# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT name: Update CA certificate bundle on: workflow_dispatch: schedule: - cron: "5 2 * * *" permissions: contents: read jobs: update-ca-certificate-bundle: runs-on: ubuntu-latest strategy: fail-fast: false matrix: branches: - ${{ github.event.repository.default_branch }} - 'stable34' - 'stable33' - 'stable32' - 'stable31' - 'stable30' - 'stable29' - 'stable28' - 'stable27' - 'stable26' - 'stable25' - 'stable24' - 'stable23' - 'stable22' name: update-ca-certificate-bundle-${{ matrix.branches }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false ref: ${{ matrix.branches }} submodules: true - name: Download CA certificate bundle from curl run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem - name: Create Pull Request uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(security): Update CA certificate bundle' committer: GitHub author: nextcloud-command signoff: true branch: 'automated/noid/${{ matrix.branches }}-update-ca-cert-bundle' title: '[${{ matrix.branches }}] fix(security): Update CA certificate bundle' body: | Auto-generated update of CA certificate bundle from [https://curl.se/docs/caextract.html](https://curl.se/docs/caextract.html) labels: | dependencies 3. to review reviewers: ChristophWurst, miaulalala, nickvergessen