Update the workflow and tests; support > 2.3

Author: ghalse

.github/dependabot.yml

@@ -0,0 +1,41 @@
+---
+
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"  # See documentation for possible values
+    directory: "/"  # Location of package manifests
+    schedule:
+      interval: "monthly"
+    groups:
+      all-actions:
+        patterns: ["*"]
+
+  - package-ecosystem: "composer"  # See documentation for possible values
+    directory: "/"  # Location of package manifests
+    schedule:
+      interval: "monthly"
+    allow:
+      # Allow both direct and indirect updates for all packages
+      - dependency-type: "all"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+        exclude-patterns:
+          - "symfony/*"
+          - "simplesamlphp/*"
+      development-dependencies:
+        dependency-type: "development"
+      simplesamlphp:
+        patterns:
+          - "simplesamlphp/*"
+      symfony:
+        patterns:
+          - "symfony/*"

.github/workflows/php.yml

@@ -8,56 +8,68 @@ on:  # yamllint disable-line rule:truthy
     paths-ignore:
       - '**.md'
   pull_request:
-    branches: [master, release-*]
+    branches: [main, release-*]
     paths-ignore:
       - '**.md'
   workflow_dispatch:
 
 jobs:
+  phplinter:
+    name: 'PHP-Linter'
+    strategy:
+      fail-fast: false
+      matrix:
+        php-version: ['8.1', '8.2', '8.3', '8.4']
+
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_phplinter.yml@v1.10.0
+    with:
+      php-version: ${{ matrix.php-version }}
+
   linter:
-    name: Linter
-    runs-on: ['ubuntu-latest']
+    name: 'Linter'
+    strategy:
+      fail-fast: false
 
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Lint Code Base
-        uses: github/super-linter/slim@v4
-        env:
-          LOG_LEVEL: NOTICE
-          VALIDATE_ALL_CODEBASE: true
-          LINTER_RULES_PATH: 'tools/linters'
-          VALIDATE_CSS: true
-          VALIDATE_JAVASCRIPT_ES: true
-          VALIDATE_JSON: true
-          VALIDATE_PHP_BUILTIN: true
-          VALIDATE_YAML: true
-          VALIDATE_XML: true
-          VALIDATE_GITHUB_ACTIONS: true
-          GITHUB_ACTIONS_COMMAND_ARGS: '-ignore SC2016:'
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_linter.yml@v1.10.0
+    with:
+      enable_eslinter: false
+      enable_jsonlinter: true
+      enable_stylelinter: false
+      enable_yamllinter: true
 
-  quality:
-    name: Quality control
-    runs-on: [ubuntu-latest]
+  unit-tests-linux:
+    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
+    runs-on: ${{ matrix.operating-system }}
+    needs: [phplinter, linter]
+    strategy:
+      fail-fast: false
+      matrix:
+        operating-system: [ubuntu-latest]
+        php-versions: ['8.1', '8.2', '8.3', '8.4']
 
     steps:
       - name: Setup PHP, with composer and extensions
-        id: setup-php
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
-          # Should be the higest supported version, so we can use the newest tools
-          php-version: '8.2'
-          tools: composer, composer-require-checker, composer-unused, phpcs, psalm
-          # optional performance gain for psalm: opcache
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, opcache, openssl, pcre, posix, spl, xml
+          php-version: ${{ matrix.php-versions }}
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xdebug, xml
+          tools: composer
+          ini-values: error_reporting=E_ALL, pcov.directory=.
+          coverage: pcov
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
-      - uses: actions/checkout@v4
+      - name: Setup problem matchers for PHPUnit
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+
+      - name: Set git to use LF
+        run: |
+          git config --global core.autocrlf false
+          git config --global core.eol lf
+
+      - uses: actions/checkout@v5
 
