Fix CI failures and TypeScript deprecation warnings

[ashcoft]

This PR fixes the CI failures observed in recent runs.

1. TypeScript Deprecation: The baseUrl option is deprecated in TS 6.0. We've added "ignoreDeprecations": "6.0" to tsconfig.json as suggested by the compiler to silence this warning while maintaining compatibility.
2. Workflows Git Error: Workflows triggered on push using dorny/paths-filter were failing with exit code 128 because they lacked a checkout step. We've added actions/checkout to lint-typescript.yml and node-test.yml.
3. Project Hygiene: Standardized .gitignore to exclude local cache files and dependencies that were previously untracked or incorrectly handled.
4. Build Stability: Ensured pnpm is set up before node setup in the typescript linting workflow to ensure caching works correctly.

---

PR created automatically by Jules for task 8199712901560613717 started by @ashcoft

---

Summary by cubic

Fixes CI failures, renames the app ID to cad_viewer, updates TypeScript 6.0 settings and REUSE licensing, and raises the minimum PHP version to 8.3.

• Bug Fixes

  • Stabilize CI: add actions/checkout before dorny/paths-filter, migrate to nextcloud-ci/nextcloud-version-matrix, correct pnpm run --if-present usage, and set APP_NAME=cad_viewer.
  • Silence TS 6.0 baseUrl deprecation with "ignoreDeprecations": "6.0", and ensure pnpm/action-setup runs before actions/setup-node.

• Refactors

  • Rename app ID to cad_viewer across info.xml, backend constant, routes, translations, URLs, and tests.
  • Align static analysis and configs to PHP 8.3, add LICENSES/CC0-1.0.txt, and update .reuse/dep5.

^{Written for commit 4ab9fe8. Summary will update on new commits. Review in cubic}

Summary by CodeRabbit

• Refactor

  • Application identifier renamed across codebase and configuration files.
  • Updated API routes, router paths, and translation domain identifiers.
  • Adjusted PHP minimum version and TypeScript deprecation settings.

• Chores

  • Standardized GitHub Actions workflow build command syntax and ordering.
  • Updated CI/CD version matrix action sources.
  • Updated project copyright and license attribution.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR renames the application identifier from nextcloud-cad-viewer to cad_viewer and updates GitHub Actions workflows to use migrated version-matrix actions and consistent app naming. Configuration versions are downgraded to PHP 8.2, and license metadata is updated.

Changes

App Identifier Rename

Layer / File(s)	Summary
App manifest and bootstrap appinfo/info.xml, lib/AppInfo/Application.php, tests/unit/ApplicationTest.php	App ID changes from nextcloud-cad-viewer to cad_viewer in the manifest, navigation route, and APP_ID constant, with test assertion updated accordingly.
Frontend routing and translation src/router/index.ts, src/App.vue, src/main.ts	Vue Router base path, translation domain, and file-action URLs are updated to use /apps/cad_viewer/ and the cad_viewer translation domain.

GitHub Actions Workflow Updates

Layer / File(s)	Summary
pnpm build flag reordering .github/workflows/node-test.yml, .github/workflows/command-compile.yml, .github/workflows/npm-audit-fix.yml, .github/workflows/npm-build.yml	The pnpm run invocation is standardized to place --if-present before the script name across all build workflows.
Nextcloud version-matrix action migration .github/workflows/lint-php-cs.yml, .github/workflows/lint-php.yml, .github/workflows/openapi.yml, .github/workflows/phpstan.yml, .github/workflows/phpunit-mariadb.yml, .github/workflows/phpunit-oci.yml, .github/workflows/phpunit-sqlite.yml, .github/workflows/psalm-matrix.yml, .github/workflows/psalm.yml, .github/workflows/rector.yml	All PHP version-matrix steps migrate from icewind1991/nextcloud-version-matrix to nextcloud-ci/nextcloud-version-matrix at pinned v1.3.2 commits.
Workflow APP_NAME hardcoding .github/workflows/integration-federation.yml, .github/workflows/integration-mariadb.yml, .github/workflows/phpunit-mariadb.yml, .github/workflows/phpunit-oci.yml, .github/workflows/phpunit-sqlite.yml	Integration and PHPUnit workflows hardcode APP_NAME=cad_viewer instead of deriving it from the repository name.

