From d767fa5ef074dea6202f67e79199017c59f306b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Jun 2026 01:03:40 +0000 Subject: [PATCH 01/22] build(deps): bump actions/checkout in /workflow-templates Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- workflow-templates/appstore-build-publish.yml | 4 ++-- workflow-templates/block-unconventional-commits.yml | 2 +- workflow-templates/command-compile.yml | 2 +- workflow-templates/command-openapi.yml | 2 +- workflow-templates/cypress.yml | 2 +- workflow-templates/documentation.yml | 2 +- workflow-templates/lint-eslint.yml | 2 +- workflow-templates/lint-info-xml.yml | 2 +- workflow-templates/lint-php-cs.yml | 2 +- workflow-templates/lint-php.yml | 4 ++-- workflow-templates/lint-stylelint.yml | 2 +- workflow-templates/lint-typescript.yml | 2 +- workflow-templates/node-test.yml | 2 +- workflow-templates/npm-audit-fix.yml | 2 +- workflow-templates/npm-build.yml | 2 +- workflow-templates/openapi.yml | 2 +- workflow-templates/phpstan.yml | 2 +- workflow-templates/phpunit-mariadb.yml | 6 +++--- workflow-templates/phpunit-mysql.yml | 6 +++--- workflow-templates/phpunit-oci.yml | 6 +++--- workflow-templates/phpunit-pgsql.yml | 6 +++--- workflow-templates/phpunit-sqlite.yml | 6 +++--- workflow-templates/psalm-matrix.yml | 4 ++-- workflow-templates/psalm.yml | 2 +- workflow-templates/rector-apply.yml | 2 +- workflow-templates/reuse.yml | 2 +- workflow-templates/sync-workflow-templates.yml | 4 ++-- workflow-templates/update-nextcloud-ocp-matrix.yml | 2 +- workflow-templates/update-nextcloud-ocp.yml | 2 +- 29 files changed, 43 insertions(+), 43 deletions(-) diff --git a/workflow-templates/appstore-build-publish.yml b/workflow-templates/appstore-build-publish.yml index 2f5c2c2..984567e 100644 --- a/workflow-templates/appstore-build-publish.yml +++ b/workflow-templates/appstore-build-publish.yml @@ -35,7 +35,7 @@ jobs: echo "APP_VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: ${{ env.APP_NAME }} @@ -157,7 +157,7 @@ jobs: unzip nextcloud.zip - name: Checkout server master fallback - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 if: ${{ steps.server-download.outcome != 'success' }} with: persist-credentials: false diff --git a/workflow-templates/block-unconventional-commits.yml b/workflow-templates/block-unconventional-commits.yml index 19ff1c2..bcc722a 100644 --- a/workflow-templates/block-unconventional-commits.yml +++ b/workflow-templates/block-unconventional-commits.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/command-compile.yml b/workflow-templates/command-compile.yml index be5c32a..ccf8274 100644 --- a/workflow-templates/command-compile.yml +++ b/workflow-templates/command-compile.yml @@ -103,7 +103,7 @@ jobs: key: git-repo - name: Checkout ${{ needs.init.outputs.head_ref }} - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false token: ${{ secrets.COMMAND_BOT_PAT }} diff --git a/workflow-templates/command-openapi.yml b/workflow-templates/command-openapi.yml index 9660fd6..63d0842 100644 --- a/workflow-templates/command-openapi.yml +++ b/workflow-templates/command-openapi.yml @@ -103,7 +103,7 @@ jobs: key: git-repo - name: Checkout ${{ needs.init.outputs.head_ref }} - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Needed to allow force push later persist-credentials: true diff --git a/workflow-templates/cypress.yml b/workflow-templates/cypress.yml index 85caa86..0410fed 100644 --- a/workflow-templates/cypress.yml +++ b/workflow-templates/cypress.yml @@ -46,7 +46,7 @@ jobs: exit 1 - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/documentation.yml b/workflow-templates/documentation.yml index 8e0a25b..ba7d9c6 100644 --- a/workflow-templates/documentation.yml +++ b/workflow-templates/documentation.yml @@ -30,7 +30,7 @@ jobs: require: admin - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/lint-eslint.yml b/workflow-templates/lint-eslint.yml index fe436c9..3e34f7e 100644 --- a/workflow-templates/lint-eslint.yml +++ b/workflow-templates/lint-eslint.yml @@ -56,7 +56,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/lint-info-xml.yml b/workflow-templates/lint-info-xml.yml index f2335b7..059b2e6 100644 --- a/workflow-templates/lint-info-xml.yml +++ b/workflow-templates/lint-info-xml.yml @@ -24,7 +24,7 @@ jobs: name: info.xml lint steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/lint-php-cs.yml b/workflow-templates/lint-php-cs.yml index fc215b4..bb67a00 100644 --- a/workflow-templates/lint-php-cs.yml +++ b/workflow-templates/lint-php-cs.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/lint-php.yml b/workflow-templates/lint-php.yml index 19d4bba..cb2684b 100644 --- a/workflow-templates/lint-php.yml +++ b/workflow-templates/lint-php.yml @@ -25,7 +25,7 @@ jobs: php-max: ${{ steps.versions.outputs.php-max }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/lint-stylelint.yml b/workflow-templates/lint-stylelint.yml index a7f139e..7a1457c 100644 --- a/workflow-templates/lint-stylelint.yml +++ b/workflow-templates/lint-stylelint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/lint-typescript.yml b/workflow-templates/lint-typescript.yml index c053188..56a4215 100644 --- a/workflow-templates/lint-typescript.yml +++ b/workflow-templates/lint-typescript.yml @@ -55,7 +55,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/node-test.yml b/workflow-templates/node-test.yml index fb44ed3..97c5cb9 100644 --- a/workflow-templates/node-test.yml +++ b/workflow-templates/node-test.yml @@ -60,7 +60,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/npm-audit-fix.yml b/workflow-templates/npm-audit-fix.yml index c3459a1..470fb72 100644 --- a/workflow-templates/npm-audit-fix.yml +++ b/workflow-templates/npm-audit-fix.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false ref: ${{ matrix.branches }} diff --git a/workflow-templates/npm-build.yml b/workflow-templates/npm-build.yml index 0782cf3..ffc8919 100644 --- a/workflow-templates/npm-build.yml +++ b/workflow-templates/npm-build.yml @@ -53,7 +53,7 @@ jobs: name: NPM build steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/openapi.yml b/workflow-templates/openapi.yml index b06063f..f4dba56 100644 --- a/workflow-templates/openapi.yml +++ b/workflow-templates/openapi.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/phpstan.yml b/workflow-templates/phpstan.yml index 6ae3196..7c1f25d 100644 --- a/workflow-templates/phpstan.yml +++ b/workflow-templates/phpstan.yml @@ -24,7 +24,7 @@ jobs: name: static-phpstan-analysis steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/phpunit-mariadb.yml b/workflow-templates/phpunit-mariadb.yml index 42d1310..e0afba1 100644 --- a/workflow-templates/phpunit-mariadb.yml +++ b/workflow-templates/phpunit-mariadb.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -91,7 +91,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -99,7 +99,7 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} diff --git a/workflow-templates/phpunit-mysql.yml b/workflow-templates/phpunit-mysql.yml index dffba15..0515478 100644 --- a/workflow-templates/phpunit-mysql.yml +++ b/workflow-templates/phpunit-mysql.yml @@ -24,7 +24,7 @@ jobs: matrix: ${{ steps.versions.outputs.sparse-matrix }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -89,7 +89,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -97,7 +97,7 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} diff --git a/workflow-templates/phpunit-oci.yml b/workflow-templates/phpunit-oci.yml index 5819013..caf3ea7 100644 --- a/workflow-templates/phpunit-oci.yml +++ b/workflow-templates/phpunit-oci.