feat(contactsinteraction): allow users to disable contacts interaction addressbook

This allows simple users to opt-out of the contacts interaction addressbook even if admins have the app installed. Similar to how the birthday calendar works, the functionnality can be toggled in the user's settings or by doing a DELETE on the addressbook. A new contacts personal section has been added to contain this new setting. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
Merge pull request #47510 from nextcloud/fix/db/slow-transactions-higher-log-level
2024-08-27 10:54:18 +02:00 · 2024-08-27 10:30:52 +02:00 · 2024-08-27 10:12:14 +02:00 · 2024-08-27 07:37:52 +02:00 · 2024-08-27 00:20:54 +00:00 · 2024-08-26 21:40:27 +02:00
7179 changed files with 184586 additions and 195453 deletions
@@ -1,3 +0,0 @@
-watch_file lib/versioncheck.php
-watch_file package.json
-use flake
@@ -3,5 +3,6 @@
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: AGPL-3.0-or-later

-# Update to coding-standard 1.2.2
-832f79ac9388addeb2b22479c6da1ac46eea205c
+# Update to coding-standard 1.2.3
+af6de04e9e141466dc229e444ff3f146f4a34765
+0bd284cb81b6866338aaaa67aa1d81ef9bfbb2ab
@@ -2,18 +2,14 @@
 /apps/admin_audit/appinfo/info.xml            @luka-nextcloud @blizzz
 /apps/cloud_federation_api/appinfo/info.xml   @mejo-
 /apps/comments/appinfo/info.xml               @edward-ly @Pytal
-/apps/contactsinteraction/appinfo/info.xml    @kesselb @SebastianKrupinski
-/apps/contactsinteraction/lib                 @kesselb @SebastianKrupinski
-/apps/contactsinteraction/tests               @kesselb @SebastianKrupinski
-/apps/dashboard/appinfo/info.xml              @julien-nc @juliusknorr
-/apps/dav/lib/CalDAV                          @st3iny @SebastianKrupinski @tcitworld
-/apps/dav/lib/CardDAV                         @hamza221 @SebastianKrupinski
-/apps/dav/tests/unit/CalDAV                   @st3iny @SebastianKrupinski @tcitworld
-/apps/dav/tests/unit/CardDAV                  @hamza221 @SebastianKrupinski
+/apps/contactsinteraction/appinfo/info.xml    @kesselb @miaulalala @ChristophWurst @GretaD @hamza221 @st3iny
+/apps/dashboard/appinfo/info.xml              @julien-nc @juliushaertl
+/apps/dav/lib/CalDAV                          @ChristophWurst @miaulalala @tcitworld
+/apps/dav/lib/CardDAV                         @ChristophWurst @miaulalala @tcitworld
 /apps/encryption/appinfo/info.xml             @come-nc @icewind1991
 /apps/federatedfilesharing/appinfo/info.xml   @icewind1991 @danxuliu
-/apps/federation/appinfo/info.xml             @nfebe
-/apps/files/appinfo/info.xml                  @skjnldsv @Pytal @ArtificialOwl @come-nc @artonge @icewind1991 @szaimen @susnux @nfebe
+/apps/federation/appinfo/info.xml             @datenangebot
+/apps/files/appinfo/info.xml                  @skjnldsv @Pytal @ArtificialOwl @come-nc @artonge @icewind1991 @szaimen @susnux @Fenn-CS
 /apps/files_external/appinfo/info.xml         @icewind1991 @artonge
 /apps/files_reminders/appinfo/info.xml        @Pytal
 /apps/files_sharing/appinfo/info.xml          @skjnldsv @come-nc
@@ -24,14 +20,14 @@
 /apps/settings/appinfo/info.xml               @Pytal @JuliaKirschenheuter
 /apps/sharebymail/appinfo/info.xml            @Altahrim
 /apps/systemtags/appinfo/info.xml             @Antreesy @marcelklehr
-/apps/theming/appinfo/info.xml                @skjnldsv @juliusknorr
+/apps/theming/appinfo/info.xml                @skjnldsv @juliushaertl
 /apps/twofactor_backupcodes/appinfo/info.xml  @st3iny @miaulalala @ChristophWurst
 /apps/updatenotification/appinfo/info.xml     @Pytal @JuliaKirschenheuter
 /apps/user_ldap/appinfo/info.xml              @come-nc @blizzz
 /apps/user_status/appinfo/info.xml            @Antreesy @nickvergessen
-/apps/weather_status/appinfo/info.xml         @julien-nc @juliusknorr
+/apps/weather_status/appinfo/info.xml         @julien-nc @juliushaertl
 /apps/webhook_listeners/appinfo/info.xml      @come-nc @julien-nc
-/apps/workflowengine/appinfo/info.xml         @blizzz @juliusknorr
+/apps/workflowengine/appinfo/info.xml         @blizzz @juliushaertl

 # Frontend expertise
 /apps/files/src*                  @skjnldsv
@@ -42,7 +38,7 @@

 # Security team
 /resources/codesigning              @mgallien @miaulalala @nickvergessen
-/resources/config/ca-bundle.crt     @miaulalala @nickvergessen
+/resources/config/ca-bundle.crt     @ChristophWurst @miaulalala @nickvergessen
 /.drone.yml                         @nickvergessen

 # Two-Factor Authentication
@@ -69,14 +65,6 @@ ResponseDefinitions.php @provokateurin
 /lib/public/Talk                    @nickvergessen
 /lib/public/UserStatus              @nickvergessen

-# Groupware
-/build/integration/dav_features/caldav.feature   @st3iny @SebastianKrupinski @tcitworld
-/build/integration/dav_features/carddav.feature  @hamza221 @SebastianKrupinski
-/lib/private/Calendar                            @st3iny @SebastianKrupinski @tcitworld
-/lib/private/Contacts                            @hamza221 @SebastianKrupinski
-/lib/public/Calendar                             @st3iny @SebastianKrupinski @tcitworld
-/lib/public/Contacts                             @hamza221 @SebastianKrupinski
-
 # Personal interest
 */Activity/*                        @nickvergessen
 */Notifications/*                   @nickvergessen
@@ -59,20 +59,6 @@ updates:
  reviewers:
    - "nextcloud/server-dependabot"

-# phpunit
- package-ecosystem: composer
-  directory: "/vendor-bin/phpunit"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "04:40"
-    timezone: Europe/Madrid
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  reviewers:
-    - "nextcloud/server-dependabot"
-
 # Main master npm
 - package-ecosystem: npm
  directory: "/"
@@ -152,6 +138,25 @@ updates:
  # Disable automatic rebasing because without a build CI will likely fail anyway
  rebase-strategy: "disabled"

+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  target-branch: stable30
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+  ignore:
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+  # Disable automatic rebasing because without a build CI will likely fail anyway
+  rebase-strategy: "disabled"
+
 - package-ecosystem: composer
  directory: "/build/integration"
  schedule:
@@ -188,6 +193,24 @@ updates:
    - dependency-name: "*"
      update-types: ["version-update:semver-major", "version-update:semver-minor", "version-update:semver-patch"]

+- package-ecosystem: composer
+  directory: "/build/integration"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  target-branch: stable30
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+  ignore:
+    # ignore all GitHub linguist patch updates
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major", "version-update:semver-minor", "version-update:semver-patch"]
+
 # GitHub Actions
 - package-ecosystem: "github-actions"
  directory: "/"
@@ -37,7 +37,7 @@ jobs:
              - 'composer.lock'
              - '**.php'

-  autoloader:
+  autocheckers:
    runs-on: ubuntu-latest

    needs: changes
@@ -45,22 +45,21 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1']
+        php-versions: ['8.3']

    name: PHP checkers

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 #v2.32.0
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: ctype, json, mbstring
          coverage: none
          ini-file: development
        env:
@@ -72,32 +71,6 @@ jobs:
      - name: Check auto loaders
        run: bash ./build/autoloaderchecker.sh

-  autocheckers:
-    runs-on: ubuntu-latest-low
-
-    strategy:
-      matrix:
-        php-versions: ['8.1']
-
-    name: Translation and Files checkers
-
-    steps:
-      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 #v2.32.0
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
-          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
      - name: Check translations are JSON decodeable
        run: php ./build/translation-checker.php

@@ -114,7 +87,7 @@ jobs:
    permissions:
      contents: none
    runs-on: ubuntu-latest-low
-    needs: [changes, autoloader, autocheckers]
+    needs: [changes, autocheckers]

    if: always()

@@ -122,4 +95,4 @@ jobs:

    steps:
      - name: Summary status
-        run: if ${{ needs.autocheckers.result != 'success' || (needs.changes.outputs.src != 'false' && needs.autoloader.result != 'success') }}; then exit 1; fi
+        run: if ${{ needs.changes.outputs.src != 'false' && needs.autocheckers.result != 'success' }}; then exit 1; fi
@@ -27,22 +27,13 @@ jobs:

    steps:
      - name: Set server major version environment
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const regex = /^stable(\d+)$/
-            const baseRef = context.payload.pull_request.base.ref
-            const match = baseRef.match(regex)
-            if (match) {
-              console.log('Setting server_major to ' + match[1]);
-              core.exportVariable('server_major', match[1]);
-              console.log('Setting current_month to ' + (new Date()).toISOString().substr(0, 7));
-              core.exportVariable('current_month', (new Date()).toISOString().substr(0, 7));
-            }
+        run: |
+          # retrieve version number from branch reference
+          server_major=$(echo "${{ github.base_ref }}" | sed -En 's/stable//p')
+          echo "server_major=$server_major" >> $GITHUB_ENV
+          echo "current_month=$(date +%Y-%m)" >> $GITHUB_ENV

