diff --git a/.github/workflows/appstore-build-publish.yml b/.github/workflows/appstore-build-publish.yml
deleted file mode 100644
index aa8d7dc5..00000000
--- a/.github/workflows/appstore-build-publish.yml
+++ /dev/null
@@ -1,175 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-#
-# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Build and publish app release
-
-on:
- release:
- types: [published]
-
-jobs:
- build_and_publish:
- runs-on: ubuntu-latest
-
- # Only allowed to be run on nextcloud-releases repositories
- if: ${{ github.repository_owner == 'nextcloud-releases' }}
-
- steps:
- - name: Check actor permission
- uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
- with:
- require: write
-
- - name: Set app env
- run: |
- # Split and keep last
- echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
-
- - name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- with:
- path: ${{ env.APP_NAME }}
-
- - name: Get appinfo data
- id: appinfo
- uses: skjnldsv/xpath-action@7e6a7c379d0e9abc8acaef43df403ab4fc4f770c # master
- with:
- filename: ${{ env.APP_NAME }}/appinfo/info.xml
- expression: "//info//dependencies//nextcloud/@min-version"
-
- - name: Read package.json node and npm engines version
- uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
- id: versions
- # Continue if no package.json
- continue-on-error: true
- with:
- path: ${{ env.APP_NAME }}
- fallbackNode: '^20'
- fallbackNpm: '^10'
-
- - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- # Skip if no package.json
- if: ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
- with:
- node-version: ${{ steps.versions.outputs.nodeVersion }}
-
- - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
- # Skip if no package.json
- if: ${{ steps.versions.outputs.npmVersion }}
- run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
-
- - name: Get php version
- id: php-versions
- uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
- with:
- filename: ${{ env.APP_NAME }}/appinfo/info.xml
-
- - name: Set up php ${{ steps.php-versions.outputs.php-min }}
- uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1
- with:
- php-version: ${{ steps.php-versions.outputs.php-min }}
- coverage: none
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Check composer.json
- id: check_composer
- uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
- with:
- files: "${{ env.APP_NAME }}/composer.json"
-
- - name: Install composer dependencies
- if: steps.check_composer.outputs.files_exists == 'true'
- run: |
- cd ${{ env.APP_NAME }}
- composer install --no-dev
-
- - name: Build ${{ env.APP_NAME }}
- # Skip if no package.json
- if: ${{ steps.versions.outputs.nodeVersion }}
- env:
- CYPRESS_INSTALL_BINARY: 0
- run: |
- cd ${{ env.APP_NAME }}
- npm ci
- npm run build --if-present
-
- - name: Check Krankerl config
- id: krankerl
- uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
- with:
- files: ${{ env.APP_NAME }}/krankerl.toml
-
- - name: Install Krankerl
- if: steps.krankerl.outputs.files_exists == 'true'
- run: |
- wget https://github.com/ChristophWurst/krankerl/releases/download/v0.14.0/krankerl_0.14.0_amd64.deb
- sudo dpkg -i krankerl_0.14.0_amd64.deb
-
- - name: Package ${{ env.APP_NAME }} ${{ env.APP_VERSION }} with krankerl
- if: steps.krankerl.outputs.files_exists == 'true'
- run: |
- cd ${{ env.APP_NAME }}
- krankerl package
-
- - name: Package ${{ env.APP_NAME }} ${{ env.APP_VERSION }} with makefile
- if: steps.krankerl.outputs.files_exists != 'true'
- run: |
- cd ${{ env.APP_NAME }}
- make appstore
-
- - name: Checkout server ${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}
- continue-on-error: true
- id: server-checkout
- run: |
- NCVERSION='${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}'
- wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip
- unzip latest-$NCVERSION.zip
-
- - name: Checkout server master fallback
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- if: ${{ steps.server-checkout.outcome != 'success' }}