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -101,7 +101,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -109,7 +109,7 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} diff --git a/workflow-templates/phpunit-pgsql.yml b/workflow-templates/phpunit-pgsql.yml index ea1ae68..e7c1507 100644 --- a/workflow-templates/phpunit-pgsql.yml +++ b/workflow-templates/phpunit-pgsql.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -92,7 +92,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -100,7 +100,7 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} diff --git a/workflow-templates/phpunit-sqlite.yml b/workflow-templates/phpunit-sqlite.yml index 9ae58a8..4f7da8d 100644 --- a/workflow-templates/phpunit-sqlite.yml +++ b/workflow-templates/phpunit-sqlite.yml @@ -25,7 +25,7 @@ jobs: server-max: ${{ steps.versions.outputs.branches-max-list }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -81,7 +81,7 @@ jobs: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV - name: Checkout server - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false submodules: true @@ -89,7 +89,7 @@ jobs: ref: ${{ matrix.server-versions }} - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: apps/${{ env.APP_NAME }} diff --git a/workflow-templates/psalm-matrix.yml b/workflow-templates/psalm-matrix.yml index 2168da5..2f72873 100644 --- a/workflow-templates/psalm-matrix.yml +++ b/workflow-templates/psalm-matrix.yml @@ -25,7 +25,7 @@ jobs: php-min: ${{ steps.versions.outputs.php-min }} steps: - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -47,7 +47,7 @@ jobs: name: static-psalm-analysis ${{ matrix.ocp-version }} steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/psalm.yml b/workflow-templates/psalm.yml index 0a5ec8d..82f306e 100644 --- a/workflow-templates/psalm.yml +++ b/workflow-templates/psalm.yml @@ -24,7 +24,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/rector-apply.yml b/workflow-templates/rector-apply.yml index 36ce158..48a746a 100644 --- a/workflow-templates/rector-apply.yml +++ b/workflow-templates/rector-apply.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false ref: ${{ github.event.repository.default_branch }} diff --git a/workflow-templates/reuse.yml b/workflow-templates/reuse.yml index a60e9e2..4e1a741 100644 --- a/workflow-templates/reuse.yml +++ b/workflow-templates/reuse.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest-low steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/workflow-templates/sync-workflow-templates.yml b/workflow-templates/sync-workflow-templates.yml index b16db47..85090be 100644 --- a/workflow-templates/sync-workflow-templates.yml +++ b/workflow-templates/sync-workflow-templates.yml @@ -43,14 +43,14 @@ jobs: require: admin - name: Checkout workflow repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: source repository: nextcloud/.github - name: Checkout app - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: target diff --git a/workflow-templates/update-nextcloud-ocp-matrix.yml b/workflow-templates/update-nextcloud-ocp-matrix.yml index 09af356..ecaf3d8 100644 --- a/workflow-templates/update-nextcloud-ocp-matrix.yml +++ b/workflow-templates/update-nextcloud-ocp-matrix.yml @@ -33,7 +33,7 @@ jobs: name: update-nextcloud-ocp-${{ matrix.branches }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false ref: ${{ matrix.branches }} diff --git a/workflow-templates/update-nextcloud-ocp.yml b/workflow-templates/update-nextcloud-ocp.yml index 39174b4..6a28a33 100644 --- a/workflow-templates/update-nextcloud-ocp.yml +++ b/workflow-templates/update-nextcloud-ocp.yml @@ -37,7 +37,7 @@ jobs: steps: - id: checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false ref: ${{ matrix.branches }} From 996798149fbe193b36247082e17dd9eff11ccd28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 27 Jun 2026 01:03:36 +0000 Subject: [PATCH 02/22] ci(deps): bump actions/checkout in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/block-unconventional-commits.yml | 2 +- .github/workflows/dispatch-workflow-repo.yml | 4 ++-- .github/workflows/dispatch-workflow.yml | 4 ++-- .github/workflows/lint-yaml.yml | 2 +- .github/workflows/reuse.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/block-unconventional-commits.yml b/.github/workflows/block-unconventional-commits.yml index 19ff1c2..bcc722a 100644 --- a/.github/workflows/block-unconventional-commits.yml +++ b/.github/workflows/block-unconventional-commits.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml index b0d138d..c6dda7f 100644 --- a/.github/workflows/dispatch-workflow-repo.yml +++ b/.github/workflows/dispatch-workflow-repo.yml @@ -37,7 +37,7 @@ jobs: require: admin - name: Checkout target repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: target @@ -58,7 +58,7 @@ jobs: exit 1 - name: Checkout source repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: source diff --git a/.github/workflows/dispatch-workflow.yml b/.github/workflows/dispatch-workflow.yml index 2115e20..8f6282d 100644 --- a/.github/workflows/dispatch-workflow.yml +++ b/.github/workflows/dispatch-workflow.yml @@ -59,7 +59,7 @@ jobs: steps: - name: Checkout target repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: target @@ -86,7 +86,7 @@ jobs: - name: Checkout source repository if: steps.check_file_existence.outputs.files_exists == 'true' - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false path: source diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index e85699f..b33b4e1 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 776edff..0f39e9f 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false From 0841f67931b8ab36d2396056dee9eb189974e9e2 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 29 Jun 2026 09:41:46 +0200 Subject: [PATCH 03/22] fix(phpunit): Don't cancel PHPUnit runs Should help with flakiness and network issues Signed-off-by: Joas Schilling --- workflow-templates/phpunit-mariadb.yml | 1 + workflow-templates/phpunit-mysql.yml | 1 + workflow-templates/phpunit-oci.yml | 1 + workflow-templates/phpunit-pgsql.yml | 1 + workflow-templates/phpunit-sqlite.yml | 1 + 5 files changed, 5 insertions(+) diff --git a/workflow-templates/phpunit-mariadb.yml b/workflow-templates/phpunit-mariadb.yml index e0afba1..5a578ba 100644 --- a/workflow-templates/phpunit-mariadb.yml +++ b/workflow-templates/phpunit-mariadb.yml @@ -67,6 +67,7 @@ jobs: if: needs.changes.outputs.src != 'false' strategy: + fail-fast: false matrix: php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} diff --git a/workflow-templates/phpunit-mysql.yml b/workflow-templates/phpunit-mysql.yml index 0515478..69db3b5 100644 --- a/workflow-templates/phpunit-mysql.yml +++ b/workflow-templates/phpunit-mysql.yml @@ -68,6 +68,7 @@ jobs: if: needs.changes.outputs.src != 'false' strategy: + fail-fast: false matrix: ${{ fromJson(needs.matrix.outputs.matrix) }} name: MySQL ${{ matrix.mysql-versions }} PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }} diff --git a/workflow-templates/phpunit-oci.yml b/workflow-templates/phpunit-oci.yml index caf3ea7..20c84b1 100644 --- a/workflow-templates/phpunit-oci.yml +++ b/workflow-templates/phpunit-oci.yml @@ -67,6 +67,7 @@ jobs: if: needs.changes.outputs.src != 'false' strategy: + fail-fast: false matrix: php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} diff --git a/workflow-templates/phpunit-pgsql.yml b/workflow-templates/phpunit-pgsql.yml index e7c1507..f93a8b1 100644 --- a/workflow-templates/phpunit-pgsql.yml +++ b/workflow-templates/phpunit-pgsql.yml @@ -67,6 +67,7 @@ jobs: if: needs.changes.outputs.src != 'false' strategy: + fail-fast: false matrix: php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} diff --git a/workflow-templates/phpunit-sqlite.yml b/workflow-templates/phpunit-sqlite.yml index 4f7da8d..06abce1 100644 --- a/workflow-templates/phpunit-sqlite.yml +++ b/workflow-templates/phpunit-sqlite.yml @@ -67,6 +67,7 @@ jobs: if: needs.changes.outputs.src != 'false' strategy: + fail-fast: false matrix: php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }} server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }} From 78230c835065224131a5040c2d35bc8be7cae043 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jun 2026 01:03:07 +0000 Subject: [PATCH 04/22] build(deps): bump actions/cache/save in /workflow-templates Bumps [actions/cache/save](https://github.com/actions/cache) from 5.0.5 to 6.1.