-      - name: Checking if server ${{ env.server_major }} is EOL
-        if: ${{ env.server_major != '' }}
+      - name: Checking if ${{ env.server_major }} is EOL
        run: |
          curl -s https://raw.githubusercontent.com/nextcloud-releases/updater_server/production/config/major_versions.json \
            | jq '.["${{ env.server_major }}"]["eol"] // "9999-99" | . >= "${{ env.current_month }}"' \
@@ -28,30 +28,8 @@ jobs:
    runs-on: ubuntu-latest-low

    steps:
-      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const baseRef = context.payload.pull_request.base.ref
-            if (baseRef === 'main' || baseRef === 'master') {
-              core.exportVariable('server_ref', 'master');
-              console.log('Setting server_ref to master');
-            } else {
-              const regex = /^stable(\d+)$/
-              const match = baseRef.match(regex)
-              if (match) {
-                core.exportVariable('server_ref', match[0]);
-                console.log('Setting server_ref to ' + match[0]);
-              } else {
-                console.log('Not based on master/main/stable*, so skipping freeze check');
-              }
-            }
-
-      - name: Download version.php from ${{ env.server_ref }}
-        if: ${{ env.server_ref != '' }}
-        run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ env.server_ref }}/version.php' --output version.php
+      - name: Download version.php from ${{ github.base_ref }}
+        run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ github.base_ref }}/version.php' --output version.php

      - name: Run check
-        if: ${{ env.server_ref != '' }}
        run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC'
@@ -31,49 +31,25 @@ jobs:
              - 'version.php'

      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: 3rdparty commit hash on current branch
        id: actual
        run: |
          echo "commit=$(git submodule status | grep ' 3rdparty' | egrep -o '[a-f0-9]{40}')" >> "$GITHUB_OUTPUT"

-      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const baseRef = context.payload.pull_request.base.ref
-            if (baseRef === 'main' || baseRef === 'master') {
-              core.exportVariable('server_ref', 'master');
-              console.log('Setting server_ref to master');
-            } else {
-              const regex = /^stable(\d+)$/
-              const match = baseRef.match(regex)
-              if (match) {
-                core.exportVariable('server_ref', match[0]);
-                console.log('Setting server_ref to ' + match[0]);
-              } else {
-                console.log('Not based on master/main/stable*, so skipping outdated 3rdparty check');
-              }
-            }
-
      - name: Last 3rdparty commit on target branch
-        if: ${{ env.server_ref != '' }}
        id: target
        run: |
-          echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ env.server_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT"
+          echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ github.base_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT"

      - name: Compare if 3rdparty commits are different
-        if: ${{ env.server_ref != '' }}
        run: |
          echo '3rdparty/ seems to not point to the last commit of the dedicated branch:'
          echo 'Branch has: ${{ steps.actual.outputs.commit }}'
-          echo '${{ env.server_ref }} has: ${{ steps.target.outputs.commit }}'
+          echo '${{ github.base_ref }} has: ${{ steps.target.outputs.commit }}'

      - name: Fail if 3rdparty commits are different
-        if: ${{ env.server_ref != '' && steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}
+        if: ${{ steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}
        run: |
          exit 1
@@ -27,9 +27,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0
        with:
@@ -11,9 +11,6 @@ on:
  issue_comment:
    types: [created]

-permissions:
-  contents: read
-
 jobs:
  init:
    runs-on: ubuntu-latest
@@ -79,7 +76,7 @@ jobs:
          fi

      - name: Init branch
-        uses: xt0rted/pull-request-comment-branch@e8b8daa837e8ea7331c0003c9c316a64c6d8b0b1 # v3.0.0
+        uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1
        id: comment-branch

      - name: Add reaction on failure
@@ -89,7 +86,7 @@ jobs:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
          comment-id: ${{ github.event.comment.id }}
-          reactions: '-1'
+          reactions: "-1"

  process:
    runs-on: ubuntu-latest
@@ -97,16 +94,14 @@ jobs:

    steps:
      - name: Restore cached git repository
-        uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
+        uses: buildjet/cache@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
        with:
          path: .git
          key: git-repo

      - name: Checkout ${{ needs.init.outputs.head_ref }}
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          # Needed to allow force push later
-          persist-credentials: true
          token: ${{ secrets.COMMAND_BOT_PAT }}
          fetch-depth: 0
          ref: ${{ needs.init.outputs.head_ref }}
@@ -124,7 +119,7 @@ jobs:
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
          cache: npm
@@ -181,4 +176,4 @@ jobs:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
          comment-id: ${{ github.event.comment.id }}
-          reactions: '-1'
+          reactions: "-1"
@@ -34,60 +34,28 @@ jobs:
          exit 1

      - name: Init branch
-        uses: xt0rted/pull-request-comment-branch@e8b8daa837e8ea7331c0003c9c316a64c6d8b0b1 # v1
+        uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1
        id: comment-branch

      - name: Checkout ${{ steps.comment-branch.outputs.head_ref }}
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          fetch-depth: 0
          token: ${{ secrets.COMMAND_BOT_PAT }}
          ref: ${{ steps.comment-branch.outputs.head_ref }}

-      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const baseRef = context.payload.pull_request.base.ref
-            if (baseRef === 'main' || baseRef === 'master') {
-              core.exportVariable('server_ref', 'master');
-              console.log('Setting server_ref to master');
-            } else {
-              const regex = /^stable(\d+)$/
-              const match = baseRef.match(regex)
-              if (match) {
-                core.exportVariable('server_ref', match[0]);
-                console.log('Setting server_ref to ' + match[0]);
-              } else {
-                console.log('Not based on master/main/stable*, so skipping pull 3rdparty command');
-              }
-            }
-
      - name: Setup git
        run: |
          git config --local user.email 'nextcloud-command@users.noreply.github.com'
          git config --local user.name 'nextcloud-command'

-      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
-        if: ${{ env.server_ref == '' }}
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          repository: ${{ github.event.repository.full_name }}
-          comment-id: ${{ github.event.comment.id }}
-          reactions: '-1'
-
      - name: Pull 3rdparty
-        if: ${{ env.server_ref != '' }}
-        run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ env.server_ref }}'"'"'; fi'
+        run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ github.event.issue.pull_request.base.ref }}'"'"'; fi'

      - name: Commit and push changes
-        if: ${{ env.server_ref != '' }}
        run: |
          git add 3rdparty
-          git commit -s -m 'Update submodule 3rdparty to latest ${{ env.server_ref }}'
+          git commit -s -m 'Update submodule 3rdparty to latest ${{ github.event.issue.pull_request.base.ref }}'
          git push

      - name: Add reaction on failure
@@ -18,16 +18,9 @@ env:
  # Adjust APP_NAME if your repository name is different
  APP_NAME: ${{ github.event.repository.name }}

-  # This represents the server branch to checkout.
-  # Usually it's the base branch of the PR, but for pushes it's the branch itself.
-  # e.g. 'main', 'stable27' or 'feature/my-feature'
-  # n.b. server will use head_ref, as we want to test the PR branch.
+  # Server requires head_ref instead of base_ref, as we want to test the PR branch
  BRANCH: ${{ github.head_ref || github.ref_name }}

-
-permissions:
-  contents: read
-
 jobs:
  init:
    runs-on: ubuntu-latest
@@ -36,6 +29,8 @@ jobs:
      npmVersion: ${{ steps.versions.outputs.npmVersion }}

    env:
+      # We'll install cypress in the cypress job
+      CYPRESS_INSTALL_BINARY: 0
      PUPPETEER_SKIP_DOWNLOAD: true

    steps:
@@ -46,9 +41,8 @@ jobs:
          exit 1

      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          # We need to checkout submodules for 3rdparty
          submodules: true

@@ -70,7 +64,7 @@ jobs:
          fallbackNpm: "^10"

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -86,7 +80,7 @@ jobs:
        run: npm run cypress:version

      - name: Save context
-        uses: buildjet/cache/save@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
+        uses: buildjet/cache/save@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
        with:
          key: cypress-context-${{ github.run_id }}
          path: ./
@@ -100,7 +94,7 @@ jobs:
      matrix:
        # Run multiple copies of the current job in parallel
        # Please increase the number or runners as your tests suite grows (0 based index for e2e tests)
-        containers: ['component', '0', '1', '2', '3', '4', '5', '6', '7']
+        containers: ["component", '0', '1', '2', '3', '4', '5', '6', '7']
        # Hack as strategy.job-total includes the component and GitHub does not allow math expressions
        # Always align this number with the total of e2e runners (max. index + 1)
        total-containers: [8]
@@ -109,23 +103,28 @@ jobs:

    steps:
      - name: Restore context
-        uses: buildjet/cache/restore@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
+        uses: buildjet/cache/restore@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
        with:
          fail-on-cache-miss: true
          key: cypress-context-${{ github.run_id }}
          path: ./

