From fea3438f2a1600b142931ff9b4576f192d3fcb93 Mon Sep 17 00:00:00 2001 From: Nextcloud bot Date: Mon, 22 Jun 2026 22:12:16 +0000 Subject: [PATCH] ci: update all workflow templates from organization template repository Signed-off-by: Nextcloud bot --- .../block-unconventional-commits.yml | 2 +- .github/workflows/cypress.yml | 165 ++++++++++-------- .../workflows/dependabot-approve-merge.yml | 46 ++++- .github/workflows/documentation.yml | 5 +- .github/workflows/node-test.yml | 4 +- .github/workflows/npm-publish.yml | 5 +- .github/workflows/reuse.yml | 2 +- 7 files changed, 142 insertions(+), 87 deletions(-) diff --git a/.github/workflows/block-unconventional-commits.yml b/.github/workflows/block-unconventional-commits.yml index decb6301..d6930d37 100644 --- a/.github/workflows/block-unconventional-commits.yml +++ b/.github/workflows/block-unconventional-commits.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml index a4376faf..fd848f16 100644 --- a/.github/workflows/cypress.yml +++ b/.github/workflows/cypress.yml @@ -1,132 +1,149 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud-libraries/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# # SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT + name: Cypress -on: - pull_request: - push: - branches: - - main - - master - - stable* +on: pull_request + +concurrency: + group: cypress-${{ github.head_ref || github.run_id }} + cancel-in-progress: true env: - BRANCH: ${{ github.base_ref || github.event.repository.default_branch }} + # Adjust APP_NAME if your repository name is different + APP_NAME: ${{ github.event.repository.name }} + + # This represents the server branch to checkout. + # Usually it's the base branch of the PR, but for pushes it's the branch itself. + # e.g. 'main', 'stable27' or 'feature/my-feature' + # n.b. server will use head_ref, as we want to test the PR branch. + BRANCH: ${{ github.base_ref || github.ref_name }} + + +permissions: + contents: read jobs: - cypress-e2e: + init: runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - # run multiple copies of the current job in parallel - containers: [1] + env: + PUPPETEER_SKIP_DOWNLOAD: true - name: e2e runner ${{ matrix.containers }} steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Read package.json - uses: nextcloud-libraries/parse-package-engines-action@122ae05d4257008180a514e1ddeb0c1b9d094bdd # v0.1.0 - id: versions - - - name: Set up node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + - name: Disabled on forks + if: ${{ github.event.pull_request.head.repo.full_name != github.repository }} + run: | + echo 'Can not run cypress on forks' + exit 1 + + - name: Checkout app + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: - node-version: ${{ steps.versions.outputs.node-version }} + persist-credentials: false - - name: Set up npm - run: npm i -g 'npm@${{ steps.versions.outputs.package-manager-version }}' + - name: Check composer.json + id: check_composer + uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0 + with: + files: 'composer.json' - - name: Pull server image - run: docker pull ghcr.io/nextcloud/continuous-integration-shallow-server + - name: Install composer dependencies + if: steps.check_composer.outputs.files_exists == 'true' + run: composer install --no-dev - - name: Run E2E cypress tests - uses: cypress-io/github-action@948d67d3074f1bbb6379c8bdbb04e95d2f8e593f # v7.4.0 + - name: Set up node + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - # cypress io - record: true - parallel: true - # cypress env - ci-build-id: ${{ github.sha }}-${{ github.run_number }} - tag: ${{ github.event_name }} - group: 'E2E' - # Build library before using it - build: npm run build:instrumented - env: - # Needs to be prefixed with CYPRESS_ - CYPRESS_BRANCH: ${{ env.BRANCH }} - # https://github.com/cypress-io/github-action/issues/124 - COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} + node-version-file: 'package.json' + + - name: Install node dependencies & build app + run: | + npm ci + TESTING=true npm run build --if-present - - name: Collect coverage - uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 + - name: Save context + uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: - files: ./coverage/lcov.info + key: cypress-context-${{ github.run_id }} + path: ./ - cypress-component: + cypress: runs-on: ubuntu-latest + needs: init strategy: fail-fast: false matrix: - # run multiple copies of the current job in parallel - containers: [1] + # Run multiple copies of the current job in parallel + # Please increase the number or runners as your tests suite grows + containers: ['component'] + + name: runner ${{ matrix.containers }} - name: component runner ${{ matrix.containers }} steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Restore context + uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + with: + fail-on-cache-miss: true + key: cypress-context-${{ github.run_id }} + path: ./ - name: Read package.json uses: nextcloud-libraries/parse-package-engines-action@122ae05d4257008180a514e1ddeb0c1b9d094bdd # v0.1.0 id: versions - name: Set up node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.node-version }} - name: Set up npm run: npm i -g 'npm@${{ steps.versions.outputs.package-manager-version }}' - - name: Run Components cypress tests + - name: Run ${{ startsWith(matrix.containers, 'component') && 'component' || 'E2E' }} cypress tests uses: cypress-io/github-action@948d67d3074f1bbb6379c8bdbb04e95d2f8e593f # v7.4.0 with: - # to run component tests we need to use "component: true" - component: true - # cypress io - record: true - parallel: true + record: ${{ secrets.CYPRESS_RECORD_KEY && true }} + parallel: ${{ secrets.CYPRESS_RECORD_KEY && true }} + # cypress run type + component: ${{ startsWith(matrix.containers, 'component') }} + group: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_GROUP }} # cypress env - ci-build-id: ${{ github.sha }}-${{ github.run_number }} - tag: ${{ github.event_name }} - group: 'Components' - # Tests use (instrumented) built files - build: npm run build:instrumented + ci-build-id: ${{ secrets.CYPRESS_RECORD_KEY && env.CYPRESS_BUILD_ID }} + tag: ${{ secrets.CYPRESS_RECORD_KEY && github.event_name }} env: # Needs to be prefixed with CYPRESS_ CYPRESS_BRANCH: ${{ env.BRANCH }} # https://github.com/cypress-io/github-action/issues/124 - COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }} + COMMIT_INFO_MESSAGE: ${{ github.event.pull_request.title }} + # Needed for some specific code workarounds + TESTING: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} + CYPRESS_BUILD_ID: ${{ github.sha }}-${{ github.run_number }} + CYPRESS_GROUP: Run ${{ startsWith(matrix.containers, 'component') && 'component' || 'E2E' }} - - name: Collect coverage - uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 + - name: Upload snapshots + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: always() with: - files: ./coverage/lcov.info + name: snapshots_${{ matrix.containers }} + path: cypress/snapshots summary: runs-on: ubuntu-latest - needs: [cypress-e2e, cypress-component] + needs: [init, cypress] + if: always() name: cypress-summary + steps: - name: Summary status - run: if ${{ (needs.cypress-e2e.result != 'success' && needs.cypress-e2e.result != 'skipped') || (needs.cypress-component.result != 'success' && needs.cypress-component.result != 'skipped') }}; then exit 1; fi + run: if ${{ needs.init.result != 'success' || ( needs.cypress.result != 'success' && needs.cypress.result != 'skipped' ) }}; then exit 1; fi diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 2ce753bd..1bd39eee 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]' runs-on: ubuntu-latest permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve step to work pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,51 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 + - name: Dependabot metadata + id: metadata if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Check for ignored dependencies in the PR + id: validate + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + env: + IGNORE_PATTERN: ${{ env.IGNORE_PATTERN }} + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} + run: | + if [[ -z ${IGNORE_PATTERN} ]]; then + echo "ignore=false" >> "$GITHUB_OUTPUT" + elif [[ -z ${DEPENDENCY_NAMES} ]]; then + echo "ignore=false" >> "$GITHUB_OUTPUT" + elif [[ ${DEPENDENCY_NAMES} =~ ${IGNORE_PATTERN} ]]; then + echo "ignore=true" >> "$GITHUB_OUTPUT" + fi + + - name: GitHub actions bot approve + id: auto_approve + if: ${{ + startsWith(steps.branchname.outputs.branch, 'dependabot/') + && steps.validate.outputs.ignore != 'true' + }} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # v3.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # 3.0.0 + if: ${{ + startsWith(steps.branchname.outputs.branch, 'dependabot/') + && steps.auto_approve.conclusion == 'success' + && (github.event.action == 'opened' || github.event.action == 'reopened') + && ( + steps.metadata.outputs.update-type == 'version-update:semver-patch' + || (fromJSON(env.ALLOW_MINOR) && steps.metadata.outputs.update-type == 'version-update:semver-minor') + || (fromJSON(env.ALLOW_MAJOR) && steps.metadata.outputs.update-type == 'version-update:semver-major') + ) + }} with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 33ca1c48..7e73a123 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -23,7 +23,7 @@ jobs: name: Build and deploy steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -32,9 +32,10 @@ jobs: id: versions - name: Set up node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.node-version }} + package-manager-cache: false - name: Set up npm run: npm i -g 'npm@${{ steps.versions.outputs.package-manager-version }}' diff --git a/.github/workflows/node-test.yml b/.github/workflows/node-test.yml index a3d81db8..8fe6b01f 100644 --- a/.github/workflows/node-test.yml +++ b/.github/workflows/node-test.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -39,7 +39,7 @@ jobs: id: versions - name: Set up node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.node-version }} diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index 0d6677c5..cb087d62 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -33,9 +33,10 @@ jobs: id: versions - name: Set up node - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: ${{ steps.versions.outputs.node-version }} + package-manager-cache: false registry-url: https://registry.npmjs.org - name: Set up npm diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index cd4ee56a..2f4b2f2f 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false