Configuration and License Updates

Layer / File(s)	Summary
Development tool version configuration tsconfig.json, phpstan.neon, psalm.xml	TypeScript deprecation handling and PHP static-analysis baselines are adjusted to PHP 8.2 support (from 8.3), with TypeScript deprecation level updated to 6.0.
License and copyright attribution .reuse/dep5, LICENSES/CC0-1.0.txt	Repository upstream identification and copyright metadata are updated, and the CC0 1.0 Universal license text is added.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• ashcoft/nextcloud-cad-viewer#76: Updates Psalm and PHPStan workflow version-matrix actions in the same way, with direct overlap in .github/workflows/psalm.yml.
• ashcoft/nextcloud-cad-viewer#154: Modifies the file-action registration in src/main.ts for the CAD viewer, overlapping with the translation domain and URL changes in this PR.
• ashcoft/nextcloud-cad-viewer#155: Updates the pnpm run command flag ordering in .github/workflows/npm-build.yml, directly overlapping with the workflow argument reordering in this PR.

Suggested labels

ci

🐰 An app reborn with a shorter name,
CI workflows refined without shame,
From nextcloud-cad-viewer's length,
Now cad_viewer brings its strength!
Config versions tuned, all in place—
A simpler identity embraced. ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The PR title addresses TypeScript deprecation warnings and CI failures, which aligns with the core objectives of fixing tsconfig.json deprecation and workflow issues. However, the changeset goes substantially beyond just CI fixes and deprecation warnings—it includes major changes like renaming the app ID from 'nextcloud-cad-viewer' to 'cad_viewer' throughout the codebase, migrating to new GitHub Actions, updating licensing metadata, and adjusting PHP/frontend versions. The title does not reflect these broader structural changes.	Clarify whether the title should encompass the app ID rename (the largest structural change) or if it should remain narrowly focused on CI/TypeScript. Consider a more comprehensive title like 'Rename app to cad_viewer, fix CI workflows, and address deprecation warnings' if all changes are intentional.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-ci-failures-and-deprecation-8199712901560613717

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/lint-typescript.yml:
- Line 81: Remove the duplicate GitHub Actions step that re-installs pnpm:
locate the second occurrence of the step using the action identifier "uses:
pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320" and delete that
entire step so pnpm is only configured once (the earlier "pnpm/action-setup"
invocation remains); ensure no dependent steps reference the removed duplicate
and update workflow comments if needed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 0378094f-236d-4d4c-b7f7-489ffd280f70

📥 Commits

Reviewing files that changed from the base of the PR and between bd8494c and 42af756.

📒 Files selected for processing (4)

• .github/workflows/lint-typescript.yml
• .github/workflows/node-test.yml
• .gitignore
• tsconfig.json

[cubic-dev-ai]

1 issue found across 4 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/lint-typescript.yml">

<violation number="1" location=".github/workflows/lint-typescript.yml:81">
P2: Duplicate `pnpm/action-setup` step. The "Setup pnpm" step was added before `setup-node` (to enable caching), but this original step after `setup-node` was not removed. It should be deleted since pnpm is already set up at that point.</violation>
</file>

<sub>Reply with feedback, questions, or to request a fix.

Fix all with cubic | Re-trigger cubic</sub>

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/integration-federation.yml (1)

152-157: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Critical mismatch: Code checked out to wrong directory path.

The current repository is checked out to host/apps/spreed (line 156) and remote/apps/spreed (line 196), but subsequent steps reference host/apps/${{ env.APP_NAME }} which resolves to host/apps/cad_viewer and remote/apps/cad_viewer. These directories won't exist, causing the workflow to fail at lines 237, 241, and 253.

