nextcloud/.github/workflows/command-pull-3rdparty.yml
dependabot[bot] 476d3fb86e
chore(deps): Bump the github-actions group with 11 updates
Bumps the github-actions group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.37.1` | `2.37.2` |
| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `9.0.0` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.2.0` | `6.4.0` |
| [cypress-io/github-action](https://github.com/cypress-io/github-action) | `7.3.0` | `7.4.0` |
| [LizardByte/actions/actions/setup_python](https://github.com/lizardbyte/actions) | `2026.524.145234` | `2026.625.20301` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.1` | `7.0.0` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` |


Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...9c091bb21b)

Updates `shivammathur/setup-php` from 2.37.1 to 2.37.2
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](7c071dfe9d...f3e473d116)

Updates `actions/github-script` from 7.0.1 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7.0.1...3a2844b7e9c422d3c10d287c895573f7108da1b3)

Updates `github/codeql-action/init` from 4.36.0 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7211b7c807...8aad20d150)

Updates `github/codeql-action/analyze` from 4.36.0 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7211b7c807...8aad20d150)

Updates `actions/setup-node` from 6.2.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v6.2.0...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e)

Updates `cypress-io/github-action` from 7.3.0 to 7.4.0
- [Release notes](https://github.com/cypress-io/github-action/releases)
- [Changelog](https://github.com/cypress-io/github-action/blob/master/CHANGELOG.md)
- [Commits](dace029018...948d67d307)

Updates `LizardByte/actions/actions/setup_python` from 2026.524.145234 to 2026.625.20301
- [Release notes](https://github.com/lizardbyte/actions/releases)
- [Commits](25babf9f2e...a468509812)

Updates `codecov/codecov-action` from 6.0.1 to 7.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](e79a6962e0...fb8b3582c8)

Updates `actions/download-artifact` from 7.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](37930b1c2a...3e5f45b2cf)

Updates `github/codeql-action/upload-sarif` from 4.36.0 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7211b7c807...8aad20d150)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: shivammathur/setup-php
  dependency-version: 2.37.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: cypress-io/github-action
  dependency-version: 7.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: LizardByte/actions/actions/setup_python
  dependency-version: 2026.625.20301
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-27 16:19:48 +00:00

111 lines
4.2 KiB
YAML

# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: MIT
name: Update 3rdparty command
on:
issue_comment:
types: created
permissions:
contents: read
jobs:
rebase:
runs-on: ubuntu-latest
permissions:
contents: none
pull-requests: read
# On pull requests and if the comment starts with `/update-3rdparty`
if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/update-3rdparty')
steps:
- name: Add reaction on start
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: '+1'
# issue_comment events carry no pull_request context in their payload, so we
# must fetch the PR via the API. This also gives us base.ref for free, avoiding
# a second API call. The GITHUB_TOKEN needs pull-requests:read (granted above).
- name: Get pull request metadata
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
id: get-pr
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const pull = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
core.setOutput('head_repo', pull.data.head.repo?.full_name ?? '');
core.setOutput('base_ref', pull.data.base.ref);
- name: Disabled on forks
if: steps.get-pr.outputs.head_repo != github.repository
run: |
echo 'Can not execute /update-3rdparty on forks'
exit 1
- name: Init branch
uses: xt0rted/pull-request-comment-branch@e8b8daa837e8ea7331c0003c9c316a64c6d8b0b1 # v1
id: comment-branch
- name: Checkout ${{ steps.comment-branch.outputs.head_ref }}
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
fetch-depth: 0
token: ${{ secrets.COMMAND_BOT_PAT }}
ref: ${{ steps.comment-branch.outputs.head_ref }}
- name: Register server reference to fallback to master branch
run: |
base_ref="${{ steps.get-pr.outputs.base_ref }}"
if [[ "$base_ref" == "main" || "$base_ref" == "master" ]]; then
echo "server_ref=master" >> "$GITHUB_ENV"
echo "Setting server_ref to master"
elif [[ "$base_ref" =~ ^stable[0-9]+$ ]]; then
echo "server_ref=$base_ref" >> "$GITHUB_ENV"
echo "Setting server_ref to $base_ref"
else
echo "Not based on master/main/stable*, so skipping pull 3rdparty command"
fi
- name: Setup git
run: |
git config --local user.email 'nextcloud-command@users.noreply.github.com'
git config --local user.name 'nextcloud-command'
- name: Add reaction on failure
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
if: ${{ env.server_ref == '' }}
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: '-1'
- name: Pull 3rdparty
if: ${{ env.server_ref != '' }}
run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ env.server_ref }}'"'"'; fi'
- name: Commit and push changes
if: ${{ env.server_ref != '' }}
run: |
git add 3rdparty
git commit -s -m 'Update submodule 3rdparty to latest ${{ env.server_ref }}'
git push
- name: Add reaction on failure
uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
if: failure()
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
repository: ${{ github.event.repository.full_name }}
comment-id: ${{ github.event.comment.id }}
reactions: '-1'