Skip to content

Commit 8b92f69

Browse files
ci(gh): Sync actions
Signed-off-by: Andy Scherzinger <[email protected]>
1 parent 8cf03bd commit 8b92f69

32 files changed

+111
-42
lines changed

.github/workflows/block-unconventional-commits.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@ jobs:
2828
steps:
2929
- name: Checkout
3030
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
31+
with:
32+
persist-credentials: false
3133

3234
- uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0
3335
with:

.github/workflows/command-compile.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ on:
1111
issue_comment:
1212
types: [created]
1313

14+
permissions:
15+
contents: read
16+
1417
jobs:
1518
init:
1619
runs-on: ubuntu-latest
@@ -102,6 +105,7 @@ jobs:
102105
- name: Checkout ${{ needs.init.outputs.head_ref }}
103106
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
104107
with:
108+
# Needed to allow force push later
105109
persist-credentials: true
106110
token: ${{ secrets.COMMAND_BOT_PAT }}
107111
fetch-depth: 0

.github/workflows/cypress.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,16 @@ env:
1818
# Adjust APP_NAME if your repository name is different
1919
APP_NAME: ${{ github.event.repository.name }}
2020

21-
# Server requires head_ref instead of base_ref, as we want to test the PR branch
21+
# This represents the server branch to checkout.
22+
# Usually it's the base branch of the PR, but for pushes it's the branch itself.
23+
# e.g. 'main', 'stable27' or 'feature/my-feature'
24+
# n.b. server will use head_ref, as we want to test the PR branch.
2225
BRANCH: ${{ github.head_ref || github.ref_name }}
2326

27+
28+
permissions:
29+
contents: read
30+
2431
jobs:
2532
init:
2633
runs-on: ubuntu-latest
@@ -43,6 +50,7 @@ jobs:
4350
- name: Checkout server
4451
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4552
with:
53+
persist-credentials: false
4654
# We need to checkout submodules for 3rdparty
4755
submodules: true
4856

@@ -80,7 +88,7 @@ jobs:
8088
run: npm run cypress:version
8189

8290
- name: Save context
83-
uses: buildjet/cache/save@v4
91+
uses: buildjet/cache/save@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
8492
with:
8593
key: cypress-context-${{ github.run_id }}
8694
path: ./
@@ -148,7 +156,7 @@ jobs:
148156

149157
steps:
150158
- name: Restore context
151-
uses: buildjet/cache/restore@v4
159+
uses: buildjet/cache/restore@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
152160
with:
153161
fail-on-cache-miss: true
154162
key: cypress-context-${{ github.run_id }}

.github/workflows/dependabot-approve-merge.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
name: Dependabot
1010

1111
on:
12-
pull_request_target:
12+
pull_request_target: # zizmor: ignore[dangerous-triggers]
1313
branches:
1414
- main
1515
- master
@@ -24,7 +24,7 @@ concurrency:
2424

2525
jobs:
2626
auto-approve-merge:
27-
if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
27+
if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
2828
runs-on: ubuntu-latest-low
2929
permissions:
3030
# for hmarr/auto-approve-action to approve PRs

.github/workflows/files-external-ftp.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ jobs:
101101

102102
- name: Upload code coverage
103103
if: ${{ !cancelled() && matrix.coverage }}
104-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
104+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
105105
with:
106106
files: ./clover.xml
107107
flags: phpunit-files-external-ftp

.github/workflows/files-external-s3.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ jobs:
9999

100100
- name: Upload code coverage
101101
if: ${{ !cancelled() && matrix.coverage }}
102-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
102+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
103103
with:
104104
files: ./clover.xml
105105
flags: phpunit-files-external-s3
@@ -173,7 +173,7 @@ jobs:
173173

174174
- name: Upload code coverage
175175
if: ${{ !cancelled() && matrix.coverage }}
176-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
176+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
177177
with:
178178
files: ./clover.xml
179179
flags: phpunit-files-external-s3

.github/workflows/files-external-sftp.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ jobs:
9090

9191
- name: Upload code coverage
9292
if: ${{ !cancelled() && matrix.coverage }}
93-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
93+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
9494
with:
9595
files: ./clover.xml
9696
flags: phpunit-files-external-sftp

.github/workflows/files-external-smb.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ jobs:
9595

9696
- name: Upload code coverage
9797
if: ${{ !cancelled() && matrix.coverage }}
98-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
98+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
9999
with:
100100
files: ./clover.xml
101101
flags: phpunit-files-external-smb

.github/workflows/files-external-webdav.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ jobs:
9292

9393
- name: Upload code coverage
9494
if: ${{ !cancelled() && matrix.coverage }}
95-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
95+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
9696
with:
9797
files: ./clover.xml
9898
flags: phpunit-files-external-webdav

.github/workflows/files-external.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ jobs:
8080

8181
- name: Upload code coverage
8282
if: ${{ !cancelled() && matrix.coverage }}
83-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
83+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
8484
with:
8585
files: ./clover.xml
8686
flags: phpunit-files-external-generic

.github/workflows/lint-eslint.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,9 @@ concurrency:
2020
jobs:
2121
changes:
2222
runs-on: ubuntu-latest-low
23+
permissions:
24+
contents: read
25+
pull-requests: read
2326

2427
outputs:
2528
src: ${{ steps.changes.outputs.src}}
@@ -54,6 +57,8 @@ jobs:
5457
steps:
5558
- name: Checkout
5659
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
60+
with:
61+
persist-credentials: false
5762

5863
- name: Read package.json node and npm engines version
5964
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -63,7 +68,7 @@ jobs:
6368
fallbackNpm: '^10'
6469