🔧 Proposed fix

Update the checkout step paths to use the APP_NAME environment variable:

       - name: Checkout spreed app - Host
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-          path: host/apps/spreed
+          path: host/apps/${{ env.APP_NAME }}
           ref: ${{ matrix.host-spreed-versions }}

       - name: Checkout spreed app - Remote
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-          path: remote/apps/spreed
+          path: remote/apps/${{ env.APP_NAME }}
           ref: ${{ matrix.remote-spreed-versions }}

Also update the step names to reflect the actual app:

-      - name: Checkout spreed app - Host
+      - name: Checkout app - Host

-      - name: Checkout spreed app - Remote
+      - name: Checkout app - Remote

Also applies to: 192-197, 237-237, 241-241, 253-253

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/integration-federation.yml around lines 152 - 157, The
checkout steps currently hardcode "spreed" in the actions/checkout path and step
names which mismatches later steps that reference host/apps/${{ env.APP_NAME }}
and remote/apps/${{ env.APP_NAME }}; update the checkout steps (the steps using
actions/checkout@... with step names like "Checkout spreed app - Host" and
"Checkout spreed app - Remote" and their with:path fields) to use the APP_NAME
variable instead (e.g., change the step names and the with:path values from
host/apps/spreed and remote/apps/spreed to host/apps/${{ env.APP_NAME }} and
remote/apps/${{ env.APP_NAME }} respectively) and make the same replacement for
the other similar checkout occurrences so subsequent steps that reference
host/apps/${{ env.APP_NAME }} and remote/apps/${{ env.APP_NAME }} find the
checked-out code.

🧹 Nitpick comments (2)

.github/workflows/integration-federation.yml (1)

140-140: ⚡ Quick win

Remove obsolete comment.

The comment "Split and keep last" no longer applies since line 141 now hardcodes the value instead of deriving it from the repository name.

♻️ Proposed fix

-          # Split and keep last
           echo "APP_NAME=cad_viewer" >> $GITHUB_ENV

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/integration-federation.yml at line 140, Remove the
outdated inline comment "Split and keep last" that no longer applies; locate the
comment in the integration-federation.yml near the step that now hardcodes the
value (the line immediately before the hardcoded repository value) and delete
the comment so the workflow contains only relevant, accurate comments.

.github/workflows/integration-mariadb.yml (1)

78-78: ⚡ Quick win

Remove obsolete comment.

The comment "Split and keep last" no longer applies since line 79 now hardcodes the value instead of deriving it from the repository name.

♻️ Proposed fix

-          # Split and keep last
           echo "APP_NAME=cad_viewer" >> $GITHUB_ENV

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/integration-mariadb.yml at line 78, Remove the
now-misleading inline comment "Split and keep last" that precedes the hardcoded
value on the next line (the comment near the hardcoded repository value around
the block that used to derive the name); simply delete that comment so the
workflow's intent matches the implementation.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/lint-php-cs.yml:
- Line 37: Replace the 37-character commit pin for the Nextcloud action with the
full 40-character commit SHA: update the uses entry that currently reads
nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba to
use the complete 40-char SHA for nextcloud-ci/nextcloud-version-matrix (replace
the short SHA with the full commit hash) so the action is immutably pinned;
ensure only the SHA portion is changed and the rest of the uses line remains
unchanged.

In @.github/workflows/rector.yml:
- Line 39: The `uses:` ref currently uses a truncated commit SHA
`@9196b025f1873130088b297995a229558ddba` for nextcloud-version-matrix which is
shorter than a full 40-hex SHA and will fail; replace that truncated ref with
either the full 40-character commit SHA for the commit that corresponds to tag
`v1.3.2` or with the exact tag/release name (e.g., `@v1.3.2` if the tag exists).
Locate the `uses: nextcloud-ci/nextcloud-version-matrix@...` line, verify the
correct ref by querying the repository tags or commit history (or `gh api`), and
update the ref to the full commit SHA or canonical tag to ensure GitHub Actions
can resolve the action.

