# SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors # SPDX-License-Identifier: MIT name: Update CA certificate bundle on: workflow_dispatch: schedule: - cron: "5 2 * * *" jobs: update-ca-certificate-bundle: runs-on: ubuntu-latest strategy: fail-fast: false matrix: branches: ['master', 'stable30', 'stable29', 'stable28', 'stable27', 'stable26', 'stable25', 'stable24', 'stable23', 'stable22'] name: update-ca-certificate-bundle-${{ matrix.branches }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: ref: ${{ matrix.branches }} submodules: true - name: Download CA certificate bundle from curl run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem - name: Create Pull Request uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: 'fix(security): Update CA certificate bundle' committer: GitHub author: nextcloud-command signoff: true branch: 'automated/noid/${{ matrix.branches }}-update-ca-cert-bundle' title: '[${{ matrix.branches }}] fix(security): Update CA certificate bundle' body: | Auto-generated update of CA certificate bundle from [https://curl.se/docs/caextract.html](https://curl.se/docs/caextract.html) labels: | dependencies 3. to review reviewers: ChristophWurst, miaulalala, nickvergessen