Also use github.actor for the scan workfow

.github/workflows/build.yml

@@ -3,10 +3,10 @@ name: build
 on:
   workflow_dispatch:
   push:
-    branches: [ main ]
+    branches: [ master ]
   schedule:
     # Build the image regularly (each Friday)
-    - cron: '13 23 * * 5'
+    - cron: '23 04 * * 5'
 
 jobs:
   build:
@@ -19,9 +19,9 @@ jobs:
       - name: Build an image from Dockerfile
         run: |
           docker build \
-              -t ghcr.io/hoellen/nextcloud \
+              -t ghcr.io/${{ github.actor }}/nextcloud \
-              -t ghcr.io/hoellen/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6) \
+              -t ghcr.io/${{ github.actor }}/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6) \
-              -t ghcr.io/hoellen/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2) \
+              -t ghcr.io/${{ github.actor }}/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2) \
               .
 
       - name: Run Trivy vulnerability scanner
@@ -34,10 +34,10 @@ jobs:
           severity: 'CRITICAL,HIGH'
           vuln-type: "os"
 
-#      - name: Upload Trivy scan results to GitHub Security tab
+      - name: Upload Trivy scan results to GitHub Security tab
-#        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v1
-#        with:
+        with:
-#          sarif_file: 'trivy-results.sarif'
+          sarif_file: 'trivy-results.sarif'
 
       - name: Login to the registry
         run: >-
@@ -46,6 +46,6 @@ jobs:
 
       - name: Push image to GitHub
         run: |
-          docker push ghcr.io/hoellen/nextcloud
+          docker push ghcr.io/${{ github.actor }}/nextcloud
-          docker push ghcr.io/hoellen/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6)
+          docker push ghcr.io/${{ github.actor }}/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c6)
-          docker push ghcr.io/hoellen/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2)
+          docker push ghcr.io/${{ github.actor }}/nextcloud:$(grep -oP '(?<=NEXTCLOUD_VERSION=).*' Dockerfile | head -c2)

.github/workflows/scan.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'ghcr.io/hoellen/nextcloud'
+          image-ref: 'ghcr.io/${{ github.actor }}/nextcloud'
           format: 'template'
           template: '@/contrib/sarif.tpl'
           output: 'trivy-results.sarif'

Dockerfile

@@ -1,9 +1,9 @@
 # -------------- Build-time variables --------------
-ARG NEXTCLOUD_VERSION=22.2.3
+ARG NEXTCLOUD_VERSION=23.0.0
 ARG PHP_VERSION=8.0
 ARG NGINX_VERSION=1.20
 
-ARG ALPINE_VERSION=3.14
+ARG ALPINE_VERSION=3.15
 ARG HARDENED_MALLOC_VERSION=8
 
 ARG UID=1000
@@ -28,6 +28,8 @@ RUN apk -U upgrade \
         libzip-dev \
         openldap-dev \
         postgresql-dev \
+        samba-dev \
+        imagemagick-dev \
         zlib-dev \
  && apk --no-cache add \
         freetype \
@@ -38,7 +40,10 @@ RUN apk -U upgrade \
         libpq \
         libwebp \
         libzip \
+        libsmbclient \
         openldap \
+	      libgomp \
+        imagemagick \
         zlib \
  && docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp \
  && docker-php-ext-configure ldap \
@@ -54,9 +59,14 @@ RUN apk -U upgrade \
         pdo_pgsql \
         zip \
         gmp \
+ && pecl install smbclient \
  && pecl install APCu \
  && pecl install redis \
- && echo "extension=redis.so" > /usr/local/etc/php/conf.d/redis.ini \
+ && pecl install imagick \
+ && docker-php-ext-enable \
+        smbclient \
+        redis \
+        imagick \
  && apk del build-deps \
  && rm -rf /var/cache/apk/*
 

README.md

@@ -4,7 +4,7 @@
 Nextcloud [official website](https://nextcloud.com/) and [source code](https://github.com/nextcloud).
 
 ## Why this image?
-This non-official image is intended as an **all-in-one** (as in monolithic) Nextcloud **production** image. If you're not sure you want this image, you should probably use [the official image](https://hub.docker.com/r/nextcloud).
+This non-official image is intended as an **all-in-one** (as in monolithic) Nextcloud **production** image. It is based on the [Wondefall/docker-nextcloud](https://github.com/Wonderfall/docker-nextcloud) image. If you're not sure you want this image, you should probably use [the official image](https://hub.docker.com/r/nextcloud).
 
 ## Security
 Don't run random images from random dudes on the Internet. Ideally, you want to maintain and build it yourself.

rootfs/etc/nginx/conf.d/default.conf

@@ -30,10 +30,10 @@ server {
             access_log off;
         }
 
-        location /.well-known {
+        location ^~ /.well-known {
-            location = /.well-known/carddav   { return 301 $nc_proto://$host:$nc_port/remote.php/dav; }
+            location = /.well-known/carddav   { return 301 $nc_proto://$host/remote.php/dav; }
-            location = /.well-known/caldav    { return 301 $nc_proto://$host:$nc_port/remote.php/dav; }
+            location = /.well-known/caldav    { return 301 $nc_proto://$host/remote.php/dav; }
-            location ^~ /.well-known          { return 301 $nc_proto://$host:$nc_port/index.php$uri; }
+            location ^~ /.well-known          { return 301 $nc_proto://$host/index.php$uri;  }
             try_files $uri $uri/ =404;
         }