-
Notifications
You must be signed in to change notification settings - Fork 0
212 lines (173 loc) · 7.46 KB
/
code-quality.yml
File metadata and controls
212 lines (173 loc) · 7.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
name: Code Quality
# ARFA 1.3 / KaririCode Spec V4.0 — Parallel Quality Gates
# Runs 5 parallel jobs with a quality-summary gate job.
# Triggers: main, develop, feature branches, PRs, and manual dispatch.
on:
push:
branches:
- main
- develop
- 'feature/**'
pull_request:
branches:
- main
- develop
workflow_dispatch:
jobs:
# ============================================================================
# DEPENDENCY VALIDATION (Spec V4.0 — contract compliance)
# Validates that composer.json is valid and platform requirements are met.
# ============================================================================
dependencies:
name: Dependency Validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: shivammathur/setup-php@v2
with:
php-version: '8.4'
tools: composer:v2
coverage: none
- name: Validate composer.json
run: composer validate --strict --no-check-lock
- name: Install dependencies
run: composer install --prefer-dist --no-progress --no-scripts
- name: Check platform requirements
run: composer check-platform-reqs
# ============================================================================
# SECURITY AUDIT (ARFA 1.3 — resilience pillar)
# Uses native composer audit — no deprecated security-checker.
# ============================================================================
security:
name: Security Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: shivammathur/setup-php@v2
with:
php-version: '8.4'
tools: composer:v2
coverage: none
- name: Install dependencies
run: composer install --prefer-dist --no-progress --no-scripts
- name: Run composer audit
run: composer audit --format=plain
# ============================================================================
# STATIC ANALYSIS (Spec V4.0 S14 — Type Safety)
# kcode analyse runs PHPStan Level 9 + Psalm (100% type inference).
# Both tools must pass with zero errors — enforced by kcode exit code.
# ============================================================================
analyse:
name: Static Analysis — PHPStan L9 + Psalm
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: shivammathur/setup-php@v2
with:
php-version: '8.4'
extensions: mbstring, xml
coverage: none
tools: composer:v2
- name: Install dependencies
run: composer install --prefer-dist --no-progress --no-scripts
- name: Install kcode
run: |
wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
chmod +x kcode.phar
sudo mv kcode.phar /usr/local/bin/kcode
- name: Initialize devkit
run: kcode init
# src/Contract was removed in v4 — patch the generated phpstan.neon
- name: Patch phpstan.neon (remove stale excludePaths)
run: |
sed -i '/excludePaths:/,/- \.\.\/src\/Contract/d' .kcode/phpstan.neon
# Runs PHPStan Level 9 then Psalm sequentially — both must pass
- name: Run PHPStan + Psalm via kcode
run: kcode analyse
# ============================================================================
# CODE STYLE (ARFA 1.3 Naming / Formatting Standards)
# kcode cs:fix enforces PSR-12 + PHP 8.4 migrations + KaririCode rules.
# --check: dry-run only — fails if any violation exists.
# ============================================================================
cs-fixer:
name: Code Style — PHP CS Fixer
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: shivammathur/setup-php@v2
with:
php-version: '8.4'
extensions: mbstring, xml
coverage: none
tools: composer:v2
- name: Install dependencies
run: composer install --prefer-dist --no-progress --no-scripts
- name: Install kcode
run: |
wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
chmod +x kcode.phar
sudo mv kcode.phar /usr/local/bin/kcode
- name: Initialize devkit
run: kcode init
- name: Check code style (dry-run)
run: kcode cs:fix --check
# ============================================================================
# UNIT & INTEGRATION TESTS (ARFA 1.3 §Testing — Zero Tolerance)
# pcov is the mandatory driver (performance + accuracy over Xdebug).
# Requires: 0 failures, 0 errors, 0 warnings, 0 risky tests.
# Target: 128 tests / 234 assertions (processor-pipeline baseline).
# ============================================================================
tests:
name: PHPUnit — 128 Tests (pcov)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: shivammathur/setup-php@v2
with:
php-version: '8.4'
extensions: mbstring, xml
coverage: pcov
tools: composer:v2
- name: Install dependencies
run: composer install --prefer-dist --no-progress --no-scripts
- name: Install kcode
run: |
wget -q https://github.com/KaririCode-Framework/kariricode-devkit/releases/latest/download/kcode.phar
chmod +x kcode.phar
sudo mv kcode.phar /usr/local/bin/kcode
- name: Initialize devkit
run: kcode init
- name: Run tests with coverage (pcov)
run: kcode test --coverage
# ============================================================================
# QUALITY SUMMARY — Gate job (if: always())
# Aggregates all job results and fails the workflow if any check failed.
# Posts a markdown summary to the GitHub Actions run.
# ============================================================================
quality-summary:
name: Quality Summary
runs-on: ubuntu-latest
needs: [dependencies, security, analyse, cs-fixer, tests]
if: always()
steps:
- name: Post quality summary
run: |
echo "## KaririCode ProcessorPipeline — Quality Report (ARFA 1.3)" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "| Check | Result |" >> "$GITHUB_STEP_SUMMARY"
echo "|-------|--------|" >> "$GITHUB_STEP_SUMMARY"
echo "| Dependency Validation | ${{ needs.dependencies.result }} |" >> "$GITHUB_STEP_SUMMARY"
echo "| Security Audit | ${{ needs.security.result }} |" >> "$GITHUB_STEP_SUMMARY"
echo "| Static Analysis (PHPStan L9 + Psalm) | ${{ needs.analyse.result }} |" >> "$GITHUB_STEP_SUMMARY"
echo "| Code Style (CS Fixer) | ${{ needs.cs-fixer.result }} |" >> "$GITHUB_STEP_SUMMARY"
echo "| PHPUnit Tests (128 / pcov) | ${{ needs.tests.result }} |" >> "$GITHUB_STEP_SUMMARY"
if [ "${{ needs.security.result }}" != "success" ] || \
[ "${{ needs.analyse.result }}" != "success" ] || \
[ "${{ needs.cs-fixer.result }}" != "success" ] || \
[ "${{ needs.tests.result }}" != "success" ]; then
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "❌ One or more quality gates failed. Merge blocked." >> "$GITHUB_STEP_SUMMARY"
exit 1
fi
echo "" >> "$GITHUB_STEP_SUMMARY"
echo "✅ All quality gates passed — ARFA 1.3 compliant." >> "$GITHUB_STEP_SUMMARY"