Skip to content

Commit ab133e2

Browse files
evansimsevansims
authored
ci: Workflow Updates (#738)
1 parent a8efbb8 commit ab133e2

File tree

3 files changed

+87
-69
lines changed

3 files changed

+87
-69
lines changed

.github/workflows/semgrep.yml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ name: Semgrep
22

33
on:
44
merge_group:
5-
workflow_dispatch:
65
pull_request_target:
76
types:
87
- opened
@@ -39,11 +38,11 @@ jobs:
3938

4039
steps:
4140
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
42-
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
41+
run: exit 0
4342

4443
- uses: actions/checkout@v4
4544
with:
46-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
45+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
4746

4847
- run: semgrep ci
4948
env:

.github/workflows/snyk.yml

Lines changed: 44 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ name: Snyk
22

33
on:
44
merge_group:
5-
workflow_dispatch:
65
pull_request_target:
76
types:
87
- opened
@@ -16,6 +15,12 @@ on:
1615
permissions:
1716
contents: read
1817

18+
env:
19+
DX_SDKS_SNYK_ORGANIZATION: 8303ea71-ac72-4ae6-9cd0-ae2f3eda82b7
20+
DX_SDKS_SNYK_PROJECT: auth0/auth0-PHP
21+
DX_SDKS_SNYK_TAGS: Refactoring-target:DX,Refactoring-origin:auth0-sdks
22+
DX_SDKS_SNYK_REMOTE_REPO_URL: https://github.com/auth0/auth0-PHP
23+
1924
concurrency:
2025
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
2126
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
@@ -28,24 +33,56 @@ jobs:
2833
steps:
2934
- run: true
3035

36+
configure:
37+
name: Configure
38+
needs: [authorize]
39+
runs-on: ubuntu-latest
40+
41+
outputs:
42+
matrix: ${{ steps.set-matrix.outputs.matrix }}
43+
44+
steps:
45+
- uses: actions/checkout@v4
46+
with:
47+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
48+
49+
- id: set-matrix
50+
run: echo "matrix=$(jq -c . < ./.github/workflows/matrix.json)" >> $GITHUB_OUTPUT
51+
3152
check:
32-
needs: authorize
53+
needs: [configure]
3354

3455
name: Check for Vulnerabilities
3556
runs-on: ubuntu-latest
3657

3758
steps:
3859
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
39-
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
60+
run: exit 0
4061

4162
- uses: actions/checkout@v4
4263
with:
43-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
64+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
4465

4566
- uses: ./.github/actions/setup
4667
with:
47-
php: 8.1
68+
php: ${{ fromJson(needs.configure.outputs.matrix).include[0].php }}
69+
70+
- run: npm install snyk -g
71+
72+
- if: github.ref == 'refs/heads/main'
73+
run: snyk monitor --file=composer.lock --org=$SNYK_ORGANIZATION --project-name=$SNYK_PROJECT --project-tags=$SNYK_TAGS --remote-repo-url=$SNYK_REMOTE_REPO --target-reference="$(git branch --show-current)"
74+
env:
75+
SNYK_TOKEN: ${{ secrets.DX_SDKS_SNYK_TOKEN }}
76+
SNYK_ORGANIZATION: ${{ env.DX_SDKS_SNYK_ORGANIZATION }}
77+
SNYK_PROJECT: ${{ env.DX_SDKS_SNYK_PROJECT }}
78+
SNYK_TAGS: ${{ env.DX_SDKS_SNYK_TAGS }}
79+
SNYK_REMOTE_REPO: ${{ env.DX_SDKS_SNYK_REMOTE_REPO_URL }}
80+
continue-on-error: true
4881

49-
- uses: snyk/actions/php@b98d498629f1c368650224d6d212bf7dfa89e4bf # [email protected]
82+
- run: snyk test --file=composer.lock --org=$SNYK_ORGANIZATION --project-name=$SNYK_PROJECT --remote-repo-url=$SNYK_REMOTE_REPO
5083
env:
51-
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
84+
SNYK_TOKEN: ${{ secrets.DX_SDKS_SNYK_TOKEN }}
85+
SNYK_ORGANIZATION: ${{ env.DX_SDKS_SNYK_ORGANIZATION }}
86+
SNYK_PROJECT: ${{ env.DX_SDKS_SNYK_PROJECT }}
87+
SNYK_TAGS: ${{ env.DX_SDKS_SNYK_TAGS }}
88+
SNYK_REMOTE_REPO: ${{ env.DX_SDKS_SNYK_REMOTE_REPO_URL }}

.github/workflows/tests.yml

Lines changed: 41 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ name: Build and Test
22

33
on:
44
merge_group:
5-
workflow_dispatch:
65
pull_request_target:
76
types:
87
- opened
@@ -36,7 +35,7 @@ jobs:
3635
steps:
3736
- uses: actions/checkout@v4
3837
with:
39-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
38+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
4039

4140
- id: set-matrix
4241
run: echo "matrix=$(jq -c . < ./.github/workflows/matrix.json)" >> $GITHUB_OUTPUT
@@ -53,14 +52,14 @@ jobs:
5352
steps:
5453
- uses: actions/checkout@v4
5554
with:
56-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
55+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
5756

