From 0dd44d807b37be144bcf36192dae4be1e5df63fa Mon Sep 17 00:00:00 2001 From: Richard Steinmetz Date: Wed, 19 Jun 2024 10:19:45 +0200 Subject: [PATCH] ci: update workflows from templates Signed-off-by: Richard Steinmetz --- .github/workflows/appstore-build-publish.yml | 48 ++++++----- .github/workflows/block-merge-freeze.yml | 7 +- .github/workflows/command-compile.yml | 40 +++++---- .github/workflows/fixup.yml | 7 +- .github/workflows/lint-eslint.yml | 82 +++++++++++++----- .github/workflows/lint-info-xml.yml | 17 ++-- .github/workflows/lint-php-cs.yml | 16 +++- .github/workflows/lint-php.yml | 32 ++++--- .github/workflows/lint-stylelint.yml | 17 ++-- .github/workflows/node-test.yml | 88 +++++++++++++++++--- .github/workflows/node.yml | 82 ++++++++++++------ .github/workflows/npm-audit-fix.yml | 30 ++++--- .github/workflows/pr-feedback.yml | 24 +++++- .github/workflows/psalm.yml | 29 ++++--- 14 files changed, 358 insertions(+), 161 deletions(-) diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml index 2c388f02f..37f8d3a2c 100644 --- a/.github/workflows/appstore-build-publish.yml +++ b/.github/workflows/appstore-build-publish.yml @@ -2,6 +2,9 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Build and publish app release @@ -9,9 +12,6 @@ on: release: types: [published] -env: - PHP_VERSION: 8.1 - jobs: build_and_publish: runs-on: ubuntu-latest @@ -21,7 +21,7 @@ jobs: steps: - name: Check actor permission - uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2.1 + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 with: require: write @@ -32,7 +32,7 @@ jobs: echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: ${{ env.APP_NAME }} @@ -44,38 +44,44 @@ jobs: expression: "//info//dependencies//nextcloud/@min-version" - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions # Continue if no package.json continue-on-error: true with: path: ${{ env.APP_NAME }} - fallbackNode: "^16" - fallbackNpm: "^7" + fallbackNode: '^20' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} # Skip if no package.json if: ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} # Skip if no package.json if: ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' + + - name: Get php version + id: php-versions + uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 + with: + filename: ${{ env.APP_NAME }}/appinfo/info.xml - - name: Set up php ${{ env.PHP_VERSION }} - uses: shivammathur/setup-php@7fdd3ece872ec7ec4c098ae5ab7637d5e0a96067 # v2 + - name: Set up php ${{ steps.php-versions.outputs.php-min }} + uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761 # v2 with: - php-version: ${{ env.PHP_VERSION }} + php-version: ${{ steps.php-versions.outputs.php-min }} coverage: none env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Check composer.json id: check_composer - uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2 + uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 with: files: "${{ env.APP_NAME }}/composer.json" @@ -88,14 +94,16 @@ jobs: - name: Build ${{ env.APP_NAME }} # Skip if no package.json if: ${{ steps.versions.outputs.nodeVersion }} + env: + NODE_ENV: production run: | cd ${{ env.APP_NAME }} npm ci - npm run build + npm run build --if-present - name: Check Krankerl config id: krankerl - uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2 + uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0 with: files: ${{ env.APP_NAME }}/krankerl.toml @@ -121,12 +129,12 @@ jobs: continue-on-error: true id: server-checkout run: | - NCVERSION=${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }} + NCVERSION='${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}' wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip unzip latest-$NCVERSION.zip - name: Checkout server master fallback - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 if: ${{ steps.server-checkout.outcome != 'success' }} with: submodules: true @@ -140,7 +148,7 @@ jobs: tar -xvf ${{ env.APP_NAME }}.tar.gz cd ../../../ # Setting up keys - echo "${{ secrets.APP_PRIVATE_KEY }}" > ${{ env.APP_NAME }}.key + echo '${{ secrets.APP_PRIVATE_KEY }}' > ${{ env.APP_NAME }}.key wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt" # Signing php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }} @@ -149,7 +157,7 @@ jobs: tar -zcvf ${{ env.APP_NAME }}.tar.gz ${{ env.APP_NAME }} - name: Attach tarball to github release - uses: svenstaro/upload-release-action@2b9d2847a97b04d02ad5c3df2d3a27baa97ce689 # v2 + uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2 id: attach_to_release with: repo_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml index 2e4b3e25d..bbbe1ab0d 100644 --- a/.github/workflows/block-merge-freeze.yml +++ b/.github/workflows/block-merge-freeze.yml @@ -2,6 +2,9 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Block merges during freezes @@ -27,10 +30,10 @@ jobs: steps: - name: Register server reference to fallback to master branch run: | - server_ref="$(if [ "${{ github.base_ref }}" = "main" ]; then echo -n "master"; else echo -n "${{ github.base_ref }}"; fi)" + server_ref="$(if [ '${{ github.base_ref }}' = 'main' ]; then echo -n 'master'; else echo -n '${{ github.base_ref }}'; fi)" echo "server_ref=$server_ref" >> $GITHUB_ENV - name: Download version.php from ${{ env.server_ref }} - run: curl https://github.com/raw/nextcloud/server/${{ env.server_ref }}/version.php --output version.php + run: curl 'https://github.com/raw/nextcloud/server/${{ env.server_ref }}/version.php' --output version.php - name: Run check run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC' diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml index 2228002ed..5df64a3e7 100644 --- a/.github/workflows/command-compile.yml +++ b/.github/workflows/command-compile.yml @@ -1,3 +1,11 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT + name: Compile Command on: issue_comment: @@ -29,7 +37,7 @@ jobs: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} - reactions: "+1" + reactions: '+1' - name: Parse command uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2 @@ -55,13 +63,13 @@ jobs: steps: - name: Restore cached git repository - uses: buildjet/cache@c3f061234bf0cd3e2ea5f1479d3cd8f526f0ba71 # v3 + uses: buildjet/cache@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3 with: path: .git key: git-repo - name: Checkout ${{ needs.init.outputs.head_ref }} - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: token: ${{ secrets.COMMAND_BOT_PAT }} fetch-depth: 0 @@ -69,30 +77,30 @@ jobs: - name: Setup git run: | - git config --local user.email "nextcloud-command@users.noreply.github.com" - git config --local user.name "nextcloud-command" + git config --local user.email 'nextcloud-command@users.noreply.github.com' + git config --local user.name 'nextcloud-command' - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: package-engines-versions with: fallbackNode: '^20' fallbackNpm: '^10' - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }} - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }} cache: npm - name: Set up npm ${{ steps.package-engines-versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.package-engines-versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.package-engines-versions.outputs.npmVersion }}' - name: Rebase to ${{ needs.init.outputs.base_ref }} if: ${{ contains(needs.init.outputs.arg1, 'rebase') }} run: | - git fetch origin ${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }} - git rebase origin/${{ needs.init.outputs.base_ref }} + git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}' + git rebase 'origin/${{ needs.init.outputs.base_ref }}' - name: Install dependencies & build env: @@ -105,30 +113,30 @@ jobs: - name: Commit default if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }} run: | - git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} + git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' git commit --signoff -m 'chore(assets): Recompile assets' - name: Commit fixup if: ${{ contains(needs.init.outputs.arg1, 'fixup') }} run: | - git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} + git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' git commit --fixup=HEAD --signoff - name: Commit amend if: ${{ contains(needs.init.outputs.arg1, 'amend') }} run: | - git add ${{ github.workspace }}${{ needs.init.outputs.git_path }} + git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}' git commit --amend --no-edit --signoff # Remove any [skip ci] from the amended commit git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')" - name: Push normally if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }} - run: git push origin ${{ needs.init.outputs.head_ref }} + run: git push origin '${{ needs.init.outputs.head_ref }}' - name: Force push if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }} - run: git push --force origin ${{ needs.init.outputs.head_ref }} + run: git push --force origin '${{ needs.init.outputs.head_ref }}' - name: Add reaction on failure uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 @@ -137,4 +145,4 @@ jobs: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} comment-id: ${{ github.event.comment.id }} - reactions: "-1" + reactions: '-1' diff --git a/.github/workflows/fixup.yml b/.github/workflows/fixup.yml index 9548d19f2..69da2bbb0 100644 --- a/.github/workflows/fixup.yml +++ b/.github/workflows/fixup.yml @@ -2,6 +2,9 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Block fixup and squash commits @@ -24,10 +27,10 @@ jobs: pull-requests: write name: Block fixup and squash commits - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low steps: - name: Run check - uses: skjnldsv/block-fixup-merge-action@42d26e1b536ce61e5cf467d65fb76caf4aa85acf # v1 + uses: skjnldsv/block-fixup-merge-action@c138ea99e45e186567b64cf065ce90f7158c236a # v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index 5e50a7147..0057e57c3 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -3,25 +3,12 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # -# Use lint-eslint together with lint-eslint-when-unrelated to make eslint a required check for GitHub actions -# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Lint eslint -on: - pull_request: - paths: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '.eslintrc.*' - - '.eslintignore' - - '**.js' - - '**.ts' - - '**.vue' +on: pull_request permissions: contents: read @@ -31,32 +18,81 @@ concurrency: cancel-in-progress: true jobs: + changes: + runs-on: ubuntu-latest-low + permissions: + contents: read + pull-requests: read + + outputs: + src: ${{ steps.changes.outputs.src}} + + steps: + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: changes + continue-on-error: true + with: + filters: | + src: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '.eslintrc.*' + - '.eslintignore' + - '**.js' + - '**.ts' + - '**.vue' + lint: runs-on: ubuntu-latest - name: eslint + needs: changes + if: needs.changes.outputs.src != 'false' + + name: NPM lint steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^16' - fallbackNpm: '^7' + fallbackNode: '^20' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Install dependencies + env: + CYPRESS_INSTALL_BINARY: 0 + PUPPETEER_SKIP_DOWNLOAD: true run: npm ci - name: Lint run: npm run lint + + summary: + permissions: + contents: none + runs-on: ubuntu-latest-low + needs: [changes, lint] + + if: always() + + # This is the summary, we just avoid to rename it so that branch protection rules still match + name: eslint + + steps: + - name: Summary status + run: if ${{ needs.changes.outputs.src != 'false' && needs.lint.result != 'success' }}; then exit 1; fi diff --git a/.github/workflows/lint-info-xml.yml b/.github/workflows/lint-info-xml.yml index 7b9e1c99c..736a89502 100644 --- a/.github/workflows/lint-info-xml.yml +++ b/.github/workflows/lint-info-xml.yml @@ -2,16 +2,13 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Lint info.xml -on: - pull_request: - push: - branches: - - main - - master - - stable* +on: pull_request permissions: contents: read @@ -22,18 +19,18 @@ concurrency: jobs: xml-linters: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low name: info.xml lint steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Download schema run: wget https://github.com/raw/nextcloud/appstore/master/nextcloudappstore/api/v1/release/info.xsd - name: Lint info.xml - uses: ChristophWurst/xmllint-action@39155a91429af431d65fafc21fa52ba5c4f5cb71 # v1.1 + uses: ChristophWurst/xmllint-action@36f2a302f84f8c83fceea0b9c59e1eb4a616d3c1 # v1.2 with: xml-file: ./appinfo/info.xml xml-schema-file: ./info.xsd diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index c29cc4df5..ea57e13e3 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -2,6 +2,9 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Lint php-cs @@ -22,12 +25,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Get php version + id: versions + uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 - - name: Set up php - uses: shivammathur/setup-php@7fdd3ece872ec7ec4c098ae5ab7637d5e0a96067 # v2 + - name: Set up php${{ steps.versions.outputs.php-available }} + uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761 # v2 with: - php-version: 8.1 + php-version: ${{ steps.versions.outputs.php-available }} + extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development env: diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 238b29972..286f13689 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -2,16 +2,13 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Lint php -on: - pull_request: - push: - branches: - - main - - master - - stable* +on: pull_request permissions: contents: read @@ -21,22 +18,35 @@ concurrency: cancel-in-progress: true jobs: + matrix: + runs-on: ubuntu-latest-low + outputs: + php-versions: ${{ steps.versions.outputs.php-versions }} + steps: + - name: Checkout app + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Get version matrix + id: versions + uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.0.0 + php-lint: