Merge remote-tracking branch 'upstream/master'

nextcloud · May 7, 2023 · d3e61c0 · d3e61c0
2 parents 9074d83 + 8614c62
commit d3e61c0
Show file tree

Hide file tree

Showing 453 changed files with 2,854 additions and 1,349 deletions.
diff --git a/.codecov.yml b/.codecov.yml
@@ -2,6 +2,8 @@ codecov:
   branch: master
   ci:
     - drone.nextcloud.com
+  notify:
+    after_n_builds: 2
 
 coverage:
   precision: 2
@@ -15,6 +17,8 @@ coverage:
 comment:
   layout: "header, diff, changes, uncovered, tree"
   behavior: default
+  require_changes: true
+  after_n_builds: 2
 
 github_checks:
     annotations: false

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -28,12 +28,12 @@ jobs:
                         echo "::set-output name=pr::${{ github.event.pull_request.number }}"
                         echo "::set-output name=repo::${{ github.event.pull_request.head.repo.full_name }}"
                     fi
-            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
+            -   uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
                 with:
                     repository: ${{ steps.get-vars.outputs.repo }}
                     ref: ${{ steps.get-vars.outputs.branch }}
             -   name: Set up JDK 11
-                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
+                uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3
                 with:
                     distribution: "temurin"
                     java-version: 11

diff --git a/.github/workflows/assembleFlavors.yml b/.github/workflows/assembleFlavors.yml
@@ -15,9 +15,9 @@ jobs:
             matrix:
                 flavor: [ Generic, Gplay, Huawei ]
         steps:
-            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
+            -   uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
             -   name: set up JDK 11
-                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
+                uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3
                 with:
                     distribution: "temurin"
                     java-version: 11

diff --git a/.github/workflows/autoApproveDependabot.yml b/.github/workflows/autoApproveDependabot.yml
@@ -1,16 +1,30 @@
-name: Auto approve
+# synced from @nextcloud/android-config
+name: Auto approve dependabot
+
 on:
-    pull_request_target:
-        branches: [ master, stable-* ]
+  pull_request_target:
+    branches:
+      - main
+      - master
+      - stable-*
 
 permissions:
-    pull-requests: write
+  contents: read
+
+concurrency:
+  group: dependabot-approve-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
 
 jobs:
-    auto-approve:
-        runs-on: ubuntu-latest
-        steps:
-            -   uses: hmarr/auto-approve-action@de8ae18c173c131e182d4adf2c874d8d2308a85b # v3.1.0
-                if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
-                with:
-                    github-token: "${{ secrets.GITHUB_TOKEN }}"
+  auto-approve:
+    name: Auto approve dependabot
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    permissions:
+      # needed to approve the PR
+      pull-requests: write
+
+    steps:
+      - uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4 # v3.2.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/autoApproveSync.yml b/.github/workflows/autoApproveSync.yml
@@ -1,19 +1,29 @@
 # synced from @nextcloud/android-config
-name: Auto approve
+name: Auto approve sync
 on:
   pull_request_target:
     branches:
       - master
       - main
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - labeled
+
+concurrency:
+  group: sync-approve-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
 
 permissions:
   pull-requests: write
 
 jobs:
   auto-approve:
+    name: Auto approve sync
     runs-on: ubuntu-latest
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'sync') && github.actor == 'nextcloud-android-bot' }}
     steps:
-      - uses: hmarr/auto-approve-action@de8ae18c173c131e182d4adf2c874d8d2308a85b # v3.1.0
-        if: ${{ contains(github.event.pull_request.labels.*.name, 'sync') && github.actor == 'nextcloud-android-bot' }}
+      - uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4 # v3.2.1
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -15,9 +15,9 @@ jobs:
             matrix:
                 task: [ detekt, spotlessKotlinCheck ]
         steps:
-            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
+            -   uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
             -   name: Set up JDK 11
-                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
+                uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3
                 with:
                     distribution: "temurin"
                     java-version: 11

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -26,24 +26,24 @@ jobs:
         language: [ 'java' ]
     steps:
       - name: Checkout repository
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
       - name: Set Swap Space
         uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # v1.0
         with:
           swap-size-gb: 10
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39
+        uses: github/codeql-action/init@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
         with:
           languages: ${{ matrix.language }}
       - name: Set up JDK
-        uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3.9.0
+        uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
         with:
           distribution: "temurin"
-          java-version: 11
+          java-version: 17
       - name: Assemble
         run: |
           mkdir -p "$HOME/.gradle"
           echo "org.gradle.jvmargs=-Xmx2g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError" > "$HOME/.gradle/gradle.properties"
           ./gradlew assembleDebug
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39
+        uses: github/codeql-action/analyze@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
diff --git a/.github/workflows/command-rebase.yml b/.github/workflows/command-rebase.yml
@@ -23,15 +23,15 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # v2
+        uses: peter-evans/create-or-update-comment@3383acd359705b10cb1eeef05c0e88c056ea4666 # v2
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
           comment-id: ${{ github.event.comment.id }}
           reaction-type: "+1"
 
