diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 721b108..b262c39 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -10,8 +10,6 @@ on: # Build any PRs and main branch changes # In case of updates to those workflows, they must be pre-checked by `pre-check-CI-updates.yml` rather than this workflow ! # Any updates on those workflows are expected to be restricted to those workflows only ! (no update on code for instance) - '.github/workflows/pre-check-CI-updates.yml' - - '.github/workflows/CI.yml' - - '.github/workflows/coverage-upload.yml' - '.github/workflows/reusable-CI-workflow.yml' - '.github/workflows/reusable-coverage-upload-workflow.yml' push: @@ -19,10 +17,16 @@ on: # Build any PRs and main branch changes schedule: - cron: '0 0 1 * *' # Every month +permissions: + contents: read + concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true +env: + TEST_OUTPUT_STYLE: pretty + jobs: tests: name: Tests diff --git a/.github/workflows/coverage-upload.yml b/.github/workflows/coverage-upload.yml index 9428e0d..7953f5d 100644 --- a/.github/workflows/coverage-upload.yml +++ b/.github/workflows/coverage-upload.yml @@ -4,9 +4,13 @@ on: workflows: ["CI"] types: [completed] +permissions: + contents: read + checks: write # For the check run creation ! + jobs: upload: - name: Upload + name: Coverage permissions: contents: read checks: write # For the check run creation ! diff --git a/.github/workflows/pre-check-CI-updates.yml b/.github/workflows/pre-check-CI-updates.yml index 701bf0c..4dde12e 100644 --- a/.github/workflows/pre-check-CI-updates.yml +++ b/.github/workflows/pre-check-CI-updates.yml @@ -12,11 +12,13 @@ on: branches: [master] # Only for PR targeting master branch paths: # /!\ Duplicate the same list as `on.pull_request.paths-ignore` property value for CI workflow ! - '.github/workflows/pre-check-CI-updates.yml' # This workflow - - '.github/workflows/CI.yml' - - '.github/workflows/coverage-upload.yml' - '.github/workflows/reusable-CI-workflow.yml' - '.github/workflows/reusable-coverage-upload-workflow.yml' +permissions: + contents: read + checks: write # For the check run creation ! + concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true @@ -29,7 +31,7 @@ jobs: uses: ./.github/workflows/reusable-CI-workflow.yml upload: - name: Upload + name: Coverage needs: [tests] permissions: contents: read diff --git a/.github/workflows/reusable-CI-workflow.yml b/.github/workflows/reusable-CI-workflow.yml index 5a1320b..58c1798 100644 --- a/.github/workflows/reusable-CI-workflow.yml +++ b/.github/workflows/reusable-CI-workflow.yml @@ -3,85 +3,127 @@ name: 'CI reusable workflow' on: workflow_call: +permissions: + contents: read + env: + COMPOSER_PREFER_STABLE: '1' TEST_OUTPUT_STYLE: pretty - COMPOSER_OPTIONS: --optimize-autoloader jobs: + fetch-supported-versions: + name: Fetch supported versions + runs-on: ubuntu-latest + permissions: + contents: read + outputs: + php-min: ${{ steps.fetch-php-versions.outputs.min }} + php-max: ${{ steps.fetch-php-versions.outputs.max }} + php-next: ${{ steps.fetch-php-versions.outputs.next }} + symfony-min: ${{ steps.fetch-symfony-versions.outputs.min }} + symfony-max: ${{ steps.fetch-symfony-versions.outputs.max }} + symfony-next: ${{ steps.fetch-symfony-versions.outputs.next }} + steps: + - name: Fetch supported versions file + id: fetch-file + uses: yoanm/gha-supported-versions-parser/github-downloader@v1 + with: + file-path: .github/workflows/supported-versions.json + + - name: Fetch PHP supported versions + id: fetch-php-versions + uses: yoanm/gha-supported-versions-parser@v1 + with: + path: ${{ steps.fetch-file.outputs.path }} + dependency: php + + - name: Fetch Symfony supported versions + id: fetch-symfony-versions + uses: yoanm/gha-supported-versions-parser@v1 + with: + path: ${{ steps.fetch-file.outputs.path }} + dependency: symfony + tests: - name: PHP ${{ matrix.php-version }} & Symfony ${{ matrix.symfony-version }} + name: ${{ matrix.job-name }} + needs: [fetch-supported-versions] runs-on: ubuntu-latest + permissions: + contents: read env: COVERAGE_TYPE: none + COVERAGE_OUTPUT_STYLE: clover strategy: fail-fast: true - max-parallel: 4 matrix: include: - # Bare minimum => Lowest versions allowed by composer config - - symfony-version: '4.4' - php-version: '8.0' - composer-flag: --prefer-lowest - # Up to date versions => Latest versions allowed by composer config - - symfony-version: '5.4' - php-version: '8.2' - # Late symfony migration => Lowest symfony version with latest minor php version allowed by composer config - - symfony-version: '4.4' - php-version: '8.2' - composer-flag: --prefer-lowest - # Late php migration => Latest symfony version with lowest minor php version allowed by composer config - - symfony-version: '5.4' - php-version: '8.0' - # Symfony 6.0 latest - - symfony-version: '6.0' - php-version: '8.2' - # Symfony 6.0 lowest - - symfony-version: '6.0' - php-version: '8.0' - composer-flag: --prefer-lowest + - job-name: Up to date versions # => Highest versions allowed by composer config + php-version: '${{ needs.fetch-supported-versions.outputs.php-max }}' + symfony-version: '${{ needs.fetch-supported-versions.outputs.symfony-max }}' + ## Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 + - job-name: Up to date versions - Special case - Symfony 5.4 + php-version: '${{ needs.fetch-supported-versions.outputs.php-max }}' + symfony-version: '5.4' + ## Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 + - job-name: Bare minimum # => Lowest versions allowed by composer config + php-version: '${{ needs.fetch-supported-versions.outputs.php-min }}' + symfony-version: '${{ needs.fetch-supported-versions.outputs.symfony-min }}' + - job-name: Bare minimum - Special case - Symfony 5.4 + php-version: '${{ needs.fetch-supported-versions.outputs.php-min }}' + symfony-version: '5.4' + - job-name: Late migration - PHP # => Highest symfony version with lowest php version allowed by composer config + # Fix - Sf 6.4 require php 8.1 minimum ! + php-version: ${{ ( needs.fetch-supported-versions.outputs.symfony-max == '6.4' && needs.fetch-supported-versions.outputs.php-min == '8.0' ) && '8.1' || needs.fetch-supported-versions.outputs.php-min }} + symfony-version: '${{ needs.fetch-supported-versions.outputs.symfony-max }}' + - job-name: Late migration - Symfony # => Lowest symfony version with highest php version allowed by composer config + php-version: '${{ needs.fetch-supported-versions.outputs.php-max }}' + symfony-version: '${{ needs.fetch-supported-versions.outputs.symfony-min }}' + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 steps: - name: Check out code uses: actions/checkout@v4 + # Enable coverage only for specific version(s) ! + # Usually highest version(s), plus additional ones in case of code used only with specific versions - name: Enable coverage - if: ${{ matrix.php-version == '8.2' }} + if: ${{ matrix.php-version == needs.fetch-supported-versions.outputs.php-max }} run: | - echo "COVERAGE_OUTPUT_STYLE=clover" >> $GITHUB_ENV echo "COVERAGE_TYPE=xdebug" >> $GITHUB_ENV - name: Setup PHP ${{ matrix.php-version }} + id: setup-php uses: shivammathur/setup-php@v2 env: - update: true # Always use latest available patch for the version + update: true # whether to use latest available