Release: promote beta to stable — initial CI pipeline and app scaffold#5
Merged
WilcoLouwerse merged 32 commits intomainfrom Mar 24, 2026
Merged
Release: promote beta to stable — initial CI pipeline and app scaffold#5WilcoLouwerse merged 32 commits intomainfrom
WilcoLouwerse merged 32 commits intomainfrom
Conversation
…low — set by app-create command
… ls, git, and common info commands
- Replace @typescript-eslint/eslint-plugin@^8.x with ^7.18.0 to satisfy peer dependency chain from @nextcloud/eslint-config via @vue/eslint-config-typescript - Add @typescript-eslint/parser@^7.18.0 and eslint-plugin-vue@^9.21.1 explicitly so transitive peer deps are hoisted to top-level node_modules (required by ESLint v8) - Add vue-eslint-parser@^9.4.3 explicitly to ensure it is hoisted and discoverable - Add stylelint.config.js to prevent stylelint picking up parent-directory config - Regenerate package-lock.json with correct dependency resolution
CI requires phpunit.xml or phpunit-unit.xml when enable-phpunit is true. Adds both config files, bootstrap files, and a placeholder unit test.
Provides a starting structure for API integration tests. Enable in CI by setting enable-newman: true in code-quality.yml.
The register() method is part of the IBootstrap interface contract. Like boot(), its $context parameter is intentionally unused in the template since it serves as a placeholder for app-specific registrations.
All three can now be tested locally: - phpmetrics: runs via composer phpmetrics locally - phpunit: runs via docker exec against the Nextcloud container (XDEBUG_MODE=coverage to avoid runner warning / non-zero exit) - newman: runs via npx newman against http://nextcloud.local
…in_password) CI workflow passes base_url/admin_user/admin_password but the collection used baseUrl/username/password. Mismatched names caused Newman to silently fall back to the collection default of http://localhost (port 80), which nothing answers in CI — resulting in ECONNREFUSED. Also updates default base_url to http://localhost:8080 to match the PHP built-in server CI starts for Newman tests.
…fold Add appspec/openspec scaffold, dev tooling, and CI-ready test infrastructure
…l CVE libxmljs2 <= 0.35.0 has a critical type confusion vulnerability (GHSA-78h3-pg4x-j8cv / CVE-2024-34394). The dependency is pulled in transitively by @cyclonedx/cyclonedx-npm (the SBOM generator). No patched release of the tool itself is available yet. Adding an npm overrides entry to force libxmljs2 to 0.37.0 (the patched version) is the standard npm approach for resolving transitive dependency vulnerabilities while keeping the consuming package unchanged.
Set up complete CI quality pipeline and app scaffold
Quality Report
Summary
PHP Quality
Vue Quality
Security
License Compliance
composer dependencies (100 total)
npm dependencies (215 total)
PHPUnit Tests
Code coverage: 0% (0 / 2 statements) Integration Tests (Newman)
Generated automatically by the Quality workflow.