In @.reuse/dep5:
- Around line 2-3: The .reuse/dep5 metadata has mismatched upstream identifiers:
the Upstream-Name field is "cad_viewer" while Source points to
"https://github.com/ashcoft/nextcloud-cad-viewer"; update either Upstream-Name
or Source so they consistently refer to the same upstream (for example change
Upstream-Name to "nextcloud-cad-viewer" to match the repo slug, or update Source
to the intended upstream URL that matches "cad_viewer"), and ensure the chosen
value reflects the canonical upstream/app name across the file.
- Around line 5-11: Update the .reuse/dep5 metadata to add a dedicated block for
the CC0 license file so it's not covered by the global "Files: *" MIT entry: add
a new entry with "Files: LICENSES/CC0-1.0.txt", the correct copyright/affirmer
text used by the CC0 file (e.g. the year range and the copyright/affirmer name
that appears inside LICENSES/CC0-1.0.txt), and "License: CC0-1.0" so the file is
explicitly attributed to CC0-1.0 rather than MIT.

---

Outside diff comments:
In @.github/workflows/integration-federation.yml:
- Around line 152-157: The checkout steps currently hardcode "spreed" in the
actions/checkout path and step names which mismatches later steps that reference
host/apps/${{ env.APP_NAME }} and remote/apps/${{ env.APP_NAME }}; update the
checkout steps (the steps using actions/checkout@... with step names like
"Checkout spreed app - Host" and "Checkout spreed app - Remote" and their
with:path fields) to use the APP_NAME variable instead (e.g., change the step
names and the with:path values from host/apps/spreed and remote/apps/spreed to
host/apps/${{ env.APP_NAME }} and remote/apps/${{ env.APP_NAME }} respectively)
and make the same replacement for the other similar checkout occurrences so
subsequent steps that reference host/apps/${{ env.APP_NAME }} and
remote/apps/${{ env.APP_NAME }} find the checked-out code.

---

Nitpick comments:
In @.github/workflows/integration-federation.yml:
- Line 140: Remove the outdated inline comment "Split and keep last" that no
longer applies; locate the comment in the integration-federation.yml near the
step that now hardcodes the value (the line immediately before the hardcoded
repository value) and delete the comment so the workflow contains only relevant,
accurate comments.

In @.github/workflows/integration-mariadb.yml:
- Line 78: Remove the now-misleading inline comment "Split and keep last" that
precedes the hardcoded value on the next line (the comment near the hardcoded
repository value around the block that used to derive the name); simply delete
that comment so the workflow's intent matches the implementation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: d1f96c38-0bbf-40cb-a5db-f1584bdef90e

📥 Commits

Reviewing files that changed from the base of the PR and between 42af756 and 1a937ce.

📒 Files selected for processing (26)

• .github/workflows/command-compile.yml
• .github/workflows/integration-federation.yml
• .github/workflows/integration-mariadb.yml
• .github/workflows/lint-php-cs.yml
• .github/workflows/lint-php.yml
• .github/workflows/node-test.yml
• .github/workflows/npm-audit-fix.yml
• .github/workflows/npm-build.yml
• .github/workflows/openapi.yml
• .github/workflows/phpstan.yml
• .github/workflows/phpunit-mariadb.yml
• .github/workflows/phpunit-oci.yml
• .github/workflows/phpunit-sqlite.yml
• .github/workflows/psalm-matrix.yml
• .github/workflows/psalm.yml
• .github/workflows/rector.yml
• .reuse/dep5
• LICENSES/CC0-1.0.txt
• appinfo/info.xml
• lib/AppInfo/Application.php
• phpstan.neon
• psalm.xml
• src/App.vue
• src/main.ts
• src/router/index.ts
• tests/unit/ApplicationTest.php

✅ Files skipped from review due to trivial changes (4)

• psalm.xml
• .github/workflows/lint-php.yml
• phpstan.neon
• appinfo/info.xml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

python - <<'PY'
import pathlib, re

pattern = re.compile(r'nextcloud-ci/nextcloud-version-matrix@([0-9a-f]+)')
for wf in pathlib.Path(".github/workflows").glob("*.yml"):
    text = wf.read_text(encoding="utf-8")
    for m in pattern.finditer(text):
        sha = m.group(1)
        print(f"{wf}: sha={sha} length={len(sha)}")
PY

Repository: ashcoft/nextcloud-cad-viewer

Length of output: 928

---

Pin nextcloud-ci/nextcloud-version-matrix to the full 40-character commit SHA.
In .github/workflows/lint-php-cs.yml, the action is pinned as nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba (37 hex chars, not a full 40). Other workflows pin the same 37-char value, so consistency is already maintained—updating to the full SHA improves immutability/pinning clarity.

uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/lint-php-cs.yml at line 37, Replace the 37-character
commit pin for the Nextcloud action with the full 40-character commit SHA:
update the uses entry that currently reads
nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba to
use the complete 40-char SHA for nextcloud-ci/nextcloud-version-matrix (replace
the short SHA with the full commit hash) so the action is immutably pinned;
ensure only the SHA portion is changed and the rest of the uses line remains
unchanged.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Fetch the correct commit hash for nextcloud-ci/nextcloud-version-matrix@v1.3.2

# Fetch the commit SHA for the v1.3.2 tag
gh api repos/nextcloud-ci/nextcloud-version-matrix/git/ref/tags/v1.3.2 --jq '.object.sha'

Repository: ashcoft/nextcloud-cad-viewer

Length of output: 229

---

Fix the truncated action SHA in .github/workflows/rector.yml (line 39)

• The uses: ref @9196b025f1873130088b297995a229558ddba is shorter than a full 40-hex commit SHA, which will make GitHub Actions fail to resolve the action.
• The suggested lookup for v1.3.2 via gh api .../git/ref/tags/v1.3.2 returned 404, so the next step is to replace with the correct full commit SHA (or use the exact existing tag/release).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/rector.yml at line 39, The `uses:` ref currently uses a
truncated commit SHA `@9196b025f1873130088b297995a229558ddba` for
nextcloud-version-matrix which is shorter than a full 40-hex SHA and will fail;
replace that truncated ref with either the full 40-character commit SHA for the
commit that corresponds to tag `v1.3.2` or with the exact tag/release name
(e.g., `@v1.3.2` if the tag exists). Locate the `uses:
nextcloud-ci/nextcloud-version-matrix@...` line, verify the correct ref by
querying the repository tags or commit history (or `gh api`), and update the ref
to the full commit SHA or canonical tag to ensure GitHub Actions can resolve the
action.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check if the GitHub repository name has changed to match the new app ID

# Fetch the repository information
gh repo view ashcoft/nextcloud-cad-viewer --json name,nameWithOwner 2>&1

# Also check if a repository with the new name exists
gh repo view ashcoft/cad_viewer --json name,nameWithOwner 2>&1 || echo "Repository ashcroft/cad_viewer does not exist"

Repository: ashcoft/nextcloud-cad-viewer

Length of output: 289

---

Clarify .reuse/dep5 upstream metadata
Source still points to the existing upstream repo https://github.com/ashcoft/nextcloud-cad-viewer; the remaining inconsistency is that Upstream-Name: cad_viewer doesn’t match the nextcloud-cad-viewer repo slug in Source. Align Upstream-Name and/or Source to the intended upstream/app name for consistency.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.reuse/dep5 around lines 2 - 3, The .reuse/dep5 metadata has mismatched
upstream identifiers: the Upstream-Name field is "cad_viewer" while Source
points to "https://github.com/ashcoft/nextcloud-cad-viewer"; update either
Upstream-Name or Source so they consistently refer to the same upstream (for
example change Upstream-Name to "nextcloud-cad-viewer" to match the repo slug,
or update Source to the intended upstream URL that matches "cad_viewer"), and
ensure the chosen value reflects the canonical upstream/app name across the
file.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Search for references to CC0 in the repository to identify which files might use this license

# Search for CC0 references in documentation and metadata
rg -i 'CC0' --type-add 'config:*.{json,xml,md,txt,yml,yaml}' --type config -C 2

# Check if there are any SPDX headers indicating CC0
rg 'SPDX-License-Identifier.*CC0' -C 2

Repository: ashcoft/nextcloud-cad-viewer

Length of output: 4978

---

.reuse/dep5 needs CC0-1.0 attribution for LICENSES/CC0-1.0.txt

.reuse/dep5 currently assigns Files: * (MIT) and does not define a Files: LICENSES/CC0-1.0.txt block, so the CC0 license text file is covered by MIT instead of License: CC0-1.0. Add the appropriate Files: entry (with the CC0-1.0 copyright/affirmer text).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.reuse/dep5 around lines 5 - 11, Update the .reuse/dep5 metadata to add a
dedicated block for the CC0 license file so it's not covered by the global
"Files: *" MIT entry: add a new entry with "Files: LICENSES/CC0-1.0.txt", the
correct copyright/affirmer text used by the CC0 file (e.g. the year range and
the copyright/affirmer name that appears inside LICENSES/CC0-1.0.txt), and
"License: CC0-1.0" so the file is explicitly attributed to CC0-1.0 rather than
MIT.

