diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml
index aa8d7dc54..316ba144f 100644
--- a/.github/workflows/appstore-build-publish.yml
+++ b/.github/workflows/appstore-build-publish.yml
@@ -12,6 +12,9 @@ on:
release:
types: [published]
+permissions:
+ contents: write
+
jobs:
build_and_publish:
runs-on: ubuntu-latest
@@ -32,10 +35,22 @@ jobs:
echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: ${{ env.APP_NAME }}
+ - name: Get app version number
+ id: app-version
+ uses: skjnldsv/xpath-action@7e6a7c379d0e9abc8acaef43df403ab4fc4f770c # master
+ with:
+ filename: ${{ env.APP_NAME }}/appinfo/info.xml
+ expression: "//info//version/text()"
+
+ - name: Validate app version against tag
+ run: |
+ [ "${{ env.APP_VERSION }}" = "v${{ fromJSON(steps.app-version.outputs.result).version }}" ]
+
- name: Get appinfo data
id: appinfo
uses: skjnldsv/xpath-action@7e6a7c379d0e9abc8acaef43df403ab4fc4f770c # master
@@ -56,7 +71,7 @@ jobs:
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
# Skip if no package.json
if: ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
@@ -134,9 +149,10 @@ jobs:
unzip latest-$NCVERSION.zip
- name: Checkout server master fallback
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
if: ${{ steps.server-checkout.outcome != 'success' }}
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
path: nextcloud
diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
index c6c61bd73..45d01b119 100644
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -24,6 +24,10 @@ env:
# n.b. server will use head_ref, as we want to test the PR branch.
BRANCH: ${{ github.base_ref || github.ref_name }}
+
+permissions:
+ contents: read
+
jobs:
init:
runs-on: ubuntu-latest-low
@@ -42,7 +46,9 @@ jobs:
exit 1
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Check composer.json
id: check_composer
@@ -62,7 +68,7 @@ jobs:
fallbackNpm: "^10"
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
@@ -102,7 +108,7 @@ jobs:
path: ./
- name: Set up node ${{ needs.init.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ needs.init.outputs.nodeVersion }}
@@ -110,7 +116,7 @@ jobs:
run: npm i -g 'npm@${{ needs.init.outputs.npmVersion }}'
- name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests
- uses: cypress-io/github-action@0da3c06ed8217b912deea9d8ee69630baed1737e # v6.7.6
+ uses: cypress-io/github-action@57b70560982e6a11d23d4b8bec7f8a487cdbb71b # v6.7.8
with:
record: ${{ secrets.CYPRESS_RECORD_KEY && true }}
parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }}
@@ -133,7 +139,7 @@ jobs:
CYPRESS_GROUP: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }}
- name: Upload snapshots
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+ uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: always()
with:
name: snapshots_${{ matrix.containers }}
@@ -144,7 +150,7 @@ jobs:
run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log
- name: Upload NC logs
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+ uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: failure() && matrix.containers != 'component'
with:
name: nc_logs_${{ matrix.containers }}
diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml
index efe8bfe37..583fd4810 100644
--- a/.github/workflows/dependabot-approve-merge.yml
+++ b/.github/workflows/dependabot-approve-merge.yml
@@ -9,7 +9,7 @@
name: Dependabot
on:
- pull_request_target:
+ pull_request:
branches:
- main
- master
@@ -24,7 +24,7 @@ concurrency:
jobs:
auto-approve-merge:
- if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
+ if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
runs-on: ubuntu-latest-low
permissions:
# for hmarr/auto-approve-action to approve PRs
diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml
index 74c5e9c88..104a05c42 100644
--- a/.github/workflows/lint-eslint.yml
+++ b/.github/workflows/lint-eslint.yml
@@ -56,7 +56,9 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -66,7 +68,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/lint-info-xml.yml b/.github/workflows/lint-info-xml.yml
index 736a89502..25b655043 100644
--- a/.github/workflows/lint-info-xml.yml
+++ b/.github/workflows/lint-info-xml.yml
@@ -24,7 +24,9 @@ jobs:
name: info.xml lint
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Download schema
run: wget https://raw.githubusercontent.com/nextcloud/appstore/master/nextcloudappstore/api/v1/release/info.xsd
diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml
index 510834889..519b345ea 100644
--- a/.github/workflows/lint-php-cs.yml
+++ b/.github/workflows/lint-php-cs.yml
@@ -25,16 +25,18 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get php version
id: versions
uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
- - name: Set up php${{ steps.versions.outputs.php-available }}
+ - name: Set up php${{ steps.versions.outputs.php-min }}
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1
with:
- php-version: ${{ steps.versions.outputs.php-available }}
+ php-version: ${{ steps.versions.outputs.php-min }}
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
coverage: none
ini-file: development