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...55cc8345863c7cc4c66a329aec7e433d2d1c52a9) --- updated-dependencies: - dependency-name: actions/cache/save dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- workflow-templates/cypress.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow-templates/cypress.yml b/workflow-templates/cypress.yml index 0410fed..4bbf9b5 100644 --- a/workflow-templates/cypress.yml +++ b/workflow-templates/cypress.yml @@ -81,7 +81,7 @@ jobs: TESTING=true npm run build --if-present - name: Save context - uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/save@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: key: cypress-context-${{ github.run_id }} path: ./ From 30275a7b54c8cb9598f36802c9398fe42125c9c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jun 2026 01:03:28 +0000 Subject: [PATCH 05/22] build(deps): bump actions/cache/restore in /workflow-templates Bumps [actions/cache/restore](https://github.com/actions/cache) from 5.0.5 to 6.1.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...55cc8345863c7cc4c66a329aec7e433d2d1c52a9) --- updated-dependencies: - dependency-name: actions/cache/restore dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- workflow-templates/cypress.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow-templates/cypress.yml b/workflow-templates/cypress.yml index 0410fed..763e259 100644 --- a/workflow-templates/cypress.yml +++ b/workflow-templates/cypress.yml @@ -101,7 +101,7 @@ jobs: steps: - name: Restore context - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: fail-on-cache-miss: true key: cypress-context-${{ github.run_id }} From b78cec8d8be9c7c244d84ebbdb7edc883e07b486 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jun 2026 01:03:56 +0000 Subject: [PATCH 06/22] build(deps): bump actions/cache in /workflow-templates Bumps [actions/cache](https://github.com/actions/cache) from 5.0.5 to 6.1.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...55cc8345863c7cc4c66a329aec7e433d2d1c52a9) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- workflow-templates/command-compile.yml | 2 +- workflow-templates/command-openapi.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/workflow-templates/command-compile.yml b/workflow-templates/command-compile.yml index ccf8274..3a0da7a 100644 --- a/workflow-templates/command-compile.yml +++ b/workflow-templates/command-compile.yml @@ -97,7 +97,7 @@ jobs: steps: - name: Restore cached git repository - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: .git key: git-repo diff --git a/workflow-templates/command-openapi.yml b/workflow-templates/command-openapi.yml index 63d0842..fce03d6 100644 --- a/workflow-templates/command-openapi.yml +++ b/workflow-templates/command-openapi.yml @@ -97,7 +97,7 @@ jobs: steps: - name: Restore cached git repository - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: .git key: git-repo From 98f64f69c183fab4bea2d309da426e9420814df0 Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Tue, 30 Jun 2026 10:37:01 +0200 Subject: [PATCH 07/22] fix: Use bot token instead of PR author Signed-off-by: Andy Scherzinger --- workflow-templates/ai-policy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/workflow-templates/ai-policy.yml b/workflow-templates/ai-policy.yml index 4ddfe34..acc8d30 100644 --- a/workflow-templates/ai-policy.yml +++ b/workflow-templates/ai-policy.yml @@ -32,7 +32,7 @@ jobs: - name: Collect PR commit messages id: collect env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} COMMITS_URL: ${{ github.event.pull_request.commits_url }} run: | set -euo pipefail @@ -125,7 +125,7 @@ jobs: - name: Create 'AI assisted' label if absent if: steps.ai_trailers.outputs.ai_assisted == 'true' || steps.agent_signoff.outputs.agent_signoff == 'true' || steps.co_authored.outputs.co_authored == 'true' env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} run: | gh api "repos/${{ github.repository }}/labels" \ --method POST \ @@ -137,7 +137,7 @@ jobs: - name: Label PR as AI assisted if: steps.ai_trailers.outputs.ai_assisted == 'true' || steps.agent_signoff.outputs.agent_signoff == 'true' || steps.co_authored.outputs.co_authored == 'true' env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} run: | gh pr edit "${{ github.event.pull_request.number }}" \ --repo "${{ github.repository }}" \ From 1f488c5127f3baecf0dfebc27ca5b4fdb7ea9e02 Mon Sep 17 00:00:00 2001 From: Daniel Kesselberg Date: Tue, 30 Jun 2026 21:30:21 +0200 Subject: [PATCH 08/22] feat: Only checkout appinfo/ for xml lint Signed-off-by: Daniel Kesselberg --- workflow-templates/lint-info-xml.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/workflow-templates/lint-info-xml.yml b/workflow-templates/lint-info-xml.yml index 059b2e6..e557052 100644 --- a/workflow-templates/lint-info-xml.yml +++ b/workflow-templates/lint-info-xml.yml @@ -27,6 +27,8 @@ jobs: uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false + sparse-checkout: | + appinfo/ - name: Download schema run: wget https://raw.githubusercontent.com/nextcloud/appstore/master/nextcloudappstore/api/v1/release/info.xsd From 8c92e54219f42660bfd0254200eed6c22ae65c7b Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Fri, 3 Jul 2026 19:01:26 +0200 Subject: [PATCH 09/22] ci: Add lables via rest api gh pr edit --add-label runs a GraphQL query that also fetches org/login fields requiring `read:org`, which COMMAND_BOT_PAT doesn't have. The REST labels endpoint only needs `public_repo`, matching the label-creation step already using REST above it. Assisted-by: Claude:claude-sonnet-5 Co-authored-by: Daniel Kesselberg Signed-off-by: Andy Scherzinger --- .github/workflows/ai-policy.yml | 12 ++++++------ workflow-templates/ai-policy.yml | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ai-policy.yml b/.github/workflows/ai-policy.yml index 4ddfe34..e5c8d7d 100644 --- a/.github/workflows/ai-policy.yml +++ b/.github/workflows/ai-policy.yml @@ -32,7 +32,7 @@ jobs: - name: Collect PR commit messages id: collect env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} COMMITS_URL: ${{ github.event.pull_request.commits_url }} run: | set -euo pipefail @@ -125,7 +125,7 @@ jobs: - name: Create 'AI assisted' label if absent if: steps.ai_trailers.outputs.ai_assisted == 'true' || steps.agent_signoff.outputs.agent_signoff == 'true' || steps.co_authored.outputs.co_authored == 'true' env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} run: | gh api "repos/${{ github.repository }}/labels" \ --method POST \ @@ -137,11 +137,11 @@ jobs: - name: Label PR as AI assisted if: steps.ai_trailers.outputs.ai_assisted == 'true' || steps.agent_signoff.outputs.agent_signoff == 'true' || steps.co_authored.outputs.co_authored == 'true' env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} run: | - gh pr edit "${{ github.event.pull_request.number }}" \ - --repo "${{ github.repository }}" \ - --add-label "AI assisted" + gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels" \ + --method POST \ + -f "labels[]=AI assisted" echo "Added 'AI assisted' label to PR #${{ github.event.pull_request.number }}" - name: Fail on coding-agent Signed-off-by diff --git a/workflow-templates/ai-policy.yml b/workflow-templates/ai-policy.yml index acc8d30..e5c8d7d 100644 --- a/workflow-templates/ai-policy.yml +++ b/workflow-templates/ai-policy.yml @@ -139,9 +139,9 @@ jobs: env: GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} run: | - gh pr edit "${{ github.event.pull_request.number }}" \ - --repo "${{ github.repository }}" \ - --add-label "AI assisted" + gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels" \ + --method POST \ + -f "labels[]=AI assisted" echo "Added 'AI assisted' label to PR #${{ github.event.pull_request.number }}" - name: Fail on coding-agent Signed-off-by From 0e7bfb943a78504309f12f82b26883520d22793c Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Mon, 6 Jul 2026 15:27:26 +0200 Subject: [PATCH 10/22] ci: Fall back to github.token when COMMAND_BOT_PAT is unavailable Dependabot- and fork-triggered pull_request runs don't receive repository or organization Actions secrets, so COMMAND_BOT_PAT resolves to an empty string and gh exits with code 4 before any check runs. The default token always exists and is sufficient for reading commit messages; the label steps keep preferring the PAT when it is available. Assisted-by: Claude:claude-fable-5 Signed-off-by: Andy Scherzinger --- .github/workflows/ai-policy.yml | 12 +++++++++--- workflow-templates/ai-policy.yml | 12 +++++++++--- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ai-policy.yml b/.github/workflows/ai-policy.yml index e5c8d7d..4b4653e 100644 --- a/.github/workflows/ai-policy.yml +++ b/.github/workflows/ai-policy.yml @@ -32,7 +32,9 @@ jobs: - name: Collect PR commit messages id: collect env: - GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} + # Fall back to the default token when the PAT is unavailable + # (e.g. Dependabot- or fork-triggered runs don't receive Actions secrets) + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT || github.token }} COMMITS_URL: ${{ github.event.pull_request.commits_url }} run: | set -euo pipefail @@ -125,7 +127,9 @@ jobs: - name: Create 'AI assisted' label if absent if: steps.ai_trailers.outputs.ai_assisted == 'true' || steps.agent_signoff.outputs.agent_signoff == 'true' || steps.co_authored.outputs.co_authored == 'true' env: - GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} + # Fall back to the default token when the PAT is unavailable + # (e.g. Dependabot- or fork-triggered runs don't receive Actions secrets) + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT || github.token }} run: | gh api "repos/${{ github.repository }}/labels" \ --method POST \ @@ -137,7 +141,9 @@ jobs: - name: Label PR as AI assisted if: steps.ai_trailers.outputs.ai_assisted == 'true' || steps.agent_signoff.outputs.agent_signoff == 'true' || steps.co_authored.outputs.co_authored == 'true' env: - GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} + # Fall back to the default token when the PAT is unavailable + # (e.g. Dependabot- or fork-triggered runs don't receive Actions secrets) + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT || github.token }} run: | gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels" \ --method POST \ diff --git a/workflow-templates/ai-policy.yml b/workflow-templates/ai-policy.yml index e5c8d7d..4b4653e 100644 --- a/workflow-templates/ai-policy.yml +++ b/workflow-templates/ai-policy.yml @@ -32,7 +32,9 @@ jobs: - name: Collect PR commit messages id: collect env: - GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} + # Fall back to the default token when the PAT is unavailable + # (e.g. Dependabot- or fork-triggered runs don't receive Actions secrets) + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT || github.token }} COMMITS_URL: ${{ github.event.pull_request.commits_url }} run: | set -euo pipefail @@ -125,7 +127,9 @@ jobs: - name: Create 'AI assisted' label if absent if: steps.ai_trailers.outputs.ai_assisted == 'true' || steps.agent_signoff.outputs.agent_signoff == 'true' || steps.co_authored.outputs.co_authored == 'true' env: - GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} + # Fall back to the default token when the PAT is unavailable + # (e.g. Dependabot- or fork-triggered runs don't receive Actions secrets) + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT || github.token }} run: | gh api "repos/${{ github.repository }}/labels" \ --method POST \ @@ -137,7 +141,9 @@ jobs: - name: Label PR as AI assisted if: steps.ai_trailers.outputs.ai_assisted == 'true' || steps.agent_signoff.outputs.agent_signoff == 'true' || steps.co_authored.outputs.co_authored == 'true' env: - GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} + # Fall back to the default token when the PAT is unavailable + # (e.g. Dependabot- or fork-triggered runs don't receive Actions secrets) + GH_TOKEN: ${{ secrets.COMMAND_BOT_PAT || github.token }} run: | gh api "repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels" \ --method POST \ From ccc81ecb9a837026a6a20097150d55d06292556c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jul 2026 13:35:36 +0000 Subject: [PATCH 11/22] build(deps): bump cypress-io/github-action in /workflow-templates Bumps [cypress-io/github-action](https://github.com/cypress-io/github-action) from 7.4.0 to 7.4.1. - [Release notes](https://github.com/cypress-io/github-action/releases) - [Changelog](https://github.com/cypress-io/github-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/cypress-io/github-action/compare/948d67d3074f1bbb6379c8bdbb04e95d2f8e593f...fa4a118725a8f001170d49631ea89e5d66fee626) --- updated-dependencies: - dependency-name: cypress-io/github-action dependency-version: 7.4.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- workflow-templates/cypress.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow-templates/cypress.yml b/workflow-templates/cypress.yml index 564f8bd..a078f54 100644 --- a/workflow-templates/cypress.yml +++ b/workflow-templates/cypress.yml @@ -116,7 +116,7 @@ jobs: run: npm i -g 'npm@${{ needs.init.outputs.npmVersion }}' - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests - uses: cypress-io/github-action@948d67d3074f1bbb6379c8bdbb04e95d2f8e593f # v7.4.0 + uses: cypress-io/github-action@fa4a118725a8f001170d49631ea89e5d66fee626 # v7.4.1 with: record: ${{ secrets.CYPRESS_RECORD_KEY && true }} parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }} From 5bf64fecc955d06a9b72e982063173782902e728 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jul 2026 13:40:37 +0000 Subject: [PATCH 12/22] ci(deps): bump zizmorcore/zizmor-action in /.github/workflows Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) from 0.5.6 to 0.5.7. - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/5f14fd08f7cf1cb1609c1e344975f152c7ee938d...192e21d79ab29983730a13d1382995c2307fbcaa) --- updated-dependencies: - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-yaml.