Improve GitHub workflow configurations

Improvements to GitHub workflow configurations:
- Fixes code style issues
- Improves naming of files, workflows and jobs
- Adds scheduled workflow for dependency validation
- Allows the check for outdated Symfony recipes to fail

Author: codedmonkey

.github/workflows/docker-build.yaml .github/workflows/images-build.yaml.github/workflows/docker-build.yaml renamed to .github/workflows/images-build.yaml

@@ -1,22 +1,20 @@
-name: Build image
+name: Build images
 
-on:
-  pull_request:
-  push:
+on: [pull_request, push]
 
 jobs:
-  build-image:
-    name: Test Docker build
+  build-standalone:
+    name: Standalone images
+
     runs-on: ubuntu-latest
+
     steps:
-      -
-        name: Set up Docker Buildx
+      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           driver: docker-container
 
-      -
-        name: Build Docker image
+      - name: Build images
         uses: docker/build-push-action@v6
         with:
           platforms: linux/amd64,linux/arm64

.github/workflows/docker-publish.yaml .github/workflows/images-publish.yaml.github/workflows/docker-publish.yaml renamed to .github/workflows/images-publish.yaml

@@ -1,31 +1,24 @@
-name: Publish image
+name: Publish images
 
 on:
   push:
-    tags:
-      - v*
+    tags: [v*]
   schedule:
-    -
-      cron:  "30 4 * * *"
+    - cron:  "30 4 * * *"
 
 jobs:
-  publish-image:
-    name: Publish Docker image
+  publish-standalone:
+    name: Standalone images
+
     runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      packages: write
-      attestations: write
+
     steps:
-      -
-        name: Set up Docker Buildx
+      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           driver: docker-container
 
-      -
-        name: Extract metadata for Docker
+      - name: Extract metadata for Docker
         id: meta
         uses: docker/metadata-action@v5
         with:
@@ -35,16 +28,14 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
 
-      -
-        name: Login to GitHub Packages
+      - name: Login to GitHub Packages
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      -
-        name: Build and push Docker image
+      - name: Build and publish images
         id: push
         uses: docker/build-push-action@v6
         with:
@@ -53,8 +44,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/amd64,linux/arm64
 
-      -
-        name: Generate artifact attestation
+      - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2
         with:
           subject-name: ghcr.io/${{ github.repository }}

.github/workflows/linting-dependencies.yaml

@@ -0,0 +1,51 @@
+name: Lint dependencies
+
+on:
+  pull_request:
+  push:
+  schedule:
+    - cron:  "30 4 * * *"
+
+jobs:
+  composer:
+    name: Composer
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install PHP with extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.3
+          tools: composer:v2
+
+      - name: Set Composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache Composer output
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install Composer dependencies
+        id: composer-install
+        run: composer install --ansi --no-interaction --no-progress
+
+      - name: Check if any Composer dependencies are compromised
+        if: always() && steps.composer-install.outcome == 'success'
+        run: composer audit --ansi
+
+      # This check always shows a success state, even when there are
+      # outdated recipes (due to `continue-on-error`). Please check
+      # the result when updating Composer dependencies.
+      # todo fail when composer.lock changed and there is an outdated recipe
+      - name: Check if any Symfony Flex recipes are outdated
+        if: always() && steps.composer-install.outcome == 'success'
+        continue-on-error: true
+        run: composer recipes --outdated --ansi

.github/workflows/lint.yaml .github/workflows/linting.yaml.github/workflows/lint.yaml renamed to .github/workflows/linting.yaml

@@ -1,18 +1,11 @@
 name: Lint code & configuration
 
-on:
-  pull_request:
-  push:
-
-env:
-  fail-fast: true
-
-permissions:
-  contents: read
+on: [pull_request, push]
 
 jobs:
   linters:
     name: Linters
+
     runs-on: ubuntu-latest
 
     steps:
@@ -22,8 +15,6 @@ jobs:
       - name: Install PHP with extensions
         uses: shivammathur/setup-php@v2
         with:
-          coverage: none
-          extensions: intl
           php-version: 8.3
           tools: composer:v2
 
@@ -38,56 +29,48 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
-      - name: Install dependencies
-        id: install
+      - name: Install Composer dependencies
+        id: composer-install
         run: composer install --ansi --no-interaction --no-progress
 
+      - name: Lint Composer configuration
+        if: always() && steps.composer-install.outcome == 'success'
+        run: composer validate --ansi
+        # todo enable strict mode, currently license is invalid
+        # run: composer validate --strict
+
       - name: Lint YAML files
-        if: always() && steps.install.outcome == 'success'
-        run: bin/console lint:yaml .github config translations --parse-tags
+        if: always() && steps.composer-install.outcome == 'success'
+        run: bin/console lint:yaml .github config translations --parse-tags --ansi
 
