Skip to content

Update 'Build, test & measure' status badge for ft-privacy #166

Update 'Build, test & measure' status badge for ft-privacy

Update 'Build, test & measure' status badge for ft-privacy #166

name: Build, test & measure
on:
workflow_call:
pull_request:
push:
# dorny/paths-filter requires this action to run only on 'push' or 'pull_request' events
jobs:
pre-run:
name: 'Pre run'
runs-on: ubuntu-latest
outputs:
changed-php: ${{ steps.filter.outputs.php }}
changed-php_files: ${{ steps.filter.outputs.php_files }}
changed-json: ${{ steps.filter.outputs.json }}
steps:
- uses: actions/checkout@v3
# Checks to see if any files in the PR match one of the listed file types.
# We can use this filter to decide whether or not to run linters or tests.
# You can check if a file with a listed file type is in the PR by doing:
# if: ${{ steps.filter.outputs.md == 'true' }}
# This will return true if there's a markdown file that was changed
# in the PR.
- uses: dorny/[email protected]
id: filter
# run: echo "{changed-php}=${{ steps.filter.outputs.php }}" >> $GITHUB_OUTPUT
with:
# Enable listing of files matching each filter.
# Paths to files will be available in `${FILTER_NAME}_files` output variable.
# Paths will be escaped and space-delimited.
# Output is usable as command line argument list in linux shell
list-files: shell
# It doesn't make sense to lint deleted files.
# Therefore we specify we are only interested in added or modified files.
filters: |
md:
- added|modified: '**/*.md'
js:
- added|modified: '**/*.js'
json:
- added|modified: '**/*.json'
yml:
- added|modified: '**/*.yml'
scss:
- added|modified: '**/*.scss'
php:
- added|modified: '**/*.php'
#-----------------------------------------------------------------------------------------------------------------------
lint-json:
name: 'Lint: .json files'
needs: pre-run
# only run for changed .json files AND when it is a pull_request
# because 'github.base_ref' will not be available on push
if: needs.pre-run.outputs.changed-json == 'true' && github.base_ref != null
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Configure Composer cache
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Validate composer.json
run: composer --no-interaction validate --no-check-all
# - name: Validate package.json
# run: ...
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
- name: Dependency Review
uses: actions/dependency-review-action@v2
- name: Install Composer dependencies
run: composer install --prefer-dist --optimize-autoloader --no-progress --no-interaction
- name: Normalize composer.json
run: composer normalize --dry-run
#-----------------------------------------------------------------------------------------------------------------------
lint-php:
name: 'Lint: PHP'
needs: pre-run
if: needs.pre-run.outputs.changed-php == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.0
coverage: none
tools: cs2pr
- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Configure Composer cache
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install --prefer-dist --optimize-autoloader --no-progress --no-interaction
- name: Detect coding standard violations (PHPCS)
run: vendor/bin/phpcs -q --report=checkstyle --runtime-set ignore_errors_on_exit 1 --runtime-set ignore_warnings_on_exit 1 | cs2pr --graceful-warnings
#-----------------------------------------------------------------------------------------------------------------------
static-analysis-php:
name: 'Static Analysis: PHP'
runs-on: ubuntu-latest
needs: pre-run
if: needs.pre-run.outputs.changed-php == 'true'
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
# phpstan requires PHP 7.1+.
php-version: 8.0
extensions: dom, iconv, json, libxml, zip
coverage: none
tools: cs2pr
- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Configure Composer cache
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install
- name: Static Analysis (PHPStan)
run: |
vendor/bin/phpstan --version
vendor/bin/phpstan analyse . --error-format=checkstyle | cs2pr
# vendor/bin/phpstan analyse -nvv ${{ needs.pre-run.outputs.changed-php_files }}