Skip to content

[ci] Fix GitHub Actions workflow caching and auto-assign/label-sync configuration (#36) #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
coisa merged 17 commits into from
Apr 11, 2026
Merged

[ci] Fix GitHub Actions workflow caching and auto-assign/label-sync configuration (#36) #35

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
90acbcc
refactor(workflows): simplify Composer caching in reports, tests, and…
coisa Apr 11, 2026
a6803ae
feat(workflows): optimize Composer install arguments for reports, tes…
coisa Apr 11, 2026
e43c41e
refactor(workflows): standardize Composer install arguments across re…
coisa Apr 11, 2026
d34f75f
refactor(workflows): separate command and args for Composer installat…
coisa Apr 11, 2026
1a6ec26
feat(workflows): add auto-assign workflow for PR authors
coisa Apr 11, 2026
985aadd
feat(workflows): add workflow_dispatch trigger to auto-assign workflow
coisa Apr 11, 2026
7952368
feat(workflows): add 'synchronize' event to pull_request_target trigg…
coisa Apr 11, 2026
c7638bb
feat(workflows): add Composer audit step to PHPUnit tests workflow
coisa Apr 11, 2026
4f50414
Add label-sync workflow that copies issue labels to PRs
coisa Apr 11, 2026
d68a088
Fix label-sync reusable workflow to match other resources patterns
coisa Apr 11, 2026
02052b3
feat(workflows): update condition for label sync job to include non-w…
coisa Apr 11, 2026
e00250d
Potential fix for pull request finding 'CodeQL / Code injection'
coisa Apr 11, 2026
a96f99b
Potential fix for pull request finding 'CodeQL / Code injection'
coisa Apr 11, 2026
4235118
fix(workflows): corrigir nome do workflow para 'Pull Request Label Sync'
coisa Apr 11, 2026
cc91437
fix(workflows): simplify the extraction of the issue number in the la…
coisa Apr 11, 2026
305a8fd
fix(workflows): improve the extraction of the issue number in the lab…
coisa Apr 11, 2026
6c039dd
Fix label-sync to specify repo and add checkout step
coisa Apr 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .github/workflows/auto-assign.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Auto assign PR author

on:
issues:
types: [ opened, reopened ]
pull_request_target:
types: [ opened, reopened, synchronize ]
workflow_call:

permissions:
issues: write
pull-requests: write

jobs:
assign-author:
runs-on: ubuntu-latest
steps:
- name: Auto assign PR author
uses: toshimaru/auto-author-assign@v3.0.1
with:
repo-token: ${{ github.token }}
50 changes: 50 additions & 0 deletions .github/workflows/label-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: PR Label Sync

on:
pull_request_target:
types: [opened, reopened, synchronize]
pull_request:
types: [opened, reopened, synchronize]
workflow_call:
inputs:
copy_issue_labels:
type: boolean
default: true
description: "Copy labels from linked issue"

permissions:
contents: read
pull-requests: write

jobs:
copy-issue-labels:
if: inputs.copy_issue_labels == true
runs-on: ubuntu-latest
steps:
- name: Extract issue number from PR
id: extract-issue
run: |
BODY='${{ github.event.pull_request.body }}'

Check failure

Code scanning / CodeQL

Code injection Critical

Potential code injection in
${ github.event.pull_request.body }
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).
Comment thread
coisa marked this conversation as resolved.
Fixed
TITLE='${{ github.event.pull_request.title }}'

Check failure

Code scanning / CodeQL

Code injection Critical

Potential code injection in
${ github.event.pull_request.title }
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).
Comment thread
coisa marked this conversation as resolved.
Fixed

ISSUE=$(echo "$BODY $TITLE" | \
grep -oE '(closes|fixes|resolves|addresses)\s+#[[:digit:]]+' | \
grep -oE '#[[:digit:]]+' | head -1 | tr -d '#')

if [ -n "$ISSUE" ]; then
echo "issue_number=$ISSUE" >> "$GITHUB_OUTPUT"
fi

- name: Copy labels from issue to PR
if: steps.extract-issue.outputs.issue_number != ''
run: |
ISSUE_NUM=${{ steps.extract-issue.outputs.issue_number }}
Comment thread
github-advanced-security[bot] marked this conversation as resolved.
Fixed
PR_NUM=${{ github.event.pull_request.number }}

