deployer-wordpress/.github/workflows/code-quality.yml at master · gaambo/deployer-wordpress · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: Code Quality

on:
  push:
  pull_request:
  # Allow manually triggering the workflow.
  workflow_dispatch:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  code-quality:
    name: Run Code Quality Checks (PHP ${{ matrix.php }}, Deployer ${{ matrix.deployer }})
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
      contents: read
      checks: write # needed for cs2pr to post inline annotations
    strategy:
      matrix:
        include:
          - { php: '8.2', deployer: '7.3' }
          - { php: '8.2', deployer: '7.4' }
          - { php: '8.2', deployer: '7.5' }
          - { php: '8.3', deployer: '7.3' }
          - { php: '8.3', deployer: '7.4' }
          - { php: '8.3', deployer: '7.5' }
          - { php: '8.3', deployer: '8.0' }
          - { php: '8.4', deployer: '8.0' }
          - { php: '8.5', deployer: '8.0' }
      fail-fast: false

    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          # Do not store git credentials in .git -> could be leaked/exposed by infected/malicious action.
          persist-credentials: false

      # Setup PHP with Composer and cs2pr
      - name: Setup PHP and tools
        uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # v2.37.1
        with:
          php-version: ${{ matrix.php }}
          tools: composer:v2, cs2pr

      - name: Validate composer.json
        run: composer validate --strict

      - name: Set Deployer version constraint
        env:
          DEPLOYER_VERSION: ${{ matrix.deployer }}
        run: composer require --no-update deployer/deployer:"${DEPLOYER_VERSION}.*"

      # Install dependencies with caching — uses `composer update` (highest) so the pinned
      # deployer constraint above is actually resolved.
      - name: Install Composer dependencies
        uses: ramsey/composer-install@65e4f84970763564f46a70b8a54b90d033b3bdda # v4.0.0
        with:
          dependency-versions: highest
          composer-options: '--prefer-dist --no-progress'

      - name: Audit Composer packages
        run: composer audit

      - name: Run PHP syntax linting
        run: composer run-script lint

      # Run PHP CodeSniffer with GitHub annotations
      - name: Run PHP CodeSniffer
        run: |
          composer run-script phpcs -- --standard=phpcs.xml --report-checkstyle=./phpcs-report.xml
          cs2pr ./phpcs-report.xml

      # Run PHPStan with GitHub annotations
      - name: Run PHPStan
        run: |
          composer run-script phpstan -- --error-format=checkstyle > phpstan-report.xml
          cs2pr ./phpstan-report.xml