patch for the version or not fail-fast: true # step will fail if an extension or tool fails to set up with: - php-version: '${{ matrix.php-version }}' + php-version: ${{ matrix.php-version }} tools: composer coverage: ${{ env.COVERAGE_TYPE }} - - name: Setup cache - id: cache + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Setup cache for PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ matrix.symfony-version }} uses: actions/cache@v4 with: path: | - ~/.composer - ./vendor - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ matrix.php-version }}-${{ matrix.symfony-version }}-${{ matrix.composer-flag }}-${{ hashFiles('composer.json') }} + ${{ steps.composer-cache.outputs.dir }} + # Clear the cache if composer.json (as composer.lock is not available) has been updated + key: tests-php${{ steps.setup-php.outputs.php-version }}-sf${{ matrix.symfony-version }}-${{ hashFiles('composer.json') }} - - name: Build + - name: Build with PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ matrix.symfony-version }} run: | - SF_VERSION=${{ matrix.symfony-version }} - # Issue with ParamterBag below 4.4.30 => https://github.com/symfony/symfony/commit/3eca446b21607ea1c7a865ece2dd8254c33679cc - test '${{ matrix.symfony-version }}' = '4.4' && test '${{ matrix.php-version }}' = '8.2' && SF_VERSION=4.4.30 - composer require -W ${{ env.COMPOSER_OPTIONS }} ${{ matrix.composer-flag }} \ - symfony/config:^$SF_VERSION \ - symfony/dependency-injection:^$SF_VERSION \ - symfony/http-kernel:^$SF_VERSION \ - symfony/event-dispatcher:^$SF_VERSION \ - symfony/framework-bundle:^$SF_VERSION \ - symfony/routing:^$SF_VERSION \ - && composer update ${{ env.COMPOSER_OPTIONS }} ${{ matrix.composer-flag }} \ + SF_CONSTRAINT="~${{ matrix.symfony-version }}.0" + composer require -W \ + symfony/config:${SF_CONSTRAINT} \ + symfony/dependency-injection:${SF_CONSTRAINT} \ + symfony/http-kernel:${SF_CONSTRAINT} \ + ${{ matrix.pkg-extra-constraints }} \ && make build - name: Tests @@ -89,8 +131,7 @@ jobs: - name: Create "unit tests" reports group if: ${{ env.COVERAGE_TYPE == 'xdebug' }} - id: unit-tests-coverage-group - uses: yoanm/temp-reports-group-workspace/gha-create@v0 + uses: yoanm/temp-reports-group-workspace/create-group@v0 with: name: unit-tests format: clover @@ -101,10 +142,9 @@ jobs: sf-${{ matrix.symfony-version }} path: build/coverage-groups - - name: Create "functional tests" coverage group + - name: Create "functional tests" reports group if: ${{ env.COVERAGE_TYPE == 'xdebug' }} - id: functional-tests-coverage-group - uses: yoanm/temp-reports-group-workspace/gha-create@v0 + uses: yoanm/temp-reports-group-workspace/create-group@v0 with: name: functional-tests format: clover @@ -121,37 +161,53 @@ jobs: if: ${{ env.COVERAGE_TYPE == 'xdebug' }} uses: actions/upload-artifact@v4 with: - name: coverage-groups-php${{ matrix.php-version }}-sf${{ matrix.symfony-version }} + name: coverage-groups-php${{ steps.setup-php.outputs.php-version }}-sf${{ matrix.symfony-version }} path: build/coverage-groups if-no-files-found: error static-checks: name: Static analysis + needs: [fetch-supported-versions] runs-on: ubuntu-latest + permissions: + contents: read + env: + PHP_VERSION: ${{ needs.fetch-supported-versions.outputs.php-max }} + SYMFONY_VERSION: ${{ needs.fetch-supported-versions.outputs.symfony-max }} steps: - uses: actions/checkout@v4 - - name: Setup PHP 8.2 + - name: Setup PHP ${{ env.PHP_VERSION }} + id: setup-php uses: shivammathur/setup-php@v2 + env: + update: true # Always use latest available patch for the version + fail-fast: true # step will fail if an extension or tool fails to set up with: - php-version: 8.2 # Latest supported + php-version: ${{ env.PHP_VERSION }} tools: composer coverage: none - env: - # Always use latest available patch for the version - update: true - - name: Setup cache - id: cache + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Setup cache for PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ env.SYMFONY_VERSION }} uses: actions/cache@v4 with: path: | - ~/.composer - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ env.PHP_VERSION }}-${{ hashFiles('composer.json') }} + ${{ steps.composer-cache.outputs.dir }} + # Clear the cache if composer.json (as composer.lock is not available) has been updated + key: tests-php${{ steps.setup-php.outputs.php-version }}-sf${{ env.SYMFONY_VERSION }}-${{ hashFiles('composer.json') }} - - name: Build - run: make build + - name: Build with PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ env.SYMFONY_VERSION }} + run: | + SF_CONSTRAINT="~${{ env.SYMFONY_VERSION }}.0" + composer require -W \ + symfony/config:${SF_CONSTRAINT} \ + symfony/dependency-injection:${SF_CONSTRAINT} \ + symfony/http-kernel:${SF_CONSTRAINT} \ + && make build - name: ComposerRequireChecker uses: docker://webfactory/composer-require-checker:4.5.0 @@ -161,61 +217,77 @@ jobs: uses: actions/dependency-review-action@v4 nightly-tests: - name: Nightly - PHP ${{ matrix.php-version }} & Symfony ${{ matrix.symfony-version }} + name: Nightly - ${{ matrix.job-name }} + needs: [ fetch-supported-versions, tests ] + if: ${{ github.event_name == 'push' || ( github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'with-nightly-tests') ) }} runs-on: ubuntu-latest - env: - COMPOSER_OPTIONS: '--optimize-autoloader --ignore-platform-req=php+' continue-on-error: true - needs: [ static-checks, tests ] + permissions: + contents: read + env: + COMPOSER_IGNORE_PLATFORM_REQ: 'php+' strategy: fail-fast: false - max-parallel: 4 matrix: - php-version: - - '8.3' # Current php dev version - symfony-version: - - '4.4' # Lowest LTS - - '5.4' # Latest LTS - - '6.0' # Current major version include: - - symfony-version: '6.3' # Next symfony minor version to manage with latest supported PHP version - php-version: '8.2' + - job-name: PHP - With highest supported Symfony versions + php-version: ${{ needs.fetch-supported-versions.outputs.php-next }} + symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-max }} + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 + - job-name: PHP - With lowest supported Symfony versions + php-version: ${{ needs.fetch-supported-versions.outputs.php-next }} + symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-min }} + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 + - job-name: Symfony - With highest supported PHP version + php-version: ${{ needs.fetch-supported-versions.outputs.php-max }} + symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-next }} + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 + - job-name: Symfony - With lowest supported PHP version + # Fix - Sf 7.0 require php 8.1 minimum, most of deps require 8.2 ! + php-version: ${{ ( needs.fetch-supported-versions.outputs.symfony-next == '6.3' && needs.fetch-supported-versions.outputs.php-min == '8.0' ) && '8.1' || needs.fetch-supported-versions.outputs.php-min }} + symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-next }} + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 steps: - name: Check out code uses: actions/checkout@v4 - name: Setup PHP ${{ matrix.php-version }} + id: setup-php uses: shivammathur/setup-php@v2 + env: + update: true # whether to use latest available patch for the version or not + fail-fast: true # step