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index b33b4e1..0c9d1f1 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -33,7 +33,7 @@ jobs: line-length: warning - name: Run zizmor 🌈 on actions - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 + uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7 with: inputs: '.github/workflows/*.yml' advanced-security: false @@ -41,7 +41,7 @@ jobs: min-severity: 'medium' - name: Run zizmor 🌈 on workflow-templates - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 + uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7 with: inputs: 'workflow-templates/*.yml' advanced-security: false From 0bbc6c8bac4479b0920aa36235f969dac1e6f63c Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 6 Jul 2026 15:40:30 +0200 Subject: [PATCH 13/22] fix(pr-feedback): Update to latest tag and fix name Signed-off-by: Joas Schilling --- workflow-templates/pr-feedback.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow-templates/pr-feedback.yml b/workflow-templates/pr-feedback.yml index f4c0477..4420bf6 100644 --- a/workflow-templates/pr-feedback.yml +++ b/workflow-templates/pr-feedback.yml @@ -36,7 +36,7 @@ jobs: blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -) echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT" - - uses: nextcloud/pr-feedback-action@f0cab224dea8e1f282f9451de322f323c78fc7a5 # main + - uses: nextcloud/pr-feedback-action@5227c55be184087d0aef6338bee210d8620b6297 # v1.0.1 with: feedback-message: | Hello there, From 15e99342f6007fece991ce38a1210004599fa19f Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Tue, 7 Jul 2026 11:02:31 +0200 Subject: [PATCH 14/22] fix: Update user list Signed-off-by: Joas Schilling --- non-community-usernames.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/non-community-usernames.txt b/non-community-usernames.txt index e5654ae..74758c4 100644 --- a/non-community-usernames.txt +++ b/non-community-usernames.txt @@ -6,6 +6,7 @@ Chartman123 cristianscheid dartcafe datenangebot +DerDreschner edward-ly elzody enjeck @@ -20,6 +21,7 @@ JuliaKirschenheuter Koc kra-mo lukasdotcom +max65482 MB-Finski mejo- mgallien @@ -38,11 +40,11 @@ SebastianKrupinski skalidindi53 skjnldsv solracsf +sowjanyakch st3iny +sudormant susnux tcitworld viktorix Yuvrajsinghspd09 ZetaTom -max65482 -DerDreschner From c465aeb5dcac4410dfa676bdabb62c0ca60ee7e0 Mon Sep 17 00:00:00 2001 From: Christian Oliff Date: Tue, 7 Jul 2026 18:19:51 +0900 Subject: [PATCH 15/22] Update social media links in README Replaced Twitter link with Bluesky link in contact section. Signed-off-by: Christian Oliff --- profile/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/profile/README.md b/profile/README.md index 93bbf78..c78ba7e 100644 --- a/profile/README.md +++ b/profile/README.md @@ -31,12 +31,11 @@ Enterprise? Public Sector or Education user? You may want to have a look into [* * [📋 Forum](https://help.nextcloud.com) * [👥 Facebook](https://www.facebook.com/nextclouders) -* [🐣 Twitter](https://twitter.com/Nextclouders) +* [🐣 Bluesky](https://bsky.app/profile/nextcloud.bsky.social) * [🐘 Mastodon](https://mastodon.xyz/@nextcloud) You can also [get support for Nextcloud](https://nextcloud.com/support)! - ## Join the team 👪 There are many ways to contribute, of which development is only one! Find out [how to get involved](https://nextcloud.com/contribute/), including as a [translator](https://help.nextcloud.com/t/translation-knowledge-valid-for-the-entire-nextcloud-project-wiki/51550), designer, tester, helping others, and much more! 😍 From 1db6742a7ef8e7429f418ab58546dd229e2c66b6 Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Tue, 7 Jul 2026 19:55:39 +0200 Subject: [PATCH 16/22] ci: Add release relay action Assisted-by: Claude:claude-fable-5 Signed-off-by: Andy Scherzinger --- .../release-relay.properties.json | 5 +++ workflow-templates/release-relay.yml | 38 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 workflow-templates/release-relay.properties.json create mode 100644 workflow-templates/release-relay.yml diff --git a/workflow-templates/release-relay.properties.json b/workflow-templates/release-relay.properties.json new file mode 100644 index 0000000..53bdc97 --- /dev/null +++ b/workflow-templates/release-relay.properties.json @@ -0,0 +1,5 @@ +{ + "name": "Release Relay", + "description": "Dispatches the repository information and tag of a release to a relay for further release processing", + "iconName": "octicon robot" +} diff --git a/workflow-templates/release-relay.yml b/workflow-templates/release-relay.yml new file mode 100644 index 0000000..0890831 --- /dev/null +++ b/workflow-templates/release-relay.yml @@ -0,0 +1,38 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT + +name: Notify release-relay on release + +on: + release: + types: [published] + +permissions: + contents: read + +jobs: + notify: + name: Dispatch release to release-relay + runs-on: ubuntu-latest + + # Only allowed to run on nextcloud-releases repositories + if: ${{ github.repository_owner == 'nextcloud-releases' }} + + steps: + - name: Check actor permission + uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 + with: + require: write + + - name: Dispatch to release-relay + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 + with: + token: ${{ secrets.DISPATCH_PAT }} + repository: nextcloud-gmbh/release-relay + event-type: app-tagged + client-payload: '{"app": "${{ github.repository }}", "tag": "${{ github.event.release.tag_name }}"}' From df58428133a8396a005fa8832810b043b6ebb3a4 Mon Sep 17 00:00:00 2001 From: David Dreschner Date: Wed, 8 Jul 2026 02:19:20 +0200 Subject: [PATCH 17/22] feat: Use ramsey/composer-install to use caching of composer dependencies Signed-off-by: David Dreschner --- workflow-templates/appstore-build-publish.yml | 8 +++++--- workflow-templates/command-openapi.yml | 4 ++-- workflow-templates/cypress.yml | 4 +++- workflow-templates/lint-php-cs.yml | 6 ++++-- workflow-templates/openapi.yml | 4 ++-- workflow-templates/phpstan.yml | 8 +++++--- workflow-templates/phpunit-mariadb.yml | 8 ++++++-- workflow-templates/phpunit-mysql.yml | 8 ++++++-- workflow-templates/phpunit-oci.yml | 8 ++++++-- workflow-templates/phpunit-pgsql.yml | 8 ++++++-- workflow-templates/phpunit-sqlite.yml | 8 ++++++-- workflow-templates/psalm-matrix.yml | 12 ++++++++---- workflow-templates/psalm.yml | 8 +++++--- workflow-templates/rector-apply.yml | 6 ++++-- workflow-templates/update-nextcloud-ocp-matrix.yml | 4 ++-- workflow-templates/update-nextcloud-ocp.yml | 4 ++-- 16 files changed, 72 insertions(+), 36 deletions(-) diff --git a/workflow-templates/appstore-build-publish.yml b/workflow-templates/appstore-build-publish.yml index 984567e..c4cf97f 100644 --- a/workflow-templates/appstore-build-publish.yml +++ b/workflow-templates/appstore-build-publish.yml @@ -103,9 +103,11 @@ jobs: - name: Install composer dependencies if: steps.check_composer.outputs.files_exists == 'true' - run: | - cd ${{ env.APP_NAME }} - composer install --no-dev + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + with: + composer-options: '--no-dev' + working-directory: ${{ env.APP_NAME }} + ignore-cache: 'yes' - name: Build ${{ env.APP_NAME }} # Skip if no package.json diff --git a/workflow-templates/command-openapi.yml b/workflow-templates/command-openapi.yml index fce03d6..83bae89 100644 --- a/workflow-templates/command-openapi.yml +++ b/workflow-templates/command-openapi.yml @@ -155,8 +155,8 @@ jobs: run: | npm ci - - name: Set up dependencies - run: composer i + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 - name: Regenerate OpenAPI run: composer run openapi diff --git a/workflow-templates/cypress.yml b/workflow-templates/cypress.yml index a078f54..f8df157 100644 --- a/workflow-templates/cypress.yml +++ b/workflow-templates/cypress.yml @@ -58,7 +58,9 @@ jobs: - name: Install composer dependencies if: steps.check_composer.outputs.files_exists == 'true' - run: composer install --no-dev + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + with: + composer-options: '--no-dev' - name: Read package.json node and npm engines version uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3 diff --git a/workflow-templates/lint-php-cs.yml b/workflow-templates/lint-php-cs.yml index bb67a00..0a65977 100644 --- a/workflow-templates/lint-php-cs.yml +++ b/workflow-templates/lint-php-cs.yml @@ -43,10 +43,12 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies + - name: Remove nextcloud/ocp run: | composer remove nextcloud/ocp --dev --no-scripts - composer i + + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 - name: Lint run: composer run cs:check || ( echo 'Please run `composer run cs:fix` to format your code' && exit 1 ) diff --git a/workflow-templates/openapi.yml b/workflow-templates/openapi.yml index f4dba56..20c1a5c 100644 --- a/workflow-templates/openapi.yml +++ b/workflow-templates/openapi.yml @@ -78,8 +78,8 @@ jobs: run: | npm ci - - name: Set up dependencies - run: composer i + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 - name: Regenerate OpenAPI run: composer run openapi diff --git a/workflow-templates/phpstan.yml b/workflow-templates/phpstan.yml index 7c1f25d..fc89a06 100644 --- a/workflow-templates/phpstan.yml +++ b/workflow-templates/phpstan.yml @@ -47,12 +47,14 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies + - name: Remove nextcloud/ocp run: | composer remove nextcloud/ocp --dev --no-scripts - composer i - - name: Install nextcloud/ocp + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + + - name: Install nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies - name: Run coding standards check diff --git a/workflow-templates/phpunit-mariadb.yml b/workflow-templates/phpunit-mariadb.yml index 5a578ba..2e7b92b 100644 --- a/workflow-templates/phpunit-mariadb.yml +++ b/workflow-templates/phpunit-mariadb.yml @@ -129,13 +129,17 @@ jobs: with: files: apps/${{ env.APP_NAME }}/composer.json - - name: Set up dependencies + - name: Remove nextcloud/ocp # Only run if phpunit config file exists if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} run: | composer remove nextcloud/ocp --dev --no-scripts - composer i + + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + with: + working-directory: apps/${{ env.APP_NAME }} - name: Set up Nextcloud env: diff --git a/workflow-templates/phpunit-mysql.yml b/workflow-templates/phpunit-mysql.yml index 69db3b5..bca76cc 100644 --- a/workflow-templates/phpunit-mysql.yml +++ b/workflow-templates/phpunit-mysql.yml @@ -127,14 +127,18 @@ jobs: with: files: apps/${{ env.APP_NAME }}/composer.json - - name: Set up dependencies + - name: Remove nextcloud/ocp # Only run if phpunit config file exists if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} run: | composer remove nextcloud/ocp --dev --no-scripts - composer i + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + with: + working-directory: apps/${{ env.APP_NAME }} + - name: Set up Nextcloud env: DB_PORT: 4444 diff --git a/workflow-templates/phpunit-oci.yml b/workflow-templates/phpunit-oci.yml index 20c84b1..60dd354 100644 --- a/workflow-templates/phpunit-oci.yml +++ b/workflow-templates/phpunit-oci.yml @@ -134,14 +134,18 @@ jobs: with: files: apps/${{ env.APP_NAME }}/composer.json - - name: Set up dependencies + - name: Remove nextcloud/ocp # Only run if phpunit config file exists if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} run: | composer remove nextcloud/ocp --dev --no-scripts - composer i + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + with: + working-directory: apps/${{ env.APP_NAME }} + - name: Set up Nextcloud env: DB_PORT: 1521 diff --git a/workflow-templates/phpunit-pgsql.yml b/workflow-templates/phpunit-pgsql.yml index f93a8b1..1b6cbdb 100644 --- a/workflow-templates/phpunit-pgsql.yml +++ b/workflow-templates/phpunit-pgsql.yml @@ -125,14 +125,18 @@ jobs: with: files: apps/${{ env.APP_NAME }}/composer.json - - name: Set up dependencies + - name: Remove nextcloud/ocp # Only run if phpunit config file exists if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} run: | composer remove nextcloud/ocp --dev --no-scripts - composer i + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + with: + working-directory: apps/${{ env.APP_NAME }} + - name: Set up Nextcloud env: DB_PORT: 4444 diff --git a/workflow-templates/phpunit-sqlite.yml b/workflow-templates/phpunit-sqlite.yml index 06abce1..e459800 100644 --- a/workflow-templates/phpunit-sqlite.yml +++ b/workflow-templates/phpunit-sqlite.yml @@ -114,14 +114,18 @@ jobs: with: files: apps/${{ env.APP_NAME }}/composer.json - - name: Set up dependencies + - name: Remove nextcloud/ocp # Only run if phpunit config file exists if: steps.check_composer.outputs.files_exists == 'true' working-directory: apps/${{ env.APP_NAME }} run: | composer remove nextcloud/ocp --dev --no-scripts - composer i + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + with: + working-directory: apps/${{ env.APP_NAME }} + - name: Set up Nextcloud env: DB_PORT: 4444 diff --git a/workflow-templates/psalm-matrix.yml b/workflow-templates/psalm-matrix.yml index 2f72873..bad25a0 100644 --- a/workflow-templates/psalm-matrix.yml +++ b/workflow-templates/psalm-matrix.yml @@ -63,13 +63,17 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies + - name: Remove nextcloud/ocp run: | composer remove nextcloud/ocp --dev --no-scripts - composer i - - name: Install dependencies # zizmor: ignore[template-injection] - run: composer require --dev 'nextcloud/ocp:${{ matrix.ocp-version }}' --ignore-platform-reqs --with-dependencies + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + + - name: Install nextcloud/ocp:${{ matrix.ocp-version }} + env: + OCP_VERSION: ${{ matrix.ocp-version }} + run: composer require --dev "nextcloud/ocp:$OCP_VERSION" --ignore-platform-reqs --with-dependencies - name: Run coding standards check run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github diff --git a/workflow-templates/psalm.yml b/workflow-templates/psalm.yml index 82f306e..aa784ed 100644 --- a/workflow-templates/psalm.yml +++ b/workflow-templates/psalm.yml @@ -47,12 +47,14 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies + - name: Remove nextcloud/ocp run: | composer remove nextcloud/ocp --dev --no-scripts - composer i - - name: Install nextcloud/ocp + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + + - name: Install nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies - name: Run coding standards check diff --git a/workflow-templates/rector-apply.yml b/workflow-templates/rector-apply.yml index 48a746a..1b53131 100644 --- a/workflow-templates/rector-apply.yml +++ b/workflow-templates/rector-apply.yml @@ -45,11 +45,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies + - name: Remove nextcloud/ocp run: | composer remove nextcloud/ocp --dev --no-scripts - composer i + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 + - name: Rector run: composer run rector diff --git a/workflow-templates/update-nextcloud-ocp-matrix.yml b/workflow-templates/update-nextcloud-ocp-matrix.yml index ecaf3d8..fff6a40 100644 --- a/workflow-templates/update-nextcloud-ocp-matrix.yml +++ b/workflow-templates/update-nextcloud-ocp-matrix.yml @@ -59,8 +59,8 @@ jobs: grep '/appinfo/info.xml' .github/CODEOWNERS | cut -f 2- -d ' ' | xargs | awk '{ print "codeowners="$0 }' >> $GITHUB_OUTPUT continue-on-error: true - - name: Composer install - run: composer install + - name: Install composer dependencies + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 - name: Check composer bin for nextcloud/ocp exists id: check_composer_bin diff --git a/workflow-templates/update-nextcloud-ocp.yml