diff --git a/.github/workflows/block-unconventional-commits.yml b/.github/workflows/block-unconventional-commits.yml index 958a1ca2..f317d4b4 100644 --- a/.github/workflows/block-unconventional-commits.yml +++ b/.github/workflows/block-unconventional-commits.yml @@ -1,6 +1,6 @@ # This workflow is provided via the organization template repository # -# https://github.com/nextcloud/.github +# https://github.com/nextcloud-libraries/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # # SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors @@ -27,7 +27,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0 with: diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index 9e38f2be..2ce5d137 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -1,6 +1,6 @@ # This workflow is provided via the organization template repository # -# https://github.com/nextcloud/.github +# https://github.com/nextcloud-libraries/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors @@ -9,7 +9,7 @@ name: Dependabot on: - pull_request_target: + pull_request_target: # zizmor: ignore[dangerous-triggers] branches: - main - master @@ -24,7 +24,7 @@ concurrency: jobs: auto-approve-merge: - if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]' + if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]' runs-on: ubuntu-latest permissions: # for hmarr/auto-approve-action to approve PRs diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 28ce725a..1f260f84 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -1,6 +1,6 @@ # This workflow is provided via the organization template repository # -# https://github.com/nextcloud/.github +# https://github.com/nextcloud-libraries/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # # SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors @@ -13,36 +13,24 @@ on: release: types: [published] +permissions: + contents: write + jobs: build-and-deploy: runs-on: ubuntu-latest name: Build and deploy steps: - - name: Check actor permission level - # Only allow admin to deploy on release - if: github.event.release - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v2 - with: - require: write - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 - id: versions + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - fallbackNode: '^20' - fallbackNpm: '^10' + persist-credentials: false - - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + - name: Set up node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: ${{ steps.versions.outputs.nodeVersion }} - - - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + node-version-file: 'package.json' - name: Install dependencies & build env: diff --git a/.github/workflows/lint-eslint.yml b/.github/workflows/lint-eslint.yml index da92715c..9f071acb 100644 --- a/.github/workflows/lint-eslint.yml +++ b/.github/workflows/lint-eslint.yml @@ -1,6 +1,6 @@ # This workflow is provided via the organization template repository # -# https://github.com/nextcloud/.github +# https://github.com/nextcloud-libraries/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors @@ -18,57 +18,21 @@ concurrency: cancel-in-progress: true jobs: - changes: - runs-on: ubuntu-latest - - outputs: - src: ${{ steps.changes.outputs.src}} - - steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: changes - continue-on-error: true - with: - filters: | - src: - - '.github/workflows/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '.eslintrc.*' - - '.eslintignore' - - '**.js' - - '**.ts' - - '**.vue' - lint: runs-on: ubuntu-latest - needs: changes - if: needs.changes.outputs.src != 'false' - - name: NPM lint + name: eslint steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 - id: versions + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - fallbackNode: '^20' - fallbackNpm: '^10' + persist-credentials: false - - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 + - name: Set up node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: ${{ steps.versions.outputs.nodeVersion }} - - - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + node-version-file: 'package.json' - name: Install dependencies env: @@ -78,18 +42,3 @@ jobs: - name: Lint run: npm run lint - - summary: - permissions: - contents: none - runs-on: ubuntu-latest - needs: [changes, lint] - - if: always() - - # This is the summary, we just avoid to rename it so that branch protection rules still match - name: eslint - - steps: - - name: Summary status - run: if ${{ needs.changes.outputs.src != 'false' && needs.lint.result != 'success' }}; then exit 1; fi diff --git a/.github/workflows/node-test.yml b/.github/workflows/node-test.yml index 93f305f6..bf0b5577 100644 --- a/.github/workflows/node-test.yml +++ b/.github/workflows/node-test.yml @@ -1,6 +1,6 @@ # This workflow is provided via the organization template repository # -# https://github.com/nextcloud/.github +# https://github.com/nextcloud-libraries/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # # SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors @@ -24,55 +24,20 @@ concurrency: cancel-in-progress: true jobs: - changes: - runs-on: ubuntu-latest - - outputs: - src: ${{ steps.changes.outputs.src}} - - steps: - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: changes - continue-on-error: true - with: - filters: | - src: - - '.github/workflows/**' - - '__tests__/**' - - '__mocks__/**' - - 'src/**' - - 'appinfo/info.xml' - - 'package.json' - - 'package-lock.json' - - 'tsconfig.json' - - '**.js' - - '**.ts' - - '**.vue' - test: runs-on: ubuntu-latest - - needs: changes - if: needs.changes.outputs.src != 'false' + name: node-tests steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 - id: versions + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - fallbackNode: '^20' - fallbackNpm: '^10' + persist-credentials: false - - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + - name: Set up node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: ${{ steps.versions.outputs.nodeVersion }} - - - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + node-version-file: 'package.json' - name: Install dependencies & build env: @@ -88,20 +53,6 @@ jobs: run: npm run test:coverage --if-present - name: Collect coverage - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 + uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 with: files: ./coverage/lcov.info - - summary: - permissions: - contents: none - runs-on: ubuntu-latest - needs: [changes, test] - - if: always() - - name: test-summary - - steps: - - name: Summary status - run: if ${{ needs.changes.outputs.src != 'false' && needs.test.result != 'success' }}; then exit 1; fi diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index 3b9fa009..fa931885 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -1,6 +1,6 @@ # This workflow is provided via the organization template repository # -# https://github.com/nextcloud/.github +# https://github.com/nextcloud-libraries/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors @@ -19,31 +19,29 @@ permissions: jobs: publish: runs-on: ubuntu-latest - name: Build and publish to npm - steps: - - name: Check actor permission level - uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0 - with: - require: write + steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2 - id: versions + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - fallbackNode: '^20' - fallbackNpm: '^10' + persist-credentials: false - - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3 + - name: Set up node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: ${{ steps.versions.outputs.nodeVersion }} + node-version-file: 'package.json' - - name: Set up npm ${{ steps.versions.outputs.npmVersion }} - run: npm i -g npm@"${{ steps.versions.outputs.npmVersion }}" + - name: Check tag matches package.json + run: | + VERSION=$(node -p -e "require('./package.json').version") + GH_VERSION=$(echo "$GH_VERSION" | sed s,\^v,,) + if [ "$VERSION" != "$GH_VERSION" ]; then + echo "$VERSION does not match $GH_VERSION" + exit 1; + fi; + env: + GH_VERSION: ${{ github.event.release.tag_name }} - name: Install dependencies & build env: @@ -52,9 +50,24 @@ jobs: npm ci npm run build --if-present + - name: Fetch latest tag + id: latest-tag + run: | + TAG=$(gh release list \ + --exclude-drafts \ + --exclude-pre-releases \ + --json isLatest,tagName \ + --jq 'map(select(.isLatest == true))[].tagName' \ + -R ${{ github.repository }}) + echo "Latest tag is $TAG" + echo "LATEST_TAG=$TAG" >> $GITHUB_OUTPUT + env: + GH_TOKEN: ${{ github.token }} + - name: Publish run: | npm config set //registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN - npm publish + npm publish --tag $RELEASE_GROUP env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + RELEASE_GROUP: ${{ (contains(github.ref, 'rc') || contains(github.ref, 'beta') || contains(github.ref, 'alpha')) && 'next' || ((steps.latest-tag.outputs.LATEST_TAG != github.event.release.tag_name) && 'stable' || 'latest') }} diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index 031e80a8..63582ed5 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -1,6 +1,6 @@ # This workflow is provided via the organization template repository # -# https://github.com/nextcloud/.github +# https://github.com/nextcloud-libraries/.github # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization # SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. @@ -11,12 +11,17 @@ name: REUSE Compliance Check on: [pull_request] +permissions: + contents: read + jobs: reuse-compliance-check: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - - name: REUSE Compliance Check - uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4.0.0 + - name: REUSE Compliance Check + uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0