- with:
- submodules: true
- repository: nextcloud/server
- path: nextcloud
-
- - name: Sign app
- run: |
- # Extracting release
- cd ${{ env.APP_NAME }}/build/artifacts
- tar -xvf ${{ env.APP_NAME }}.tar.gz
- cd ../../../
- # Setting up keys
- echo '${{ secrets.APP_PRIVATE_KEY }}' > ${{ env.APP_NAME }}.key
- wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"
- # Signing
- php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}
- # Rebuilding archive
- cd ${{ env.APP_NAME }}/build/artifacts
- tar -zcvf ${{ env.APP_NAME }}.tar.gz ${{ env.APP_NAME }}
-
- - name: Attach tarball to github release
- uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
- id: attach_to_release
- with:
- repo_token: ${{ secrets.GITHUB_TOKEN }}
- file: ${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}.tar.gz
- asset_name: ${{ env.APP_NAME }}-${{ env.APP_VERSION }}.tar.gz
- tag: ${{ github.ref }}
- overwrite: true
-
- - name: Upload app to Nextcloud appstore
- uses: nextcloud-releases/nextcloud-appstore-push-action@a011fe619bcf6e77ddebc96f9908e1af4071b9c1 # v1
- with:
- app_name: ${{ env.APP_NAME }}
- appstore_token: ${{ secrets.APPSTORE_TOKEN }}
- download_url: ${{ steps.attach_to_release.outputs.browser_download_url }}
- app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
diff --git a/.github/workflows/block-merge-eol.yml b/.github/workflows/block-merge-eol.yml
index 292494c7..99042c44 100644
--- a/.github/workflows/block-merge-eol.yml
+++ b/.github/workflows/block-merge-eol.yml
@@ -27,13 +27,22 @@ jobs:
steps:
- name: Set server major version environment
- run: |
- # retrieve version number from branch reference
- server_major=$(echo "${{ github.base_ref }}" | sed -En 's/stable//p')
- echo "server_major=$server_major" >> $GITHUB_ENV
- echo "current_month=$(date +%Y-%m)" >> $GITHUB_ENV
-
- - name: Checking if ${{ env.server_major }} is EOL
+ uses: actions/github-script@v7
+ with:
+ github-token: ${{secrets.GITHUB_TOKEN}}
+ script: |
+ const regex = /^stable(\d+)$/
+ const baseRef = context.payload.pull_request.base.ref
+ const match = baseRef.match(regex)
+ if (match) {
+ console.log('Setting server_major to ' + match[1]);
+ core.exportVariable('server_major', match[1]);
+ console.log('Setting current_month to ' + (new Date()).toISOString().substr(0, 7));
+ core.exportVariable('current_month', (new Date()).toISOString().substr(0, 7));
+ }
+
+ - name: Checking if server ${{ env.server_major }} is EOL
+ if: ${{ env.server_major != '' }}
run: |
curl -s https://raw.githubusercontent.com/nextcloud-releases/updater_server/production/config/major_versions.json \
| jq '.["${{ env.server_major }}"]["eol"] // "9999-99" | . >= "${{ env.current_month }}"' \
diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml
index bbbe1ab0..ff4d1570 100644
--- a/.github/workflows/block-merge-freeze.yml
+++ b/.github/workflows/block-merge-freeze.yml
@@ -29,11 +29,29 @@ jobs:
steps:
- name: Register server reference to fallback to master branch
- run: |
- server_ref="$(if [ '${{ github.base_ref }}' = 'main' ]; then echo -n 'master'; else echo -n '${{ github.base_ref }}'; fi)"
- echo "server_ref=$server_ref" >> $GITHUB_ENV
+ uses: actions/github-script@v7
+ with:
+ github-token: ${{secrets.GITHUB_TOKEN}}
+ script: |
+ const baseRef = context.payload.pull_request.base.ref
+ if (baseRef === 'main' || baseRef === 'master') {
+ core.exportVariable('server_ref', 'master');
+ console.log('Setting server_ref to master');
+ } else {
+ const regex = /^stable(\d+)$/
+ const match = baseRef.match(regex)
+ if (match) {
+ core.exportVariable('server_ref', match[0]);
+ console.log('Setting server_ref to ' + match[0]);
+ } else {
+ console.log('Not based on master/main/stable*, so skipping freeze check');
+ }
+ }
+
- name: Download version.php from ${{ env.server_ref }}
+ if: ${{ env.server_ref != '' }}
run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ env.server_ref }}/version.php' --output version.php
- name: Run check
+ if: ${{ env.server_ref != '' }}
