php-solid-server/.github/workflows/php.yml at 69bb538421dce6a55946f6d392eae87d4fa83774 · pdsinterop/php-solid-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
---
name: PHP Quality Assistance

on:
  # This event occurs when there is activity on a pull request. The workflow
  # will be run against the commits, after merge to the target branch (main).
  - pull_request:
    paths:
      - '**.php'
      - '.config/phpcs.xml.dist'
      - '.config/phpunit.xml.dist'
      - 'composer.json'
      - 'composer.lock'
    branches: [ main ]
    types: [ opened, reopened, synchronize ]
  # This event occurs when there is a push to the repository.
  - push:
    paths:
      - '**.php'
      - '.config/phpcs.xml.dist'
      - '.config/phpunit.xml.dist'
      - 'composer.json'
      - 'composer.lock'
  # Allow manually triggering the workflow.
  - workflow_dispatch
  # Run once the "JSON Quality Assistance" workflow has been completed.
  - workflow_run:
      workflows: [ "JSON Quality Assistance" ]
      types:
        - completed


concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  # Needed to allow the "concurrency" section to cancel a workflow run.
  actions: write

jobs:
  # 01.preflight.php.lint-syntax.yml
  lint-php-syntax:
    name: PHP Syntax Linting
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: docker://pipelinecomponents/php-linter
  # 01.quality.php.validate.dependencies-file.yml
  validate-dependencies-file:
    name: Validate dependencies file
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: docker://composer
        with:
          args: >-
            composer validate
            --check-lock
            --no-plugins
            --no-scripts
            --strict
  # 03.quality.php.scan.dependencies-vulnerabilities.yml
  scan-dependencies-vulnerabilities:
    name: Scan Dependencies Vulnerabilities
    needs:
      - validate-dependencies-file
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: docker://composer
        with:
          args: >-
            composer audit
            --abandoned=report
            --locked
            --no-dev
            --no-plugins
            --no-scripts
  # 03.quality.php.lint-version-compatibility.yml
  php-check-version-compatibility:
    continue-on-error: ${{ matrix.php < '8.1' || matrix.php > '8.4' }}
    name: PHP Version Compatibility
    needs:
      - lint-php-syntax
    runs-on: ubuntu-24.04
    strategy:
      matrix:
        php:
          - 8.0  # from 2020-11 to 2022-11 (2023-11)
          - 8.1  # from 2021-11 to 2023-11 (2025-12)
          - 8.2  # from 2022-12 to 2024-12 (2026-12)
          - 8.3  # from 2023-11 to 2025-12 (2027-12)
          - 8.4  # from 2024-11 to 2026-12 (2028-12)
          - 8.5  # from 2025-11 to 2027-12 (2029-12)
    steps:
      - uses: actions/checkout@v4
      - uses: docker://pipelinecomponents/php-codesniffer
        with:
          options: >-
            -s
            --extensions=php
            --ignore='*vendor/*'
            --runtime-set testVersion ${{ matrix.php }}
            --standard=PHPCompatibility