       - name: Get composer cache directory
         run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -69,61 +81,43 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
-      - name: Validate composer.json and composer.lock
-        run: composer validate
-
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Check code for hard dependencies missing in composer.json
-        run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json
-
-      - name: Check code for unused dependencies in composer.json
-        run: composer-unused
-
-      - name: PHP Code Sniffer
-        run: phpcs
-
-      - name: Psalm
-        continue-on-error: true
-        run: |
-          psalm -c psalm.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+      - name: Run unit tests with coverage
+        if: ${{ matrix.php-versions == '8.4' }}
+        run: vendor/bin/phpunit --exclude-group skipOnGithub
 
-      - name: Psalm (testsuite)
-        run: |
-          psalm -c psalm-dev.xml \
-          --show-info=true \
-          --shepherd \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+      - name: Run unit tests (no coverage)
+        if: ${{ matrix.php-versions != '8.4' }}
+        run: vendor/bin/phpunit --exclude-group skipOnGithub --no-coverage
 
-      - name: Psalter
-        run: |
-          psalm --alter \
-          --issues=UnnecessaryVarAnnotation \
-          --dry-run \
-          --php-version=${{ steps.setup-php.outputs.php-version }}
+      - name: Save coverage data
+        if: ${{ matrix.php-versions == '8.4' }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-data
+          path: ${{ github.workspace }}/build
 
-  security:
-    name: Security checks
+  quality:
+    name: Quality control
     runs-on: [ubuntu-latest]
+
     steps:
       - name: Setup PHP, with composer and extensions
+        id: setup-php
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
-          # Should be the lowest supported version
-          php-version: '8.0'
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
-          tools: composer
-          coverage: none
+          # Should be the higest supported version, so we can use the newest tools
+          php-version: '8.4'
+          tools: composer, composer-require-checker, composer-unused
+          extensions: ctype, date, dom, filter, hash, intl, mbstring, opcache, openssl, pcre, spl, xml
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Get composer cache directory
         run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -135,76 +129,49 @@ jobs:
           key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
           restore-keys: ${{ runner.os }}-composer-
 
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Security check for locked dependencies
-        run: composer audit
+      - name: Check code for hard dependencies missing in composer.json
+        run: composer-require-checker check --config-file tools/composer-require-checker.json composer.json
 
-      - name: Update Composer dependencies
-        run: composer update --no-progress --prefer-dist --optimize-autoloader
+      - name: Check code for unused dependencies in composer.json
+        run: |
+          composer-unused \
+            --excludePackage=simplesamlphp/simplesamlphp-assets-jquery
 
-      - name: Security check for updated dependencies
-        run: composer audit
+      - name: PHP Code Sniffer
+        run: vendor/bin/phpcs
 
-  unit-tests-linux:
-    name: "Unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}"
-    runs-on: ${{ matrix.operating-system }}
-    needs: [linter, quality, security]
-    strategy:
-      fail-fast: false
-      matrix:
-        operating-system: [ubuntu-latest]
-        php-versions: ['8.0', '8.1', '8.2']
+      - name: PHPStan
+        run: |
+          vendor/bin/phpstan analyze -c phpstan.neon --debug
 
