feat: add dependency-analysis workflow

wayofdev · May 29, 2024 · 242012a · 242012a
1 parent e4e28f0
commit 242012a
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 110 deletions.
diff --git a/.github/workflows/ci.yml.dist b/.github/workflows/ci.yml.dist
diff --git a/.github/workflows/dependency-analysis.yml b/.github/workflows/dependency-analysis.yml
@@ -0,0 +1,86 @@
+---
+
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    branches:
+      - master
+      - develop
+    paths:
+      - 'app/config/**'
+      - 'app/src/**'
+      - 'app/tests/**'
+      - 'app/.php-cs-fixer.dist.php'
+      - 'app/composer.json'
+      - 'app/composer.lock'
+      - 'app/composer-require-checker.json'
+
+name: 🔐 Dependency analysis
+
+env:
+  # Disable docker support in Makefile
+  APP_RUNNER: 'cd app &&'
+
+jobs:
+  dependency-analysis:
+    timeout-minutes: 4
+    runs-on: ${{ matrix.os }}
+    concurrency:
+      cancel-in-progress: true
+      group: dependency-analysis-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+    strategy:
+      fail-fast: true
+      matrix:
+        os:
+          - ubuntu-latest
+        php-version:
+          - '8.3'
+        dependencies:
+          - locked
+
+    steps:
+      - name: 📦 Check out the codebase
+        uses: actions/[email protected]
+
+      - name: 🛠️ Setup PHP
+        uses: shivammathur/[email protected]
+        with:
+          php-version: ${{ matrix.php-version }}
+          extensions: none, ctype, dom, json, mbstring, simplexml, tokenizer, xml, xmlwriter, pdo, curl, fileinfo, pdo_mysql
+          ini-values: error_reporting=E_ALL
+          coverage: none
+          tools: phive
+
+      - name: 🛠️ Setup problem matchers
+        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+
+      - name: 🤖 Validate composer.json and composer.lock
+        run: make validate-composer
+
+      - name: 🔍 Get composer cache directory
+        uses: wayofdev/gh-actions/actions/composer/[email protected]
+        with:
+          working-directory: app
+
+      - name: ♻️ Restore cached dependencies installed with composer
+        uses: actions/[email protected]
+        with:
+          path: ${{ env.COMPOSER_CACHE_DIR }}
+          key: php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-${{ hashFiles('composer.lock') }}
+          restore-keys: php-${{ matrix.php-version }}-composer-${{ matrix.dependencies }}-
+
+      - name: 📥 Install "${{ matrix.dependencies }}" dependencies with composer
+        uses: wayofdev/gh-actions/actions/composer/[email protected]
+        with:
+          working-directory: app
+          dependencies: ${{ matrix.dependencies }}
+
+      - name: 📥 Install dependencies with phive
+        working-directory: app
+        env:
+          PHIVE_HOME: .phive
+        run: phive install --trust-gpg-keys 0xC00543248C87FB13,0x033E5F8D801A2F8D,0x47436587D82C4A39
+        shell: bash
+
+      - name: 🔬 Run maglnet/composer-require-checker
+        working-directory: app
+        run: .phive/composer-require-checker check --ansi --config-file="$(pwd)/composer-require-checker.json" --verbose
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -47,7 +47,7 @@ jobs:
         uses: shivammathur/[email protected]
         with:
           php-version: ${{ matrix.php-version }}
-          extensions: none, ctype, dom, json, mbstring, simplexml, tokenizer, xml, xmlwriter, pdo, curl, fileinfo, pdo_mysql
+          extensions: none, ctype, dom, json, mbstring, simplexml, tokenizer, xml, xmlwriter, pdo, curl, fileinfo, pdo_mysql, opcache, pcntl, posix
           ini-values: error_reporting=E_ALL
           coverage: none
 
@@ -101,7 +101,7 @@ jobs:
         uses: shivammathur/[email protected]
         with:
           php-version: ${{ matrix.php-version }}
-          extensions: none, ctype, dom, json, mbstring, simplexml, tokenizer, xml, xmlwriter, pdo, curl, fileinfo, pdo_mysql
+          extensions: none, ctype, dom, json, mbstring, simplexml, tokenizer, xml, xmlwriter, pdo, curl, fileinfo, opcache, pcntl, posix
           ini-values: error_reporting=E_ALL
           coverage: none
 

diff --git a/Makefile b/Makefile
@@ -295,7 +295,7 @@ lint-audit: ## Runs security checks for composer dependencies
 .PHONY: lint-security
 
 validate-composer: ## Validates composer.json and composer.lock files
-	$(APP_COMPOSER) validate
+	$(APP_COMPOSER) validate --ansi --strict
 .PHONY: validate-composer
 
 #

diff --git a/app/composer.lock b/app/composer.lock