diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 2e2b6fec..76340acb 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -24,10 +24,17 @@ concurrency: jobs: auto-approve-merge: - if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]' + if: github.event.pull_request.user.login == 'dependabot[bot]' runs-on: ubuntu-latest-low + env: + # env variable for maintainers: 'true' allows to auto-merge 1.0.2 -> 2.0.0 + ALLOW_MAJOR: false + # env variable for maintainers: 'true' allows to auto-merge 1.0.2 -> 1.1.0 + ALLOW_MINOR: true + # env variable for maintainers: RegExp string to ignore some dependencies from auto-approve and auto-merge + IGNORE_PATTERN: '' permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve step to work pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +51,51 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && contains(steps.branchname.outputs.branch, '/webrtc-adapter-') != true && contains(steps.branchname.outputs.branch, '/nextcloud/vue-') != true + - name: Dependabot metadata + id: metadata + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Check for ignored dependencies in the PR + id: validate + if: startsWith(steps.branchname.outputs.branch, 'dependabot/') + env: + IGNORE_PATTERN: ${{ env.IGNORE_PATTERN }} + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} + run: | + if [[ -z ${IGNORE_PATTERN} ]]; then + echo "ignore=false" >> "$GITHUB_OUTPUT" + elif [[ -z ${DEPENDENCY_NAMES} ]]; then + echo "ignore=false" >> "$GITHUB_OUTPUT" + elif [[ ${DEPENDENCY_NAMES} =~ ${IGNORE_PATTERN} ]]; then + echo "ignore=true" >> "$GITHUB_OUTPUT" + fi + + - name: GitHub actions bot approve + id: auto_approve + if: ${{ + startsWith(steps.branchname.outputs.branch, 'dependabot/') + && steps.validate.outputs.ignore != 'true' + }} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # v3.0.0 - if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && contains(steps.branchname.outputs.branch, '/webrtc-adapter-') != true && contains(steps.branchname.outputs.branch, '/nextcloud/vue-') != true + uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # 3.0.0 + if: ${{ + startsWith(steps.branchname.outputs.branch, 'dependabot/') + && steps.auto_approve.conclusion == 'success' + && (github.event.action == 'opened' || github.event.action == 'reopened') + && ( + steps.metadata.outputs.update-type == 'version-update:semver-patch' + || (fromJSON(env.ALLOW_MINOR) && steps.metadata.outputs.update-type == 'version-update:semver-minor') + || (fromJSON(env.ALLOW_MAJOR) && steps.metadata.outputs.update-type == 'version-update:semver-major') + ) + }} with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml index 14ccb213..1d74f957 100644 --- a/.github/workflows/lint-php-cs.yml +++ b/.github/workflows/lint-php-cs.yml @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: Set up php8.3 - uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # v2.37.2 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: 8.3 extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index c79b7966..78e5cb71 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -19,7 +19,7 @@ concurrency: jobs: php-lint: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-low strategy: matrix: php-versions: ['8.1', '8.2', '8.3', '8.4', '8.5'] @@ -33,7 +33,7 @@ jobs: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # v2.37.2 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: php-version: ${{ matrix.php-versions }} extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml index e82f4038..88c54da0 100644 --- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml +++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml @@ -27,7 +27,7 @@ jobs: if: github.actor == 'nextcloud-command' runs-on: ubuntu-latest-low permissions: - # for hmarr/auto-approve-action to approve PRs + # for auto-approve-action to approve PRs pull-requests: write # for alexwilson/enable-github-automerge-action to approve PRs contents: write @@ -44,15 +44,16 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} - # GitHub actions bot approve - - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 + - name: GitHub actions bot approve if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') - with: - github-token: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Enable GitHub auto merge - name: Auto merge - uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # v3.0.0 + uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # 3.0.0 if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp') with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml index eeada88f..e94c229a 100644 --- a/.github/workflows/update-nextcloud-ocp.yml +++ b/.github/workflows/update-nextcloud-ocp.yml @@ -21,30 +21,25 @@ jobs: update-nextcloud-ocp: runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - branches: - - ${{ github.event.repository.default_branch }} - - 'stable32' - - 'stable31' + # Only allowed to be run on nextcloud repositories + if: ${{ github.repository_owner == 'nextcloud' }} - name: update-nextcloud-ocp-${{ matrix.branches }} + name: update-nextcloud-ocp-main steps: - id: checkout uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - ref: ${{ matrix.branches }} + ref: main submodules: true continue-on-error: true - - name: Set up php8.2 + - name: Set up php8.3 if: steps.checkout.outcome == 'success' - uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # v2.37.2 + uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2 with: - php-version: 8.2 + php-version: 8.3 # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite coverage: none @@ -62,53 +57,39 @@ jobs: if: steps.checkout.outcome == 'success' run: composer install - - name: Composer update nextcloud/ocp # zizmor: ignore[template-injection] - id: update_branch - if: ${{ steps.checkout.outcome == 'success' && matrix.branches != 'main' }} - run: composer require --dev 'nextcloud/ocp:dev-${{ matrix.branches }}' - - - name: Raise on issue on failure - uses: dacbd/create-issue-action@cdb57ab6ff8862aa09fee2be6ba77a59581921c2 # v2.0.0 - if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_branch.conclusion == 'failure' }} + - name: Check composer bin for nextcloud/ocp exists + id: check_composer_bin + uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0 with: - token: ${{ secrets.GITHUB_TOKEN }} - title: 'Failed to update nextcloud/ocp package on branch ${{ matrix.branches }}' - body: 'Please check the output of the GitHub action and manually resolve the issues
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
${{ steps.codeowners.outputs.codeowners }}' + files: vendor-bin/nextcloud-ocp/composer.json - name: Composer update nextcloud/ocp - id: update_main - if: ${{ steps.checkout.outcome == 'success' && matrix.branches == 'main' }} - run: composer require --dev nextcloud/ocp:dev-master + id: update_branch + env: + USE_COMPOSER_BIN: ${{ steps.check_composer_bin.outputs.files_exists }} + BRANCH_NAME: main + run: | + COMPOSER_CMD='composer' + if [[ "$USE_COMPOSER_BIN" == 'true' ]]; then + COMPOSER_CMD='composer bin nextcloud-ocp' + fi + + PACKAGE_VERSION="nextcloud/ocp:dev-$BRANCH_NAME" + if [[ "$BRANCH_NAME" == 'main' ]]; then + PACKAGE_VERSION='nextcloud/ocp:dev-master' + fi + + echo $COMPOSER_CMD require --dev $PACKAGE_VERSION + $COMPOSER_CMD require --dev $PACKAGE_VERSION - name: Raise on issue on failure uses: dacbd/create-issue-action@cdb57ab6ff8862aa09fee2be6ba77a59581921c2 # v2.0.0 - if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_main.conclusion == 'failure' }} + if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_branch.conclusion == 'failure' }} with: token: ${{ secrets.GITHUB_TOKEN }} - title: 'Failed to update nextcloud/ocp package on branch ${{ matrix.branches }}' + title: 'Failed to update nextcloud/ocp package on branch main' body: 'Please check the output of the GitHub action and manually resolve the issues
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
${{ steps.codeowners.outputs.codeowners }}' - - name: Reset checkout 3rdparty - if: steps.checkout.outcome == 'success' - run: | - git clean -f 3rdparty - git checkout 3rdparty - continue-on-error: true - - - name: Reset checkout vendor - if: steps.checkout.outcome == 'success' - run: | - git clean -f vendor - git checkout vendor - continue-on-error: true - - - name: Reset checkout vendor-bin - if: steps.checkout.outcome == 'success' - run: | - git clean -f vendor-bin - git checkout vendor-bin - continue-on-error: true - - name: Create Pull Request if: steps.checkout.outcome == 'success' uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 @@ -118,8 +99,13 @@ jobs: committer: GitHub author: nextcloud-command signoff: true - branch: 'automated/noid/${{ matrix.branches }}-update-nextcloud-ocp' - title: '[${{ matrix.branches }}] Update nextcloud/ocp dependency' + branch: 'automated/noid/main-update-nextcloud-ocp' + title: '[main] Update nextcloud/ocp dependency' + add-path: | + composer.json + composer.lock + vendor-bin/nextcloud-ocp/composer.json + vendor-bin/nextcloud-ocp/composer.lock body: | Auto-generated update of [nextcloud/ocp](https://github.com/nextcloud-deps/ocp/) dependency labels: |