Merge remote-tracking branch 'upstream/master'

nextcloud · May 7, 2023 · 64ad7a4 · 64ad7a4
2 parents 04ede76 + 677f144
commit 64ad7a4
Show file tree

Hide file tree

Showing 72 changed files with 1,258 additions and 380 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -57,7 +57,7 @@ steps:
 
 services:
   - name: server-master
-    image: ghcr.io/nextcloud/continuous-integration-server:latest
+    image: ghcr.io/nextcloud/continuous-integration-shallow-server:latest
     commands:
       - apt-get update && apt-get install -y composer
       - /usr/local/bin/initnc.sh
@@ -154,7 +154,7 @@ steps:
 
 services:
   - name: server-stable
-    image: ghcr.io/nextcloud/continuous-integration-server:latest
+    image: ghcr.io/nextcloud/continuous-integration-shallow-server:latest
     environment:
       SERVER_VERSION: stable24
     commands:

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -22,15 +22,15 @@ jobs:
                         echo "::set-output name=branch::$GITHUB_HEAD_REF"
                         echo "::set-output name=pr::${{ github.event.pull_request.number }}"
                     fi
-            -   uses: actions/checkout@v3
-                with:
-                    repository: ${{ steps.get-vars.outputs.repo }}
-                    ref: ${{ steps.get-vars.outputs.branch }}
-            -   name: Set up JDK 11
-                uses: actions/setup-java@v3
-                with:
-                    distribution: "temurin"
-                    java-version: 11
+            - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+              with:
+                  repository: ${{ steps.get-vars.outputs.repo }}
+                  ref: ${{ steps.get-vars.outputs.branch }}
+            - name: Set up JDK 11
+              uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+              with:
+                  distribution: "temurin"
+                  java-version: 11
             -   name: Run analysis wrapper
                 run: |
                     mkdir -p $HOME/.gradle

diff --git a/.github/workflows/assemble.yml b/.github/workflows/assemble.yml
@@ -10,12 +10,12 @@ jobs:
     assemble:
         runs-on: ubuntu-latest
         steps:
-            -   uses: actions/checkout@v3
-            -   name: Set up JDK 11
-                uses: actions/setup-java@v3
-                with:
-                    distribution: "temurin"
-                    java-version: 11
+            - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+            - name: Set up JDK 11
+              uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+              with:
+                  distribution: "temurin"
+                  java-version: 11
             -   name: Setup JVM options
                 run: |
                     mkdir -p "$HOME/.gradle"

diff --git a/.github/workflows/autoApproveDependabot.yml b/.github/workflows/autoApproveDependabot.yml
@@ -1,15 +1,30 @@
-name: Dependabot
+# synced from @nextcloud/android-config
+name: Auto approve dependabot
+
 on:
   pull_request_target:
-    branches: [ master, stable-* ]
+    branches:
+      - main
+      - master
+      - stable-*
+
+permissions:
+  contents: read
+
+concurrency:
+  group: dependabot-approve-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
 
 jobs:
-  auto-merge:
+  auto-approve:
+    name: Auto approve dependabot
     runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    permissions:
+      # needed to approve the PR
+      pull-requests: write
+
     steps:
-      # Default github action approve
-      - uses: hmarr/[email protected]
-        if: github.ref == 'refs/heads/master' &&
-          (github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]')
+      - uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4 # v3.2.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/autoApproveSync.yml b/.github/workflows/autoApproveSync.yml
@@ -1,19 +1,29 @@
 # synced from @nextcloud/android-config
-name: Auto approve
+name: Auto approve sync
 on:
   pull_request_target:
     branches:
       - master
       - main
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - labeled
+
+concurrency:
+  group: sync-approve-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
 
 permissions:
   pull-requests: write
 
 jobs:
   auto-approve:
+    name: Auto approve sync
     runs-on: ubuntu-latest
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'sync') && github.actor == 'nextcloud-android-bot' }}
     steps:
-      - uses: hmarr/auto-approve-action@de8ae18c173c131e182d4adf2c874d8d2308a85b # v3.1.0
-        if: ${{ contains(github.event.pull_request.labels.*.name, 'sync') && github.actor == 'nextcloud-android-bot' }}
+      - uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4 # v3.2.1
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -14,12 +14,12 @@ jobs:
             matrix:
                 task: [ detekt, spotlessKotlinCheck, lint ]
         steps:
-            -   uses: actions/checkout@v3
-            -   name: Set up JDK 11
-                uses: actions/setup-java@v3
-                with:
-                    distribution: "temurin"
-                    java-version: 11
+            - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+            - name: Set up JDK 11
+              uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+              with:
+                  distribution: "temurin"
+                  java-version: 11
             -   name: Setup JVM options
                 run: |
                     mkdir -p "$HOME/.gradle"

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -26,24 +26,24 @@ jobs:
         language: [ 'java' ]
     steps:
       - name: Checkout repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: Set Swap Space
         uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # v1.0
         with:
           swap-size-gb: 10
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39
+        uses: github/codeql-action/init@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
         with:
           languages: ${{ matrix.language }}
       - name: Set up JDK
-        uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3.9.0
+        uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
         with:
           distribution: "temurin"
-          java-version: 11
+          java-version: 17
       - name: Assemble
         run: |
           mkdir -p "$HOME/.gradle"
           echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > "$HOME/.gradle/gradle.properties"
           ./gradlew assembleDebug
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39
+        uses: github/codeql-action/analyze@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
@@ -23,15 +23,15 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
           comment-id: ${{ github.event.comment.id }}
           reaction-type: "+1"
 
       - name: Checkout the latest code
-        uses: actions/checkout@v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           fetch-depth: 0
           token: ${{ secrets.COMMAND_BOT_PAT }}
@@ -42,7 +42,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@v3
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

diff --git a/.github/workflows/detectSnaphost.yml b/.github/workflows/detectSnaphost.yml
@@ -14,6 +14,6 @@ jobs:
         runs-on: ubuntu-latest
 
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
             - name: Detect SNAPSHOT
               run: scripts/analysis/detectSNAPSHOT.sh
diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
@@ -1,3 +1,4 @@
+# synced from @nextcloud/android-config
 name: "Validate Gradle Wrapper"
 on:
     pull_request:
@@ -13,5 +14,5 @@ jobs:
         name: "Validation"
         runs-on: ubuntu-latest
         steps:
-            - uses: actions/checkout@v3
-            - uses: gradle/wrapper-validation-action@v1
+            - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+            - uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b # v1.0.6
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,38 @@
+# synced from @nextcloud/android-config
+name: Scorecard supply-chain security
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: '32 23 * * 4'
+  push:
+    branches: [ "main", "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: false
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
+        with:
+          sarif_file: results.sarif
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -14,7 +14,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # v7.0.0
+      - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
         with:
           days-before-stale: 28
           days-before-close: 14

diff --git a/build.gradle b/build.gradle
@@ -1,7 +1,7 @@
 buildscript {
     ext {
-        kotlin_version = '1.7.22'
-        jacoco_version = '0.8.8'
+        kotlin_version = '1.8.21'
+        jacoco_version = '0.8.10'
     }
 }
 
@@ -16,7 +16,12 @@ subprojects {
     repositories {
         google()
         mavenCentral()
-        maven { url "https://jitpack.io" }
+        maven {
+            url "https://jitpack.io"
+            content {
+                includeGroup "com.github.bitfireAT"
+            }
+        }
     }
 }