      - name: Set up node ${{ needs.init.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.init.outputs.nodeVersion }}

      - name: Set up npm ${{ needs.init.outputs.npmVersion }}
        run: npm i -g 'npm@${{ needs.init.outputs.npmVersion }}'

+      - name: Install cypress
+        run: ./node_modules/cypress/bin/cypress install
+
      - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests
-        uses: cypress-io/github-action@f1f0912d392f0d06bdd01fb9ebe3b3299e5806fb # v6.7.7
+        uses: cypress-io/github-action@df7484c5ba85def7eef30db301afa688187bc378 # v6.7.2
        with:
+          # We already installed the dependencies in the init job
+          install: false
          component: ${{ matrix.containers == 'component' }}
          group: ${{ matrix.use-cypress-cloud && matrix.containers == 'component' && 'Run component' || matrix.use-cypress-cloud && 'Run E2E' || '' }}
          # cypress env
@@ -143,21 +142,19 @@ jobs:
          SPLIT: ${{ matrix.total-containers }}
          SPLIT_INDEX: ${{ matrix.containers == 'component' && 0 || matrix.containers }}

-      - name: Upload snapshots and videos
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - name: Upload snapshots
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if: always()
        with:
-          name: snapshots_videos_${{ matrix.containers }}
-          path: |
-            cypress/snapshots
-            cypress/videos
+          name: snapshots_${{ matrix.containers }}
+          path: cypress/snapshots

      - name: Extract NC logs
        if: failure() && matrix.containers != 'component'
-        run: docker logs nextcloud-cypress-tests_${{ env.APP_NAME }} > nextcloud.log
+        run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log

      - name: Upload NC logs
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if: failure() && matrix.containers != 'component'
        with:
          name: nc_logs_${{ matrix.containers }}
@@ -165,10 +162,10 @@ jobs:

      - name: Create data dir archive
        if: failure() && matrix.containers != 'component'
-        run: docker exec nextcloud-cypress-tests_${{ env.APP_NAME }} tar -cvjf - data > data.tar
+        run: docker exec nextcloud-cypress-tests-server tar -cvjf - data > data.tar

      - name: Upload data dir archive
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if: failure() && matrix.containers != 'component'
        with:
          name: nc_data_${{ matrix.containers }}
@@ -9,7 +9,7 @@
 name: Dependabot

 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers]
+  pull_request_target:
    branches:
      - main
      - master
@@ -24,7 +24,7 @@ concurrency:

 jobs:
  auto-approve-merge:
-    if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
+    if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
    runs-on: ubuntu-latest-low
    permissions:
      # for hmarr/auto-approve-action to approve PRs
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-ftp-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -56,9 +53,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up ftpd
@@ -76,7 +72,7 @@ jobs:
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -104,7 +100,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-ftp
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-s3-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -44,16 +41,16 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.2']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
-          - php-versions: '8.3'
+          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}

    name: php${{ matrix.php-versions }}-s3

    services:
      minio:
-        image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
+        image: bitnami/minio
        env:
          MINIO_ROOT_USER: nextcloud
          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@@ -63,9 +60,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -87,23 +83,22 @@ jobs:
          composer install
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
          ./occ app:enable --force files_external
-          echo "<?php return ['run' => true, 'minio' => true, 'secret' => 'actually-not-secret', 'passwordsalt' => 'actually-not-secret', 'hostname' => 'localhost','key' => '$OBJECT_STORE_KEY','secret' => '$OBJECT_STORE_SECRET', 'bucket' => 'bucket', 'port' => 9000, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/files_external/tests/config.amazons3.php
+          echo "<?php return ['run' => true, 'secret' => 'actually-not-secret', 'passwordsalt' => 'actually-not-secret', 'hostname' => 'localhost','key' => '$OBJECT_STORE_KEY','secret' => '$OBJECT_STORE_SECRET', 'bucket' => 'bucket', 'port' => 9000, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/files_external/tests/config.amazons3.php

      - name: Wait for S3
        run: |
+          sleep 10
          curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://localhost:9000/minio/health/ready

      - name: PHPUnit
-        run: |
-          composer run test:files_external -- \
-            --group S3 \
-            --log-junit junit.xml \
-            apps/files_external/tests/Storage \
-            ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test:files_external -- \
+          apps/files_external/tests/Storage/Amazons3Test.php \
+          apps/files_external/tests/Storage/VersionedAmazonS3Test.php \
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-s3
@@ -134,15 +129,14 @@ jobs:
        env:
          SERVICES: s3
          DEBUG: 1
-        image: localstack/localstack@sha256:9d4253786e0effe974d77fe3c390358391a56090a4fff83b4600d8a64404d95d # v4.5.0
+        image: localstack/localstack
        ports:
          - "4566:4566"

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -161,19 +155,17 @@ jobs:
          composer install
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
          ./occ app:enable --force files_external
-          echo "<?php return ['run' => true, 'localstack' => true, 'hostname' => 'localhost','key' => 'ignored','secret' => 'ignored', 'bucket' => 'bucket', 'port' => 4566, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/files_external/tests/config.amazons3.php
+          echo "<?php return ['run' => true,'hostname' => 'localhost','key' => 'ignored','secret' => 'ignored', 'bucket' => 'bucket', 'port' => 4566, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/files_external/tests/config.amazons3.php

      - name: PHPUnit
-        run: |
-          composer run test:files_external -- \
-            --group S3 \
-            --log-junit junit.xml \
-            apps/files_external/tests/Storage \
-            ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test:files_external -- \
+          apps/files_external/tests/Storage/Amazons3Test.php \
+          apps/files_external/tests/Storage/VersionedAmazonS3Test.php \
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-s3
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-sftp-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -56,9 +53,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up sftpd
@@ -72,7 +68,7 @@ jobs:
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -93,7 +89,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-sftp
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-smb-kerberos-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -37,7 +34,7 @@ jobs:
              - '**.php'

  files-external-smb-kerberos:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
    needs: changes

    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}
@@ -46,24 +43,16 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Checkout user_saml
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          repository: nextcloud/user_saml
          path: apps/user_saml

-      - name: Install user_saml
-        run: |
-          cd apps/user_saml
-          composer i
-          cd ../..
-
      - name: Pull images
        run: |
          docker pull ghcr.io/icewind1991/samba-krb-test-dc
@@ -88,18 +77,6 @@ jobs:
        run: |
          apps/files_external/tests/sso-setup/test-sso-smb.sh ${{ env.DC_IP }}

-      - name: Show logs DC
-        if: always()
-        run: |
-          docker logs dc
-          echo "------------"
-          docker exec dc cat /var/log/samba/log.samba
-
-      - name: Show logs Apache
-        if: always()
-        run: |
-          docker logs apache
-
      - name: Show logs
        if: always()
        run: |
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-smb-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -53,15 +50,14 @@ jobs:

    services:
      samba:
-        image: ghcr.io/nextcloud/continuous-integration-samba:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-samba:latest
        ports:
          - 445:445

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -69,7 +65,7 @@ jobs:
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, smbclient, sqlite, pdo_sqlite
+          extensions: ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, smbclient, sqlite, pdo_sqlite
          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
          ini-file: development
        env:
@@ -98,7 +94,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.1.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-smb
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-webdav-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -53,15 +50,14 @@ jobs:

    services:
      apache:
-        image: ghcr.io/nextcloud/continuous-integration-webdav-apache:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-webdav-apache:latest
        ports:
          - 8081:80

