php-solid-pubsub-server/.github/workflows/php.yml at main · pdsinterop/php-solid-pubsub-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
---
name: PHP Quality Assistance

on:
  # This event occurs when there is activity on a pull request. The workflow
  # will be run against the commits, after merge to the target branch (main).
  pull_request:
    paths:
      - '**.php'
      - '.config/phpcs.xml.dist'
      - '.config/phpunit.xml.dist'
      - '.github/workflows/php.yml'
      - 'composer.json'
      - 'composer.lock'
    branches: [ main ]
    types: [ opened, reopened, synchronize ]
  # This event occurs when there is a push to the repository.
  push:
    paths:
      - '**.php'
      - '.config/phpcs.xml.dist'
      - '.config/phpunit.xml.dist'
      - '.github/workflows/php.yml'
      - 'composer.json'
      - 'composer.lock'
  # Allow manually triggering the workflow.
  workflow_dispatch:


# Cancels all previous workflow runs for the same branch that have not yet completed.
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  # Needed to allow the "concurrency" section to cancel a workflow run.
  actions: write

jobs:
  # 01.preflight.php.lint-syntax.yml
  lint-php-syntax:
    name: PHP Syntax Linting
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: docker://pipelinecomponents/php-linter
        with:
          args: >-
            parallel-lint
            --exclude .git
            --exclude vendor
            --no-progress
            .
  # 01.quality.php.validate.dependencies-file.yml
  validate-dependencies-file:
    name: Validate dependencies file
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - run: >-
            composer validate
            --check-lock
            --no-plugins
            --no-scripts
            --strict
  # 03.quality.php.scan.dependencies-vulnerabilities.yml
  scan-dependencies-vulnerabilities:
    name: Scan Dependencies Vulnerabilities
    needs:
      - validate-dependencies-file
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - run: >-
            composer audit
            --abandoned=report
            --locked
            --no-dev
            --no-plugins
            --no-scripts
  # 03.quality.php.lint-version-compatibility.yml
  php-check-version-compatibility:
    name: PHP Version Compatibility
    needs:
      - lint-php-syntax
    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
      matrix:
        php:
          - '8.0'  # from 2020-11 to 2022-11 (2023-11)
          - '8.1'  # from 2021-11 to 2023-11 (2025-12)
          - '8.2'  # from 2022-12 to 2024-12 (2026-12)
          - '8.3'  # from 2023-11 to 2025-12 (2027-12)
    steps:
      - uses: actions/checkout@v4
      - uses: docker://pipelinecomponents/php-codesniffer
        with:
          args: >-
            phpcs
            -s
            --extensions=php
            --ignore='*vendor/*'
            --runtime-set testVersion ${{ matrix.php }}
            --standard=PHPCompatibility
            .