Add (or update) GitHub Action (GHA) files and related config.

Author: Potherca

.config/.remarkrc

@@ -0,0 +1,6 @@
+{
+  "plugins": [
+    "remark-preset-lint-recommended",
+    ["remark-lint-list-item-indent", "space"]
+  ]
+}

.config/.yamllint

@@ -0,0 +1,14 @@
+---
+extends: default
+
+ignore: |
+  vendor/
+
+rules:
+  brackets:
+    max-spaces-inside: 1
+  document-start: disable
+  line-length:
+    level: warning
+    max: 120
+  truthy: {allowed-values: ["true", "false", "on"]}

.config/hadolint.yml

@@ -0,0 +1,30 @@
+---
+# For all available rules see: https://github.com/hadolint/hadolint#rules
+ignored:
+  - DL3008  # We do not want to pin versions in apt get install.
+  - DL3018  # We do not want to pin versions in apk add
+
+# For full details see https://github.com/hadolint/hadolint#configure
+#
+# The following keys are available:
+#
+# failure-threshold: string               # name of threshold level (error | warning | info | style | ignore | none)
+# format: string                          # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy)
+# label-schema:                           # See https://github.com/hadolint/hadolint#linting-labels for details
+#   author: string                        # Your name
+#   contact: string                       # email address
+#   created: timestamp                    # rfc3339 datetime
+#   version: string                       # semver
+#   documentation: string                 # url
+#   git-revision: string                  # hash
+#   license: string                       # spdx
+# no-color: boolean                       # true | false
+# no-fail: boolean                        # true | false
+# override:
+#   error: [string]                       # list of rules
+#   warning: [string]                     # list of rules
+#   info: [string]                        # list of rules
+#   style: [string]                       # list of rules
+# strict-labels: boolean                  # true | false
+# disable-ignore-pragma: boolean          # true | false
+# trustedRegistries: string | [string]    # registry or list of registries

.github/workflows/dockerfile.yml

@@ -0,0 +1,58 @@
+---
+name: Dockerfile Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    branches: [ main ]
+    paths:
+      - '.config/hadolint.yml'
+      - '.dockerignore'
+      - '.github/workflows/dockerfile.yml'
+      - 'Dockerfile'
+      # Docker project specific, Dockerfile "COPY" and "ADD" entries.
+      - 'src/'
+      - 'web/'
+      - 'composer.json'
+      - 'composer.lock'
+      - 'site.conf'
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '.config/hadolint.yml'
+      - '.dockerignore'
+      - '.github/workflows/dockerfile.yml'
+      - 'Dockerfile'
+      # Docker project specific, Dockerfile "COPY" and "ADD" entries.
+      - 'src/'
+      - 'web/'
+      - 'composer.json'
+      - 'composer.lock'
+      - 'site.conf'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 03.quality.docker.lint.yml
+  lint-dockerfile:
+    name: Dockerfile Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/hadolint
+        with:
+          args: >-
+            hadolint
+            --config .config/hadolint.yml
+            Dockerfile

.github/workflows/json.yml

@@ -0,0 +1,46 @@
+---
+name: JSON Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    branches: [ main ]
+    paths:
+      - '**.json'
+      - '.github/workflows/json.yml'
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '**.json'
+      - '.github/workflows/json.yml'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 01.preflight.json.lint-syntax.yml
+  lint-json-syntax:
+    name: JSON Syntax Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/jsonlint
+        with:
+          args: >-
+            find .
+            -not -path './.git/*'
+            -not -path './node_modules/*'
+            -not -path './vendor/*'
+            -name '*.json'
+            -type f
+            -exec jsonlint --quiet {} ;

.github/workflows/markdown.yml

@@ -0,0 +1,42 @@
+---
+name: Markdown Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    branches: [ main ]
+    paths:
+      - '**.md'
+      - '.github/workflows/markdown.yml'
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '**.md'
+      - '.github/workflows/markdown.yml'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 01.quality.markdown.lint-syntax.yml
+  lint-markdown-syntax:
+    name: Markdown Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/remark-lint
+        with:
+          args: >-
+            remark
+            --rc-path=.config/.remarkrc
+            --ignore-pattern='*/vendor/*'