[cubic-dev-ai]

11 issues found across 28 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name=".github/workflows/phpunit-sqlite.yml">

<violation number="1" location=".github/workflows/phpunit-sqlite.yml:37">
P1: Invalid commit SHA: the pinned hash is only 37 characters instead of the required 40. This will prevent GitHub Actions from resolving the action, breaking CI. Please verify and use the correct full SHA for `nextcloud-ci/nextcloud-version-matrix`.</violation>
</file>

<file name=".github/workflows/psalm.yml">

<violation number="1" location=".github/workflows/psalm.yml:36">
P0: Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a SHA-1. GitHub Actions will fail to resolve this action reference, breaking the workflow. Verify the correct full commit hash for the target repository and organization.</violation>
</file>

<file name=".github/workflows/lint-php-cs.yml">

<violation number="1" location=".github/workflows/lint-php-cs.yml:37">
P0: Invalid commit SHA: the pinned hash is only 37 characters instead of the required 40 for a valid Git SHA-1. This will cause the workflow to fail at runtime. Additionally, the organization was changed from `icewind1991` to `nextcloud-ci` — verify that `nextcloud-ci/nextcloud-version-matrix` exists and use the correct 40-character commit hash.</violation>
</file>

<file name=".github/workflows/rector.yml">

<violation number="1" location=".github/workflows/rector.yml:39">
P1: Invalid commit SHA — the pinned hash is only 37 characters instead of the required 40. GitHub Actions cannot resolve a truncated SHA, so this workflow will fail at the "Get php version" step. Verify the correct full commit hash for `nextcloud-ci/nextcloud-version-matrix` v1.3.2 and use the complete 40-character SHA.</violation>
</file>

<file name=".github/workflows/openapi.yml">

<violation number="1" location=".github/workflows/openapi.yml:38">
P0: Invalid commit SHA: the pinned hash `9196b025f1873130088b297995a229558ddba` is only 37 characters instead of the required 40 for a valid SHA-1 hash. This will cause the workflow to fail when GitHub tries to resolve the action reference. The repository org was also changed from `icewind1991` to `nextcloud-ci` — verify this is the correct fork/transfer and use the correct full 40-character commit hash.</violation>
</file>

<file name=".github/workflows/phpstan.yml">

<violation number="1" location=".github/workflows/phpstan.yml:36">
P1: Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a valid SHA-1. GitHub Actions will fail to resolve this action reference. Additionally, the organization was changed from `icewind1991` to `nextcloud-ci` — verify this is a legitimate repository before fixing the hash.</violation>
</file>

<file name=".github/workflows/phpunit-oci.yml">

<violation number="1" location=".github/workflows/phpunit-oci.yml:37">
P1: Invalid commit SHA for action pin: the hash is only 37 characters instead of the required 40. GitHub Actions will fail to resolve this reference, breaking the `matrix` job and all downstream jobs that depend on it.</violation>
</file>

<file name=".github/workflows/lint-php.yml">

<violation number="1" location=".github/workflows/lint-php.yml:37">
P0: Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a valid SHA-1. This will cause the workflow to fail when GitHub tries to resolve the action. Additionally, verify that the repository `nextcloud-ci/nextcloud-version-matrix` actually exists — the original was `icewind1991/nextcloud-version-matrix`.</violation>
</file>

<file name=".github/workflows/psalm-matrix.yml">

<violation number="1" location=".github/workflows/psalm-matrix.yml:37">
P0: Invalid commit SHA pinning — the hash `9196b025f1873130088b297995a229558ddba` is only 37 characters (must be 40 for a valid SHA-1). This will cause the workflow to fail at runtime. Additionally, verify that `nextcloud-ci/nextcloud-version-matrix` is the correct repository (was previously `icewind1991/nextcloud-version-matrix`).</violation>
</file>

