From b1cea36dfa47ffcf3e631b274f702ca160322371 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 Jan 2026 11:30:59 +0100 Subject: [PATCH 01/11] add a workflow that blocks merging if a pre-release was published Signed-off-by: Simon L. --- .github/workflows/fail-on-prerelease.yml | 50 ++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/fail-on-prerelease.yml diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml new file mode 100644 index 00000000..5efbe242 --- /dev/null +++ b/.github/workflows/fail-on-prerelease.yml @@ -0,0 +1,50 @@ +name: Fail on prerelease + +on: + pull_request: + +permissions: + contents: read + +jobs: + check-latest-release: + runs-on: ubuntu-latest + steps: + - name: "Check latest published release isn't a prerelease" + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 + with: + script: | + const tags = await github.rest.repos.listTags({ + owner: context.repo.owner, + repo: context.repo.repo, + per_page: 1 + }); + + if (!tags.data || tags.data.length === 0) { + core.info('No tags found for this repository; skipping prerelease check.'); + return; + } + + const latestTag = tags.data[0].name; + core.info(`Latest tag found: ${latestTag}`); + + try { + const { data } = await github.rest.repos.getReleaseByTag({ + owner: context.repo.owner, + repo: context.repo.repo, + tag: latestTag + }); + + if (data.prerelease) { + core.setFailed(`Release for tag ${latestTag} (${data.tag_name}) is a prerelease. Blocking merges to main as we need to wait for the prerelease to become stable.`); + } else { + core.info(`Release for tag ${latestTag} (${data.tag_name}) is not a prerelease.`); + } + + } catch (err) { + if (err.status === 404) { + core.info(`No release found for tag ${latestTag}; skipping prerelease check.`); + } else { + throw err; + } + } From dae8102088335542bcb789bcd9fbfe5d9e085512 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 30 Jan 2026 15:00:48 +0100 Subject: [PATCH 02/11] rename name of workflow Signed-off-by: Simon L. --- .github/workflows/fail-on-prerelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml index 5efbe242..12a288bb 100644 --- a/.github/workflows/fail-on-prerelease.yml +++ b/.github/workflows/fail-on-prerelease.yml @@ -1,4 +1,4 @@ -name: Fail on prerelease +name: Block if prerelease is present on: pull_request: From 88b2121eaad9b47490f857ff26492054410f86e6 Mon Sep 17 00:00:00 2001 From: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Date: Sun, 1 Feb 2026 11:37:51 +0100 Subject: [PATCH 03/11] hotfix: Update Nextcloud integration URL for local AI Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> --- community-containers/local-ai/local-ai.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/local-ai/local-ai.json b/community-containers/local-ai/local-ai.json index fceb4394..e906b5a7 100644 --- a/community-containers/local-ai/local-ai.json +++ b/community-containers/local-ai/local-ai.json @@ -50,7 +50,7 @@ "nextcloud_exec_commands": [ "php /var/www/html/occ app:install integration_openai", "php /var/www/html/occ app:enable integration_openai", - "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080", + "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:10078", "php /var/www/html/occ config:app:set integration_openai api_key --value %LOCALAI_API_KEY%", "php /var/www/html/occ app:install assistant", "php /var/www/html/occ app:enable assistant" From cba66dec0b956ce10742f0285f6adf915795fbf8 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 2 Feb 2026 10:11:00 +0100 Subject: [PATCH 04/11] daily-backup.sh: continue with script if wasStartButtonClicked=true was found Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index d11f3e85..fd68e981 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -4,7 +4,7 @@ echo "Daily backup script has started" # Check if initial configuration has been done, otherwise this script should do nothing. CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json -if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE"; then +if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"; then echo "Initial configuration via AIO interface not done yet. Exiting..." exit 0 fi From 82cbbe1829b15dcf3884b33be739133127e8c364 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 2 Feb 2026 07:28:42 +0100 Subject: [PATCH 05/11] Wrap ConfigurationController#SetConfig into a "transaction" This avoids a lot of subsequent writes and reads from the file system, because now only commitTransaction() actually writes the config file. Signed-off-by: Pablo Zmdl Signed-off-by: Simon L. --- php/src/Controller/ConfigurationController.