Update workflow

tenet-ac-za · Oct 18, 2023 · d0b5bd8 · d0b5bd8
1 parent 7181309
commit d0b5bd8
Show file tree

Hide file tree

Showing 11 changed files with 212 additions and 135 deletions.
diff --git a/.gitattibutes b/.gitattibutes
@@ -0,0 +1,14 @@
+/.github/ export-ignore
+/tools/ export-ignore
+/tests/ export-ignore
+codecov.yml export-ignore
+.editorconfig export-ignore
+.gitattributes export-ignore
+.gitignore export-ignore
+psalm.xml export-ignore
+psalm-dev.xml export-ignore
+phpcs.xml export-ignore
+phpunit.xml export-ignore
+.php_cs.dist export-ignore
+.markdownlintignore export-ignore
+.markdownlintrc export-ignore
diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
@@ -1,56 +1,70 @@
+---
+
 name: CI
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
-    branches: [ '**' ]
+    branches: ['**']
     paths-ignore:
       - '**.md'
   pull_request:
-    branches: [ master, release-* ]
+    branches: [master, release-*]
     paths-ignore:
       - '**.md'
+  workflow_dispatch:
 
 jobs:
-  basic-tests:
-    name: Syntax and unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}
-    runs-on: ${{ matrix.operating-system }}
-    strategy:
-      fail-fast: false
-      matrix:
-        operating-system: [ubuntu-latest]
-        php-versions: ['7.4', '8.0']
+  linter:
+    name: Linter
+    runs-on: ['ubuntu-latest']
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Lint Code Base
+        uses: github/super-linter/slim@v4
+        env:
+          LOG_LEVEL: NOTICE
+          VALIDATE_ALL_CODEBASE: true
+          LINTER_RULES_PATH: 'tools/linters'
+          VALIDATE_CSS: true
+          VALIDATE_JAVASCRIPT_ES: true
+          VALIDATE_JSON: true
+          VALIDATE_PHP_BUILTIN: true
+          VALIDATE_YAML: true
+          VALIDATE_XML: true
+          VALIDATE_GITHUB_ACTIONS: true
+
+  quality:
+    name: Quality control
+    runs-on: [ubuntu-latest]
 
     steps:
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
+        id: setup-php
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
         with:
-          coverage: pcov
-          extensions: intl, mbstring, xml
-          ini-values: error_reporting=E_ALL
-          php-version: ${{ matrix.php-versions }}
-          tools: composer:v2
+          # Should be the higest supported version, so we can use the newest tools
+          php-version: '8.2'
+          tools: composer, composer-require-checker, composer-unused, phpcs, psalm
+          # optional performance gain for psalm: opcache
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl, pcre, posix, spl, xml
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
-      - name: Setup problem matchers for PHPUnit
-        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
-
-      - name: Set git to use LF
-        run: |
-          git config --global core.autocrlf false
-          git config --global core.eol lf
-
       - uses: actions/checkout@v3
 
       - name: Get composer cache directory
-        id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
 
       - name: Cache composer dependencies
         uses: actions/cache@v3
         with:
-          path: ${{ steps.composer-cache.outputs.dir }}
+          path: $COMPOSER_CACHE
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
@@ -60,153 +74,169 @@ jobs:
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Syntax check PHP
-        run: bash vendor/bin/check-syntax-php.sh
+      - name: Check code for hard dependencies missing in composer.json
+        run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json
+
+      - name: Check code for unused dependencies in composer.json
+        run: composer-unused
 
-      - name: Decide whether to run code coverage or not
-        if: ${{ matrix.php-versions != '7.4' || matrix.operating-system != 'ubuntu-latest' }}
+      - name: PHP Code Sniffer
+        run: phpcs
+
+      - name: Psalm
+        continue-on-error: true
         run: |
-          echo "NO_COVERAGE=--no-coverage" >> $GITHUB_ENV
+          psalm -c psalm.xml \
+          --show-info=true \
+          --shepherd \
+          --php-version=${{ steps.setup-php.outputs.php-version }}
 
-      - name: Run unit tests
+      - name: Psalm (testsuite)
         run: |
-          echo $NO_COVERAGE
-          ./vendor/bin/phpunit $NO_COVERAGE
+          psalm -c psalm-dev.xml \
+          --show-info=true \
+          --shepherd \
+          --php-version=${{ steps.setup-php.outputs.php-version }}
 
-      - name: Save coverage data
-        if: ${{ matrix.php-versions == '7.4' && matrix.operating-system == 'ubuntu-latest' }}
-        uses: actions/upload-artifact@v3
-        with:
-            name: build-data
-            path: ${{ github.workspace }}/build
+      - name: Psalter
+        run: |
+          psalm --alter \
+          --issues=UnnecessaryVarAnnotation \
+          --dry-run \
+          --php-version=${{ steps.setup-php.outputs.php-version }}
 
   security:
     name: Security checks
     runs-on: [ubuntu-latest]
     steps:
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
         with:
-            php-version: '7.4'
-            extensions: mbstring, xml
-            tools: composer:v2
-            coverage: none
+          # Should be the lowest supported version
+          php-version: '8.0'
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
+          tools: composer
+          coverage: none
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
       - uses: actions/checkout@v3
 
       - name: Get composer cache directory
-        id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
 
