Skip to content

Defer to organisation security policy #432

Defer to organisation security policy

Defer to organisation security policy #432

Workflow file for this run

name: Test
on:
# Run on pushes to `stable` and `develop` and on all pull requests.
push:
branches:
- stable
- develop
paths-ignore:
- '**.md'
pull_request:
# Allow manually triggering the workflow.
workflow_dispatch:
# Cancels all previous workflow runs for the same branch that have not yet completed.
concurrency:
# The concurrency group contains the workflow name and the branch name.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
#### TEST STAGE ####
test:
if: ${{ github.ref != 'refs/heads/develop' }}
runs-on: ubuntu-latest
strategy:
matrix:
# The GHA matrix works different from Travis.
# You can define jobs here and then augment them with extra variables in `include`,
# as well as add extra jobs in `include`.
# @link https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstrategymatrix
#
# The matrix is set up so as not to duplicate the builds which are run for code coverage.
php: ['5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '8.0', '8.1', '8.2', '8.3']
phpcs_version: ['lowest', 'dev-master']
name: "Test${{ matrix.phpcs_version == 'dev-master' && ' + Lint' || '' }}: PHP ${{ matrix.php }} - PHPCS ${{ matrix.phpcs_version }}"
continue-on-error: ${{ matrix.php == '8.3' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
# On stable PHPCS versions, allow for PHP deprecation notices.
# Unit tests don't need to fail on those for stable releases where those issues won't get fixed anymore.
- name: Setup ini config
id: set_ini
run: |
if [[ "${{ matrix.phpcs_version }}" != "dev-master" ]]; then
echo 'PHP_INI=error_reporting=E_ALL & ~E_DEPRECATED, display_errors=On' >> $GITHUB_OUTPUT
else
echo 'PHP_INI=error_reporting=-1, display_errors=On' >> $GITHUB_OUTPUT
fi
- name: Install PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
ini-values: ${{ steps.set_ini.outputs.PHP_INI }}
coverage: none
- name: "Composer: set PHPCS version for tests (master)"
if: ${{ matrix.phpcs_version != 'lowest' }}
run: composer require squizlabs/php_codesniffer:"${{ matrix.phpcs_version }}" --no-update --no-scripts --no-interaction
# Install dependencies and handle caching in one go.
# @link https://github.com/marketplace/actions/install-php-dependencies-with-composer
- name: Install Composer dependencies - normal
if: ${{ startsWith( matrix.php, '8' ) == false }}
uses: "ramsey/composer-install@v2"
with:
# Bust the cache at least once a month - output format: YYYY-MM.
custom-cache-suffix: $(date -u "+%Y-%m")
# For the PHP 8/"nightly", we need to install with ignore platform reqs as we're still using PHPUnit 7.
- name: Install Composer dependencies - with ignore platform
if: ${{ startsWith( matrix.php, '8' ) }}
uses: "ramsey/composer-install@v2"
with:
composer-options: --ignore-platform-req=php+
custom-cache-suffix: $(date -u "+%Y-%m")
- name: "Composer: set PHPCS/PHPCSUtils version for tests (lowest)"
if: ${{ matrix.phpcs_version == 'lowest' }}
run: >
composer update squizlabs/php_codesniffer phpcsstandards/phpcsutils
--prefer-lowest --ignore-platform-req=php+ --no-scripts --no-interaction
- name: Lint against parse errors
if: matrix.phpcs_version == 'dev-master'
run: composer lint
- name: Run the unit tests - PHP 5.4 - 8.0
if: ${{ matrix.php < '8.1' }}
run: composer test
- name: Run the unit tests - PHP > 8.1
if: ${{ matrix.php >= '8.1' }}
run: composer test -- --no-configuration --bootstrap=phpunit-bootstrap.php --dont-report-useless-tests
#### CODE COVERAGE STAGE ####
# N.B.: Coverage is only checked on the lowest and highest stable PHP versions
# and a low/high of each major for PHPCS.
# These builds are left out off the "test" stage so as not to duplicate test runs.
coverage:
# No use running the coverage builds if there are failing test builds.
needs: test
# The default condition is success(), but this is false when one of the previous jobs is skipped
if: always() && (needs.test.result == 'success' || needs.test.result == 'skipped')