b/workflow-templates/update-nextcloud-ocp.yml index 6a28a33..8162864 100644 --- a/workflow-templates/update-nextcloud-ocp.yml +++ b/workflow-templates/update-nextcloud-ocp.yml @@ -62,9 +62,9 @@ jobs: grep '/appinfo/info.xml' .github/CODEOWNERS | cut -f 2- -d ' ' | xargs | awk '{ print "codeowners="$0 }' >> $GITHUB_OUTPUT continue-on-error: true - - name: Composer install + - name: Install composer dependencies if: steps.checkout.outcome == 'success' - run: composer install + uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 - name: Check composer bin for nextcloud/ocp exists id: check_composer_bin From fa76c97682db6fffbaa8ce11ebf030011512bb05 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 8 Jul 2026 09:01:49 +0200 Subject: [PATCH 18/22] docs(workflows): Document workflow sync and patching Signed-off-by: Joas Schilling --- README.md | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index dd5bced..8b5c8c3 100644 --- a/README.md +++ b/README.md @@ -12,18 +12,29 @@ https://github.com/nextcloud/viewer/actions/new ![image](https://raw.githubusercontent.com/nextcloud/.github/master/screenshots/choose-a-workflow.png) -## Auto-update repositories +## Auto-update in a repository -For each template, you can propagate them on all the repos that use it. -1. Go into https://github.com/nextcloud/.github/actions/workflows/dispatch-workflow.yml -2. Enter the name of the workflow you want to dispatch -3. Enter the page you want to execute (100 are done per page, so check the [number of repositories](https://github.com/orgs/nextcloud/repositories), current is 260 so run for page: 1, 2 and 3) +There is a GitHub action for that as well. Simply install +https://github.com/nextcloud/.github/blob/master/workflow-templates/sync-workflow-templates.yml +into your repository and a cron job will update the workflows from the template every sunday morning. - ![image](https://raw.githubusercontent.com/nextcloud/.github/master/screenshots/dispatch-a-workflow.png) +> ![NOTE] +> GitHub does not allow pull request that touch workflows to be auto-approved and auto-merged to improve security. +> But it's at least much easier to be aware of the updates and you just need to approve and merge the PRs. -4. Wait for the actions to finish and see the checkout the pull requests +## Patching workflows -## Update workflows with a script +It's also possible to customise workflows by putting a `workflow.yml.patch` file right next to it. +The patch files should be one per workflow and made from the repository root: + +Example: +1. Modify `.github/workflows/phpunit-mariadb.yml` +2. Save patch `git diff .github/workflows/phpunit-mariadb.yml > .github/workflows/phpunit-mariadb.yml.patch` + +The `sync-workflow-templates.yml` action also supports this and reapplies the patches if possible. +If there was an error it will be outlined in the PR description. + +## Update workflows manually You can also run the following shell script on your machine to update all workflows of an app. It should be run inside the cloned repository of an app and requires rsync to be installed. @@ -51,6 +62,15 @@ rsync -vr \ "$temp/workflow-templates/" \ ./.github/workflows/ +# Reapply patches +for patch in ./.github/workflows/*.yml.patch; do + [ ! -f "$patch" ] && continue + echo "🩹 Applying $patch" + if ! patch -p1 < "$patch"; then + echo "❌ Failed to apply $patch, please resolve manually" + fi +done + # Cleanup rm -rf "$temp" ``` From b8c941690541c314703c8969b7193be69935f2eb Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 8 Jul 2026 09:12:00 +0200 Subject: [PATCH 19/22] docs: Fix note block Signed-off-by: Joas Schilling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8b5c8c3..c0f8be6 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ There is a GitHub action for that as well. Simply install https://github.com/nextcloud/.github/blob/master/workflow-templates/sync-workflow-templates.yml into your repository and a cron job will update the workflows from the template every sunday morning. -> ![NOTE] +> [!NOTE] > GitHub does not allow pull request that touch workflows to be auto-approved and auto-merged to improve security. > But it's at least much easier to be aware of the updates and you just need to approve and merge the PRs. From 20b2af5742bf38896a28ce7bf003f6d1756d81c4 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 8 Jul 2026 09:56:11 +0200 Subject: [PATCH 20/22] docs(workflows): Improve docs a little bit Signed-off-by: Joas Schilling --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c0f8be6..7bbe9ce 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ SPDX-License-Identifier: MIT # This repository contains Nextcloud's workflow templates -## Setup a new template on your repository +## Set up a new template on your repository When creating a new workflow on your repository, you will see templates originating from here. https://github.com/nextcloud/viewer/actions/new @@ -18,10 +18,13 @@ There is a GitHub action for that as well. Simply install https://github.com/nextcloud/.github/blob/master/workflow-templates/sync-workflow-templates.yml into your repository and a cron job will update the workflows from the template every sunday morning. -> [!NOTE] +> [!IMPORTANT] > GitHub does not allow pull request that touch workflows to be auto-approved and auto-merged to improve security. > But it's at least much easier to be aware of the updates and you just need to approve and merge the PRs. +> [!WARNING] +> Do not forget to check the diff for conflicts and missing patches before approving, especially when updating the workflows on stable branches! + ## Patching workflows It's also possible to customise workflows by putting a `workflow.yml.patch` file right next to it. @@ -38,7 +41,8 @@ If there was an error it will be outlined in the PR description. You can also run the following shell script on your machine to update all workflows of an app. It should be run inside the cloned repository of an app and requires rsync to be installed. -⚠️ Do not forget to check the diff for unwanted changes before committing, especially when updating the workflows on stable branches! +> [!WARNING] +> Do not forget to check the diff for unwanted changes before committing, especially when updating the workflows on stable branches! ```sh #!/bin/sh From f250d24361eb1ff356c46a3500bbcac2ec9ce913 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 8 Jul 2026 09:58:21 +0200 Subject: [PATCH 21/22] chore: Remove trailing whitespaces Signed-off-by: Joas Schilling --- .github/workflows/dispatch-workflow-repo.yml | 2 +- SECURITY.md | 40 ++++++++++---------- workflow-templates/phpunit-mysql.yml | 2 +- workflow-templates/phpunit-oci.yml | 2 +- workflow-templates/phpunit-pgsql.yml | 2 +- workflow-templates/phpunit-sqlite.yml | 2 +- workflow-templates/psalm-matrix.yml | 2 +- workflow-templates/psalm.yml | 2 +- workflow-templates/rector-apply.yml | 2 +- 9 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml index c6dda7f..39832e8 100644 --- a/.github/workflows/dispatch-workflow-repo.yml +++ b/.github/workflows/dispatch-workflow-repo.yml @@ -69,7 +69,7 @@ jobs: if [ -f "$workflow" ]; then filename=$(basename "$workflow") target_file="./target/.github/workflows/$filename" - + # Only copy if the file exists in the target repository if [ -f "$target_file" ]; then echo "Updating existing workflow: $filename" diff --git a/SECURITY.md b/SECURITY.md index 7cc19cb..4306758 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -3,14 +3,14 @@ SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors SPDX-License-Identifier: MIT --> -# Security