariadb-versions: ['10.6', '10.11'] + mariadb-versions: ['10.6', '11.4'] name: MariaDB ${{ matrix.mariadb-versions }} PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }} @@ -80,11 +80,12 @@ jobs: ports: - 4444:3306/tcp env: - MYSQL_ROOT_PASSWORD: rootpassword - options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 5 + MARIADB_ROOT_PASSWORD: rootpassword + options: --health-cmd="mariadb-admin ping" --health-interval 5s --health-timeout 2s --health-retries 5 steps: - name: Set app env + if: ${{ env.APP_NAME == '' }} run: | # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml index a9c8dd85..9c898a61 100644 --- a/.github/workflows/phpunit-mysql.yml +++ b/.github/workflows/phpunit-mysql.yml @@ -83,6 +83,7 @@ jobs: steps: - name: Set app env + if: ${{ env.APP_NAME == '' }} run: | # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml index bc415bb9..1d9ae923 100644 --- a/.github/workflows/phpunit-oci.yml +++ b/.github/workflows/phpunit-oci.yml @@ -96,6 +96,7 @@ jobs: steps: - name: Set app env + if: ${{ env.APP_NAME == '' }} run: | # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml index 4f8e9027..284efa29 100644 --- a/.github/workflows/phpunit-pgsql.yml +++ b/.github/workflows/phpunit-pgsql.yml @@ -86,6 +86,7 @@ jobs: steps: - name: Set app env + if: ${{ env.APP_NAME == '' }} run: | # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml index 21bd0f77..bdbc39be 100644 --- a/.github/workflows/phpunit-sqlite.yml +++ b/.github/workflows/phpunit-sqlite.yml @@ -70,15 +70,12 @@ jobs: matrix: php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} - include: - - php-versions: '8.3' - server-versions: master - coverage: true name: SQLite PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }} steps: - name: Set app env + if: ${{ env.APP_NAME == '' }} run: | # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV @@ -103,7 +100,7 @@ jobs: php-version: ${{ matrix.php-versions }} # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite - coverage: ${{ matrix.coverage && 'xdebug' || 'none' }} + coverage: none ini-file: development # Temporary workaround for missing pcntl_* in PHP 8.3 ini-values: disable_functions= @@ -143,17 +140,7 @@ jobs: # Only run if phpunit config file exists if: steps.check_phpunit.outcome == 'success' working-directory: apps/${{ env.APP_NAME }} - run: composer run test:unit${{ matrix.coverage && ':coverage' }} - - - name: Upload Unit coverage - if: matrix.coverage == true - uses: codecov/codecov-action@v4 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - root_dir: ./apps/${{ env.APP_NAME }} - files: ./apps/${{ env.APP_NAME }}/tests/clover.unit.xml - fail_ci_if_error: false + run: composer run test:unit - name: Check PHPUnit integration script is defined id: check_integration diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml index cda79480..98e9fada 100644 --- a/.github/workflows/pr-feedback.yml +++ b/.github/workflows/pr-feedback.yml @@ -15,6 +15,10 @@ on: schedule: - cron: '30 1 * * *' +permissions: + contents: read + pull-requests: write + jobs: pr-feedback: if: ${{ github.repository_owner == 'nextcloud' }} @@ -32,7 +36,7 @@ jobs: blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -) echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT" - - uses: marcelklehr/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 + - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main with: feedback-message: | Hello there, diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index c2d2e862..452186ee 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -14,6 +14,9 @@ concurrency: group: psalm-${{ github.head_ref || github.run_id }} cancel-in-progress: true +permissions: + contents: read + jobs: static-analysis: runs-on: ubuntu-latest diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index b6828556..0d8e1962 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -11,6 +11,9 @@ name: REUSE Compliance Check on: [pull_request] +permissions: + contents: read + jobs: reuse-compliance-check: runs-on: ubuntu-latest