nextcloud · nextcloud-android-bot · Jan 17, 2026
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -0,0 +1,77 @@
+# synced from @nextcloud/android-config
+
+# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: 2025 Alper Ozturk <[email protected]>
+# SPDX-FileCopyrightText: 2023 Tobias Kaminsky <[email protected]>
+# SPDX-FileCopyrightText: 2023 Andy Scherzinger <[email protected]>
+# SPDX-FileCopyrightText: 2023 Josh Richards <[email protected]>
+# SPDX-FileCopyrightText: 2025 Marcel Hibbe <[email protected]>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: "Analysis"
+
+on:
+    pull_request:
+        branches: [ "master", "main", "stable-*" ]
+    push:
+        branches: [ "master", "main", "stable-*" ]
+
+permissions:
+    pull-requests: write
+    contents: write
+
+concurrency:
+    group: analysis-wrapper-${{ github.head_ref || github.run_id }}
+    cancel-in-progress: true
+
+jobs:
+    analysis:
+        runs-on: ubuntu-latest
+        steps:
+            - name: Disabled on forks
+              if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }}
+              run: |
+                  echo 'Can not analyze PRs from forks'
+                  exit 1
+            -   name: Setup variables # zizmor: ignore[template-injection]
+                id: get-vars
+                run: |
+                    if [ -z "$GITHUB_HEAD_REF" ]; then
+                        # push
+                        {
+                            echo "branch=$GITHUB_REF_NAME"
+                            echo "pr=$GITHUB_RUN_ID"
+                            echo "repo=${{ github.repository }}"
+                        } >> "$GITHUB_OUTPUT"
+                    else
+                        # pull request
+                        {
+                            echo "branch=$GITHUB_HEAD_REF"
+                            echo "pr=${{ github.event.pull_request.number }}"
+                            echo "repo=${{ github.event.pull_request.head.repo.full_name }}"
+                        } >> "$GITHUB_OUTPUT"
+                    fi
+            -   uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+                with:
+                    persist-credentials: false
+                    repository: ${{ steps.get-vars.outputs.repo }}
+                    ref: ${{ steps.get-vars.outputs.branch }}
+            -   name: Set up JDK 17
+                uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
+                with:
+                    distribution: "temurin"
+                    java-version: 17
+            -   name: Install dependencies
+                run: |
+                    sudo apt install python3-defusedxml
+            -   name: Run analysis wrapper
+                env:
+                    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                run: |
+                    mkdir -p "$HOME/.gradle"
+                    {
+                        echo "org.gradle.jvmargs=-Xmx1g -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8"
+                        echo "org.gradle.configureondemand=true"
+                        echo "kapt.incremental.apt=true"
+                    } > "$HOME/.gradle/gradle.properties"
+                    scripts/analysis/analysis-wrapper.sh "${{ steps.get-vars.outputs.branch }}" "${{ secrets.LOG_USERNAME }}" "${{ secrets.LOG_PASSWORD }}" "$GITHUB_RUN_NUMBER" "${{ steps.get-vars.outputs.pr }}"
diff --git a/.github/workflows/autoApproveSync.yml b/.github/workflows/autoApproveSync.yml
@@ -0,0 +1,40 @@
+# synced from @nextcloud/android-config
+
+# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: 2023 Álvaro Brey <[email protected]>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: Auto approve sync
+on:
+  pull_request_target: # zizmor: ignore[dangerous-triggers]
+    branches:
+      - master
+      - main
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - labeled
+
+concurrency:
+  group: sync-approve-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  pull-requests: write
+
+jobs:
+  auto-approve:
+    name: Auto approve sync
+    runs-on: ubuntu-latest
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'sync') && github.actor == 'nextcloud-android-bot' }}
+    steps:
+      - name: Disabled on forks
+        if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
+        run: |
+          echo 'Can not approve PRs from forks'
+          exit 1
+
+      - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,60 @@
+# synced from @nextcloud/android-config
+
+# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: 2023-2024 Andy Scherzinger <[email protected]>
+# SPDX-FileCopyrightText: 2022 Tobias Kaminsky <[email protected]>
+# SPDX-FileCopyrightText: 2022 Álvaro Brey <[email protected]>
+# SPDX-FileCopyrightText: 2025 Marcel Hibbe <[email protected]>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master", "main", "stable-*" ]
+  pull_request:
+    branches: [ "master", "main" ]
+  schedule:
+    - cron: '24 18 * * 3'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java' ]
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - name: Set Swap Space
+        if: runner.environment == 'github-hosted'
+        uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # v1.0
+        with:
+          swap-size-gb: 10
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        with:
+          languages: ${{ matrix.language }}
+      - name: Set up JDK 17
+        uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5.1.0
+        with:
+          distribution: "temurin"
+          java-version: 17
+      - name: Assemble
+        run: |
+          mkdir -p "$HOME/.gradle"