.github/workflows/php.yml

@@ -0,0 +1,106 @@
+---
+name: PHP Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    paths:
+      - '**.php'
+      - '.config/phpcs.xml.dist'
+      - '.config/phpunit.xml.dist'
+      - '.github/workflows/php.yml'
+      - 'composer.json'
+      - 'composer.lock'
+    branches: [ main ]
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '**.php'
+      - '.config/phpcs.xml.dist'
+      - '.config/phpunit.xml.dist'
+      - '.github/workflows/php.yml'
+      - 'composer.json'
+      - 'composer.lock'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 01.preflight.php.lint-syntax.yml
+  lint-php-syntax:
+    name: PHP Syntax Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/php-linter
+        with:
+          args: >-
+            parallel-lint
+            --exclude .git
+            --exclude vendor
+            --no-progress
+            .
+  # 01.quality.php.validate.dependencies-file.yml
+  validate-dependencies-file:
+    name: Validate dependencies file
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: >-
+            composer validate
+            --check-lock
+            --no-plugins
+            --no-scripts
+            --strict
+  # 03.quality.php.scan.dependencies-vulnerabilities.yml
+  scan-dependencies-vulnerabilities:
+    name: Scan Dependencies Vulnerabilities
+    needs:
+      - validate-dependencies-file
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: >-
+            composer audit
+            --abandoned=report
+            --locked
+            --no-dev
+            --no-plugins
+            --no-scripts
+  # 03.quality.php.lint-version-compatibility.yml
+  php-check-version-compatibility:
+    name: PHP Version Compatibility
+    needs:
+      - lint-php-syntax
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        php:
+          - '8.0'  # from 2020-11 to 2022-11 (2023-11)
+          - '8.1'  # from 2021-11 to 2023-11 (2025-12)
+          - '8.2'  # from 2022-12 to 2024-12 (2026-12)
+          - '8.3'  # from 2023-11 to 2025-12 (2027-12)
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/php-codesniffer
+        with:
+          args: >-
+            phpcs
+            -s
+            --extensions=php
+            --ignore='*vendor/*'
+            --runtime-set testVersion ${{ matrix.php }}
+            --standard=PHPCompatibility
+            .

.github/workflows/shell.yml

@@ -0,0 +1,60 @@
+---
+name: Shell Script Quality Assistance
+
+on:
+  # This event occurs when there is activity on a pull request. The workflow
+  # will be run against the commits, after merge to the target branch (main).
+  pull_request:
+    branches: [ main ]
+    paths:
+      - '**.bash'
+      - '**.sh'
+      - '.github/workflows/shell.yml'
+    types: [ opened, reopened, synchronize ]
+  # This event occurs when there is a push to the repository.
+  push:
+    paths:
+      - '**.bash'
+      - '**.sh'
+      - '.github/workflows/shell.yml'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  # Needed to allow the "concurrency" section to cancel a workflow run.
+  actions: write
+
+jobs:
+  # 01.preflight.shell.lint-syntax.yml
+  lint-shell-syntax:
+    name: Shell Syntax Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - run: >-
+          find .
+          -name '*.sh'
+          -not -name .git
+          -print0
+          -type f
+          | xargs -0 -P"$(nproc)" -I{} bash -n "{}"
+  # 03.quality.shell.lint.yml
+  lint-shell-quality:
+    name: Shell Quality Linting
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker://pipelinecomponents/shellcheck
+        with:
+          args: >-
+            find .
+            -not -name .git
+            -print0
+            -name '*.sh'
+            -type f
+            | xargs -0 -r -n1 shellcheck

.github/workflows/ci.yml renamed to .github/workflows/solid-test-suites.yml

@@ -1,7 +1,7 @@
 # This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
 
-name: CI
+name: Solid Test Suites
 
 on:
   push:
@@ -19,6 +19,6 @@ jobs:
         os: [ubuntu-latest]
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     # Run the Solid test-suite
     - run: bash ./run-solid-test-suite.sh