Merge pull request #47926 from nextcloud/release/30.0.0

build(hub): 30.0.0
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-09-12 20:58:53 +02:00 · 2024-09-12 16:21:07 +02:00 · 2024-09-12 14:44:24 +02:00 · 2024-09-12 13:16:05 +02:00 · 2024-09-12 11:23:31 +02:00 · 2024-09-12 09:08:22 +00:00
11924 changed files with 444977 additions and 620778 deletions
@@ -4,35 +4,33 @@ ARG DEBIAN_FRONTEND=noninteractive

 # PHP
 RUN apt-get update -y && \
-    apt install -y apache2 vim software-properties-common sudo nano gnupg2 wget curl git \
-    lsb-release ca-certificates apt-transport-https && \
-    add-apt-repository ppa:ondrej/php -y && \
-    apt-get update -y
+    apt install -y apache2 vim software-properties-common sudo nano gnupg2

 RUN apt-get install --no-install-recommends -y \
-    php8.4 \
-    php8.4-common \
-    php8.4-gd \
-    php8.4-zip \
-    php8.4-curl \
-    php8.4-xml \
-    php8.4-xmlrpc \
-    php8.4-mbstring \
-    php8.4-sqlite \
-    php8.4-xdebug \
-    php8.4-pgsql \
-    php8.4-intl \
-    php8.4-imagick \
-    php8.4-gmp \
-    php8.4-apcu \
-    php8.4-bcmath \
-    php8.4-redis \
-    php8.4-soap \
-    php8.4-imap \
-    php8.4-opcache \
-    php8.4-cli \
-    php8.4-dev \
+    php8.3 \
+    php8.3-common \
+    php8.3-gd \
+    php8.3-zip \
+    php8.3-curl \
+    php8.3-xml \
+    php8.3-xmlrpc \
+    php8.3-mbstring \
+    php8.3-sqlite \
+    php8.3-xdebug \
+    php8.3-pgsql \
+    php8.3-intl \
+    php8.3-imagick \
+    php8.3-gmp \
+    php8.3-apcu \
+    php8.3-bcmath \
+    php8.3-redis \
+    php8.3-soap \
+    php8.3-imap \
+    php8.3-opcache \
+    php8.3-cli \
+    php8.3-dev \
    libmagickcore-6.q16-7-extra \
+    curl \
    lsof \
    make \
 	unzip
@@ -44,39 +42,39 @@ RUN curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php && \
    php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer && \
    rm /tmp/composer-setup.php /tmp/composer-setup.sig

-RUN echo "xdebug.remote_enable = 1" >> /etc/php/8.4/cli/conf.d/20-xdebug.ini && \
-    echo "xdebug.remote_autostart = 1" >> /etc/php/8.4/cli/conf.d/20-xdebug.ini && \
-	echo "apc.enable_cli=1" >> /etc/php/8.4/cli/conf.d/20-apcu.ini
+RUN echo "xdebug.remote_enable = 1" >> /etc/php/8.3/cli/conf.d/20-xdebug.ini && \
+    echo "xdebug.remote_autostart = 1" >> /etc/php/8.3/cli/conf.d/20-xdebug.ini && \
+	echo "apc.enable_cli=1" >> /etc/php/8.3/cli/conf.d/20-apcu.ini

 # Autostart XDebug for apache
 RUN { \
 	echo "xdebug.mode=debug"; \
 	echo "xdebug.start_with_request=yes"; \
-} >> /etc/php/8.4/apache2/conf.d/20-xdebug.ini
+} >> /etc/php/8.3/apache2/conf.d/20-xdebug.ini

 # Increase PHP memory limit to 512mb
-RUN sed -i 's/memory_limit = .*/memory_limit = 512M/' /etc/php/8.4/apache2/php.ini
+RUN sed -i 's/memory_limit = .*/memory_limit = 512M/' /etc/php/8.3/apache2/php.ini

-# Docker CLI only (for controlling host Docker via socket)
-RUN install -m 0755 -d /etc/apt/keyrings && \
-    curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \
-    chmod a+r /etc/apt/keyrings/docker.asc && \
-    echo \
-        "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
-        $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
-        tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+# Docker
+RUN apt-get -y install \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    gnupg-agent \
+    software-properties-common && \
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
+    add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable" && \
    apt-get update -y && \
-    apt-get install -y docker-ce-cli && \
+    apt-get install -y docker-ce docker-ce-cli containerd.io && \
    ln -s /var/run/docker-host.sock /var/run/docker.sock

 # Dedicated DevContainer user runs Apache
 ENV APACHE_RUN_USER=devcontainer
 ENV APACHE_RUN_GROUP=devcontainer
-# Delete any existing user/group with UID/GID 1000 first
-RUN (getent passwd 1000 && userdel -r $(getent passwd 1000 | cut -d: -f1)) || true && \
-    (getent group 1000 && groupdel $(getent group 1000 | cut -d: -f1)) || true && \
-    groupadd -g 1000 ${APACHE_RUN_GROUP} && \
-    useradd -u 1000 -g 1000 -ms /bin/bash ${APACHE_RUN_USER} && \
+RUN useradd -ms /bin/bash ${APACHE_RUN_USER} && \
 	adduser ${APACHE_RUN_USER} sudo && \
 	echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
 	sed -ri "s/^export APACHE_RUN_USER=.*$/export APACHE_RUN_USER=${APACHE_RUN_USER}/" "/etc/apache2/envvars" && \
@@ -86,6 +84,6 @@ USER devcontainer

 # NVM
 RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
-RUN bash --login -i -c 'source /home/devcontainer/.bashrc && nvm install 22'
+RUN bash --login -i -c 'source /home/devcontainer/.bashrc && nvm install 16'

 WORKDIR /var/www/html
@@ -1,5 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: AGPL-3.0-or-later
+version: '3'
 services:
  nextclouddev:
    build: .
@@ -5,9 +5,4 @@
 #
 # Set git safe.directory
 git config --global --add safe.directory /var/www/html
-git config --global --add safe.directory /var/www/html/3rdparty
-
-# Ensure devcontainer user has access to docker socket
-if [ -S /var/run/docker.sock ]; then
-    sudo chmod 666 /var/run/docker.sock
-fi
+git config --global --add safe.directory /var/www/html/3rdparty
@@ -13,6 +13,10 @@ indent_style = tab
 insert_final_newline = true
 trim_trailing_whitespace = true

+[*.feature]
+indent_size = 2
+indent_style = space
+
 [*.yml]
 indent_size = 2
 indent_style = space
@@ -1,3 +0,0 @@
-watch_file lib/versioncheck.php
-watch_file package.json
-use flake
@@ -0,0 +1,14 @@
+# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# Ignoring folders for eslint
+node_modules/
+3rdparty/
+**/vendor/
+**/l10n/
+**/js/*
+*.config.js
+tests/lib/
+apps-extra
+
+# TODO: remove when comments files is not using handlebar templates anymore
+apps/comments/src/templates.js
@@ -0,0 +1,48 @@
+/**
+ * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+module.exports = {
+	globals: {
+		__webpack_nonce__: true,
+		_: true,
+		$: true,
+		dayNames: true,
+		escapeHTML: true,
+		firstDay: true,
+		moment: true,
+		oc_userconfig: true,
+		sinon: true,
+	},
+	plugins: [
+		'cypress',
+	],
+	extends: [
+		'@nextcloud/eslint-config/typescript',
+		'plugin:cypress/recommended',
+	],
+	rules: {
+		'no-tabs': 'warn',
+		// TODO: make sure we fix this as this is bad vue coding style.
+		// Use proper sync modifier
+		'vue/no-mutating-props': 'warn',
+		'vue/custom-event-name-casing': ['error', 'kebab-case', {
+			// allows custom xxxx:xxx events formats
+			ignores: ['/^[a-z]+(?:-[a-z]+)*:[a-z]+(?:-[a-z]+)*$/u'],
+		}],
+	},
+	settings: {
+		jsdoc: {
+			mode: 'typescript',
+		},
+	},
+	overrides: [
+		// Allow any in tests
+		{
+			files: ['**/*.spec.ts'],
+			rules: {
+				'@typescript-eslint/no-explicit-any': 'warn',
+			},
+		}
+	],
+}
@@ -1,25 +0,0 @@
-# .git-blame-ignore-revs
-
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# Format control structures
-caff1023ea72bb2ea94130e18a2a6e2ccf819e5f
-# Update to coding-standard 1.1.1
-aa5f037af71c915424c6dcfd5ad2dc82797dc0d6
-# Update to coding-standard 1.2.3
-af6de04e9e141466dc229e444ff3f146f4a34765
-0bd284cb81b6866338aaaa67aa1d81ef9bfbb2ab
-8af7ecb2576071f170ecbb0aa2311b26581e40e2
-# Update to coding-standard 1.3.1
-9836e9b16484582d309c8437ab46d82e34956941
-# Automated refactorings
-49dd79eabb2b8902559a7a4e8f8fcad54f46b604
-# @nextcloud/vue import paths
-b06f5ba4c47450f355a8903c1a93ac68e8c6cfc2
-# Update to coding-standard 1.4.0
-5981b7eb512aa411f51cad541d01c5c6e93476f0
-# Migrate `and` `or` operators to logical `&&` `||` operators
-660f3f6fd1ae5539b8f74bfa48859d1b9f1e6abf
-# Migrate to ESLint v9 enforced code style
-91f3b6b4ee60e0f8bb6e21f92d5bc52e4cebe657
@@ -1,111 +1,72 @@
-# Fallback owners for code review - ensure all PRs have someone assigned for review.
-# (the last match will used so this is only used if there is no more specific code owner below)
-
-# Backend
-# is the first and gets everything to make things easier from matching syntax
-*                                             @nextcloud/server-backend
-
-# Frontend
-# this will override the backend code owners if needed
-/__mocks__                                    @nextcloud/server-frontend
-/__tests__                                    @nextcloud/server-frontend
-/dist                                         @nextcloud/server-frontend
-/cypress                                      @nextcloud/server-frontend
-**/css                                        @nextcloud/server-frontend
-**/js                                         @nextcloud/server-frontend
-**/src                                        @nextcloud/server-frontend
-*.js                                          @nextcloud/server-frontend
-*.cjs                                         @nextcloud/server-frontend
-*.mjs                                         @nextcloud/server-frontend
-*.ts                                          @nextcloud/server-frontend
-
-# dependency management
-package.json                                  @nextcloud/server-dependabot @nextcloud/server-frontend
-package-lock.json                             @nextcloud/server-dependabot
-
 # App maintainers
 /apps/admin_audit/appinfo/info.xml            @luka-nextcloud @blizzz
-/apps/cloud_federation_api/appinfo/info.xml   @nfebe @mejo-
-/apps/comments/appinfo/info.xml               @edward-ly @sorbaugh
-/apps/contactsinteraction/appinfo/info.xml    @kesselb @SebastianKrupinski
-/apps/contactsinteraction/lib                 @kesselb @SebastianKrupinski
-/apps/contactsinteraction/tests               @kesselb @SebastianKrupinski
-/apps/dashboard/appinfo/info.xml              @julien-nc @juliusknorr
-/apps/dav/lib/CalDAV                          @ChristophWurst @SebastianKrupinski @tcitworld
-/apps/dav/lib/CardDAV                         @hamza221 @SebastianKrupinski
-/apps/dav/tests/unit/CalDAV                   @ChristophWurst @SebastianKrupinski @tcitworld
-/apps/dav/tests/unit/CardDAV                  @hamza221 @SebastianKrupinski
+/apps/cloud_federation_api/appinfo/info.xml   @mejo-
+/apps/comments/appinfo/info.xml               @edward-ly @Pytal
+/apps/contactsinteraction/appinfo/info.xml    @kesselb @miaulalala @ChristophWurst @GretaD @hamza221 @st3iny
+/apps/dashboard/appinfo/info.xml              @julien-nc @juliushaertl
+/apps/dav/lib/CalDAV                          @ChristophWurst @miaulalala @tcitworld
+/apps/dav/lib/CardDAV                         @ChristophWurst @miaulalala @tcitworld
 /apps/encryption/appinfo/info.xml             @come-nc @icewind1991
 /apps/federatedfilesharing/appinfo/info.xml   @icewind1991 @danxuliu
-/apps/federation/appinfo/info.xml             @nfebe @sorbaugh
-/apps/files/appinfo/info.xml                  @skjnldsv @ArtificialOwl @come-nc @artonge @icewind1991 @szaimen @susnux @nfebe
+/apps/federation/appinfo/info.xml             @datenangebot
+/apps/files/appinfo/info.xml                  @skjnldsv @Pytal @ArtificialOwl @come-nc @artonge @icewind1991 @szaimen @susnux @Fenn-CS
 /apps/files_external/appinfo/info.xml         @icewind1991 @artonge
-/apps/files_reminders/appinfo/info.xml        @skjnldsv @sorbaugh
+/apps/files_reminders/appinfo/info.xml        @Pytal
 /apps/files_sharing/appinfo/info.xml          @skjnldsv @come-nc
-/apps/files_trashbin/appinfo/info.xml         @icewind1991 @sorbaugh
+/apps/files_trashbin/appinfo/info.xml         @Pytal @icewind1991
 /apps/files_versions/appinfo/info.xml         @artonge @icewind1991
 /apps/oauth2/appinfo/info.xml                 @julien-nc @ChristophWurst
 /apps/provisioning_api/appinfo/info.xml       @provokateurin @nickvergessen
-/apps/settings/appinfo/info.xml               @JuliaKirschenheuter @sorbaugh
-/apps/sharebymail/appinfo/info.xml            @Altahrim @skjnldsv
+/apps/settings/appinfo/info.xml               @Pytal @JuliaKirschenheuter
+/apps/sharebymail/appinfo/info.xml            @Altahrim
 /apps/systemtags/appinfo/info.xml             @Antreesy @marcelklehr
-/apps/theming/appinfo/info.xml                @skjnldsv @juliusknorr
-/apps/twofactor_backupcodes/appinfo/info.xml  @miaulalala @ChristophWurst
-/apps/updatenotification/appinfo/info.xml     @JuliaKirschenheuter @sorbaugh
+/apps/theming/appinfo/info.xml                @skjnldsv @juliushaertl
+/apps/twofactor_backupcodes/appinfo/info.xml  @st3iny @miaulalala @ChristophWurst
+/apps/updatenotification/appinfo/info.xml     @Pytal @JuliaKirschenheuter
 /apps/user_ldap/appinfo/info.xml              @come-nc @blizzz
 /apps/user_status/appinfo/info.xml            @Antreesy @nickvergessen
-/apps/weather_status/appinfo/info.xml         @julien-nc @juliusknorr
+/apps/weather_status/appinfo/info.xml         @julien-nc @juliushaertl
 /apps/webhook_listeners/appinfo/info.xml      @come-nc @julien-nc
-/apps/workflowengine/appinfo/info.xml         @blizzz @juliusknorr
+/apps/workflowengine/appinfo/info.xml         @blizzz @juliushaertl

-# Files frontend expertise
-/apps/files/src*                    @skjnldsv @nextcloud/server-frontend
-/apps/files_external/src*           @skjnldsv @nextcloud/server-frontend
-/apps/files_reminders/src*          @skjnldsv @nextcloud/server-frontend
-/apps/files_sharing/src/actions*    @skjnldsv @nextcloud/server-frontend
-/apps/files_trashbin/src*           @skjnldsv @nextcloud/server-frontend
+# Frontend expertise
+/apps/files/src*                  @skjnldsv
+/apps/files_external/src*         @skjnldsv
+/apps/files_reminders/src*        @skjnldsv
+/apps/files_sharing/src/actions*  @skjnldsv
+/apps/files_trashbin/src*         @skjnldsv

 # Security team
-/build/psalm-baseline-security.xml  @nickvergessen @nextcloud/server-backend
 /resources/codesigning              @mgallien @miaulalala @nickvergessen
-/resources/config/ca-bundle.crt     @miaulalala @nickvergessen
+/resources/config/ca-bundle.crt     @ChristophWurst @miaulalala @nickvergessen
+/.drone.yml                         @nickvergessen

 # Two-Factor Authentication
 # https://github.com/nextcloud/wg-two-factor-authentication#members
-**/TwoFactorAuth                    @ChristophWurst @miaulalala @nickvergessen
-/apps/twofactor_backupcodes         @ChristophWurst @miaulalala @nickvergessen
-/core/templates/twofactor*          @ChristophWurst @miaulalala @nickvergessen
+**/TwoFactorAuth                    @ChristophWurst @miaulalala @nickvergessen @st3iny
+/apps/twofactor_backupcodes         @ChristophWurst @miaulalala @nickvergessen @st3iny
+/core/templates/twofactor*          @ChristophWurst @miaulalala @nickvergessen @st3iny

 # Limit login to IP
 # Watch login routes for https://github.com/nextcloud/limit_login_to_ip
-/core/routes.php                    @Altahrim @nextcloud/server-backend
+/core/routes.php	@Altahrim

 # OpenAPI
-openapi*.json                       @provokateurin @nextcloud/server-backend
-ResponseDefinitions.php             @provokateurin @nextcloud/server-backend
+openapi*.json           @provokateurin
+ResponseDefinitions.php @provokateurin

 # Talk team
-/lib/private/Comments               @nickvergessen @nextcloud/talk-backend
-/lib/private/Federation             @nickvergessen @nextcloud/talk-backend @nextcloud/server-backend
-/lib/private/Talk                   @nickvergessen @nextcloud/talk-backend
-/lib/public/Comments                @nickvergessen @nextcloud/talk-backend
-/lib/public/Federation              @nickvergessen @nextcloud/talk-backend @nextcloud/server-backend
-/lib/public/OCM                     @nickvergessen @nextcloud/talk-backend @nextcloud/server-backend
-/lib/public/Talk                    @nickvergessen @nextcloud/talk-backend
-/lib/public/UserStatus              @nickvergessen @nextcloud/talk-backend
-*/Notifications/*                   @nickvergessen @nextcloud/talk-backend
-
-# Groupware team
-/build/integration/dav_features/caldav.feature            @ChristophWurst @SebastianKrupinski @tcitworld
-/build/integration/dav_features/carddav.feature           @hamza221 @SebastianKrupinski
-/lib/private/Calendar                                     @ChristophWurst @SebastianKrupinski @tcitworld
-/lib/private/Contacts                                     @hamza221 @SebastianKrupinski
-/lib/public/Calendar                                      @ChristophWurst @SebastianKrupinski @tcitworld
-/lib/public/Contacts                                      @hamza221 @SebastianKrupinski
-
-# Desktop client teamn
-/apps/dav/lib/Connector/Sabre/BlockLegacyClientPlugin.php @nextcloud/desktop
+/lib/private/Comments               @nickvergessen
+/lib/private/Federation             @nickvergessen
+/lib/private/Talk                   @nickvergessen
+/lib/public/Comments                @nickvergessen
+/lib/public/Federation              @nickvergessen
+/lib/public/OCM                     @nickvergessen
+/lib/public/Talk                    @nickvergessen
+/lib/public/UserStatus              @nickvergessen

 # Personal interest
-*/Activity/*                                              @nickvergessen @nextcloud/server-backend
-/apps/workflowengine/lib                                  @nickvergessen @blizzz
+*/Activity/*                        @nickvergessen
+*/Notifications/*                   @nickvergessen
+/lib/private/Profiler               @CarlSchwan
+/lib/public/Profiler                @CarlSchwan
@@ -48,7 +48,7 @@ In some areas unit testing is hard (aka almost impossible) as of today - in thes