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -95,7 +91,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.1.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-webdav
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-generic-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -52,9 +49,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -83,7 +79,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-generic
@@ -1,98 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Generate changelog on release
-
-on:
-  release:
-    types: [published]
-
-permissions:
-  contents: write
-
-jobs:
-  changelog_generate:
-    runs-on: ubuntu-latest
-
-    # Only allowed to be run on nextcloud-releases repositories
-    if: ${{ github.repository_owner == 'nextcloud-releases' }}
-
-    steps:
-      - name: Check actor permission
-        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
-        with:
-          require: write
-
-      - name: Checkout github_helper
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          repository: nextcloud/github_helper
-          path: github_helper
-
-      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          path: server
-          fetch-depth: 0
-
-      - name: Get previous tag
-        shell: bash
-        run: |
-          cd server
-          # Print all tags
-          git log --decorate --oneline | egrep 'tag: ' | sed -r 's/^.+tag: ([^,\)]+)[,\)].+$/\1/g'
-          # Get the current tag
-          TAGS=$(git log --decorate --oneline | egrep 'tag: ' | sed -r 's/^.+tag: ([^,\)]+)[,\)].+$/\1/g')
-          CURRENT_TAG=$(echo "$TAGS" | head -n 1)
-
-          # Get the previous tag - filter pre-releases only if current tag is stable
-          if echo "$CURRENT_TAG" | grep -q 'rc\|beta\|alpha'; then
-            # Current tag is pre-release, don't filter
-            PREVIOUS_TAG=$(echo "$TAGS" | sed -n '2p')
-          else
-            # Current tag is stable, filter out pre-releases
-            PREVIOUS_TAG=$(echo "$TAGS" | grep -v 'rc\|beta\|alpha' | sed -n '2p')
-          fi
-
-          echo "CURRENT_TAG=$CURRENT_TAG" >> $GITHUB_ENV
-          echo "PREVIOUS_TAG=$PREVIOUS_TAG" >> $GITHUB_ENV
-
-      # Since this action only runs on nextcloud-releases, ignoring is okay
-      - name: Verify current tag # zizmor: ignore[template-injection]
-        run: |
-         if [ "${{ github.ref_name }}" != "${{ env.CURRENT_TAG }}" ]; then
-           echo "Current tag does not match the release tag. Exiting."
-           exit 1
-         fi
-
-      - name: Set up php 8.2
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2.33.0
-        with:
-          php-version: 8.2
-          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set credentials
-        run: |
-          echo '{"username": "github-actions"}' > github_helper/credentials.json
-
-      # Since this action only runs on nextcloud-releases, ignoring is okay
-      - name: Generate changelog between ${{ env.PREVIOUS_TAG }} and ${{ github.ref_name }} # zizmor: ignore[template-injection]
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          cd github_helper/changelog
-          composer install
-          php index.php generate:changelog --no-bots --format=forum server ${{ env.PREVIOUS_TAG }} ${{ github.ref_name }} > changelog.md
-
-      # Since this action only runs on nextcloud-releases, ignoring is okay
-      - name: Set changelog to release # zizmor: ignore[template-injection]
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-         cd server
-         gh release edit ${{ github.ref_name }} --notes-file "../github_helper/changelog/changelog.md" --title "${{ github.ref_name }}"
@@ -4,9 +4,6 @@ name: DAV integration tests
 on:
  pull_request:

-permissions:
-  contents: read
-
 concurrency:
  group: integration-caldav-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -46,7 +43,7 @@ jobs:
      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.1']
+        php-versions: ['8.3']
        endpoint: ['old', 'new']
        service: ['CalDAV', 'CardDAV']

@@ -54,9 +51,8 @@ jobs:

    steps:
        - name: Checkout server
-          uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
          with:
-            persist-credentials: false
            submodules: true

        - name: Set up php ${{ matrix.php-versions }}
@@ -71,7 +67,7 @@ jobs:
            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

        - name: Set up Python
-          uses: LizardByte/setup-python-action@f4367d0377eceec7e5e26da8f3863dd365b95a94 # v2025.426.160528
+          uses: LizardByte/setup-python-action@master
          with:
            python-version: '2.7'

@@ -4,9 +4,6 @@ name: Litmus integration tests
 on:
  pull_request:

-permissions:
-  contents: read
-
 concurrency:
  group: integration-litmus-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -46,16 +43,15 @@ jobs:
      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.1']
+        php-versions: ['8.3']
        endpoint: ['webdav', 'dav']

    name: Litmus WebDAV ${{ matrix.endpoint }}

    steps:
        - name: Checkout server
-          uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
          with:
-            persist-credentials: false
            submodules: true

        - name: Set up php ${{ matrix.php-versions }}
@@ -4,9 +4,6 @@ name: S3 primary storage integration tests
 on:
  pull_request:

-permissions:
-  contents: read
-
 concurrency:
  group: integration-s3-primary-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -53,12 +50,12 @@ jobs:

    services:
      redis:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
        ports:
          - 6379:6379/tcp
      minio:
-        image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
+        image: bitnami/minio
        env:
          MINIO_ROOT_USER: nextcloud
          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@@ -68,9 +65,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -41,7 +41,6 @@ jobs:
              - '.php-cs-fixer.dist.php'
              - 'composer.json'
              - 'composer.lock'
-              - 'core/shipped.json'

  integration-sqlite:
    runs-on: ubuntu-latest
@@ -68,20 +67,19 @@ jobs:
          - 'setup_features'
          - 'sharees_features'
          - 'sharing_features'
-          - 'theming_features'
          - 'videoverification_features'

-        php-versions: ['8.1']
-        spreed-versions: ['stable30']
+        php-versions: ['8.2']
+        spreed-versions: ['main']

    services:
      redis:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
        ports:
          - 6379:6379/tcp
      openldap:
-        image: ghcr.io/nextcloud/continuous-integration-openldap:openldap-7 # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-openldap:openldap-7
        ports:
          - 389:389
        env:
@@ -92,16 +90,14 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Checkout Talk app
        if: ${{ matrix.test-suite == 'videoverification_features' }}
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          repository: nextcloud/spreed
          path: apps/spreed
          ref: ${{ matrix.spreed-versions }}
@@ -20,9 +20,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src}}
@@ -56,9 +53,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -68,7 +63,7 @@ jobs:
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -48,9 +48,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up php8.1
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
@@ -53,9 +53,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up php ${{ matrix.php-versions }}
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src}}
@@ -62,9 +59,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -85,12 +80,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

@@ -106,7 +99,7 @@ jobs:
        run: npm run test:coverage --if-present

      - name: Collect coverage
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.3.1
        with:
          files: ./coverage/lcov.info

@@ -121,12 +114,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

@@ -151,12 +142,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

@@ -20,9 +20,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src}}
@@ -56,9 +53,7 @@ jobs:
    name: NPM build
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -68,7 +63,7 @@ jobs:
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -14,9 +14,6 @@ on:
    # At 2:30 on Sundays
    - cron: '30 2 * * 0'

-permissions:
-  contents: read
-
 jobs:
  build:
    runs-on: ubuntu-latest
@@ -24,18 +21,15 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        branches: ['main', 'master', 'stable29', 'stable28', 'stable27']
+        branches: ['main', 'master', 'stable30', 'stable29', 'stable28']

    name: npm-audit-fix-${{ matrix.branches }}

    steps:
      - name: Checkout
-        id: checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          ref: ${{ matrix.branches }}
-        continue-on-error: true

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -45,7 +39,7 @@ jobs:
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -54,10 +48,10 @@ jobs:

      - name: Fix npm audit
        id: npm-audit
-        uses: nextcloud-libraries/npm-audit-action@1b1728b2b4a7a78d69de65608efcf4db0e3e42d0 # v0.2.0
+        uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0

      - name: Run npm ci and npm run build
-        if: steps.checkout.outcome == 'success'
+        if: always()
        env:
          CYPRESS_INSTALL_BINARY: 0
        run: |
@@ -65,8 +59,8 @@ jobs:
          npm run build --if-present

      - name: Create Pull Request
-        if: steps.checkout.outcome == 'success'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        if: always()
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(deps): Fix npm audit'
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "15 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: object-storage-azure-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -48,7 +45,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.2']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.3'
            coverage: true
@@ -57,7 +54,7 @@ jobs:

    services:
      azurite:
-        image: mcr.microsoft.com/azure-storage/azurite@sha256:0a47e12e3693483cef5c71f35468b91d751611f172d2f97414e9c69113b106d9 # v3.34.0
+        image: mcr.microsoft.com/azure-storage/azurite
        env:
          AZURITE_ACCOUNTS: nextcloud:bmV4dGNsb3Vk
        ports:
@@ -65,16 +62,15 @@ jobs:
        options: --health-cmd="nc 127.0.0.1 10000 -z" --health-interval=1s --health-retries=30

      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -109,7 +105,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-azure
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "15 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: object-storage-s3-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -48,7 +45,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.2']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.3'
            coverage: true
@@ -57,13 +54,13 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      minio:
-        image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
+        image: bitnami/minio
        env:
          MINIO_ROOT_USER: nextcloud
          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@@ -73,9 +70,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -115,7 +111,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-s3
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "15 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: object-storage-swift-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -48,7 +45,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.2']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.3'
            coverage: true
@@ -57,22 +54,21 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      swift:
-        image: ghcr.io/cscfi/docker-keystone-swift@sha256:e8b1ec21120ab9adc6ac6a2b98785fd273676439a8633fe898e37f2aea7e0712
+        image: ghcr.io/cscfi/docker-keystone-swift
        ports:
          - 5000:5000
          - 8080:8080

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -105,7 +101,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-swift
@@ -26,14 +26,12 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up php
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
-          php-version: '8.1'
+          php-version: '8.2'
          extensions: ctype, curl, dom, fileinfo, gd, json, libxml, mbstring, openssl, pcntl, pdo, posix, session, simplexml, xml, xmlreader, xmlwriter, zip, zlib
          coverage: none
          ini-file: development
@@ -4,9 +4,6 @@ name: Performance testing
 on:
  pull_request:

-permissions:
-  contents: read
-
 concurrency:
  group: performance-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -17,9 +14,6 @@ jobs:

    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

-    permissions:
-      pull-requests: write
-
    strategy:
      fail-fast: false
      matrix:
@@ -35,9 +29,8 @@ jobs:
          exit 1

      - name: Checkout server before PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true
          ref: ${{ github.event.pull_request.base.ref }}