@@ -42,7 +44,9 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install dependencies
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Lint
run: composer run cs:check || ( echo 'Please run `composer run cs:fix` to format your code' && exit 1 )
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 104fed644..adaa50b8a 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -24,7 +24,10 @@ jobs:
php-versions: ${{ steps.versions.outputs.php-versions }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
+
- name: Get version matrix
id: versions
uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.0.0
@@ -40,7 +43,9 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1
diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml
index 1e9db8f77..9601a972f 100644
--- a/.github/workflows/lint-stylelint.yml
+++ b/.github/workflows/lint-stylelint.yml
@@ -25,7 +25,9 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -35,7 +37,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml
index 3ca15c8b7..0137e9795 100644
--- a/.github/workflows/node.yml
+++ b/.github/workflows/node.yml
@@ -53,7 +53,9 @@ jobs:
name: NPM build
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -63,7 +65,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml
index c3e4f2fd3..ab51e6c48 100644
--- a/.github/workflows/npm-audit-fix.yml
+++ b/.github/workflows/npm-audit-fix.yml
@@ -14,6 +14,9 @@ on:
# At 2:30 on Sundays
- cron: '30 2 * * 0'
+permissions:
+ contents: read
+
jobs:
build:
runs-on: ubuntu-latest
@@ -27,9 +30,12 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ id: checkout
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
ref: ${{ matrix.branches }}
+ continue-on-error: true
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -39,7 +45,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
@@ -51,7 +57,7 @@ jobs:
uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0
- name: Run npm ci and npm run build
- if: always()
+ if: steps.checkout.outcome == 'success'
env:
CYPRESS_INSTALL_BINARY: 0
run: |
@@ -59,8 +65,8 @@ jobs:
npm run build --if-present
- name: Create Pull Request
- if: always()
- uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+ if: steps.checkout.outcome == 'success'
+ uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: 'fix(deps): Fix npm audit'
diff --git a/.github/workflows/openapi.yml b/.github/workflows/openapi.yml
index cf6d2778c..a70aab5c6 100644
--- a/.github/workflows/openapi.yml
+++ b/.github/workflows/openapi.yml
@@ -26,7 +26,9 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get php version
id: php_versions
@@ -60,7 +62,7 @@ jobs:
- name: Set up node ${{ steps.node_versions.outputs.nodeVersion }}
if: ${{ steps.node_versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.node_versions.outputs.nodeVersion }}
@@ -68,7 +70,7 @@ jobs:
if: ${{ steps.node_versions.outputs.nodeVersion }}
run: npm i -g 'npm@${{ steps.node_versions.outputs.npmVersion }}'
- - name: Install dependencies & build
+ - name: Install dependencies
if: ${{ steps.node_versions.outputs.nodeVersion }}
env:
CYPRESS_INSTALL_BINARY: 0
diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml
index 8f1b65f51..1ea2f6a32 100644
--- a/.github/workflows/phpunit-mysql.yml
+++ b/.github/workflows/phpunit-mysql.yml
@@ -24,7 +24,9 @@ jobs:
matrix: ${{ steps.versions.outputs.sparse-matrix }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -86,8 +88,9 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
@@ -100,8 +103,9 @@ jobs:
path: apps/circles
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -112,6 +116,8 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, mysql, pdo_mysql
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -120,21 +126,23 @@ jobs:
echo "SET GLOBAL sql_mode=(SELECT CONCAT(@@sql_mode,',ONLY_FULL_GROUP_BY'));" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
echo 'SELECT @@sql_mode;' | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
- - name: Set up Circles dependencies
- working-directory: apps/circles
- run: composer i
-
- name: Check composer file existence
id: check_composer
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
with:
files: apps/${{ env.APP_NAME }}/composer.json
+ - name: Set up Circles dependencies
+ working-directory: apps/circles
+ run: composer i
+
- name: Set up dependencies
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml
index 721af4e36..905c44a26 100644
--- a/.github/workflows/phpunit-oci.yml
+++ b/.github/workflows/phpunit-oci.yml
@@ -25,7 +25,9 @@ jobs:
server-max: ${{ steps.versions.outputs.branches-max-list }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -99,8 +101,9 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
@@ -113,8 +116,9 @@ jobs:
path: apps/circles
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -125,24 +129,28 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, oci8
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Set up Circles dependencies
- working-directory: apps/circles
- run: composer i
-
- name: Check composer file existence
id: check_composer
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
with:
files: apps/${{ env.APP_NAME }}/composer.json
+ - name: Set up Circles dependencies
