Improve GitHub workflow configurations

Improvements to GitHub workflow configurations:
- Fixes code style issues
- Improves naming of files, workflows and jobs
- Adds scheduled workflow for dependency validation
- Allows the check for outdated Symfony recipes to fail

Author: codedmonkey

.github/workflows/docker-build.yaml .github/workflows/images-build.yaml.github/workflows/docker-build.yaml renamed to .github/workflows/images-build.yaml

@@ -1,22 +1,18 @@
-name: Build image
+name: Build images
 
-on:
-  pull_request:
-  push:
+on: [pull_request, push]
 
 jobs:
-  build-image:
-    name: Test Docker build
+  build-standalone:
+    name: Standalone images
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Set up Docker Buildx
+      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           driver: docker-container
 
-      -
-        name: Build Docker image
+      - name: Build images
         uses: docker/build-push-action@v6
         with:
           platforms: linux/amd64,linux/arm64

.github/workflows/docker-publish.yaml .github/workflows/images-publish.yaml.github/workflows/docker-publish.yaml renamed to .github/workflows/images-publish.yaml

@@ -1,31 +1,27 @@
-name: Publish image
+name: Publish images
 
 on:
   push:
-    tags:
-      - v*
+    tags: [v*]
   schedule:
-    -
-      cron:  "30 4 * * *"
+    - cron:  "30 4 * * *"
 
 jobs:
-  publish-image:
-    name: Publish Docker image
+  publish-standalone:
+    name: Standalone images
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
       packages: write
       attestations: write
     steps:
-      -
-        name: Set up Docker Buildx
+      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           driver: docker-container
 
-      -
-        name: Extract metadata for Docker
+      - name: Extract metadata for Docker
         id: meta
         uses: docker/metadata-action@v5
         with:
@@ -35,16 +31,14 @@ jobs:
             type=semver,pattern={{version}}
             type=semver,pattern={{major}}.{{minor}}
 
-      -
-        name: Login to GitHub Packages
+      - name: Login to GitHub Packages
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      -
-        name: Build and push Docker image
+      - name: Build and publish images
         id: push
         uses: docker/build-push-action@v6
         with:
@@ -53,8 +47,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/amd64,linux/arm64
 
-      -
-        name: Generate artifact attestation
+      - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v2
         with:
           subject-name: ghcr.io/${{ github.repository }}

.github/workflows/linting-dependencies.yaml

@@ -0,0 +1,50 @@
+name: Lint dependencies
+
+on:
+  pull_request:
+  push:
+  schedule:
+    - cron:  "30 4 * * *"
+
+jobs:
+  dependencies:
+    name: Composer
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install PHP with extensions
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.3
+          tools: composer:v2
+
+      - name: Set Composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache Composer output
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-
+
+      - name: Install dependencies
+        id: install
+        run: composer install --ansi --no-interaction --no-progress
+
+      - name: Check if any Composer dependencies are compromised
+        if: always() && steps.install.outcome == 'success'
+        run: composer audit --ansi
+
+      # This check always shows a success state (due to `continue-on-error`),
+      # even when there are outdated recipes. Please check the result when
+      # updating Composer dependencies.
+      # todo fail when composer.lock changed and there is an outdated recipe
+      - name: Check if any Symfony recipes are outdated
+        if: always() && steps.install.outcome == 'success'
+        continue-on-error: true
+        run: composer recipes --outdated

.github/workflows/lint.yaml .github/workflows/linting.yaml.github/workflows/lint.yaml renamed to .github/workflows/linting.yaml

@@ -1,14 +1,6 @@
 name: Lint code & configuration
 
-on:
-  pull_request:
-  push:
-
-env:
-  fail-fast: true
-
-permissions:
-  contents: read
+on: [pull_request, push]
 
 jobs:
   linters:
@@ -22,8 +14,6 @@ jobs:
       - name: Install PHP with extensions
         uses: shivammathur/setup-php@v2
         with:
-          coverage: none
-          extensions: intl
           php-version: 8.3
           tools: composer:v2
 
