sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #53069 from nextcloud/ci/noid/syncActions 

ci(gh): Sync actions
pull/53106/head
Andy Scherzinger 2025-05-23 23:00:29 +07:00 committed by GitHub
parent 0795408e6a 94e071e30f
commit 7c45c147dc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
48 changed files with 370 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.github/workflows/block-merge-eol.yml vendored
Unescape Escape View File

@ -27,13 +27,22 @@ jobs:
steps:
- name: Set server major version environment
run: |
# retrieve version number from branch reference
server_major=$(echo "${{ github.base_ref }}" | sed -En 's/stable//p')
echo "server_major=$server_major" >> $GITHUB_ENV
echo "current_month=$(date +%Y-%m)" >> $GITHUB_ENV
- name: Checking if ${{ env.server_major }} is EOL
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const regex = /^stable(\d+)$/
const baseRef = context.payload.pull_request.base.ref
const match = baseRef.match(regex)
if (match) {
console.log('Setting server_major to ' + match[1]);
core.exportVariable('server_major', match[1]);
console.log('Setting current_month to ' + (new Date()).toISOString().substr(0, 7));
core.exportVariable('current_month', (new Date()).toISOString().substr(0, 7));
}
- name: Checking if server ${{ env.server_major }} is EOL
if: ${{ env.server_major != '' }}
run: |
curl -s https://raw.githubusercontent.com/nextcloud-releases/updater_server/production/config/major_versions.json \
| jq '.["${{ env.server_major }}"]["eol"] // "9999-99" | . >= "${{ env.current_month }}"' \

26
.github/workflows/block-merge-freeze.yml vendored
Unescape Escape View File

@ -28,8 +28,30 @@ jobs:
runs-on: ubuntu-latest-low
steps:
- name: Download version.php from ${{ github.base_ref }}
run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ github.base_ref }}/version.php' --output version.php
- name: Register server reference to fallback to master branch
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const baseRef = context.payload.pull_request.base.ref
if (baseRef === 'main' || baseRef === 'master') {
core.exportVariable('server_ref', 'master');
console.log('Setting server_ref to master');
} else {
const regex = /^stable(\d+)$/
const match = baseRef.match(regex)
if (match) {
core.exportVariable('server_ref', match[0]);
console.log('Setting server_ref to ' + match[0]);
} else {
console.log('Not based on master/main/stable*, so skipping freeze check');
}
}
- name: Download version.php from ${{ env.server_ref }}
if: ${{ env.server_ref != '' }}
run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ env.server_ref }}/version.php' --output version.php
- name: Run check
if: ${{ env.server_ref != '' }}
run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC'

26
.github/workflows/block-outdated-3rdparty.yml vendored
Unescape Escape View File

@ -32,22 +32,44 @@ jobs:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: 3rdparty commit hash on current branch
id: actual
run: |
echo "commit=$(git submodule status | grep ' 3rdparty' | egrep -o '[a-f0-9]{40}')" >> "$GITHUB_OUTPUT"
- name: Register server reference to fallback to master branch
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const baseRef = context.payload.pull_request.base.ref
if (baseRef === 'main' || baseRef === 'master') {
core.exportVariable('server_ref', 'master');
console.log('Setting server_ref to master');
} else {
const regex = /^stable(\d+)$/
const match = baseRef.match(regex)
if (match) {
core.exportVariable('server_ref', match[0]);
console.log('Setting server_ref to ' + match[0]);
} else {
console.log('Not based on master/main/stable*, so skipping freeze check');
}
}
- name: Last 3rdparty commit on target branch
id: target
run: |
echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ github.base_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT"
echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ env.server_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT"
- name: Compare if 3rdparty commits are different
run: |
echo '3rdparty/ seems to not point to the last commit of the dedicated branch:'
echo 'Branch has: ${{ steps.actual.outputs.commit }}'
echo '${{ github.base_ref }} has: ${{ steps.target.outputs.commit }}'
echo '${{ env.server_ref }} has: ${{ steps.target.outputs.commit }}'
- name: Fail if 3rdparty commits are different
if: ${{ steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}

2
.github/workflows/block-unconventional-commits.yml vendored
Unescape Escape View File