 ### Sign your work

-We use the Developer Certificate of Origin (DCO) as an additional safeguard
+We use the Developer Certificate of Origin (DCO) as a additional safeguard
 for the Nextcloud project. This is a well established and widely used
 mechanism to assure contributors have confirmed their right to license
 their contribution under the project's license.
@@ -4,7 +4,6 @@ name: "🐛 Bug report: Nextcloud Server"
 description: "Submit a report and help us improve Nextcloud Server"
 title: "[Bug]: "
 labels: ["bug", "0. Needs triage"]
-type: "Bug"
 body:
  - type: markdown
    attributes:
@@ -63,6 +62,22 @@ body:
      description: Describe what you expected to happen instead.
    validations:
      required: true
+  - type: dropdown
+    id: install-method
+    attributes:
+      label: Installation method
+      description: |
+        Select installation method you've used.
+        _Describe the method in the "Additional info" section if you chose "Other"._
+      options:
+        - "Community Web installer on a VPS or web space"
+        - "Community Manual installation with Archive"
+        - "Community Docker image"
+        - "Community NextcloudPi appliance"
+        - "Community SNAP package"
+        - "Community VM appliance"
+        - "Other Community project"
+        - "Official All-in-One appliance"
  - type: dropdown
    id: nextcloud-version
    attributes:
@@ -71,9 +86,9 @@ body:
        Select Nextcloud Server version.
        _Versions not listed here are not maintained and not supported anymore_
      options:
-        - "32"
-        - "33"
-        - "34 (master)"
+        - "28"
+        - "29"
+        - "master"
    validations:
      required: true
  - type: dropdown
@@ -95,11 +110,10 @@ body:
        Select PHP engine version serving Nextcloud Server.
        _Describe in the "Additional info" section if you chose "Other"._
      options:
-        - "PHP 8.5"
-        - "PHP 8.4"
-        - "PHP 8.3"
-        - "PHP 8.2"
+        - "PHP 8.0"
        - "PHP 8.1"
+        - "PHP 8.2"
+        - "PHP 8.3"
        - "Other"
  - type: dropdown
    id: webserver
@@ -133,8 +147,8 @@ body:
      description: |
        Select if bug is present after an update or on a fresh install.
      options:
-        - "Updated from a MINOR version (ex. 32.0.1 to 32.0.2)"
-        - "Upgraded to a MAJOR version (ex. 31 to 32)"
+        - "Updated from a MINOR version (ex. 28.0.1 to 28.0.2)"
+        - "Upgraded to a MAJOR version (ex. 28 to 29)"
        - "Fresh Nextcloud Server install"
  - type: dropdown
    id: encryption
@@ -169,7 +183,7 @@ body:
        ./occ config:list system
        ```
        > NOTE: This will be automatically formatted into code for better readability.
-      render: json
+      render: shell
  - type: textarea
    id: apps
    attributes:
@@ -201,10 +215,10 @@ body:
    attributes:
      label: Nextcloud Logs
      description: |
-        Provide relevant Nextcloud log entries (e.g. from the time period you reproduced the problem).
-        Copy full individual entries from `data/nextcloud.log` or use `Copy raw entry` from `/settings/admin/logging` section:
+        Provide Nextcloud logs lines.
+        Copy all contents from `data/nextcloud.log` or a RAW from `/settings/admin/logging` section:
        > NOTE: This will be automatically formatted into code for better readability.
-      render: json
+      render: shell
  - type: textarea
    id: additional-info
    attributes:
@@ -2,44 +2,47 @@
 name: 🚀 Feature request
 about: Suggest an idea for this project
 labels: enhancement, 0. Needs triage
-type: "Enhancement"
 ---

 <!--
-Have a security concern? Please report potential security issues via our HackerOne program (https://hackerone.com/nextcloud) instead of filing a public GitHub issue. See our security policy: https://nextcloud.com/security/
+Thanks for reporting issues back to Nextcloud!
+
+Note: This is the **issue tracker of Nextcloud**, please do NOT use this to get answers to your questions or get help for fixing your installation. This is a place to report bugs to developers, after your server has been debugged. You can find help debugging your system on our home user forums: https://help.nextcloud.com or, if you use Nextcloud in a large organization, ask our engineers on https://portal.nextcloud.com. See also  https://nextcloud.com/support for support options.
+
+Nextcloud is an open source project backed by Nextcloud GmbH. Most of our volunteers are home users and thus primarily care about issues that affect home users. Our paid engineers prioritize issues of our customers. If you are neither a home user nor a customer, consider paying somebody to fix your issue, do it yourself or become a customer.
+
+Guidelines for submitting issues:
+
+* Please search the existing issues first, it's likely that your issue was already reported or even fixed.
+    - Go to https://github.com/nextcloud and type any word in the top search/command bar. You probably see something like "We couldn’t find any repositories matching ..." then click "Issues" in the left navigation.
+    - You can also filter by appending e. g. "state:open" to the search string.
+    - More info on search syntax within github: https://help.github.com/articles/searching-issues
+    
+* This repository https://github.com/nextcloud/server/issues is *only* for issues within the Nextcloud Server code. This also includes the apps: files, encryption, external storage, sharing, deleted files, versions, LDAP, and WebDAV Auth
+  
+* SECURITY: Report any potential security bug to us via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/) instead of filing an issue in our bug tracker.  
+
+* The issues in other components should be reported in their respective repositories: You will find them in our GitHub Organization (https://github.com/nextcloud/)
 -->

-<!--
-Thanks for taking the time to suggest improvements to Nextcloud! Use this form to request features or propose enhancements.

-Guidelines:
+<!--- Please keep this note for other contributors -->

-* Please search existing issues first; your idea may already have been discussed or implemented.
-* This repository (https://github.com/nextcloud/server/issues) is only for issues within the Nextcloud Server code. This includes shipped apps such as Files, DAV, Encryption, External Storage, Sharing, Deleted Files, Versions, Federation, and LDAP.
-* Issues for other components should be reported in their respective repositories in the Nextcloud GitHub organization: https://github.com/nextcloud/
-* Nextcloud is an open source project backed by Nextcloud GmbH. Many contributors are volunteers and primarily focus on issues affecting home users. Paid engineers prioritize customer-reported issues and critical defects.
-* This is the development issue tracker. Please do NOT use it for support questions or help diagnosing your installation.
-  - For community/user help: https://help.nextcloud.com
-  - For professional / large deployment support options: https://nextcloud.com/support
-->
+### How to use GitHub
+
+* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are interested into the same feature.
+* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
+* Subscribe to receive notifications on status change and new comments. 

-<!-- Please keep the note below for other contributors -->
-> [!TIP]
-> ### Help move this idea forward
-> * Use the 👍 reaction to show support for this feature.
-> * Avoid commenting unless you have relevant information to add; unnecessary comments create noise for subscribers.
-> * Subscribe to receive notifications about status changes and new comments.
---
-<!-- DO NOT EDIT ABOVE THIS LINE -->

 **Is your feature request related to a problem? Please describe.**
-<!-- Provide a clear and concise description of the problem. For example: “I'm always frustrated when …” -->
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

 **Describe the solution you'd like**
-<!-- Provide a clear and concise description of what you want to happen. -->
+A clear and concise description of what you want to happen.

 **Describe alternatives you've considered**
-<!-- Provide a clear and concise description of any alternative solutions or features you've considered. -->
+A clear and concise description of any alternative solutions or features you've considered.

 **Additional context**
-<!-- Add any other context or screenshots related to the feature request here. -->
+Add any other context or screenshots about the feature request here.
@@ -1,7 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-name: "CodeQL config"
-
-paths-ignore:
-  - dist
@@ -1,8 +1,179 @@
 # SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: AGPL-3.0-or-later
-
 version: 2
 updates:
+# Linting and coding style
+- package-ecosystem: composer
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+
+# cs-fixer
+- package-ecosystem: composer
+  directory: "/vendor-bin/cs-fixer"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "04:10"
+    timezone: Europe/Copenhagen
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+
+# openapi-extractor
+- package-ecosystem: composer
+  directory: "/vendor-bin/openapi-extractor"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "04:20"
+    timezone: Europe/Brussels
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+    - "provokateurin"
+
+# psalm
+- package-ecosystem: composer
+  directory: "/vendor-bin/psalm"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "04:30"
+    timezone: Europe/Madrid
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+
+# Main master npm
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  open-pull-requests-limit: 10
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+  # Disable automatic rebasing because without a build CI will likely fail anyway
+  rebase-strategy: "disabled"
+
+# Testing master npm
+- package-ecosystem: npm
+  directory: "/build"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+
+# Testing master composer
+- package-ecosystem: composer
+  directory: "/build/integration"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  target-branch: stable28
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+  ignore:
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+  # Disable automatic rebasing because without a build CI will likely fail anyway
+  rebase-strategy: "disabled"
+
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  target-branch: stable29
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+  ignore:
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+  # Disable automatic rebasing because without a build CI will likely fail anyway
+  rebase-strategy: "disabled"
+
+- package-ecosystem: composer
+  directory: "/build/integration"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  target-branch: stable28
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+  ignore:
+    # ignore all GitHub linguist patch updates
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major", "version-update:semver-minor", "version-update:semver-patch"]
+
+- package-ecosystem: composer
+  directory: "/build/integration"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  target-branch: stable29
+  labels:
+    - "3. to review"
+    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"
+  ignore:
+    # ignore all GitHub linguist patch updates
+    - dependency-name: "*"
+      update-types: ["version-update:semver-major", "version-update:semver-minor", "version-update:semver-patch"]
+
 # GitHub Actions
 - package-ecosystem: "github-actions"
  directory: "/"
@@ -16,152 +187,6 @@ updates:
  labels:
    - "3. to review"
    - "feature: dependencies"
+  reviewers:
+    - "nextcloud/server-dependabot"

-# Main composer (linting, testing, openapi)
- package-ecosystem: composer
-  directories:
-    - "/"
-    - "/vendor-bin/behat"
-    - "/vendor-bin/cs-fixer"
-    - "/vendor-bin/openapi-extractor"
-    - "/vendor-bin/phpunit"
-    - "/vendor-bin/psalm"
-    - "/vendor-bin/rector"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "03:00"
-    timezone: Europe/Paris
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-
-# Main master npm frontend dependencies
- package-ecosystem: npm
-  directories:
-    - "/"
-    - "/build/frontend"
-    - "/build/frontend-legacy"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "03:00"
-    timezone: Europe/Paris
-  open-pull-requests-limit: 20
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  # Disable automatic rebasing because without a build CI will likely fail anyway
-  rebase-strategy: "disabled"
-  groups:
-    vite:
-      patterns:
-        - "vite"
-        - "@nextcloud/vite-config"
-    vitest:
-      patterns:
-        - "vitest"
-        - "@vitest/*"
-
-# Latest stable release
-
-# Composer dependencies for linting and testing
- package-ecosystem: composer
-  target-branch: stable33
-  directories:
-    - "/"
-    - "/vendor-bin/behat"
-    - "/vendor-bin/cs-fixer"
-    - "/vendor-bin/openapi-extractor"
-    - "/vendor-bin/phpunit"
-    - "/vendor-bin/psalm"
-    - "/vendor-bin/rector"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "03:30"
-    timezone: Europe/Paris
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  ignore:
-    # only patch updates on stable branches
-    - dependency-name: "*"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
-
-# frontend dependencies
- package-ecosystem: npm
-  target-branch: stable33
-  directories:
-    - "/"
-    - "/build/frontend"
-    - "/build/frontend-legacy"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "03:30"
-    timezone: Europe/Paris
-  open-pull-requests-limit: 20
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  # Disable automatic rebasing because without a build CI will likely fail anyway
-  rebase-strategy: "disabled"
-  groups:
-    vite:
-      patterns:
-        - "vite"
-        - "@nextcloud/vite-config"
-    vitest:
-      patterns:
-        - "vitest"
-        - "@vitest/*"
-  ignore:
-    # no major updates on stable branches
-    - dependency-name: "*"
-      update-types: ["version-update:semver-major"]
-
-# Older stable releases
-
-# Composer dependencies for linting and testing
- package-ecosystem: composer
-  target-branch: stable32
-  directories:
-    - "/"
-    - "/vendor-bin/behat"
-    - "/vendor-bin/cs-fixer"
-    - "/vendor-bin/openapi-extractor"
-    - "/vendor-bin/phpunit"
-    - "/vendor-bin/psalm"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "04:30"
-    timezone: Europe/Paris
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  ignore:
-    # only patch updates on stable branches
-    - dependency-name: "*"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
-
-# frontend dependencies
- package-ecosystem: npm
-  target-branch: stable32
-  directory: "/"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "04:30"
-    timezone: Europe/Paris
-  open-pull-requests-limit: 20
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  # Disable automatic rebasing because without a build CI will likely fail anyway
-  rebase-strategy: "disabled"
-  ignore:
-    # no major updates on stable branches
-    - dependency-name: "*"
-      update-types: ["version-update:semver-major"]
@@ -21,9 +21,3 @@
 - [ ] Screenshots before/after for front-end changes
 - [ ] Documentation ([manuals](https://github.com/nextcloud/documentation/) or wiki) has been updated or is not required
 - [ ] [Backports requested](https://github.com/nextcloud/backportbot/#usage) where applicable (ex: critical bugfixes)
- [ ] [Labels added](https://github.com/nextcloud/server/labels) where applicable (ex: bug/enhancement, `3. to review`, feature component)
- [ ] [Milestone added](https://github.com/nextcloud/server/milestones) for target branch/version (ex: 32.x for `stable32`)
-
-## AI (if applicable)
-
- [ ] The content of this PR was partly or fully generated using AI
@@ -36,9 +36,8 @@ jobs:
              - 'composer.json'
              - 'composer.lock'
              - '**.php'
-              - build/autoloaderchecker.sh

-  autoloader:
+  autocheckers:
    runs-on: ubuntu-latest

    needs: changes
@@ -46,58 +45,32 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.2']
+        php-versions: ['8.1']

    name: PHP checkers

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: ctype, json, mbstring
          coverage: none
          ini-file: development
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

+      - name: Set up dependencies
+        run: composer i
+
      - name: Check auto loaders
        run: bash ./build/autoloaderchecker.sh

-  autocheckers:
-    runs-on: ubuntu-latest-low
-
-    strategy:
-      matrix:
-        php-versions: ['8.2']
-
-    name: Translation and Files checkers
-
-    steps:
-      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
-          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
      - name: Check translations are JSON decodeable
        run: php ./build/translation-checker.php

@@ -110,14 +83,11 @@ jobs:
      - name: Check that all and only expected files are included
        run: php ./build/files-checker.php

-      - name: Check that all shipped apps are linted by psalm
-        run: sh ./build/psalm-checker.sh
-
  summary:
    permissions:
      contents: none
    runs-on: ubuntu-latest-low
-    needs: [changes, autoloader, autocheckers]
+    needs: [changes, autocheckers]

    if: always()

@@ -125,4 +95,4 @@ jobs:

    steps:
      - name: Summary status
-        run: if ${{ needs.autocheckers.result != 'success' || (needs.changes.outputs.src != 'false' && needs.autoloader.result != 'success') }}; then exit 1; fi
+        run: if ${{ needs.changes.outputs.src != 'false' && needs.autocheckers.result != 'success' }}; then exit 1; fi
@@ -27,23 +27,14 @@ jobs:

    steps:
      - name: Set server major version environment
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const regex = /^stable(\d+)$/
-            const baseRef = context.payload.pull_request.base.ref
-            const match = baseRef.match(regex)
-            if (match) {
-              console.log('Setting server_major to ' + match[1]);
-              core.exportVariable('server_major', match[1]);
-              console.log('Setting current_day to ' + (new Date()).toISOString().substr(0, 10));
-              core.exportVariable('current_day', (new Date()).toISOString().substr(0, 10));
-            }
+        run: |
+          # retrieve version number from branch reference
+          server_major=$(echo "${{ github.base_ref }}" | sed -En 's/stable//p')
+          echo "server_major=$server_major" >> $GITHUB_ENV
+          echo "current_month=$(date +%Y-%m)" >> $GITHUB_ENV

-      - name: Checking if server ${{ env.server_major }} is EOL
-        if: ${{ env.server_major != '' }}
+      - name: Checking if ${{ env.server_major }} is EOL
        run: |
          curl -s https://raw.githubusercontent.com/nextcloud-releases/updater_server/production/config/major_versions.json \
-            | jq '.["${{ env.server_major }}"]["eol"] // "9999-99-99" | . >= "${{ env.current_day }}"' \
+            | jq '.["${{ env.server_major }}"]["eol"] // "9999-99" | . >= "${{ env.current_month }}"' \
            | grep -q true
@@ -28,30 +28,8 @@ jobs:
    runs-on: ubuntu-latest-low

    steps:
-      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const baseRef = context.payload.pull_request.base.ref
-            if (baseRef === 'main' || baseRef === 'master') {
-              core.exportVariable('server_ref', 'master');
-              console.log('Setting server_ref to master');
-            } else {
-              const regex = /^stable(\d+)$/
-              const match = baseRef.match(regex)
-              if (match) {
-                core.exportVariable('server_ref', match[0]);
-                console.log('Setting server_ref to ' + match[0]);
-              } else {
-                console.log('Not based on master/main/stable*, so skipping freeze check');
-              }
-            }
-
-      - name: Download version.php from ${{ env.server_ref }}
-        if: ${{ env.server_ref != '' }}
-        run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ env.server_ref }}/version.php' --output version.php
+      - name: Download version.php from ${{ github.base_ref }}
+        run: curl 'https://raw.githubusercontent.com/nextcloud/server/${{ github.base_ref }}/version.php' --output version.php

      - name: Run check
-        if: ${{ env.server_ref != '' }}
        run: cat version.php | grep 'OC_VersionString' | grep -i -v 'RC'
@@ -31,49 +31,25 @@ jobs:
              - 'version.php'

      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: 3rdparty commit hash on current branch
        id: actual
        run: |
          echo "commit=$(git submodule status | grep ' 3rdparty' | egrep -o '[a-f0-9]{40}')" >> "$GITHUB_OUTPUT"

-      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const baseRef = context.payload.pull_request.base.ref
-            if (baseRef === 'main' || baseRef === 'master') {
-              core.exportVariable('server_ref', 'master');
-              console.log('Setting server_ref to master');
-            } else {
-              const regex = /^stable(\d+)$/
-              const match = baseRef.match(regex)
-              if (match) {
-                core.exportVariable('server_ref', match[0]);
-                console.log('Setting server_ref to ' + match[0]);
-              } else {
-                console.log('Not based on master/main/stable*, so skipping outdated 3rdparty check');
-              }
-            }
-
      - name: Last 3rdparty commit on target branch
-        if: ${{ env.server_ref != '' }}
        id: target
        run: |
-          echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ env.server_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT"
+          echo "commit=$(git ls-remote https://github.com/nextcloud/3rdparty refs/heads/${{ github.base_ref }} | awk '{ print $1}')" >> "$GITHUB_OUTPUT"

      - name: Compare if 3rdparty commits are different
-        if: ${{ env.server_ref != '' }}
        run: |
          echo '3rdparty/ seems to not point to the last commit of the dedicated branch:'
          echo 'Branch has: ${{ steps.actual.outputs.commit }}'
-          echo '${{ env.server_ref }} has: ${{ steps.target.outputs.commit }}'
+          echo '${{ github.base_ref }} has: ${{ steps.target.outputs.commit }}'

      - name: Fail if 3rdparty commits are different
-        if: ${{ env.server_ref != '' && steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}
+        if: ${{ steps.changes.outputs.src != 'false' && steps.actual.outputs.commit != steps.target.outputs.commit }}
        run: |
          exit 1
@@ -27,10 +27,8 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

-      - uses: webiny/action-conventional-commits@faccb24fc2550dd15c0390d944379d2d8ed9690e # v1.3.1
+      - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -1,45 +0,0 @@
-# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-name: Auto-label bug reports
-on:
-  issues:
-    types: [opened]
-
-jobs:
-  add-version-label:
-    if: contains(github.event.issue.title, '[Bug]')
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-    steps:
-      - name: Extract version number and apply label
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        with:
-          script: |
-            const body = context.payload.issue.body || '';
-            const normalizedBody = body.replace(/\r\n?/g, '\n');
-            let label = '';
-
-            // Extract Nextcloud Server version number from a block like:
-            // ### Nextcloud Server version
-            // 32
-            const versionMatch = normalizedBody.match(/### Nextcloud Server version\s*\n+([0-9]{1,3})\b/);
-            let nextcloudVersion = null;
-            if (versionMatch) {
-              nextcloudVersion = parseInt(versionMatch[1], 10);
-              label = nextcloudVersion + '-feedback';
-            }
-            
-            if (label) {
-              try {
-                await github.rest.issues.addLabels({
-                  issue_number: context.issue.number,
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  labels: [label]
-                });
-              } catch (error) {
-                core.setFailed(`Failed to add label "${label}": ${error.message || error}`);
-              }
-            }
@@ -1,49 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-name: "CodeQL Advanced"
-
-on:
-  push:
-    branches: [ "master", "stable*" ]
-  pull_request:
-    branches: [ "master", "stable*" ]
-  schedule:
-    - cron: '28 18 * * 1'
-
-jobs:
-  analyze:
-    name: Analyze (${{ matrix.language }})
-    runs-on: ubuntu-latest
-    permissions:
-      # required for all workflows
-      security-events: write
-
-      # required to fetch internal or private CodeQL packs
-      packages: read
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        - language: actions
-          build-mode: none
-        - language: javascript-typescript
-          build-mode: none
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      with:
-        persist-credentials: false
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
-      with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
-        config-file: ./.github/codeql-config.yml
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
-      with:
-        category: "/language:${{matrix.language}}"
@@ -11,9 +11,6 @@ on:
  issue_comment:
    types: [created]

