Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion .github/workflows/cgl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
branches:
- main

permissions:
contents: read

jobs:
prepare:
name: Prepare workflow
Expand All @@ -16,10 +19,12 @@ jobs:
runs-on: ubuntu-latest
needs: prepare
if: needs.prepare.outputs.continue == 'true'
permissions:
security-events: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Prepare environment
- name: Setup PHP
Expand Down Expand Up @@ -76,3 +81,7 @@ jobs:
# Migration
- name: Run Rector migration
run: composer migration:rector -- --dry-run

# Zizmor
- name: Run zizmor
uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
36 changes: 22 additions & 14 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,19 @@ on:
- '*'
workflow_dispatch:

env:
REF_NAME: ${{ github.ref_name }}

jobs:
phar:
name: Compile PHAR
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Prepare environment
- name: Setup PHP
Expand All @@ -28,6 +33,7 @@ jobs:
uses: ramsey/composer-install@5c2bcf28d7b060ef3c601d7b476d5430a7b46c27 #v4
with:
composer-options: "--no-dev"
ignore-cache: true
- name: Compile PHAR
run: ./tools/box compile --with-docker

Expand All @@ -54,16 +60,19 @@ jobs:
name: Docker deploy
runs-on: ubuntu-latest
needs: phar
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Check if tag is valid
- name: Check tag
if: ${{ github.event_name != 'workflow_dispatch' }}
run: |
if ! [[ ${{ github.ref }} =~ ^refs/tags/[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then
if ! [[ "$REF_NAME" =~ ^\d+\.\d+\.\d+$ ]]; then
exit 1
fi

Expand All @@ -86,7 +95,7 @@ jobs:
tags: |
type=raw,value=latest,enable=${{ github.event_name != 'workflow_dispatch' }}
type=semver,pattern={{version}}
type=raw,value=${{ github.ref_name }},enable=${{ github.event_name == 'workflow_dispatch' }}
type=raw,value=${{ env.REF_NAME }},enable=${{ github.event_name == 'workflow_dispatch' }}

# Prepare build
- name: Set up QEMU
Expand Down Expand Up @@ -126,8 +135,6 @@ jobs:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}

# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
contents: read
pages: write
Expand All @@ -141,14 +148,14 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Prepare environment
- name: Setup Node
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: 24
cache: npm
package-manager-cache: false
- name: Setup PHP
uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # v2
with:
Expand Down Expand Up @@ -201,15 +208,17 @@ jobs:
if: ${{ github.event_name != 'workflow_dispatch' }}
runs-on: ubuntu-latest
needs: phar
permissions:
contents: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Check if tag is valid
- name: Check tag
run: |
if ! [[ ${{ github.ref }} =~ ^refs/tags/[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then
if ! [[ "${REF_NAME}" =~ ^\d+\.\d+\.\d+$ ]]; then
exit 1
fi

Expand All @@ -223,7 +232,6 @@ jobs:

# Create release
- name: Create release
uses: ncipollo/release-action@339a81892b84b4eeb0f6e744e4574d79d0d9b8dd # v1
with:
generateReleaseNotes: true
artifacts: .build/cache-warmup.phar,.build/cache-warmup.phar.asc
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release create "${REF_NAME}" --generate-notes .build/cache-warmup.phar .build/cache-warmup.phar.asc
11 changes: 7 additions & 4 deletions .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
branches:
- main

permissions:
contents: read

jobs:
prepare:
name: Prepare workflow
Expand All @@ -33,7 +36,7 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Prepare environment
- name: Setup PHP
Expand Down Expand Up @@ -62,7 +65,7 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Prepare environment
- name: Setup PHP
Expand Down Expand Up @@ -101,7 +104,7 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Download artifact
- name: Download coverage artifact
Expand All @@ -124,7 +127,7 @@ jobs:
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 0
persist-credentials: false

# Prepare environment
- name: Setup PHP
Expand Down
Loading