6570
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
66-
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v3
71+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
6772
with:
6873
node-version: ${{ steps.versions.outputs.nodeVersion }}
6974

.github/workflows/lint-php-cs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ jobs:
5151
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
5252

5353
- name: Set up php8.1
54-
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
54+
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
5555
with:
5656
php-version: 8.1
5757
extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite

.github/workflows/lint-php.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,9 +54,11 @@ jobs:
5454
steps:
5555
- name: Checkout
5656
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
57+
with:
58+
persist-credentials: false
5759

5860
- name: Set up php ${{ matrix.php-versions }}
59-
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
61+
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
6062
with:
6163
php-version: ${{ matrix.php-versions }}
6264
coverage: none

.github/workflows/lint-stylelint.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ jobs:
2626
steps:
2727
- name: Checkout
2828
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
29+
with:
30+
persist-credentials: false
2931

3032
- name: Read package.json node and npm engines version
3133
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3

.github/workflows/node-test.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ concurrency:
2323
jobs:
2424
changes:
2525
runs-on: ubuntu-latest-low
26+
permissions:
27+
contents: read
28+
pull-requests: read
2629

2730
outputs:
2831
src: ${{ steps.changes.outputs.src}}
@@ -60,6 +63,8 @@ jobs:
6063
steps:
6164
- name: Checkout
6265
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
66+
with:
67+
persist-credentials: false
6368

6469
- name: Read package.json node and npm engines version
6570
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -99,7 +104,7 @@ jobs:
99104
run: npm run test:coverage --if-present
100105

101106
- name: Collect coverage
102-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
107+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
103108
with:
104109
files: ./coverage/lcov.info
105110

.github/workflows/node.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,9 @@ concurrency:
2020
jobs:
2121
changes:
2222
runs-on: ubuntu-latest-low
23+
permissions:
24+
contents: read
25+
pull-requests: read
2326

2427
outputs:
2528
src: ${{ steps.changes.outputs.src}}
@@ -54,6 +57,8 @@ jobs:
5457
steps:
5558
- name: Checkout
5659
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
60+
with:
61+
persist-credentials: false
5762

5863
- name: Read package.json node and npm engines version
5964
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -63,7 +68,7 @@ jobs:
6368
fallbackNpm: '^10'
6469

6570
- name: Set up node ${{ steps.versions.outputs.nodeVersion }}
66-
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v3
71+
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
6772
with:
6873
node-version: ${{ steps.versions.outputs.nodeVersion }}
6974

.github/workflows/npm-audit-fix.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
strategy:
2525
fail-fast: false
2626
matrix:
27-
branches: ['main', 'master', 'stable31', 'stable30', 'stable29']
27+
branches: ['main', 'master', 'stable31', 'stable30']
2828

2929
name: npm-audit-fix-${{ matrix.branches }}
3030

.github/workflows/object-storage-azure.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ jobs:
105105

106106
- name: Upload code coverage
107107
if: ${{ !cancelled() && matrix.coverage }}
108-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
108+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
109109
with:
110110
files: ./clover.xml
111111
flags: phpunit-azure

.github/workflows/object-storage-s3.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ jobs:
111111

112112
- name: Upload code coverage
113113
if: ${{ !cancelled() && matrix.coverage }}
114-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
114+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
115115
with:
116116
files: ./clover.xml
117117
flags: phpunit-s3

.github/workflows/object-storage-swift.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ jobs:
101101

102102
- name: Upload code coverage
103103
if: ${{ !cancelled() && matrix.coverage }}
104-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
104+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
105105
with:
106106
files: ./clover.xml
107107
flags: phpunit-swift

.github/workflows/openapi.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,9 +27,11 @@ jobs:
2727
steps:
2828
- name: Checkout
2929
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
30+
with:
31+
persist-credentials: false
3032

3133
- name: Set up php
32-
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
34+
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
3335
with:
3436
php-version: '8.1'
3537
extensions: ctype, curl, dom, fileinfo, gd, json, libxml, mbstring, openssl, pcntl, pdo, posix, session, simplexml, xml, xmlreader, xmlwriter, zip, zlib

.github/workflows/phpunit-mariadb.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,9 @@ concurrency:
2323
jobs:
2424
changes:
2525
runs-on: ubuntu-latest-low
26+
permissions:
27+
contents: read
28+
pull-requests: read
2629

2730
outputs:
2831
src: ${{ steps.changes.outputs.src}}
@@ -88,10 +91,11 @@ jobs:
8891
- name: Checkout server
8992
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
9093
with:
94+
persist-credentials: false
9195
submodules: true
9296

9397
- name: Set up php ${{ matrix.php-versions }}
94-
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a #v2.33.0
98+
uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
9599
with:
96100
php-version: ${{ matrix.php-versions }}
97101
# https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -124,7 +128,7 @@ jobs:
124128

125129
- name: Upload db code coverage
126130
if: ${{ !cancelled() && matrix.coverage }}
127-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
131+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
128132
with:
129133
files: ./clover.db.xml
130134
flags: phpunit-mariadb

.github/workflows/phpunit-memcached.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ jobs:
101101

102102
- name: Upload code coverage
103103
if: ${{ !cancelled() && matrix.coverage }}
104-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
104+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
105105
with:
106106
files: ./clover.xml
107107
flags: phpunit-memcached

.github/workflows/phpunit-mysql-sharding.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ jobs:
159159

160160
- name: Upload db code coverage
161161
if: ${{ !cancelled() && matrix.coverage }}
162-
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
162+
uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
163163
with:
164164
files: ./clover.db.xml
165165
flags: phpunit-mysql

0 commit comments

Comments
 (0)