runs-on: ubuntu-latest + needs: matrix strategy: matrix: - php-versions: [ "8.0", "8.1", "8.2" ] + php-versions: ${{fromJson(needs.matrix.outputs.php-versions)}} name: php-lint steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@7fdd3ece872ec7ec4c098ae5ab7637d5e0a96067 # v2 + uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761 # v2 with: php-version: ${{ matrix.php-versions }} + extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development env: @@ -48,7 +58,7 @@ jobs: summary: permissions: contents: none - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low needs: php-lint if: always() diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml index 33e350d5d..047b6d74b 100644 --- a/.github/workflows/lint-stylelint.yml +++ b/.github/workflows/lint-stylelint.yml @@ -2,6 +2,9 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Lint stylelint @@ -22,24 +25,26 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^16' - fallbackNpm: '^7' + fallbackNode: '^20' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Install dependencies + env: + CYPRESS_INSTALL_BINARY: 0 run: npm ci - name: Lint diff --git a/.github/workflows/node-test.yml b/.github/workflows/node-test.yml index bd1b5cc0e..018b16f03 100644 --- a/.github/workflows/node-test.yml +++ b/.github/workflows/node-test.yml @@ -2,8 +2,11 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT -name: Node +name: Node tests on: pull_request: @@ -13,32 +16,95 @@ on: - master - stable* +permissions: + contents: read + +concurrency: + group: node-tests-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: + changes: + runs-on: ubuntu-latest-low + permissions: + contents: read + pull-requests: read + + outputs: + src: ${{ steps.changes.outputs.src}} + + steps: + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: changes + continue-on-error: true + with: + filters: | + src: + - '.github/workflows/**' + - '__tests__/**' + - '__mocks__/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '**.js' + - '**.ts' + - '**.vue' + test: runs-on: ubuntu-latest - name: test + needs: changes + if: needs.changes.outputs.src != 'false' + steps: - name: Checkout - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^20' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - - name: Install dependencies - run: npm ci + - name: Install dependencies & build + env: + CYPRESS_INSTALL_BINARY: 0 + run: | + npm ci + npm run build --if-present - name: Test - run: npm run test + run: npm run test --if-present + + - name: Test and process coverage + run: npm run test:coverage --if-present + + - name: Collect coverage + uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 + with: + files: ./coverage/lcov.info + + summary: + permissions: + contents: none + runs-on: ubuntu-latest-low + needs: [changes, test] + + if: always() + + name: test-summary + + steps: + - name: Summary status + run: if ${{ needs.changes.outputs.src != 'false' && needs.test.result != 'success' }}; then exit 1; fi diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 92c76702d..f918b5c41 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -2,26 +2,13 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Node -on: - pull_request: - paths: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '**.js' - - '**.ts' - - '**.vue' - push: - branches: - - main - - master - - stable* +on: pull_request permissions: contents: read @@ -31,30 +18,62 @@ concurrency: cancel-in-progress: true jobs: + changes: + runs-on: ubuntu-latest-low + permissions: + contents: read + pull-requests: read + + outputs: + src: ${{ steps.changes.outputs.src}} + + steps: + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: changes + continue-on-error: true + with: + filters: | + src: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '**.js' + - '**.ts' + - '**.vue' + build: runs-on: ubuntu-latest - name: node + needs: changes + if: needs.changes.outputs.src != 'false' + + name: NPM build steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: - fallbackNode: '^16' - fallbackNpm: '^7' + fallbackNode: '^20' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Install dependencies & build + env: + CYPRESS_INSTALL_BINARY: 0 + PUPPETEER_SKIP_DOWNLOAD: true run: | npm ci npm run build --if-present @@ -69,3 +88,18 @@ jobs: git status git --no-pager diff exit 1 # make it red to grab attention + + summary: + permissions: + contents: none + runs-on: ubuntu-latest-low + needs: [changes, build] + + if: always() + + # This is the summary, we just avoid to rename it so that branch protection rules still match + name: node + + steps: + - name: Summary status + run: if ${{ needs.changes.outputs.src != 'false' && needs.build.result != 'success' }}; then exit 1; fi diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml index 1106515ea..054228a0c 100644 --- a/.github/workflows/npm-audit-fix.yml +++ b/.github/workflows/npm-audit-fix.yml @@ -2,6 +2,9 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Npm audit fix and compile @@ -19,53 +22,54 @@ jobs: fail-fast: false matrix: branches: ['main', 'master', 'stable29', 'stable28', 'stable27'] - + name: npm-audit-fix-${{ matrix.branches }} steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ matrix.branches }} - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 + uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 id: versions with: fallbackNode: '^20' - fallbackNpm: '^9' + fallbackNpm: '^10' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}' - name: Fix npm audit - run: | - npm audit fix + id: npm-audit + uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0 - name: Run npm ci and npm run build if: always() + env: + CYPRESS_INSTALL_BINARY: 0 run: | npm ci npm run build --if-present - name: Create Pull Request if: always() - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5 + uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 with: token: ${{ secrets.COMMAND_BOT_PAT }} - commit-message: "fix(deps): Fix npm audit" + commit-message: 'fix(deps): Fix npm audit' committer: GitHub author: nextcloud-command signoff: true branch: automated/noid/${{ matrix.branches }}-fix-npm-audit - title: "[${{ matrix.branches }}] Fix npm audit" - body: | - Auto-generated fix of npm audit + title: '[${{ matrix.branches }}] Fix npm audit' + body: ${{ steps.npm-audit.outputs.markdown }} labels: | dependencies 3. to review diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml index 559e183f3..7b68226f8 100644 --- a/.github/workflows/pr-feedback.yml +++ b/.github/workflows/pr-feedback.yml @@ -3,6 +3,13 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-FileCopyrightText: 2023 Marcel Klehr +# SPDX-FileCopyrightText: 2023 Joas Schilling <213943+nickvergessen@users.noreply.github.com> +# SPDX-FileCopyrightText: 2023 Daniel Kesselberg +# SPDX-FileCopyrightText: 2023 Florian Steffens +# SPDX-License-Identifier: MIT + name: 'Ask for feedback on PRs' on: schedule: @@ -17,18 +24,27 @@ jobs: id: scrape with: website: 'https://nextcloud.com/team/' - - uses: marcelklehr/pr-feedback-action@601109aa729eb4c8d6d0ece7567b9d4901db4aef + + - name: Get blocklist + id: blocklist + run: | + blocklist=$(curl https://github.com/raw/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -) + echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT" + + - uses: marcelklehr/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 with: feedback-message: | Hello there, - Thank you so much for taking the time and effort to create a pull request to our Nextcloud project. + Thank you so much for taking the time and effort to create a pull request to our Nextcloud project. We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6 Thank you for contributing to Nextcloud and we hope to hear from you soon! + + (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).) days-before-feedback: 14 - start-date: "2023-07-10" - exempt-authors: "${{ steps.scrape.outputs.users }},nextcloud-command,nextcloud-android-bot" + start-date: '2024-04-30' + exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }},nextcloud-command,nextcloud-android-bot' exempt-bots: true diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index a0a230eee..b1573a222 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -2,16 +2,13 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT name: Static analysis -on: - pull_request: - push: - branches: - - master - - main - - stable* +on: pull_request concurrency: group: psalm-${{ github.head_ref || github.run_id }} @@ -21,15 +18,20 @@ jobs: static-analysis: runs-on: ubuntu-latest - name: Nextcloud + name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Get php version + id: versions + uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1 - - name: Set up php - uses: shivammathur/setup-php@7fdd3ece872ec7ec4c098ae5ab7637d5e0a96067 # v2 + - name: Set up php${{ steps.versions.outputs.php-available }} + uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761 # v2 with: - php-version: 8.1 + php-version: ${{ steps.versions.outputs.php-available }} + extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none ini-file: development env: @@ -38,8 +40,5 @@ jobs: - name: Install dependencies run: composer i - - name: Install nextcloud/ocp - run: composer require --dev nextcloud/ocp:dev-master --ignore-platform-reqs --with-dependencies - - name: Run coding standards check run: composer run psalm