Merge pull request #12729 from nextcloud/backport/12710/stable28

[stable28] chore: update workflows from templates

.github/workflows/appstore-build-publish.yml

@@ -2,16 +2,16 @@
 #
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
 
 name: Build and publish app release
 
 on:
  release:
  types: [published]
 
-env:
- PHP_VERSION: 8.2
-
 jobs:
  build_and_publish:
  runs-on: ubuntu-latest
@@ -32,7 +32,7 @@ jobs:
  echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
 
  - name: Checkout
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  with:
  path: ${{ env.APP_NAME }}
 
@@ -44,7 +44,7 @@ jobs:
  expression: "//info//dependencies//nextcloud/@min-version"
 
  - name: Read package.json node and npm engines version
- uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2
+ uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
  id: versions
  # Continue if no package.json
  continue-on-error: true
@@ -56,26 +56,32 @@ jobs:
  - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
  # Skip if no package.json
  if: ${{ steps.versions.outputs.nodeVersion }}
- uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v3
+ uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
  with:
  node-version: ${{ steps.versions.outputs.nodeVersion }}
 
  - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
  # Skip if no package.json
  if: ${{ steps.versions.outputs.npmVersion }}
- run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}"
+ run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
+
+ - name: Get php version
+ id: php-versions
+ uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
+ with:
+ filename: ${{ env.APP_NAME }}/appinfo/info.xml
 
- - name: Set up php ${{ env.PHP_VERSION }}
- uses: shivammathur/setup-php@6d7209f44a25a59e904b1ee9f3b0c33ab2cd888d # v2
+ - name: Set up php ${{ steps.php-versions.outputs.php-min }}
+ uses: shivammathur/setup-php@2e947f1f6932d141d076ca441d0e1e881775e95b # v2.31.0
  with:
- php-version: ${{ env.PHP_VERSION }}
+ php-version: ${{ steps.php-versions.outputs.php-min }}
  coverage: none
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
  - name: Check composer.json
  id: check_composer
- uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v2
+ uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
  with:
  files: "${{ env.APP_NAME }}/composer.json"
 
@@ -89,15 +95,15 @@ jobs:
  # Skip if no package.json
  if: ${{ steps.versions.outputs.nodeVersion }}
  env:
- CYPRESS_INSTALL_BINARY: 0
+ NODE_ENV: production
  run: |
  cd ${{ env.APP_NAME }}
  npm ci
- npm run build
+ npm run build --if-present
 
  - name: Check Krankerl config
  id: krankerl
- uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v2
+ uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
  with:
  files: ${{ env.APP_NAME }}/krankerl.toml
 
@@ -123,12 +129,12 @@ jobs:
  continue-on-error: true
  id: server-checkout
  run: |
- NCVERSION=${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}
+ NCVERSION='${{ fromJSON(steps.appinfo.outputs.result).nextcloud.min-version }}'
  wget --quiet https://download.nextcloud.com/server/releases/latest-$NCVERSION.zip
  unzip latest-$NCVERSION.zip
 
  - name: Checkout server master fallback
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
  if: ${{ steps.server-checkout.outcome != 'success' }}
  with:
  submodules: true
@@ -142,7 +148,7 @@ jobs:
  tar -xvf ${{ env.APP_NAME }}.tar.gz
  cd ../../../
  # Setting up keys
- echo "${{ secrets.APP_PRIVATE_KEY }}" > ${{ env.APP_NAME }}.key
+ echo '${{ secrets.APP_PRIVATE_KEY }}' > ${{ env.APP_NAME }}.key
  wget --quiet "https://github.com/nextcloud/app-certificate-requests/raw/master/${{ env.APP_NAME }}/${{ env.APP_NAME }}.crt"
  # Signing
  php nextcloud/occ integrity:sign-app --privateKey=../${{ env.APP_NAME }}.key --certificate=../${{ env.APP_NAME }}.crt --path=../${{ env.APP_NAME }}/build/artifacts/${{ env.APP_NAME }}
@@ -151,7 +157,7 @@ jobs:
  tar -zcvf ${{ env.APP_NAME }}.tar.gz ${{ env.APP_NAME }}
 
  - name: Attach tarball to github release
- uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # v2
+ uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2
  id: attach_to_release
  with:
  repo_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/block-unconventional-commits.yml

@@ -0,0 +1,34 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+
+name: Block unconventional commits
+
+on:
+ pull_request:
+ types: [opened, ready_for_review, reopened, synchronize]
+
+permissions:
+ contents: read
+
+concurrency:
+ group: block-unconventional-commits-${{ github.head_ref || github.run_id }}
+ cancel-in-progress: true
+
+jobs:
+ block-unconventional-commits:
+ name: Block unconventional commits
+
+ runs-on: ubuntu-latest-low
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+ - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0
+ with:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/dependabot-approve-merge.yml

@@ -2,6 +2,9 @@
 #
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
 
 name: Dependabot
 
@@ -21,19 +24,25 @@ concurrency:
 
 jobs:
  auto-approve-merge:
- if: github.actor == 'dependabot[bot]'
+ if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
  runs-on: ubuntu-latest-low
  permissions:
  # for hmarr/auto-approve-action to approve PRs
  pull-requests: write
 
  steps:
+ - name: Disabled on forks
+ if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
+ run: |
+ echo 'Can not approve PRs from forks'
+ exit 1
+
  - uses: mdecoleman/pr-branch-name@bab4c71506bcd299fb350af63bb8e53f2940a599 # v2.0.0
  id: branchname
  with:
  repo-token: ${{ secrets.GITHUB_TOKEN }}
 
- # Github actions bot approve
+ # GitHub actions bot approve
  - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
  if: contains(steps.branchname.outputs.branch, '/webrtc-adapter-') != true && contains(steps.branchname.outputs.branch, '/nextcloud/vue-') != true
  with:

.github/workflows/fixup.yml

@@ -2,6 +2,9 @@
 #
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
 
 name: Block fixup and squash commits
 
@@ -28,6 +31,6 @@ jobs:
 
  steps:
  - name: Run check
- uses: skjnldsv/block-fixup-merge-action@42d26e1b536ce61e5cf467d65fb76caf4aa85acf # v1
+ uses: skjnldsv/block-fixup-merge-action@c138ea99e45e186567b64cf065ce90f7158c236a # v2
  with:
  repo-token: ${{ secrets.GITHUB_TOKEN }}