<file name=".github/workflows/integration-federation.yml">

<violation number="1" location=".github/workflows/integration-federation.yml:141">
P0: Hardcoding `APP_NAME=cad_viewer` breaks this workflow. The current repository is checked out into `host/apps/spreed` (see the "Checkout spreed app" steps), but subsequent steps reference `host/apps/${{ env.APP_NAME }}` which now resolves to `host/apps/cad_viewer` — a directory that doesn't exist. Either the checkout paths need to be updated to `host/apps/cad_viewer` or `APP_NAME` should match `spreed`.</violation>
</file>

<sub>Tip: instead of fixing issues one by one fix them all with cubic

Re-trigger cubic</sub>

[cubic-dev-ai]

P0: Invalid commit SHA: the pinned hash 9196b025f1873130088b297995a229558ddba is only 37 characters instead of the required 40 for a valid SHA-1 hash. This will cause the workflow to fail when GitHub tries to resolve the action reference. The repository org was also changed from icewind1991 to nextcloud-ci — verify this is the correct fork/transfer and use the correct full 40-character commit hash.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/openapi.yml, line 38:

<comment>Invalid commit SHA: the pinned hash `9196b025f1873130088b297995a229558ddba` is only 37 characters instead of the required 40 for a valid SHA-1 hash. This will cause the workflow to fail when GitHub tries to resolve the action reference. The repository org was also changed from `icewind1991` to `nextcloud-ci` — verify this is the correct fork/transfer and use the correct full 40-character commit hash.</comment>

<file context>
@@ -35,7 +35,7 @@ jobs:
       - name: Get php version
         id: php_versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
       - name: Set up php
</file context>

[cubic-dev-ai]

P0: Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a valid SHA-1. This will cause the workflow to fail when GitHub tries to resolve the action. Additionally, verify that the repository nextcloud-ci/nextcloud-version-matrix actually exists — the original was icewind1991/nextcloud-version-matrix.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/lint-php.yml, line 37:

<comment>Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a valid SHA-1. This will cause the workflow to fail when GitHub tries to resolve the action. Additionally, verify that the repository `nextcloud-ci/nextcloud-version-matrix` actually exists — the original was `icewind1991/nextcloud-version-matrix`.</comment>

<file context>
@@ -34,7 +34,7 @@ jobs:
       - name: Get version matrix
         id: versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
   php-lint:
</file context>

[cubic-dev-ai]

P0: Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a SHA-1. GitHub Actions will fail to resolve this action reference, breaking the workflow. Verify the correct full commit hash for the target repository and organization.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/psalm.yml, line 36:

<comment>Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a SHA-1. GitHub Actions will fail to resolve this action reference, breaking the workflow. Verify the correct full commit hash for the target repository and organization.</comment>

<file context>
@@ -33,7 +33,7 @@ jobs:
       - name: Get php version
         id: versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
       - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml
</file context>

[cubic-dev-ai]

P0: Invalid commit SHA: the pinned hash is only 37 characters instead of the required 40 for a valid Git SHA-1. This will cause the workflow to fail at runtime. Additionally, the organization was changed from icewind1991 to nextcloud-ci — verify that nextcloud-ci/nextcloud-version-matrix exists and use the correct 40-character commit hash.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/lint-php-cs.yml, line 37:

<comment>Invalid commit SHA: the pinned hash is only 37 characters instead of the required 40 for a valid Git SHA-1. This will cause the workflow to fail at runtime. Additionally, the organization was changed from `icewind1991` to `nextcloud-ci` — verify that `nextcloud-ci/nextcloud-version-matrix` exists and use the correct 40-character commit hash.</comment>

<file context>
@@ -34,7 +34,7 @@ jobs:
       - name: Get php version
         id: versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
       - name: Set up php${{ steps.versions.outputs.php-min }}
</file context>

[cubic-dev-ai]

P0: Invalid commit SHA pinning — the hash 9196b025f1873130088b297995a229558ddba is only 37 characters (must be 40 for a valid SHA-1). This will cause the workflow to fail at runtime. Additionally, verify that nextcloud-ci/nextcloud-version-matrix is the correct repository (was previously icewind1991/nextcloud-version-matrix).