Policy +# Security Policy ## 💡 TLDR: Report security issues at [hackerone.com/nextcloud](https://hackerone.com/nextcloud) ### Found a security bug in Nextcloud? Let's get it fixed! -If you believe you have found an issue that meets our -[definition of a security vulnerability](https://nextcloud.com/security/threat-model), +If you believe you have found an issue that meets our +[definition of a security vulnerability](https://nextcloud.com/security/threat-model), we encourage you to let us know right away. Please use the reporting process described below. | If you are a... | See section... | @@ -36,8 +36,8 @@ Your report should include: If you require encrypted communication, please request it in your initial message. -> **Note:** This process is for confidential reporting of software vulnerabilities only. -> For general support or configuration help, see +> **Note:** This process is for confidential reporting of software vulnerabilities only. +> For general support or configuration help, see > [Nextcloud Support](https://nextcloud.com/support/). ## What to Expect After Reporting @@ -50,42 +50,42 @@ A member of our security team will: - Follow up with any questions - Coordinate the fix and public disclosure -We apply, test, and release fixes for all relevant, supported stable branches in the next -security update. Vulnerabilities are publicly announced after the fix is released. As a thank +We apply, test, and release fixes for all relevant, supported stable branches in the next +security update. Vulnerabilities are publicly announced after the fix is released. As a thank you, we will add your name to our [Hall of Fame](https://hackerone.com/nextcloud/thanks). -If your report concerns an app not maintained by Nextcloud (e.g., community-maintained apps -hosted by Nextcloud or hosted elsewhere), our security team will coordinate with the current +If your report concerns an app not maintained by Nextcloud (e.g., community-maintained apps +hosted by Nextcloud or hosted elsewhere), our security team will coordinate with the current maintainer to help resolve the issue in a similar fashion. ## Bug Bounties -If you are interested in a bug bounty, please note that complete, detailed reports can -contribute to higher bounty awards. Details on past bounties are available at +If you are interested in a bug bounty, please note that complete, detailed reports can +contribute to higher bounty awards. Details on past bounties are available at [HackerOne](https://hackerone.com/nextcloud). ## Security Advisories -Published advisories for Nextcloud Server, Clients, and Apps are available at the -[Nextcloud Security Advisories](https://github.com/nextcloud/security-advisories/security/advisories) +Published advisories for Nextcloud Server, Clients, and Apps are available at the +[Nextcloud Security Advisories](https://github.com/nextcloud/security-advisories/security/advisories) page. ## Supported Versions -Each major release of Nextcloud Server receives security updates for one year from its -initial release date. The Nextcloud project typically supports at least the two most recent +Each major release of Nextcloud Server receives security updates for one year from its +initial release date. The Nextcloud project typically supports at least the two most recent major releases. To stay protected: - Ensure your Nextcloud Server is always running a supported major release -- Promptly apply all maintenance releases (these include critical security and functionality +- Promptly apply all maintenance releases (these include critical security and functionality bug fixes) -- Monitor the end-of-life (EOL) date for your major release (after this date, no further - maintenance releases will be published. Upgrading to a newer major release is strongly +- Monitor the end-of-life (EOL) date for your major release (after this date, no further + maintenance releases will be published. Upgrading to a newer major release is strongly recommended.) -See the -[Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) +See the +[Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule) for details. --- diff --git a/workflow-templates/phpunit-mysql.yml b/workflow-templates/phpunit-mysql.yml index bca76cc..596d91e 100644 --- a/workflow-templates/phpunit-mysql.yml +++ b/workflow-templates/phpunit-mysql.yml @@ -138,7 +138,7 @@ jobs: uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 with: working-directory: apps/${{ env.APP_NAME }} - + - name: Set up Nextcloud env: DB_PORT: 4444 diff --git a/workflow-templates/phpunit-oci.yml b/workflow-templates/phpunit-oci.yml index 60dd354..4314399 100644 --- a/workflow-templates/phpunit-oci.yml +++ b/workflow-templates/phpunit-oci.yml @@ -145,7 +145,7 @@ jobs: uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 with: working-directory: apps/${{ env.APP_NAME }} - + - name: Set up Nextcloud env: DB_PORT: 1521 diff --git a/workflow-templates/phpunit-pgsql.yml b/workflow-templates/phpunit-pgsql.yml index 1b6cbdb..dab23f2 100644 --- a/workflow-templates/phpunit-pgsql.yml +++ b/workflow-templates/phpunit-pgsql.yml @@ -136,7 +136,7 @@ jobs: uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 with: working-directory: apps/${{ env.APP_NAME }} - + - name: Set up Nextcloud env: DB_PORT: 4444 diff --git a/workflow-templates/phpunit-sqlite.yml b/workflow-templates/phpunit-sqlite.yml index e459800..273400a 100644 --- a/workflow-templates/phpunit-sqlite.yml +++ b/workflow-templates/phpunit-sqlite.yml @@ -125,7 +125,7 @@ jobs: uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 with: working-directory: apps/${{ env.APP_NAME }} - + - name: Set up Nextcloud env: DB_PORT: 4444 diff --git a/workflow-templates/psalm-matrix.yml b/workflow-templates/psalm-matrix.yml index bad25a0..b2d0ff1 100644 --- a/workflow-templates/psalm-matrix.yml +++ b/workflow-templates/psalm-matrix.yml @@ -69,7 +69,7 @@ jobs: - name: Install composer dependencies uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 - + - name: Install nextcloud/ocp:${{ matrix.ocp-version }} env: OCP_VERSION: ${{ matrix.ocp-version }} diff --git a/workflow-templates/psalm.yml b/workflow-templates/psalm.yml index aa784ed..4feadcb 100644 --- a/workflow-templates/psalm.yml +++ b/workflow-templates/psalm.yml @@ -53,7 +53,7 @@ jobs: - name: Install composer dependencies uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 - + - name: Install nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} run: composer require --dev nextcloud/ocp:dev-${{ steps.versions.outputs.branches-max }} --ignore-platform-reqs --with-dependencies diff --git a/workflow-templates/rector-apply.yml b/workflow-templates/rector-apply.yml index 1b53131..c61c5b1 100644 --- a/workflow-templates/rector-apply.yml +++ b/workflow-templates/rector-apply.yml @@ -51,7 +51,7 @@ jobs: - name: Install composer dependencies uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # 4.0.0 - + - name: Rector run: composer run rector From 6a18eb5754cae5ca49ef383340810ec012040360 Mon Sep 17 00:00:00 2001 From: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com> Date: Fri, 10 Jul 2026 08:35:15 +0200 Subject: [PATCH 22/22] fix: add odzhychko Signed-off-by: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com> --- non-community-usernames.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/non-community-usernames.txt b/non-community-usernames.txt index 74758c4..a92ed53 100644 --- a/non-community-usernames.txt +++ b/non-community-usernames.txt @@ -31,6 +31,7 @@ nextcloud-android-bot nextcloud-bot nextcloud-command nfebe +odzhychko Pytal raimund-schluessler rakekniven