generated from figuren-theater/new-ft-module
-
Notifications
You must be signed in to change notification settings - Fork 0
262 lines (221 loc) · 9.44 KB
/
build-test-measure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
name: Build, test & measure
on:
workflow_call:
pull_request:
push:
# dorny/paths-filter requires this action to run only on 'push' or 'pull_request' events
jobs:
pre-run:
name: 'Pre run'
runs-on: ubuntu-latest
outputs:
changed-php: ${{ steps.filter.outputs.php }}
changed-php_files: ${{ steps.filter.outputs.php_files }}
changed-json: ${{ steps.filter.outputs.json }}
changed-js: ${{ steps.filter.outputs.js }}
changed-css: ${{ steps.filter.outputs.css }}
steps:
- uses: actions/checkout@v4
# Checks to see if any files in the PR match one of the listed file types.
# We can use this filter to decide whether or not to run linters or tests.
# You can check if a file with a listed file type is in the PR by doing:
# if: ${{ steps.filter.outputs.md == 'true' }}
# This will return true if there's a markdown file that was changed
# in the PR.
- uses: dorny/paths-filter@v2.11.1
id: filter
# run: echo "{changed-php}=${{ steps.filter.outputs.php }}" >> $GITHUB_OUTPUT
with:
# Enable listing of files matching each filter.
# Paths to files will be available in `${FILTER_NAME}_files` output variable.
# Paths will be escaped and space-delimited.
# Output is usable as command line argument list in linux shell
list-files: shell
# It doesn't make sense to lint deleted files.
# Therefore we specify we are only interested in added or modified files.
filters: |
md:
- added|modified: '**/*.md'
js:
- added|modified: '**/*.js'
json:
- added|modified: '**/*.json'
yml:
- added|modified: '**/*.yml'
css:
- added|modified: '**/*.css'
- added|modified: '**/*.scss'
php:
- added|modified: '**/*.php'
#-----------------------------------------------------------------------------------------------------------------------
lint-json:
name: 'Lint: .json files'
needs: pre-run
# only run for changed .json files AND when it is a pull_request
# because 'github.base_ref' will not be available on push
if: needs.pre-run.outputs.changed-json == 'true' && github.base_ref != null
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Configure Composer cache
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Validate composer.json
run: composer --no-interaction validate --no-check-all
# - name: Validate package.json
# run: ...
# Dependency Review Action
#
# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
- name: Dependency Review
uses: actions/dependency-review-action@v3
- name: Install Composer dependencies
run: composer install --prefer-dist --optimize-autoloader --no-progress --no-interaction
- name: Normalize composer.json
run: composer normalize --dry-run
#-----------------------------------------------------------------------------------------------------------------------
lint-css:
name: 'Lint: CSS'
needs: pre-run
# only run for changed .php files AND when it is a pull_request
# because 'github.base_ref' will not be available on push
if: needs.pre-run.outputs.changed-css == 'true' && github.base_ref != null
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4.0.1
with:
# use the same version like WordPress/gutenberg
node-version: '16'
cache: npm
- name: Install Node dependencies
run: npm ci
env:
CI: true
- name: Validate package.json
run: npm run lint:pkg-json
- name: Detect CSS coding standard violations
run: npm run lint:css
#-----------------------------------------------------------------------------------------------------------------------
lint-js:
name: 'Lint: JS'
needs: pre-run
# only run for changed .php files AND when it is a pull_request
# because 'github.base_ref' will not be available on push
if: needs.pre-run.outputs.changed-js == 'true' && github.base_ref != null
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4.0.1
with:
# use the same version like WordPress/gutenberg
node-version: '16'
cache: npm
- name: Install Node dependencies
run: npm ci
env:
CI: true
- name: Validate package.json
run: npm run lint:pkg-json
- name: Detect ESLint coding standard violations
if: >
!( github.event.pull_request.head.repo.fork == true ||
github.event.pull_request.user.login == 'dependabot[bot]' )
run: npm run lint:js
- name: Generate ESLint coding standard violations report
# Prevent generating the ESLint report if PR is from a fork or authored by Dependabot.
if: >
! ( github.event.pull_request.head.repo.fork == true ||
github.event.pull_request.user.login == 'dependabot[bot]' )
run: npm run lint:js:report
continue-on-error: true
- name: Annotate code linting results
# The action cannot annotate the PR when run from a PR fork or was authored by Dependabot.
if: >
! ( github.event.pull_request.head.repo.fork == true ||
github.event.pull_request.user.login == 'dependabot[bot]' )
uses: ataylorme/eslint-annotate-action@2.2.0
with:
repo-token: '${{ secrets.GITHUB_TOKEN }}'
report-json: 'lint-js-report.json'
#-----------------------------------------------------------------------------------------------------------------------
lint-php:
name: 'Lint: PHP'
needs: pre-run
# only run for changed .php files AND when it is a pull_request
# because 'github.base_ref' will not be available on push
if: needs.pre-run.outputs.changed-php == 'true' && github.base_ref != null
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: 8.1
coverage: none
tools: cs2pr
- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Configure Composer cache
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install --prefer-dist --optimize-autoloader --no-progress --no-interaction
- name: Detect coding standard violations (PHPCS)
run: vendor/bin/phpcs -q --report=checkstyle --runtime-set ignore_errors_on_exit 1 --runtime-set ignore_warnings_on_exit 1 | cs2pr --graceful-warnings
#-----------------------------------------------------------------------------------------------------------------------
static-analysis-php:
name: 'Static Analysis: PHP'
runs-on: ubuntu-latest
needs: pre-run
# only run for changed .php files AND when it is a pull_request
# because 'github.base_ref' will not be available on push
if: needs.pre-run.outputs.changed-php == 'true' && github.base_ref != null
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
# phpstan requires PHP 7.1+.
php-version: 8.1
extensions: dom, iconv, json, libxml, zip
coverage: none
tools: cs2pr
- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Configure Composer cache
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Install Composer dependencies
run: composer install
- name: Static Analysis (PHPStan)
run: |
vendor/bin/phpstan --version
vendor/bin/phpstan analyse . --error-format=checkstyle | cs2pr