@ -28,6 +28,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0
with:

4
.github/workflows/command-compile.yml vendored
Unescape Escape View File

@ -11,6 +11,9 @@ on:
issue_comment:
types: [created]
permissions:
contents: read
jobs:
init:
runs-on: ubuntu-latest
@ -102,6 +105,7 @@ jobs:
- name: Checkout ${{ needs.init.outputs.head_ref }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
# Needed to allow force push later
persist-credentials: true
token: ${{ secrets.COMMAND_BOT_PAT }}
fetch-depth: 0

38
.github/workflows/command-pull-3rdparty.yml vendored
Unescape Escape View File

@ -38,24 +38,56 @@ jobs:
id: comment-branch
- name: Checkout ${{ steps.comment-branch.outputs.head_ref }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
fetch-depth: 0
token: ${{ secrets.COMMAND_BOT_PAT }}
ref: ${{ steps.comment-branch.outputs.head_ref }}
- name: Register server reference to fallback to master branch
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const baseRef = context.payload.pull_request.base.ref
if (baseRef === 'main' || baseRef === 'master') {
core.exportVariable('server_ref', 'master');
console.log('Setting server_ref to master');
} else {
const regex = /^stable(\d+)$/
const match = baseRef.match(regex)
if (match) {
core.exportVariable('server_ref', match[0]);
console.log('Setting server_ref to ' + match[0]);
} else {
console.log('Not based on master/main/stable*, so skipping freeze check');
}
}
- name: Setup git
run: |
git config --local user.email 'nextcloud-command@users.noreply.github.com'
git config --local user.name 'nextcloud-command'
- name: Add reaction on failure
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
if: ${{ env.server_ref == '' }}
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: '-1'
- name: Pull 3rdparty
run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ github.event.issue.pull_request.base.ref }}'"'"'; fi'
if: ${{ env.server_ref != '' }}
run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ env.server_ref }}'"'"'; fi'
- name: Commit and push changes
if: ${{ env.server_ref != '' }}
run: |
git add 3rdparty
git commit -s -m 'Update submodule 3rdparty to latest ${{ github.event.issue.pull_request.base.ref }}'
git commit -s -m 'Update submodule 3rdparty to latest ${{ env.server_ref }}'
git push
- name: Add reaction on failure

14
.github/workflows/cypress.yml vendored
Unescape Escape View File

@ -18,9 +18,16 @@ env:
# Adjust APP_NAME if your repository name is different
APP_NAME: ${{ github.event.repository.name }}
# Server requires head_ref instead of base_ref, as we want to test the PR branch
# This represents the server branch to checkout.
# Usually it's the base branch of the PR, but for pushes it's the branch itself.
# e.g. 'main', 'stable27' or 'feature/my-feature'
# n.b. server will use head_ref, as we want to test the PR branch.
BRANCH: ${{ github.head_ref || github.ref_name }}
permissions:
contents: read
jobs:
init:
runs-on: ubuntu-latest
@ -43,6 +50,7 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
# We need to checkout submodules for 3rdparty
submodules: true
@ -80,7 +88,7 @@ jobs:
run: npm run cypress:version
- name: Save context
uses: buildjet/cache/save@v4
uses: buildjet/cache/save@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
with:
key: cypress-context-${{ github.run_id }}
path: ./
@ -148,7 +156,7 @@ jobs:
steps:
- name: Restore context
uses: buildjet/cache/restore@v4
uses: buildjet/cache/restore@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
with:
fail-on-cache-miss: true
key: cypress-context-${{ github.run_id }}

4
.github/workflows/dependabot-approve-merge.yml vendored
Unescape Escape View File

@ -9,7 +9,7 @@
name: Dependabot
on:
pull_request_target:
pull_request_target: # zizmor: ignore[dangerous-triggers]
branches:
- main
- master
@ -24,7 +24,7 @@ concurrency:
jobs:
auto-approve-merge:
if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
runs-on: ubuntu-latest-low
permissions:
# for hmarr/auto-approve-action to approve PRs

8
.github/workflows/files-external-ftp.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
concurrency:
group: files-external-ftp-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -53,8 +56,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up ftpd
@ -101,7 +105,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-ftp

