diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml
index 2e2b6fec..76340acb 100644
--- a/.github/workflows/dependabot-approve-merge.yml
+++ b/.github/workflows/dependabot-approve-merge.yml
@@ -24,10 +24,17 @@ concurrency:
jobs:
auto-approve-merge:
- if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
+ if: github.event.pull_request.user.login == 'dependabot[bot]'
runs-on: ubuntu-latest-low
+ env:
+ # env variable for maintainers: 'true' allows to auto-merge 1.0.2 -> 2.0.0
+ ALLOW_MAJOR: false
+ # env variable for maintainers: 'true' allows to auto-merge 1.0.2 -> 1.1.0
+ ALLOW_MINOR: true
+ # env variable for maintainers: RegExp string to ignore some dependencies from auto-approve and auto-merge
+ IGNORE_PATTERN: ''
permissions:
- # for hmarr/auto-approve-action to approve PRs
+ # for auto-approve step to work
pull-requests: write
# for alexwilson/enable-github-automerge-action to approve PRs
contents: write
@@ -44,15 +51,51 @@ jobs:
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- # GitHub actions bot approve
- - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
- if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && contains(steps.branchname.outputs.branch, '/webrtc-adapter-') != true && contains(steps.branchname.outputs.branch, '/nextcloud/vue-') != true
+ - name: Dependabot metadata
+ id: metadata
+ if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
+ uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Check for ignored dependencies in the PR
+ id: validate
+ if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
+ env:
+ IGNORE_PATTERN: ${{ env.IGNORE_PATTERN }}
+ DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }}
+ run: |
+ if [[ -z ${IGNORE_PATTERN} ]]; then
+ echo "ignore=false" >> "$GITHUB_OUTPUT"
+ elif [[ -z ${DEPENDENCY_NAMES} ]]; then
+ echo "ignore=false" >> "$GITHUB_OUTPUT"
+ elif [[ ${DEPENDENCY_NAMES} =~ ${IGNORE_PATTERN} ]]; then
+ echo "ignore=true" >> "$GITHUB_OUTPUT"
+ fi
+
+ - name: GitHub actions bot approve
+ id: auto_approve
+ if: ${{
+ startsWith(steps.branchname.outputs.branch, 'dependabot/')
+ && steps.validate.outputs.ignore != 'true'
+ }}
+ run: gh pr review --approve "$PR_URL"
+ env:
+ PR_URL: ${{ github.event.pull_request.html_url }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
# Enable GitHub auto merge
- name: Auto merge
- uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # v3.0.0
- if: startsWith(steps.branchname.outputs.branch, 'dependabot/') && contains(steps.branchname.outputs.branch, '/webrtc-adapter-') != true && contains(steps.branchname.outputs.branch, '/nextcloud/vue-') != true
+ uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # 3.0.0
+ if: ${{
+ startsWith(steps.branchname.outputs.branch, 'dependabot/')
+ && steps.auto_approve.conclusion == 'success'
+ && (github.event.action == 'opened' || github.event.action == 'reopened')
+ && (
+ steps.metadata.outputs.update-type == 'version-update:semver-patch'
+ || (fromJSON(env.ALLOW_MINOR) && steps.metadata.outputs.update-type == 'version-update:semver-minor')
+ || (fromJSON(env.ALLOW_MAJOR) && steps.metadata.outputs.update-type == 'version-update:semver-major')
+ )
+ }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/lint-php-cs.yml b/.github/workflows/lint-php-cs.yml
index 14ccb213..1d74f957 100644
--- a/.github/workflows/lint-php-cs.yml
+++ b/.github/workflows/lint-php-cs.yml
@@ -30,7 +30,7 @@ jobs:
persist-credentials: false
- name: Set up php8.3
- uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # v2.37.2
+ uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2
with:
php-version: 8.3
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml
index c79b7966..78e5cb71 100644
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -19,7 +19,7 @@ concurrency:
jobs:
php-lint:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-latest-low
strategy:
matrix:
php-versions: ['8.1', '8.2', '8.3', '8.4', '8.5']
@@ -33,7 +33,7 @@ jobs:
persist-credentials: false
- name: Set up php ${{ matrix.php-versions }}
- uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # v2.37.2
+ uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2
with:
php-version: ${{ matrix.php-versions }}
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
diff --git a/.github/workflows/update-nextcloud-ocp-approve-merge.yml b/.github/workflows/update-nextcloud-ocp-approve-merge.yml
index e82f4038..88c54da0 100644
--- a/.github/workflows/update-nextcloud-ocp-approve-merge.yml
+++ b/.github/workflows/update-nextcloud-ocp-approve-merge.yml
@@ -27,7 +27,7 @@ jobs:
if: github.actor == 'nextcloud-command'
runs-on: ubuntu-latest-low
permissions:
- # for hmarr/auto-approve-action to approve PRs
+ # for auto-approve-action to approve PRs
pull-requests: write
# for alexwilson/enable-github-automerge-action to approve PRs
contents: write
@@ -44,15 +44,16 @@ jobs:
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- # GitHub actions bot approve
- - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
+ - name: GitHub actions bot approve
if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp')
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
+ run: gh pr review --approve "$PR_URL"