5857
- uses: ./.github/actions/setup
5958
with:
6059
php: ${{ matrix.php }}
6160

62-
composer-normalize:
63-
name: Composer Normalize
61+
pest:
62+
name: PEST
6463
needs: [configure, prepare]
6564
runs-on: ubuntu-latest
6665

@@ -71,16 +70,23 @@ jobs:
7170
steps:
7271
- uses: actions/checkout@v4
7372
with:
74-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
73+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
7574

7675
- uses: ./.github/actions/setup
7776
with:
7877
php: ${{ matrix.php }}
78+
coverage: pcov
7979

80-
- run: composer normalize --dry-run --diff
80+
- run: composer pest:ci
8181

82-
composer-validate:
83-
name: Composer Validate
82+
- if: ${{ matrix.php == fromJson(needs.configure.outputs.matrix).include[0].php }}
83+
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # [email protected]
84+
with:
85+
directory: ./coverage/
86+
flags: unittestsvalidate
87+
88+
phpstan:
89+
name: PHPStan
8490
needs: [configure, prepare]
8591
runs-on: ubuntu-latest
8692

@@ -91,16 +97,16 @@ jobs:
9197
steps:
9298
- uses: actions/checkout@v4
9399
with:
94-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
100+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
95101

96102
- uses: ./.github/actions/setup
97103
with:
98104
php: ${{ matrix.php }}
99105

100-
- run: composer validate --strict --with-dependencies
106+
- run: composer phpstan
101107

102-
pest:
103-
name: PEST
108+
psalm:
109+
name: Psalm
104110
needs: [configure, prepare]
105111
runs-on: ubuntu-latest
106112

@@ -111,98 +117,74 @@ jobs:
111117
steps:
112118
- uses: actions/checkout@v4
113119
with:
114-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
120+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
115121

116122
- uses: ./.github/actions/setup
117123
with:
118124
php: ${{ matrix.php }}
119-
coverage: pcov
120-
121-
- if: matrix.php != '8.0'
122-
run: composer pest:ci
123125

124-
- if: matrix.php == '8.1'
125-
uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # [email protected]
126-
with:
127-
directory: ./coverage/
128-
flags: unittestsvalidate
126+
- run: composer psalm
129127

130-
phpstan:
131-
name: PHPStan
128+
rector:
129+
name: Rector
132130
needs: [configure, prepare]
133131
runs-on: ubuntu-latest
134132

135-
strategy:
136-
fail-fast: false
137-
matrix: ${{ fromJson(needs.configure.outputs.matrix) }}
138-
139133
steps:
140134
- uses: actions/checkout@v4
141135
with:
142-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
136+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
143137

144138
- uses: ./.github/actions/setup
145139
with:
146-
php: ${{ matrix.php }}
140+
php: ${{ fromJson(needs.configure.outputs.matrix).include[0].php }}
147141

148-
- run: composer phpstan
142+
- run: composer rector
149143

150-
psalm:
151-
name: Psalm
144+
php-cs-fixer:
145+
name: PHP CS Fixer
152146
needs: [configure, prepare]
153147
runs-on: ubuntu-latest
154148

155-
strategy:
156-
fail-fast: false
157-
matrix: ${{ fromJson(needs.configure.outputs.matrix) }}
158-
159149
steps:
160150
- uses: actions/checkout@v4
161151
with:
162-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
152+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
163153

164154
- uses: ./.github/actions/setup
165155
with:
166-
php: ${{ matrix.php }}
156+
php: ${{ fromJson(needs.configure.outputs.matrix).include[0].php }}
167157

168-
- run: composer psalm
158+
- run: composer phpcs
169159

170-
rector:
171-
name: Rector
160+
composer-normalize:
161+
name: Composer Normalize
172162
needs: [configure, prepare]
173163
runs-on: ubuntu-latest
174164

175-
strategy:
176-
fail-fast: false
177-
matrix: ${{ fromJson(needs.configure.outputs.matrix) }}
178-
179165
steps:
180166
- uses: actions/checkout@v4
181167
with:
182-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
168+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
183169

184170
- uses: ./.github/actions/setup
185171
with:
186-
php: ${{ matrix.php }}
172+
php: ${{ fromJson(needs.configure.outputs.matrix).include[0].php }}
187173

188-
- run: composer rector
174+
- run: composer normalize --dry-run --diff
189175

190-
php-cs-fixer:
191-
name: PHP CS Fixer
176+
composer-validate:
177+
name: Composer Validate
192178
needs: [configure, prepare]
193179
runs-on: ubuntu-latest
194180

195-
strategy:
196-
fail-fast: false
197-
matrix: ${{ fromJson(needs.configure.outputs.matrix) }}
198-
199181
steps:
200182
- uses: actions/checkout@v4
201183
with:
202-
ref: ${{ github.event.pull_request.head.sha || github.ref }}
184+
ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
203185

204186
- uses: ./.github/actions/setup
205187
with:
206-
php: ${{ matrix.php }}
188+
php: ${{ fromJson(needs.configure.outputs.matrix).include[0].php }}
207189

208-
- run: composer phpcs
190+
- run: composer validate --strict --with-dependencies

0 commit comments

Comments
 (0)