diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b7dd1d2..24db029 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,80 @@ version: 2 updates: -- package-ecosystem: composer - directory: "/" - schedule: - interval: monthly - open-pull-requests-limit: 10 +# +# +# [GHAction] +# Based on https://github.com/yoanm/shared-config/blob/master/GitHub/dependabot/github-action.yml file +# + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: sunday # Create PRs during week-ends, they will be ready on monday morning + commit-message: + prefix: '[dependabot][ghaction] - ' # No need to specify prod/dev for GHAction as there is only "production" updates ! + include: scope + groups: +# Group all basic updates inside the a single PR +# No need to split prod/dev as there is only prod updates + all-actions: + applies-to: version-updates + patterns: ['*'] +# Group all security updates inside the a single PR +# No need to split prod/dev as there is only prod updates +# +Most likely no need to split major and other updates either + SECURITY-all: + applies-to: security-updates + patterns: ['*'] +# +# +# [Composer] +# Based on https://github.com/yoanm/shared-config/blob/master/GitHub/dependabot/composer.yml file +# + - package-ecosystem: composer + directory: / + schedule: # Create PRs during week-ends, they will be ready on monday morning + interval: weekly + day: sunday + versioning-strategy: widen + commit-message: + prefix: '[dependabot][prod][composer] - ' + prefix-development: '[dependabot][dev][composer] - ' + include: scope + groups: +# Split basic updates by: +# - prod vs dev +# - major vs others (assuming packages properly follow semver !) + prod-majors: + applies-to: version-updates + dependency-type: production + update-types: ['major'] + patterns: ['*'] + prod-others: + applies-to: version-updates + dependency-type: production + patterns: ['*'] + dev-majors: + applies-to: version-updates + dependency-type: development + update-types: ['major'] + patterns: ['*'] + dev-others: + applies-to: version-updates + dependency-type: development + patterns: ['*'] +# Split security updates by: +# - prod vs dev +# - Major prod updates vs other prod updates + SECURITY-prod-major: + applies-to: security-updates + dependency-type: production + update-types: ['major'] + patterns: ['*'] + SECURITY-prod: + applies-to: security-updates + dependency-type: production + patterns: ['*'] + SECURITY-dev: + applies-to: security-updates + dependency-type: development + patterns: ['*'] diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index c706207..3d1adef 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -4,8 +4,15 @@ on: # Build any PRs and main branch changes pull_request: types: - opened - - edited - synchronize + paths-ignore: + # In case of updates to those workflows, they must be pre-checked by `pre-check-CI-updates.yml` rather than this workflow ! + # Any updates on those workflows are expected to be restricted to those workflows only ! (no update on code for instance) + - '.github/workflows/pre-check-CI-updates.yml' + - '.github/workflows/CI.yml' + - '.github/workflows/coverage-upload.yml' + - '.github/workflows/reusable-CI-workflow.yml' + - '.github/workflows/reusable-coverage-upload-workflow.yml' push: branches: [ master ] schedule: @@ -15,237 +22,9 @@ concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true -env: - TEST_OUTPUT_STYLE: pretty - COMPOSER_OPTIONS: --optimize-autoloader - CODACY_CACHE_PATH: ~/.cache/codacy - CODACY_BIN: ~/.cache/codacy/codacy.sh - jobs: tests: - name: UTs & FTs - Symfony ${{ matrix.symfony-version }} - runs-on: ubuntu-latest - env: - COVERAGE_TYPE: none - strategy: - fail-fast: true - max-parallel: 4 - matrix: - include: - # Bare minimum => Lowest versions allowed by composer config - - symfony-version: '4.4' - php-version: '8.0' - composer-flag: --prefer-lowest - # Up to date versions => Latest versions allowed by composer config - - symfony-version: '5.4' - php-version: '8.2' - # Late symfony migration => Lowest symfony version with latest minor php version allowed by composer config - - symfony-version: '4.4' - php-version: '8.2' - composer-flag: --prefer-lowest - # Late php migration => Latest symfony version with lowest minor php version allowed by composer config - - symfony-version: '5.4' - php-version: '8.0' - # Symfony 6.0 latest - - symfony-version: '6.0' - php-version: '8.2' - # Symfony 6.0 lowest - - symfony-version: '6.0' - php-version: '8.0' - composer-flag: --prefer-lowest - steps: - - name: Check out code - uses: actions/checkout@v3 - - - name: Enable coverage - if: ${{ matrix.php-version == '8.2' }} - run: | - echo "COVERAGE_OUTPUT_STYLE=clover" >> $GITHUB_ENV - echo "COVERAGE_TYPE=xdebug" >> $GITHUB_ENV - - - name: Setup PHP ${{ matrix.php-version }} - uses: shivammathur/setup-php@v2 - with: - php-version: '${{ matrix.php-version }}' - tools: composer - coverage: ${{ env.COVERAGE_TYPE }} - env: - # Always use latest available patch for the version - update: true - - - name: Setup cache - id: cache - uses: actions/cache@v3 - with: - path: | - ~/.composer - ./vendor - ${{ env.CODACY_CACHE_PATH }} - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ matrix.php-version }}-${{ matrix.symfony-version }}-${{ matrix.composer-flag }}-${{ hashFiles('composer.json') }} - - - name: Download codacy binary - if: steps.cache.outputs.cache-hit != 'true' - run: | - mkdir -p ${{ env.CODACY_CACHE_PATH }} \ - && curl -LN https://coverage.codacy.com/get.sh -o ${{ env.CODACY_BIN }} \ - && chmod +x ${{ env.CODACY_BIN }} \ - && ${{ env.CODACY_BIN }} download - - - name: Build - run: | - SF_VERSION=${{ matrix.symfony-version }} - # Issue with ParamterBag below 4.4.30 => https://github.com/symfony/symfony/commit/3eca446b21607ea1c7a865ece2dd8254c33679cc - test '${{ matrix.symfony-version }}' = '4.4' && test '${{ matrix.php-version }}' = '8.2' && SF_VERSION=4.4.30 - composer require -W ${{ env.COMPOSER_OPTIONS }} ${{ matrix.composer-flag }} \ - symfony/validator:^$SF_VERSION \ - && composer update ${{ env.COMPOSER_OPTIONS }} ${{ matrix.composer-flag }} \ - && make build - - - name: Tests - run: make test-unit && make test-functional - - # Upload to codacy first as codecov action always remove coverage files despite move_coverage_to_trash at false - # And only if it's not a PR from a fork => Can't work as codacy secret is not accessible in that context - - name: Upload coverages to Codacy - if: ${{ (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'yoanm/php-jsonrpc-params-symfony-validator-sdk') && env.COVERAGE_TYPE == 'xdebug' }} - run: ${{ env.CODACY_BIN }} report -r build/coverage-phpunit/unit.clover -r build/coverage-behat/clover.xml -r build/coverage-phpunit/functional.clover -t ${{ secrets.CODACY_PROJECT_TOKEN }} --partial - - # See the reports at https://codecov.io/gh/yoanm/php-jsonrpc-params-symfony-validator-sdk - - name: Upload unit tests coverage to codecov - if: ${{ env.COVERAGE_TYPE == 'xdebug' }} - uses: codecov/codecov-action@v3 - with: - file: "build/coverage-phpunit/unit.clover" - name: "unit-tests-${{ matrix.php-version }}-${{ matrix.symfony-version }}" - flags: "unit-tests,php-${{ matrix.php-version }},sf-${{ matrix.symfony-version }}" - fail_ci_if_error: true - move_coverage_to_trash: false - verbose: ${{ runner.debug == '1' }} - - - name: Upload functional tests coverage to codecov - if: ${{ env.COVERAGE_TYPE == 'xdebug' }} - uses: codecov/codecov-action@v3 - with: - files: "build/coverage-behat/clover.xml,build/coverage-phpunit/functional.clover" - name: "functional-tests-${{ matrix.php-version }}-${{ matrix.symfony-version }}" - flags: "functional-tests,php-${{ matrix.php-version }},sf-${{ matrix.symfony-version }}" - fail_ci_if_error: true - move_coverage_to_trash: false - verbose: ${{ runner.debug == '1' }} - - static-checks: - name: Static checks - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Setup PHP 8.2 - uses: shivammathur/setup-php@v2 - with: - php-version: 8.2 # Latest supported - tools: composer - coverage: none - env: - # Always use latest available patch for the version - update: true - - - name: Setup cache - id: cache - uses: actions/cache@v3 - with: - path: | - ~/.composer - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ env.PHP_VERSION }}-${{ hashFiles('composer.json') }} - - - name: Build - run: make build - - - name: ComposerRequireChecker - uses: docker://webfactory/composer-require-checker:4.5.0 - - - name: Dependencies check - if: ${{ github.event_name == 'pull_request' }} - uses: actions/dependency-review-action@v1 - - finalize-codacy-coverage-report: - runs-on: ubuntu-latest - name: Finalize Codacy coverage report - if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == 'yoanm/php-jsonrpc-params-symfony-validator-sdk' }} - needs: [ tests ] - steps: - - name: Setup cache - id: cache - uses: actions/cache@v3 - with: - path: | - ${{ env.CODACY_CACHE_PATH }} - key: codacy-final - - - name: Download codacy binary - if: steps.cache.outputs.cache-hit != 'true' - run: | - mkdir -p ${{ env.CODACY_CACHE_PATH }} \ - && curl -LN https://coverage.codacy.com/get.sh -o ${{ env.CODACY_BIN }} \ - && chmod +x ${{ env.CODACY_BIN }} \ - && ${{ env.CODACY_BIN }} download - - - name: Finalize reporting - run: ${{ env.CODACY_BIN }} final -t ${{ secrets.CODACY_PROJECT_TOKEN }} - - nightly-tests: - name: Nightly - Symfony ${{ matrix.symfony-version }} - runs-on: ubuntu-latest - env: - COMPOSER_OPTIONS: '--optimize-autoloader --ignore-platform-req=php+' - continue-on-error: true - needs: [ static-checks, tests ] - strategy: - fail-fast: false - max-parallel: 4 - matrix: - php-version: - - '8.3' # Current php dev version - symfony-version: - - '4.4' # Lowest LTS - - '5.4' # Latest LTS - - '6.0' # Current major version - include: - - symfony-version: '6.3' # Next symfony minor version to manage with latest supported PHP version - php-version: '8.2' - - steps: - - name: Check out code - uses: actions/checkout@v3 - - - name: Setup PHP ${{ matrix.php-version }} - uses: shivammathur/setup-php@v2 - with: - php-version: '${{ matrix.php-version }}' - tools: composer - coverage: none - env: - # Always use latest available patch for the version - update: true - - - name: Setup cache - id: cache - uses: actions/cache@v3 - with: - path: | - ~/.composer - ./vendor - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ matrix.php-version }}-${{ matrix.symfony-version }}-${{ hashFiles('composer.json') }} - - - name: Build - run: | - composer config minimum-stability dev \ - && composer require -W ${{ env.COMPOSER_OPTIONS }} \ - symfony/validator:^${{ matrix.symfony-version }} \ - && composer update ${{ env.COMPOSER_OPTIONS }} \ - && make build - - - name: Test - run: make test-unit && make test-functional + name: Tests + permissions: + contents: read + uses: ./.github/workflows/reusable-CI-workflow.yml diff --git a/.github/workflows/coverage-upload.yml b/.github/workflows/coverage-upload.yml new file mode 100644 index 0000000..9428e0d --- /dev/null +++ b/.github/workflows/coverage-upload.yml @@ -0,0 +1,16 @@ +name: 'Coverage' +on: + workflow_run: + workflows: ["CI"] + types: [completed] + +jobs: + upload: + name: Upload + permissions: + contents: read + checks: write # For the check run creation ! + secrets: + CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + uses: ./.github/workflows/reusable-coverage-upload-workflow.yml diff --git a/.github/workflows/pre-check-CI-updates.yml b/.github/workflows/pre-check-CI-updates.yml new file mode 100644 index 0000000..701bf0c --- /dev/null +++ b/.github/workflows/pre-check-CI-updates.yml @@ -0,0 +1,40 @@ +name: 'Test CI updates' +# [DESCRIPTION] +# As CI workflow relies on `workflow_run` trigger for upload, this workflow is used in order to ease updates made on +# CI workflow (or linked workflows/actions). It's kind of pre-check to ensure once updates are merged on main branch, +# the `workflow_run` workflow execution will behave as expected. + +on: + pull_request: + types: + - opened + - synchronize + branches: [master] # Only for PR targeting master branch + paths: # /!\ Duplicate the same list as `on.pull_request.paths-ignore` property value for CI workflow ! + - '.github/workflows/pre-check-CI-updates.yml' # This workflow + - '.github/workflows/CI.yml' + - '.github/workflows/coverage-upload.yml' + - '.github/workflows/reusable-CI-workflow.yml' + - '.github/workflows/reusable-coverage-upload-workflow.yml' + +concurrency: + group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" + cancel-in-progress: true + +jobs: + tests: + name: Tests + permissions: + contents: read + uses: ./.github/workflows/reusable-CI-workflow.yml + + upload: + name: Upload + needs: [tests] + permissions: + contents: read + checks: write # For the check run creation ! + secrets: + CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + uses: ./.github/workflows/reusable-coverage-upload-workflow.yml diff --git a/.github/workflows/reusable-CI-workflow.yml b/.github/workflows/reusable-CI-workflow.yml new file mode 100644 index 0000000..5faa40b --- /dev/null +++ b/.github/workflows/reusable-CI-workflow.yml @@ -0,0 +1,212 @@ +name: 'CI reusable workflow' + +on: + workflow_call: + +env: + TEST_OUTPUT_STYLE: pretty + COMPOSER_OPTIONS: --optimize-autoloader + +jobs: + tests: + name: PHP ${{ matrix.php-version }} - Symfony ${{ matrix.symfony-version }} + runs-on: ubuntu-latest + env: + COVERAGE_TYPE: none + strategy: + fail-fast: true + max-parallel: 4 + matrix: + include: + # Bare minimum => Lowest versions allowed by composer config + - symfony-version: '4.4' + php-version: '8.0' + composer-flag: --prefer-lowest + # Up to date versions => Latest versions allowed by composer config + - symfony-version: '5.4' + php-version: '8.2' + # Late symfony migration => Lowest symfony version with latest minor php version allowed by composer config + - symfony-version: '4.4' + php-version: '8.2' + composer-flag: --prefer-lowest + # Late php migration => Latest symfony version with lowest minor php version allowed by composer config + - symfony-version: '5.4' + php-version: '8.0' + # Symfony 6.0 latest + - symfony-version: '6.0' + php-version: '8.2' + # Symfony 6.0 lowest + - symfony-version: '6.0' + php-version: '8.0' + composer-flag: --prefer-lowest + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Enable coverage + if: ${{ matrix.php-version == '8.2' }} + run: | + echo "COVERAGE_OUTPUT_STYLE=clover" >> $GITHUB_ENV + echo "COVERAGE_TYPE=xdebug" >> $GITHUB_ENV + + - name: Setup PHP ${{ matrix.php-version }} + uses: shivammathur/setup-php@v2 + env: + update: true # Always use latest available patch for the version + fail-fast: true # step will fail if an extension or tool fails to set up + with: + php-version: '${{ matrix.php-version }}' + tools: composer + coverage: ${{ env.COVERAGE_TYPE }} + + - name: Setup cache + id: cache + uses: actions/cache@v4 + with: + path: | + ~/.composer + ./vendor + # Clear the cache if composer json (as composer.lock is in the repo) has been updated + key: tests-${{ matrix.php-version }}-${{ matrix.symfony-version }}-${{ matrix.composer-flag }}-${{ hashFiles('composer.json') }} + + - name: Build + run: | + SF_VERSION=${{ matrix.symfony-version }} + # Issue with ParamterBag below 4.4.30 => https://github.com/symfony/symfony/commit/3eca446b21607ea1c7a865ece2dd8254c33679cc + test '${{ matrix.symfony-version }}' = '4.4' && test '${{ matrix.php-version }}' = '8.2' && SF_VERSION=4.4.30 + composer require -W ${{ env.COMPOSER_OPTIONS }} ${{ matrix.composer-flag }} \ + symfony/validator:^$SF_VERSION \ + && composer update ${{ env.COMPOSER_OPTIONS }} ${{ matrix.composer-flag }} \ + && make build + + - name: Tests + run: make test-unit && make test-functional + + - name: Create "unit tests" reports group + if: ${{ env.COVERAGE_TYPE == 'xdebug' }} + id: unit-tests-coverage-group + uses: yoanm/temp-reports-group-workspace/gha-create@v0 + with: + name: unit-tests + format: clover + files: build/coverage-phpunit/unit.clover + flags: | + unit-tests + php-${{ matrix.php-version }} + sf-${{ matrix.symfony-version }} + path: build/coverage-groups + + - name: Create "functional tests" coverage group + if: ${{ env.COVERAGE_TYPE == 'xdebug' }} + id: functional-tests-coverage-group + uses: yoanm/temp-reports-group-workspace/gha-create@v0 + with: + name: functional-tests + format: clover + files: | + build/coverage-phpunit/functional.clover + build/coverage-behat/clover.xml + flags: | + functional-tests + php-${{ matrix.php-version }} + sf-${{ matrix.symfony-version }} + path: build/coverage-groups + + - name: Upload coverage reports + if: ${{ env.COVERAGE_TYPE == 'xdebug' }} + uses: actions/upload-artifact@v4 + with: + name: coverage-groups-php${{ matrix.php-version }}-sf${{ matrix.symfony-version }} + path: build/coverage-groups + if-no-files-found: error + + static-checks: + name: Static analysis + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Setup PHP 8.2 + uses: shivammathur/setup-php@v2 + with: + php-version: 8.2 # Latest supported + tools: composer + coverage: none + env: + # Always use latest available patch for the version + update: true + + - name: Setup cache + id: cache + uses: actions/cache@v4 + with: + path: | + ~/.composer + # Clear the cache if composer json (as composer.lock is in the repo) has been updated + key: tests-${{ env.PHP_VERSION }}-${{ hashFiles('composer.json') }} + + - name: Build + run: make build + + - name: ComposerRequireChecker + uses: docker://webfactory/composer-require-checker:4.5.0 + + - name: Dependencies check + if: ${{ github.event_name == 'pull_request' }} + uses: actions/dependency-review-action@v4 + + nightly-tests: + name: Nightly - Symfony ${{ matrix.symfony-version }} + runs-on: ubuntu-latest + env: + COMPOSER_OPTIONS: '--optimize-autoloader --ignore-platform-req=php+' + continue-on-error: true + needs: [ static-checks, tests ] + strategy: + fail-fast: false + max-parallel: 4 + matrix: + php-version: + - '8.3' # Current php dev version + symfony-version: + - '4.4' # Lowest LTS + - '5.4' # Latest LTS + - '6.0' # Current major version + include: + - symfony-version: '6.3' # Next symfony minor version to manage with latest supported PHP version + php-version: '8.2' + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Setup PHP ${{ matrix.php-version }} + uses: shivammathur/setup-php@v2 + with: + php-version: '${{ matrix.php-version }}' + tools: composer + coverage: none + env: + # Always use latest available patch for the version + update: true + + - name: Setup cache + id: cache + uses: actions/cache@v4 + with: + path: | + ~/.composer + ./vendor + # Clear the cache if composer json (as composer.lock is in the repo) has been updated + key: tests-${{ matrix.php-version }}-${{ matrix.symfony-version }}-${{ hashFiles('composer.json') }} + + - name: Build + run: | + composer config minimum-stability dev \ + && composer require -W ${{ env.COMPOSER_OPTIONS }} \ + symfony/validator:^${{ matrix.symfony-version }} \ + && composer update ${{ env.COMPOSER_OPTIONS }} \ + && make build + + - name: Test + run: make test-unit && make test-functional diff --git a/.github/workflows/reusable-coverage-upload-workflow.yml b/.github/workflows/reusable-coverage-upload-workflow.yml new file mode 100644 index 0000000..f9b26b5 --- /dev/null +++ b/.github/workflows/reusable-coverage-upload-workflow.yml @@ -0,0 +1,65 @@ +name: 'Coverage upload reusable workflow' + +on: + workflow_call: + secrets: + CODACY_PROJECT_TOKEN: + required: true + CODECOV_TOKEN: + required: true + +jobs: + fetch-info: + name: Fetch triggering workflow metadata + runs-on: ubuntu-latest + permissions: + contents: read + checks: write # For the check run creation ! + steps: + - name: 'Check run ○' + uses: yoanm/temp-reports-group-workspace/gha-attach-check-run-to-triggering-workflow@v0 + with: + name: 'Fetch coverage info' + fails-on-triggering-workflow-failure: true + + - uses: yoanm/temp-reports-group-workspace/gha-fetch-workflow-metadata@v0 + id: fetch-workflow-metadata + + outputs: + commit-sha: ${{ steps.fetch-workflow-metadata.outputs.commit-sha }} + run-id: ${{ steps.fetch-workflow-metadata.outputs.run-id }} + + codacy-uploader: + name: Codacy + needs: [fetch-info] + uses: yoanm/temp-reports-group-workspace/.github/workflows/codacy-upload-from-artifacts.yml@v0 + permissions: + contents: read + checks: write # For the check run creation ! + secrets: + PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} + with: + artifacts-pattern: coverage-groups-* + run-id: ${{ needs.fetch-info.outputs.run-id }} + force-git-commit: ${{ needs.fetch-info.outputs.commit-sha }} + # force-uploader-language: ... + # force-uploader-coverage-parser: ... + # force-uploader-cli-version: ... + + codecov-uploader: + name: Codecov + needs: [fetch-info] + uses: yoanm/temp-reports-group-workspace/.github/workflows/codecov-upload-from-artifacts.yml@v0 + permissions: + contents: read + checks: write # For the check run creation ! + secrets: + TOKEN: ${{ secrets.CODECOV_TOKEN }} + with: + artifacts-pattern: coverage-groups-* + run-id: ${{ needs.fetch-info.outputs.run-id }} + force-git-commit: ${{ needs.fetch-info.outputs.commit-sha }} + force-git-branch: ${{ needs.fetch-info.outputs.branch }} + force-gh-pr: ${{ needs.fetch-info.outputs.pr-number }} + force-uploader-build: ${{ needs.fetch-info.outputs.run-id }} + force-uploader-build-url: ${{ needs.fetch-info.outputs.run-url }}