will fail if an extension or tool fails to set up with: - php-version: '${{ matrix.php-version }}' + php-version: ${{ matrix.php-version }} tools: composer coverage: none - env: - # Always use latest available patch for the version - update: true - - name: Setup cache - id: cache + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Setup cache for PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ matrix.symfony-version }} uses: actions/cache@v4 with: path: | - ~/.composer - ./vendor - # Clear the cache if composer json (as composer.lock is in the repo) has been updated - key: tests-${{ matrix.php-version }}-${{ matrix.symfony-version }}-${{ hashFiles('composer.json') }} + ${{ steps.composer-cache.outputs.dir }} + # Clear the cache if composer.json (as composer.lock is not available) has been updated + key: tests-php${{ steps.setup-php.outputs.php-version }}-sf${{ matrix.symfony-version }}-${{ hashFiles('composer.json') }} - - name: Build + - name: Build with PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ matrix.symfony-version }} run: | + SF_CONSTRAINT="~${{ matrix.symfony-version }}.0@dev" composer config minimum-stability dev \ - && composer require -W ${{ env.COMPOSER_OPTIONS }} \ - symfony/config:^${{ matrix.symfony-version }} \ - symfony/dependency-injection:^${{ matrix.symfony-version }} \ - symfony/http-kernel:^${{ matrix.symfony-version }} \ - symfony/event-dispatcher:^${{ matrix.symfony-version }} \ - symfony/framework-bundle:^${{ matrix.symfony-version }} \ - symfony/routing:^${{ matrix.symfony-version }} \ - && composer update ${{ env.COMPOSER_OPTIONS }} \ + && composer require -W \ + symfony/config:${SF_CONSTRAINT} \ + symfony/dependency-injection:${SF_CONSTRAINT} \ + symfony/http-kernel:${SF_CONSTRAINT} \ + ${{ matrix.pkg-extra-constraints }} \ && make build - name: Test diff --git a/.github/workflows/reusable-coverage-upload-workflow.yml b/.github/workflows/reusable-coverage-upload-workflow.yml index f9b26b5..9719564 100644 --- a/.github/workflows/reusable-coverage-upload-workflow.yml +++ b/.github/workflows/reusable-coverage-upload-workflow.yml @@ -8,6 +8,10 @@ on: CODECOV_TOKEN: required: true +permissions: + contents: read + checks: write # For the check run creation ! + jobs: fetch-info: name: Fetch triggering workflow metadata @@ -17,12 +21,12 @@ jobs: checks: write # For the check run creation ! steps: - name: 'Check run ○' - uses: yoanm/temp-reports-group-workspace/gha-attach-check-run-to-triggering-workflow@v0 + uses: yoanm/temp-reports-group-workspace/utils/attach-check-run-to-triggering-workflow@v0 with: - name: 'Fetch coverage info' + name: 'Fetch triggering workflow metadata' fails-on-triggering-workflow-failure: true - - uses: yoanm/temp-reports-group-workspace/gha-fetch-workflow-metadata@v0 + - uses: yoanm/temp-reports-group-workspace/utils/fetch-workflow-metadata@v0 id: fetch-workflow-metadata outputs: diff --git a/.github/workflows/supported-versions.json b/.github/workflows/supported-versions.json new file mode 100644 index 0000000..7ff4a2a --- /dev/null +++ b/.github/workflows/supported-versions.json @@ -0,0 +1,4 @@ +{ + "php": {"min": "8.0", "max": "8.2", "next": "8.3"}, + "symfony": {"min": "4.4", "max": "6.0", "next": "6.3"} +} diff --git a/composer.json b/composer.json index 2b5fabf..2e1438f 100644 --- a/composer.json +++ b/composer.json @@ -39,7 +39,7 @@ "yoanm/symfony-jsonrpc-http-server-doc": "^1.1" }, "require-dev": { - "behat/behat": "^3.9.0", + "behat/behat": "^3.9.0,<=3.16.1", "dvdoug/behat-code-coverage": "^5.0", "matthiasnoback/symfony-config-test": "^4.0", "matthiasnoback/symfony-dependency-injection-test": "^4.0",