-permissions:
-  contents: read
-
 jobs:
  init:
    runs-on: ubuntu-latest
@@ -30,7 +27,7 @@ jobs:

    steps:
      - name: Get repository from pull request comment
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        id: get-repository
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
@@ -57,7 +54,7 @@ jobs:
          require: write

      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
@@ -79,17 +76,17 @@ jobs:
          fi

      - name: Init branch
-        uses: xt0rted/pull-request-comment-branch@e8b8daa837e8ea7331c0003c9c316a64c6d8b0b1 # v3.0.0
+        uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1
        id: comment-branch

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
          comment-id: ${{ github.event.comment.id }}
-          reactions: '-1'
+          reactions: "-1"

  process:
    runs-on: ubuntu-latest
@@ -97,16 +94,14 @@ jobs:

    steps:
      - name: Restore cached git repository
-        uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
+        uses: buildjet/cache@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
        with:
          path: .git
          key: git-repo

      - name: Checkout ${{ needs.init.outputs.head_ref }}
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          # Needed to allow force push later
-          persist-credentials: true
          token: ${{ secrets.COMMAND_BOT_PAT }}
          fetch-depth: 0
          ref: ${{ needs.init.outputs.head_ref }}
@@ -120,11 +115,11 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: package-engines-versions
        with:
-          fallbackNode: '^24'
-          fallbackNpm: '^11.3'
+          fallbackNode: '^20'
+          fallbackNpm: '^10'

      - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
          cache: npm
@@ -136,41 +131,7 @@ jobs:
        if: ${{ contains(needs.init.outputs.arg1, 'rebase') }}
        run: |
          git fetch origin '${{ needs.init.outputs.base_ref }}:${{ needs.init.outputs.base_ref }}'
-
-          # Start the rebase
-          git rebase 'origin/${{ needs.init.outputs.base_ref }}' || {
-            # Handle rebase conflicts in a loop
-            while [ -d .git/rebase-merge ] || [ -d .git/rebase-apply ]; do
-              echo "Handling rebase conflict..."
-
-              # Remove and checkout /dist and /js folders from the base branch
-              if [ -d "dist" ]; then
-                rm -rf dist
-                git checkout origin/${{ needs.init.outputs.base_ref }} -- dist/ 2>/dev/null || echo "No dist folder in base branch"
-              fi
-              if [ -d "js" ]; then
-                rm -rf js
-                git checkout origin/${{ needs.init.outputs.base_ref }} -- js/ 2>/dev/null || echo "No js folder in base branch"
-              fi
-
-              # Stage all changes
-              git add .
-
-              # Check if there are any changes after resolving conflicts
-              if git diff --cached --quiet; then
-                echo "No changes after conflict resolution, skipping commit"
-                git rebase --skip
-              else
-                echo "Changes found, continuing rebase without editing commit message"
-                git -c core.editor=true rebase --continue
-              fi
-
-              # Break if rebase is complete
-              if [ ! -d .git/rebase-merge ] && [ ! -d .git/rebase-apply ]; then
-                break
-              fi
-            done
-          }
+          git rebase 'origin/${{ needs.init.outputs.base_ref }}'

      - name: Install dependencies & build
        env:
@@ -202,21 +163,17 @@ jobs:

      - name: Push normally
        if: ${{ !contains(needs.init.outputs.arg1, 'rebase') && !contains(needs.init.outputs.arg1, 'amend') }}
-        env:
-          HEAD_REF: ${{ needs.init.outputs.head_ref }}
-        run: git push origin "$HEAD_REF"
+        run: git push origin '${{ needs.init.outputs.head_ref }}'

      - name: Force push
        if: ${{ contains(needs.init.outputs.arg1, 'rebase') || contains(needs.init.outputs.arg1, 'amend') }}
-        env:
-          HEAD_REF: ${{ needs.init.outputs.head_ref }}
-        run: git push --force-with-lease origin "$HEAD_REF"
+        run: git push --force origin '${{ needs.init.outputs.head_ref }}'

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
          comment-id: ${{ github.event.comment.id }}
-          reactions: '-1'
+          reactions: "-1"
@@ -20,7 +20,7 @@ jobs:

    steps:
      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
@@ -34,64 +34,32 @@ jobs:
          exit 1

      - name: Init branch
-        uses: xt0rted/pull-request-comment-branch@e8b8daa837e8ea7331c0003c9c316a64c6d8b0b1 # v1
+        uses: xt0rted/pull-request-comment-branch@d97294d304604fa98a2600a6e2f916a84b596dc7 # v1
        id: comment-branch

      - name: Checkout ${{ steps.comment-branch.outputs.head_ref }}
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          fetch-depth: 0
          token: ${{ secrets.COMMAND_BOT_PAT }}
          ref: ${{ steps.comment-branch.outputs.head_ref }}

-      - name: Register server reference to fallback to master branch
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const baseRef = context.payload.pull_request.base.ref
-            if (baseRef === 'main' || baseRef === 'master') {
-              core.exportVariable('server_ref', 'master');
-              console.log('Setting server_ref to master');
-            } else {
-              const regex = /^stable(\d+)$/
-              const match = baseRef.match(regex)
-              if (match) {
-                core.exportVariable('server_ref', match[0]);
-                console.log('Setting server_ref to ' + match[0]);
-              } else {
-                console.log('Not based on master/main/stable*, so skipping pull 3rdparty command');
-              }
-            }
-
      - name: Setup git
        run: |
          git config --local user.email 'nextcloud-command@users.noreply.github.com'
          git config --local user.name 'nextcloud-command'

-      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
-        if: ${{ env.server_ref == '' }}
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          repository: ${{ github.event.repository.full_name }}
-          comment-id: ${{ github.event.comment.id }}
-          reactions: '-1'
-
      - name: Pull 3rdparty
-        if: ${{ env.server_ref != '' }}
-        run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ env.server_ref }}'"'"'; fi'
+        run: git submodule foreach 'if [ "$sm_path" == "3rdparty" ]; then git pull origin '"'"'${{ github.event.issue.pull_request.base.ref }}'"'"'; fi'

      - name: Commit and push changes
-        if: ${{ env.server_ref != '' }}
        run: |
          git add 3rdparty
-          git commit -s -m 'Update submodule 3rdparty to latest ${{ env.server_ref }}'
+          git commit -s -m 'Update submodule 3rdparty to latest ${{ github.event.issue.pull_request.base.ref }}'
          git push

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v3.0.1
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v3.0.1
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
@@ -18,15 +18,8 @@ env:
  # Adjust APP_NAME if your repository name is different
  APP_NAME: ${{ github.event.repository.name }}

-  # This represents the server branch to checkout.
-  # Usually it's the base branch of the PR, but for pushes it's the branch itself.
-  # e.g. 'main', 'stable27' or 'feature/my-feature'
-  # n.b. server will use head_ref, as we want to test the PR branch.
-  BRANCH: ${{ github.base_ref || github.ref_name }}
-
-
-permissions:
-  contents: read
+  # Server requires head_ref instead of base_ref, as we want to test the PR branch
+  BRANCH: ${{ github.head_ref || github.ref_name }}

 jobs:
  init:
@@ -36,8 +29,6 @@ jobs:
      npmVersion: ${{ steps.versions.outputs.npmVersion }}

    env:
-      # We'll install cypress in the cypress job
-      CYPRESS_INSTALL_BINARY: 0
      PUPPETEER_SKIP_DOWNLOAD: true

    steps:
@@ -48,9 +39,8 @@ jobs:
          exit 1

      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          # We need to checkout submodules for 3rdparty
          submodules: true

@@ -58,7 +48,7 @@ jobs:
        id: check_composer
        uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
        with:
-          files: 'composer.json'
+          files: "composer.json"

      - name: Install composer dependencies
        if: steps.check_composer.outputs.files_exists == 'true'
@@ -68,11 +58,11 @@ jobs:
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^24'
-          fallbackNpm: '^11.3'
+          fallbackNode: "^20"
+          fallbackNpm: "^10"

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -84,8 +74,11 @@ jobs:
          npm ci
          TESTING=true npm run build --if-present

+      - name: Show cypress version
+        run: npm run cypress:version
+
      - name: Save context
-        uses: buildjet/cache/save@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
+        uses: buildjet/cache/save@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
        with:
          key: cypress-context-${{ github.run_id }}
          path: ./
@@ -99,82 +92,32 @@ jobs:
      matrix:
        # Run multiple copies of the current job in parallel
        # Please increase the number or runners as your tests suite grows (0 based index for e2e tests)
-        containers: ['setup', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9']
-        # Hack as strategy.job-total includes the "setup" and GitHub does not allow math expressions
+        containers: ["component", '0', '1', '2', '3', '4', '5', '6', '7']
+        # Hack as strategy.job-total includes the component and GitHub does not allow math expressions
        # Always align this number with the total of e2e runners (max. index + 1)
-        total-containers: [10]
-
-    services:
-      mysql:
-        # Only start mysql if we are running the setup tests
-        image: ${{matrix.containers == 'setup' && 'ghcr.io/nextcloud/continuous-integration-mysql-8.4:latest' || ''}} # zizmor: ignore[unpinned-images]
-        ports:
-          - '3306/tcp'
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: oc_autotest
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-
-      mariadb:
-        # Only start mariadb if we are running the setup tests
-        image: ${{matrix.containers == 'setup' && 'mariadb:11.4' || ''}} # zizmor: ignore[unpinned-images]
-        ports:
-          - '3306/tcp'
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: oc_autotest
-        options: --health-cmd="mariadb-admin ping" --health-interval 5s --health-timeout 2s --health-retries 5
-
-      postgres:
-        # Only start postgres if we are running the setup tests
-        image: ${{matrix.containers == 'setup' && 'ghcr.io/nextcloud/continuous-integration-postgres-17:latest' || ''}} # zizmor: ignore[unpinned-images]
-        ports:
-          - '5432/tcp'
-        env:
-          POSTGRES_USER: root
-          POSTGRES_PASSWORD: rootpassword
-          POSTGRES_DB: nextcloud
-        options: --mount type=tmpfs,destination=/var/lib/postgresql/data --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
-
-      oracle:
-        # Only start oracle if we are running the setup tests
-        image: ${{matrix.containers == 'setup' && 'ghcr.io/gvenzl/oracle-free:23' || ''}} # zizmor: ignore[unpinned-images]
-        ports:
-          - '1521'
-        env:
-          ORACLE_PASSWORD: oracle
-        options:  --health-cmd healthcheck.sh --health-interval 20s --health-timeout 10s --health-retries 10
+        total-containers: [8]

    name: runner ${{ matrix.containers }}

    steps:
      - name: Restore context
-        uses: buildjet/cache/restore@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2
+        uses: buildjet/cache/restore@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
        with:
          fail-on-cache-miss: true
          key: cypress-context-${{ github.run_id }}
          path: ./

      - name: Set up node ${{ needs.init.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.init.outputs.nodeVersion }}

      - name: Set up npm ${{ needs.init.outputs.npmVersion }}
        run: npm i -g 'npm@${{ needs.init.outputs.npmVersion }}'

-      - name: Install cypress
-        run: ./node_modules/cypress/bin/cypress install
-
      - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests
-        uses: cypress-io/github-action@bc22e01685c56e89e7813fd8e26f33dc47f87e15 # v7.1.5
+        uses: cypress-io/github-action@df7484c5ba85def7eef30db301afa688187bc378 # v6.7.2
        with:
-          # We already installed the dependencies in the init job
-          install: false
          component: ${{ matrix.containers == 'component' }}
          group: ${{ matrix.use-cypress-cloud && matrix.containers == 'component' && 'Run component' || matrix.use-cypress-cloud && 'Run E2E' || '' }}
          # cypress env
@@ -191,34 +134,31 @@ jobs:
          CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
          SPLIT: ${{ matrix.total-containers }}
          SPLIT_INDEX: ${{ matrix.containers == 'component' && 0 || matrix.containers }}
-          SPLIT_RANDOM_SEED: ${{ github.run_id }}
-          SETUP_TESTING: ${{ matrix.containers == 'setup' && 'true' || '' }}

-      - name: Upload snapshots and videos
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      - name: Upload snapshots
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if: always()
        with:
          name: snapshots_${{ matrix.containers }}
-          path: |
-            cypress/snapshots
-            cypress/videos
+          path: cypress/snapshots

-      - name: Show logs
+      - name: Extract NC logs
        if: failure() && matrix.containers != 'component'
-        run: |
-          for id in $(docker ps -aq); do
-            docker container inspect "$id" --format '=== Logs for container {{.Name}} ==='
-            docker logs "$id" >> nextcloud.log
-          done
-          echo '=== Nextcloud server logs ==='
-          docker exec nextcloud-e2e-test-server_${{ env.APP_NAME }} cat data/nextcloud.log
+        run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log
+
+      - name: Upload NC logs
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        if: failure() && matrix.containers != 'component'
+        with:
+          name: nc_logs_${{ matrix.containers }}
+          path: nextcloud.log

      - name: Create data dir archive
        if: failure() && matrix.containers != 'component'
-        run: docker exec nextcloud-e2e-test-server_${{ env.APP_NAME }} tar -cvjf - data > data.tar
+        run: docker exec nextcloud-cypress-tests-server tar -cvjf - data > data.tar

-      - name: Upload data archive
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      - name: Upload data dir archive
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if: failure() && matrix.containers != 'component'
        with:
          name: nc_data_${{ matrix.containers }}
@@ -3,13 +3,13 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
 #
-# SPDX-FileCopyrightText: Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: MIT

-name: Auto approve Dependabot PRs
+name: Dependabot

 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers]
+  pull_request_target:
    branches:
      - main
      - master
@@ -24,13 +24,11 @@ concurrency:

 jobs:
  auto-approve-merge:
-    if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'renovate[bot]'
+    if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
    runs-on: ubuntu-latest-low
    permissions:
      # for hmarr/auto-approve-action to approve PRs
      pull-requests: write
-      # for alexwilson/enable-github-automerge-action to approve PRs
-      contents: write

    steps:
      - name: Disabled on forks
@@ -39,20 +37,13 @@ jobs:
          echo 'Can not approve PRs from forks'
          exit 1

-      - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
-        id: branchname
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
      # GitHub actions bot approve
-      - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
-        if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
+      - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}

-      # Enable GitHub auto merge
-      - name: Auto merge
-        uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # v2.0.0
-        if: startsWith(steps.branchname.outputs.branch, 'dependabot/')
+      # Nextcloud bot approve and merge request
+      - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2
        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          target: minor
+          github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-ftp-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,12 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - 'apps/files_external/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  files-external-ftp:
    runs-on: ubuntu-latest
@@ -53,21 +40,21 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
+      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.2', '8.4']
+        php-versions: ['8.1', '8.3']
        ftpd: ['proftpd', 'vsftpd', 'pure-ftpd']
        include:
-          - php-versions: '8.2'
+          - php-versions: '8.1'
            coverage: ${{ github.event_name != 'pull_request' }}

    name: php${{ matrix.php-versions }}-${{ matrix.ftpd }}

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up ftpd
@@ -81,12 +68,11 @@ jobs:
          if [[ "${{ matrix.ftpd }}" == 'pure-ftpd' ]]; then docker run --name ftp -d --net host -e "PUBLICHOST=localhost" -e FTP_USER_NAME=test -e FTP_USER_PASS=test -e FTP_USER_HOME=/home/test -v /tmp/ftp:/home/test -v /tmp/ftp:/etc/pure-ftpd/passwd stilliard/pure-ftpd; fi

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -110,22 +96,15 @@ jobs:
      - name: PHPUnit
        run: composer run test:files_external -- \
          apps/files_external/tests/Storage/FtpTest.php \
-          --log-junit junit.xml \
-          ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-ftp

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-files-external-ftp
-
      - name: ftpd logs
        if: always()
        run: |
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-s3-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,12 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - 'apps/files_external/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  files-external-s3-minio:
    runs-on: ubuntu-latest
@@ -53,18 +40,17 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.2', '8.4']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
-          - php-versions: '8.3'
+          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}

-    name: php${{ matrix.php-versions }}-s3-minio
+    name: php${{ matrix.php-versions }}-s3

    services:
      minio:
-        image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
+        image: bitnami/minio
        env:
          MINIO_ROOT_USER: nextcloud
          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@@ -74,14 +60,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -99,38 +83,26 @@ jobs:
          composer install
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
          ./occ app:enable --force files_external
-          echo "<?php return ['run' => true, 'minio' => true, 'secret' => 'actually-not-secret', 'passwordsalt' => 'actually-not-secret', 'hostname' => 'localhost','key' => '$OBJECT_STORE_KEY','secret' => '$OBJECT_STORE_SECRET', 'bucket' => 'bucket', 'port' => 9000, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/files_external/tests/config.amazons3.php
+          echo "<?php return ['run' => true, 'secret' => 'actually-not-secret', 'passwordsalt' => 'actually-not-secret', 'hostname' => 'localhost','key' => '$OBJECT_STORE_KEY','secret' => '$OBJECT_STORE_SECRET', 'bucket' => 'bucket', 'port' => 9000, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/files_external/tests/config.amazons3.php

      - name: Wait for S3
        run: |
+          sleep 10
          curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://localhost:9000/minio/health/ready

      - name: PHPUnit
-        run: |
-          composer run test:files_external -- \
-            --group S3 \
-            --log-junit junit.xml \
-            apps/files_external/tests/Storage \
-            ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test:files_external -- \
+          apps/files_external/tests/Storage/Amazons3Test.php \
+          apps/files_external/tests/Storage/VersionedAmazonS3Test.php \
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-s3

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-files-external-s3
-
-      - name: Nextcloud logs
-        if: always()
-        run: |
-          cat data/nextcloud.log
-
      - name: S3 logs
        if: always()
        run: |
@@ -145,32 +117,30 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.2', '8.4']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.3'
-            coverage: ${{ github.event_name != 'pull_request' }}
+            coverage: true

-    name: php${{ matrix.php-versions }}-s3-localstack
+    name: php${{ matrix.php-versions }}-s3

    services:
      localstack:
        env:
          SERVICES: s3
          DEBUG: 1
-        image: localstack/localstack@sha256:9d4253786e0effe974d77fe3c390358391a56090a4fff83b4600d8a64404d95d # v4.5.0
+        image: localstack/localstack
        ports:
          - "4566:4566"

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -185,29 +155,21 @@ jobs:
          composer install
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
          ./occ app:enable --force files_external
-          echo "<?php return ['run' => true, 'localstack' => true, 'hostname' => 'localhost','key' => 'ignored','secret' => 'ignored', 'bucket' => 'bucket', 'port' => 4566, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/files_external/tests/config.amazons3.php
+          echo "<?php return ['run' => true,'hostname' => 'localhost','key' => 'ignored','secret' => 'ignored', 'bucket' => 'bucket', 'port' => 4566, 'use_ssl' => false, 'autocreate' => true, 'use_path_style' => true];" > apps/files_external/tests/config.amazons3.php

      - name: PHPUnit
-        run: |
-          composer run test:files_external -- \
-            --group S3 \
-            --log-junit junit.xml \
-            apps/files_external/tests/Storage \
-            ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test:files_external -- \
+          apps/files_external/tests/Storage/Amazons3Test.php \
+          apps/files_external/tests/Storage/VersionedAmazonS3Test.php \
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-s3