run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC'
diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml
index 26b7c001..70b29b29 100644
--- a/.github/workflows/command-compile.yml
+++ b/.github/workflows/command-compile.yml
@@ -11,6 +11,9 @@ on:
issue_comment:
types: [created]
+permissions:
+ contents: read
+
jobs:
init:
runs-on: ubuntu-latest
@@ -76,7 +79,7 @@ jobs:
fi
- name: Init branch
- uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1
+ uses: xt0rted/pull-request-comment-branch@e8b8daa837e8ea7331c0003c9c316a64c6d8b0b1 # v3.0.0
id: comment-branch
- name: Add reaction on failure
@@ -94,14 +97,16 @@ jobs:
steps:
- name: Restore cached git repository
- uses: buildjet/cache@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
+ uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
with:
path: .git
key: git-repo
- name: Checkout ${{ needs.init.outputs.head_ref }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ # Needed to allow force push later
+ persist-credentials: true
token: ${{ secrets.COMMAND_BOT_PAT }}
fetch-depth: 0
ref: ${{ needs.init.outputs.head_ref }}
@@ -119,7 +124,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
cache: npm
diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml
index efe8bfe3..583fd481 100644
--- a/.github/workflows/dependabot-approve-merge.yml
+++ b/.github/workflows/dependabot-approve-merge.yml
@@ -9,7 +9,7 @@
name: Dependabot
on:
- pull_request_target:
+ pull_request:
branches:
- main
- master
@@ -24,7 +24,7 @@ concurrency:
jobs:
auto-approve-merge:
- if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
+ if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
runs-on: ubuntu-latest-low
permissions:
# for hmarr/auto-approve-action to approve PRs
diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml
index 74c5e9c8..104a05c4 100644
--- a/.github/workflows/lint-eslint.yml
+++ b/.github/workflows/lint-eslint.yml
@@ -56,7 +56,9 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -66,7 +68,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/lint-info-xml.yml b/.github/workflows/lint-info-xml.yml
index 736a8950..25b65504 100644
--- a/.github/workflows/lint-info-xml.yml
+++ b/.github/workflows/lint-info-xml.yml
@@ -24,7 +24,9 @@ jobs:
name: info.xml lint
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Download schema
run: wget https://raw.githubusercontent.com/nextcloud/appstore/master/nextcloudappstore/api/v1/release/info.xsd
diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml
index 51083488..519b345e 100644
--- a/.github/workflows/lint-php-cs.yml
+++ b/.github/workflows/lint-php-cs.yml
@@ -25,16 +25,18 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get php version
id: versions
uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
- - name: Set up php${{ steps.versions.outputs.php-available }}
+ - name: Set up php${{ steps.versions.outputs.php-min }}
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1
with:
- php-version: ${{ steps.versions.outputs.php-available }}
+ php-version: ${{ steps.versions.outputs.php-min }}
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
coverage: none
ini-file: development
@@ -42,7 +44,9 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install dependencies
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Lint
run: composer run cs:check || ( echo 'Please run `composer run cs:fix` to format your code' && exit 1 )
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index 104fed64..adaa50b8 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -24,7 +24,10 @@ jobs:
php-versions: ${{ steps.versions.outputs.php-versions }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
+
- name: Get version matrix
id: versions
uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.0.0
@@ -40,7 +43,9 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Set up php ${{ matrix.php-versions }}
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1
diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml
index 1e9db8f7..9601a972 100644
