From e686271a7798097b7bdcbd29c28a2876893b8f2d Mon Sep 17 00:00:00 2001 From: TEK <37892846+m4xcrk@users.noreply.github.com> Date: Tue, 27 Jan 2026 11:43:24 +0545 Subject: [PATCH 1/8] Update code signing revocation list Signed-off-by: TEK <37892846+m4xcrk@users.noreply.github.com> --- .github/workflows/update-code-signing-crl.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/.github/workflows/update-code-signing-crl.yml b/.github/workflows/update-code-signing-crl.yml index c1746eab1b36d..de74b6c190a4a 100644 --- a/.github/workflows/update-code-signing-crl.yml +++ b/.github/workflows/update-code-signing-crl.yml @@ -7,8 +7,10 @@ on: schedule: - cron: "5 2 * * *" +# Allow the workflow to write files and create PRs permissions: - contents: read + contents: write + pull-requests: write jobs: update-code-signing-crl: @@ -17,19 +19,22 @@ jobs: strategy: fail-fast: false matrix: - branches: ['master', 'stable33', 'stable32', 'stable31', 'stable30', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22'] + branches: ['master', 'stable33', 'stable32', 'stable31', 'stable30', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22'] name: update-code-signing-crl-${{ matrix.branches }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@v4 with: persist-credentials: false ref: ${{ matrix.branches }} submodules: true + - name: Ensure resources directory exists + run: mkdir -p resources/codesigning + - name: Download CRL file from Appstore repository - run: curl --output resources/codesigning/root.crl https://raw.githubusercontent.com/nextcloud/appstore/master/nextcloudappstore/certificate/nextcloud.crl + run: curl --location --fail --output resources/codesigning/root.crl https://raw.githubusercontent.com/nextcloud/appstore/master/nextcloudappstore/certificate/nextcloud.crl - name: Verify CRL is from CRT run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout @@ -37,13 +42,13 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 with: - token: ${{ secrets.COMMAND_BOT_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} commit-message: 'fix(security): Update code signing revocation list' committer: GitHub author: nextcloud-command signoff: true - branch: 'automated/noid/${{ matrix.branches }}-update-code-signing-crl' - title: '[${{ matrix.branches }}] fix(security): Update code signing revocation list' + branch: "automated/noid/${{ matrix.branches }}-update-code-signing-crl" + title: "[${{ matrix.branches }}] fix(security): Update code signing revocation list" body: | Auto-generated update of code signing revocation list from [Appstore](https://github.com/nextcloud/appstore/commits/master/nextcloudappstore/certificate/nextcloud.crl) labels: | From 78edc38d3f7aef8d7aec8ca68187736659f15e7c Mon Sep 17 00:00:00 2001 From: TEK <37892846+m4xcrk@users.noreply.github.com> Date: Tue, 27 Jan 2026 11:47:05 +0545 Subject: [PATCH 2/8] Close stale issues Updated permissions for GITHUB_TOKEN and modified repo-token usage. Signed-off-by: TEK <37892846+m4xcrk@users.noreply.github.com> --- .github/workflows/stale.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index a67dc0d32ed2d..edbd1e6a51e55 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,8 +7,10 @@ on: schedule: - cron: "0 0 * * *" +# Give the GITHUB_TOKEN the necessary permissions permissions: contents: read + issues: write jobs: stale: @@ -16,13 +18,10 @@ jobs: if: ${{ github.repository_owner != 'nextcloud-gmbh' }} - permissions: - issues: write - steps: - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v9 with: - repo-token: ${{ secrets.COMMAND_BOT_PAT }} + repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: > This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. @@ -33,5 +32,3 @@ jobs: exempt-issue-labels: '1. to develop,2. developing,3. to review,4. to release,security' days-before-stale: 30 days-before-close: 14 - # debug-only: true - From d3ca67ae0ccc1ac33994421dfef6bf65a8de7f9e Mon Sep 17 00:00:00 2001 From: TEK <37892846+m4xcrk@users.noreply.github.com> Date: Tue, 27 Jan 2026 12:07:09 +0545 Subject: [PATCH 3/8] Npm audit fix and compile Signed-off-by: TEK <37892846+m4xcrk@users.noreply.github.com> From 2be03f6b65bdcdc441b6b5d0fb07575b1787ce0b Mon Sep 17 00:00:00 2001 From: TEK <37892846+m4xcrk@users.noreply.github.com> Date: Tue, 27 Jan 2026 12:15:58 +0545 Subject: [PATCH 4/8] phpunit-object-store-primary.yml Signed-off-by: TEK <37892846+m4xcrk@users.noreply.github.com> From 6126ac82032fe6ecbedf4e8c537696f58ee33906 Mon Sep 17 00:00:00 2001 From: TEK <37892846+m4xcrk@users.noreply.github.com> Date: Tue, 27 Jan 2026 12:40:48 +0545 Subject: [PATCH 5/8] update-cacert-bundle.yml Signed-off-by: TEK <37892846+m4xcrk@users.noreply.github.com> From 03bab5492bb4d5aa1015bd104093015d1755e74a Mon Sep 17 00:00:00 2001 From: TEK <37892846+m4xcrk@users.noreply.github.com> Date: Wed, 28 Jan 2026 10:28:12 +0545 Subject: [PATCH 6/8] update-code-signing-crl.yml Signed-off-by: TEK <37892846+m4xcrk@users.noreply.github.com> --- .github/workflows/update-code-signing-crl.yml | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/.github/workflows/update-code-signing-crl.yml b/.github/workflows/update-code-signing-crl.yml index de74b6c190a4a..c1746eab1b36d 100644 --- a/.github/workflows/update-code-signing-crl.yml +++ b/.github/workflows/update-code-signing-crl.yml @@ -7,10 +7,8 @@ on: schedule: - cron: "5 2 * * *" -# Allow the workflow to write files and create PRs permissions: - contents: write - pull-requests: write + contents: read jobs: update-code-signing-crl: @@ -19,22 +17,19 @@ jobs: strategy: fail-fast: false matrix: - branches: ['master', 'stable33', 'stable32', 'stable31', 'stable30', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22'] + branches: ['master', 'stable33', 'stable32', 'stable31', 'stable30', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22'] name: update-code-signing-crl-${{ matrix.branches }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false ref: ${{ matrix.branches }} submodules: true - - name: Ensure resources directory exists - run: mkdir -p resources/codesigning - - name: Download CRL file from Appstore repository - run: curl --location --fail --output resources/codesigning/root.crl https://raw.githubusercontent.com/nextcloud/appstore/master/nextcloudappstore/certificate/nextcloud.crl + run: curl --output resources/codesigning/root.crl https://raw.githubusercontent.com/nextcloud/appstore/master/nextcloudappstore/certificate/nextcloud.crl - name: Verify CRL is from CRT run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout @@ -42,13 +37,13 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(security): Update code signing revocation list' committer: GitHub author: nextcloud-command signoff: true - branch: "automated/noid/${{ matrix.branches }}-update-code-signing-crl" - title: "[${{ matrix.branches }}] fix(security): Update code signing revocation list" + branch: 'automated/noid/${{ matrix.branches }}-update-code-signing-crl' + title: '[${{ matrix.branches }}] fix(security): Update code signing revocation list' body: | Auto-generated update of code signing revocation list from [Appstore](https://github.com/nextcloud/appstore/commits/master/nextcloudappstore/certificate/nextcloud.crl) labels: | From 29200eefdb4000aa150e7e80af7f81054cc1ad18 Mon Sep 17 00:00:00 2001 From: TEK <37892846+m4xcrk@users.noreply.github.com> Date: Wed, 28 Jan 2026 10:29:59 +0545 Subject: [PATCH 7/8] update-cacert-bundle.yml Signed-off-by: TEK <37892846+m4xcrk@users.noreply.github.com> From 8de5ffda3071d28ae36311f374e26e06db85b903 Mon Sep 17 00:00:00 2001 From: TEK <37892846+m4xcrk@users.noreply.github.com> Date: Wed, 28 Jan 2026 10:34:38 +0545 Subject: [PATCH 8/8] phpunit-32bits.yml Signed-off-by: TEK <37892846+m4xcrk@users.noreply.github.com> --- .github/workflows/phpunit-32bits.yml | 46 +++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 7 deletions(-) diff --git a/.github/workflows/phpunit-32bits.yml b/.github/workflows/phpunit-32bits.yml index 17453968be013..f30ebabf3c894 100644 --- a/.github/workflows/phpunit-32bits.yml +++ b/.github/workflows/phpunit-32bits.yml @@ -1,5 +1,6 @@ # SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT + name: PHPUnit 32bits on: @@ -38,22 +39,53 @@ jobs: persist-credentials: false submodules: true - - name: Set up dependencies + - name: Install dependencies uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest with: args: /bin/sh -c " git config --global --add safe.directory /github/workspace && - composer install --no-interaction" + composer install --no-interaction --prefer-dist + " - - name: Set up Nextcloud + - name: Set up Nextcloud (SQLite in tmpfs) uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest with: args: /bin/sh -c " - mkdir data && - ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-user=autotest --database-pass=rootpassword --admin-user admin --admin-pass admin && - php -f tests/enable_all.php" + set -e + + echo '>> Preparing tmpfs SQLite database' + mkdir -p /dev/shm/nc-db data + export SQLITE_TMPDIR=/dev/shm + + echo '>> Installing Nextcloud' + ./occ maintenance:install \ + --verbose \ + --database=sqlite \ + --database-name=/dev/shm/nc-db/nextcloud.db \ + --database-user=autotest \ + --database-pass=rootpassword \ + --admin-user=admin \ + --admin-pass=admin + + echo '>> Disable SQLite WAL for stability' + php -r \" + \$db = new PDO('sqlite:/dev/shm/nc-db/nextcloud.db'); + \$db->exec('PRAGMA journal_mode=DELETE;'); + \" + + echo '>> Enabling all test apps' + php -f tests/enable_all.php + " - name: PHPUnit uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest with: - args: /bin/sh -c "composer run test -- --exclude-group PRIMARY-azure,PRIMARY-s3,PRIMARY-swift,Memcached,Redis,RoutingWeirdness" + args: /bin/sh -c " + composer run test -- \ + --exclude-group PRIMARY-azure \ + --exclude-group PRIMARY-s3 \ + --exclude-group PRIMARY-swift \ + --exclude-group Memcached \ + --exclude-group Redis \ + --exclude-group RoutingWeirdness + "