From 832d9b5ae6776854373883d3b2182bc62e282a4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Dec 2025 12:21:58 +0000 Subject: [PATCH 1/5] build(deps): bump actions/checkout in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codespell.yml | 2 +- .github/workflows/collabora.yml | 2 +- .github/workflows/community-containers.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/docker-lint.yml | 2 +- .github/workflows/helm-release.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/json-validator.yml | 2 +- .github/workflows/lint-helm.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/php-deprecation-detector.yml | 2 +- .github/workflows/playwright.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/twig-lint.yml | 2 +- .github/workflows/update-copyright.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- .github/workflows/watchtower-update.yml | 2 +- 22 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index c1bc4889..2bd4823a 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Check spelling uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2 with: diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index b39ca29b..816f57bf 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -10,7 +10,7 @@ jobs: name: update collabora runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run collabora-profile-update run: | rm -f php/cool-seccomp-profile.json diff --git a/.github/workflows/community-containers.yml b/.github/workflows/community-containers.yml index cd3a9530..7446677f 100644 --- a/.github/workflows/community-containers.yml +++ b/.github/workflows/community-containers.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Validate structure run: | CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)" diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 5eefc5e1..12a11f1f 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -10,7 +10,7 @@ jobs: name: Run dependency update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: php-version: 8.4 diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml index 0efebdbb..917df1d6 100644 --- a/.github/workflows/docker-lint.yml +++ b/.github/workflows/docker-lint.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Install hadolint run: | diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 1b083b64..b4c32778 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Turnstyle uses: softprops/turnstyle@2e4451ef94c5969eee533c487092052d4d1a53af # v2 diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 883ea66c..8b624e39 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -10,7 +10,7 @@ jobs: name: update to latest imaginary commit on master branch runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run imaginary-update run: | # Imaginary diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index d406e011..4cbd28ed 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Validate Json run: | sudo apt-get update diff --git a/.github/workflows/lint-helm.yml b/.github/workflows/lint-helm.yml index 1f7f2e72..7beec865 100644 --- a/.github/workflows/lint-helm.yml +++ b/.github/workflows/lint-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 with: fetch-depth: 0 diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index 9c74167a..0c5e2c74 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1 with: persist-credentials: false diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index eb083eed..d90d57e1 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -11,7 +11,7 @@ jobs: name: Run nextcloud-update script runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run nextcloud-update script run: | # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index ac6aa187..c8638683 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -16,7 +16,7 @@ jobs: name: PHP Deprecation Detector runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 with: diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index df791fe6..3919690b 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - uses: actions/setup-node@v6 with: diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index 91d41dfc..99ba4e32 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Set up php uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 8f7da955..bdae585e 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -32,7 +32,7 @@ jobs: name: static-psalm-analysis steps: - name: Checkout - uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5 # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5.0.1 with: persist-credentials: false diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 2c0fd697..86954033 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -15,7 +15,7 @@ jobs: name: Check Shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run Shellcheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 with: diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index 9636502b..689e7e7e 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -10,7 +10,7 @@ jobs: name: update talk runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run talk-container-update run: | # Recording diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 1c453505..7e9b5cdc 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2 diff --git a/.github/workflows/update-copyright.yml b/.github/workflows/update-copyright.yml index 353e5e9d..f7960ead 100644 --- a/.github/workflows/update-copyright.yml +++ b/.github/workflows/update-copyright.yml @@ -8,4 +8,4 @@ jobs: name: update copyright runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index c1452355..06555a90 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: update helm chart run: | set -x diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index a19f34aa..9d9affce 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6.0.0 + uses: actions/checkout@v6.0.1 - name: update yaml files run: | sudo bash manual-install/update-yaml.sh diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml index 9f126eb4..69b1b14e 100644 --- a/.github/workflows/watchtower-update.yml +++ b/.github/workflows/watchtower-update.yml @@ -10,7 +10,7 @@ jobs: name: update watchtower runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6.0.0 + - uses: actions/checkout@v6.0.1 - name: Run watchtower-container-update run: | # Watchtower From 0db006605aabd912e2a506419a1456eb370ffb35 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 3 Dec 2025 14:29:55 +0100 Subject: [PATCH 2/5] fix spacing Signed-off-by: Simon L. --- php/src/Controller/DockerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Controller/DockerController.php b/php/src/Controller/DockerController.php index 904af4a1..ef0d0702 100644 --- a/php/src/Controller/DockerController.php +++ b/php/src/Controller/DockerController.php @@ -115,7 +115,7 @@ readonly class DockerController { $this->PerformRecursiveContainerStart($id); } - private function listBackup() : void { + private function listBackup() : void { $this->configurationManager->SetBackupMode('list'); $id = 'nextcloud-aio-borgbackup'; From 22a784a3dea08775ab63639fe6ca24d06dc8ac49 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 17 Mar 2025 12:06:08 +0100 Subject: [PATCH 3/5] add workflow to lint github actions Signed-off-by: Simon L. --- .github/workflows/lint-yaml.yml | 39 +++++++++++++++++++++++++++++++++ zizmor.yml | 3 +++ 2 files changed, 42 insertions(+) create mode 100644 .github/workflows/lint-yaml.yml create mode 100644 zizmor.yml diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml new file mode 100644 index 00000000..658d8b52 --- /dev/null +++ b/.github/workflows/lint-yaml.yml @@ -0,0 +1,39 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization +# +# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: MIT + +name: Lint YAML + +on: pull_request + +permissions: + contents: read + +jobs: + yaml-lint: + runs-on: ubuntu-latest + + name: yaml + + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: GitHub action templates lint + uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1 + with: + file_or_dir: .github/workflows + config_data: | + line-length: warning + + - name: Install the latest version of uv + uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1 + + - name: Check GitHub actions + run: uvx zizmor --min-severity medium .github/workflows/*.yml diff --git a/zizmor.yml b/zizmor.yml new file mode 100644 index 00000000..ee110b08 --- /dev/null +++ b/zizmor.yml @@ -0,0 +1,3 @@ +rules: + excessive-permissions: + disable: true From d6e0d8b87d8b323d7dca477c0a503ef0d610e956 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 3 Dec 2025 18:29:22 +0100 Subject: [PATCH 4/5] run yaml lint only if yml files were changes Signed-off-by: Simon L. --- .github/workflows/lint-yaml.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index 658d8b52..c88f697e 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -8,7 +8,10 @@ name: Lint YAML -on: pull_request +on: + pull_request: + paths: + - '**.yml' permissions: contents: read From 36b18b8968e5915ea63190d7d5f35aa8df7fc378 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 4 Dec 2025 12:06:34 +0000 Subject: [PATCH 5/5] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 12545ac3..4e2cfaee 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -438,7 +438,7 @@ services: environment: - TZ=${TIMEZONE} - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS} - - bootstrap.memory_lock=true + - bootstrap.memory_lock=false - cluster.name=nextcloud-aio - discovery.type=single-node - logger.level=WARN