       - name: Checkout the latest code
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
         with:
           fetch-depth: 0
           token: ${{ secrets.COMMAND_BOT_PAT }}
@@ -42,7 +42,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # v2
+        uses: peter-evans/create-or-update-comment@3383acd359705b10cb1eeef05c0e88c056ea4666 # v2
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

diff --git a/.github/workflows/detectSnapshot.yml b/.github/workflows/detectSnapshot.yml
@@ -12,6 +12,6 @@ jobs:
         runs-on: ubuntu-latest
 
         steps:
-            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
+            -   uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
             -   name: Detect SNAPSHOT
                 run: scripts/analysis/detectSNAPSHOT.sh
diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
@@ -1,8 +1,10 @@
+# synced from @nextcloud/android-config
 name: "Validate Gradle Wrapper"
-
 on:
     pull_request:
         branches: [ master, stable-* ]
+    push:
+        branches: [ master, stable-* ]
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -12,5 +14,5 @@ jobs:
         name: "Validation"
         runs-on: ubuntu-latest
         steps:
-            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
-            -   uses: gradle/wrapper-validation-action@55e685c48d84285a5b0418cd094606e199cca3b6 # v1
+            - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+            - uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b # v1.0.6
diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml
@@ -15,10 +15,10 @@ jobs:
             -   name: Check if secrets are available
                 run: echo "::set-output name=ok::${{ secrets.KS_PASS != '' }}"
                 id: check-secrets
-            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
+            -   uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
                 if: ${{ steps.check-secrets.outputs.ok == 'true' }}
             -   name: set up JDK 11
-                uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
+                uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3
                 if: ${{ steps.check-secrets.outputs.ok == 'true' }}
                 with:
                     distribution: "temurin"

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,38 @@
+# synced from @nextcloud/android-config
+name: Scorecard supply-chain security
+on:
+  branch_protection_rule:
+  schedule:
+    - cron: '32 23 * * 4'
+  push:
+    branches: [ "main", "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: false
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
+        with:
+          sarif_file: results.sarif
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
diff --git a/.github/workflows/screenShotTest.yml b/.github/workflows/screenShotTest.yml
@@ -18,32 +18,32 @@ jobs:
                 color: [ blue ]
                 api-level: [ 27 ]
         steps:
-            -   uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3
+            -   uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
 
             -   name: Gradle cache
-                uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
+                uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
                 with:
                     path: |
                         ~/.gradle/caches
                         ~/.gradle/wrapper
                     key: gradle-${{ runner.os }}-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
             -   name: AVD cache
-                uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3
+                uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3
                 id: avd-cache
                 with:
                     path: |
                         ~/.android/avd/*
                         ~/.android/adb*
                     key: avd-${{ matrix.api-level }}
 
-            -   uses: actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b # v3
+            -   uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3
                 with:
                     distribution: "temurin"
                     java-version: 11
 
             -   name: create AVD and generate snapshot for caching
                 if: steps.avd-cache.outputs.cache-hit != 'true'
-                uses: reactivecircus/android-emulator-runner@50986b1464923454c95e261820bc626f38490ec0 # v2
+                uses: reactivecircus/android-emulator-runner@d94c3fbe4fe6a29e4a5ba47c12fb47677c73656b # v2
                 with:
                     api-level: ${{ matrix.api-level }}
                     force-avd-creation: false
@@ -69,7 +69,7 @@ jobs:
                 run: scripts/deleteOldComments.sh "${{ matrix.color }}-${{ matrix.scheme }}" "Screenshot" ${{github.event.number}}
 
             -   name: Run screenshot tests
-                uses: reactivecircus/android-emulator-runner@50986b1464923454c95e261820bc626f38490ec0 # v2
+                uses: reactivecircus/android-emulator-runner@d94c3fbe4fe6a29e4a5ba47c12fb47677c73656b # v2
                 with:
                     api-level: ${{ matrix.api-level }}
                     force-avd-creation: false

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -14,7 +14,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # v7.0.0
+      - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
         with:
           days-before-stale: 28
           days-before-close: 14