       - name: Cache composer dependencies
         uses: actions/cache@v3
         with:
-            path: ${{ steps.composer-cache.outputs.dir }}
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-
+          path: $COMPOSER_CACHE
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
 
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
       - name: Security check for locked dependencies
-        uses: symfonycorp/security-checker-action@v3
+        run: composer audit
 
       - name: Update Composer dependencies
         run: composer update --no-progress --prefer-dist --optimize-autoloader
 
       - name: Security check for updated dependencies
-        uses: symfonycorp/security-checker-action@v3
+        run: composer audit
 
-  sanity-check:
-    name: Sanity checks
-    runs-on: [ubuntu-latest]
+  unit-tests-linux:
+    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
+    runs-on: ${{ matrix.operating-system }}
+    needs: [linter, quality, security]
+    strategy:
+      fail-fast: false
+      matrix:
+        operating-system: [ubuntu-latest]
+        php-versions: ['8.0', '8.1', '8.2']
 
     steps:
       - name: Setup PHP, with composer and extensions
-        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
+        # https://github.com/shivammathur/setup-php
+        uses: shivammathur/setup-php@v2
         with:
-          php-version: '7.4'
-          extensions: mbstring, xml
-          tools: composer:v2
-          coverage: none
+          php-version: ${{ matrix.php-versions }}
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
+          tools: composer
+          ini-values: error_reporting=E_ALL
+          coverage: pcov
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
+      - name: Setup problem matchers for PHPUnit
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+
+      - name: Set git to use LF
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.eol lf
+
       - uses: actions/checkout@v3
 
       - name: Get composer cache directory
-        id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
 
       - name: Cache composer dependencies
         uses: actions/cache@v3
         with:
-            path: ${{ steps.composer-cache.outputs.dir }}
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-
+          path: $COMPOSER_CACHE
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
 
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Syntax check YAML / XML / JSON
-        run: |
-          bash vendor/bin/check-syntax-yaml.sh
-          bash vendor/bin/check-syntax-xml.sh
-          bash vendor/bin/check-syntax-json.sh
+      - name: Run unit tests with coverage
+        if: ${{ matrix.php-versions == '8.2' }}
+        run: vendor/bin/phpunit
 
-  quality:
-    name: Quality control
-    runs-on: [ubuntu-latest]
-    needs: [basic-tests]
+      - name: Run unit tests (no coverage)
+        if: ${{ matrix.php-versions != '8.2' }}
+        run: vendor/bin/phpunit --no-coverage
 
-    steps:
-      - name: Setup PHP, with composer and extensions
-        id: setup-php
-        uses: shivammathur/setup-php@v2 #https://github.com/shivammathur/setup-php
+      - name: Save coverage data
+        if: ${{ matrix.php-versions == '8.2' }}
+        uses: actions/upload-artifact@v3
         with:
-          php-version: '7.4'
-          tools: composer:v2
-          extensions: mbstring, xml
-
-      - name: Setup problem matchers for PHP
-        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+          name: coverage-data
+          path: ${{ github.workspace }}/build
 
+  coverage:
+    name: Code coverage
+    runs-on: [ubuntu-latest]
+    needs: [unit-tests-linux]
+    steps:
       - uses: actions/checkout@v3
 
-      - name: Get composer cache directory
-        id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
-
-      - name: Cache composer dependencies
-        uses: actions/cache@v3
-        with:
-            path: ${{ steps.composer-cache.outputs.dir }}
-            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
-            restore-keys: ${{ runner.os }}-composer-
-
-      - name: Install Composer dependencies
-        run: composer install --no-progress --prefer-dist --optimize-autoloader
-
       - uses: actions/download-artifact@v3
         with:
-          name: build-data
+          name: coverage-data
           path: ${{ github.workspace }}/build
 
       - name: Codecov
         uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          fail_ci_if_error: true
+          verbose: true
 
-      - name: PHP Code Sniffer
-        continue-on-error: true
-        run: php vendor/bin/phpcs
-
-      - name: Psalm
-        continue-on-error: true
-        run: php vendor/bin/psalm --show-info=true --shepherd --php-version=${{ steps.setup-php.outputs.php-version }}
+  cleanup:
+    name: Cleanup artifacts
+    needs: [unit-tests-linux, coverage]
+    runs-on: [ubuntu-latest]
+    if: |
+      always() &&
+      needs.coverage.result == 'success' &&
+      (needs.unit-tests-linux == 'success' || needs.coverage == 'skipped')
 
-      - name: Psalter
-        continue-on-error: true
-        run: php vendor/bin/psalter --issues=UnnecessaryVarAnnotation --dry-run --php-version=${{ steps.setup-php.outputs.php-version }}
+    steps:
+      - uses: geekyeggo/delete-artifact@v2
+        with:
+          name: coverage-data
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,9 @@
-composer.lock
-vendor
-build
 .phpunit.result.cache
+composer.lock
+composer.phar
+/vendor/
+/build/
+
+# Commit your application's lock file https://getcomposer.org/doc/01-basic-usage.md#commit-your-composer-lock-file-to-version-control
+# You may choose to ignore a library lock file http://getcomposer.org/doc/02-libraries.md#lock-file
+# composer.lock
diff --git a/.markdownlintignore b/.markdownlintignore
@@ -0,0 +1 @@
+vendor/*
diff --git a/.markdownlintrc b/.markdownlintrc
@@ -0,0 +1,4 @@
+{
+  "default": true,
+  "MD013": false
+}