LABELS=$(gh issue view "$ISSUE_NUM" --json labels --jq '.labels[].name')

for label in $LABELS; do
gh pr edit "$PR_NUM" --add-label "$label" 2>/dev/null || true
done
env:
GH_TOKEN: ${{ github.token }}
16 changes: 7 additions & 9 deletions .github/workflows/reports.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,25 +22,23 @@ jobs:
steps:
- uses: actions/checkout@v6

- name: Get Composer Cache Directory
id: composer-cache
run: |
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT

- name: Cache Composer dependencies
uses: actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
restore-keys: |
${{ runner.os }}-composer-
path: /tmp/composer-cache
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-

- name: Install dependencies
uses: php-actions/composer@v6
env:
COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ github.token }}"} }'
COMPOSER_CACHE_DIR: /tmp/composer-cache
with:
php_version: '8.3'
command: 'install'
args: '--prefer-dist --no-progress --no-interaction --no-plugins --no-scripts'

- name: Generate reports
uses: php-actions/composer@v6
Expand Down
22 changes: 13 additions & 9 deletions .github/workflows/tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,25 +38,29 @@ jobs:
steps:
- uses: actions/checkout@v6

- name: Get Composer Cache Directory
id: composer-cache
run: |
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT

- name: Cache Composer dependencies
uses: actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
restore-keys: |
${{ runner.os }}-composer-
path: /tmp/composer-cache
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-

- name: Install dependencies
uses: php-actions/composer@v6
env:
COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ github.token }}"} }'
COMPOSER_CACHE_DIR: /tmp/composer-cache
with:
php_version: ${{ matrix.php-version }}
command: 'install'
args: '--prefer-dist --no-progress --no-interaction --no-plugins --no-scripts'

- name: Composer Audit
uses: php-actions/composer@v6
with:
php_version: ${{ matrix.php-version }}
command: 'audit'

- name: Resolve minimum coverage
id: minimum-coverage
Expand Down
13 changes: 6 additions & 7 deletions .github/workflows/wiki.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,24 +26,23 @@ jobs:
submodules: recursive
fetch-depth: 0

- name: Get Composer Cache Directory
id: composer-cache
run: echo "dir=$(composer config cache-files-dir)" >> "$GITHUB_OUTPUT"

- name: Cache Composer dependencies
uses: actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
path: /tmp/composer-cache
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-composer-

- name: Install dependencies
uses: php-actions/composer@v6
env:
COMPOSER_AUTH: '{"github-oauth": {"github.com": "${{ github.token }}"} }'
COMPOSER_CACHE_DIR: /tmp/composer-cache
with:
php_version: '8.3'
command: 'install'
args: '--prefer-dist --no-progress --no-interaction --no-plugins --no-scripts'

- name: Create Docs Markdown
uses: php-actions/composer@v6
Expand Down Expand Up @@ -80,4 +79,4 @@ jobs:
message: "Update wiki submodule pointer"
default_author: github_actions
pull: "--rebase --autostash"
push: true
push: true
14 changes: 14 additions & 0 deletions resources/github-actions/auto-assign.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: Auto assign

on:
pull_request_target:
types: [opened, reopened, synchronize]
issues:
types: [opened, reopened]

jobs:
auto-assign:
permissions:
issues: write
pull-requests: write
uses: php-fast-forward/dev-tools/.github/workflows/auto-assign.yml@main
13 changes: 13 additions & 0 deletions resources/github-actions/label-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
name: Label sync

on:
pull_request_target:
types: [opened, reopened, synchronize]
issues:
types: [opened, reopened]

jobs:
label-sync:
permissions:
pull-requests: write
uses: php-fast-forward/dev-tools/.github/workflows/label-sync.yml@main
Loading