runs-on: ubuntu-latest
strategy:
matrix:
# 7.4 should be updated to 8.2 when higher PHPUnit versions can be supported.
php: ['5.4', '7.4']
phpcs_version: ['lowest', 'dev-master']
name: "Coverage${{ matrix.phpcs_version == 'dev-master' && ' + Lint' || '' }}: PHP ${{ matrix.php }} - PHPCS ${{ matrix.phpcs_version }}"
steps:
- name: Checkout code
uses: actions/checkout@v4
# On stable PHPCS versions, allow for PHP deprecation notices.
# Unit tests don't need to fail on those for stable releases where those issues won't get fixed anymore.
- name: Setup ini config
id: set_ini
run: |
if [ "${{ matrix.phpcs_version }}" != "dev-master" ]; then
echo 'PHP_INI=error_reporting=E_ALL & ~E_DEPRECATED, display_errors=On' >> $GITHUB_OUTPUT
else
echo 'PHP_INI=error_reporting=-1, display_errors=On' >> $GITHUB_OUTPUT
fi
- name: Install PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
ini-values: ${{ steps.set_ini.outputs.PHP_INI }}
coverage: xdebug
tools: cs2pr
- name: "Composer: set PHPCS version for tests (master)"
if: ${{ matrix.phpcs_version != 'lowest' }}
run: composer require squizlabs/php_codesniffer:"${{ matrix.phpcs_version }}" --no-update --no-scripts --no-interaction
# Install dependencies and handle caching in one go.
# @link https://github.com/marketplace/actions/install-php-dependencies-with-composer
- name: Install Composer dependencies
uses: "ramsey/composer-install@v2"
with:
# Bust the cache at least once a month - output format: YYYY-MM.
custom-cache-suffix: $(date -u "+%Y-%m")
- name: "Composer: set PHPCS/PHPCSUtils version for tests (lowest)"
if: ${{ matrix.phpcs_version == 'lowest' }}
run: >
composer update squizlabs/php_codesniffer phpcsstandards/phpcsutils
--prefer-lowest --ignore-platform-req=php+ --no-scripts --no-interaction
- name: Lint against parse errors
if: matrix.phpcs_version == 'dev-master'
run: composer lint -- --checkstyle | cs2pr
- name: Run the unit tests with code coverage
run: composer coverage
# PHP Coveralls v2 (which supports GH Actions) has a PHP 5.5 minimum, so switch the PHP version.
- name: Switch to PHP latest
if: ${{ success() && matrix.php == '5.4' }}
uses: shivammathur/setup-php@v2
with:
php-version: 'latest'
coverage: none
# Global install is used to prevent a conflict with the local composer.lock.
- name: Install Coveralls
if: ${{ success() }}
run: composer global require php-coveralls/php-coveralls:"^2.6.0" --no-interaction
- name: Upload coverage results to Coveralls (normal)
if: ${{ success() && github.actor != 'dependabot[bot]' }}
env:
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_TOKEN }}
COVERALLS_PARALLEL: true
COVERALLS_FLAG_NAME: php-${{ matrix.php }}-phpcs-${{ matrix.phpcs_version }}
run: php-coveralls -v -x build/logs/clover.xml
# Dependabot does not have access to secrets, other than the GH token.
# Ref: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
# Ref: https://github.com/lemurheavy/coveralls-public/issues/1721
- name: Upload coverage results to Coveralls (Dependabot)
if: ${{ success() && github.actor == 'dependabot[bot]' }}
env:
COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COVERALLS_PARALLEL: true
COVERALLS_FLAG_NAME: php-${{ matrix.php }}-phpcs-${{ matrix.phpcs_version }}
run: php-coveralls -v -x build/logs/clover.xml
coveralls-finish:
needs: coverage
if: always() && needs.coverage.result == 'success'
runs-on: ubuntu-latest
steps:
- name: Coveralls Finished (normal)
if: ${{ github.actor != 'dependabot[bot]' }}
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.COVERALLS_TOKEN }}
parallel-finished: true
# Dependabot does not have access to secrets, other than the GH token.
# Ref: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
# Ref: https://github.com/lemurheavy/coveralls-public/issues/1721
- name: Coveralls Finished (Dependabot)
if: ${{ github.actor == 'dependabot[bot]' }}
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel-finished: true