@@ -45,7 +38,7 @@ jobs:
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

@@ -56,7 +49,7 @@ jobs:

          php -S localhost:8080 &
      - name: Apply blueprint
-        uses: icewind1991/blueprint@00504403f76cb2a09efd0d16793575055e6f63cb # v0.1.2
+        uses: icewind1991/blueprint@v0.1.2
        with:
          blueprint: tests/blueprints/basic.toml
          ref: ${{ github.event.pull_request.head.ref }}
@@ -71,9 +64,9 @@ jobs:
            curl -s -u test:test -T README.md http://localhost:8080/remote.php/dav/files/test/new_file.txt
            curl -s -u test:test -X DELETE http://localhost:8080/remote.php/dav/files/test/new_file.txt
          output: before.json
-          profiler-branch: stable30
+          profiler-branch: master

-      - name: Apply PR # zizmor: ignore[template-injection]
+      - name: Apply PR
        run: |
          git remote add pr '${{ github.event.pull_request.head.repo.clone_url }}'
          git fetch pr '${{ github.event.pull_request.head.ref }}'
@@ -93,19 +86,19 @@ jobs:
            curl -s -u test:test -T README.md http://localhost:8080/remote.php/dav/files/test/new_file.txt
            curl -s -u test:test -X DELETE http://localhost:8080/remote.php/dav/files/test/new_file.txt
          output: after.json
-          profiler-branch: stable30
+          profiler-branch: master
          compare-with: before.json

      - name: Upload profiles
        if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b
        with:
          name: profiles
          path: |
            before.json
            after.json

-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
+      - uses: actions/github-script@v7
        if: failure() && steps.compare.outcome == 'failure'
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
@@ -32,9 +32,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Install tools
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src}}
@@ -69,7 +66,7 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
@@ -87,9 +84,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -126,7 +122,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-mariadb
@@ -55,7 +55,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.3']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -64,16 +64,15 @@ jobs:

    services:
      memcached:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 11212:11212/tcp
          - 11212:11212/udp

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -102,7 +101,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-memcached
@@ -1,185 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-#
-# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: PHPUnit sharding
-
-on:
-  pull_request:
-  schedule:
-    - cron: "5 2 * * *"
-
-permissions:
-  contents: read
-
-concurrency:
-  group: phpunit-mysql-sharding-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  changes:
-    runs-on: ubuntu-latest-low
-
-    outputs:
-      src: ${{ steps.changes.outputs.src }}
-
-    steps:
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: changes
-        continue-on-error: true
-        with:
-          filters: |
-            src:
-              - '.github/workflows/**'
-              - '3rdparty/**'
-              - '**/appinfo/**'
-              - '**/lib/**'
-              - '**/templates/**'
-              - '**/tests/**'
-              - 'vendor/**'
-              - 'vendor-bin/**'
-              - '.php-cs-fixer.dist.php'
-              - 'composer.json'
-              - 'composer.lock'
-              - '**.php'
-
-  phpunit-mysql:
-    runs-on: ubuntu-latest
-
-    needs: changes
-    if: needs.changes.outputs.src != 'false'
-
-    strategy:
-      matrix:
-        php-versions: ['8.1']
-        mysql-versions: ['8.4']
-
-    name: Sharding - MySQL ${{ matrix.mysql-versions }} (PHP ${{ matrix.php-versions }}) - database tests
-
-    services:
-      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
-        ports:
-          - 6379:6379/tcp
-        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
-
-      mysql:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
-        ports:
-          - 4444:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: oc_autotest
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-      shard1:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
-        ports:
-          - 5001:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: nextcloud
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-      shard2:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
-        ports:
-          - 5002:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: nextcloud
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-      shard3:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
-        ports:
-          - 5003:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: nextcloud
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-      shard4:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
-        ports:
-          - 5004:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: nextcloud
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-
-    steps:
-      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@2e947f1f6932d141d076ca441d0e1e881775e95b #v2.31.0
-        with:
-          php-version: ${{ matrix.php-versions }}
-          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, mysql, pdo_mysql
-          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up dependencies
-        run: composer i
-
-      - name: Enable ONLY_FULL_GROUP_BY MySQL option
-        run: |
-          echo "SET GLOBAL sql_mode=(SELECT CONCAT(@@sql_mode,',ONLY_FULL_GROUP_BY'));" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
-          echo "SELECT @@sql_mode;" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
-
-      - name: Set up Nextcloud
-        env:
-          DB_PORT: 4444
-          SHARDING: 1
-        run: |
-          mkdir data
-          cp tests/redis.config.php config/
-          cp tests/preseed-config.php config/config.php
-          ./occ maintenance:install --verbose --database=mysql --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0
-
-      - name: PHPUnit
-        run: composer run test:db ${{ matrix.coverage && ' -- --coverage-clover ./clover.db.xml' || '' }}
-
-      - name: Upload db code coverage
-        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
-        with:
-          files: ./clover.db.xml
-          flags: phpunit-mysql
-
-      - name: Print logs
-        if: always()
-        run: |
-          cat data/nextcloud.log
-
-  summary:
-    permissions:
-      contents: none
-    runs-on: ubuntu-latest-low
-    needs: [changes, phpunit-mysql]
-
-    if: always()
-
-    name: phpunit-mysql-summary
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && needs.phpunit-mysql.result != 'success' }}; then exit 1; fi
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src }}
@@ -69,13 +66,13 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      mysql:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
        ports:
          - 4444:3306/tcp
        env:
@@ -87,9 +84,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -126,7 +122,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-mysql
@@ -42,7 +42,6 @@ jobs:
              - '**/lib/**'
              - '**/templates/**'
              - '**/tests/**'
-              - 'resources/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - '.php-cs-fixer.dist.php'
@@ -58,7 +57,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.3']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -67,16 +66,15 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -108,7 +106,7 @@ jobs:

      - name: Upload nodb code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.nodb.xml
          flags: phpunit-nodb
@@ -1,125 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-name: PHPUnit primary object store
-on:
-  pull_request:
-  schedule:
-    - cron: "15 2 * * *"
-
-permissions:
-  contents: read
-
-concurrency:
-  group: phpunit-object-store-primary-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  changes:
-    runs-on: ubuntu-latest-low
-
-    outputs:
-      src: ${{ steps.changes.outputs.src}}
-
-    steps:
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: changes
-        continue-on-error: true
-        with:
-          filters: |
-            src:
-              - '.github/workflows/**'
-              - '3rdparty/**'
-              - '**/appinfo/**'
-              - '**/lib/**'
-              - '**/templates/**'
-              - '**/tests/**'
-              - 'vendor/**'
-              - 'vendor-bin/**'
-              - '.php-cs-fixer.dist.php'
-              - 'composer.json'
-              - 'composer.lock'
-              - '**.php'
-
-  object-store-primary-tests-minio:
-    runs-on: ubuntu-latest
-    needs: changes
-
-    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}
-
-    strategy:
-      # do not stop on another job's failure
-      fail-fast: false
-      matrix:
-        php-versions: ['8.1']
-        key: ['s3', 's3-multibucket']
-
-    name: php${{ matrix.php-versions }}-${{ matrix.key }}-minio
-
-    services:
-      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
-        ports:
-          - 6379:6379/tcp
-        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
-
-      minio:
-        image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
-        env:
-          MINIO_ROOT_USER: nextcloud
-          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
-          MINIO_DEFAULT_BUCKETS: nextcloud
-        ports:
-          - "9000:9000"
-
-    steps:
-      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d #v2.25.2
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Nextcloud
-        env:
-          OBJECT_STORE: ${{ matrix.key }}
-          OBJECT_STORE_KEY: nextcloud
-          OBJECT_STORE_SECRET: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
-        run: |
-          composer install
-          cp tests/redis.config.php config/
-          cp tests/preseed-config.php config/config.php
-          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
-          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0
-
-      - name: Wait for S3
-        run: |
-          sleep 10
-          curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://localhost:9000/minio/health/ready
-
-      - name: PHPUnit
-        run: composer run test:db
-
-      - name: S3 logs
-        if: always()
-        run: |
-          cat data/nextcloud.log
-          docker ps -a
-          docker ps -aq | while read container ; do IMAGE=$(docker inspect --format='{{.Config.Image}}' $container); echo $IMAGE; docker logs $container; echo "\n\n" ; done
-
-
-  object-store-primary-summary:
-    runs-on: ubuntu-latest-low
-    needs: [changes,object-store-primary-tests-minio]
-
-    if: always()
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && needs.object-store-primary-tests-minio.result != 'success' }}; then exit 1; fi
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src }}
@@ -74,7 +71,7 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
@@ -99,9 +96,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -131,7 +127,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-oci
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src }}
@@ -70,13 +67,13 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      postgres:
-        image: ghcr.io/nextcloud/continuous-integration-postgres-${{ matrix.postgres-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-postgres-${{ matrix.postgres-versions }}:latest
        ports:
          - 4444:5432/tcp
        env:
@@ -87,9 +84,8 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -121,7 +117,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-postgres
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src }}
@@ -58,7 +55,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.2', '8.3']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.1'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -67,16 +64,15 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

    steps:
      - name: Checkout server
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
@@ -109,7 +105,7 @@ jobs:

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-sqlite
@@ -15,17 +15,12 @@ on:
  schedule:
    - cron: '30 1 * * *'

-permissions:
-  contents: read
-  pull-requests: write
-
 jobs:
  pr-feedback:
-    if: ${{ github.repository_owner == 'nextcloud' }}
    runs-on: ubuntu-latest
    steps:
      - name: The get-github-handles-from-website action
-        uses: marcelklehr/get-github-handles-from-website-action@06b2239db0a48fe1484ba0bfd966a3ab81a08308 # v1.0.1
+        uses: marcelklehr/get-github-handles-from-website-action@a739600f6b91da4957f51db0792697afbb2f143c # v1.0.0
        id: scrape
        with:
          website: 'https://nextcloud.com/team/'
@@ -36,7 +31,7 @@ jobs:
          blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -)
          echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT"

-      - uses: nextcloud/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4 # main
+      - uses: marcelklehr/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4
        with:
          feedback-message: |
            Hello there,
@@ -11,17 +11,12 @@ name: REUSE Compliance Check

 on: [pull_request]

-permissions:
-  contents: read
-
 jobs:
  reuse-compliance-check:
-    runs-on: ubuntu-latest-low
+    runs-on: ubuntu-latest
    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
+    - name: Checkout
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

-      - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0
+    - name: REUSE Compliance Check
+      uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4.0.0
@@ -7,9 +7,6 @@ on:
  schedule:
    - cron: "0 0 * * *"

-permissions:
-  contents: read
-
 jobs:
  stale:
    runs-on: ubuntu-latest
@@ -20,7 +17,7 @@ jobs:
      issues: write

    steps:
-    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9
+    - uses: actions/stale@v9
      with:
        repo-token: ${{ secrets.COMMAND_BOT_PAT }}
        stale-issue-message: >
@@ -30,6 +27,7 @@ jobs:
          for your contributions.
        stale-issue-label: 'stale'
        only-labels: 'needs info'
+        labels-to-remove-when-unstale: 'needs info,stale'
        exempt-issue-labels: '1. to develop,2. developing,3. to review,4. to release,security'
        days-before-stale: 30
        days-before-close: 14
@@ -4,17 +4,6 @@ name: Psalm static code analysis

 on:
  pull_request:
-  push:
-    branches:
-      - main
-      - master
-      - stable*
-    paths:
-      - '.github/workflows/static-code-analysis.yml'
-      - '**.php'
-
-permissions:
-  contents: read

 concurrency:
  group: static-code-analysis-${{ github.head_ref || github.run_id }}
@@ -24,20 +13,19 @@ jobs:
  static-code-analysis:
    runs-on: ubuntu-latest

-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
+    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: '8.1'
-          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
          coverage: none
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -50,7 +38,7 @@ jobs:

      - name: Show potential changes in Psalm baseline
        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
+        run: git diff -- . ':!lib/composer'

      - name: Upload Analysis results to GitHub
        if: always()
@@ -61,51 +49,45 @@ jobs:
  static-code-analysis-security:
    runs-on: ubuntu-latest

-    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
-
    steps:
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: '8.1'
-          extensions: ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          extensions: ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
          coverage: none

      - name: Composer install
        run: composer i

      - name: Psalm taint analysis
-        run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis --ignore-baseline
+        run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis

      - name: Upload Security Analysis results to GitHub
        if: always()
-        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3
+        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

  static-code-analysis-ocp:
    runs-on: ubuntu-latest

-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
-
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: '8.1'
-          extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
          coverage: none
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -118,4 +100,4 @@ jobs:

      - name: Show potential changes in Psalm baseline
        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
+        run: git diff -- . ':!lib/composer'
@@ -7,9 +7,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 jobs:
  update-ca-certificate-bundle:
    runs-on: ubuntu-latest
@@ -17,14 +14,13 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        branches: ['master', 'stable29',  'stable28',  'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']
+        branches: ['master', 'stable30', 'stable29',  'stable28',  'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']

    name: update-ca-certificate-bundle-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          ref: ${{ matrix.branches }}
          submodules: true

@@ -32,7 +28,7 @@ jobs:
        run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update CA certificate bundle'
@@ -7,9 +7,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 jobs:
  update-code-signing-crl:
    runs-on: ubuntu-latest
@@ -17,14 +14,13 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        branches: ['master', 'stable29',  'stable28',  'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']
+        branches: ['master', 'stable30', 'stable29',  'stable28',  'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']

    name: update-code-signing-crl-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          ref: ${{ matrix.branches }}
          submodules: true

@@ -35,7 +31,7 @@ jobs:
        run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update code signing revocation list'
@@ -0,0 +1,52 @@
+# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+name: Auto approve psalm baseline update
+
+on:
+  pull_request_target:
+    branches:
+      - main
+      - master
+      - stable*
+
+permissions:
+  contents: read
+
+concurrency:
+  group: update-psalm-baseline-approve-merge-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  auto-approve-merge:
+    if: github.actor == 'nextcloud-command'
+    runs-on: ubuntu-latest-low
+    permissions:
+      # for hmarr/auto-approve-action to approve PRs
+      pull-requests: write
+      # for alexwilson/enable-github-automerge-action to approve PRs
+      contents: write
+
+    steps:
+      - name: Disabled on forks
+        if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
+        run: |
+          echo 'Can not approve PRs from forks'
+          exit 1
+
+      - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
+        id: branchname
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # GitHub actions bot approve
+      - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
+        if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline')
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # Enable GitHub auto merge
+      - name: Auto merge
+        uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # main
+        if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline')
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+name: Update Psalm baseline
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "5 2 * * *"
+
+jobs:
+  update-psalm-baseline:
+    runs-on: ubuntu-latest
+
+    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        branches: ['master', 'stable30', 'stable29', 'stable28']
+
+    name: update-psalm-baseline-${{ matrix.branches }}
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          ref: ${{ matrix.branches }}
+          submodules: true
+
+      - name: Set up php
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+        with:
+          php-version: '8.1'
+          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          coverage: none
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Composer install
+        run: composer install
+
+      - name: Psalm
+        run: composer run psalm:ci -- --monochrome --no-progress --output-format=text --update-baseline
+        continue-on-error: true
+
+      - name: Psalm OCP
+        run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline
+        continue-on-error: true
+
+      - name: Reset composer
+        run: |
+          git clean -f lib/composer
+          git checkout composer.json composer.lock lib/composer
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          commit-message: 'chore(tests): Update psalm baseline'
+          committer: GitHub <noreply@github.com>
+          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
+          signoff: true
+          branch: 'automated/noid/${{ matrix.branches }}-update-psalm-baseline'
+          title: '[${{ matrix.branches }}] Update psalm-baseline.xml'
+          body: |
+            Auto-generated update psalm-baseline.xml with fixed psalm warnings
+          labels: |
+            automated pr
+            3. to review
+          team-reviewers: server-backend
@@ -1,69 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-name: Update PRs titles on stable branches
-
-on:
-  pull_request:
-    types: [opened, edited]
-    branches:
-      - "stable*"
-
-concurrency:
-  group: stable-pr-title-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  update-pr-title:
-    runs-on: ubuntu-latest-low
-    permissions:
-      pull-requests: write
-      contents: read
-
-    steps:
-      - name: Wait for potential title edits
-        run: sleep 15
-
-      - name: Get PR details and update title
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const { data: pr } = await github.rest.pulls.get({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-            });
-
-            const baseBranch = pr.base.ref;
-            const currentTitle = pr.title;
-
-            // Check if this is a stable branch
-            // Should not happen as we only trigger on stable* branches 🤷‍♀️
-            if (!baseBranch.startsWith('stable')) {
-              console.log(`Not a stable branch: ${baseBranch}`);
-              return;
-            }
-
-            const prefix = `[${baseBranch}]`;
-
-            // Check if title already has the correct prefix and no other stable tags
-            const correctTagRegex = new RegExp(`^\\[${baseBranch}\\]\\s*`);
-            const hasOtherStableTags = /\[stable[\d.]*\]/.test(currentTitle.replace(correctTagRegex, ''));
-
-            if (correctTagRegex.test(currentTitle) && !hasOtherStableTags) {
-              console.log(`Title already has correct prefix only: ${currentTitle}`);
-              return;
-            }
-
-            // Remove all stable tags and add the correct one
-            const cleanTitle = currentTitle.replace(/\[stable[\d.]*\]\s*/g, '').trim();
-            const newTitle = `${prefix} ${cleanTitle}`;
-
-            console.log(`Updating title from: "${currentTitle}" to: "${newTitle}"`);
-
-            await github.rest.pulls.update({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-              title: newTitle,
-            });
@@ -182,5 +182,3 @@ core/js/mimetypelist.js
 cypress/downloads
 cypress/snapshots
 cypress/videos
-
-/.direnv
@@ -49,8 +49,8 @@
    </Else>
  </FilesMatch>

-  # Let browsers cache OTF and WOFF files for a week
-  <FilesMatch "\.(otf|woff2?)$">
+  # Let browsers cache WOFF files for a week
+  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
 </IfModule>
@@ -103,15 +103,7 @@
 #  - https://docs.cyberduck.io/mountainduck/issues/fastcgi/
 #  - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav
 <IfModule mod_setenvif.c>
-  SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
-</IfModule>
-
-# Apache disabled the sending of the server-side content-length header
-# in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
-# Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
-# See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
-<IfModule mod_env.c>
-  SetEnv ap_trust_cgilike_cl
+  SetEnvIf Transfer-Encoding "chunked" proxy-sendcl=1
 </IfModule>

 AddDefaultCharset utf-8
@@ -619,7 +619,6 @@
 - szaimen <szaimen@e.mail.de>
 - tbartenstein <tbartenstein@users.noreply.github.com>
 - tbelau666 <thomas.belau@gmx.de>
- - TechnicalSuwako <suwako@076.moe>
 - tgrant <tom.grant760@gmail.com>
 - timm2k <timm2k@gmx.de>
 - tux-rampage <tux-rampage@users.noreply.github.com>
@@ -6,4 +6,4 @@ and our products: “Nextcloud Files”; “Nextcloud Groupware” and “Nextcl
 This set of marks is collectively referred to as the “Nextcloud marks.”