@@ -42,39 +32,31 @@ jobs:
         id: install
         run: composer install --ansi --no-interaction --no-progress
 
+      - name: Lint Composer configuration
+        if: always() && steps.install.outcome == 'success'
+        run: composer validate --ansi
+        # todo enable strict mode, currently license is invalid
+        # run: composer validate --strict
+
       - name: Lint YAML files
         if: always() && steps.install.outcome == 'success'
         run: bin/console lint:yaml .github config translations --parse-tags
 
-      - name: Lint Twig templates
+      - name: Lint Symfony service container
         if: always() && steps.install.outcome == 'success'
-        run: bin/console lint:twig templates --env=prod
+        run: bin/console lint:container
 
-      #- name: Lint XLIFF translation files
-      #  if: always() && steps.install.outcome == 'success'
-      #  run: bin/console lint:xliff translations
+      - name: Lint Twig templates
+        if: always() && steps.install.outcome == 'success'
+        run: bin/console lint:twig templates
 
       #- name: Lint translation contents
       #  if: always() && steps.install.outcome == 'success'
       #  run: bin/console lint:translations
 
-      - name: Lint Parameters and Services
-        if: always() && steps.install.outcome == 'success'
-        run: bin/console lint:container --no-debug
-
-      - name: Lint Composer config
-        if: always() && steps.install.outcome == 'success'
-        run: composer validate
-        # todo enable strict mode, currently license is invalid
-        # run: composer validate --strict
-
-      - name: Check if any dependencies are compromised
-        if: always() && steps.install.outcome == 'success'
-        run: composer audit
-
-      - name: Check if any Symfony recipes are outdated
-        if: always() && steps.install.outcome == 'success'
-        run: composer recipes --outdated --no-interaction
+      #- name: Lint XLIFF translation files
+      #  if: always() && steps.install.outcome == 'success'
+      #  run: bin/console lint:xliff translations
 
   php-cs-fixer:
     name: PHP-CS-Fixer
@@ -86,8 +68,6 @@ jobs:
       - name: Install PHP with extensions
         uses: shivammathur/setup-php@v2
         with:
-          coverage: none
-          extensions: intl
           php-version: 8.3
           tools: composer:v2
 
@@ -107,7 +87,7 @@ jobs:
         run: composer install --ansi --no-interaction --no-progress
 
       - name: PHP-CS-Fixer
-        run: ./vendor/bin/php-cs-fixer fix --diff --dry-run
+        run: vendor/bin/php-cs-fixer fix --diff --dry-run
 
   phpstan:
     name: PHPStan
@@ -120,8 +100,6 @@ jobs:
       - name: Install PHP with extensions
         uses: shivammathur/setup-php@v2
         with:
-          coverage: none
-          extensions: intl
           php-version: 8.3
           tools: composer:v2
 
@@ -142,4 +120,4 @@ jobs:
 
       - name: Run PHPStan
         if: always() && steps.install.outcome == 'success'
-        run: ./vendor/bin/phpstan analyze
+        run: vendor/bin/phpstan analyze

.github/workflows/tests-docker.yaml .github/workflows/tests-images.yaml.github/workflows/tests-docker.yaml renamed to .github/workflows/tests-images.yaml

@@ -1,20 +1,14 @@
 name: Run image tests
 
-on:
-  pull_request:
-  push:
+on: [pull_request, push]
 
 env:
-  fail-fast: true
   GITHUB_TOKEN: ${{ github.token }}
   PHPUNIT_FLAGS: ""
 
-permissions:
-  contents: read
-
 jobs:
-  phpunit:
-    name: Testcontainers
+  testcontainers:
+    name: Testcontainers (Standalone)
     runs-on: ubuntu-latest
     continue-on-error: false
 
@@ -34,8 +28,6 @@ jobs:
       - name: Install PHP with extensions
         uses: shivammathur/setup-php@v2
         with:
-          coverage: none
-          extensions: intl, mbstring, zip
           php-version: 8.3
           tools: composer:v2