🔄 synced local '.github/workflows/' with remote 'config/workflows/'

Signed-off-by: nextcloud-android-bot <android@nextcloud.com>
2025-06-19 11:39:42 +01:00 · 2025-03-17 15:31:13 +00:00 · 2025-03-17 15:31:13 +00:00 · fdbbe429dd
commit fdbbe429dd
parent 805a7ea4f4
5 changed files with 14 additions and 6 deletions
--- a/.github/workflows/analysis.yml
+++ b/.github/workflows/analysis.yml
@ -28,7 +28,12 @@ jobs:
    analysis:
        runs-on: ubuntu-latest
        steps:
-            -   name: Setup variables
+            - name: Disabled on forks
              if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
              run: |
                  echo 'Can not analyze PRs from forks'
                  exit 1
            -   name: Setup variables # zizmor: ignore[template-injection]
                id: get-vars
                run: |
                    if [ -z "$GITHUB_HEAD_REF" ]; then
@ -48,6 +53,7 @@ jobs:
                    fi
            -   uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
                with:
                    persist-credentials: false
                    repository: ${{ steps.get-vars.outputs.repo }}
                    ref: ${{ steps.get-vars.outputs.branch }}
            -   name: Set up JDK 17
--- a/.github/workflows/autoApproveSync.yml
+++ b/.github/workflows/autoApproveSync.yml
@ -6,7 +6,7 @@
 name: Auto approve sync
 on:
-  pull_request_target:
+  pull_request_target: # zizmor: ignore[dangerous-triggers]
    branches:
      - master
      - main
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -35,6 +35,8 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Set Swap Space
        if: runner.environment == 'github-hosted'
        uses: pierotofy/set-swap-space@49819abfb41bd9b44fb781159c033dba90353a7c # v1.0
--- a/.github/workflows/pr-feedback.yml
+++ b/.github/workflows/pr-feedback.yml
@ -36,7 +36,7 @@ jobs:
          blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -)
          echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT"
-      - uses: marcelklehr/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4
+      - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main
        with:
          feedback-message: |
            Hello there,
--- a/.github/workflows/renovate-approve-merge.yml
+++ b/.github/workflows/renovate-approve-merge.yml
@ -9,7 +9,7 @@
 name: Auto approve renovate PRs
 on:
-  pull_request_target:
+  pull_request_target: # zizmor: ignore[dangerous-triggers]
    branches:
      - main
      - master
@ -24,7 +24,7 @@ concurrency:
 jobs:
  auto-approve-merge:
-    if: github.actor == 'renovate[bot]'
+    if: github.event.pull_request.user.login == 'renovate[bot]'
    runs-on: ubuntu-latest
    permissions:
      # for hmarr/auto-approve-action to approve PRs
@ -52,7 +52,7 @@ jobs:
      # Enable GitHub auto merge
      - name: Auto merge
-        uses: alexwilson/enable-github-automerge-action@main
+        uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0
        if: startsWith(steps.branchname.outputs.branch, 'renovate/')
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}