 Use of Nextcloud logos and other marks is only permitted under the guidelines provided by the Nextcloud GmbH.
-A copy can be found at https://nextcloud.com/trademarks/
+A copy can be found at https://discord.com/branding
@@ -5,8 +5,8 @@
 -->
 # Nextcloud Server ☁
 [![REUSE status](https://api.reuse.software/badge/github.com/nextcloud/server)](https://api.reuse.software/info/github.com/nextcloud/server)
-[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/nextcloud/server/badges/quality-score.png?b=stable30)](https://scrutinizer-ci.com/g/nextcloud/server/?branch=stable30)
-[![codecov](https://codecov.io/gh/nextcloud/server/branch/stable30/graph/badge.svg)](https://codecov.io/gh/nextcloud/server)
+[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/nextcloud/server/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/nextcloud/server/?branch=master)
+[![codecov](https://codecov.io/gh/nextcloud/server/branch/master/graph/badge.svg)](https://codecov.io/gh/nextcloud/server)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/209/badge)](https://bestpractices.coreinfrastructure.org/projects/209)
 [![Design](https://contribute.design/api/shield/nextcloud/server)](https://contribute.design/nextcloud/server)

@@ -74,6 +74,10 @@ Otherwise, git checkouts can be handled the same as release archives, by using t

 - Comment on a pull request with `/update-3rdparty` to update the 3rd party submodule. It will update to the last commit of the 3rd party branch named like the PR target.

+#### Ignore code style updates in git blame
+
+`git config blame.ignoreRevsFile .git-blame-ignore-revs`
+
 ## Contribution guidelines 📜

 All contributions to this repository from June 16, 2016, and onward are considered to be
@@ -1,19 +0,0 @@
-/**
- * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-import FixedJSDOMEnvironment from 'jest-fixed-jsdom'
-
-// https://github.com/facebook/jest/blob/v29.4.3/website/versioned_docs/version-29.4/Configuration.md#testenvironment-string
-export default class FixJSDOMEnvironment extends FixedJSDOMEnvironment {
-
-	constructor(...args: ConstructorParameters<typeof FixedJSDOMEnvironment>) {
-		super(...args)
-
-		// https://github.com/jsdom/jsdom/issues/3363
-		// 31 ad above switched to vitest and don't have that issue
-		// @ts-expect-error see JSDOMEnvironment
-		this.global.structuredClone = structuredClone
-	}
-
-}
@@ -1,12 +0,0 @@
-/**
- * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-import '@testing-library/jest-dom'
-
-// Mock `window.location` with Jest spies and extend expect
-import 'jest-location-mock'
-
-// Mock `window.fetch` with Jest
-import 'jest-fetch-mock'
@@ -2,9 +2,12 @@
 * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
+import { beforeEach } from 'vitest'

 window.OC = { ...window.OC }
 window.OCA = { ...window.OCA }
 window.OCP = { ...window.OCP }