-      - name: Lint Twig templates
-        if: always() && steps.install.outcome == 'success'
-        run: bin/console lint:twig templates --env=prod
+      - name: Lint Symfony service container
+        if: always() && steps.composer-install.outcome == 'success'
+        run: bin/console lint:container --ansi
 
-      #- name: Lint XLIFF translation files
-      #  if: always() && steps.install.outcome == 'success'
-      #  run: bin/console lint:xliff translations
+      - name: Lint Twig templates
+        if: always() && steps.composer-install.outcome == 'success'
+        run: bin/console lint:twig templates --ansi
 
       #- name: Lint translation contents
-      #  if: always() && steps.install.outcome == 'success'
-      #  run: bin/console lint:translations
+      #  if: always() && steps.composer-install.outcome == 'success'
+      #  run: bin/console lint:translations --ansi
 
-      - name: Lint Parameters and Services
-        if: always() && steps.install.outcome == 'success'
-        run: bin/console lint:container --no-debug
-
-      - name: Lint Composer config
-        if: always() && steps.install.outcome == 'success'
-        run: composer validate
-        # todo enable strict mode, currently license is invalid
-        # run: composer validate --strict
-
-      - name: Check if any dependencies are compromised
-        if: always() && steps.install.outcome == 'success'
-        run: composer audit
-
-      - name: Check if any Symfony recipes are outdated
-        if: always() && steps.install.outcome == 'success'
-        run: composer recipes --outdated --no-interaction
+      #- name: Lint XLIFF translation files
+      #  if: always() && steps.composer-install.outcome == 'success'
+      #  run: bin/console lint:xliff translations --ansi
 
   php-cs-fixer:
     name: PHP-CS-Fixer
+
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
       - name: Install PHP with extensions
         uses: shivammathur/setup-php@v2
         with:
-          coverage: none
-          extensions: intl
           php-version: 8.3
           tools: composer:v2
 
@@ -102,15 +85,15 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
-      - name: Install dependencies
-        id: install
+      - name: Install Composer dependencies
         run: composer install --ansi --no-interaction --no-progress
 
-      - name: PHP-CS-Fixer
-        run: ./vendor/bin/php-cs-fixer fix --diff --dry-run
+      - name: Run PHP-CS-Fixer
+        run: vendor/bin/php-cs-fixer fix --diff --dry-run --ansi --show-progress none
 
   phpstan:
     name: PHPStan
+
     runs-on: ubuntu-latest
 
     steps:
@@ -120,8 +103,6 @@ jobs:
       - name: Install PHP with extensions
         uses: shivammathur/setup-php@v2
         with:
-          coverage: none
-          extensions: intl
           php-version: 8.3
           tools: composer:v2
 
@@ -136,10 +117,8 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
-      - name: Install dependencies
-        id: install
+      - name: Install Composer dependencies
         run: composer install --ansi --no-interaction --no-progress
 
       - name: Run PHPStan
-        if: always() && steps.install.outcome == 'success'
-        run: ./vendor/bin/phpstan analyze
+        run: vendor/bin/phpstan analyze --ansi --no-progress

.github/workflows/tests-docker.yaml .github/workflows/tests-images.yaml.github/workflows/tests-docker.yaml renamed to .github/workflows/tests-images.yaml

@@ -1,22 +1,15 @@
 name: Run image tests
 
-on:
-  pull_request:
-  push:
+on: [pull_request, push]
 
 env:
-  fail-fast: true
   GITHUB_TOKEN: ${{ github.token }}
-  PHPUNIT_FLAGS: ""
-
-permissions:
-  contents: read
 
 jobs:
-  phpunit:
-    name: Testcontainers
+  testcontainers:
+    name: Testcontainers (Standalone)
+
     runs-on: ubuntu-latest
-    continue-on-error: false
 
     steps:
       - name: Checkout code
@@ -34,8 +27,6 @@ jobs:
       - name: Install PHP with extensions
         uses: shivammathur/setup-php@v2
         with:
-          coverage: none
-          extensions: intl, mbstring, zip
           php-version: 8.3
           tools: composer:v2
 
@@ -45,7 +36,6 @@ jobs:
       - name: Set Composer cache directory
         id: composer-cache
         run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
-        shell: bash
 
       - name: Cache Composer output
         uses: actions/cache@v4
@@ -60,5 +50,5 @@ jobs:
       - name: PHPUnit version
         run: bin/phpunit --version
 
-      - name: Run tests
-        run: bin/phpunit --configuration phpunit.docker.xml ${{ env.PHPUNIT_FLAGS }}
+      - name: Run PHPUnit
+        run: bin/phpunit --configuration phpunit.docker.xml --no-progress