--- a/.github/workflows/lint-stylelint.yml
+++ b/.github/workflows/lint-stylelint.yml
@@ -25,7 +25,9 @@ jobs:
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -35,7 +37,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml
index 3ca15c8b..0137e979 100644
--- a/.github/workflows/node.yml
+++ b/.github/workflows/node.yml
@@ -53,7 +53,9 @@ jobs:
name: NPM build
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -63,7 +65,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml
index 5ccc57df..ab51e6c4 100644
--- a/.github/workflows/npm-audit-fix.yml
+++ b/.github/workflows/npm-audit-fix.yml
@@ -14,6 +14,9 @@ on:
# At 2:30 on Sundays
- cron: '30 2 * * 0'
+permissions:
+ contents: read
+
jobs:
build:
runs-on: ubuntu-latest
@@ -21,15 +24,18 @@ jobs:
strategy:
fail-fast: false
matrix:
- branches: ['main', 'master', 'stable30', 'stable29', 'stable28']
+ branches: ['main', 'master', 'stable31', 'stable30', 'stable29']
name: npm-audit-fix-${{ matrix.branches }}
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ id: checkout
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
ref: ${{ matrix.branches }}
+ continue-on-error: true
- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -39,7 +45,7 @@ jobs:
fallbackNpm: '^10'
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+ uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ steps.versions.outputs.nodeVersion }}
@@ -51,7 +57,7 @@ jobs:
uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0
- name: Run npm ci and npm run build
- if: always()
+ if: steps.checkout.outcome == 'success'
env:
CYPRESS_INSTALL_BINARY: 0
run: |
@@ -59,8 +65,8 @@ jobs:
npm run build --if-present
- name: Create Pull Request
- if: always()
- uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+ if: steps.checkout.outcome == 'success'
+ uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: 'fix(deps): Fix npm audit'
diff --git a/.github/workflows/phpunit-mariadb.yml b/.github/workflows/phpunit-mariadb.yml
index d3cc10d2..37ae1e31 100644
--- a/.github/workflows/phpunit-mariadb.yml
+++ b/.github/workflows/phpunit-mariadb.yml
@@ -25,7 +25,9 @@ jobs:
server-max: ${{ steps.versions.outputs.branches-max-list }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -68,7 +70,7 @@ jobs:
matrix:
php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }}
server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }}
- mariadb-versions: ['10.6', '10.11']
+ mariadb-versions: ['10.6', '11.4']
name: MariaDB ${{ matrix.mariadb-versions }} PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }}
@@ -88,15 +90,17 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -107,6 +111,8 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, mysql, pdo_mysql
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -125,7 +131,9 @@ jobs:
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/phpunit-mysql.yml b/.github/workflows/phpunit-mysql.yml
index c0f4c69b..a9c8dd85 100644
--- a/.github/workflows/phpunit-mysql.yml
+++ b/.github/workflows/phpunit-mysql.yml
@@ -24,7 +24,9 @@ jobs:
matrix: ${{ steps.versions.outputs.sparse-matrix }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -86,15 +88,17 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -105,6 +109,8 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, mysql, pdo_mysql
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -123,7 +129,9 @@ jobs:
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/phpunit-oci.yml b/.github/workflows/phpunit-oci.yml
index d03beb9d..bc415bb9 100644
--- a/.github/workflows/phpunit-oci.yml
+++ b/.github/workflows/phpunit-oci.yml
@@ -25,7 +25,9 @@ jobs:
server-max: ${{ steps.versions.outputs.branches-max-list }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -99,15 +101,17 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -118,6 +122,8 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, oci8
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -131,7 +137,9 @@ jobs:
