diff --git a/.github/workflows/lint-php-files.yml b/.github/workflows/lint-php-files.yml
index 51053b39..1f625a6c 100644
--- a/.github/workflows/lint-php-files.yml
+++ b/.github/workflows/lint-php-files.yml
@@ -18,10 +18,15 @@ name: ๐งน Fix PHP coding standards
jobs:
coding-standards:
- runs-on: ubuntu-latest
timeout-minutes: 4
+ runs-on: ${{ matrix.os }}
+ concurrency:
+ cancel-in-progress: true
+ group: coding-standards-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
strategy:
matrix:
+ os:
+ - ubuntu-latest
php-version:
- '8.2'
dependencies:
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 3adb5889..ad220aaf 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -1,65 +1,60 @@
-name: Security
+name: ๐ Security analysis
on:
pull_request:
- paths-ignore:
- - 'docs/**'
- - 'bin/**'
- - 'resources/**'
- - 'README.md'
- - 'CHANGELOG.md'
- - '.gitignore'
- - '.gitattributes'
- - '.editorconfig'
- - 'psalm.xml'
-
push:
- paths-ignore:
- - 'docs/**'
- - 'bin/**'
- - 'resources/**'
- - 'README.md'
- - 'CHANGELOG.md'
- - '.gitignore'
- - '.gitattributes'
- - '.editorconfig'
- - 'psalm.xml'
jobs:
- security:
- name: Security Checks (PHP ${{ matrix.php }}, OS ${{ matrix.os }})
+ security-analysis:
+ timeout-minutes: 4
runs-on: ${{ matrix.os }}
+ concurrency:
+ cancel-in-progress: true
+ group: security-analysis-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
strategy:
- fail-fast: false
+ fail-fast: true
matrix:
- # Note: This workflow requires only the LATEST version of PHP
- php: [ 8.2 ]
- os: [ ubuntu-latest ]
+ os:
+ - ubuntu-latest
+ php-version:
+ - '8.2'
+ dependencies:
+ - locked
steps:
- - name: Set up PHP ${{ matrix.php }}
- uses: shivammathur/setup-php@v2
- with:
- php-version: ${{ matrix.php }}
- extensions: dom, sockets, grpc, curl
+ - name: ๐ฆ Check out the codebase
+ uses: actions/checkout@v4.1.4
- - name: Check Out Code
- uses: actions/checkout@v4
+ - name: ๐ ๏ธ Setup PHP
+ uses: shivammathur/setup-php@2.30.4
with:
- fetch-depth: 1
+ php-version: ${{ matrix.php-version }}
+ extensions: none, ctype, dom, json, mbstring, phar, simplexml, tokenizer, xml, xmlwriter, sockets
+ ini-values: error_reporting=E_ALL
+ coverage: none
+
+ - name: ๐ ๏ธ Setup problem matchers
+ run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
- - name: Get Composer Cache Directory
- id: composer-cache
- run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+ - name: ๐ค Validate composer.json and composer.lock
+ run: composer validate --ansi --strict
- - name: Cache Dependencies
- uses: actions/cache@v3
+ - name: ๐ Get composer cache directory
+ uses: wayofdev/gh-actions/actions/composer/get-cache-directory@v3.0.0
+
+ - name: โป๏ธ Restore cached dependencies installed with composer
+ uses: actions/cache@v4.0.2
with:
- path: ${{ steps.composer-cache.outputs.dir }}
- key: php-${{ matrix.php }}-${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
- restore-keys: php-${{ matrix.php }}-${{ runner.os }}-composer-
+ path: ${{ env.COMPOSER_CACHE_DIR }}
+ key: php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('composer.lock') }}
+ restore-keys: php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-
- - name: Install Composer Dependencies
- run: composer install --prefer-dist --no-interaction
+ - name: ๐ฅ Install "${{ matrix.dependencies }}" dependencies
+ uses: wayofdev/gh-actions/actions/composer/install@v3.0.0
+ with:
+ dependencies: ${{ matrix.dependencies }}
- - name: Verify
+ - name: ๐ Check installed packages using roave/security-advisories
run: composer require --dev roave/security-advisories:dev-latest
+
+ - name: ๐ Check installed packages for security vulnerability advisories
+ run: composer audit --ansi