nextcloud · Pytal · Mar 14, 2024 · Mar 12, 2024 · Mar 13, 2024 · Mar 13, 2024
diff --git a/.github/workflows/block-merge-eol.yml b/.github/workflows/block-merge-eol.yml
@@ -0,0 +1,37 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Block merges for EOL
+
+on: pull_request
+
+permissions:
+  contents: read
+
+concurrency:
+  group: block-merge-eol-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  block-merges-eol:
+    name: Block merges for EOL branches
+
+    # Only run on stableXX branches
+    if: startsWith( github.base_ref, 'stable')
+    runs-on: ubuntu-latest-low
+
+    steps:
+      - name: Download updater config
+        run: curl https://raw.githubusercontent.com/nextcloud/updater_server/production/config/config.php --output config.php
+
+      - name: Set server major version environment
+        run: |
+          # retrieve version number from branch reference
+          server_major=$(echo "${{ github.base_ref }}" | sed -En 's/stable//p')
+          echo "server_major=$server_major" >> $GITHUB_ENV
+
+      - name: Checking if ${{ env.server_major }} is EOL
+        run: |
+          php -r 'echo json_encode(require_once "config.php");' | jq --arg version "${{ env.server_major }}" '.stable[$version]["100"].eol // .beta[$version]["100"].eol' | grep --silent -i 'false'
diff --git a/.github/workflows/block-merge-freeze.yml b/.github/workflows/block-merge-freeze.yml
@@ -0,0 +1,36 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Block merges during freezes
+
+on:
+  pull_request:
+    types: [opened, ready_for_review, reopened, synchronize]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: block-merge-freeze-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  block-merges-during-freeze:
+    name: Block merges during freezes
+
+    if: github.event.pull_request.draft == false
+
+    runs-on: ubuntu-latest-low
+
+    steps:
+      - name: Register server reference to fallback to master branch
+        run: |
+          server_ref="$(if [ "${{ github.base_ref }}" = "main" ]; then echo -n "master"; else echo -n "${{ github.base_ref }}"; fi)"
+          echo "server_ref=$server_ref" >> $GITHUB_ENV
+      - name: Download version.php from ${{ env.server_ref }}
+        run: curl https://raw.githubusercontent.com/nextcloud/server/${{ env.server_ref }}/version.php --output version.php
+
+      - name: Run check
+        run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC'
diff --git a/.github/workflows/block-unconventional-commits.yml b/.github/workflows/block-unconventional-commits.yml
@@ -0,0 +1,31 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Block unconventional commits
+
+on:
+  pull_request:
+    types: [opened, ready_for_review, reopened, synchronize]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: block-unconventional-commits-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  block-unconventional-commits:
+    name: Block unconventional commits
+
+    runs-on: ubuntu-latest-low
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/command-compile.yml b/.github/workflows/command-compile.yml
@@ -0,0 +1,140 @@
+name: Compile Command
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  init:
+    runs-on: ubuntu-latest
+
+    # On pull requests and if the comment starts with `/compile`
+    if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/compile')
+
+    outputs:
+      git_path: ${{ steps.git-path.outputs.path }}
+      arg1: ${{ steps.command.outputs.arg1 }}
+      arg2: ${{ steps.command.outputs.arg2 }}
+      head_ref: ${{ steps.comment-branch.outputs.head_ref }}
+      base_ref: ${{ steps.comment-branch.outputs.base_ref }}
+
+    steps:
+      - name: Check actor permission
+        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2
+        with:
+          require: write
+
+      - name: Add reaction on start
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          repository: ${{ github.event.repository.full_name }}
+          comment-id: ${{ github.event.comment.id }}
+          reactions: "+1"
+
+      - name: Parse command
+        uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2
+        id: command
+
+      # Init path depending on which command is run
+      - name: Init path
+        id: git-path
+        run: |
+          if ${{ startsWith(steps.command.outputs.arg1, '/') }}; then
+            echo "path=${{steps.command.outputs.arg1}}" >> $GITHUB_OUTPUT
+          else
+            echo "path=${{steps.command.outputs.arg2}}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Init branch
+        uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1
+        id: comment-branch
+
+  process:
+    runs-on: ubuntu-latest
+    needs: init
+
+    steps:
+      - name: Restore cached git repository
+        uses: buildjet/cache@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
+        with:
+          path: .git
+          key: git-repo
+
+      - name: Checkout ${{ needs.init.outputs.head_ref }}
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          fetch-depth: 0
+          ref: ${{ needs.init.outputs.head_ref }}
+
+      - name: Setup git
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "nextcloud-command"
+
+      - name: Read package.json node and npm engines version
+        uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2