17
.github/workflows/files-external-s3.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
concurrency:
group: files-external-s3-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -50,7 +53,7 @@ jobs:
services:
minio:
image: bitnami/minio
image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
env:
MINIO_ROOT_USER: nextcloud
MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@ -60,8 +63,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -99,7 +103,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-s3
@ -136,14 +140,15 @@ jobs:
env:
SERVICES: s3
DEBUG: 1
image: localstack/localstack
image: localstack/localstack@sha256:b52c16663c70b7234f217cb993a339b46686e30a1a5d9279cb5feeb2202f837c # v4.4.0
ports:
- "4566:4566"
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -173,7 +178,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-s3

8
.github/workflows/files-external-sftp.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
concurrency:
group: files-external-sftp-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -53,8 +56,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up sftpd
@ -90,7 +94,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-sftp

9
.github/workflows/files-external-smb-kerberos.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
concurrency:
group: files-external-smb-kerberos-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -43,13 +46,15 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Checkout user_saml
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
repository: nextcloud/user_saml
path: apps/user_saml

10
.github/workflows/files-external-smb.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
concurrency:
group: files-external-smb-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -50,14 +53,15 @@ jobs:
services:
samba:
image: ghcr.io/nextcloud/continuous-integration-samba:latest
image: ghcr.io/nextcloud/continuous-integration-samba:latest # zizmor: ignore[unpinned-images]
ports:
- 445:445
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -95,7 +99,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-smb

10
.github/workflows/files-external-webdav.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
concurrency:
group: files-external-webdav-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -50,14 +53,15 @@ jobs:
services:
apache:
image: ghcr.io/nextcloud/continuous-integration-webdav-apache:latest
image: ghcr.io/nextcloud/continuous-integration-webdav-apache:latest # zizmor: ignore[unpinned-images]
ports:
- 8081:80
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -92,7 +96,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-webdav

8
.github/workflows/files-external.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
concurrency:
group: files-external-generic-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -49,8 +52,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -80,7 +84,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-files-external-generic

8
.github/workflows/integration-dav.yml vendored
Unescape Escape View File

@ -4,6 +4,9 @@ name: DAV integration tests
on:
pull_request:
permissions:
contents: read
concurrency:
group: integration-caldav-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -51,8 +54,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -67,7 +71,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: LizardByte/setup-python-action@master
uses: LizardByte/setup-python-action@f4367d0377eceec7e5e26da8f3863dd365b95a94 # v2025.426.160528
with:
python-version: '2.7'

6
.github/workflows/integration-litmus.yml vendored
Unescape Escape View File

@ -4,6 +4,9 @@ name: Litmus integration tests
on:
pull_request:
permissions:
contents: read
concurrency:
group: integration-litmus-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -50,8 +53,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}

10
.github/workflows/integration-s3-primary.yml vendored
Unescape Escape View File

@ -4,6 +4,9 @@ name: S3 primary storage integration tests
on:
pull_request:
permissions:
contents: read
concurrency:
group: integration-s3-primary-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -50,12 +53,12 @@ jobs:
services:
redis:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
ports:
- 6379:6379/tcp
minio:
image: bitnami/minio
image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
env:
MINIO_ROOT_USER: nextcloud
MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@ -65,8 +68,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}

7
.github/workflows/integration-sqlite.yml vendored
Unescape Escape View File

@ -77,12 +77,12 @@ jobs:
services:
redis:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
ports:
- 6379:6379/tcp
openldap:
image: ghcr.io/nextcloud/continuous-integration-openldap:openldap-7
image: ghcr.io/nextcloud/continuous-integration-openldap:openldap-7 # zizmor: ignore[unpinned-images]
ports:
- 389:389
env:
@ -95,12 +95,14 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Checkout Talk app
if: ${{ matrix.test-suite == 'videoverification_features' }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
repository: nextcloud/spreed
path: apps/spreed
ref: ${{ matrix.spreed-versions }}
@ -109,6 +111,7 @@ jobs:
if: ${{ matrix.test-suite == 'sharing_features' }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
repository: nextcloud/activity
path: apps/activity
ref: ${{ matrix.activity-versions }}