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-files-external-s3
-
      - name: S3 logs
        if: always()
        run: |
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-sftp-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,12 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - 'apps/files_external/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  files-external-sftp:
    runs-on: ubuntu-latest
@@ -53,21 +40,21 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
+      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.2', '8.4']
+        php-versions: ['8.1', '8.3']
        sftpd: ['openssh']
        include:
-          - php-versions: '8.2'
+          - php-versions: '8.1'
            coverage: ${{ github.event_name != 'pull_request' }}

    name: php${{ matrix.php-versions }}-${{ matrix.sftpd }}

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up sftpd
@@ -77,12 +64,11 @@ jobs:
          if [[ '${{ matrix.sftpd }}' == 'openssh' ]]; then docker run -p 2222:22 --name sftp -d -v /tmp/sftp:/home/test atmoz/sftp 'test:test:::data'; fi

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -99,22 +85,15 @@ jobs:
        run: composer run test:files_external -- \
          apps/files_external/tests/Storage/SftpTest.php \
          apps/files_external/tests/Storage/SFTP_KeyTest.php \
-          --log-junit junit.xml \
-          ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-sftp

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-files-external-sftp
-
      - name: sftpd logs
        if: always()
        run: |
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-smb-kerberos-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,25 +26,15 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - 'apps/files_external/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  files-external-smb-kerberos:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
    needs: changes

    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}
@@ -56,31 +43,23 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Checkout user_saml
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          repository: nextcloud/user_saml
          path: apps/user_saml

-      - name: Install user_saml
-        run: |
-          cd apps/user_saml
-          composer i
-          cd ../..
-
      - name: Pull images
        run: |
          docker pull ghcr.io/icewind1991/samba-krb-test-dc
-          docker pull ghcr.io/icewind1991/samba-krb-test-apache-gssapi:8.4
+          docker pull ghcr.io/icewind1991/samba-krb-test-apache
          docker pull ghcr.io/icewind1991/samba-krb-test-client
          docker tag ghcr.io/icewind1991/samba-krb-test-dc icewind1991/samba-krb-test-dc
-          docker tag ghcr.io/icewind1991/samba-krb-test-apache-gssapi:8.4 icewind1991/samba-krb-test-apache-gssapi
+          docker tag ghcr.io/icewind1991/samba-krb-test-apache icewind1991/samba-krb-test-apache
          docker tag ghcr.io/icewind1991/samba-krb-test-client icewind1991/samba-krb-test-client

      - name: Setup AD-DC
@@ -98,18 +77,6 @@ jobs:
        run: |
          apps/files_external/tests/sso-setup/test-sso-smb.sh ${{ env.DC_IP }}

-      - name: Show logs DC
-        if: always()
-        run: |
-          docker logs dc
-          echo "------------"
-          docker exec dc cat /var/log/samba/log.samba
-
-      - name: Show logs Apache
-        if: always()
-        run: |
-          docker logs apache
-
      - name: Show logs
        if: always()
        run: |
@@ -117,7 +84,7 @@ jobs:
          echo "$FILEPATH:"
          docker exec --user 33 apache cat $FILEPATH

-  smb-kerberos-sso-summary:
+  sftp-summary:
    runs-on: ubuntu-latest-low
    needs: [changes, files-external-smb-kerberos]

@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-smb-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,12 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - 'apps/files_external/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  files-external-smb:
    runs-on: ubuntu-latest
@@ -53,40 +40,32 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
-      fail-fast: false
      matrix:
+        php-versions: ['8.1', '8.3']
        include:
-          - php-versions: '8.2'
+          - php-versions: '8.1'
            coverage: ${{ github.event_name != 'pull_request' }}

    name: php${{ matrix.php-versions }}-smb

    services:
      samba:
-        image: ghcr.io/servercontainers/samba:smbd-only-a3.18.0-s4.18.2-r0
-        env:
-          ACCOUNT_test: test
-          UID_test: 1000
-          SAMBA_VOLUME_CONFIG_test: "[public]; path=/tmp; valid users = test; guest ok = no; read only = no; browseable = yes"
-        options: >-
-          --health-cmd=true
+        image: ghcr.io/nextcloud/continuous-integration-samba:latest
        ports:
          - 445:445

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, smbclient, sqlite, pdo_sqlite
+          extensions: ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, smbclient, sqlite, pdo_sqlite
          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
          ini-file: development
        env:
@@ -109,24 +88,17 @@ jobs:
          apps/files_external/tests/env/wait-for-connection 127.0.0.1 445 60

      - name: PHPUnit
-        run: composer run test:files_external -- \
+        run: composer run test:files_external -- --verbose \
          apps/files_external/tests/Storage/SmbTest.php \
-          --log-junit junit.xml \
-          ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.1.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-smb

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-files-external-smb
-
  files-external-smb-summary:
    runs-on: ubuntu-latest-low
    needs: [changes, files-external-smb]
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-webdav-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,12 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - 'apps/files_external/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  files-external-webdav-apache:
    runs-on: ubuntu-latest
@@ -53,9 +40,8 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.3', '8.4']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -64,20 +50,18 @@ jobs:

    services:
      apache:
-        image: ghcr.io/nextcloud/continuous-integration-webdav-apache:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-webdav-apache:latest
        ports:
          - 8081:80

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -101,24 +85,17 @@ jobs:
          curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://test:pass@localhost:8081/webdav/

      - name: PHPUnit
-        run: composer run test:files_external -- \
+        run: composer run test:files_external -- --verbose \
          apps/files_external/tests/Storage/WebdavTest.php \
-          --log-junit junit.xml \
-          ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.1.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-webdav

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-files-external-webdav
-
  files-external-webdav-summary:
    runs-on: ubuntu-latest-low
    needs: [changes, files-external-webdav-apache]
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: files-external-generic-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,11 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - 'apps/files_external/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'

  files-external-generic:
    runs-on: ubuntu-latest
@@ -53,9 +39,8 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.3', '8.4']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -64,14 +49,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -91,23 +74,16 @@ jobs:
          ./occ app:enable --force files_external

      - name: PHPUnit
-        run: composer run test:files_external -- \
-          --log-junit junit.xml \
-          ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test:files_external \
+          ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-files-external-generic

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-files-external-generic
-
  files-external-summary:
    runs-on: ubuntu-latest-low
    needs: [changes, files-external-generic ]
@@ -1,104 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Generate changelog on release
-
-on:
-  release:
-    types: [published]
-
-permissions:
-  contents: write
-
-jobs:
-  changelog_generate:
-    runs-on: ubuntu-latest
-
-    # Only allowed to be run on nextcloud-releases repositories
-    if: ${{ github.repository_owner == 'nextcloud-releases' }}
-
-    steps:
-      - name: Check actor permission
-        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
-        with:
-          require: write
-
-      - name: Checkout github_helper
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          repository: nextcloud/github_helper
-          path: github_helper
-
-      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          path: server
-          fetch-depth: 0
-
-      - name: Get previous tag
-        shell: bash
-        run: |
-          cd server
-          # Print all tags
-          git log --decorate --oneline | egrep 'tag: ' | sed -r 's/^.+tag: ([^,\)]+)[,\)].+$/\1/g'
-          # Get the current tag
-          TAGS=$(git log --decorate --oneline | egrep 'tag: ' | sed -r 's/^.+tag: ([^,\)]+)[,\)].+$/\1/g')
-          CURRENT_TAG=$(echo "$TAGS" | head -n 1)
-
-          # If current tag is the first beta, we use the previous major RC1
-          if echo "$CURRENT_TAG" | grep -q 'beta1'; then
-            MAJOR=$(echo "$CURRENT_TAG" | sed -E 's/^v([0-9]+).*/\1/')
-            PREV=$((MAJOR - 1))
-            PREVIOUS_TAG="v${PREV}.0.0rc1"
-          # Get the previous tag - filter pre-releases only if current tag is stable
-          elif echo "$CURRENT_TAG" | grep -q 'rc\|beta\|alpha'; then
-            # Current tag is pre-release, don't filter
-            PREVIOUS_TAG=$(echo "$TAGS" | sed -n '2p')
-          else
-            # Current tag is stable, filter out pre-releases
-            PREVIOUS_TAG=$(echo "$TAGS" | grep -v 'rc\|beta\|alpha' | sed -n '2p')
-          fi
-
-          echo "CURRENT_TAG=$CURRENT_TAG" >> $GITHUB_ENV
-          echo "PREVIOUS_TAG=$PREVIOUS_TAG" >> $GITHUB_ENV
-
-      # Since this action only runs on nextcloud-releases, ignoring is okay
-      - name: Verify current tag # zizmor: ignore[template-injection]
-        run: |
-         if [ "${{ github.ref_name }}" != "${{ env.CURRENT_TAG }}" ]; then
-           echo "Current tag does not match the release tag. Exiting."
-           exit 1
-         fi
-
-      - name: Set up php 8.2
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
-        with:
-          php-version: 8.2
-          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set credentials
-        run: |
-          echo '{"username": "github-actions"}' > github_helper/credentials.json
-
-      # Since this action only runs on nextcloud-releases, ignoring is okay
-      - name: Generate changelog between ${{ env.PREVIOUS_TAG }} and ${{ github.ref_name }} # zizmor: ignore[template-injection]
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          cd github_helper/changelog
-          composer install
-          php index.php generate:changelog --no-bots --format=forum server ${{ env.PREVIOUS_TAG }} ${{ github.ref_name }} > changelog.md
-
-      # Since this action only runs on nextcloud-releases, ignoring is okay
-      - name: Set changelog to release # zizmor: ignore[template-injection]
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-         cd server
-         gh release edit ${{ github.ref_name }} --notes-file "../github_helper/changelog/changelog.md" --title "${{ github.ref_name }}"
@@ -4,9 +4,6 @@ name: DAV integration tests
 on:
  pull_request:

-permissions:
-  contents: read
-
 concurrency:
  group: integration-caldav-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -43,9 +40,10 @@ jobs:
    if: needs.changes.outputs.src != 'false' && github.repository_owner != 'nextcloud-gmbh'

    strategy:
+      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.2']
+        php-versions: ['8.1']
        endpoint: ['old', 'new']
        service: ['CalDAV', 'CardDAV']

@@ -53,14 +51,12 @@ jobs:

    steps:
        - name: Checkout server
-          uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
          with:
-            persist-credentials: false
            submodules: true

        - name: Set up php ${{ matrix.php-versions }}
-          uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-          timeout-minutes: 5
+          uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
          with:
            php-version: ${{ matrix.php-versions }}
            # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -71,7 +67,7 @@ jobs:
            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

        - name: Set up Python
-          uses: LizardByte/actions/actions/setup_python@70bb8d394d1c92f6113aeec6ae9cc959a5763d15 # v2026.227.200013
+          uses: LizardByte/setup-python-action@master
          with:
            python-version: '2.7'

@@ -103,9 +99,9 @@ jobs:

        - name: Run CalDAVTester
          run: |
-            cp "apps/dav/tests/testsuits/caldavtest/serverinfo-${{ matrix.endpoint }}${{ matrix.endpoint == 'old' && (matrix.service == 'CardDAV' && '-carddav' || '-caldav') || '' }}-endpoint.xml" "apps/dav/tests/testsuits/caldavtest/serverinfo.xml"
+            cp "apps/dav/tests/travis/caldavtest/serverinfo-${{ matrix.endpoint }}${{ matrix.endpoint == 'old' && (matrix.service == 'CardDAV' && '-carddav' || '-caldav') || '' }}-endpoint.xml" "apps/dav/tests/travis/caldavtest/serverinfo.xml"
            pushd CalDAVTester
-            PYTHONPATH="../pycalendar/src" python testcaldav.py --print-details-onfail --basedir "../apps/dav/tests/testsuits/caldavtest" -o cdt.txt \
+            PYTHONPATH="../pycalendar/src" python testcaldav.py --print-details-onfail --basedir "../apps/dav/tests/travis/caldavtest" -o cdt.txt \
              "${{ matrix.service }}/current-user-principal.xml" \
              "${{ matrix.service }}/sync-report.xml" \
              ${{ matrix.endpoint == 'new' && format('{0}/sharing-{1}.xml', matrix.service, matrix.service == 'CalDAV' && 'calendars' || 'addressbooks') || ';' }}
@@ -4,9 +4,6 @@ name: Litmus integration tests
 on:
  pull_request:

-permissions:
-  contents: read
-
 concurrency:
  group: integration-litmus-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -43,23 +40,22 @@ jobs:
    if: needs.changes.outputs.src != 'false' && github.repository_owner != 'nextcloud-gmbh'

    strategy:
+      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.2']
+        php-versions: ['8.1']
        endpoint: ['webdav', 'dav']

    name: Litmus WebDAV ${{ matrix.endpoint }}

    steps:
        - name: Checkout server
-          uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
          with:
-            persist-credentials: false
            submodules: true

        - name: Set up php ${{ matrix.php-versions }}
-          uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-          timeout-minutes: 5
+          uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
          with:
            php-version: ${{ matrix.php-versions }}
            # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -4,9 +4,6 @@ name: S3 primary storage integration tests
 on:
  pull_request:

-permissions:
-  contents: read
-
 concurrency:
  group: integration-s3-primary-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -27,23 +24,14 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
-              - 'vendor/**'
-              - 'vendor-bin/**'
+              - '**/*.php'
+              - '**/lib/**'
+              - '**/tests/**'
+              - '**/vendor-bin/**'
+              - 'build/integration/**'
+              - '.php-cs-fixer.dist.php'
              - 'composer.json'
              - 'composer.lock'
-              - 'build/integration/**'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'

  integration-s3-primary:
    runs-on: ubuntu-latest
@@ -52,21 +40,22 @@ jobs:
    if: needs.changes.outputs.src != 'false' && github.repository_owner != 'nextcloud-gmbh'

    strategy:
+      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.2']
+        php-versions: ['8.1']
        key: ['objectstore', 'objectstore_multibucket']

    name: php${{ matrix.php-versions }}-${{ matrix.key }}-minio

    services:
      redis:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
        ports:
          - 6379:6379/tcp
      minio:
-        image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
+        image: bitnami/minio
        env:
          MINIO_ROOT_USER: nextcloud
          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@@ -76,14 +65,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -100,7 +87,6 @@ jobs:

      - name: Set up Nextcloud
        run: |
-          composer install
          mkdir data
          echo '<?php $CONFIG=["${{ matrix.key }}" => ["class" => "OC\Files\ObjectStore\S3", "arguments" => ["bucket" => "nextcloud", "autocreate" => true, "key" => "nextcloud", "secret" => "bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=", "hostname" => "localhost", "port" => 9000, "use_ssl" => false, "use_path_style" => true, "uploadPartSize" => 52428800]]];' > config/config.php
          echo '<?php $CONFIG=["redis" => ["host" => "localhost", "port" => 6379], "memcache.local" => "\OC\Memcache\Redis", "memcache.distributed" => "\OC\Memcache\Redis"];' > config/redis.config.php
@@ -61,34 +61,28 @@ jobs:
          - 'federation_features'
          - '--tags ~@large files_features'
          - 'filesdrop_features'
-          - 'file_conversions'
-          - 'files_reminders'
          - 'openldap_features'
          - 'openldap_numerical_features'
          - 'ldap_features'
          - 'remoteapi_features'
-          - 'routing_features'
          - 'setup_features'
          - 'sharees_features'
          - 'sharing_features'
-          - 'theming_features'
          - 'videoverification_features'

-        php-versions: ['8.4']
-        spreed-versions: ['main']
-        activity-versions: ['master']
+        php-versions: ['8.1']
+        spreed-versions: ['stable30']

    services:
      redis:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
        ports:
          - 6379:6379/tcp
      openldap:
-        image: ghcr.io/nextcloud/continuous-integration-openldap:openldap-8 # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-openldap:openldap-7
        ports:
          - 389:389
-          - 636:636
        env:
          SLAPD_DOMAIN: nextcloud.ci
          SLAPD_ORGANIZATION: Nextcloud
@@ -97,32 +91,20 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Checkout Talk app
        if: ${{ matrix.test-suite == 'videoverification_features' }}
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          repository: nextcloud/spreed
          path: apps/spreed
          ref: ${{ matrix.spreed-versions }}

-      - name: Checkout Activity app
-        if: ${{ matrix.test-suite == 'sharing_features' }}
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          repository: nextcloud/activity
-          path: apps/activity
-          ref: ${{ matrix.activity-versions }}
-
      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -132,9 +114,12 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

-      - name: Set up dependencies
-        run: |
-          composer install
+      - name: Set up production dependencies
+        run: composer i --no-dev
+
+      - name: Set up behat dependencies
+        working-directory: build/integration
+        run: composer i

      - name: Set up Talk dependencies
        if: ${{ matrix.test-suite == 'videoverification_features' }}
@@ -165,7 +150,7 @@ jobs:
      - name: Print logs
        if: always()
        run: |
-          cat $(./occ log:file |grep "Log file"|cut -d" " -f3)
+          cat data/nextcloud.log
          docker ps -a
          docker ps -aq | while read container ; do IMAGE=$(docker inspect --format='{{.Config.Image}}' $container); echo $IMAGE; docker logs $container; echo "\n\n" ; done

@@ -20,9 +20,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src}}
@@ -56,19 +53,17 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^24'
-          fallbackNpm: '^11.3'
+          fallbackNode: '^20'
+          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -44,19 +44,16 @@ jobs:
  lint:
    runs-on: ubuntu-latest

-    name: php-cs
+    name: PHP CS fixer lint

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

-      - name: Set up php
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+      - name: Set up php8.1
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
-          php-version: 8.2
+          php-version: 8.1
          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: none
          ini-file: development
@@ -47,22 +47,18 @@ jobs:

    strategy:
      matrix:
-        php-versions: [ '8.2', '8.3', '8.4', '8.5' ]
+        php-versions: [ '8.1', '8.2', '8.3' ]

    name: php-lint

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: none
          ini-file: development
        env:
@@ -1,53 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-#
-# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Lint stylelint
-
-on: pull_request
-
-permissions:
-  contents: read
-
-concurrency:
-  group: lint-stylelint-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-
-    name: stylelint
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Read package.json node and npm engines version
-        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
-        id: versions
-        with:
-          fallbackNode: '^24'
-          fallbackNpm: '^11.3'
-
-      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
-        with:
-          node-version: ${{ steps.versions.outputs.nodeVersion }}
-
-      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
-        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
-
-      - name: Install dependencies
-        env:
-          CYPRESS_INSTALL_BINARY: 0
-        run: npm ci
-
-      - name: Lint
-        run: npm run stylelint
@@ -1,99 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-#
-# SPDX-FileCopyrightText: 2023-2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Node handlebars tests
-
-on:
-  pull_request:
-
-permissions:
-  contents: read
-
-concurrency:
-  group: node-tests-handlebars-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  changes:
-    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read
-
-    outputs:
-      src: ${{ steps.changes.outputs.src }}
-
-    steps:
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: changes
-        continue-on-error: true
-        with:
-          filters: |
-            src:
-              - '.github/workflows/**'
-              - '**/__tests__/**'
-              - '**/__mocks__/**'
-              - 'apps/*/src/**'
-              - 'apps/*/appinfo/info.xml'
-              - 'core/src/**'
-              - 'package.json'
-              - '**/package-lock.json'
-              - 'tsconfig.json'
-              - '**.js'
-              - '**.ts'
-              - '**.vue'
-
-  handlebars:
-    runs-on: ubuntu-latest
-    needs: [changes]
-    if: needs.changes.outputs.src != 'false'
-
-    env:
-      CYPRESS_INSTALL_BINARY: 0
-      PUPPETEER_SKIP_DOWNLOAD: true
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Read package.json node and npm engines version
-        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
-        id: versions
-        with:
-          fallbackNode: '^24'
-          fallbackNpm: '^11.3'
-
-      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
-        with:
-          node-version: ${{ steps.versions.outputs.nodeVersion }}
-
-      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
-        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run compile
-        run: ./build/compile-handlebars-templates.sh
-
-  summary:
-    permissions:
-      contents: none
-    runs-on: ubuntu-latest-low
-    needs: [changes, handlebars]
-
-    if: always()
-
-    name: test-summary
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && needs.handlebars.result != 'success' }}; then exit 1; fi
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src}}
@@ -44,61 +41,128 @@ jobs:
              - 'apps/*/appinfo/info.xml'
              - 'core/src/**'
              - 'package.json'
-              - '**/package-lock.json'
+              - 'package-lock.json'
              - 'tsconfig.json'
              - '**.js'
              - '**.ts'
              - '**.vue'

