diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index dfaa0eb..b262c39 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -10,8 +10,6 @@ on: # Build any PRs and main branch changes # In case of updates to those workflows, they must be pre-checked by `pre-check-CI-updates.yml` rather than this workflow ! # Any updates on those workflows are expected to be restricted to those workflows only ! (no update on code for instance) - '.github/workflows/pre-check-CI-updates.yml' - - '.github/workflows/CI.yml' - - '.github/workflows/coverage-upload.yml' - '.github/workflows/reusable-CI-workflow.yml' - '.github/workflows/reusable-coverage-upload-workflow.yml' push: @@ -19,13 +17,15 @@ on: # Build any PRs and main branch changes schedule: - cron: '0 0 1 * *' # Every month +permissions: + contents: read + concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true env: TEST_OUTPUT_STYLE: pretty - COMPOSER_OPTIONS: --optimize-autoloader jobs: tests: diff --git a/.github/workflows/coverage-upload.yml b/.github/workflows/coverage-upload.yml index 9428e0d..7953f5d 100644 --- a/.github/workflows/coverage-upload.yml +++ b/.github/workflows/coverage-upload.yml @@ -4,9 +4,13 @@ on: workflows: ["CI"] types: [completed] +permissions: + contents: read + checks: write # For the check run creation ! + jobs: upload: - name: Upload + name: Coverage permissions: contents: read checks: write # For the check run creation ! diff --git a/.github/workflows/pre-check-CI-updates.yml b/.github/workflows/pre-check-CI-updates.yml index 701bf0c..4dde12e 100644 --- a/.github/workflows/pre-check-CI-updates.yml +++ b/.github/workflows/pre-check-CI-updates.yml @@ -12,11 +12,13 @@ on: branches: [master] # Only for PR targeting master branch paths: # /!\ Duplicate the same list as `on.pull_request.paths-ignore` property value for CI workflow ! - '.github/workflows/pre-check-CI-updates.yml' # This workflow - - '.github/workflows/CI.yml' - - '.github/workflows/coverage-upload.yml' - '.github/workflows/reusable-CI-workflow.yml' - '.github/workflows/reusable-coverage-upload-workflow.yml' +permissions: + contents: read + checks: write # For the check run creation ! + concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true @@ -29,7 +31,7 @@ jobs: uses: ./.github/workflows/reusable-CI-workflow.yml upload: - name: Upload + name: Coverage needs: [tests] permissions: contents: read diff --git a/.github/workflows/reusable-CI-workflow.yml b/.github/workflows/reusable-CI-workflow.yml index ceefc1c..4c2ab86 100644 --- a/.github/workflows/reusable-CI-workflow.yml +++ b/.github/workflows/reusable-CI-workflow.yml @@ -3,68 +3,97 @@ name: 'CI reusable workflow' on: workflow_call: +permissions: + contents: read + env: + COMPOSER_PREFER_STABLE: '1' TEST_OUTPUT_STYLE: pretty - COMPOSER_OPTIONS: --optimize-autoloader jobs: + fetch-supported-versions: + name: Fetch supported versions + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + php-min: ${{ steps.fetch-php-versions.outputs.min }} + php-max: ${{ steps.fetch-php-versions.outputs.max }} + php-next: ${{ steps.fetch-php-versions.outputs.next }} + steps: + - name: Fetch supported versions file + id: fetch-file + uses: yoanm/gha-supported-versions-parser/github-downloader@v1 + with: + file-path: .github/workflows/supported-versions.json + + - name: Fetch PHP supported versions + id: fetch-php-versions + uses: yoanm/gha-supported-versions-parser@v1 + with: + path: ${{ steps.fetch-file.outputs.path }} + dependency: php + tests: - name: PHP ${{ matrix.php-version }} + name: ${{ matrix.job-name }} + needs: [fetch-supported-versions] runs-on: ubuntu-latest + permissions: + contents: read env: COVERAGE_TYPE: none + COVERAGE_OUTPUT_STYLE: clover strategy: fail-fast: true - max-parallel: 4 matrix: include: - # Bare minimum => Lowest versions allowed by composer config - - php-version: '8.0' - composer-flag: --prefer-lowest - # Up to date versions => Latest versions allowed by composer config - - php-version: '8.2' + - job-name: Up to date versions # => Highest versions allowed by composer config + php-version: '${{ needs.fetch-supported-versions.outputs.php-max }}' + - job-name: Bare minimum # => Lowest versions allowed by composer config + php-version: '${{ needs.fetch-supported-versions.outputs.php-min }}' steps: - name: Check out code uses: actions/checkout@v4 + # Enable coverage only for specific version(s) ! + # Usually highest version(s), plus additional ones in case of code used only with specific versions - name: Enable coverage - if: ${{ matrix.php-version == '8.2' }} + if: ${{ matrix.php-version == needs.fetch-supported-versions.outputs.php-max }} run: | - echo "COVERAGE_OUTPUT_STYLE=clover" >> $GITHUB_ENV echo "COVERAGE_TYPE=xdebug" >> $GITHUB_ENV - name: Setup PHP ${{ matrix.php-version }} + id: setup-php uses: shivammathur/setup-php@v2 env: - update: true # Always use latest available patch for the version + update: true # whether to use latest available patch for the version or not fail-fast: true # step will fail if an extension or tool fails to set up with: - php-version: '${{ matrix.php-version }}' + php-version: ${{ matrix.php-version }} tools: composer coverage: ${{ env.COVERAGE_TYPE }} - - name: Setup cache - id: cache + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Setup cache for PHP ${{ steps.setup-php.outputs.php-version }} uses: actions/cache@v4 with: path: | - ~/.composer - ./vendor - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ matrix.php-version }}-${{ matrix.composer-flag }}-${{ hashFiles('composer.json') }} + ${{ steps.composer-cache.outputs.dir }} + # Clear the cache if composer.json (as composer.lock is not available) has been updated + key: tests-php${{ steps.setup-php.outputs.php-version }}-${{ hashFiles('composer.json') }} - - name: Build - run: | - composer update ${{ env.COMPOSER_OPTIONS }} ${{ matrix.composer-flag }} \ - && make build + - name: Build with PHP ${{ steps.setup-php.outputs.php-version }} + run: make build - name: Tests run: make test-unit && make test-functional - name: Create "unit tests" reports group if: ${{ env.COVERAGE_TYPE == 'xdebug' }} - id: unit-tests-coverage-group - uses: yoanm/temp-reports-group-workspace/gha-create@v0 + uses: yoanm/temp-reports-group-workspace/create-group@v0 with: name: unit-tests format: clover @@ -74,10 +103,9 @@ jobs: php-${{ matrix.php-version }} path: build/coverage-groups - - name: Create "functional tests" coverage group + - name: Create "functional tests" reports group if: ${{ env.COVERAGE_TYPE == 'xdebug' }} - id: functional-tests-coverage-group - uses: yoanm/temp-reports-group-workspace/gha-create@v0 + uses: yoanm/temp-reports-group-workspace/create-group@v0 with: name: functional-tests format: clover @@ -93,36 +121,45 @@ jobs: if: ${{ env.COVERAGE_TYPE == 'xdebug' }} uses: actions/upload-artifact@v4 with: - name: coverage-groups-php${{ matrix.php-version }} + name: coverage-groups-php${{ steps.setup-php.outputs.php-version }} path: build/coverage-groups if-no-files-found: error static-checks: name: Static analysis + needs: [fetch-supported-versions] runs-on: ubuntu-latest + permissions: + contents: read + env: + PHP_VERSION: ${{ needs.fetch-supported-versions.outputs.php-max }} steps: - uses: actions/checkout@v4 - - name: Setup PHP 8.2 + - name: Setup PHP ${{ env.PHP_VERSION }} + id: setup-php uses: shivammathur/setup-php@v2 + env: + update: true # Always use latest available patch for the version + fail-fast: true # step will fail if an extension or tool fails to set up with: - php-version: 8.2 # Latest supported + php-version: ${{ env.PHP_VERSION }} tools: composer coverage: none - env: - # Always use latest available patch for the version - update: true - - name: Setup cache - id: cache + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Setup cache for PHP ${{ steps.setup-php.outputs.php-version }} uses: actions/cache@v4 with: path: | - ~/.composer - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ env.PHP_VERSION }}-${{ hashFiles('composer.json') }} + ${{ steps.composer-cache.outputs.dir }} + # Clear the cache if composer.json (as composer.lock is not available) has been updated + key: tests-php${{ steps.setup-php.outputs.php-version }}-${{ hashFiles('composer.json') }} - - name: Build + - name: Build with PHP ${{ steps.setup-php.outputs.php-version }} run: make build - name: ComposerRequireChecker @@ -133,47 +170,45 @@ jobs: uses: actions/dependency-review-action@v4 nightly-tests: - name: Nightly - PHP ${{ matrix.php-version }} + name: Nightly + needs: [ fetch-supported-versions, tests ] + if: ${{ github.event_name == 'push' || ( github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'with-nightly-tests') ) }} runs-on: ubuntu-latest - env: - COMPOSER_OPTIONS: '--optimize-autoloader --ignore-platform-req=php+' + permissions: + contents: read continue-on-error: true - needs: [ static-checks, tests ] - strategy: - fail-fast: false - max-parallel: 4 - matrix: - php-version: - - '8.3' # Current php dev version - + env: + PHP_VERSION: ${{ needs.fetch-supported-versions.outputs.php-next }} + COMPOSER_IGNORE_PLATFORM_REQ: 'php+' steps: - name: Check out code uses: actions/checkout@v4 - - name: Setup PHP ${{ matrix.php-version }} + - name: Setup PHP ${{ env.PHP_VERSION }} + id: setup-php uses: shivammathur/setup-php@v2 + env: + update: true # whether to use latest available patch for the version or not + fail-fast: true # step will fail if an extension or tool fails to set up with: - php-version: '${{ matrix.php-version }}' + php-version: ${{ env.PHP_VERSION }} tools: composer coverage: none - env: - # Always use latest available patch for the version - update: true - - name: Setup cache - id: cache + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Setup cache for PHP ${{ steps.setup-php.outputs.php-version }} uses: actions/cache@v4 with: path: | - ~/.composer - ./vendor - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ matrix.php-version }}-${{ hashFiles('composer.json') }} + ${{ steps.composer-cache.outputs.dir }} + # Clear the cache if composer.json (as composer.lock is not available) has been updated + key: tests-php${{ steps.setup-php.outputs.php-version }}-${{ hashFiles('composer.json') }} - - name: Build - run: | - composer update ${{ env.COMPOSER_OPTIONS }} \ - && make build + - name: Build with PHP ${{ steps.setup-php.outputs.php-version }} + run: make build - name: Test run: make test-unit && make test-functional diff --git a/.github/workflows/reusable-coverage-upload-workflow.yml b/.github/workflows/reusable-coverage-upload-workflow.yml index f9b26b5..a28b160 100644 --- a/.github/workflows/reusable-coverage-upload-workflow.yml +++ b/.github/workflows/reusable-coverage-upload-workflow.yml @@ -8,6 +8,10 @@ on: CODECOV_TOKEN: required: true +permissions: + contents: read + checks: write # For the check run creation ! + jobs: fetch-info: name: Fetch triggering workflow metadata @@ -17,17 +21,19 @@ jobs: checks: write # For the check run creation ! steps: - name: 'Check run ○' - uses: yoanm/temp-reports-group-workspace/gha-attach-check-run-to-triggering-workflow@v0 + uses: yoanm/temp-reports-group-workspace/utils/attach-check-run-to-triggering-workflow@v0 with: - name: 'Fetch coverage info' + name: 'Fetch triggering workflow metadata' fails-on-triggering-workflow-failure: true - - uses: yoanm/temp-reports-group-workspace/gha-fetch-workflow-metadata@v0 + - uses: yoanm/temp-reports-group-workspace/utils/fetch-workflow-metadata@v0 id: fetch-workflow-metadata outputs: commit-sha: ${{ steps.fetch-workflow-metadata.outputs.commit-sha }} run-id: ${{ steps.fetch-workflow-metadata.outputs.run-id }} + branch: ${{ steps.fetch-workflow-metadata.outputs.branch }} + pull-request: ${{ steps.fetch-workflow-metadata.outputs.pull-request }} codacy-uploader: name: Codacy @@ -60,6 +66,6 @@ jobs: run-id: ${{ needs.fetch-info.outputs.run-id }} force-git-commit: ${{ needs.fetch-info.outputs.commit-sha }} force-git-branch: ${{ needs.fetch-info.outputs.branch }} - force-gh-pr: ${{ needs.fetch-info.outputs.pr-number }} + force-gh-pr: ${{ needs.fetch-info.outputs.pull-request }} force-uploader-build: ${{ needs.fetch-info.outputs.run-id }} force-uploader-build-url: ${{ needs.fetch-info.outputs.run-url }} diff --git a/.github/workflows/supported-versions.json b/.github/workflows/supported-versions.json new file mode 100644 index 0000000..23dc44d --- /dev/null +++ b/.github/workflows/supported-versions.json @@ -0,0 +1,3 @@ +{ + "php": {"min": "8.0", "max": "8.2", "next": "8.3"} +} diff --git a/composer.json b/composer.json index b0a8e16..a49b534 100644 --- a/composer.json +++ b/composer.json @@ -37,7 +37,7 @@ }, "require-dev": { "ext-json": "*", - "behat/behat": "^3.9.0", + "behat/behat": "^3.9.0,<=3.16.1", "dvdoug/behat-code-coverage": "^5.0", "phpspec/prophecy": "^1.15", "phpspec/prophecy-phpunit": "^2.0",