Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 13 additions & 5 deletions .github/workflows/bechmark.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ on:

name: bechmark

permissions:
contents: read
jobs:
phpbench:
name: PHP ${{ matrix.php }}
Expand All @@ -39,21 +41,26 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
persist-credentials: false

- name: Check if we need to create a baseline for a PR
run: |
if [[ "${{ github.event_name }}" == "pull_request" && "${{ github.ref }}" != "refs/heads/${{ github.event.repository.default_branch }}" ]]; then
if [[ "${{ github.event_name }}" == "pull_request" && "${GITHUB_REF}" != "refs/heads/${GITHUB_EVENT_REPOSITORY_DEFAULT_BRANCH}" ]]; then
echo "WITH_BENCH_BASELINE=1" >> $GITHUB_ENV
else
echo "WITH_BENCH_BASELINE=0" >> $GITHUB_ENV
fi
env:
GITHUB_EVENT_REPOSITORY_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}

- name: "Baseline creation: Checkout default branch."
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
if: ${{ env.WITH_BENCH_BASELINE == '1' }}
with:
ref: ${{ github.event.repository.default_branch }}
persist-credentials: false

- name: Build
if: ${{ env.WITH_BENCH_BASELINE == '1' }}
Expand All @@ -72,11 +79,12 @@ jobs:
run: echo "WITH_BENCH_BASELINE=0" >> $GITHUB_ENV

- name: "Pull request: Checkout head."
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
if: ${{ github.event_name == 'pull_request' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
clean: false
persist-credentials: false

- name: "Pull request: Build"
if: ${{ github.event_name == 'pull_request' }}
Expand All @@ -86,7 +94,7 @@ jobs:
- name: "Run PhpBench."
working-directory: ./tests
run: |
if [ "${{ env.WITH_BENCH_BASELINE }}" == '1' ]; then
if [ "${WITH_BENCH_BASELINE}" == '1' ]; then
docker compose run --rm -e XDEBUG_MODE=off php${{ matrix.php }} php vendor/bin/phpbench run --report='aggregate' --ref=default --assert="mode(variant.time.avg) <= mode(baseline.time.avg) +/- 10%" > phpbench.log
else
docker compose run --rm -e XDEBUG_MODE=off php${{ matrix.php }} php vendor/bin/phpbench run --report='aggregate' > phpbench.log
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ on:

name: build

permissions:
contents: read
jobs:
phpunit:
name: PHP ${{ matrix.php }}
Expand All @@ -32,7 +34,9 @@ jobs:
php: [ 81, 82, 83, 84 ]
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5
with:
persist-credentials: false
- name: Build
working-directory: ./tests
run: docker compose build
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/composer-require-checker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ on:

name: Composer require checker

permissions:
contents: read
jobs:
composer-require-checker:
uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@master
Expand Down
10 changes: 7 additions & 3 deletions .github/workflows/mutation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ on:

name: Mutation test

permissions:
contents: read
jobs:
mutation:
name: PHP ${{ matrix.php }}-${{ matrix.os }}
Expand All @@ -33,7 +35,7 @@ jobs:

services:
rabbitmq:
image: rabbitmq:3.8
image: rabbitmq:3.8 # zizmor: ignore[unpinned-images]
env:
RABBITMQ_DEFAULT_USER: guest
RABBITMQ_DEFAULT_PASS: guest
Expand All @@ -42,10 +44,12 @@ jobs:

steps:
- name: Checkout.
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
with:
persist-credentials: false

- name: Install PHP with extensions.
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@b604ade2a87db23f8871b7182e69ec5e75effb45
with:
php-version: ${{ matrix.php }}
ini-values: memory_limit=-1
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/rector.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
on:
pull_request_target:
pull_request:
paths-ignore:
- 'docs/**'
- 'README.md'
Expand All @@ -11,13 +11,12 @@ on:

name: rector

permissions:
contents: read
jobs:
rector:
uses: yiisoft/actions/.github/workflows/rector.yml@master
secrets:
token: ${{ secrets.YIISOFT_GITHUB_TOKEN }}
with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
os: >-
['ubuntu-latest']
php: >-
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/static.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ on:

name: static analysis

permissions:
contents: read
jobs:
psalm:
uses: yiisoft/actions/.github/workflows/psalm.yml@master
Expand Down
22 changes: 22 additions & 0 deletions .github/workflows/zizmor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: GitHub Actions Security Analysis with zizmor 🌈

on:
push:
branches:
- master
- main
paths:
- '.github/**.yml'
- '.github/**.yaml'
pull_request:
paths:
- '.github/**.yml'
- '.github/**.yaml'

permissions:
actions: read # Required by zizmor when reading workflow metadata through the API.
contents: read # Required to read workflow files.

jobs:
zizmor:
uses: yiisoft/actions/.github/workflows/zizmor.yml@master
Loading