-  test:
-    runs-on: ubuntu-latest
-
+  versions:
+    runs-on: ubuntu-latest-low
    needs: changes
-    if: needs.changes.outputs.src != 'false'
+
+    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}
+
+    outputs:
+      nodeVersion: ${{ steps.versions.outputs.nodeVersion }}
+      npmVersion: ${{ steps.versions.outputs.npmVersion }}

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^24'
-          fallbackNpm: '^11.3'
+          fallbackNode: '^20'
+          fallbackNpm: '^10'

-      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+  test:
+    runs-on: ubuntu-latest
+    needs: [versions, changes]
+
+    if: ${{ needs.versions.result != 'failure' && needs.changes.outputs.src != 'false' }}
+
+    env:
+      CYPRESS_INSTALL_BINARY: 0
+      PUPPETEER_SKIP_DOWNLOAD: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
-          node-version: ${{ steps.versions.outputs.nodeVersion }}
+          node-version: ${{ needs.versions.outputs.nodeVersion }}

-      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
-        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'
+      - name: Set up npm ${{ needs.versions.outputs.npmVersion }}
+        run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'

-      - name: Install dependencies
-        env:
-          CYPRESS_INSTALL_BINARY: 0
+      - name: Install dependencies & build
        run: |
          npm ci
-
-#      - name: Test
-#        run: npm run test --if-present
+          npm run build --if-present

      - name: Test and process coverage
-        run: npm run test:coverage
+        run: npm run test:coverage --if-present

      - name: Collect coverage
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.3.1
        with:
-          files: ./coverage/lcov.info,./coverage/legacy/lcov.info
+          files: ./coverage/lcov.info
+
+  jsunit:
+    runs-on: ubuntu-latest
+    needs: [versions, changes]
+
+    if: ${{ needs.versions.result != 'failure' && needs.changes.outputs.src != 'false' }}
+
+    env:
+      CYPRESS_INSTALL_BINARY: 0
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        with:
+          node-version: ${{ needs.versions.outputs.nodeVersion }}
+
+      - name: Set up npm ${{ needs.versions.outputs.npmVersion }}
+        run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Test
+        run: npm run test:jsunit
+
+  handlebars:
+    runs-on: ubuntu-latest
+    needs: [versions, changes]
+
+    if: ${{ needs.versions.result != 'failure' && needs.changes.outputs.src != 'false' }}
+
+    env:
+      CYPRESS_INSTALL_BINARY: 0
+      PUPPETEER_SKIP_DOWNLOAD: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        with:
+          node-version: ${{ needs.versions.outputs.nodeVersion }}
+
+      - name: Set up npm ${{ needs.versions.outputs.npmVersion }}
+        run: npm i -g 'npm@${{ needs.versions.outputs.npmVersion }}'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run compile
+        run: ./build/compile-handlebars-templates.sh

  summary:
    permissions:
      contents: none
    runs-on: ubuntu-latest-low
-    needs: [changes, test]
+    needs: [changes, test, jsunit, handlebars]

    if: always()

@@ -106,4 +170,4 @@ jobs:

    steps:
      - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && needs.test.result != 'success' }}; then exit 1; fi
+        run: if ${{ needs.changes.outputs.src != 'false' && (needs.test.result != 'success' || needs.jsunit.result != 'success' || needs.handlebars.result != 'success') }}; then exit 1; fi
@@ -20,9 +20,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src}}
@@ -37,14 +34,14 @@ jobs:
              - '.github/workflows/**'
              - '**/src/**'
              - '**/appinfo/info.xml'
-              - 'core/css/*'
-              - 'core/img/**'
              - 'package.json'
-              - '**/package-lock.json'
+              - 'package-lock.json'
              - 'tsconfig.json'
              - '**.js'
              - '**.ts'
              - '**.vue'
+              - 'core/css/*'
+              - 'core/img/**'
              - 'version.php'

  build:
@@ -56,32 +53,23 @@ jobs:
    name: NPM build
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^24'
-          fallbackNpm: '^11.3'
+          fallbackNode: '^20'
+          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

      - name: Set up npm ${{ steps.versions.outputs.npmVersion }}
        run: npm i -g 'npm@${{ steps.versions.outputs.npmVersion }}'

-      # This does not work on server as we have some git dependencies that "npm-package-lock-add-resolved" cannot handle
-      # - name: Validate package-lock.json # See https://github.com/npm/cli/issues/4460
-      #   run: |
-      #     npm i -g npm-package-lock-add-resolved@1.1.4
-      #     npm-package-lock-add-resolved
-      #     git --no-pager diff --exit-code
-
      - name: Install dependencies & build
        env:
          CYPRESS_INSTALL_BINARY: 0
@@ -90,7 +78,7 @@ jobs:
          npm ci
          npm run build --if-present

-      - name: Check build changes
+      - name: Check webpack build changes
        run: |
          bash -c "[[ ! \"`git status --porcelain `\" ]] || (echo 'Please recompile and commit the assets, see the section \"Show changes on failure\" for details' && exit 1)"

@@ -14,9 +14,6 @@ on:
    # At 2:30 on Sundays
    - cron: '30 2 * * 0'

-permissions:
-  contents: read
-
 jobs:
  build:
    runs-on: ubuntu-latest
@@ -24,32 +21,25 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        branches:
-          - ${{ github.event.repository.default_branch }}
-          - 'stable33'
-          - 'stable32'
-          - 'stable31'
+        branches: ['main', 'master', 'stable29', 'stable28', 'stable27']

    name: npm-audit-fix-${{ matrix.branches }}

    steps:
      - name: Checkout
-        id: checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          ref: ${{ matrix.branches }}
-        continue-on-error: true

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
        id: versions
        with:
-          fallbackNode: '^24'
-          fallbackNpm: '^11.3'
+          fallbackNode: '^20'
+          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -58,10 +48,10 @@ jobs:

      - name: Fix npm audit
        id: npm-audit
-        uses: nextcloud-libraries/npm-audit-action@1b1728b2b4a7a78d69de65608efcf4db0e3e42d0 # v0.2.0
+        uses: nextcloud-libraries/npm-audit-action@2a60bd2e79cc77f2cc4d9a3fe40f1a69896f3a87 # v0.1.0

      - name: Run npm ci and npm run build
-        if: steps.checkout.outcome == 'success'
+        if: always()
        env:
          CYPRESS_INSTALL_BINARY: 0
        run: |
@@ -69,8 +59,8 @@ jobs:
          npm run build --if-present

      - name: Create Pull Request
-        if: steps.checkout.outcome == 'success'
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
+        if: always()
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(deps): Fix npm audit'
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "15 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: object-storage-azure-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,16 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - '**/appinfo/**'
+              - '**/lib/**'
+              - '**/templates/**'
+              - '**/tests/**'
              - 'vendor/**'
              - 'vendor-bin/**'
+              - '.php-cs-fixer.dist.php'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  azure-primary-tests:
    runs-on: ubuntu-latest
@@ -53,18 +44,17 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.2', '8.3']
+        php-versions: ['8.1', '8.2']
        include:
-          - php-versions: '8.4'
-            coverage: ${{ github.event_name != 'pull_request' }}
+          - php-versions: '8.3'
+            coverage: true

    name: php${{ matrix.php-versions }}-azure

    services:
      azurite:
-        image: mcr.microsoft.com/azure-storage/azurite@sha256:0a47e12e3693483cef5c71f35468b91d751611f172d2f97414e9c69113b106d9 # v3.34.0
+        image: mcr.microsoft.com/azure-storage/azurite
        env:
          AZURITE_ACCOUNTS: nextcloud:bmV4dGNsb3Vk
        ports:
@@ -72,21 +62,19 @@ jobs:
        options: --health-cmd="nc 127.0.0.1 10000 -z" --health-interval=1s --health-retries=30

      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -106,28 +94,22 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit
        env:
          OBJECT_STORE: azure
          OBJECT_STORE_KEY: nextcloud
          OBJECT_STORE_SECRET: bmV4dGNsb3Vk
-        run: composer run test -- --group PRIMARY-azure --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test -- --group PRIMARY-azure ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-azure

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-azure
-
      - name: Azurite logs
        if: always()
        run: |
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "15 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: object-storage-s3-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,16 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - '**/appinfo/**'
+              - '**/lib/**'
+              - '**/templates/**'
+              - '**/tests/**'
              - 'vendor/**'
              - 'vendor-bin/**'
+              - '.php-cs-fixer.dist.php'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  s3-primary-tests-minio:
    runs-on: ubuntu-latest
@@ -53,24 +44,23 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.2']
+        php-versions: ['8.1', '8.2']
        include:
          - php-versions: '8.3'
-            coverage: ${{ github.event_name != 'pull_request' }}
+            coverage: true

    name: php${{ matrix.php-versions }}-s3

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      minio:
-        image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
+        image: bitnami/minio
        env:
          MINIO_ROOT_USER: nextcloud
          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
@@ -80,14 +70,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -107,7 +95,7 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: Wait for S3
        run: |
@@ -119,21 +107,15 @@ jobs:
          OBJECT_STORE: s3
          OBJECT_STORE_KEY: nextcloud
          OBJECT_STORE_SECRET: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
-        run: composer run test -- --group PRIMARY-s3 --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test -- --group PRIMARY-s3 ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-s3

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-s3
-
      - name: S3 logs
        if: always()
        run: |
@@ -6,9 +6,6 @@ on:
  schedule:
    - cron: "15 2 * * *"

-permissions:
-  contents: read
-
 concurrency:
  group: object-storage-swift-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -29,22 +26,16 @@ jobs:
            src:
              - '.github/workflows/**'
              - '3rdparty/**'
+              - '**/appinfo/**'
+              - '**/lib/**'
+              - '**/templates/**'
+              - '**/tests/**'
              - 'vendor/**'
              - 'vendor-bin/**'
+              - '.php-cs-fixer.dist.php'
              - 'composer.json'
              - 'composer.lock'
-              - 'apps/files/lib/**'
-              - 'apps/files/tests/**'
-              - 'apps/files_external/**'
-              - 'apps/files_sharing/lib/**'
-              - 'apps/files_sharing/tests/**'
-              - 'apps/files_trashbin/lib/**'
-              - 'apps/files_trashbin/tests/**'
-              - 'apps/files_versions/lib/**'
-              - 'apps/files_versions/tests/**'
-              - 'lib/private/Files/**'
-              - 'lib/public/Files/**'
-              - 'tests/lib/Files/**'
+              - '**.php'

  swift-primary-tests:
    runs-on: ubuntu-latest
@@ -53,38 +44,35 @@ jobs:
    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.2']
+        php-versions: ['8.1', '8.2']
        include:
          - php-versions: '8.3'
-            coverage: ${{ github.event_name != 'pull_request' }}
+            coverage: true

    name: php${{ matrix.php-versions }}-swift

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      swift:
-        image: ghcr.io/cscfi/docker-keystone-swift@sha256:e8b1ec21120ab9adc6ac6a2b98785fd273676439a8633fe898e37f2aea7e0712
+        image: ghcr.io/cscfi/docker-keystone-swift
        ports:
          - 5000:5000
          - 8080:8080

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -103,27 +91,21 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit
        env:
          OBJECT_STORE: swift
          OBJECT_STORE_SECRET: veryfast
-        run: composer run test -- --group PRIMARY-swift --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test -- --group PRIMARY-swift ${{ matrix.coverage && ' --coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-swift

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-swift
-
      - name: Swift logs
        if: always()
        run: |
@@ -26,15 +26,12 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up php
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
-          php-version: '8.2'
+          php-version: '8.1'
          extensions: ctype, curl, dom, fileinfo, gd, json, libxml, mbstring, openssl, pcntl, pdo, posix, session, simplexml, xml, xmlreader, xmlwriter, zip, zlib
          coverage: none
          ini-file: development
@@ -4,9 +4,6 @@ name: Performance testing
 on:
  pull_request:

-permissions:
-  contents: read
-
 concurrency:
  group: performance-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
@@ -17,13 +14,10 @@ jobs:

    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

-    permissions:
-      pull-requests: write
-
    strategy:
      fail-fast: false
      matrix:
-        php-versions: ['8.2']
+        php-versions: ['8.1']

    name: performance-${{ matrix.php-versions }}

@@ -35,18 +29,16 @@ jobs:
          exit 1

      - name: Checkout server before PR
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true
          ref: ${{ github.event.pull_request.base.ref }}

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

@@ -57,13 +49,13 @@ jobs:

          php -S localhost:8080 &
      - name: Apply blueprint
-        uses: icewind1991/blueprint@00504403f76cb2a09efd0d16793575055e6f63cb # v0.1.2
+        uses: icewind1991/blueprint@v0.1.2
        with:
          blueprint: tests/blueprints/basic.toml
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Run before measurements
-        uses: nextcloud/profiler@6a74c915048285b35b8e1cd96c0835a635945044
+        uses: nextcloud/profiler@6801ee10fc80f10b444388fb6ca9b36ad8a2ea83
        with:
          run: |
            curl -s -X PROPFIND -u test:test http://localhost:8080/remote.php/dav/files/test
@@ -72,9 +64,9 @@ jobs:
            curl -s -u test:test -T README.md http://localhost:8080/remote.php/dav/files/test/new_file.txt
            curl -s -u test:test -X DELETE http://localhost:8080/remote.php/dav/files/test/new_file.txt
          output: before.json
-          profiler-branch: master
+          profiler-branch: stable30

-      - name: Apply PR # zizmor: ignore[template-injection]
+      - name: Apply PR
        run: |
          git remote add pr '${{ github.event.pull_request.head.repo.clone_url }}'
          git fetch pr '${{ github.event.pull_request.head.ref }}'
@@ -85,7 +77,7 @@ jobs:

      - name: Run after measurements
        id: compare
-        uses: nextcloud/profiler@6a74c915048285b35b8e1cd96c0835a635945044
+        uses: nextcloud/profiler@6801ee10fc80f10b444388fb6ca9b36ad8a2ea83
        with:
          run: |
            curl -s -X PROPFIND -u test:test http://localhost:8080/remote.php/dav/files/test
@@ -94,19 +86,19 @@ jobs:
            curl -s -u test:test -T README.md http://localhost:8080/remote.php/dav/files/test/new_file.txt
            curl -s -u test:test -X DELETE http://localhost:8080/remote.php/dav/files/test/new_file.txt
          output: after.json
-          profiler-branch: master
+          profiler-branch: stable30
          compare-with: before.json

      - name: Upload profiles
        if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b
        with:
          name: profiles
          path: |
            before.json
            after.json

-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v7
+      - uses: actions/github-script@v7
        if: failure() && steps.compare.outcome == 'failure'
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
@@ -5,10 +5,8 @@ name: PHPUnit 32bits
 on:
  pull_request:
    paths:
-      - "version.php"
-      - ".github/workflows/phpunit-32bits.yml"
-      - "tests/phpunit-autotest.xml"
-      - "lib/private/Snowflake/*"
+      - 'version.php'
+      - '.github/workflows/phpunit-32bits.yml'
  workflow_dispatch:
  schedule:
    - cron: "15 1 * * 1-6"
@@ -26,34 +24,43 @@ jobs:

    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

+    container: shivammathur/node:latest-i386
+
    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ["8.4"]
+        php-versions: ['8.1','8.3']

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

-      - name: Set up dependencies
-        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
+      - name: Install tools
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y ffmpeg imagemagick libmagickcore-6.q16-3-extra
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
-          args: /bin/sh -c "
-            git config --global --add safe.directory /github/workspace &&
-            composer install --no-interaction"
+          php-version: ${{ matrix.php-versions }}
+          extensions: ctype, curl, dom, fileinfo, gd, imagick, intl, json, mbstring, openssl, pdo_sqlite, posix, sqlite, xml, zip, apcu
+          coverage: none
+          ini-file: development
+          ini-values:
+            apc.enabled=on, apc.enable_cli=on, disable_functions= # https://github.com/shivammathur/setup-php/discussions/573
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Nextcloud
-        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
-        with:
-          args: /bin/sh -c "
-            mkdir data &&
-            ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-user=autotest --database-pass=rootpassword --admin-user admin --admin-pass admin &&
-            php -f tests/enable_all.php"
+        env:
+          DB_PORT: 4444
+        run: |
+          composer install
+          mkdir data
+          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=autotest --database-pass=rootpassword --admin-user admin --admin-pass admin
+          php -f index.php

      - name: PHPUnit
-        uses: docker://ghcr.io/nextcloud/continuous-integration-php8.4-32bit:latest
-        with:
-          args: /bin/sh -c "composer run test -- --exclude-group PRIMARY-azure,PRIMARY-s3,PRIMARY-swift,Memcached,Redis,RoutingWeirdness"
+        run: composer run test -- --exclude-group PRIMARY-azure,PRIMARY-s3,PRIMARY-swift,Memcached,Redis,RoutingWeirdness
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src}}
@@ -57,24 +54,19 @@ jobs:
    if: needs.changes.outputs.src != 'false'

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.2']
-        mariadb-versions: ['10.6']
+        php-versions: ['8.1']
+        mariadb-versions: ['10.3', '10.6', '10.11', '11.4']
        include:
          - php-versions: '8.3'
            mariadb-versions: '10.11'
            coverage: ${{ github.event_name != 'pull_request' }}
-          - php-versions: '8.4'
-            mariadb-versions: '11.4'
-          - php-versions: '8.5'
-            mariadb-versions: '11.8'

    name: MariaDB ${{ matrix.mariadb-versions }} (PHP ${{ matrix.php-versions }}) - database tests

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
@@ -92,14 +84,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -125,24 +115,18 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=mysql --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit
-        run: composer run test:db -- --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.db.xml' || '' }}
+        run: composer run test:db ${{ matrix.coverage && ' -- --coverage-clover ./clover.db.xml' || '' }}

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-mariadb

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-mariadb
-
  summary:
    permissions:
      contents: none
@@ -54,9 +54,8 @@ jobs:
    if: needs.changes.outputs.src != 'false'

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.3', '8.4', '8.5']
+        php-versions: ['8.1', '8.3']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -65,21 +64,19 @@ jobs:

    services:
      memcached:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 11212:11212/tcp
          - 11212:11212/udp

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -97,24 +94,18 @@ jobs:
          mkdir data
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit memcached tests
-        run: composer run test -- --group Memcache --group Memcached --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}
+        run: composer run test -- --group Memcache,Memcached ${{ matrix.coverage && '--coverage-clover ./clover.xml' || '' }}

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.xml
          flags: phpunit-memcached

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-memcached
-
      - name: Print logs
        if: always()
        run: |
@@ -54,22 +54,21 @@ jobs:
    if: needs.changes.outputs.src != 'false'

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.2']
+        php-versions: ['8.1']
        mysql-versions: ['8.4']

    name: Sharding - MySQL ${{ matrix.mysql-versions }} (PHP ${{ matrix.php-versions }}) - database tests

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      mysql:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
        ports:
          - 4444:3306/tcp
        env:
@@ -79,7 +78,7 @@ jobs:
          MYSQL_DATABASE: oc_autotest
        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
      shard1:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
        ports:
          - 5001:3306/tcp
        env:
@@ -89,7 +88,7 @@ jobs:
          MYSQL_DATABASE: nextcloud
        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
      shard2:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
        ports:
          - 5002:3306/tcp
        env:
@@ -99,7 +98,7 @@ jobs:
          MYSQL_DATABASE: nextcloud
        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
      shard3:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
        ports:
          - 5003:3306/tcp
        env:
@@ -109,7 +108,7 @@ jobs:
          MYSQL_DATABASE: nextcloud
        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
      shard4:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
        ports:
          - 5004:3306/tcp
        env:
@@ -121,14 +120,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@2e947f1f6932d141d076ca441d0e1e881775e95b #v2.31.0
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -155,24 +152,18 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=mysql --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit
-        run: composer run test:db -- --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.db.xml' || '' }}
+        run: composer run test:db ${{ matrix.coverage && ' -- --coverage-clover ./clover.db.xml' || '' }}

