From d30132f02aee7fdb44e1d0169f8af6ee8880c1f4 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 27 Apr 2026 00:46:18 +0000 Subject: [PATCH] plan: fix all zizmor issues and remove zizmor.yml Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/19702b0d-13f7-43fb-bc62-d2cdca2232b5 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com> --- .github/workflows/codespell.yml | 2 +- .github/workflows/collabora.yml | 2 +- .github/workflows/dependency-updates.yml | 2 +- .github/workflows/fail-on-prerelease.yml | 2 +- .github/workflows/helm-release.yml | 2 +- .github/workflows/imaginary-update.yml | 2 +- .github/workflows/lint-php.yml | 2 +- .github/workflows/lint-yaml.yml | 2 +- .github/workflows/lock-threads.yml | 2 +- .github/workflows/nextcloud-update.yml | 2 +- .github/workflows/playwright-on-push.yml | 4 ++-- .github/workflows/playwright-on-workflow-dispatch.yml | 2 +- .github/workflows/psalm-update-baseline.yml | 2 +- .github/workflows/psalm.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- .github/workflows/talk.yml | 2 +- .github/workflows/update-helm.yml | 2 +- .github/workflows/update-yaml.yml | 2 +- .github/workflows/watchtower-update.yml | 2 +- 19 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 475940a9..73af5a23 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -14,7 +14,7 @@ jobs: - name: Check out code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check spelling - uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2 + uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2.2 with: check_filenames: true check_hidden: true diff --git a/.github/workflows/collabora.yml b/.github/workflows/collabora.yml index d48e768b..a600a804 100644 --- a/.github/workflows/collabora.yml +++ b/.github/workflows/collabora.yml @@ -18,7 +18,7 @@ jobs: mv cool-seccomp-profile.json php/ - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: collabora-seccomp-update automated change diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml index 1e9fcf7d..eec61c36 100644 --- a/.github/workflows/dependency-updates.yml +++ b/.github/workflows/dependency-updates.yml @@ -53,7 +53,7 @@ jobs: sed -i "s|^ARG CADDY_REMOTE_HOST_HASH.*$|ARG CADDY_REMOTE_HOST_HASH=$CADDY_REMOTE_HOST_HASH|" ./Containers/mastercontainer/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: php dependency updates diff --git a/.github/workflows/fail-on-prerelease.yml b/.github/workflows/fail-on-prerelease.yml index 8d48c783..afbe1d0c 100644 --- a/.github/workflows/fail-on-prerelease.yml +++ b/.github/workflows/fail-on-prerelease.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Check latest published release isn't a prerelease" - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v6 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | const tags = await github.rest.repos.listTags({ diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index 18fda0e8..31ceda0c 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Turnstyle - uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2 + uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v3.2.3 with: continue-after-seconds: 180 env: diff --git a/.github/workflows/imaginary-update.yml b/.github/workflows/imaginary-update.yml index 6339f1bb..b1760d8d 100644 --- a/.github/workflows/imaginary-update.yml +++ b/.github/workflows/imaginary-update.yml @@ -22,7 +22,7 @@ jobs: sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: imaginary-update automated change diff --git a/.github/workflows/lint-php.yml b/.github/workflows/lint-php.yml index ea018121..f65030c1 100644 --- a/.github/workflows/lint-php.yml +++ b/.github/workflows/lint-php.yml @@ -41,7 +41,7 @@ jobs: persist-credentials: false - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # master with: php-version: ${{ matrix.php-versions }} coverage: none diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml index 4d32f913..8050806a 100644 --- a/.github/workflows/lint-yaml.yml +++ b/.github/workflows/lint-yaml.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/lock-threads.yml b/.github/workflows/lock-threads.yml index bda40ee2..b92e7f13 100644 --- a/.github/workflows/lock-threads.yml +++ b/.github/workflows/lock-threads.yml @@ -14,7 +14,7 @@ jobs: action: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v5 + - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v6.0.0 with: issue-inactive-days: '14' process-only: 'issues' diff --git a/.github/workflows/nextcloud-update.yml b/.github/workflows/nextcloud-update.yml index 07314e69..e26f8a2f 100644 --- a/.github/workflows/nextcloud-update.yml +++ b/.github/workflows/nextcloud-update.yml @@ -79,7 +79,7 @@ jobs: fi - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: nextcloud-update automated change diff --git a/.github/workflows/playwright-on-push.yml b/.github/workflows/playwright-on-push.yml index 98eceb8c..185579f7 100644 --- a/.github/workflows/playwright-on-push.yml +++ b/.github/workflows/playwright-on-push.yml @@ -28,7 +28,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: lts/* @@ -39,7 +39,7 @@ jobs: run: cd php/tests && npx playwright install --with-deps chromium - name: Set up php 8.5 - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # master with: extensions: apcu php-version: 8.5 diff --git a/.github/workflows/playwright-on-workflow-dispatch.yml b/.github/workflows/playwright-on-workflow-dispatch.yml index b3ba33f8..ab91f05e 100644 --- a/.github/workflows/playwright-on-workflow-dispatch.yml +++ b/.github/workflows/playwright-on-workflow-dispatch.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: lts/* diff --git a/.github/workflows/psalm-update-baseline.yml b/.github/workflows/psalm-update-baseline.yml index d4337f1d..953977ac 100644 --- a/.github/workflows/psalm-update-baseline.yml +++ b/.github/workflows/psalm-update-baseline.yml @@ -31,7 +31,7 @@ jobs: continue-on-error: true - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: Update psalm baseline diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml index 60fc8a9f..79eaf49c 100644 --- a/.github/workflows/psalm.yml +++ b/.github/workflows/psalm.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: Set up php - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # master with: php-version: 8.5 extensions: apcu diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index b051c355..101507e8 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -17,7 +17,7 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Shellcheck - uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 with: check_together: 'yes' env: diff --git a/.github/workflows/talk.yml b/.github/workflows/talk.yml index c00a61bc..0df596d4 100644 --- a/.github/workflows/talk.yml +++ b/.github/workflows/talk.yml @@ -45,7 +45,7 @@ jobs: sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: talk-update automated change diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml index 499f589a..961e7044 100644 --- a/.github/workflows/update-helm.yml +++ b/.github/workflows/update-helm.yml @@ -23,7 +23,7 @@ jobs: sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG" fi - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: commit-message: Helm Chart updates signoff: true diff --git a/.github/workflows/update-yaml.yml b/.github/workflows/update-yaml.yml index 447f9cb5..4584a94d 100644 --- a/.github/workflows/update-yaml.yml +++ b/.github/workflows/update-yaml.yml @@ -16,7 +16,7 @@ jobs: run: | sudo bash manual-install/update-yaml.sh - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: commit-message: Yaml updates signoff: true diff --git a/.github/workflows/watchtower-update.yml b/.github/workflows/watchtower-update.yml index e02fb909..5f21ef73 100644 --- a/.github/workflows/watchtower-update.yml +++ b/.github/workflows/watchtower-update.yml @@ -26,7 +26,7 @@ jobs: sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile - name: Create Pull Request - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: watchtower-update automated change