+ working-directory: apps/circles
+ run: composer i
+
- name: Set up dependencies
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml
index 44a9a85a2..5d45850af 100644
--- a/.github/workflows/phpunit-pgsql.yml
+++ b/.github/workflows/phpunit-pgsql.yml
@@ -25,7 +25,9 @@ jobs:
server-max: ${{ steps.versions.outputs.branches-max-list }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -89,8 +91,9 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
@@ -103,8 +106,9 @@ jobs:
path: apps/circles
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -115,24 +119,28 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Set up Circles dependencies
- working-directory: apps/circles
- run: composer i
-
- name: Check composer file existence
id: check_composer
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
with:
files: apps/${{ env.APP_NAME }}/composer.json
+ - name: Set up Circles dependencies
+ working-directory: apps/circles
+ run: composer i
+
- name: Set up dependencies
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml
index 55b28f494..9b66a78cc 100644
--- a/.github/workflows/phpunit-sqlite.yml
+++ b/.github/workflows/phpunit-sqlite.yml
@@ -25,7 +25,9 @@ jobs:
server-max: ${{ steps.versions.outputs.branches-max-list }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -78,8 +80,9 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
@@ -92,8 +95,9 @@ jobs:
path: apps/circles
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -104,24 +108,28 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Set up Circles dependencies
- working-directory: apps/circles
- run: composer i
-
- name: Check composer file existence
id: check_composer
uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
with:
files: apps/${{ env.APP_NAME }}/composer.json
+ - name: Set up Circles dependencies
+ working-directory: apps/circles
+ run: composer i
+
- name: Set up dependencies
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index e9258903b..452186eea 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -14,6 +14,9 @@ concurrency:
group: psalm-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
+permissions:
+ contents: read
+
jobs:
static-analysis:
runs-on: ubuntu-latest
@@ -21,12 +24,17 @@ jobs:
name: static-psalm-analysis
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get php version
id: versions
uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
+ - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml
+ run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml
+
- name: Set up php${{ steps.versions.outputs.php-available }}
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1
with:
@@ -34,11 +42,18 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install dependencies
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
+
+ - name: Install nextcloud/ocp
+ run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies
- name: Run coding standards check
- run: composer run psalm
+ run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github
diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml
index b6828556a..0d8e1962a 100644
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -11,6 +11,9 @@ name: REUSE Compliance Check
on: [pull_request]
+permissions:
+ contents: read
+
jobs:
reuse-compliance-check:
runs-on: ubuntu-latest
diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml
index 5edf7ac1b..386b63160 100644
--- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml
+++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml
@@ -9,7 +9,7 @@
name: Auto approve nextcloud/ocp
on:
- pull_request_target:
+ pull_request_target: # zizmor: ignore[dangerous-triggers]
branches:
- main
- master
@@ -39,7 +39,7 @@ jobs:
echo 'Can not approve PRs from forks'
exit 1
- - uses: mdecoleman/pr-branch-name@bab4c71506bcd299fb350af63bb8e53f2940a599 # v2.0.0
+ - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
id: branchname
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml
index 69498cc33..5592f61ba 100644
--- a/.github/workflows/update-nextcloud-ocp.yml
+++ b/.github/workflows/update-nextcloud-ocp.yml
@@ -13,6 +13,9 @@ on:
schedule:
- cron: "5 2 * * 0"
+permissions:
+ contents: read
+
jobs:
update-nextcloud-ocp:
runs-on: ubuntu-latest
@@ -26,8 +29,9 @@ jobs:
steps:
- id: checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
ref: ${{ matrix.branches }}
submodules: true
continue-on-error: true
@@ -103,7 +107,7 @@ jobs:
- name: Create Pull Request
if: steps.checkout.outcome == 'success'
- uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+ uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: 'chore(dev-deps): Bump nextcloud/ocp package'
diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
index e1d591aef..3c22caa6d 100644
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@@ -1,4 +1,5 @@
-
-
-
- (
- $obj_a->getUserMapping()->getType() === $obj_b->getUserMapping()->getType() &&
- $obj_a->getUserMapping()->getId() === $obj_b->getUserMapping()->getId()
- ) ? 0 : -1]]>
-
-
-
-
- ($a->getRevisionId() <=> $b->getRevisionId()) *
- ($a->getSourceFile()->getId() <=> $b->getSourceFile()->getId())]]>
-
-
-
+