+        id: package-engines-versions
+        with:
+          fallbackNode: '^20'
+          fallbackNpm: '^10'
+
+      - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
+        with:
+          node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
+          cache: npm
+
+      - name: Set up npm ${{ steps.package-engines-versions.outputs.npmVersion }}
+        run: npm i -g npm@"${{ steps.package-engines-versions.outputs.npmVersion }}"
+
+      - name: Rebase to ${{ needs.init.outputs.base_ref }}
+        if: ${{ contains(needs.init.outputs.arg1, 'rebase') }}
+        run: |
+          git fetch origin ${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}
+          git rebase origin/${{ needs.init.outputs.base_ref }}
+
+      - name: Install dependencies & build
+        env:
+          CYPRESS_INSTALL_BINARY: 0
+          PUPPETEER_SKIP_DOWNLOAD: true
+        run: |
+          npm ci
+          npm run build --if-present
+
+      - name: Commit default
+        if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }}
+        run: |
+          git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
+          git commit --signoff -m 'chore(assets): Recompile assets'
+
+      - name: Commit fixup
+        if: ${{ contains(needs.init.outputs.arg1, 'fixup') }}
+        run: |
+          git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
+          git commit --fixup=HEAD --signoff
+
+      - name: Commit amend
+        if: ${{ contains(needs.init.outputs.arg1, 'amend') }}
+        run: |
+          git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
+          git commit --amend --no-edit --signoff
+          # Remove any [skip ci] from the amended commit
+          git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')"
+
+      - name: Push normally
+        if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }}
+        run: git push origin ${{ needs.init.outputs.head_ref }}
+
+      - name: Force push
+        if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }}
+        run: git push --force origin ${{ needs.init.outputs.head_ref }}
+
+      - name: Add reaction on failure
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        if: failure()
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          repository: ${{ github.event.repository.full_name }}
+          comment-id: ${{ github.event.comment.id }}
+          reactions: "-1"
diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml
@@ -0,0 +1,73 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Npm audit fix and compile
+
+on:
+  workflow_dispatch:
+  schedule:
+    # At 2:30 on Sundays
+    - cron: '30 2 * * 0'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        branches: ['main', 'master', 'stable28', 'stable27', 'stable26']
+
+    name: npm-audit-fix-${{ matrix.branches }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          ref: ${{ matrix.branches }}
+
+      - name: Read package.json node and npm engines version
+        uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2
+        id: versions
+        with:
+          fallbackNode: '^20'
+          fallbackNpm: '^10'
+
+      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
+        with:
+          node-version: ${{ steps.versions.outputs.nodeVersion }}
+
+      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
+        run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"
+
+      - name: Fix npm audit
+        run: |
+          npm audit fix
+
+      - name: Run npm ci and npm run build
+        if: always()
+        env:
+          CYPRESS_INSTALL_BINARY: 0
+        run: |
+          npm ci
+          npm run build --if-present
+
+      - name: Create Pull Request
+        if: always()
+        uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6.0.1
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          commit-message: "fix(deps): fix npm audit"
+          committer: GitHub <[email protected]>
+          author: nextcloud-command <[email protected]>
+          signoff: true
+          branch: automated/noid/${{ matrix.branches }}-fix-npm-audit
+          title: "[${{ matrix.branches }}] Fix npm audit"
+          body: |
+            Auto-generated fix of npm audit
+          labels: |
+            dependencies
+            3. to review
diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
@@ -0,0 +1,41 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Static analysis
+
+on: pull_request
+
+concurrency:
+  group: psalm-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  static-analysis:
+    runs-on: ubuntu-latest
+
+    name: static-psalm-analysis
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Get php version
+        id: versions
+        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
+
+      - name: Set up php${{ steps.versions.outputs.php-available }}
+        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+        with:
+          php-version: ${{ steps.versions.outputs.php-available }}
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          coverage: none
+          ini-file: development
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install dependencies
+        run: composer i
+
+      - name: Run coding standards check
+        run: composer run psalm