Browse Source
Merge pull request #53115 from nextcloud/ci/noid/more-action-hardening
feat/image-size-metadata
Kate
6 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with
12 additions and
7 deletions
-
.github/workflows/block-outdated-3rdparty.yml
-
.github/workflows/command-pull-3rdparty.yml
-
.github/workflows/generate-release-changelog.yml
|
|
|
@ -56,22 +56,24 @@ jobs: |
|
|
|
core.exportVariable('server_ref', match[0]); |
|
|
|
console.log('Setting server_ref to ' + match[0]); |
|
|
|
} else { |
|
|
|
console.log('Not based on master/main/stable*, so skipping freeze check'); |
|
|
|
console.log('Not based on master/main/stable*, so skipping outdated 3rdparty check'); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
- name: Last 3rdparty commit on target branch |
|
|
|
if: ${{ env.server_ref != '' }} |
|
|
|
id: target |
|
|
|
run: | |
|
|
|
echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ env.server_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT" |
|
|
|
|
|
|
|
- name: Compare if 3rdparty commits are different |
|
|
|
if: ${{ env.server_ref != '' }} |
|
|
|
run: | |
|
|
|
echo '3rdparty/ seems to not point to the last commit of the dedicated branch:' |
|
|
|
echo 'Branch has: ${{ steps.actual.outputs.commit }}' |
|
|
|
echo '${{ env.server_ref }} has: ${{ steps.target.outputs.commit }}' |
|
|
|
|
|
|
|
- name: Fail if 3rdparty commits are different |
|
|
|
if: ${{ steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }} |
|
|
|
if: ${{ env.server_ref != '' && steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }} |
|
|
|
run: | |
|
|
|
exit 1 |
|
|
|
@ -61,7 +61,7 @@ jobs: |
|
|
|
core.exportVariable('server_ref', match[0]); |
|
|
|
console.log('Setting server_ref to ' + match[0]); |
|
|
|
} else { |
|
|
|
console.log('Not based on master/main/stable*, so skipping freeze check'); |
|
|
|
console.log('Not based on master/main/stable*, so skipping pull 3rdparty command'); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
@ -50,8 +50,9 @@ jobs: |
|
|
|
PREVIOUS_TAG=$(echo "$TAGS" | grep -v 'rc\|beta\|alpha' | sed -n '2p') |
|
|
|
echo "CURRENT_TAG=$CURRENT_TAG" >> $GITHUB_ENV |
|
|
|
echo "PREVIOUS_TAG=$PREVIOUS_TAG" >> $GITHUB_ENV |
|
|
|
|
|
|
|
- name: Verify current tag |
|
|
|
|
|
|
|
# Since this action only runs on nextcloud-releases, ignoring is okay |
|
|
|
- name: Verify current tag # zizmor: ignore[template-injection] |
|
|
|
run: | |
|
|
|
if [ "${{ github.ref_name }}" != "${{ env.CURRENT_TAG }}" ]; then |
|
|
|
echo "Current tag does not match the release tag. Exiting." |
|
|
|
@ -71,7 +72,8 @@ jobs: |
|
|
|
run: | |
|
|
|
echo '{"username": "github-actions"}' > github_helper/credentials.json |
|
|
|
|
|
|
|
- name: Generate changelog between ${{ env.PREVIOUS_TAG }} and ${{ github.ref_name }} |
|
|
|
# Since this action only runs on nextcloud-releases, ignoring is okay |
|
|
|
- name: Generate changelog between ${{ env.PREVIOUS_TAG }} and ${{ github.ref_name }} # zizmor: ignore[template-injection] |
|
|
|
env: |
|
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
|
|
|
run: | |
|
|
|
@ -79,7 +81,8 @@ jobs: |
|
|
|
composer install |
|
|
|
php index.php generate:changelog --no-bots --format=forum server ${{ env.PREVIOUS_TAG }} ${{ github.ref_name }} > changelog.md |
|
|
|
|
|
|
|
- name: Set changelog to release |
|
|
|
# Since this action only runs on nextcloud-releases, ignoring is okay |
|
|
|
- name: Set changelog to release # zizmor: ignore[template-injection] |
|
|
|
env: |
|
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
|
|
|
run: | |
|
|
|
|
