Skip to content

chore(deps): bump github/codeql-action from 2 to 3 #49

chore(deps): bump github/codeql-action from 2 to 3

chore(deps): bump github/codeql-action from 2 to 3 #49

# GitHub Actions Documentation: https://docs.github.com/en/actions
name: "Continuous Integration"
on:
push:
branches:
- "main"
tags:
- "*"
pull_request:
branches:
- "main"
# Cancels all previous workflow runs for the same branch that have not yet completed.
concurrency:
# The concurrency group contains the workflow name and the branch name.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
COMPOSER_ROOT_VERSION: "1.99.99"
jobs:
coding-standards:
name: "Coding standards"
runs-on: "ubuntu-latest"
steps:
- name: "Checkout repository"
uses: "actions/[email protected]"
- name: "Install PHP"
uses: "shivammathur/[email protected]"
with:
php-version: "latest"
coverage: "none"
- name: "Install dependencies (Composer)"
uses: "ramsey/[email protected]"
- name: "Check syntax (php-parallel-lint)"
run: "composer dev:lint:syntax"
- name: "Check coding standards (PHP_CodeSniffer)"
run: "composer dev:lint:style"
static-analysis:
name: "Static analysis"
runs-on: "ubuntu-latest"
steps:
- name: "Checkout repository"
uses: "actions/[email protected]"
- name: "Install PHP"
uses: "shivammathur/[email protected]"
with:
php-version: "latest"
coverage: "none"
ini-values: "memory_limit=-1"
- name: "Install dependencies (Composer)"
uses: "ramsey/[email protected]"
- name: "Statically analyze code (PHPStan)"
run: "composer dev:analyze:phpstan"
- name: "Statically analyze code (Psalm)"
run: "composer dev:analyze:psalm -- --shepherd"
security-analysis:
name: "Security analysis"
needs: ["coding-standards", "static-analysis"]
runs-on: "ubuntu-latest"
permissions:
security-events: write
steps:
- name: "Checkout repository"
uses: "actions/[email protected]"
- name: "Install PHP"
uses: "shivammathur/[email protected]"
with:
php-version: "latest"
coverage: "none"
- name: "Install dependencies (Composer)"
uses: "ramsey/[email protected]"
- name: "Analyze security of code (Psalm)"
run: "./vendor/bin/psalm --taint-analysis --report=build/logs/psalm.sarif"
- name: "Upload security analysis results to GitHub"
uses: "github/codeql-action/upload-sarif@v3"
with:
sarif_file: "build/logs/psalm.sarif"
code-coverage:
name: "Code coverage"
needs: ["coding-standards", "static-analysis"]
runs-on: "ubuntu-latest"
steps:
- name: "Checkout repository"
uses: "actions/[email protected]"
- name: "Install PHP"
uses: "shivammathur/[email protected]"
with:
php-version: "latest"
coverage: "pcov"
ini-values: "memory_limit=-1"
- name: "Install dependencies (Composer)"
uses: "ramsey/[email protected]"
- name: "Run unit tests (PHPUnit)"
run: "composer dev:test:coverage:ci"
- name: "Publish coverage report to Codecov"
uses: "codecov/[email protected]"
unit-tests:
name: "Unit tests"
needs: ["code-coverage"]
runs-on: "ubuntu-latest"
strategy:
fail-fast: false
matrix:
php:
- "8.2"
composer-deps:
- "lowest"
- "highest"
steps:
- name: "Checkout repository"
uses: "actions/[email protected]"
- name: "Install PHP"
uses: "shivammathur/[email protected]"
with:
php-version: "${{ matrix.php }}"
coverage: "none"
- name: "Install dependencies (Composer)"
uses: "ramsey/[email protected]"
with:
dependency-versions: "${{ matrix.composer-deps }}"
composer-options: "${{ matrix.composer-options }}"
- name: "Run unit tests (PHPUnit)"
shell: "bash"
run: "composer dev:test:unit"