-window._oc_webroot = ''
+beforeEach(() => {
+	window.location = new URL('http://nextcloud.local')
+})
@@ -0,0 +1,5 @@
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: CC0-1.0
+ */
+import '@testing-library/jest-dom/vitest'
@@ -1,6 +0,0 @@
-{
-	"extends": "../tsconfig.json",
-	"compilerOptions": {
-		"verbatimModuleSyntax": false
-	}
-}
@@ -10,7 +10,7 @@
 	<name>Auditing / Logging</name>
 	<summary>Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions.</summary>
 	<description>Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions.</description>
-	<version>1.20.0</version>
+	<version>1.21.0</version>
 	<licence>agpl</licence>
 	<author>Nextcloud</author>
 	<namespace>AdminAudit</namespace>
@@ -20,7 +20,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/server/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="30" max-version="30"/>
+		<nextcloud min-version="31" max-version="31"/>
 	</dependencies>
 	<background-jobs>
 		<job>OCA\AdminAudit\BackgroundJobs\Rotate</job>
@@ -1,7 +0,0 @@
-OC.L10N.register(
-    "admin_audit",
-    {
-    "Auditing / Logging" : "Аўдыт / Журнал",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Прадастаўляе магчымасці вядзення журнала дзенняў для Nextcloud, такіх як доступ да файлаў або іншых канфідэнцыйных дзеянняў."
-},
-"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);");
@@ -1,5 +0,0 @@
-{ "translations": {
-    "Auditing / Logging" : "Аўдыт / Журнал",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Прадастаўляе магчымасці вядзення журнала дзенняў для Nextcloud, такіх як доступ да файлаў або іншых канфідэнцыйных дзеянняў."
-},"pluralForm" :"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);"
-}
@@ -1,7 +1,7 @@
 OC.L10N.register(
    "admin_audit",
    {
-    "Auditing / Logging" : "Одитиране / Регистри на действията",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Предоставя възможности за създаване на регистри на действията в \"Nextcloud\", като например кой е осъществил достъп до файл или други действия."
+    "Auditing / Logging" : "Одитиране/създаване на регистри",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Предоставя възможности за регистриране в Nextcloud, като например достъп до файлове за регистриране или други чувствителни действия."
 },
 "nplurals=2; plural=(n != 1);");
@@ -1,5 +1,5 @@
 { "translations": {
-    "Auditing / Logging" : "Одитиране / Регистри на действията",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Предоставя възможности за създаване на регистри на действията в \"Nextcloud\", като например кой е осъществил достъп до файл или други действия."
+    "Auditing / Logging" : "Одитиране/създаване на регистри",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Предоставя възможности за регистриране в Nextcloud, като например достъп до файлове за регистриране или други чувствителни действия."
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
@@ -1,6 +0,0 @@
-OC.L10N.register(
-    "admin_audit",
-    {
-    "Auditing / Logging" : "Aodit / Kerzhlevr"
-},
-"nplurals=5; plural=((n%10 == 1) && (n%100 != 11) && (n%100 !=71) && (n%100 !=91) ? 0 :(n%10 == 2) && (n%100 != 12) && (n%100 !=72) && (n%100 !=92) ? 1 :(n%10 ==3 || n%10==4 || n%10==9) && (n%100 < 10 || n% 100 > 19) && (n%100 < 70 || n%100 > 79) && (n%100 < 90 || n%100 > 99) ? 2 :(n != 0 && n % 1000000 == 0) ? 3 : 4);");
@@ -1,4 +0,0 @@
-{ "translations": {
-    "Auditing / Logging" : "Aodit / Kerzhlevr"
-},"pluralForm" :"nplurals=5; plural=((n%10 == 1) && (n%100 != 11) && (n%100 !=71) && (n%100 !=91) ? 0 :(n%10 == 2) && (n%100 != 12) && (n%100 !=72) && (n%100 !=92) ? 1 :(n%10 ==3 || n%10==4 || n%10==9) && (n%100 < 10 || n% 100 > 19) && (n%100 < 70 || n%100 > 79) && (n%100 < 90 || n%100 > 99) ? 2 :(n != 0 && n % 1000000 == 0) ? 3 : 4);"
-}
@@ -2,6 +2,6 @@ OC.L10N.register(
    "admin_audit",
    {
    "Auditing / Logging" : "Ekzamenado / Protokolado",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Ebligas protokoladon, ekzemple protokolado de aliroj al dosieroj aŭ aliaj delikataj agoj."
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Provizi protokolado-kapablojn por Nextcloud, kiel ekzemple protokolado de aliroj al dosieroj aŭ aliaj delikataj agoj."
 },
 "nplurals=2; plural=(n != 1);");
@@ -1,5 +1,5 @@
 { "translations": {
    "Auditing / Logging" : "Ekzamenado / Protokolado",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Ebligas protokoladon, ekzemple protokolado de aliroj al dosieroj aŭ aliaj delikataj agoj."
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Provizi protokolado-kapablojn por Nextcloud, kiel ekzemple protokolado de aliroj al dosieroj aŭ aliaj delikataj agoj."
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }
@@ -1,7 +1,6 @@
 OC.L10N.register(
    "admin_audit",
    {
-    "Auditing / Logging" : "Auditoría / Registros",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Proporciona capacidades de registro para Nextcloud, como el registro de accesos a archivos o acciones sensibles."
+    "Auditing / Logging" : "Auditoría / Registros"
 },
 "nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
@@ -1,5 +1,4 @@
 { "translations": {
-    "Auditing / Logging" : "Auditoría / Registros",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Proporciona capacidades de registro para Nextcloud, como el registro de accesos a archivos o acciones sensibles."
+    "Auditing / Logging" : "Auditoría / Registros"
 },"pluralForm" :"nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
@@ -1,7 +1,7 @@
 OC.L10N.register(
    "admin_audit",
    {
-    "Auditing / Logging" : "Pengauditan/Pencatatan",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kemampuan pencatatan untuk Nextcloud, misalnya pencatatan akses file atau tindakan sensitif lainnya."
+    "Auditing / Logging" : "Pemeriksaan / Pencatatan",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kemampuan pencatatan untuk Nextcloud seperti pencatatan akses berkas atau tindakan sensitif lainnya."
 },
 "nplurals=1; plural=0;");
@@ -1,5 +1,5 @@
 { "translations": {
-    "Auditing / Logging" : "Pengauditan/Pencatatan",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kemampuan pencatatan untuk Nextcloud, misalnya pencatatan akses file atau tindakan sensitif lainnya."
+    "Auditing / Logging" : "Pemeriksaan / Pencatatan",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kemampuan pencatatan untuk Nextcloud seperti pencatatan akses berkas atau tindakan sensitif lainnya."
 },"pluralForm" :"nplurals=1; plural=0;"
 }
@@ -1,7 +0,0 @@
-OC.L10N.register(
-    "admin_audit",
-    {
-    "Auditing / Logging" : "Auditēšana / Žurnalizēšana",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Nodrošina Nextcloud žurnalēšanas spējas, piemēram, datņu piekļuves žurnalēšanu vai citas jūtīgas darbības."
-},
-"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);");
@@ -1,5 +0,0 @@
-{ "translations": {
-    "Auditing / Logging" : "Auditēšana / Žurnalizēšana",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Nodrošina Nextcloud žurnalēšanas spējas, piemēram, datņu piekļuves žurnalēšanu vai citas jūtīgas darbības."
-},"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);"
-}
@@ -1,7 +0,0 @@
-OC.L10N.register(
-    "admin_audit",
-    {
-    "Auditing / Logging" : "Pengauditan / Pengelogan",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kebolehan pengelogan untuk Nextcloud seperti akses fail log atau tindakan sensitif."
-},
-"nplurals=1; plural=0;");
@@ -1,5 +0,0 @@
-{ "translations": {
-    "Auditing / Logging" : "Pengauditan / Pengelogan",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Menyediakan kebolehan pengelogan untuk Nextcloud seperti akses fail log atau tindakan sensitif."
-},"pluralForm" :"nplurals=1; plural=0;"
-}
@@ -2,6 +2,6 @@ OC.L10N.register(
    "admin_audit",
    {
    "Auditing / Logging" : "Auditoria / Registro",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece recursos de registro para o Nextcloud, como acessos a arquivos de registro ou outras ações sensíveis."
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece habilidades de registro para o NextCloud, como acessos de arquivo de log ou ações sensíveis."
 },
 "nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
@@ -1,5 +1,5 @@
 { "translations": {
    "Auditing / Logging" : "Auditoria / Registro",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece recursos de registro para o Nextcloud, como acessos a arquivos de registro ou outras ações sensíveis."
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece habilidades de registro para o NextCloud, como acessos de arquivo de log ou ações sensíveis."
 },"pluralForm" :"nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
@@ -1,7 +1,7 @@
 OC.L10N.register(
    "admin_audit",
    {
-    "Auditing / Logging" : "Auditorias / registos",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece funcionalidades de registo para o Nextcloud como registar acessos a ficheiros ou outras ações sensíveis. "
+    "Auditing / Logging" : "Auditorias / Registos",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece funcionalidades de registo para o Nextcloud como registar acessos a ficheiros ou demais ações sensíveis. "
 },
 "nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;");
@@ -1,5 +1,5 @@
 { "translations": {
-    "Auditing / Logging" : "Auditorias / registos",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece funcionalidades de registo para o Nextcloud como registar acessos a ficheiros ou outras ações sensíveis. "
+    "Auditing / Logging" : "Auditorias / Registos",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Fornece funcionalidades de registo para o Nextcloud como registar acessos a ficheiros ou demais ações sensíveis. "
 },"pluralForm" :"nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;"
 }
@@ -1,7 +0,0 @@
-OC.L10N.register(
-    "admin_audit",
-    {
-    "Auditing / Logging" : "Praćenje / Beleženje",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Daje Nextcloudu mogućnost beleženja, poput pristupa fajlovima ili drugih osetljivih radnji."
-},
-"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);");
@@ -1,5 +0,0 @@
-{ "translations": {
-    "Auditing / Logging" : "Praćenje / Beleženje",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Daje Nextcloudu mogućnost beleženja, poput pristupa fajlovima ili drugih osetljivih radnji."
-},"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"
-}
@@ -1,7 +0,0 @@
-OC.L10N.register(
-    "admin_audit",
-    {
-    "Auditing / Logging" : "Ukaguzi/kuweka kumbukumbu",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Hutoa uwezo wa kuweka kumbukumbu kwa Nextcloud kama vile ufikiaji wa faili za kumbukumbu au vitendo nyeti."
-},
-"nplurals=2; plural=(n != 1);");
@@ -1,5 +0,0 @@
-{ "translations": {
-    "Auditing / Logging" : "Ukaguzi/kuweka kumbukumbu",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Hutoa uwezo wa kuweka kumbukumbu kwa Nextcloud kama vile ufikiaji wa faili za kumbukumbu au vitendo nyeti."
-},"pluralForm" :"nplurals=2; plural=(n != 1);"
-}
@@ -1,7 +0,0 @@
-OC.L10N.register(
-    "admin_audit",
-    {
-    "Auditing / Logging" : "ئىقتىسادىي تەپتىش / خاتىرىلەش",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Nextcloud غا تىزىمغا كىرىش ئىقتىدارى بىلەن تەمىنلەيدۇ ، مەسىلەن ھۆججەتلەرنى زىيارەت قىلىش ياكى باشقا سەزگۈر ھەرىكەتلەر."
-},
-"nplurals=2; plural=(n != 1);");
@@ -1,5 +0,0 @@
-{ "translations": {
-    "Auditing / Logging" : "ئىقتىسادىي تەپتىش / خاتىرىلەش",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Nextcloud غا تىزىمغا كىرىش ئىقتىدارى بىلەن تەمىنلەيدۇ ، مەسىلەن ھۆججەتلەرنى زىيارەت قىلىش ياكى باشقا سەزگۈر ھەرىكەتلەر."
-},"pluralForm" :"nplurals=2; plural=(n != 1);"
-}
@@ -1,7 +0,0 @@
-OC.L10N.register(
-    "admin_audit",
-    {
-    "Auditing / Logging" : "Audit / Kirish",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Next bulut uchun tizimga kirish qobiliyatini ta'minlaydi, masalan, faylga kirish yoki boshqa sezgir harakatlar."
-},
-"nplurals=1; plural=0;");
@@ -1,5 +0,0 @@
-{ "translations": {
-    "Auditing / Logging" : "Audit / Kirish",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Next bulut uchun tizimga kirish qobiliyatini ta'minlaydi, masalan, faylga kirish yoki boshqa sezgir harakatlar."
-},"pluralForm" :"nplurals=1; plural=0;"
-}
@@ -1,7 +1,7 @@
 OC.L10N.register(
    "admin_audit",
    {
-    "Auditing / Logging" : "Kiểm tra / Nhật ký",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác."
+    "Auditing / Logging" : "‎Kiểm tra / Nhật ký‎",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "‎Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác.‎"
 },
 "nplurals=1; plural=0;");
@@ -1,5 +1,5 @@
 { "translations": {
-    "Auditing / Logging" : "Kiểm tra / Nhật ký",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác."
+    "Auditing / Logging" : "‎Kiểm tra / Nhật ký‎",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "‎Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác.‎"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
@@ -1,7 +1,7 @@
 OC.L10N.register(
    "admin_audit",
    {
-    "Auditing / Logging" : "稽核/記錄",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "提供 Nextcloud 的記錄功能，例如紀錄檔存取，或其他敏感操作。"
+    "Auditing / Logging" : "稽核／記錄",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "提供 Nextcloud 的記錄功能，例如記錄檔存取或其他敏感操作。"
 },
 "nplurals=1; plural=0;");
@@ -1,5 +1,5 @@
 { "translations": {
-    "Auditing / Logging" : "稽核/記錄",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "提供 Nextcloud 的記錄功能，例如紀錄檔存取，或其他敏感操作。"
+    "Auditing / Logging" : "稽核／記錄",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "提供 Nextcloud 的記錄功能，例如記錄檔存取或其他敏感操作。"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
--- a/Show More
+++ b/Show More