Skip to content

ci(actions): Update workflow templates #705

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nickvergessen wants to merge 4 commits into
base: master
Choose a base branch
from
Open

ci(actions): Update workflow templates #705

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
95631a9
ci(actions): Update workflow templates
nickvergessen Jan 26, 2026
8433c5c
ci(action): Readd env.APP_NAME
nickvergessen Jan 26, 2026
b1f00ac
fix: Run npm-package-lock-add-resolved
nickvergessen Jan 26, 2026
7f2f8d4
build(deps): Run npm audit fix
nickvergessen Jan 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
106 changes: 83 additions & 23 deletions .github/workflows/command-compile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,22 @@
# This workflow is provided via the organization template repository
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
#
# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT

name: Compile Command
on:
issue_comment:
types: [created]

permissions:
contents: read

jobs:
init:
runs-on: ubuntu-latest
runs-on: ubuntu-latest-low

# On pull requests and if the comment starts with `/compile`
if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/compile')
Expand All @@ -19,7 +30,7 @@ jobs:

steps:
- name: Get repository from pull request comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
id: get-repository
with:
github-token: ${{secrets.GITHUB_TOKEN}}
Expand All @@ -46,12 +57,12 @@ jobs:
require: write

- name: Add reaction on start
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: "+1"
reactions: '+1'

- name: Parse command
uses: skjnldsv/parse-command-comment@5c955203c52424151e6d0e58fb9de8a9f6a605a1 # v2
Expand All @@ -68,53 +79,98 @@ jobs:
fi

- name: Init branch
uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1
uses: xt0rted/pull-request-comment-branch@e8b8daa837e8ea7331c0003c9c316a64c6d8b0b1 # v3.0.0
id: comment-branch

- name: Add reaction on failure
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
if: failure()
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: '-1'

process:
runs-on: ubuntu-latest
needs: init

steps:
- name: Restore cached git repository
uses: buildjet/cache@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
with:
path: .git
key: git-repo

- name: Checkout ${{ needs.init.outputs.head_ref }}
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
# Needed to allow force push later
persist-credentials: true
token: ${{ secrets.COMMAND_BOT_PAT }}
fetch-depth: 0
ref: ${{ needs.init.outputs.head_ref }}

- name: Setup git
run: |
git config --local user.email "nextcloud-command@users.noreply.github.com"
git config --local user.name "nextcloud-command"
git config --local user.email 'nextcloud-command@users.noreply.github.com'
git config --local user.name 'nextcloud-command'

- name: Read package.json node and npm engines version
uses: skjnldsv/read-package-engines-version-actions@8205673bab74a63eb9b8093402fd9e0e018663a1 # v2.2
uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
id: package-engines-versions
with:
fallbackNode: '^20'
fallbackNpm: '^10'
fallbackNode: '^24'
fallbackNpm: '^11.3'

- name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v3
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
cache: npm

- name: Set up npm ${{ steps.package-engines-versions.outputs.npmVersion }}
run: npm i -g npm@"${{ steps.package-engines-versions.outputs.npmVersion }}"
run: npm i -g 'npm@${{ steps.package-engines-versions.outputs.npmVersion }}'

- name: Rebase to ${{ needs.init.outputs.base_ref }}
if: ${{ contains(needs.init.outputs.arg1, 'rebase') }}
run: |
git fetch origin ${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}
git rebase origin/${{ needs.init.outputs.base_ref }}
git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}'

# Start the rebase
git rebase 'origin/${{ needs.init.outputs.base_ref }}' || {
# Handle rebase conflicts in a loop
while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do
echo "Handling rebase conflict..."

# Remove and checkout /dist and /js folders from the base branch
if [ -d "dist" ]; then
rm -rf dist
git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch"
fi
if [ -d "js" ]; then
rm -rf js
git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch"
fi

# Stage all changes
git add .

# Check if there are any changes after resolving conflicts
if git diff --cached --quiet; then
echo "No changes after conflict resolution, skipping commit"
git rebase --skip
else
echo "Changes found, continuing rebase without editing commit message"
git -c core.editor=true rebase --continue
fi

# Break if rebase is complete
if [ ! -d .git/rebase-merge ] && [ ! -d .git/rebase-apply ]; then
break
fi
done
}

- name: Install dependencies & build
env:
Expand All @@ -127,36 +183,40 @@ jobs:
- name: Commit default
if: ${{ !contains(needs.init.outputs.arg1, 'fixup') && !contains(needs.init.outputs.arg1, 'amend') }}
run: |
git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}'
git commit --signoff -m 'chore(assets): Recompile assets'

- name: Commit fixup
if: ${{ contains(needs.init.outputs.arg1, 'fixup') }}
run: |
git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}'
git commit --fixup=HEAD --signoff

- name: Commit amend
if: ${{ contains(needs.init.outputs.arg1, 'amend') }}
run: |
git add ${{ github.workspace }}${{ needs.init.outputs.git_path }}
git add '${{ github.workspace }}${{ needs.init.outputs.git_path }}'
git commit --amend --no-edit --signoff
# Remove any [skip ci] from the amended commit
git commit --amend -m "$(git log -1 --format='%B' | sed '/\[skip ci\]/d')"

- name: Push normally
if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }}
run: git push origin ${{ needs.init.outputs.head_ref }}
env:
HEAD_REF: ${{ needs.init.outputs.head_ref }}
run: git push origin "$HEAD_REF"

- name: Force push
if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }}
run: git push --force origin ${{ needs.init.outputs.head_ref }}
env:
HEAD_REF: ${{ needs.init.outputs.head_ref }}
run: git push --force-with-lease origin "$HEAD_REF"

- name: Add reaction on failure
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
if: failure()
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: "-1"
reactions: '-1'
32 changes: 22 additions & 10 deletions .github/workflows/dependabot-approve-merge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,14 @@
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
#
# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT

name: Dependabot
name: Auto approve Dependabot PRs

on:
pull_request_target:
pull_request_target: # zizmor: ignore[dangerous-triggers]
branches:
- main
- master
Expand All @@ -21,11 +24,13 @@ concurrency:

jobs:
auto-approve-merge:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
runs-on: ubuntu-latest-low
permissions:
# for hmarr/auto-approve-action to approve PRs
pull-requests: write
# for alexwilson/enable-github-automerge-action to approve PRs
contents: write

steps:
- name: Disabled on forks
Expand All @@ -34,13 +39,20 @@ jobs:
echo 'Can not approve PRs from forks'
exit 1

# Github actions bot approve
- uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
- uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
id: branchname
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}

# GitHub actions bot approve
- uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

# Nextcloud bot approve and merge request
- uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2
# Enable GitHub auto merge
- name: Auto merge
uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0
if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
with:
target: minor
github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
9 changes: 6 additions & 3 deletions .github/workflows/fixup.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@
#
# https://github.com/nextcloud/.github
# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
#
# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT

name: Pull request checks
name: Block fixup and squash commits

on:
pull_request:
Expand All @@ -24,10 +27,10 @@ jobs:
pull-requests: write
name: Block fixup and squash commits

runs-on: ubuntu-latest
runs-on: ubuntu-latest-low

steps:
- name: Run check
uses: xt0rted/block-autosquash-commits-action@79880c36b4811fe549cfffe20233df88876024e7 # v2
uses: skjnldsv/block-fixup-merge-action@c138ea99e45e186567b64cf065ce90f7158c236a # v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
Loading
Loading