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/phpunit-pgsql.yml b/.github/workflows/phpunit-pgsql.yml
index 2a23e02e..4f8e9027 100644
--- a/.github/workflows/phpunit-pgsql.yml
+++ b/.github/workflows/phpunit-pgsql.yml
@@ -25,7 +25,9 @@ jobs:
server-max: ${{ steps.versions.outputs.branches-max-list }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -89,15 +91,17 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -108,6 +112,8 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, pgsql, pdo_pgsql
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -121,7 +127,9 @@ jobs:
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/phpunit-sqlite.yml b/.github/workflows/phpunit-sqlite.yml
index be9e3324..03d672b9 100644
--- a/.github/workflows/phpunit-sqlite.yml
+++ b/.github/workflows/phpunit-sqlite.yml
@@ -25,7 +25,9 @@ jobs:
server-max: ${{ steps.versions.outputs.branches-max-list }}
steps:
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get version matrix
id: versions
@@ -78,15 +80,17 @@ jobs:
echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
- name: Checkout server
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
submodules: true
repository: nextcloud/server
ref: ${{ matrix.server-versions }}
- name: Checkout app
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
path: apps/${{ env.APP_NAME }}
- name: Set up php ${{ matrix.php-versions }}
@@ -97,6 +101,8 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -110,7 +116,9 @@ jobs:
# Only run if phpunit config file exists
if: steps.check_composer.outputs.files_exists == 'true'
working-directory: apps/${{ env.APP_NAME }}
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
- name: Set up Nextcloud
env:
diff --git a/.github/workflows/pr-feedback.yml b/.github/workflows/pr-feedback.yml
index 6a01fa09..7d496690 100644
--- a/.github/workflows/pr-feedback.yml
+++ b/.github/workflows/pr-feedback.yml
@@ -15,12 +15,17 @@ on:
schedule:
- cron: '30 1 * * *'
+permissions:
+ contents: read
+ pull-requests: write
+
jobs:
pr-feedback:
+ if: ${{ github.repository_owner == 'nextcloud' }}
runs-on: ubuntu-latest
steps:
- name: The get-github-handles-from-website action
- uses: marcelklehr/get-github-handles-from-website-action@a739600f6b91da4957f51db0792697afbb2f143c # v1.0.0
+ uses: marcelklehr/get-github-handles-from-website-action@06b2239db0a48fe1484ba0bfd966a3ab81a08308 # v1.0.1
id: scrape
with:
website: 'https://nextcloud.com/team/'
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
index e9258903..452186ee 100644
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -14,6 +14,9 @@ concurrency:
group: psalm-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
+permissions:
+ contents: read
+
jobs:
static-analysis:
runs-on: ubuntu-latest
@@ -21,12 +24,17 @@ jobs:
name: static-psalm-analysis
steps:
- name: Checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
- name: Get php version
id: versions
uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
+ - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml
+ run: grep 'phpVersion="${{ steps.versions.outputs.php-min }}' psalm.xml
+
- name: Set up php${{ steps.versions.outputs.php-available }}
uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 # v2.31.1
with:
@@ -34,11 +42,18 @@ jobs:
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
coverage: none
ini-file: development
+ # Temporary workaround for missing pcntl_* in PHP 8.3
+ ini-values: disable_functions=
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Install dependencies
- run: composer i
+ run: |
+ composer remove nextcloud/ocp --dev
+ composer i
+
+ - name: Install nextcloud/ocp
+ run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies
- name: Run coding standards check
- run: composer run psalm
+ run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github
diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml
index b6828556..0d8e1962 100644
--- a/.github/workflows/reuse.yml
+++ b/.github/workflows/reuse.yml
@@ -11,6 +11,9 @@ name: REUSE Compliance Check
on: [pull_request]
+permissions:
