chore: update Nextcloud to 31.0.6

3.8.0 was released and should include the fix:
https://pecl.php.net/package/imagick/3.8.0

ref: https://github.com/hoellen/docker-nextcloud/pull/103

.github/workflows/build.yml

@@ -3,9 +3,9 @@ name: build
 on:
   workflow_dispatch:
   push:
-    branches: 
+    branches:
-     - master
+      - master
-     - version-* 
+      - version-*
   schedule:
     # Build the image regularly (each Friday)
     - cron: '23 04 * * 5'
@@ -29,14 +29,11 @@ jobs:
 
       - name: Extract version for tags
         run: |
-          if [[ "$GITHUB_REF" == refs/heads/* ]]; then
+          BRANCH="${GITHUB_REF#refs/heads/}"
-            BRANCH="${GITHUB_REF#refs/heads/}"
+          VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile)
-            if [ "$BRANCH" = "master" ]; then
+          [ "$BRANCH" = "master" ] && echo "BRANCH_VERSION=latest" >> $GITHUB_ENV
-              echo "BRANCH_VERSION=latest" >> $GITHUB_ENV
+          echo "FULL_VERSION=${VERSION:0:7}" >> $GITHUB_ENV
-            fi
+          echo "MAJOR_VERSION=${VERSION:0:2}" >> $GITHUB_ENV
-          fi
-          echo "FULL_VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6)" >> $GITHUB_ENV
-          echo "MAJOR_VERSION=$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2)" >> $GITHUB_ENV
 
       - name: Install cosign
         if: github.event_name != 'pull_request'

.github/workflows/scan.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   build:
     name: Scan current image & report results
-    runs-on: "ubuntu-20.04"
+    runs-on: "ubuntu-24.04"
     steps:
       - name: Checkout code
         uses: actions/checkout@v2

Dockerfile

@@ -1,24 +1,24 @@
 # -------------- Build-time variables --------------
-ARG NEXTCLOUD_VERSION=28.0.4
+ARG NEXTCLOUD_VERSION=31.0.6
-ARG PHP_VERSION=8.2
+ARG PHP_VERSION=8.3
-ARG NGINX_VERSION=1.24
+ARG NGINX_VERSION=1.26
 
-ARG ALPINE_VERSION=3.19
+ARG ALPINE_VERSION=3.21
 ARG HARDENED_MALLOC_VERSION=11
 ARG SNUFFLEUPAGUS_VERSION=0.10.0
 
 ARG UID=1000
 ARG GID=1000
 
-# nextcloud-28.0.4.tar.bz2
+# nextcloud-31.0.6.tar.bz2
-ARG SHA256_SUM="9bfecee1e12fba48c49e9a71caa81c4ba10b2884787fab75d64ccfd122a13019"
+ARG SHA256_SUM="a6abce1be84ae65090625895ee5796c6e631fd10cb17645ec4d73f7d9b372628"
 
 # Nextcloud Security <security@nextcloud.com> (D75899B9A724937A)
 ARG GPG_FINGERPRINT="2880 6A87 8AE4 23A2 8372  792E D758 99B9 A724 937A"
 # ---------------------------------------------------
 
 ### Build PHP base
-FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} as base
+FROM docker.io/library/php:${PHP_VERSION}-fpm-alpine${ALPINE_VERSION} AS base
 
 ARG SNUFFLEUPAGUS_VERSION
 
@@ -85,7 +85,7 @@ RUN apk -U upgrade \
 
 ### Build Hardened Malloc
 ARG ALPINE_VERSION
-FROM docker.io/library/alpine:${ALPINE_VERSION} as build-malloc
+FROM docker.io/library/alpine:${ALPINE_VERSION} AS build-malloc
 
 ARG HARDENED_MALLOC_VERSION
 ARG CONFIG_NATIVE=false
@@ -99,11 +99,11 @@ RUN apk --no-cache add build-base git gnupg && cd /tmp \
 
 
 ### Fetch nginx
-FROM docker.io/library/nginx:${NGINX_VERSION}-alpine as nginx
+FROM docker.io/library/nginx:${NGINX_VERSION}-alpine AS nginx
 
 
 ### Build Nextcloud (production environemnt)
-FROM base as nextcloud
+FROM base AS nextcloud
 
 COPY --from=nginx /usr/sbin/nginx /usr/sbin/nginx
 COPY --from=nginx /etc/nginx /etc/nginx

README.md

@@ -58,8 +58,8 @@ Verifying the signature isn't a requirement, and might not be as seamless as usi
 ## Tags
 
 - `latest` : latest Nextcloud version
-- `x` : latest Nextcloud x.x (e.g. `28`)
+- `x` : latest Nextcloud x.x (e.g. `31`)
-- `x.x.x` : Nextcloud x.x.x (e.g. `28.0.0`)
+- `x.x.x` : Nextcloud x.x.x (e.g. `31.0.0`)
 
 You can always have a glance [here](https://github.com/users/hoellen/packages/container/package/nextcloud).
 Only the **latest stable version** will be maintained by myself.

SECURITY.md

@@ -7,9 +7,12 @@ and will receive the minor version updates and security patches.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 28. x   | :white_check_mark: |
+| 31. x   | :white_check_mark: |
-| 27. x   | :white_check_mark: |
+| 30. x   | :white_check_mark: |
-| 26. x   | :white_check_mark: |
+| 29. x   | :negative_squared_cross_mark: |
+| 28. x   | :negative_squared_cross_mark: |
+| 27. x   | :negative_squared_cross_mark: |
+| 26. x   | :negative_squared_cross_mark: |
 | 25. x   | :negative_squared_cross_mark: |
 | 24. x   | :negative_squared_cross_mark: |
 | 23. x   | :negative_squared_cross_mark: |

rootfs/etc/nginx/conf.d/default.conf

@@ -30,8 +30,8 @@ server {
         }
 
         location ^~ /.well-known {
-            location = /.well-known/carddav   { return 301 $nc_proto://$host/remote.php/dav; }
+            location = /.well-known/carddav   { return 301 $nc_proto://$host/remote.php/dav/; }
-            location = /.well-known/caldav    { return 301 $nc_proto://$host/remote.php/dav; }
+            location = /.well-known/caldav    { return 301 $nc_proto://$host/remote.php/dav/; }
             location ^~ /.well-known          { return 301 $nc_proto://$host/index.php$uri;  }
             try_files $uri $uri/ =404;
         }
@@ -72,7 +72,7 @@ server {
             access_log off;
         }
 
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2)?$ {
             try_files $uri /index.php$uri$is_args$args;
             expires 7d;
             access_log off;

rootfs/usr/local/bin/run.sh

@@ -34,4 +34,4 @@ else
 fi
 
 # Run processes
-exec /bin/s6-svscan /etc/s6.d
+exec /usr/bin/s6-svscan /etc/s6.d