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.1.1
        with:
          files: ./clover.db.xml
          flags: phpunit-mysql

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-mysql
-
      - name: Print logs
        if: always()
        run: |
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src }}
@@ -57,30 +54,25 @@ jobs:
    if: needs.changes.outputs.src != 'false'

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.2']
-        mysql-versions: ['8.0']
+        php-versions: ['8.1']
+        mysql-versions: ['8.0', '8.4']
        include:
          - mysql-versions: '8.0'
            php-versions: '8.3'
            coverage: ${{ github.event_name != 'pull_request' }}
-          - mysql-versions: '8.4'
-            php-versions: '8.4'
-          - mysql-versions: '8.4'
-            php-versions: '8.5'

    name: MySQL ${{ matrix.mysql-versions }} (PHP ${{ matrix.php-versions }}) - database tests

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      mysql:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
        ports:
          - 4444:3306/tcp
        env:
@@ -92,14 +84,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -125,24 +115,18 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=mysql --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit
-        run: composer run test:db -- --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.db.xml' || '' }}
+        run: composer run test:db ${{ matrix.coverage && ' -- --coverage-clover ./clover.db.xml' || '' }}

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-mysql

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-mysql
-
      - name: Print logs
        if: always()
        run: |
@@ -42,7 +42,6 @@ jobs:
              - '**/lib/**'
              - '**/templates/**'
              - '**/tests/**'
-              - 'resources/**'
              - 'vendor/**'
              - 'vendor-bin/**'
              - '.php-cs-fixer.dist.php'
@@ -57,9 +56,8 @@ jobs:
    if: needs.changes.outputs.src != 'false'

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.3', '8.4', '8.5']
+        php-versions: ['8.1', '8.3']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -68,21 +66,19 @@ jobs:

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -103,24 +99,18 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit nodb testsuite
-        run: composer run test -- --exclude-group DB --exclude-group SLOWDB --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.nodb.xml' || '' }}
+        run: composer run test -- --exclude-group DB,SLOWDB ${{ matrix.coverage && ' --coverage-clover ./clover.nodb.xml' || '' }}

      - name: Upload nodb code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.nodb.xml
          flags: phpunit-nodb

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-nodb
-
      - name: Print logs
        if: always()
        run: |
@@ -1,125 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-name: PHPUnit primary object store
-on:
-  pull_request:
-  schedule:
-    - cron: "15 2 * * *"
-
-permissions:
-  contents: read
-
-concurrency:
-  group: phpunit-object-store-primary-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  changes:
-    runs-on: ubuntu-latest-low
-
-    outputs:
-      src: ${{ steps.changes.outputs.src}}
-
-    steps:
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: changes
-        continue-on-error: true
-        with:
-          filters: |
-            src:
-              - '.github/workflows/**'
-              - '3rdparty/**'
-              - '**/appinfo/**'
-              - '**/lib/**'
-              - '**/templates/**'
-              - '**/tests/**'
-              - 'vendor/**'
-              - 'vendor-bin/**'
-              - '.php-cs-fixer.dist.php'
-              - 'composer.json'
-              - 'composer.lock'
-              - '**.php'
-
-  object-store-primary-tests-minio:
-    runs-on: ubuntu-latest
-    needs: changes
-
-    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}
-
-    strategy:
-      fail-fast: false
-      matrix:
-        php-versions: ['8.2']
-        key: ['s3', 's3-multibucket']
-
-    name: php${{ matrix.php-versions }}-${{ matrix.key }}-minio
-
-    services:
-      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
-        ports:
-          - 6379:6379/tcp
-        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
-
-      minio:
-        image: bitnami/minio@sha256:50cec18ac4184af4671a78aedd5554942c8ae105d51a465fa82037949046da01 # v2025.4.22
-        env:
-          MINIO_ROOT_USER: nextcloud
-          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
-          MINIO_DEFAULT_BUCKETS: nextcloud
-        ports:
-          - "9000:9000"
-
-    steps:
-      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Nextcloud
-        env:
-          OBJECT_STORE: ${{ matrix.key }}
-          OBJECT_STORE_KEY: nextcloud
-          OBJECT_STORE_SECRET: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
-        run: |
-          composer install
-          cp tests/redis.config.php config/
-          cp tests/preseed-config.php config/config.php
-          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
-          php -f tests/enable_all.php
-
-      - name: Wait for S3
-        run: |
-          sleep 10
-          curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://localhost:9000/minio/health/ready
-
-      - name: PHPUnit
-        run: composer run test:db
-
-      - name: S3 logs
-        if: always()
-        run: |
-          cat data/nextcloud.log
-          docker ps -a
-          docker ps -aq | while read container ; do IMAGE=$(docker inspect --format='{{.Config.Image}}' $container); echo $IMAGE; docker logs $container; echo "\n\n" ; done
-
-
-  object-store-primary-summary:
-    runs-on: ubuntu-latest-low
-    needs: [changes,object-store-primary-tests-minio]
-
-    if: always()
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && needs.object-store-primary-tests-minio.result != 'success' }}; then exit 1; fi
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src }}
@@ -60,21 +57,21 @@ jobs:
      fail-fast: false
      matrix:
        include:
+          - oracle-versions: '11'
+            php-versions: '8.1'
          - oracle-versions: '18'
-            php-versions: '8.2'
+            php-versions: '8.1'
            coverage: ${{ github.event_name != 'pull_request' }}
          - oracle-versions: '21'
+            php-versions: '8.2'
+          - oracle-versions: '23'
            php-versions: '8.3'
-          - oracle-versions: '23'
-            php-versions: '8.4'
-          - oracle-versions: '23'
-            php-versions: '8.5'

    name: Oracle ${{ matrix.oracle-versions }} (PHP ${{ matrix.php-versions }}) - database tests

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
@@ -99,14 +96,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -125,24 +120,18 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=oci --database-name=${{ matrix.oracle-versions < 23 && 'XE' || 'FREE'  }} --database-host=127.0.0.1 --database-port=1521 --database-user=system --database-pass=oracle --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit
-        run: composer run test:db -- --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.db.xml' || '' }}
+        run: composer run test:db ${{ matrix.coverage && ' -- --coverage-clover ./clover.db.xml' || '' }}

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-oci

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-oci
-
      - name: Run repair steps
        run: |
          ./occ maintenance:repair --include-expensive
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src }}
@@ -57,49 +54,42 @@ jobs:
    if: needs.changes.outputs.src != 'false'

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.2']
-        # To keep the matrix smaller we ignore PostgreSQL versions in between as we already test the minimum and the maximum
-        postgres-versions: ['14']
+        php-versions: ['8.1']
+        # To keep the matrix smaller we ignore PostgreSQL '13', '14', and '15' as we already test 12 and 16 as lower and upper bound
+        postgres-versions: ['12', '16']
        include:
          - php-versions: '8.3'
-            postgres-versions: '18'
+            postgres-versions: '16'
            coverage: ${{ github.event_name != 'pull_request' }}
-          - php-versions: '8.4'
-            postgres-versions: '18'
-          - php-versions: '8.5'
-            postgres-versions: '18'

    name: PostgreSQL ${{ matrix.postgres-versions }} (PHP ${{ matrix.php-versions }}) - database tests

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

      postgres:
-        image: ghcr.io/nextcloud/continuous-integration-postgres-${{ matrix.postgres-versions }}:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-postgres-${{ matrix.postgres-versions }}:latest
        ports:
          - 4444:5432/tcp
        env:
          POSTGRES_USER: root
          POSTGRES_PASSWORD: rootpassword
          POSTGRES_DB: nextcloud
-        options: --mount type=tmpfs,destination=/var/lib/postgresql --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5
+        options: --mount type=tmpfs,destination=/var/lib/postgresql/data --health-cmd pg_isready --health-interval 5s --health-timeout 2s --health-retries 5

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
@@ -120,24 +110,18 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=pgsql --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: PHPUnit database tests
-        run: composer run test:db -- --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.db.xml' || '' }}
+        run: composer run test:db ${{ matrix.coverage && ' -- --coverage-clover ./clover.db.xml' || '' }}

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-postgres

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-postgres
-
      - name: Run repair steps
        run: |
          ./occ maintenance:repair --include-expensive
@@ -23,9 +23,6 @@ concurrency:
 jobs:
  changes:
    runs-on: ubuntu-latest-low
-    permissions:
-      contents: read
-      pull-requests: read

    outputs:
      src: ${{ steps.changes.outputs.src }}
@@ -57,46 +54,40 @@ jobs:
    if: needs.changes.outputs.src != 'false'

    strategy:
-      fail-fast: false
      matrix:
-        php-versions: ['8.3', '8.4', '8.5']
+        php-versions: ['8.2', '8.3']
        include:
-          - php-versions: '8.2'
+          - php-versions: '8.1'
            coverage: ${{ github.event_name != 'pull_request' }}

    name: SQLite (PHP ${{ matrix.php-versions }})

    services:
      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest # zizmor: ignore[unpinned-images]
+        image: ghcr.io/nextcloud/continuous-integration-redis:latest
        ports:
          - 6379:6379/tcp
        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3

    steps:
      - name: Checkout server
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
          php-version: ${{ matrix.php-versions }}
          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, imagick, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
          ini-file: development
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up dependencies
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y ghostscript
-          composer i
+        run: composer i

      - name: Set up Nextcloud
        run: |
@@ -104,32 +95,24 @@ jobs:
          cp tests/redis.config.php config/
          cp tests/preseed-config.php config/config.php
          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php
+          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0

      - name: Nextcloud debug information
        run: ./occ app:list && echo "======= System config =======" && ./occ config:list system

      - name: PHPUnit database tests
-        run: composer run test:db -- --log-junit junit.xml ${{ matrix.coverage && '--coverage-clover ./clover.db.xml' || '' }} tests/lib/Preview/PostscriptTest.php
+        run: composer run test:db ${{ matrix.coverage && ' -- --coverage-clover ./clover.db.xml' || '' }}

      - name: Upload db code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@v4.5.0
        with:
          files: ./clover.db.xml
          flags: phpunit-sqlite

-      - name: Upload test results
-        if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1
-        with:
-          flags: phpunit-sqlite
-
      - name: Print logs
        if: always()
        run: |
-          gs --version
-          cat /etc/ImageMagick-6/policy.xml
          cat data/nextcloud.log

  summary:
@@ -15,17 +15,12 @@ on:
  schedule:
    - cron: '30 1 * * *'

-permissions:
-  contents: read
-  pull-requests: write
-
 jobs:
  pr-feedback:
-    if: ${{ github.repository_owner == 'nextcloud' }}
    runs-on: ubuntu-latest
    steps:
      - name: The get-github-handles-from-website action
-        uses: marcelklehr/get-github-handles-from-website-action@06b2239db0a48fe1484ba0bfd966a3ab81a08308 # v1.0.1
+        uses: marcelklehr/get-github-handles-from-website-action@a739600f6b91da4957f51db0792697afbb2f143c # v1.0.0
        id: scrape
        with:
          website: 'https://nextcloud.com/team/'
@@ -36,7 +31,7 @@ jobs:
          blocklist=$(curl https://raw.githubusercontent.com/nextcloud/.github/master/non-community-usernames.txt | paste -s -d, -)
          echo "blocklist=$blocklist" >> "$GITHUB_OUTPUT"

-      - uses: nextcloud/pr-feedback-action@f0cab224dea8e1f282f9451de322f323c78fc7a5 # main
+      - uses: marcelklehr/pr-feedback-action@1883b38a033fb16f576875e0cf45f98b857655c4
        with:
          feedback-message: |
            Hello there,
@@ -50,6 +45,6 @@ jobs:

            (If you believe you should not receive this message, you can add yourself to the [blocklist](https://github.com/nextcloud/.github/blob/master/non-community-usernames.txt).)
          days-before-feedback: 14
-          start-date: '2025-06-12'
-          exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }}'
+          start-date: '2024-04-30'
+          exempt-authors: '${{ steps.blocklist.outputs.blocklist }},${{ steps.scrape.outputs.users }},nextcloud-command,nextcloud-android-bot'
          exempt-bots: true
@@ -1,70 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-#
-# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Apply rector changes
-
-on:
-  workflow_dispatch:
-  schedule:
-    # At 14:30 on Sundays
-    - cron: '30 14 * * 0'
-
-permissions:
-  contents: read
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        php-versions: [ '8.2' ]
-
-    name: rector-apply
-
-    steps:
-      - name: Checkout
-        id: checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          ref: ${{ github.event.repository.default_branch }}
-
-      - name: Set up php${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
-          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install dependencies
-        run: |
-          composer remove nextcloud/ocp --dev --no-scripts
-          composer i
-          git restore lib/composer/composer
-
-      - name: Rector
-        run: composer run rector
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          commit-message: 'refactor: Apply rector changes'
-          committer: GitHub <noreply@github.com>
-          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
-          signoff: true
-          branch: automated/noid/rector-changes
-          title: 'Apply rector changes'
-          labels: |
-            technical debt
-            3. to review
@@ -1,45 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: AGPL-3.0-or-later
-name: Rector
-
-on:
-  pull_request:
-
-permissions:
-  contents: read
-
-concurrency:
-  group: rector-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  strict:
-    runs-on: ubuntu-latest
-
-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Set up php
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        with:
-          php-version: '8.2'
-          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
-          coverage: none
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Composer install
-        run: composer i
-
-      - name: Rector
-        run: composer run rector:strict
-
-      - name: Show changes
-        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
@@ -11,17 +11,12 @@ name: REUSE Compliance Check

 on: [pull_request]

-permissions:
-  contents: read
-
 jobs:
  reuse-compliance-check:
-    runs-on: ubuntu-latest-low
+    runs-on: ubuntu-latest
    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
+    - name: Checkout
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

-      - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6.0.0
+    - name: REUSE Compliance Check
+      uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4.0.0
@@ -7,9 +7,6 @@ on:
  schedule:
    - cron: "0 0 * * *"

-permissions:
-  contents: read
-
 jobs:
  stale:
    runs-on: ubuntu-latest
@@ -20,7 +17,7 @@ jobs:
      issues: write

    steps:
-    - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v9
+    - uses: actions/stale@v9
      with:
        repo-token: ${{ secrets.COMMAND_BOT_PAT }}
        stale-issue-message: >
@@ -30,6 +27,7 @@ jobs:
          for your contributions.
        stale-issue-label: 'stale'
        only-labels: 'needs info'
+        labels-to-remove-when-unstale: 'needs info,stale'
        exempt-issue-labels: '1. to develop,2. developing,3. to review,4. to release,security'
        days-before-stale: 30
        days-before-close: 14
@@ -4,17 +4,6 @@ name: Psalm static code analysis

 on:
  pull_request:
-  push:
-    branches:
-      - main
-      - master
-      - stable*
-    paths:
-      - '.github/workflows/static-code-analysis.yml'
-      - '**.php'
-
-permissions:
-  contents: read

 concurrency:
  group: static-code-analysis-${{ github.head_ref || github.run_id }}
@@ -24,21 +13,19 @@ jobs:
  static-code-analysis:
    runs-on: ubuntu-latest

-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
+    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
-          php-version: '8.2'
-          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          php-version: '8.1'
+          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
          coverage: none
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -47,69 +34,60 @@ jobs:
        run: composer i

      - name: Psalm
-        run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline
+        run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif

      - name: Show potential changes in Psalm baseline
        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
+        run: git diff -- . ':!lib/composer'
+
+      - name: Upload Analysis results to GitHub
+        if: always()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

  static-code-analysis-security:
    runs-on: ubuntu-latest

-    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
-
-    permissions:
-      security-events: write
-
    steps:
      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
-          php-version: '8.2'
-          extensions: ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          php-version: '8.1'
+          extensions: ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
          coverage: none

      - name: Composer install
        run: composer i

      - name: Psalm taint analysis
-        run: composer run psalm:security -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif
-
-      - name: Show potential changes in Psalm baseline
-        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
+        run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis

      - name: Upload Security Analysis results to GitHub
        if: always()
-        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3
+        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

  static-code-analysis-ocp:
    runs-on: ubuntu-latest

-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
-
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
-          php-version: '8.2'
-          extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          php-version: '8.1'
+          extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
          coverage: none
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -118,63 +96,8 @@ jobs:
        run: composer i

      - name: Psalm
-        run: composer run psalm:ocp -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline
+        run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline

      - name: Show potential changes in Psalm baseline
        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
-
-  static-code-analysis-ncu:
-    runs-on: ubuntu-latest
-
-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Set up php
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        timeout-minutes: 5
-        with:
-          php-version: '8.2'
-          extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
-          coverage: none
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Composer install
-        run: composer i
-
-      - name: Psalm
-        run: composer run psalm:ncu -- --threads=1 --monochrome --no-progress --output-format=github
-
-  static-code-analysis-strict:
-    runs-on: ubuntu-latest
-
-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Set up php
-        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 #v2.36.0
-        with:
-          php-version: '8.2'
-          extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
-          coverage: none
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Composer install
-        run: composer i
-
-      - name: Psalm
-        run: composer run psalm:strict -- --threads=1 --monochrome --no-progress --output-format=github
+        run: git diff -- . ':!lib/composer'
@@ -7,9 +7,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 jobs:
  update-ca-certificate-bundle:
    runs-on: ubuntu-latest
@@ -17,14 +14,13 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        branches: ['master', 'stable33', 'stable32', 'stable31', 'stable30', 'stable29',  'stable28',  'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']
+        branches: ['master', 'stable29',  'stable28',  'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']

    name: update-ca-certificate-bundle-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          ref: ${{ matrix.branches }}
          submodules: true

@@ -32,7 +28,7 @@ jobs:
        run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update CA certificate bundle'
@@ -7,9 +7,6 @@ on:
  schedule:
    - cron: "5 2 * * *"

-permissions:
-  contents: read
-
 jobs:
  update-code-signing-crl:
    runs-on: ubuntu-latest
@@ -17,14 +14,13 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        branches: ['master', 'stable33', 'stable32', 'stable31', 'stable30', 'stable29',  'stable28',  'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']
+        branches: ['master', 'stable29',  'stable28',  'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22']

    name: update-code-signing-crl-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
-          persist-credentials: false
          ref: ${{ matrix.branches }}
          submodules: true

