From f02b5ca71c79b8d9deced69da318f6a8b8269a61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20Molakvo=C3=A6=20=28skjnldsv=29?=
 <skjnldsv@protonmail.com>
Date: Sat, 28 Mar 2026 09:56:27 +0100
Subject: [PATCH] feat: allow org workflows dispatch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
---
 .github/workflows/dispatch-workflow-org.yml  | 53 ++++++++++++++++++++
 .github/workflows/dispatch-workflow-repo.yml |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 .github/workflows/dispatch-workflow-org.yml

diff --git a/.github/workflows/dispatch-workflow-org.yml b/.github/workflows/dispatch-workflow-org.yml
new file mode 100644
index 0000000..632a15d
--- /dev/null
+++ b/.github/workflows/dispatch-workflow-org.yml
@@ -0,0 +1,53 @@
+# This workflow needs to be run on demand
+# It will update all workflow templates in all repositories of the organization
+# This workflow is provided via the organization template repository
+#
+# SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+name: Update workflows for all repositories
+
+on:
+  workflow_dispatch:
+permissions:
+  contents: read
+jobs:
+  get-repos:
+    runs-on: ubuntu-latest
+    name: Get all repositories in the organization
+    outputs:
+      repositories: ${{ steps.get-repos.outputs.repositories }}
+    steps:
+      - name: Check actor permission
+        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
+        with:
+          require: admin
+
+      - name: Get all repositories
+        id: get-repos
+        env:
+          GH_TOKEN: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} # zizmor: ignore[secrets-outside-env]
+        run: |
+          repositories=$(gh api \
+            --paginate \
+            --jq '[.[] | {name: .name, branch: .default_branch}]' \
+            orgs/${{ github.repository_owner }}/repos \
+            | jq -sc 'add')
+          echo "repositories=$repositories" >> $GITHUB_OUTPUT
+
+  dispatch:
+    runs-on: ubuntu-latest
+    needs: get-repos
+    name: Update all workflows in ${{ matrix.repository.name }}
+    strategy:
+      fail-fast: false
+      matrix:
+        repository: ${{ fromJson(needs.get-repos.outputs.repositories) }}
+    steps:
+      - name: Dispatch update workflow
+        env:
+          GH_TOKEN: ${{ secrets.TEMPLATE_WORKFLOW_DISPATCH_PAT }} # zizmor: ignore[secrets-outside-env]
+        run: |
+          gh workflow run dispatch-workflow-repo.yml \
+            --repo ${{ github.repository }} \
+            --field repository=${{ matrix.repository.name }} \
+            --field branch=${{ matrix.repository.branch }}
diff --git a/.github/workflows/dispatch-workflow-repo.yml b/.github/workflows/dispatch-workflow-repo.yml
index 0dcf53b..9884202 100644
--- a/.github/workflows/dispatch-workflow-repo.yml
+++ b/.github/workflows/dispatch-workflow-repo.yml
@@ -31,6 +31,7 @@ jobs:
 
     steps:
       - name: Check actor permission
+        if: github.actor != 'nextcloud-command' # allow matrix call from org dispatch
         uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
         with:
           require: admin