-    steps:
-      - name: Setup test MySQL database
+      - name: PHPStan (testsuite)
         run: |
-          sudo systemctl start mysql.service
-          mysql -uroot -proot -e 'CREATE DATABASE IF NOT EXISTS simplesamlphp;'
-          mysql -uroot -proot -e '
-            CREATE TABLE IF NOT EXISTS `AttributeFromSQL` (
-              `id` INT UNSIGNED NOT NULL AUTO_INCREMENT,
-              `uid` VARCHAR(100) NOT NULL,
-              `sp` VARCHAR(250) DEFAULT "%",
-              `attribute` VARCHAR(30) NOT NULL,
-              `value` TEXT,
-              `expires` DATE DEFAULT "9999-12-31",
-              PRIMARY KEY (`id`)
-            ) DEFAULT CHARSET=utf8;
-            CREATE USER IF NOT EXISTS `phpunit`@`localhost` IDENTIFIED BY "phpunit";
-            GRANT ALL ON `simplesamlphp`.* TO `phpunit`@`localhost`;
-          ' simplesamlphp
-          mysql -uroot -proot -e "
-            INSERT INTO AttributeFromSQL (uid, sp, attribute, value) VALUES ('user@example.org', '%', 'eduPersonEntitlement', 'urn:mace:exampleIdP.org:demoservice:demo-admin');
-            INSERT INTO AttributeFromSQL (uid, sp, attribute, value) VALUES ('user@example.org', 'https://idp.example.org/idp/shibboleth', 'eduPersonEntitlement', 'urn:mace:grnet.gr:eduroam:admin');
-            INSERT INTO AttributeFromSQL (uid, sp, attribute, value) VALUES ('user@example.org', '%', 'eduPersonAffiliation', 'faculty');
-            INSERT INTO AttributeFromSQL (uid, attribute, value) VALUES ('user@example.org', 'mail', 'user@example.org');
-            INSERT INTO AttributeFromSQL (uid, attribute, value, expires) VALUES ('user@example.org', 'mail', 'marty@example.org', '2015-10-21');
-          " simplesamlphp
+          vendor/bin/phpstan analyze -c phpstan-dev.neon --debug
 
+  security:
+    name: Security checks
+    runs-on: [ubuntu-latest]
+    steps:
       - name: Setup PHP, with composer and extensions
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, posix, spl, xml
+          # Should be the lowest supported version
+          php-version: '8.1'
+          extensions: ctype, date, dom, filter, hash, intl, mbstring, openssl, pcre, spl, xml
           tools: composer
-          ini-values: error_reporting=E_ALL
-          coverage: pcov
+          coverage: none
 
       - name: Setup problem matchers for PHP
         run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
 
-      - name: Setup problem matchers for PHPUnit
-        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
-
-      - name: Set git to use LF
-        run: |
-          git config --global core.autocrlf false
-          git config --global core.eol lf
-
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Get composer cache directory
         run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV"
@@ -219,50 +186,22 @@ jobs:
       - name: Install Composer dependencies
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Run unit tests with coverage
-        if: ${{ matrix.php-versions == '8.2' }}
-        run: vendor/bin/phpunit
-
-      - name: Run unit tests (no coverage)
-        if: ${{ matrix.php-versions != '8.2' }}
-        run: vendor/bin/phpunit --no-coverage
-
-      - name: Save coverage data
-        if: ${{ matrix.php-versions == '8.2' }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: coverage-data
-          path: ${{ github.workspace }}/build
-
-  coverage:
-    name: Code coverage
-    runs-on: [ubuntu-latest]
-    needs: [unit-tests-linux]
-    steps:
-      - uses: actions/checkout@v4
+      - name: Security check for locked dependencies
+        run: composer audit
 
-      - uses: actions/download-artifact@v4
-        with:
-          name: coverage-data
-          path: ${{ github.workspace }}/build
+      - name: Update Composer dependencies
+        run: composer update --no-progress --prefer-dist --optimize-autoloader
 
-      - name: Codecov
-        uses: codecov/codecov-action@v3
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          fail_ci_if_error: true
-          verbose: true
+      - name: Security check for updated dependencies
+        run: composer audit
 
   cleanup:
     name: Cleanup artifacts
-    needs: [unit-tests-linux, coverage]
+    needs: [unit-tests-linux]
     runs-on: [ubuntu-latest]
-    if: |
-      always() &&
-      needs.coverage.result == 'success' ||
-      (needs.unit-tests-linux == 'success' && needs.coverage == 'skipped')
+    if: ${{ always() && needs.unit-tests-linux.result == 'success' }}
 
     steps:
-      - uses: geekyeggo/delete-artifact@v2
+      - uses: geekyeggo/delete-artifact@v5
         with:
           name: coverage-data