|
rjzondervan
previously approved these changes
Mar 23, 2026
… expectations - Add lib/Controller/SettingsController.php — settings API (index/create/load) - Add lib/Service/SettingsService.php — settings + OpenRegister integration - Add lib/Listener/DeepLinkRegistrationListener.php — deep link registration - Add lib/Repair/InitializeSettings.php — auto-import register on install - Add lib/Settings/app_template_register.json — OpenAPI 3.0 register schema - Add src/navigation/MainMenu.vue — extracted navigation sidebar component - Add src/views/settings/UserSettings.vue — user settings dialog placeholder - Add l10n/en.json and l10n/nl.json — translation stubs - Add tests/unit/Controller/SettingsControllerTest.php — 3 unit tests, 100% coverage - Add openspec/config.yaml — OpenSpec project configuration - Add project.md — project overview - Update lib/AppInfo/Application.php — register listener and repair step - Update src/App.vue — use MainMenu component instead of inline navigation - Update phpunit.xml and phpunit-unit.xml — include tests/unit/ directory - Replace appspec/ with openspec/specs/ and openspec/architecture/ - Update openspec/README.md — reflect new specs/ and architecture/ structure
… README - Add Makefile with dev-link/dev-unlink targets that create a relative symlink apps-extra/app-template -> nextcloud-app-template so Nextcloud can find the app by its ID when the repo is cloned under its GitHub name - Update README: replace appspec/ references with openspec/specs/ and openspec/architecture/, update directory structure, document make dev-link step
- Add Troubleshooting section covering blank UI (missing build) and "Could not download app" (directory name mismatch) - Clarify OpenRegister is pre-wired but optional for derived apps - Fix docker-compose path (../openregister/ not openregister/) - Note openspec/changes/ is created on first change - Add npm install && npm run build to Enable locally steps with explicit note that js/ build output is not committed - Add OpenRegister conditional note to openspec/README.md
Give the SPA catch-all route a unique name so GET /apps/app-template/ still matches the index route (duplicate Symfony names replaced the first route). Correct navigation route id to app-template.dashboard.page. Add DashboardController::catchAll delegating to page(), register /settings in the Vue router, and replace the minimal dashboard with KPI placeholders and activity panels using Conduction components. Made-with: Cursor
Made-with: Cursor
PRs targeting beta did not match pull_request branch filters, so required checks could stay pending or skip. Include beta alongside main/development. Made-with: Cursor
Merge development into beta: OpenSpec scaffold, settings stack, and dev docs
Quality Report
Summary
PHP Quality
Vue Quality
Security
License Compliance
composer dependencies (100 total)
npm dependencies (215 total)
PHPUnit Tests
Code coverage: 0% (0 / 3 statements) Integration Tests (Newman)
Generated automatically by the Quality workflow.
|
rubenvdlinde
previously approved these changes
Mar 23, 2026
The org-level ruleset requires a status check named 'check-branch'. The previous reusable workflow call produced 'protect / check-branch', which never satisfied the requirement. Inlining the logic with the job named 'check-branch' produces the exact name the ruleset expects.
…eck-branch'" This reverts commit 4aed6da.
rjzondervan
previously approved these changes
Mar 24, 2026
…ated The org ruleset requires context 'check-branch' but the reusable workflow reports 'protect / check-branch', blocking all beta → main PRs. Removing main from the workflow trigger as a workaround until the ruleset is fixed.
Release: merge development into beta
WilcoLouwerse
dismissed stale reviews from rjzondervan and rubenvdlinde
via
66045ae
Quality Report
Summary
PHP Quality
Vue Quality
Security
License Compliance
composer dependencies (100 total)
npm dependencies (215 total)
PHPUnit Tests
Code coverage: 0% (0 / 3 statements) Integration Tests (Newman)
E2E Tests (Playwright)Playwright E2E tests were not enabled for this run. Generated automatically by the Quality workflow.
|
Restore branch-protection workflow for main branch
WilcoLouwerse
requested review from
SudoThijn,
bbrands02,
remko48,
rjzondervan and
rubenvdlinde
Quality Report
Summary
PHP Quality
Vue Quality
Security
License Compliance
composer dependencies (100 total)
npm dependencies (215 total)
PHPUnit Tests
Code coverage: 0% (0 / 3 statements) Integration Tests (Newman)
E2E Tests (Playwright)Playwright E2E tests were not enabled for this run. Generated automatically by the Quality workflow.
|
rjzondervan
approved these changes
Mar 24, 2026
remko48
approved these changes
Mar 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
phpmetrics), Vue (eslint, stylelint), security audits, PHPUnit, Newman, SBOM
appspec/andopenspec/scaffold directories for spec-driven development(README templates, feature specs, ADR structure, roadmap)
composer.lockandpackage-lock.jsonfor reproducible CI installs;resolve npm peer dependency conflicts
phpunit.xml,phpunit-unit.xml,bootstrap files, placeholder unit test)
to match CI workflow expectations (
base_url,admin_user,admin_password)libxmljs2to0.37.0via npmoverrides(GHSA-78h3-pg4x-j8cv, in
@cyclonedx/cyclonedx-npmtransitive dep)Checks
eslint, stylelint, composer audit, npm audit, PHPUnit 1/1, Newman 1/1)
Test plan