7
.github/workflows/lint-eslint.yml vendored
Unescape Escape View File

@ -20,6 +20,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src}}
@ -54,6 +57,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@ -63,7 +68,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v3
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}

4
.github/workflows/lint-php-cs.yml vendored
Unescape Escape View File

@ -49,9 +49,11 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up php8.1
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: 8.1
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite

4
.github/workflows/lint-php.yml vendored
Unescape Escape View File

@ -54,9 +54,11 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
coverage: none

2
.github/workflows/lint-stylelint.yml vendored
Unescape Escape View File

@ -26,6 +26,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3

13
.github/workflows/node-test.yml vendored
Unescape Escape View File

@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src}}
@ -60,6 +63,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@ -81,6 +86,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up node ${{ needs.versions.outputs.nodeVersion }}
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
@ -99,7 +106,7 @@ jobs:
run: npm run test:coverage --if-present
- name: Collect coverage
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./coverage/lcov.info
@ -119,6 +126,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up node ${{ needs.versions.outputs.nodeVersion }}
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
@ -147,6 +156,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up node ${{ needs.versions.outputs.nodeVersion }}
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0

7
.github/workflows/node.yml vendored
Unescape Escape View File

@ -20,6 +20,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src}}
@ -54,6 +57,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@ -63,7 +68,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v3
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}

2
.github/workflows/npm-audit-fix.yml vendored
Unescape Escape View File

@ -24,7 +24,7 @@ jobs:
strategy:
fail-fast: false
matrix:
branches: ['main', 'master', 'stable31', 'stable30', 'stable29']
branches: ['main', 'master', 'stable31', 'stable30']
name: npm-audit-fix-${{ matrix.branches }}

12
.github/workflows/object-storage-azure.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "15 2 * * *"
permissions:
contents: read
concurrency:
group: object-storage-azure-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -54,7 +57,7 @@ jobs:
services:
azurite:
image: mcr.microsoft.com/azure-storage/azurite
image: mcr.microsoft.com/azure-storage/azurite@sha256:0a47e12e3693483cef5c71f35468b91d751611f172d2f97414e9c69113b106d9 # v3.34.0
env:
AZURITE_ACCOUNTS: nextcloud:bmV4dGNsb3Vk
ports:
@ -62,15 +65,16 @@ jobs:
options: --health-cmd="nc 127.0.0.1 10000 -z" --health-interval=1s --health-retries=30
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -105,7 +109,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-azure

12
.github/workflows/object-storage-s3.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "15 2 * * *"
permissions:
contents: read
concurrency:
group: object-storage-s3-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -54,13 +57,13 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
minio:
image: bitnami/minio
image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
env:
MINIO_ROOT_USER: nextcloud
MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@ -70,8 +73,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -111,7 +115,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-s3

12
.github/workflows/object-storage-swift.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "15 2 * * *"
permissions:
contents: read
concurrency:
group: object-storage-swift-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -54,21 +57,22 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
swift:
image: ghcr.io/cscfi/docker-keystone-swift
image: ghcr.io/cscfi/docker-keystone-swift@sha256:e8b1ec21120ab9adc6ac6a2b98785fd273676439a8633fe898e37f2aea7e0712
ports:
- 5000:5000
- 8080:8080
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -101,7 +105,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-swift

4
.github/workflows/openapi.yml vendored
Unescape Escape View File

@ -27,9 +27,11 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Set up php
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: '8.1'
extensions: ctype, curl, dom, fileinfo, gd, json, libxml, mbstring, openssl, pcntl, pdo, posix, session, simplexml, xml, xmlreader, xmlwriter, zip, zlib