@@ -35,7 +31,7 @@ jobs:
        run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update code signing revocation list'
@@ -1,128 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: Update min supported desktop version
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * 1"
-
-permissions:
-  contents: read
-
-jobs:
-  update-minimum-supported-desktop-version:
-    runs-on: ubuntu-latest-low
-
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          submodules: true
-
-      - name: Download desktop client version file from 5 years ago
-        id: download
-        run: |
-          # Create a temporary directory for the downloaded file
-          mkdir -p tmp
-
-          # Download the version file from the provided URL
-          VERSION_FILE_URL="https://github.com/nextcloud/desktop/raw/@%7B5.years.ago%7D/VERSION.cmake"
-
-          # Download the file using curl
-          curl -s -L "$VERSION_FILE_URL" -o tmp/VERSION.cmake
-
-          if [ ! -f "tmp/VERSION.cmake" ]; then
-            echo "Failed to download VERSION.cmake file"
-            exit 1
-          fi
-
-          echo "VERSION_FILE=tmp/VERSION.cmake" >> $GITHUB_OUTPUT
-          echo "Downloaded version file to tmp/VERSION.cmake"
-
-      - name: Extract version info
-        id: extract-version
-        run: |
-          # Path to the downloaded version file
-          VERSION_FILE="${{ steps.download.outputs.VERSION_FILE }}"
-
-          # Extract major, minor, patch versions
-          MAJOR=$(grep "VERSION_MAJOR" $VERSION_FILE | grep -o '[0-9]\+')
-          MINOR=$(grep "VERSION_MINOR" $VERSION_FILE | grep -o '[0-9]\+')
-          PATCH=$(grep "VERSION_PATCH" $VERSION_FILE | grep -o '[0-9]\+')
-
-          # Construct the version string
-          VERSION="$MAJOR.$MINOR.$PATCH"
-
-          # Validate format: xx.xx.xx where each x is a digit
-          if ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            echo "Error: Extracted version '$VERSION' does not match required format (xx.xx.xx)"
-            exit 1
-          fi
-
-          rm -rf tmp
-
-          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
-          echo "Extracted Version: $VERSION"
-
-      - name: Update files with new version ${{ steps.extract-version.outputs.VERSION }}
-        id: update-files
-        run: |
-          VERSION="${{ steps.extract-version.outputs.VERSION }}"
-
-          # Define the files to update
-          DAV_FILE="apps/dav/lib/Connector/Sabre/BlockLegacyClientPlugin.php"
-          CONFIG_FILE="config/config.sample.php"
-
-          # Check if files exist
-          if [ ! -f "$DAV_FILE" ]; then
-            echo "Error: DAV file not found at $DAV_FILE"
-            exit 1
-          fi
-
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "Error: Config file not found at $CONFIG_FILE"
-            exit 1
-          fi
-
-          # Update the DAV file - replace the version in the specific line
-          sed -i "s/\('minimum\.supported\.desktop\.version', '\)[0-9]\+\.[0-9]\+\.[0-9]\+'/\1$VERSION'/g" "$DAV_FILE"
-          echo "Updated $DAV_FILE"
-
-          # Update the config sample file
-          PREV_VERSION=$(grep "'minimum.supported.desktop.version'" "$CONFIG_FILE" | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+')
-          sed -i "s/Defaults to \`\`$PREV_VERSION\`\`/Defaults to \`\`$VERSION\`\`/" "$CONFIG_FILE"
-          sed -i "s/'minimum\.supported\.desktop\.version' => '[0-9]\+\.[0-9]\+\.[0-9]\+'/'minimum.supported.desktop.version' => '$VERSION'/g" "$CONFIG_FILE"
-          echo "Updated $CONFIG_FILE"
-
-          # Check if any changes were made
-          if [ -n "$(git diff "$DAV_FILE" "$CONFIG_FILE")" ]; then
-            echo "CHANGES_MADE=true" >> $GITHUB_OUTPUT
-            echo "Changes were made to the files"
-            git diff "$DAV_FILE" "$CONFIG_FILE"
-          else
-            echo "CHANGES_MADE=false" >> $GITHUB_OUTPUT
-            echo "No changes were needed (versions might already be up to date)"
-          fi
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0
-        if: steps.update-files.outputs.CHANGES_MADE == 'true'
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          commit-message: "chore: Update minimum supported desktop version"
-          committer: GitHub <noreply@github.com>
-          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
-          signoff: true
-          branch: "automated/noid/${{ matrix.branches }}-update-min-supported-desktop-version"
-          title: "chore: Update minimum supported desktop version to ${{ steps.extract-version.outputs.VERSION }}"
-          base: "master"
-          body: |
-            Auto-generated update of the minimum supported desktop version using last supported version.
-            https://github.com/nextcloud/desktop/blob/@%7B5.years.ago%7D/VERSION.cmake
-          labels: |
-            client: 💻 desktop
-            automated
-            3. to review
-          reviewers: '@nextcloud/desktop'
@@ -0,0 +1,52 @@
+# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+name: Auto approve psalm baseline update
+
+on:
+  pull_request_target:
+    branches:
+      - main
+      - master
+      - stable*
+
+permissions:
+  contents: read
+
+concurrency:
+  group: update-psalm-baseline-approve-merge-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  auto-approve-merge:
+    if: github.actor == 'nextcloud-command'
+    runs-on: ubuntu-latest-low
+    permissions:
+      # for hmarr/auto-approve-action to approve PRs
+      pull-requests: write
+      # for alexwilson/enable-github-automerge-action to approve PRs
+      contents: write
+
+    steps:
+      - name: Disabled on forks
+        if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
+        run: |
+          echo 'Can not approve PRs from forks'
+          exit 1
+
+      - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
+        id: branchname
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # GitHub actions bot approve
+      - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
+        if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline')
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # Enable GitHub auto merge
+      - name: Auto merge
+        uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # main
+        if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline')
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+name: Update Psalm baseline
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "5 2 * * *"
+
+jobs:
+  update-psalm-baseline:
+    runs-on: ubuntu-latest
+
+    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        branches: ['master', 'stable29', 'stable28', 'stable27']
+
+    name: update-psalm-baseline-${{ matrix.branches }}
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          ref: ${{ matrix.branches }}
+          submodules: true
+
+      - name: Set up php
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+        with:
+          php-version: '8.1'
+          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          coverage: none
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Composer install
+        run: composer install
+
+      - name: Psalm
+        run: composer run psalm:ci -- --monochrome --no-progress --output-format=text --update-baseline
+        continue-on-error: true
+
+      - name: Psalm OCP
+        run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline
+        continue-on-error: true
+
+      - name: Reset composer
+        run: |
+          git clean -f lib/composer
+          git checkout composer.json composer.lock lib/composer
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          commit-message: 'chore(tests): Update psalm baseline'
+          committer: GitHub <noreply@github.com>
+          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
+          signoff: true
+          branch: 'automated/noid/${{ matrix.branches }}-update-psalm-baseline'
+          title: '[${{ matrix.branches }}] Update psalm-baseline.xml'
+          body: |
+            Auto-generated update psalm-baseline.xml with fixed psalm warnings
+          labels: |
+            automated pr
+            3. to review
+          team-reviewers: server-backend
@@ -1,69 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-name: Update PRs titles on stable branches
-
-on:
-  pull_request:
-    types: [opened, edited]
-    branches:
-      - "stable*"
-
-concurrency:
-  group: stable-pr-title-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  update-pr-title:
-    runs-on: ubuntu-latest-low
-    permissions:
-      pull-requests: write
-      contents: read
-
-    steps:
-      - name: Wait for potential title edits
-        run: sleep 15
-
-      - name: Get PR details and update title
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const { data: pr } = await github.rest.pulls.get({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-            });
-
-            const baseBranch = pr.base.ref;
-            const currentTitle = pr.title;
-
-            // Check if this is a stable branch
-            // Should not happen as we only trigger on stable* branches 🤷‍♀️
-            if (!baseBranch.startsWith('stable')) {
-              console.log(`Not a stable branch: ${baseBranch}`);
-              return;
-            }
-
-            const prefix = `[${baseBranch}]`;
-
-            // Check if title already has the correct prefix and no other stable tags
-            const correctTagRegex = new RegExp(`^\\[${baseBranch}\\]\\s*`);
-            const hasOtherStableTags = /\[stable[\d.]*\]/.test(currentTitle.replace(correctTagRegex, ''));
-
-            if (correctTagRegex.test(currentTitle) && !hasOtherStableTags) {
-              console.log(`Title already has correct prefix only: ${currentTitle}`);
-              return;
-            }
-
-            // Remove all stable tags and add the correct one
-            const cleanTitle = currentTitle.replace(/\[stable[\d.]*\]\s*/g, '').trim();
-            const newTitle = `${prefix} ${cleanTitle}`;
-
-            console.log(`Updating title from: "${currentTitle}" to: "${newTitle}"`);
-
-            await github.rest.pulls.update({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-              title: newTitle,
-            });
@@ -11,7 +11,7 @@
 /apps/inc.php
 /assets
 /.htaccess
-node_modules/
+/node_modules
 /translationfiles
 /translationtool.phar

@@ -35,7 +35,6 @@ node_modules/
 !/apps/lookup_server_connector
 !/apps/user_ldap
 !/apps/oauth2
-!/apps/profile
 !/apps/provisioning_api
 !/apps/settings
 !/apps/systemtags
@@ -55,6 +54,10 @@ node_modules/
 /apps/files_external/3rdparty/irodsphp/prods/test*
 /apps/files_external/tests/config.*.php

+# apps modules
+/apps/*/node_modules
+
+
 # ignore themes except the example and the README
 /themes/*
 !/themes/example
@@ -127,9 +130,13 @@ nbproject
 # Tests
 /tests/phpunit.xml

+# Node Modules
+/build/node_modules/
+
 # nodejs
 /build/bin
 /build/lib/
+/build/jsdocs/
 /build/integration/output/
 /build/integration/phpserver.log
 /npm-debug.log
@@ -144,8 +151,6 @@ Vagrantfile

 # Tests - auto-generated files
 /data-autotest
-/results.sarif
-/tests/.phpunit.cache
 /tests/.phpunit.result.cache
 /tests/coverage*
 /tests/css
@@ -177,5 +182,3 @@ core/js/mimetypelist.js
 cypress/downloads
 cypress/snapshots
 cypress/videos
-
-/.direnv
@@ -1,178 +1,97 @@
 <IfModule mod_headers.c>
-    <IfModule mod_setenvif.c>
-        <IfModule mod_fcgid.c>
-            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
-            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
-        </IfModule>
-        <IfModule mod_proxy_fcgi.c>
-            SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
-        </IfModule>
-        <IfModule mod_lsapi.c>
-            SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
-            RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
-        </IfModule>
+  <IfModule mod_setenvif.c>
+    <IfModule mod_fcgid.c>
+       SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
+       RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
    </IfModule>
-
-    <IfModule mod_env.c>
-        # Add security and privacy related headers
-        # Avoid doubled headers by unsetting headers in "onsuccess" table,
-        # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
-
-        <If "%{REQUEST_URI} =~ m#/login$#">
-            # Only on the login page we need any Origin or Referer header set.
-            Header onsuccess unset Referrer-Policy
-            Header always set Referrer-Policy "same-origin"
-        </If>
-        <Else>
-            Header onsuccess unset Referrer-Policy
-            Header always set Referrer-Policy "no-referrer"
-        </Else>
-
-        Header onsuccess unset X-Content-Type-Options
-        Header always set X-Content-Type-Options "nosniff"
-
-        Header onsuccess unset X-Frame-Options
-        Header always set X-Frame-Options "SAMEORIGIN"
-
-        Header onsuccess unset X-Permitted-Cross-Domain-Policies
-        Header always set X-Permitted-Cross-Domain-Policies "none"
-
-        Header onsuccess unset X-Robots-Tag
-        Header always set X-Robots-Tag "noindex, nofollow"
-
-        SetEnv modHeadersAvailable true
+    <IfModule mod_proxy_fcgi.c>
+       SetEnvIfNoCase Authorization "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>
+    <IfModule mod_lsapi.c>
+      SetEnvIfNoCase ^Authorization$ "(.+)" XAUTHORIZATION=$1
+      RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
+    </IfModule>
+  </IfModule>

-    # Add cache control for static resources
-    <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
-        <If "%{QUERY_STRING} =~ /(^|&)v=/">
-            Header set Cache-Control "max-age=15778463, immutable"
-        </If>
-        <Else>
-            Header set Cache-Control "max-age=15778463"
-        </Else>
-    </FilesMatch>
+  <IfModule mod_env.c>
+    # Add security and privacy related headers

-    # Let browsers cache OTF and WOFF files for a week
-    <FilesMatch "\.(otf|woff2?)$">
-        Header set Cache-Control "max-age=604800"
-    </FilesMatch>
+    # Avoid doubled headers by unsetting headers in "onsuccess" table,
+    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
+    Header onsuccess unset Referrer-Policy
+    Header always set Referrer-Policy "no-referrer"
+
+    Header onsuccess unset X-Content-Type-Options
+    Header always set X-Content-Type-Options "nosniff"
+
+    Header onsuccess unset X-Frame-Options
+    Header always set X-Frame-Options "SAMEORIGIN"
+
+    Header onsuccess unset X-Permitted-Cross-Domain-Policies
+    Header always set X-Permitted-Cross-Domain-Policies "none"
+
+    Header onsuccess unset X-Robots-Tag
+    Header always set X-Robots-Tag "noindex, nofollow"
+
+    Header onsuccess unset X-XSS-Protection
+    Header always set X-XSS-Protection "1; mode=block"
+
+    SetEnv modHeadersAvailable true
+  </IfModule>
+
+  # Add cache control for static resources
+  <FilesMatch "\.(css|js|mjs|svg|gif|png|jpg|webp|ico|wasm|tflite)$">
+    <If "%{QUERY_STRING} =~ /(^|&)v=/">
+      Header set Cache-Control "max-age=15778463, immutable"
+    </If>
+    <Else>
+      Header set Cache-Control "max-age=15778463"
+    </Else>
+  </FilesMatch>
+
+  # Let browsers cache WOFF files for a week
+  <FilesMatch "\.woff2?$">
+    Header set Cache-Control "max-age=604800"
+  </FilesMatch>
 </IfModule>

 <IfModule mod_php.c>
-    php_value default_charset 'UTF-8'
-    php_value output_buffering 0
-    <IfModule mod_env.c>
-        SetEnv htaccessWorking true
-    </IfModule>
+  php_value mbstring.func_overload 0
+  php_value default_charset 'UTF-8'
+  php_value output_buffering 0
+  <IfModule mod_env.c>
+    SetEnv htaccessWorking true
+  </IfModule>
 </IfModule>

 <IfModule mod_mime.c>
-    AddType image/svg+xml svg svgz
-    AddType application/wasm wasm
-    AddEncoding gzip svgz
-    # Serve ESM javascript files (.mjs) with correct mime type
-    AddType text/javascript js mjs
+  AddType image/svg+xml svg svgz
+  AddType application/wasm wasm
+  AddEncoding gzip svgz
+  # Serve ESM javascript files (.mjs) with correct mime type
+  AddType text/javascript js mjs
 </IfModule>

 <IfModule mod_dir.c>
-    DirectoryIndex index.php index.html
+  DirectoryIndex index.php index.html
 </IfModule>

 <IfModule pagespeed_module>
-    ModPagespeed Off
+  ModPagespeed Off
 </IfModule>

-#############
-#### Rewrites
-#############
-
 <IfModule mod_rewrite.c>
-    RewriteEngine on
-
-##
-## Rule: Workaround for WebDAV with apache+php-cgi
-##
-## Context:
-##    - Sets the environment variable `HTTP_AUTHORIZATION` to the value of the `Authorization` request header
-##    - Always executed before and along with other rules (no `L` used)
-##    - XXX: *May* be replaced with an equivalent SetEnvIf in theory
-##    - XXX: SetEnvIf approach is already in use above for mod_proxy_cgi / mod_lsapi / mod_fcgid
-##
-
-    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
-
-##
-## Rule: Workaround for WebDAV with MS DavClnt
-##
-## Context: 
-##    - DavClnt attempts an OPTIONS request against `/` instead of the specified endpoint
-##    - Redirects the client to the endpoint rather than the login page (which confuses DavClnt)
-##
-
-    RewriteCond %{HTTP_USER_AGENT} DavClnt
-    RewriteRule ^$ /remote.php/webdav/ [L,R=302]
-
-##
-## Rule: Map the RFC 8615 / RFC 6764 compliant well-known URI for CardDAV to our Remote DAV endpoint
-##
-
-    RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
-
-##
-## Rule: Map the RFC 8615 / RFC 6764 compliant well-known URI for CalDAV to our Remote DAV endpoint
-##
-
-    RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
-
-##
-## Rule: Map /remote* --> /remote.php* including the query string
-##
-## Context:
-##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
-##    - XXX: Is this even used anymore? Seems a relic from <NC12
-##
-
-    RewriteRule ^remote/(.*) remote.php [QSA,L]
-
-##
-## Rule: Prevent access to non-public files
-##
-
-    RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
-
-##
-## Rule: Maps most RFC 8615 compliant well-known URIs to our main frontend controller (/index.php) by default
-##
-## Context:
-##    - Intentionally excludes URIs used for HTTPS certificate verifications
-##        - RFC 8555 / ACME HTTP Challenges (acme-challenge) 
-##        - File-based Validations (pki-validation)
-##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
-##    - XXX: Sometimes we are using `/index.php` and other times `index.php` as our replacement URI; this may be incorrect
-##
-
-    RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
-
-##
-## Rule: Map the ocm-provider handling to our main frontend controller (/index.php)
-##
-## Context:
-##    - XXX: `QSA` seems unnecessary (no-op) here (query string is passed by default when the replacement URI doesn't contain a query string)
-##    - XXX: Sometimes we are using `/index.php` and other times `index.php` as our replacement URI; this may be incorrect
-##
-
-    RewriteRule ^ocm-provider/?$ index.php [QSA,L]
-
-##
-## Rule: Prevent access to more non-public files
-##
-## Context:
-##    - XXX It may make sense to merge some of these with the others (i.e. the ones that don't need to be last)
-##
-
-    RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
-
+  RewriteEngine on
+  RewriteCond %{HTTP_USER_AGENT} DavClnt
+  RewriteRule ^$ /remote.php/webdav/ [L,R=302]
+  RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+  RewriteRule ^\.well-known/carddav /remote.php/dav/ [R=301,L]
+  RewriteRule ^\.well-known/caldav /remote.php/dav/ [R=301,L]
+  RewriteRule ^remote/(.*) remote.php [QSA,L]
+  RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
+  RewriteRule ^\.well-known/(?!acme-challenge|pki-validation) /index.php [QSA,L]
+  RewriteRule ^ocm-provider/?$ index.php [QSA,L]
+  RewriteRule ^(?:\.(?!well-known)|autotest|occ|issue|indie|db_|console).* - [R=404,L]
 </IfModule>

 # Clients like xDavv5 on Android, or Cyberduck, use chunked requests.
@@ -183,18 +102,16 @@
 # Here are more information about the issue:
 #  - https://docs.cyberduck.io/mountainduck/issues/fastcgi/
 #  - https://docs.nextcloud.com/server/latest/admin_manual/issues/general_troubleshooting.html#troubleshooting-webdav
-
 <IfModule mod_setenvif.c>
-    SetEnvIfNoCase Transfer-Encoding "chunked" proxy-sendcl=1
+  SetEnvIf Transfer-Encoding "chunked" proxy-sendcl=1
 </IfModule>

-# Apache disabled the sending of the server-side content-length header
+# Apache disabled the sending of the server-side content-length header 
 # in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
 # Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
 # See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
-
 <IfModule mod_env.c>
-    SetEnv ap_trust_cgilike_cl
+  SetEnv ap_trust_cgilike_cl
 </IfModule>

 AddDefaultCharset utf-8
@@ -252,7 +252,6 @@ Michael Monreal <michael.monreal@gmail.com>
 Michael Roitzsch <reactorcontrol@icloud.com>
 michag86 <micha_g@arcor.de>
 Michiel de Jong <michiel@unhosted.org> Michiel@unhosted <michiel@unhosted.org>
-Micke Nordin <kano@sunet.se> Mikael Nordin <mickenordin@users.noreply.github.com>
 Miguel Prokop <miguel.prokop@vtu.com>
 miicha <pfitzner@physik.hu-berlin.de>
 Miquel Rodríguez Telep / Michael Rodríguez-Torrent <miquel@designunbound.co.uk>
@@ -1,29 +0,0 @@
-# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: AGPL-3.0-only
-# Files removed at build time
-
-# Global exclude
-.editorconfig
-.git
-.git-blame-ignore-revs
-.gitattributes
-.github
-.gitignore
-.gitmodules
-.idea
-.l10nignore
-.nextcloudignore
-.noopenapi
-.tx
-cypress
-tests
-
-# Server specific
-/.devcontainer
-/__mocks__
-/__tests__
-/autotest*.sh
-/build
-/config/config.php
-/contribute
-/data
@@ -14,26 +14,29 @@ $config = new Config();
 $config
 	->setParallelConfig(ParallelConfigFactory::detect())
 	->getFinder()
-	->in(__DIR__)
-	->exclude([
-		'3rdparty',
-		'build/stubs',
-		'composer',
-	])
-;
+	->ignoreVCSIgnored(true)
+	->exclude('config')
+	->exclude('data')
+	->notPath('3rdparty')
+	->notPath('build/integration/vendor')
+	->notPath('build/lib')
+	->notPath('build/node_modules')
+	->notPath('build/stubs')
+	->notPath('composer')
+	->notPath('node_modules')
+	->notPath('vendor')
+	->in('apps')
+	->in(__DIR__);