+          echo "org.gradle.jvmargs=-Xmx3g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > "$HOME/.gradle/gradle.properties"
+          ./gradlew --no-daemon assembleDebug
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
diff --git a/.github/workflows/detectNewJavaFiles.yml b/.github/workflows/detectNewJavaFiles.yml
@@ -0,0 +1,43 @@
+# synced from @nextcloud/android-config
+
+# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: 2023 Andy Scherzinger <[email protected]>
+# SPDX-FileCopyrightText: 2022 Tobias Kaminsky <[email protected]>
+# SPDX-FileCopyrightText: 2022 Álvaro Brey <[email protected]>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: "Detect new java files"
+
+on:
+  pull_request:
+    branches: [ master, main, stable-* ]
+
+permissions: read-all
+
+concurrency:
+  group: detect-new-java-files-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  detectNewJavaFiles:
+    runs-on: ubuntu-latest
+    steps:
+      - id: file_changes
+        uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b # v1.2.4
+        with:
+          output: ','
+      - name: Detect new java files
+        run: |
+          if [ -z '${{ steps.file_changes.outputs.files_added }}' ]; then
+              echo "No new files added"
+              exit 0
+          fi
+          new_java=$(echo '${{ steps.file_changes.outputs.files_added }}' | tr ',' '\n' | grep '\.java$' | cat)
+          if [ -n "$new_java" ]; then
+              # shellcheck disable=SC2016
+              printf 'New java files detected:\n```\n%s\n```\n' "$new_java" | tee "$GITHUB_STEP_SUMMARY"
+              exit 1
+          else
+              echo "No new java files detected"
+              exit 0
+          fi
diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml
@@ -0,0 +1,55 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: 2023 Marcel Klehr <[email protected]>
+# SPDX-FileCopyrightText: 2023 Joas Schilling <[email protected]>
+# SPDX-FileCopyrightText: 2023 Daniel Kesselberg <[email protected]>
+# SPDX-FileCopyrightText: 2023 Florian Steffens <[email protected]>
+# SPDX-License-Identifier: MIT
+
+name: 'Ask for feedback on PRs'
+on:
+  schedule:
+    - cron: '30 1 * * *'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  pr-feedback:
+    if: ${{ github.repository_owner == 'nextcloud' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: The get-github-handles-from-website action
+        uses: marcelklehr/get-github-handles-from-website-action@06b2239db0a48fe1484ba0bfd966a3ab81a08308 # v1.0.1
+        id: scrape
+        with:
+          website: 'https://nextcloud.com/team/'
+
+      - name: Get blocklist
+        id: blocklist
+        run: |
+          blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -)
+          echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT"
+
+      - uses: nextcloud/pr-feedback-action@5227c55be184087d0aef6338bee210d8620b6297 # main
+        with:
+          feedback-message: |
+            Hello there,
+            Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.
+
+            We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.
+
+            Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6
+
+            Thank you for contributing to Nextcloud and we hope to hear from you soon!
+
+            (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).)
+          days-before-feedback: 14
+          start-date: '2024-04-30'
+          exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }}'
+          exempt-bots: true
diff --git a/.github/workflows/renovate-approve-merge.yml b/.github/workflows/renovate-approve-merge.yml
@@ -0,0 +1,61 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Auto approve renovate PRs
+
+on:
+  pull_request_target: # zizmor: ignore[dangerous-triggers]
+    branches:
+      - main
+      - master
+      - stable*
+
+permissions:
+  contents: read
+
+concurrency:
+  group: renovate-approve-merge-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  auto-approve-merge:
+    if: github.event.pull_request.user.login == 'renovate[bot]'
+    runs-on: ubuntu-latest
+    permissions:
+      # for hmarr/auto-approve-action to approve PRs
+      pull-requests: write
+
+    steps:
+      - name: Disabled on forks
+        if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
+        run: |
+          echo 'Can not approve PRs from forks'
+          exit 1
+
+      - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
+        id: branchname
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # GitHub actions bot approve
+      - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
+        if: github.actor == 'renovate[bot]'
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.head_ref }}
+
+      # Enable GitHub auto merge
+      - name: Enable Pull Request Automerge
+        if: github.actor == 'renovate[bot]'
+        run: gh pr merge --merge --auto
+        env:
+          GH_TOKEN: ${{ secrets.AUTOMERGE }}
+
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,47 @@
+# synced from @nextcloud/android-config
+
+# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: 2023 Andy Scherzinger <[email protected]>
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+name: Scorecard supply-chain security
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: '32 23 * * 4'
+  push:
+    branches: [ "main", "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+concurrency: 
+  group: scorecard-supply-chain-security-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: false
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        with:
+          sarif_file: results.sarif