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/php/src/Controller/ConfigurationController.php b/php/src/Controller/ConfigurationController.php index bb55e10f..c40ee98c 100644 --- a/php/src/Controller/ConfigurationController.php +++ b/php/src/Controller/ConfigurationController.php @@ -17,6 +17,7 @@ readonly class ConfigurationController { public function SetConfig(Request $request, Response $response, array $args): Response { try { + $this->configurationManager->startTransaction(); if (isset($request->getParsedBody()['domain'])) { $domain = $request->getParsedBody()['domain'] ?? ''; $skipDomainValidation = isset($request->getParsedBody()['skip_domain_validation']); @@ -137,6 +138,8 @@ readonly class ConfigurationController { } catch (InvalidSettingConfigurationException $ex) { $response->getBody()->write($ex->getMessage()); return $response->withStatus(422); + } finally { + $this->configurationManager->commitTransaction(); } } } From cfff44954bcb19b968612ae70c603d97c99d0611 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 2 Feb 2026 10:28:57 +0100 Subject: [PATCH 06/11] increase version to 12.6.1 Signed-off-by: Simon L. --- php/templates/includes/aio-version.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig index 062985d4..1b62f917 100644 --- a/php/templates/includes/aio-version.twig +++ b/php/templates/includes/aio-version.twig @@ -1 +1 @@ -12.6.0 +12.6.1 From c84416df5df8f5efa41be0aadd57b93938914846 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 2 Feb 2026 11:06:08 +0100 Subject: [PATCH 07/11] fix daily-backup.sh edge case Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index fd68e981..cd6e54b3 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -4,7 +4,7 @@ echo "Daily backup script has started" # Check if initial configuration has been done, otherwise this script should do nothing. CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json -if ! [ -f "$CONFIG_FILE" ] || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"; then +if ! [ -f "$CONFIG_FILE" ] && (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then echo "Initial configuration via AIO interface not done yet. Exiting..." exit 0 fi From b8f594b09a2fa97e998ccd195cf4628f530d6972 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 2 Feb 2026 11:22:43 +0100 Subject: [PATCH 08/11] fix logic detail Signed-off-by: Simon L. --- Containers/mastercontainer/daily-backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/daily-backup.sh b/Containers/mastercontainer/daily-backup.sh index cd6e54b3..89ef3cd5 100644 --- a/Containers/mastercontainer/daily-backup.sh +++ b/Containers/mastercontainer/daily-backup.sh @@ -4,7 +4,7 @@ echo "Daily backup script has started" # Check if initial configuration has been done, otherwise this script should do nothing. CONFIG_FILE=/mnt/docker-aio-config/data/configuration.json -if ! [ -f "$CONFIG_FILE" ] && (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" || ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then +if ! [ -f "$CONFIG_FILE" ] || (! grep -q "wasStartButtonClicked.*1" "$CONFIG_FILE" && ! grep -q "wasStartButtonClicked.*true" "$CONFIG_FILE"); then echo "Initial configuration via AIO interface not done yet. Exiting..." exit 0 fi From e95f5cc590f162f2c3c9ac359b5961d1355aca9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 13:26:38 +0000 Subject: [PATCH 09/11] build(deps): bump actions/github-script in /.github/workflows Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.1 to 8.0.0. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/d7906e4ad0b1822421a7e6a35d5ca353c962f410...ed597411d8f924073f98dfc5c65a23a2325f34cd) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/fail-on-prerelease.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml index 12a288bb..a5b876c3 100644 --- a/.github/workflows/fail-on-prerelease.yml +++ b/.github/workflows/fail-on-prerelease.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Check latest published release isn't a prerelease" - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v6 with: script: | const tags = await github.rest.repos.listTags({ From a16c7e28c28c0e93718cc6a03cd6ae750e63f391 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Wed, 4 Feb 2026 23:11:04 +0100 Subject: [PATCH 10/11] Clean up pull request template Removed unnecessary lines from the pull request template. Signed-off-by: Simon L. --- .github/pull_request_template.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 0350cecc..5d1441b4 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -3,6 +3,3 @@ - - Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime. --> - -* Resolves: # -* [Sign-off message](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md) is added to all commits From 2df9b8af50fef909598dffc6342cf6ad581948b5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Feb 2026 12:07:10 +0000 Subject: [PATCH 11/11] build(deps): bump astral-sh/setup-uv in /.github/workflows Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.2.0 to 7.2.1. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/61cb8a9741eeb8a550a1b8544337180c0fc8476b...803947b9bd8e9f986429fa0c5a41c367cd732b41) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/lint-yaml.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index e36b8f4c..789ca0e0 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -36,7 +36,7 @@ jobs: line-length: warning - name: Install the latest version of uv - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 + uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 - name: Check GitHub actions run: uvx zizmor --min-severity medium .github/workflows/*.yml