+// Ignore additional app directories
+$rootDir = new \DirectoryIterator(__DIR__);
+foreach ($rootDir as $node) {
+	if (str_starts_with($node->getFilename(), 'apps')) {
+		$return = shell_exec('git check-ignore ' . escapeshellarg($node->getFilename() . '/'));

-$ignoredEntries = shell_exec('git status --porcelain --ignored ' . escapeshellarg(__DIR__));
-$ignoredEntries = explode("\n", $ignoredEntries);
-$ignoredEntries = array_filter($ignoredEntries, static fn (string $line) => str_starts_with($line, '!! '));
-$ignoredEntries = array_map(static fn (string $line) => substr($line, 3), $ignoredEntries);
-$ignoredEntries = array_values($ignoredEntries);
-
-foreach ($ignoredEntries as $ignoredEntry) {
-	if (str_ends_with($ignoredEntry, '/')) {
-		$config->getFinder()->exclude($ignoredEntry);
-	} else {
-		$config->getFinder()->notPath($ignoredEntry);
+		if ($return !== null) {
+			$config->getFinder()->exclude($node->getFilename());
+		}
 	}
 }

@@ -0,0 +1,42 @@
+# SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-FileCopyrightText: 2016 ownCloud, Inc.
+# SPDX-License-Identifier: AGPL-3.0-only
+before_commands:
+  - 'git submodule update --init --recursive'
+
+build:
+    nodes:
+        analysis:
+            tests:
+                override:
+                    - php-scrutinizer-run
+
+checks:
+    php:
+        excluded_dependencies:
+            - etsy/phan
+
+filter:
+    excluded_paths:
+        - '3rdparty/*'
+        - 'apps/*/3rdparty/*'
+        - 'apps/*/vendor/*'
+        - 'l10n/*'
+        - 'core/l10n/*'
+        - 'apps/*/l10n/*'
+        - 'apps/*/tests/*'
+        - 'lib/l10n/*'
+        - 'core/vendor/*'
+        - 'core/js/tests/lib/*.js'
+        - 'core/js/tests/specs/*.js'
+        - 'core/js/jquery-showpassword.js'
+        - 'core/js/jquery-tipsy.js'
+        - 'core/js/placeholders.js'
+        - 'settings/l10n/*'
+        - 'tests/*'
+        - 'build/*'
+        - 'lib/composer/*'
+
+imports:
+    - javascript
+    - php
@@ -116,12 +116,6 @@ source_file = translationfiles/templates/oauth2.pot
 source_lang = en
 type        = PO

-[o:nextcloud:p:nextcloud:r:profile]
-file_filter = translationfiles/<lang>/profile.po
-source_file = translationfiles/templates/profile.pot
-source_lang = en
-type        = PO
-
 [o:nextcloud:p:nextcloud:r:provisioning_api]
 file_filter = translationfiles/<lang>/provisioning_api.po
 source_file = translationfiles/templates/provisioning_api.pot
@@ -1,9 +1,7 @@
 ; SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 ; SPDX-FileCopyrightText: 2014-2016 ownCloud, Inc.
 ; SPDX-License-Identifier: AGPL-3.0-only
-;
-; NOTE: PHP caches this file for 300 seconds by default
-;
+mbstring.func_overload=0
 always_populate_raw_post_data=-1
 default_charset='UTF-8'
 output_buffering=0
@@ -67,7 +67,7 @@
 - Bernhard Posselt <dev@bernhard-posselt.com>
 - Bernhard Reiter <ockham@raz.or.at>
 - Bill McGonigle <bill-github.com@bfccomputing.com>
- - Daniel Niccoli <daniel.niccoli@gmail.com>
+ - Birk Borkason <daniel.niccoli@gmail.com>
 - Bjoern Schiessle <bjoern@schiessle.org>
 - Björn Schießle <bjoern@schiessle.org>
 - Bjørn Forsman <bjorn.forsman@gmail.com>
@@ -338,6 +338,7 @@
 - Mickey Knox <mickey@netfreaks.org>
 - Miguel Prokop <miguel.prokop@vtu.com>
 - Mikael Hammarin <mikael@try2.se>
+ - Mikael Nordin <mickenordin@users.noreply.github.com>
 - Mikael Saarinen <mikaels@iki.fi>
 - Mikhail Sazanov <m@sazanof.ru>
 - Mitar <mitar.git@tnode.com>
@@ -558,7 +559,6 @@
 - fnuesse <felix.nuesse@t-online.de>
 - fnuesse <fnuesse@techfak.uni-bielefeld.de>
 - greta <gretadoci@gmail.com>
- - Hector Valcarcel <hmvalcarcel@gmail.com>
 - helix84 <helix84@centrum.sk>
 - hkjolhede <hkjolhede@gmail.com>
 - hoellen <dev@hoellen.eu>
@@ -619,7 +619,6 @@
 - szaimen <szaimen@e.mail.de>
 - tbartenstein <tbartenstein@users.noreply.github.com>
 - tbelau666 <thomas.belau@gmx.de>
- - TechnicalSuwako <suwako@076.moe>
 - tgrant <tom.grant760@gmail.com>
 - timm2k <timm2k@gmx.de>
 - tux-rampage <tux-rampage@users.noreply.github.com>
@@ -1,117 +0,0 @@
-GNU GENERAL PUBLIC LICENSE
-Version 2, June 1991
-
-Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
-
-Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
-
-Preamble
-
-The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too.
-
-When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.
-
-To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
-
-For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.
-
-We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.
-
-Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.
-
-Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.
-
-The precise terms and conditions for copying, distribution and modification follow.
-
-TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
-
-1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
-
-2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
-
-     a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
-
-     b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
-
-     c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
-
-3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
-
-     a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
-
-     b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
-
-     c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
-
-If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
-
-4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
-
-5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
-
-6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
-
-7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
-
-It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
-
-This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
-
-8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
-
-9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
-
-10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
-
-NO WARRANTY
-
-11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-END OF TERMS AND CONDITIONS
-
-How to Apply These Terms to Your New Programs
-
-If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
-
-To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.
-
-     one line to give the program's name and an idea of what it does. Copyright (C) yyyy name of author
-
-     This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
-
-     This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
-     You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this when it starts in an interactive mode:
-
-     Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:
-
-     Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-signature of Ty Coon, 1 April 1989 Ty Coon, President of Vice
@@ -6,4 +6,4 @@ and our products: “Nextcloud Files”; “Nextcloud Groupware” and “Nextcl
 This set of marks is collectively referred to as the “Nextcloud marks.”

 Use of Nextcloud logos and other marks is only permitted under the guidelines provided by the Nextcloud GmbH.
-A copy can be found at https://nextcloud.com/trademarks/
+A copy can be found at https://discord.com/branding
@@ -0,0 +1,39 @@
+License Agreement for Freepik Content
+
+The Company authorizes the User to download and use the Freepik Content under the terms of this Section (see Section 7 in relation to Sponsored Content). The Company and its licensors reserve all rights over the Freepik Content not expressly granted in this license to the User.
+
+Subject to the fulfillment of these Terms, the Company authorizes the User in a non-transferable, revocable, limited, non-exclusive manner and on a worldwide basis for the duration of the relevant rights; to download, use and modify the Freepik Content, in a device the User owns or controls and only for the purposes and uses allowed in these Terms.
+
+The User may use the Freepik Content (including any derivative work), either using the Freepik Contents in its entirety or using only some or some of its elements, either using the Freepik Contents without modification, combining them with other contents or having previously modified them, being the license granted with respect to the Freepik content, provided that it:
+
+* Does not involve collective use;
+* The Freepik Content is not used in a manner that suggests an association or endorsement of any kind by the Company or the Website;
+* The Freepik Content or any derivative work is not used or included (in whole or in part) in a database, archive or in any other media/stock product, collection, set of clips, or library, for distribution or resale or used in any other way that could prevent or limit future visits or downloads from the Website;
+* Does not resell, assign, transfer or sublicense the Freepik Content or any derived work from the Freepik Content;
+* Does not use the Freepik Content in printed or electronic items (e.g. t-shirts, cups, postcards, birthday or greeting cards, invitations, calendars, web models or electronic devices, apps, NFTs, videogames, advertising spots, audiovisual animations) aimed to be resold, in which the content in the Freepik Content is the main element (because of size, relevance or any other cause, in case of doubt about whether the content is main element, it shall be deemed that the content is main element);
+* Does not use the Freepik Content (totally or partially) in any trademark, or part of the same, which may be used by any other means to guarantee or to imply a guaranty of any product and/or service, unless the Freepik Content used in such cases is modified in such a way as to be a new and different content not confusingly similar with the original Freepik Content or implies a use of the Freepik Content as a template or test, and not as a final item or material;
+* Does not use the Freepik Content (including any caption information, title, keywords or other metadata associated with the Freepik Content) for any machine learning and/or artificial intelligence purposes, or for any technologies designed or intended for the identification of natural persons.
+* Does not make any use of the Freepik Content which might be considered defamatory, libellous, obscene, immoral or illegal, including, without limitation, using it in a way that places any person appearing in the Freepik Content in a negative light or depicts them in a way that they may find offensive such as the use in pornography, advertisements for escort or similar services, political endorsements, birth control products, and;
+* Does not make any use of the Freepik Content to slander, libel or to vilify a person, race, sex, culture, sexual orientation, religion, country, region, town, village or any other place, or any other human group.
+
+When any Freepik Content is marked or identified as for editorial use, or when within the same there are logos, recognizable products, public buildings, public events or images taken in places where recognizable persons appear in the background, the User shall only be entitled to use it for such editorial use. In such cases, the User undertakes not to use that content in any manner that entails any connection with any business activity, the use in economic traffic or advertising, marketing or commercialization of any product or service. The User shall be directly liable and the Company shall not assume any liability as a result of the use for commercial purposes by the User of any content belonging to the Freepik Content, which according to this paragraph should be for editorial use only.
+
+The authorization to use the Freepik Content shall be free provided that any use of the content in the Freepik Content by the User is credited to the Company/Website as stated by the Company from time to time. In order to benefit from the Service or to use the Freepik Content without acknowledging the Company/Website, the User must purchase a premium subscription (hereinafter, the "Premium Subscription") in the Website and download the Freepik Content during the term of any such Premium Subscription. Conditions in Section 10 shall apply to the purchase of the Premium Subscription.
+
+As a general rule, it is forbidden for a User to authorize any third parties to use the Freepik Content (or any modification of any content in the Freepik Content). As an exception to the prohibition, the User may allow third parties to use the Freepik Content, when each and every of the following conditions are met:
+
+* The third party has professionally instructed the User to produce goods or provide services to it/him/her and the User uses a limited number of items within the Freepik Content to produce such goods or provide such services to the instructing third party;
+* The authorization granted by the User to the third party is in writing and complies with every restriction of the User’s authorization to use the relevant Freepik Content and includes, without limitation, a restriction for the third party to distribute, resell or license the relevant content in the Freepik Content (i.e. the third party is the final user of the relevant content in the Freepik Content);
+* None of the contents in the Freepik Content which are subject to the authorization are used as the main element (because of size, relevance or any other cause; in case of doubt about whether the content is the main element, it shall be deemed as the main element) in printed or electronic items (e.g. t-shirts, cups, postcards, birthday or greeting cards, invitations, calendars, web models or electronic devices, apps, NFTs, videogames, advertising spots, audiovisual animations) aimed to be resold by the third party;
+* The production of goods or provision of services by the User to the third party is not done by automatic means, it is tailor-made for the third party (and therefore its use is not authorized by the User to any other third party) and requires a specific substantial human intervention from the User in relation to each third party; and
+* The User -and not the third party- chooses the specific items within the content of the Freepik Content to be used in the production of goods or provision of services for the third party.
+
+When all of the above conditions are met, the User shall be entitled to authorize a third party to use the relevant content in the Freepik Content. This exception refers only to the prohibition for the User to authorize third parties to use the content in the Freepik Content without affecting or limiting in any way the remaining conditions of the User’s right to use the Freepik Content. Whether the above conditions regarding the exception to the prohibition for Users to authorize third parties to use the content in the Freepik Content are met shall be interpreted restrictively so that, in case of doubt, it shall be deemed that the conditions are not met.
+
+The User does not acquire any right as a result of the use of the content in the Freepik Content. In particular, the User is not authorized to distribute, resell or rent any content in the Freepik Content (or any modification of any content in the Freepik Content).
+
+The Company may, at any time, offer any content on the Website under a different license from the one included in this Section (the "Specific License"). The Company will inform on the Website which content is licensed under an Specific License. The Specific License will be made available to the User and will include, without limitation, a description of the license itself, as well as the permitted and prohibited uses in relation to the content. In the event that a particular content is offered under a Specific License, the Specific License shall apply over the general license described in this Section. Notwithstanding the foregoing, all other obligations contained in these Terms shall continue to be binding on the User, unless they conflict with the Specific License, in which case the Specific License shall prevail.
+
+The User’s rights under this Section will end automatically without any notice if the User breaches any of the Terms. In case of termination of the rights hereunder, the User shall cease using content in the Freepik Content and will destroy every copy, whether total or partial, thereof.
+
+A copy can be found at <https://www.freepikcompany.com/legal/#nav-freepik-agreement>
@@ -5,13 +5,14 @@
 -->
 # Nextcloud Server ☁
 [![REUSE status](https://api.reuse.software/badge/github.com/nextcloud/server)](https://api.reuse.software/info/github.com/nextcloud/server)
-[![codecov](https://codecov.io/gh/nextcloud/server/branch/master/graph/badge.svg)](https://codecov.io/gh/nextcloud/server)
+[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/nextcloud/server/badges/quality-score.png?b=stable30)](https://scrutinizer-ci.com/g/nextcloud/server/?branch=stable30)
+[![codecov](https://codecov.io/gh/nextcloud/server/branch/stable30/graph/badge.svg)](https://codecov.io/gh/nextcloud/server)
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/209/badge)](https://bestpractices.coreinfrastructure.org/projects/209)
 [![Design](https://contribute.design/api/shield/nextcloud/server)](https://contribute.design/nextcloud/server)

 **A safe home for all your data.**

-![](https://raw.githubusercontent.com/nextcloud/screenshots/master/nextcloud-hub-25-files.png)
+![](https://raw.githubusercontent.com/nextcloud/screenshots/master/nextcloud-hub-files-25-preview.png)

 ## Why is this so awesome? 🤩

@@ -35,8 +36,8 @@ Enterprise? Public Sector or Education user? You may want to have a look into [*
 ## Get in touch 💬

 * [📋 Forum](https://help.nextcloud.com)
-* [🦋 Bluesky](https://bsky.app/profile/nextcloud.bsky.social)
 * [👥 Facebook](https://www.facebook.com/nextclouders)
+* [🐣 Twitter](https://twitter.com/Nextclouders)
 * [🐘 Mastodon](https://mastodon.xyz/@nextcloud)

 You can also [get support for Nextcloud](https://nextcloud.com/support)!
@@ -73,10 +74,6 @@ Otherwise, git checkouts can be handled the same as release archives, by using t

 - Comment on a pull request with `/update-3rdparty` to update the 3rd party submodule. It will update to the last commit of the 3rd party branch named like the PR target.

-#### Ignore code style updates in git blame
-
-`git config blame.ignoreRevsFile .git-blame-ignore-revs`
-
 ## Contribution guidelines 📜

 All contributions to this repository from June 16, 2016, and onward are considered to be
@@ -1 +0,0 @@
-build/frontend/__mocks__
@@ -0,0 +1,17 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+export const getCurrentUser = function() {
+	return {
+		uid: 'test',
+		displayName: 'Test',
+		isAdmin: false,
+	}
+}
+
+export const getRequestToken = function() {
+	return 'test-token-1234'
+}
+
+export const onRequestTokenUpdate = function() {}
@@ -0,0 +1,17 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+export default {
+	interceptors: {
+		response: {
+			use: () => {},
+		},
+		request: {
+			use: () => {},
+		},
+	},
+	get: async () => ({ status: 200, data: {} }),
+	delete: async () => ({ status: 200, data: {} }),
+	post: async () => ({ status: 200, data: {} }),
+}
@@ -0,0 +1,22 @@
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+import type { Capabilities } from '../../apps/files/src/types'
+
+export const getCapabilities = (): Capabilities => {
+	return {
+		files: {
+			bigfilechunking: true,
+			blacklisted_files: [],
+			forbidden_filename_basenames: [],
+			forbidden_filename_characters: [],
+			forbidden_filename_extensions: [],
+			forbidden_filenames: [],
+			undelete: true,
+			version_deletion: true,
+			version_labeling: true,
+			versioning: true,
+		},
+	}
+}
@@ -0,0 +1,13 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+import { jest } from '@jest/globals'
+
+export const showMessage = jest.fn()
+export const showSuccess = jest.fn()
+export const showWarning = jest.fn()
+export const showInfo = jest.fn()
+export const showError = jest.fn()
+export const showUndo = jest.fn()
@@ -0,0 +1,8 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+export const loadState = function(app: string, key: string, fallback?: any) {
+	return fallback
+}
@@ -0,0 +1,10 @@
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+export const createClient = () => {}
+export const getPatcher = () => {
+	return {
+		patch: () => {}
+	}
+}
@@ -1 +0,0 @@
-build/frontend/__tests__
@@ -0,0 +1,128 @@
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+import { basename } from 'node:path'
+import mime from 'mime'
+
+class FileSystemEntry {
+
+	private _isFile: boolean
+	private _fullPath: string
+
+	constructor(isFile: boolean, fullPath: string) {
+		this._isFile = isFile
+		this._fullPath = fullPath
+	}
+
+	get isFile() {
+		return !!this._isFile
+	}
+
+	get isDirectory() {
+		return !this.isFile
+	}
+
+	get name() {
+		return basename(this._fullPath)
+	}
+
+}
+
+export class FileSystemFileEntry extends FileSystemEntry {
+
+	private _contents: string
+	private _lastModified: number
+
+	constructor(fullPath: string, contents: string, lastModified = Date.now()) {
+		super(true, fullPath)
+		this._contents = contents
+		this._lastModified = lastModified
+	}
+
+	file(success: (file: File) => void) {
+		const lastModified = this._lastModified
+		// Faking the mime by using the file extension
+		const type = mime.getType(this.name) || ''
+		success(new File([this._contents], this.name, { lastModified, type }))
+	}
+
+}
+
+export class FileSystemDirectoryEntry extends FileSystemEntry {
+
+	private _entries: FileSystemEntry[]
+
+	constructor(fullPath: string, entries: FileSystemEntry[]) {
+		super(false, fullPath)
+		this._entries = entries || []
+	}
+
+	createReader() {
+		let read = false
+		return {
+			readEntries: (success: (entries: FileSystemEntry[]) => void) => {
+				if (read) {
+					return success([])
+				}
+				read = true
+				success(this._entries)
+			},
+		}
+	}
+
+}
+
+/**
+ * This mocks the File API's File class
+ * It will allow us to test the Filesystem API as well as the
+ * File API in the same test suite.
+ */
+export class DataTransferItem {
+
+	private _type: string
+	private _entry: FileSystemEntry
+
+	getAsEntry?: () => FileSystemEntry
+
+	constructor(type = '', entry: FileSystemEntry, isFileSystemAPIAvailable = true) {
+		this._type = type
+		this._entry = entry
+
+		// Only when the Files API is available we are
+		// able to get the entry
+		if (isFileSystemAPIAvailable) {
+			this.getAsEntry = () => this._entry
+		}
+	}
+
+	get kind() {
+		return 'file'
+	}
+
+	get type() {
+		return this._type
+	}
+
+	getAsFile(): File|null {
+		if (this._entry.isFile && this._entry instanceof FileSystemFileEntry) {
+			let file: File | null = null
+			this._entry.file((f) => {
+				file = f
+			})
+			return file
+		}
+
+		// The browser will return an empty File object if the entry is a directory
+		return new File([], this._entry.name, { type: '' })
+	}
+
+}
+
+export const fileSystemEntryToDataTransferItem = (entry: FileSystemEntry, isFileSystemAPIAvailable = true): DataTransferItem => {
+	return new DataTransferItem(
+		entry.isFile ? 'text/plain' : 'httpd/unix-directory',
+		entry,
+		isFileSystemAPIAvailable,
+	)
+}
--- a/Show More
+++ b/Show More