17
.github/workflows/performance.yml vendored
Unescape Escape View File

@ -4,6 +4,9 @@ name: Performance testing
on:
pull_request:
permissions:
contents: read
concurrency:
group: performance-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -14,6 +17,9 @@ jobs:
if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
permissions:
pull-requests: write
strategy:
fail-fast: false
matrix:
@ -29,13 +35,14 @@ jobs:
exit 1
- name: Checkout server before PR
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
ref: ${{ github.event.pull_request.base.ref }}
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
@ -49,7 +56,7 @@ jobs:
php -S localhost:8080 &
- name: Apply blueprint
uses: icewind1991/blueprint@v0.1.2
uses: icewind1991/blueprint@00504403f76cb2a09efd0d16793575055e6f63cb # v0.1.2
with:
blueprint: tests/blueprints/basic.toml
ref: ${{ github.event.pull_request.head.ref }}
@ -66,7 +73,7 @@ jobs:
output: before.json
profiler-branch: master
- name: Apply PR
- name: Apply PR # zizmor: ignore[template-injection]
run: |
git remote add pr '${{ github.event.pull_request.head.repo.clone_url }}'
git fetch pr '${{ github.event.pull_request.head.ref }}'
@ -98,7 +105,7 @@ jobs:
before.json
after.json
- uses: actions/github-script@v7
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
if: failure() && steps.compare.outcome == 'failure'
with:
github-token: ${{secrets.GITHUB_TOKEN}}

3
.github/workflows/phpunit-32bits.yml vendored
Unescape Escape View File

@ -32,8 +32,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Install tools

10
.github/workflows/phpunit-mariadb.yml vendored
Unescape Escape View File

@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src}}
@ -68,7 +71,7 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
@ -88,10 +91,11 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@ -124,7 +128,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-mariadb

7
.github/workflows/phpunit-memcached.yml vendored
Unescape Escape View File

@ -64,15 +64,16 @@ jobs:
services:
memcached:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 11212:11212/tcp
- 11212:11212/udp
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -101,7 +102,7 @@ jobs:
- name: Upload code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.xml
flags: phpunit-memcached

17
.github/workflows/phpunit-mysql-sharding.yml vendored
Unescape Escape View File

@ -62,13 +62,13 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
mysql:
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
ports:
- 4444:3306/tcp
env:
@ -78,7 +78,7 @@ jobs:
MYSQL_DATABASE: oc_autotest
options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
shard1:
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
ports:
- 5001:3306/tcp
env:
@ -88,7 +88,7 @@ jobs:
MYSQL_DATABASE: nextcloud
options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
shard2:
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
ports:
- 5002:3306/tcp
env:
@ -98,7 +98,7 @@ jobs:
MYSQL_DATABASE: nextcloud
options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
shard3:
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
ports:
- 5003:3306/tcp
env:
@ -108,7 +108,7 @@ jobs:
MYSQL_DATABASE: nextcloud
options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
shard4:
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
ports:
- 5004:3306/tcp
env:
@ -120,8 +120,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -159,7 +160,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-mysql

14
.github/workflows/phpunit-mysql.yml vendored
Unescape Escape View File

@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src }}
@ -68,13 +71,13 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
mysql:
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
ports:
- 4444:3306/tcp
env:
@ -86,12 +89,13 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@ -124,7 +128,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-mysql

7
.github/workflows/phpunit-nodb.yml vendored
Unescape Escape View File

@ -67,15 +67,16 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
@ -107,7 +108,7 @@ jobs:
- name: Upload nodb code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.nodb.xml
flags: phpunit-nodb

10
.github/workflows/phpunit-object-store-primary.yml vendored
Unescape Escape View File

@ -6,6 +6,9 @@ on:
schedule:
- cron: "15 2 * * *"
permissions:
contents: read
concurrency:
group: phpunit-object-store-primary-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -54,13 +57,13 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
minio:
image: bitnami/minio
image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
env:
MINIO_ROOT_USER: nextcloud
MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@ -70,8 +73,9 @@ jobs:
steps:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}

10
.github/workflows/phpunit-oci.yml vendored
Unescape Escape View File

@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src }}
@ -73,7 +76,7 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
@ -100,10 +103,11 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@ -129,7 +133,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-oci

12
.github/workflows/phpunit-pgsql.yml vendored
Unescape Escape View File

@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src }}
@ -69,13 +72,13 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
postgres:
image: ghcr.io/nextcloud/continuous-integration-postgres-${{ matrix.postgres-versions }}:latest
image: ghcr.io/nextcloud/continuous-integration-postgres-${{ matrix.postgres-versions }}:latest # zizmor: ignore[unpinned-images]
ports:
- 4444:5432/tcp
env:
@ -88,10 +91,11 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@ -119,7 +123,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-postgres