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/psalm-matrix.yml, line 37:

<comment>Invalid commit SHA pinning — the hash `9196b025f1873130088b297995a229558ddba` is only 37 characters (must be 40 for a valid SHA-1). This will cause the workflow to fail at runtime. Additionally, verify that `nextcloud-ci/nextcloud-version-matrix` is the correct repository (was previously `icewind1991/nextcloud-version-matrix`).</comment>

<file context>
@@ -34,7 +34,7 @@ jobs:
       - name: Get version matrix
         id: versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
       - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in psalm.xml
</file context>

[cubic-dev-ai]

P1: Invalid commit SHA — the pinned hash is only 37 characters instead of the required 40. GitHub Actions cannot resolve a truncated SHA, so this workflow will fail at the "Get php version" step. Verify the correct full commit hash for nextcloud-ci/nextcloud-version-matrix v1.3.2 and use the complete 40-character SHA.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/rector.yml, line 39:

<comment>Invalid commit SHA — the pinned hash is only 37 characters instead of the required 40. GitHub Actions cannot resolve a truncated SHA, so this workflow will fail at the "Get php version" step. Verify the correct full commit hash for `nextcloud-ci/nextcloud-version-matrix` v1.3.2 and use the complete 40-character SHA.</comment>

<file context>
@@ -36,7 +36,7 @@ jobs:
       - name: Get php version
         id: versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
       - name: Set up php${{ steps.versions.outputs.php-min }}
</file context>

[cubic-dev-ai]

P1: Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a valid SHA-1. GitHub Actions will fail to resolve this action reference. Additionally, the organization was changed from icewind1991 to nextcloud-ci — verify this is a legitimate repository before fixing the hash.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/phpstan.yml, line 36:

<comment>Invalid commit SHA: the pinned hash is 37 characters instead of the required 40 for a valid SHA-1. GitHub Actions will fail to resolve this action reference. Additionally, the organization was changed from `icewind1991` to `nextcloud-ci` — verify this is a legitimate repository before fixing the hash.</comment>

<file context>
@@ -33,7 +33,7 @@ jobs:
       - name: Get php version
         id: versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
       - name: Check enforcement of minimum PHP version ${{ steps.versions.outputs.php-min }} in phpstan.neon
</file context>

[cubic-dev-ai]

P1: Invalid commit SHA for action pin: the hash is only 37 characters instead of the required 40. GitHub Actions will fail to resolve this reference, breaking the matrix job and all downstream jobs that depend on it.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/phpunit-oci.yml, line 37:

<comment>Invalid commit SHA for action pin: the hash is only 37 characters instead of the required 40. GitHub Actions will fail to resolve this reference, breaking the `matrix` job and all downstream jobs that depend on it.</comment>

<file context>
@@ -34,7 +34,7 @@ jobs:
       - name: Get version matrix
         id: versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
   changes:
</file context>

[cubic-dev-ai]

P1: Invalid commit SHA: the pinned hash is only 37 characters instead of the required 40. This will prevent GitHub Actions from resolving the action, breaking CI. Please verify and use the correct full SHA for nextcloud-ci/nextcloud-version-matrix.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/phpunit-sqlite.yml, line 37:

<comment>Invalid commit SHA: the pinned hash is only 37 characters instead of the required 40. This will prevent GitHub Actions from resolving the action, breaking CI. Please verify and use the correct full SHA for `nextcloud-ci/nextcloud-version-matrix`.</comment>

<file context>
@@ -34,7 +34,7 @@ jobs:
       - name: Get version matrix
         id: versions
-        uses: icewind1991/nextcloud-version-matrix@8a7bac6300b2f0f3100088b297995a229558ddba # v1.3.2
+        uses: nextcloud-ci/nextcloud-version-matrix@9196b025f1873130088b297995a229558ddba # v1.3.2
 
   changes:
</file context>

[sonarqubecloud]

Quality Gate failed

Failed conditions
10 Security Hotspots

See analysis details on SonarQube Cloud