chore: Updates dependency versions and add security checks workflow.

gustavofreze · gustavofreze · commit f607ec958bfa · 2026-01-06T06:46:31.000-03:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,31 @@
+version: 2
+
+updates:
+  - package-ecosystem: "composer"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 0
+    labels:
+      - "php"
+      - "security"
+      - "dependencies"
+    groups:
+      php-security:
+        applies-to: security-updates
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "build"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/auto-assign.yml b/.github/workflows/auto-assign.yml
@@ -18,7 +18,7 @@ jobs:
       - name: Assign issues and pull requests
         uses: gustavofreze/auto-assign@2.0.0
         with:
-          assignees: '${{ secrets.ASSIGNEES }}'
+          assignees: '${{ vars.ASSIGNEES }}'
           github_token: '${{ secrets.GITHUB_TOKEN }}'
           allow_self_assign: 'true'
           allow_no_assignees: 'true'
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Configure PHP
         uses: shivammathur/setup-php@v2
@@ -35,15 +35,30 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
-      - name: Use PHP ${{ env.PHP_VERSION }}
+      - name: Configure PHP
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ env.PHP_VERSION }}
 
       - name: Install dependencies
         run: composer update --no-progress --optimize-autoloader
 
+      - name: Clean up Docker
+        run: docker system prune -f
+
+      - name: Create Docker network
+        run: docker network create tiny-blocks
+
+      - name: Create Docker volume for migrations
+        run: docker volume create test-adm-migrations
+
       - name: Run tests
-        run: composer tests
+        run: |
+          docker run --network=tiny-blocks \
+            -v ${PWD}:/app \
+            -v ${PWD}/tests/Integration/Database/Migrations:/test-adm-migrations \
+            -v /var/run/docker.sock:/var/run/docker.sock \
+            -w /app \
+            gustavofreze/php:${{ env.PHP_VERSION }} bash -c "composer tests"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,35 @@
+name: Security checks
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: "0 0 * * *"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ "actions" ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v4
diff --git a/composer.json b/composer.json
@@ -49,18 +49,18 @@
     },
     "require-dev": {
         "phpmd/phpmd": "^2.15",
-        "phpunit/phpunit": "^11",
-        "phpstan/phpstan": "^1",
-        "infection/infection": "^0",
-        "squizlabs/php_codesniffer": "^3"
+        "phpunit/phpunit": "^11.5",
+        "phpstan/phpstan": "^1.12",
+        "infection/infection": "^0.32",
+        "squizlabs/php_codesniffer": "^3.13"
     },
     "scripts": {
         "test": "phpunit -d memory_limit=2G --configuration phpunit.xml tests",
         "phpcs": "phpcs --standard=PSR12 --extensions=php ./src",
         "phpmd": "phpmd ./src text phpmd.xml --suffixes php --ignore-violations-on-exit",
         "phpstan": "phpstan analyse -c phpstan.neon.dist --quiet --no-progress",
         "test-file": "phpunit --configuration phpunit.xml --no-coverage --filter",
-        "mutation-test": "infection --only-covered --threads=max --logger-html=report/coverage/mutation-report.html --coverage=report/coverage",
+        "mutation-test": "infection --threads=max --logger-html=report/coverage/mutation-report.html --coverage=report/coverage",
         "test-no-coverage": "phpunit --configuration phpunit.xml --no-coverage tests",
         "review": [
             "@phpcs",
