Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions workflow-templates/cypress.yml
Original file line number Diff line number Diff line change
Expand Up @@ -140,17 +140,20 @@ jobs:

- name: Upload snapshots
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
continue-on-error: true
if: always()
with:
name: snapshots_${{ matrix.containers }}
path: cypress/snapshots

- name: Extract NC logs
continue-on-error: true
if: failure() && matrix.containers != 'component'
run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log

- name: Upload NC logs
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
continue-on-error: true
if: failure() && matrix.containers != 'component'
with:
name: nc_logs_${{ matrix.containers }}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/lint-eslint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,8 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zizmor is complaining and I'm confused:

warning[excessive-permissions]: overly broad permissions
  --> workflow-templates/phpunit-pgsql.yml:36:3
   |
36 | /   changes:
37 | |     runs-on: ubuntu-latest-low
38 | |     # Required for dorny/paths-filter
39 | |     permissions: read-all
   | |     --------------------- uses read-all permissions
40 | |
...  |
59 | |               - 'composer.json'
60 | |               - 'composer.lock'
   | |_______________________________- this job
   |
   = note: audit confidence → High

Which part is it trying to read that it can not read otherwise?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly no clue, couldn't figure out the reason.
But it seems that it fails because not enough permisisons on private repos ? "Resource not accessible by integration"

I checked here,but didn't find anything useful dorny/paths-filter#123
So I tried this and it seems to work https://github.com/nextcloud-gmbh/server/pull/836

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I tried this and it seems to work nextcloud-gmbh/server#836

Got me curious, so did the same test (as github only specifies pr and contents as required permissions and it works already? See https://github.com/nextcloud-gmbh/server/actions/runs/15364863945/job/43236456808?pr=837

So maybe it was an internal issue with Github?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, maybe 🤔

Let's keep this closed for now!


outputs:
src: ${{ steps.changes.outputs.src}}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/lint-typescript.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all

outputs:
src: ${{ steps.changes.outputs.src}}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/node-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all

outputs:
src: ${{ steps.changes.outputs.src}}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/node.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,8 @@ concurrency:
jobs:
changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all

outputs:
src: ${{ steps.changes.outputs.src}}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/phpunit-mariadb.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,8 @@ jobs:

changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all

outputs:
src: ${{ steps.changes.outputs.src}}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/phpunit-mysql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,8 @@ jobs:

changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all

outputs:
src: ${{ steps.changes.outputs.src}}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/phpunit-oci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,8 @@ jobs:

changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all

outputs:
src: ${{ steps.changes.outputs.src }}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/phpunit-pgsql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,8 @@ jobs:

changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all

outputs:
src: ${{ steps.changes.outputs.src }}
Expand Down
5 changes: 2 additions & 3 deletions workflow-templates/phpunit-sqlite.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,8 @@ jobs:

changes:
runs-on: ubuntu-latest-low
permissions:
contents: read
pull-requests: read
# Required for dorny/paths-filter
permissions: read-all

outputs:
src: ${{ steps.changes.outputs.src}}
Expand Down
Loading