+ contents: read
+
jobs:
reuse-compliance-check:
runs-on: ubuntu-latest
diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml
index 5edf7ac1..386b6316 100644
--- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml
+++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml
@@ -9,7 +9,7 @@
name: Auto approve nextcloud/ocp
on:
- pull_request_target:
+ pull_request_target: # zizmor: ignore[dangerous-triggers]
branches:
- main
- master
@@ -39,7 +39,7 @@ jobs:
echo 'Can not approve PRs from forks'
exit 1
- - uses: mdecoleman/pr-branch-name@bab4c71506bcd299fb350af63bb8e53f2940a599 # v2.0.0
+ - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
id: branchname
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml
index bbeec0c6..5592f61b 100644
--- a/.github/workflows/update-nextcloud-ocp.yml
+++ b/.github/workflows/update-nextcloud-ocp.yml
@@ -13,6 +13,9 @@ on:
schedule:
- cron: "5 2 * * 0"
+permissions:
+ contents: read
+
jobs:
update-nextcloud-ocp:
runs-on: ubuntu-latest
@@ -20,14 +23,15 @@ jobs:
strategy:
fail-fast: false
matrix:
- branches: ['main', 'master', 'stable30', 'stable29', 'stable28']
+ branches: ['main', 'master', 'stable31', 'stable30', 'stable29']
name: update-nextcloud-ocp-${{ matrix.branches }}
steps:
- id: checkout
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
+ persist-credentials: false
ref: ${{ matrix.branches }}
submodules: true
continue-on-error: true
@@ -103,7 +107,7 @@ jobs:
- name: Create Pull Request
if: steps.checkout.outcome == 'success'
- uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+ uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: 'chore(dev-deps): Bump nextcloud/ocp package'
diff --git a/appinfo/info.xml b/appinfo/info.xml
index a0bbfe4e..bc80fa31 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -8,7 +8,7 @@
Two-Factor Authentication via Nextcloud notification
Allows using any of your logged in devices as second factor
Allows using any of your logged in devices as second factor
- 5.0.0
+ 6.0.0-dev.0
agpl
Joas Schilling
@@ -25,7 +25,7 @@
https://raw.githubusercontent.com/nextcloud/twofactor_nextcloud_notification/main/screenshots/notification.png
-
+
diff --git a/js/twofactor_nextcloud_notification-challenge.js.license b/js/twofactor_nextcloud_notification-challenge.js.license
index 699108d4..7f6bb12f 100644
--- a/js/twofactor_nextcloud_notification-challenge.js.license
+++ b/js/twofactor_nextcloud_notification-challenge.js.license
@@ -45,5 +45,5 @@ This file is generated from multiple sources. Included packages:
- version: 5.94.0
- license: MIT
- twofactor_nextcloud_notification
- - version: 5.0.0
+ - version: 6.0.0-dev.0
- license: AGPL-3.0-or-later
diff --git a/js/twofactor_nextcloud_notification-settings.js.license b/js/twofactor_nextcloud_notification-settings.js.license
index b4f6647f..37c9d67e 100644
--- a/js/twofactor_nextcloud_notification-settings.js.license
+++ b/js/twofactor_nextcloud_notification-settings.js.license
@@ -66,5 +66,5 @@ This file is generated from multiple sources. Included packages:
- version: 5.94.0
- license: MIT
- twofactor_nextcloud_notification
- - version: 5.0.0
+ - version: 6.0.0-dev.0
- license: AGPL-3.0-or-later
diff --git a/package-lock.json b/package-lock.json
index ec342bee..9a8b3d6d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "twofactor_nextcloud_notification",
- "version": "5.0.0",
+ "version": "6.0.0-dev.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "twofactor_nextcloud_notification",
- "version": "5.0.0",
+ "version": "6.0.0-dev.0",
"license": "AGPL-3.0-or-later",
"dependencies": {
"@nextcloud/axios": "^2.5.1",
diff --git a/package.json b/package.json
index 2247082b..879bc20f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "twofactor_nextcloud_notification",
- "version": "5.0.0",
+ "version": "6.0.0-dev.0",
"description": "The app allows you to use other logged in devices or browser sessions as a second factor.",
"scripts": {
"build": "NODE_ENV=production webpack --progress --config webpack.js",