+ env:
+ PR_URL: ${{ github.event.pull_request.html_url }}
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Enable GitHub auto merge
- name: Auto merge
- uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # v3.0.0
+ uses: alexwilson/enable-github-automerge-action@2c32e18a76e0726ffe7a573bfff2d42a20885126 # 3.0.0
if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-nextcloud-ocp')
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/update-nextcloud-ocp.yml b/.github/workflows/update-nextcloud-ocp.yml
index eeada88f..e94c229a 100644
--- a/.github/workflows/update-nextcloud-ocp.yml
+++ b/.github/workflows/update-nextcloud-ocp.yml
@@ -21,30 +21,25 @@ jobs:
update-nextcloud-ocp:
runs-on: ubuntu-latest
- strategy:
- fail-fast: false
- matrix:
- branches:
- - ${{ github.event.repository.default_branch }}
- - 'stable32'
- - 'stable31'
+ # Only allowed to be run on nextcloud repositories
+ if: ${{ github.repository_owner == 'nextcloud' }}
- name: update-nextcloud-ocp-${{ matrix.branches }}
+ name: update-nextcloud-ocp-main
steps:
- id: checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- ref: ${{ matrix.branches }}
+ ref: main
submodules: true
continue-on-error: true
- - name: Set up php8.2
+ - name: Set up php8.3
if: steps.checkout.outcome == 'success'
- uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # v2.37.2
+ uses: shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240 # 2.37.2
with:
- php-version: 8.2
+ php-version: 8.3
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
coverage: none
@@ -62,53 +57,39 @@ jobs:
if: steps.checkout.outcome == 'success'
run: composer install
- - name: Composer update nextcloud/ocp # zizmor: ignore[template-injection]
- id: update_branch
- if: ${{ steps.checkout.outcome == 'success' && matrix.branches != 'main' }}
- run: composer require --dev 'nextcloud/ocp:dev-${{ matrix.branches }}'
-
- - name: Raise on issue on failure
- uses: dacbd/create-issue-action@cdb57ab6ff8862aa09fee2be6ba77a59581921c2 # v2.0.0
- if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_branch.conclusion == 'failure' }}
+ - name: Check composer bin for nextcloud/ocp exists
+ id: check_composer_bin
+ uses: andstor/file-existence-action@558493d6c74bf472d87c84eab196434afc2fa029 # v3.1.0
with:
- token: ${{ secrets.GITHUB_TOKEN }}
- title: 'Failed to update nextcloud/ocp package on branch ${{ matrix.branches }}'
- body: 'Please check the output of the GitHub action and manually resolve the issues
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
${{ steps.codeowners.outputs.codeowners }}'
+ files: vendor-bin/nextcloud-ocp/composer.json
- name: Composer update nextcloud/ocp
- id: update_main
- if: ${{ steps.checkout.outcome == 'success' && matrix.branches == 'main' }}
- run: composer require --dev nextcloud/ocp:dev-master
+ id: update_branch
+ env:
+ USE_COMPOSER_BIN: ${{ steps.check_composer_bin.outputs.files_exists }}
+ BRANCH_NAME: main
+ run: |
+ COMPOSER_CMD='composer'
+ if [[ "$USE_COMPOSER_BIN" == 'true' ]]; then
+ COMPOSER_CMD='composer bin nextcloud-ocp'
+ fi
+
+ PACKAGE_VERSION="nextcloud/ocp:dev-$BRANCH_NAME"
+ if [[ "$BRANCH_NAME" == 'main' ]]; then
+ PACKAGE_VERSION='nextcloud/ocp:dev-master'
+ fi
+
+ echo $COMPOSER_CMD require --dev $PACKAGE_VERSION
+ $COMPOSER_CMD require --dev $PACKAGE_VERSION
- name: Raise on issue on failure
uses: dacbd/create-issue-action@cdb57ab6ff8862aa09fee2be6ba77a59581921c2 # v2.0.0
- if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_main.conclusion == 'failure' }}
+ if: ${{ steps.checkout.outcome == 'success' && failure() && steps.update_branch.conclusion == 'failure' }}
with:
token: ${{ secrets.GITHUB_TOKEN }}
- title: 'Failed to update nextcloud/ocp package on branch ${{ matrix.branches }}'
+ title: 'Failed to update nextcloud/ocp package on branch main'
body: 'Please check the output of the GitHub action and manually resolve the issues
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
${{ steps.codeowners.outputs.codeowners }}'
- - name: Reset checkout 3rdparty
- if: steps.checkout.outcome == 'success'
- run: |
- git clean -f 3rdparty
- git checkout 3rdparty
- continue-on-error: true
-
- - name: Reset checkout vendor
- if: steps.checkout.outcome == 'success'
- run: |
- git clean -f vendor
- git checkout vendor
- continue-on-error: true
-
- - name: Reset checkout vendor-bin
- if: steps.checkout.outcome == 'success'
- run: |
- git clean -f vendor-bin
- git checkout vendor-bin
- continue-on-error: true
-
- name: Create Pull Request
if: steps.checkout.outcome == 'success'
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
@@ -118,8 +99,13 @@ jobs:
committer: GitHub
author: nextcloud-command
signoff: true
- branch: 'automated/noid/${{ matrix.branches }}-update-nextcloud-ocp'
- title: '[${{ matrix.branches }}] Update nextcloud/ocp dependency'
+ branch: 'automated/noid/main-update-nextcloud-ocp'
+ title: '[main] Update nextcloud/ocp dependency'
+ add-path: |
+ composer.json
+ composer.lock
+ vendor-bin/nextcloud-ocp/composer.json
+ vendor-bin/nextcloud-ocp/composer.lock
body: |
Auto-generated update of [nextcloud/ocp](https://github.com/nextcloud-deps/ocp/) dependency
labels: |