diff --git a/.github/codecov.yml b/.github/codecov.yml deleted file mode 100644 index 372507c..0000000 --- a/.github/codecov.yml +++ /dev/null @@ -1,2 +0,0 @@ -fixes: - - "wordfence-api/::" # reduce root e.g., "wordfence-api/src/" => "src/" diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml new file mode 100644 index 0000000..bb35c41 --- /dev/null +++ b/.github/workflows/audit.yml @@ -0,0 +1,23 @@ +name: Audit + +on: + workflow_dispatch: + schedule: + - cron: '12 3 * * 1' # Weekly on Monday + pull_request: + branches: + - main + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + php: + uses: typisttech/.github/.github/workflows/audit-php.yml@v3 diff --git a/.github/workflows/composer-audit.yml b/.github/workflows/composer-audit.yml deleted file mode 100644 index c8cc2fa..0000000 --- a/.github/workflows/composer-audit.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Composer Audit - -on: - workflow_dispatch: - schedule: - - cron: '23 3 * * 1' # Weekly on Monday - pull_request: - branches: - - main - paths: - - .github/workflows/composer-audit.yml - - composer.* - push: - branches: - - main - paths: - - .github/workflows/composer-audit.yml - - composer.* - -concurrency: - group: ${{ github.workflow }}-${{ github.ref_name }} - cancel-in-progress: true - -permissions: {} - -jobs: - composer-audit: - uses: typisttech/.github/.github/workflows/composer-audit.yml@v2 - permissions: - contents: read diff --git a/.github/workflows/composer-normalize.yml b/.github/workflows/composer-normalize.yml deleted file mode 100644 index cd04efa..0000000 --- a/.github/workflows/composer-normalize.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Composer Normalize - -on: - workflow_dispatch: - push: - branches: - - main - paths: - - .github/workflows/composer-normalize.yml - - composer.* - -concurrency: - group: ${{ github.workflow }}-${{ github.ref_name }} - cancel-in-progress: true - -permissions: {} - -jobs: - composer-normalize: - uses: typisttech/.github/.github/workflows/composer-normalize.yml@v2 - permissions: - contents: read - secrets: inherit diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index d337c93..6abcb8a 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -9,14 +9,13 @@ concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} cancel-in-progress: true -permissions: {} +permissions: + contents: write + pull-requests: write jobs: dependabot: - permissions: - contents: write - pull-requests: write - uses: typisttech/.github/.github/workflows/dependabot-auto-merge.yml@v2 + uses: typisttech/.github/.github/workflows/dependabot-auto-merge.yml@v3 with: minor: true patch: true diff --git a/.github/workflows/format.yml b/.github/workflows/format.yml new file mode 100644 index 0000000..333f7be --- /dev/null +++ b/.github/workflows/format.yml @@ -0,0 +1,20 @@ +name: Format + +on: + workflow_dispatch: + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: true + +permissions: + contents: write + pull-requests: write + +jobs: + php: + uses: typisttech/.github/.github/workflows/format-php.yml@v3 + secrets: inherit diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..fa46b93 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,23 @@ +name: Lint + +on: + workflow_dispatch: + pull_request: + branches: + - main + push: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref_name }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + php: + uses: typisttech/.github/.github/workflows/lint-php.yml@v3 + with: + phpstan: false diff --git a/.github/workflows/pint.yml b/.github/workflows/pint.yml deleted file mode 100644 index bfba64a..0000000 --- a/.github/workflows/pint.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Pint - -on: - workflow_dispatch: - push: - branches: - - main - paths: - - .github/workflows/pint.yml - - '**.php' - - composer.* - - pint.json - -concurrency: - group: ${{ github.workflow }}-${{ github.ref_name }} - cancel-in-progress: true - -permissions: {} - -jobs: - pint: - uses: typisttech/.github/.github/workflows/pint.yml@v2 - permissions: - contents: read - with: - php-version: '8.4' - secrets: inherit diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 0a87ac5..94648e7 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -14,7 +14,11 @@ permissions: {} jobs: release-drafter: - uses: typisttech/.github/.github/workflows/release-drafter.yml@v2 + runs-on: ubuntu-latest permissions: contents: write pull-requests: read + steps: + - uses: release-drafter/release-drafter@v6 + env: + GITHUB_TOKEN: ${{ github.token }} # Not a typo. diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d8dc3f9..d1ccac3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,6 +8,8 @@ on: push: branches: - main + tags: + - '**' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref_name }}-${{ github.event.pull_request.number || github.sha }} @@ -17,42 +19,45 @@ permissions: {} jobs: php-matrix: - uses: typisttech/.github/.github/workflows/php-matrix.yml@v2 - permissions: - contents: read + runs-on: ubuntu-latest + outputs: + versions: ${{ steps.php-matrix.outputs.versions }} + highest: ${{ steps.php-matrix.outputs.highest }} + steps: + - uses: actions/checkout@v5 + with: + sparse-checkout: composer.json + sparse-checkout-cone-mode: false + + - uses: typisttech/php-matrix-action@v2 + id: php-matrix pest: - runs-on: ubuntu-latest needs: php-matrix strategy: matrix: - php: ${{ fromJSON(needs.php-matrix.outputs.versions) }} - dependency-versions: [lowest, highest] - coverage: [none] + php-version: ${{ fromJSON(needs.php-matrix.outputs.versions) }} + coverage: ['none'] exclude: - - php: ${{ needs.php-matrix.outputs.highest }} - dependency-versions: highest - coverage: none + - php-version: ${{ needs.php-matrix.outputs.highest }} + coverage: 'none' include: - - php: ${{ needs.php-matrix.outputs.highest }} - dependency-versions: highest + - php-version: ${{ needs.php-matrix.outputs.highest }} coverage: xdebug + runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 - uses: shivammathur/setup-php@v2 with: - php-version: ${{ matrix.php }} + php-version: ${{ matrix.php-version }} coverage: ${{ matrix.coverage }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - uses: ramsey/composer-install@v3 with: - dependency-versions: ${{ matrix.dependency-versions }} - composer-options: --no-audit --optimize-autoloader + dependency-versions: highest - - run: composer pest:unit -- --ci --coverage-clover coverage.xml + - run: composer pest:unit -- --ci --coverage-clover coverage-unit.xml if: ${{ matrix.coverage == 'xdebug' }} - run: composer pest:unit -- --ci @@ -65,7 +70,7 @@ jobs: if: ${{ matrix.coverage == 'xdebug' }} with: name: coverage - path: coverage.xml + path: coverage-unit.xml codecov: needs: pest @@ -73,9 +78,16 @@ jobs: permissions: id-token: write steps: + - uses: actions/checkout@v5 + - uses: actions/download-artifact@v5 with: name: coverage + - uses: codecov/codecov-action@v5 with: - use_oidc: ${{ !(github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork) }} + use_oidc: true + fail_ci_if_error: true + disable_search: true + files: coverage-unit.xml + flags: unit