-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
124 lines (102 loc) · 4.5 KB
/
sca.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Static Code Analysis
on:
- pull_request
- push
jobs:
tests:
strategy:
fail-fast: false
matrix:
operating-system:
- ubuntu-20.04
php-version:
- 8.1
name: Static Code Analysis
runs-on: ${{ matrix.operating-system }}
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php-version }}
coverage: none # without this Xdebug will be enabled
tools: cs2pr
- name: Get Composer cache directory
id: composer-cache
run: echo "::set-output name=dir::$(composer config cache-dir)"
- name: Cache dependencies
uses: actions/cache@v2
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: composer-${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.*') }}-${{ matrix.composer-flags }}
restore-keys: |
composer-${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.*') }}-
composer-${{ runner.os }}-${{ matrix.php-version }}-
composer-${{ runner.os }}-
composer-
- name: Install dependencies
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
max_attempts: 5
retry_wait_seconds: 30
command: composer update --optimize-autoloader --no-interaction --no-progress ${{ matrix.composer-flags }}
- name: Report versions
run: composer info -D
## We want to have a lock-file used on PR level, so contributors are not bothered by SCA complains unrelated to their changes,
## and same time we want to be aware that we are complying with bleeding edge of SCA tools as maintainers observing the push hook.
- name: Unlock dev-tools
if: ${{ github.event_name != 'pull_request' }}
run: rm ./dev-tools/composer.lock
- name: Install dev-tools
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
max_attempts: 5
retry_wait_seconds: 30
command: ./dev-tools/install.sh
- name: Check - file permissions
run: ./dev-tools/check_file_permissions.sh
- name: Check - trailing spaces
run: ./dev-tools/check_trailing_spaces.sh
- name: Check - phpstan
run: ./dev-tools/vendor/bin/phpstan analyse --error-format=checkstyle | cs2pr
- name: Check - composer-require-checker
run: ./dev-tools/vendor/bin/composer-require-checker check composer.json --config-file .composer-require-checker.json
- name: Check - composer normalize
run: |
composer normalize --dry-run --working-dir=./dev-tools ../composer.json
composer normalize --dry-run --working-dir=./dev-tools composer.json
- name: Check - shell scripts
run: ./dev-tools/check_shell_scripts.sh
- name: Find changed files (for pull request)
if: ${{ github.event_name == 'pull_request' }}
run: |
if git diff origin/$GITHUB_BASE_REF --name-only --diff-filter=ACMRTUXB | grep -E "\.php$"; then
echo 'CHANGED_PHP_FILES<<EOF' >> $GITHUB_ENV
git diff origin/$GITHUB_BASE_REF --name-only --diff-filter=ACMRTUXB | grep -E "\.php$" >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
fi
- name: Find changed files (for push)
if: ${{ github.event_name != 'pull_request' }}
run: |
if git diff --name-only --diff-filter=ACMRTUXB HEAD~..HEAD | grep -E "\.php$"; then
echo 'CHANGED_PHP_FILES<<EOF' >> $GITHUB_ENV
git diff --name-only --diff-filter=ACMRTUXB HEAD~..HEAD | grep -E "\.php$" >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
fi
- name: Check - phpmd
if: ${{ env.CHANGED_PHP_FILES }}
run: |
if [ '${{ github.event_name }}' == 'pull_request' ]; then
./dev-tools/vendor/bin/phpmd `echo "$CHANGED_PHP_FILES" | xargs | sed 's/ /,/g'` github phpmd.xml --exclude tests/Fixtures/
else
./dev-tools/vendor/bin/phpmd `echo "$CHANGED_PHP_FILES" | xargs | sed 's/ /,/g'` ansi phpmd.xml --exclude tests/Fixtures/
fi
- name: Check - ensure test files are not present in the archive
run: |
git archive -o /dev/null HEAD -v 2>&1 | grep tests | grep \.php \
&& (echo "Test files detected in archive" && exit 1) || echo "No test files detected in archive"