Add (or update) GitHub Action (GHA) files and related config. #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: PHP Quality Assistance | |
| on: | |
| # This event occurs when there is activity on a pull request. The workflow | |
| # will be run against the commits, after merge to the target branch (main). | |
| - pull_request: | |
| paths: | |
| - '**.php' | |
| - '.config/phpcs.xml.dist' | |
| - '.config/phpunit.xml.dist' | |
| - 'composer.json' | |
| - 'composer.lock' | |
| branches: [ main ] | |
| types: [ opened, reopened, synchronize ] | |
| # This event occurs when there is a push to the repository. | |
| - push: | |
| paths: | |
| - '**.php' | |
| - '.config/phpcs.xml.dist' | |
| - '.config/phpunit.xml.dist' | |
| - 'composer.json' | |
| - 'composer.lock' | |
| # Allow manually triggering the workflow. | |
| - workflow_dispatch | |
| # Run once the "JSON Quality Assistance" workflow has been completed. | |
| - workflow_run: | |
| workflows: [ "JSON Quality Assistance" ] | |
| types: | |
| - completed | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| # Needed to allow the "concurrency" section to cancel a workflow run. | |
| actions: write | |
| jobs: | |
| # 01.preflight.php.lint-syntax.yml | |
| lint-php-syntax: | |
| name: PHP Syntax Linting | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker://pipelinecomponents/php-linter | |
| # 01.quality.php.validate.dependencies-file.yml | |
| validate-dependencies-file: | |
| name: Validate dependencies file | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker://composer | |
| with: | |
| args: >- | |
| composer validate | |
| --check-lock | |
| --no-plugins | |
| --no-scripts | |
| --strict | |
| # 03.quality.php.scan.dependencies-vulnerabilities.yml | |
| scan-dependencies-vulnerabilities: | |
| name: Scan Dependencies Vulnerabilities | |
| needs: | |
| - validate-dependencies-file | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker://composer | |
| with: | |
| args: >- | |
| composer audit | |
| --abandoned=report | |
| --locked | |
| --no-dev | |
| --no-plugins | |
| --no-scripts | |
| # 03.quality.php.lint-version-compatibility.yml | |
| php-check-version-compatibility: | |
| continue-on-error: ${{ matrix.php < '8.1' || matrix.php > '8.4' }} | |
| name: PHP Version Compatibility | |
| needs: | |
| - lint-php-syntax | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| php: | |
| - 8.0 # from 2020-11 to 2022-11 (2023-11) | |
| - 8.1 # from 2021-11 to 2023-11 (2025-12) | |
| - 8.2 # from 2022-12 to 2024-12 (2026-12) | |
| - 8.3 # from 2023-11 to 2025-12 (2027-12) | |
| - 8.4 # from 2024-11 to 2026-12 (2028-12) | |
| - 8.5 # from 2025-11 to 2027-12 (2029-12) | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker://pipelinecomponents/php-codesniffer | |
| with: | |
| options: >- | |
| -s | |
| --extensions=php | |
| --ignore='*vendor/*' | |
| --runtime-set testVersion ${{ matrix.php }} | |
| --standard=PHPCompatibility |