10
.github/workflows/phpunit-sqlite.yml vendored
Unescape Escape View File

@ -23,6 +23,9 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
outputs:
src: ${{ steps.changes.outputs.src }}
@ -64,7 +67,7 @@ jobs:
services:
cache:
image: ghcr.io/nextcloud/continuous-integration-redis:latest
image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
ports:
- 6379:6379/tcp
options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
@ -73,10 +76,11 @@ jobs:
- name: Checkout server
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
with:
php-version: ${{ matrix.php-versions }}
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@ -105,7 +109,7 @@ jobs:
- name: Upload db code coverage
if: ${{ !cancelled() && matrix.coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./clover.db.xml
flags: phpunit-sqlite

7
.github/workflows/pr-feedback.yml vendored
Unescape Escape View File

@ -15,8 +15,13 @@ on:
schedule:
- cron: '30 1 * * *'
permissions:
contents: read
pull-requests: write
jobs:
pr-feedback:
if: ${{ github.repository_owner == 'nextcloud' }}
runs-on: ubuntu-latest
steps:
- name: The get-github-handles-from-website action
@ -31,7 +36,7 @@ jobs:
blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -)
echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT"
- uses: marcelklehr/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4
- uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main
with:
feedback-message: |
Hello there,

15
.github/workflows/reuse.yml vendored
Unescape Escape View File

@ -11,12 +11,17 @@ name: REUSE Compliance Check
on: [pull_request]
permissions:
contents: read
jobs:
reuse-compliance-check:
runs-on: ubuntu-latest
runs-on: ubuntu-latest-low
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: REUSE Compliance Check
uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0
- name: REUSE Compliance Check
uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0

5
.github/workflows/stale.yml vendored
Unescape Escape View File

@ -7,6 +7,9 @@ on:
schedule:
- cron: "0 0 * * *"
permissions:
contents: read
jobs:
stale:
runs-on: ubuntu-latest
@ -17,7 +20,7 @@ jobs:
issues: write
steps:
- uses: actions/stale@v9
- uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9
with:
repo-token: ${{ secrets.COMMAND_BOT_PAT }}
stale-issue-message: >

9
.github/workflows/static-code-analysis.yml vendored
Unescape Escape View File

@ -13,6 +13,9 @@ on:
- '.github/workflows/static-code-analysis.yml'
- '**.php'
permissions:
contents: read
concurrency:
group: static-code-analysis-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
@ -27,6 +30,7 @@ jobs:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
persist-credentials: false
submodules: true
- name: Set up php
@ -57,6 +61,7 @@ jobs:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
persist-credentials: false
submodules: true
- name: Set up php
@ -78,7 +83,7 @@ jobs:
- name: Upload Security Analysis results to GitHub
if: always()
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3
with:
sarif_file: results.sarif
@ -91,6 +96,7 @@ jobs:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
persist-credentials: false
submodules: true
- name: Set up php
@ -121,6 +127,7 @@ jobs:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
persist-credentials: false
submodules: true
- name: Set up php

6
.github/workflows/update-cacert-bundle.yml vendored
Unescape Escape View File

@ -7,6 +7,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
jobs:
update-ca-certificate-bundle:
runs-on: ubuntu-latest
@ -19,8 +22,9 @@ jobs:
name: update-ca-certificate-bundle-${{ matrix.branches }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: ${{ matrix.branches }}
submodules: true

6
.github/workflows/update-code-signing-crl.yml vendored
Unescape Escape View File

@ -7,6 +7,9 @@ on:
schedule:
- cron: "5 2 * * *"
permissions:
contents: read
jobs:
update-code-signing-crl:
runs-on: ubuntu-latest
@ -19,8 +22,9 @@ jobs:
name: update-code-signing-crl-${{ matrix.branches }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
ref: ${{ matrix.branches }}
submodules: true

6
.github/workflows/update-min-supported-desktop.yml vendored
Unescape Escape View File

@ -7,13 +7,17 @@ on:
schedule:
- cron: "0 0 * * 1"
permissions:
contents: read
jobs:
update-minimum-supported-desktop-version:
runs-on: ubuntu-latest-low
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
submodules: true
- name: Download desktop client version file from 5 years ago