diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml index 419f053c90..ec95ccbbf4 100644 --- a/.github/workflows/command-rebase.yml +++ b/.github/workflows/command-rebase.yml @@ -9,8 +9,8 @@ on: issue_comment: types: created -permissions: - contents: read +permissions: + contents: read jobs: rebase: @@ -23,7 +23,7 @@ jobs: steps: - name: Add reaction on start - uses: peter-evans/create-or-update-comment@v3 + uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1 with: token: ${{ secrets.COMMAND_BOT_PAT }} repository: ${{ github.event.repository.full_name }} @@ -31,18 +31,18 @@ jobs: reaction-type: "+1" - name: Checkout the latest code - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 token: ${{ secrets.COMMAND_BOT_PAT }} - name: Automatic Rebase - uses: cirrus-actions/rebase@1.8 + uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8 env: GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }} - name: Add reaction on failure - uses: peter-evans/create-or-update-comment@v3 + uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1 if: failure() with: token: ${{ secrets.COMMAND_BOT_PAT }} diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 78faa9a04e..9951547f76 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -15,22 +15,26 @@ on: permissions: contents: read +concurrency: + group: dependabot-approve-merge-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: auto-approve-merge: if: github.actor == 'dependabot[bot]' runs-on: ubuntu-latest permissions: # for hmarr/auto-approve-action to approve PRs - pull-requests: write + pull-requests: write steps: # Github actions bot approve - - uses: hmarr/auto-approve-action@v3 + - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@v2 + - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2 with: target: minor github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }} diff --git a/.github/workflows/fixup.yml b/.github/workflows/fixup.yml index 6092cc3a5f..9548d19f2d 100644 --- a/.github/workflows/fixup.yml +++ b/.github/workflows/fixup.yml @@ -3,18 +3,31 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -name: Pull request checks +name: Block fixup and squash commits -on: pull_request +on: + pull_request: + types: [opened, ready_for_review, reopened, synchronize] + +permissions: + contents: read + +concurrency: + group: fixup-${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: commit-message-check: + if: github.event.pull_request.draft == false + + permissions: + pull-requests: write name: Block fixup and squash commits runs-on: ubuntu-latest steps: - name: Run check - uses: xt0rted/block-autosquash-commits-action@v2 + uses: skjnldsv/block-fixup-merge-action@42d26e1b536ce61e5cf467d65fb76caf4aa85acf # v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index c5d5e693b0..508d713953 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -2,15 +2,31 @@ # # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization - -name: Lint - -on: pull_request +# +# Use lint-eslint together with lint-eslint-when-unrelated to make eslint a required check for GitHub actions +# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks + +name: Lint eslint + +on: + pull_request: + paths: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '.eslintrc.*' + - '.eslintignore' + - '**.js' + - '**.ts' + - '**.vue' permissions: contents: read -concurrency: +concurrency: group: lint-eslint-${{ github.head_ref || github.run_id }} cancel-in-progress: true @@ -22,17 +38,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v2 + uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/lint-stylelint.yml b/.github/workflows/lint-stylelint.yml index c8dbeb57e2..60cb63a560 100644 --- a/.github/workflows/lint-stylelint.yml +++ b/.github/workflows/lint-stylelint.yml @@ -3,14 +3,14 @@ # https://github.com/nextcloud/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization -name: Lint +name: Lint stylelint on: pull_request permissions: contents: read -concurrency: +concurrency: group: lint-stylelint-${{ github.head_ref || github.run_id }} cancel-in-progress: true @@ -22,17 +22,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v2 + uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 85fe925789..1774e0b271 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -7,6 +7,16 @@ name: Node on: pull_request: + paths: + - '.github/workflows/**' + - 'src/**' + - 'appinfo/info.xml' + - 'package.json' + - 'package-lock.json' + - 'tsconfig.json' + - '**.js' + - '**.ts' + - '**.vue' push: branches: - main @@ -16,6 +26,10 @@ on: permissions: contents: read +concurrency: + group: node-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + jobs: build: runs-on: ubuntu-latest @@ -23,17 +37,17 @@ jobs: name: node steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v2 + uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }} @@ -47,10 +61,11 @@ jobs: - name: Check webpack build changes run: | - bash -c "[[ ! \"`git status --porcelain `\" ]] || exit 1" + bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)" - name: Show changes on failure if: failure() run: | git status git --no-pager diff + exit 1 # make it red to grab attention diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index c2133a1ed0..b852ee4ccb 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -9,6 +9,9 @@ on: release: types: [published] +permissions: + contents: read + jobs: publish: runs-on: ubuntu-latest @@ -16,22 +19,22 @@ jobs: name: Build and publish to npm steps: - name: Check actor permission level - uses: skjnldsv/check-actor-permission@v2 + uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2.1 with: require: admin - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v2 + uses: skjnldsv/read-package-engines-version-actions@0ce2ed60f6df073a62a77c0a4958dd0fc68e32e7 # v2.1 id: versions with: - fallbackNode: '^12' - fallbackNpm: '^6' + fallbackNode: '^16' + fallbackNpm: '^7' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: ${{ steps.versions.outputs.nodeVersion }}