chore: update Nextcloud to 32.0.6

3.8.0 was released and should include the fix:
https://pecl.php.net/package/imagick/3.8.0

ref: https://github.com/hoellen/docker-nextcloud/pull/103

.github/workflows/build.yml

@@ -62,12 +62,28 @@ jobs:
             ${{ env.FULL_VERSION }}
             ${{ env.MAJOR_VERSION }}
 
-      - name: Build and push Docker image
+      - name: Build and export Docker image to Docker
-        id: build-and-push
+        id: build
+        uses: docker/build-push-action@v2
+        with:
+          load: true
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing
+          context: .
+
+      - name: Test Docker image
+        id: test
+        run: |
+          docker run -d -p 8888:8888 --name nextcloud --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:testing && \
+          docker exec nextcloud occ status && \
+          nc -z localhost 8888
+
+      - name: Push Docker image
+        id: push
+        if: github.event_name != 'pull_request'
         uses: docker/build-push-action@v2
         with:
           context: .
-          push: ${{ github.event_name != 'pull_request' }}
+          push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
@@ -75,4 +91,4 @@ jobs:
         if: ${{ github.event_name != 'pull_request' }}
         env:
           COSIGN_EXPERIMENTAL: "true"
-        run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}
+        run: cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}

Dockerfile

@@ -1,7 +1,7 @@
 # -------------- Build-time variables --------------
-ARG NEXTCLOUD_VERSION=31.0.4
+ARG NEXTCLOUD_VERSION=32.0.6
 ARG PHP_VERSION=8.3
-ARG NGINX_VERSION=1.26
+ARG NGINX_VERSION=1.28
 
 ARG ALPINE_VERSION=3.21
 ARG HARDENED_MALLOC_VERSION=11
@@ -10,8 +10,8 @@ ARG SNUFFLEUPAGUS_VERSION=0.10.0
 ARG UID=1000
 ARG GID=1000
 
-# nextcloud-31.0.4.tar.bz2
+# nextcloud-32.0.6.tar.bz2
-ARG SHA256_SUM="a47541566d5c6ac6f63e4f617e27da295156da47daa2cd22eee3400fd2ad1251"
+ARG SHA256_SUM="44bc33fc0e31a650bb520bb123c0aaa6519b7f7b9386133d561ade77e53f7130"
 
 # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
 ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372  792E D758 99B9 A724 937A"
@@ -22,8 +22,6 @@ FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS base
 
 ARG SNUFFLEUPAGUS_VERSION
 
-ENV IMAGICK_SHA=28f27044e435a2b203e32675e942eb8de620ee58
-
 RUN apk -U upgrade \
  && apk add -t build-deps \
         $PHPIZE_DEPS \
@@ -74,8 +72,7 @@ RUN apk -U upgrade \
  && pecl install smbclient \
  && pecl install APCu \
  && pecl install redis \
- && curl -L -o /tmp/imagick.tar.gz https://github.com/Imagick/imagick/archive/${IMAGICK_SHA}.tar.gz && tar --strip-components=1 -xf /tmp/imagick.tar.gz && phpize && ./configure && make && make install \
+ && pecl install imagick \
- && apk add --no-cache --virtual .imagick-runtime-deps imagemagick \
  && docker-php-ext-enable \
         smbclient \
         redis \

README.md

@@ -58,8 +58,8 @@ Verifying the signature isn't a requirement, and might not be as seamless as usi
 ## Tags
 
 - `latest` : latest Nextcloud version
-- `x` : latest Nextcloud x.x (e.g. `31`)
+- `x` : latest Nextcloud x.x (e.g. `32`)
-- `x.x.x` : Nextcloud x.x.x (e.g. `31.0.0`)
+- `x.x.x` : Nextcloud x.x.x (e.g. `32.0.0`)
 
 You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
 Only the **latest stable version** will be maintained by myself.

SECURITY.md

@@ -6,9 +6,10 @@ All versions of the Nextcloud community version which still receive updates will
 and will receive the minor version updates and security patches.
 
 | Version | Supported                     |
-| ------- | ------------------ |
+| ------- | ----------------------------- |
+| 32. x   | :white_check_mark:            |
 | 31. x   | :white_check_mark:            |
-| 30. x   | :white_check_mark: |
+| 30. x   | :negative_squared_cross_mark: |
 | 29. x   | :negative_squared_cross_mark: |
 | 28. x   | :negative_squared_cross_mark: |
 | 27. x   | :negative_squared_cross_mark: |
@@ -27,9 +28,10 @@ Uploaded images are regularly scanned for [OS vulnerabilities](https://github.co
 
 ## Reporting a vulnerability
 
-*Upstream* vulnerabilities should be reported to *upstream* projects according to their own security policies.
+_Upstream_ vulnerabilities should be reported to _upstream_ projects according to their own security policies.
 
 Regarding vulnerabilities specific to this project:
+
 - Faulty configuration files
 - Unsafe defaults
 - Dependencies security updates

rootfs/etc/nginx/conf.d/default.conf

@@ -78,7 +78,7 @@ server {
             access_log off;
         }
 
-        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
+        location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
             try_files $uri /index.php$uri$is_args$args;
             access_log off;
         }