diff --git a/.github/workflows/create-psalm-container.yml b/.github/workflows/create-psalm-container.yml deleted file mode 100644 index 2f217c25..00000000 --- a/.github/workflows/create-psalm-container.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Create Psalm Container - -on: - workflow_dispatch: - schedule: - - cron: '5 4 * * *' - -jobs: - push_to_registry: - runs-on: ubuntu-latest - - name: Create Psalm Container - - permissions: - packages: write - contents: read - - steps: - - name: Check out the repo - run: | - git clone https://github.com/psalm/psalm-github-actions.git - - - name: Modify the Dockerfile - run: | - set -x - sed -i 's|FROM php:7.4-alpine|FROM php:8.2-alpine|' "psalm-github-actions/Dockerfile" - cat << APCU >> "psalm-github-actions/Dockerfile" - RUN mkdir -p /usr/src/php/ext/apcu && \ - curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \ - docker-php-ext-install apcu - APCU - - - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 - with: - registry: docker.pkg.github.com - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Log in to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build container image - uses: docker/build-push-action@v4 - with: - push: true - context: 'psalm-github-actions' - file: 'psalm-github-actions/Dockerfile' - tags: | - ghcr.io/nextcloud/all-in-one-psalm:latest diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml new file mode 100644 index 00000000..00549c4f --- /dev/null +++ b/.github/workflows/docker-lint.yml @@ -0,0 +1,53 @@ +name: Docker Lint + +on: + pull_request: + paths: + - 'Containers/**' + push: + branches: + - main + paths: + - 'Containers/**' + +permissions: + contents: read + +concurrency: + group: docker-lint-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + docker-lint: + runs-on: ubuntu-latest + + name: docker-lint + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install npm and dockerfilelint + run: | + sudo apt-get install nodejs npm -y + npm install -g dockerfilelint + wget https://github.com/replicatedhq/dockerfilelint/pull/184.patch -O /usr/local/lib/node_modules/dockerfilelint/184.patch + CURRENT_DIR=$PWD + cd /usr/local/lib/node_modules/dockerfilelint/ + git apply 184.patch + cd $CURRENT_DIR + cat << RULES > ./.dockerfilelintrc + rules: + sudo_usage: off + RULES + + - name: run lint + run: | + DOCKERFILES="$(find ./Containers -name Dockerfile)" + mapfile -t DOCKERFILES <<< "$DOCKERFILES" + for file in "${DOCKERFILES[@]}"; do + dockerfilelint "$file" --config ./ | tee -a ./dockerfilelint.log + done + if grep "^Issues: [0-9]" ./dockerfilelint.log; then + exit 1 + fi diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index eaf03553..c2c10b1c 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -2,9 +2,13 @@ name: Json Validator on: pull_request: + paths: + - '**.json' push: branches: - main + paths: + - '**.json' jobs: psalm: diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index bbace7f3..1f55fb06 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -7,11 +7,13 @@ name: Lint php on: pull_request: + paths: + - 'php/**' push: branches: - main - - master - - stable* + paths: + - 'php/**' permissions: contents: read diff --git a/.github/workflows/php-deprecation-detector.yml b/.github/workflows/php-deprecation-detector.yml index 7e4c625f..42cc6bc2 100644 --- a/.github/workflows/php-deprecation-detector.yml +++ b/.github/workflows/php-deprecation-detector.yml @@ -3,9 +3,13 @@ name: PHP Deprecation Detector on: pull_request: + paths: + - 'php/**' push: branches: - main + paths: + - 'php/**' jobs: psalm: diff --git a/.github/workflows/psalm-analysis.yml b/.github/workflows/psalm-analysis.yml deleted file mode 100644 index 6d367a52..00000000 --- a/.github/workflows/psalm-analysis.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Psalm Analysis - -on: - pull_request: - push: - branches: - - main - -jobs: - psalm: - name: Psalm - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up php8.2 - uses: shivammathur/setup-php@v2 - with: - php-version: 8.2 - extensions: apcu - coverage: none - - - name: Run script - run: | - set -x - cd php - composer global require vimeo/psalm --prefer-dist --no-progress --dev - composer install - composer run psalm diff --git a/.github/workflows/psalm-security.yml b/.github/workflows/psalm-security.yml deleted file mode 100644 index 1dd39fe8..00000000 --- a/.github/workflows/psalm-security.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Psalm Security Analysis - -on: - push: - branches: - - main - -jobs: - psalm: - name: Psalm - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - name: Psalm - uses: docker://ghcr.io/nextcloud/all-in-one-psalm - with: - relative_dir: php - security_analysis: true - composer_ignore_platform_reqs: false - report_file: results.sarif - - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: php/results.sarif diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml new file mode 100644 index 00000000..1d0a17bb --- /dev/null +++ b/.github/workflows/psalm.yml @@ -0,0 +1,49 @@ +# This workflow is provided via the organization template repository +# +# https://github.com/nextcloud/.github +# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization + +name: Static analysis + +on: + pull_request: + paths: + - 'php/**' + push: + branches: + - main + paths: + - 'php/**' + +concurrency: + group: psalm-${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + static-analysis: + runs-on: ubuntu-latest + + name: Nextcloud + steps: + - name: Checkout + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + - name: Set up php + uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2 + with: + php-version: 8.2 + extensions: apcu + coverage: none + ini-file: development + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Install dependencies + run: | + set -x + cd php + composer global require vimeo/psalm --prefer-dist --no-progress --dev + composer install + + - name: Run coding standards check + run: composer run psalm diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 3af43bb1..32848506 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -2,9 +2,13 @@ name: Shellcheck on: pull_request: + paths: + - '**.sh' push: branches: - main + paths: + - '**.sh' jobs: shellcheck: @@ -13,7 +17,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: Run Shellcheck - uses: ludeeus/action-shellcheck@2.0.0 + uses: ludeeus/action-shellcheck@v2 with: check_together: 'yes' env: diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml index 3cab05f8..27f09e47 100644 --- a/.github/workflows/twig-lint.yml +++ b/.github/workflows/twig-lint.yml @@ -2,9 +2,13 @@ name: Twig Lint on: pull_request: + paths: + - '**.twig' push: branches: - main + paths: + - '**.twig' permissions: contents: read @@ -16,10 +20,6 @@ concurrency: jobs: twig-lint: runs-on: ubuntu-latest - strategy: - matrix: - php-versions: ["8.2"] - name: twig-lint steps: @@ -29,7 +29,7 @@ jobs: - name: Set up php ${{ matrix.php-versions }} uses: shivammathur/setup-php@v2 with: - php-version: ${{ matrix.php-versions }} + php-version: 8.2 extensions: apcu coverage: none @@ -40,17 +40,3 @@ jobs: composer install chmod +x ./vendor/bin/twig-linter ./vendor/bin/twig-linter lint ./templates - - summary: - permissions: - contents: none - runs-on: ubuntu-latest - needs: twig-lint - - if: always() - - name: twig-lint-summary - - steps: - - name: Summary status - run: if ${{ needs.twig-lint.result != 'success' && needs.twig-lint.result != 'skipped' }}; then exit 1; fi