From 7c1a51185a645a6418d4fbc221c56e0548f9e7e5 Mon Sep 17 00:00:00 2001 From: Yoanm <4410697+yoanm@users.noreply.github.com> Date: Sun, 31 Aug 2025 17:37:48 +0200 Subject: [PATCH 1/6] Revert "Fix Nightly check run name (#109)" This reverts commit d013a968352c03686f2259fa30b567ba7a5f0730. --- .github/workflows/CI.yml | 3 --- .github/workflows/auto-merge-dependabot.yml | 3 --- .github/workflows/coverage-upload.yml | 4 ---- .github/workflows/nightly-tests.yml | 8 ++------ .github/workflows/pre-check-CI-updates.yml | 5 ----- .github/workflows/reusable-nightly-tests-workflow.yml | 4 ++-- 6 files changed, 4 insertions(+), 23 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index be1cfbb..945bf25 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -21,9 +21,6 @@ on: # Build any PRs and main branch changes schedule: - cron: '0 0 1 * *' # Every month -permissions: - contents: read - concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml index 72e796a..aeb7eb7 100644 --- a/.github/workflows/auto-merge-dependabot.yml +++ b/.github/workflows/auto-merge-dependabot.yml @@ -8,9 +8,6 @@ permissions: jobs: dependabot: runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'yoanm/symfony-jsonrpc-http-server' steps: - name: Dependabot metadata diff --git a/.github/workflows/coverage-upload.yml b/.github/workflows/coverage-upload.yml index 1aeac5c..9428e0d 100644 --- a/.github/workflows/coverage-upload.yml +++ b/.github/workflows/coverage-upload.yml @@ -4,10 +4,6 @@ on: workflows: ["CI"] types: [completed] -permissions: - contents: read - checks: write # For the check run creation ! - jobs: upload: name: Upload diff --git a/.github/workflows/nightly-tests.yml b/.github/workflows/nightly-tests.yml index 3018c9e..fe8e177 100644 --- a/.github/workflows/nightly-tests.yml +++ b/.github/workflows/nightly-tests.yml @@ -4,13 +4,9 @@ on: workflows: ["CI"] types: [completed] -permissions: - contents: read - checks: write # For the check run creation ! - jobs: - tests: - name: Tests + nightly: + name: Nightly permissions: contents: read checks: write # For the check run creation ! diff --git a/.github/workflows/pre-check-CI-updates.yml b/.github/workflows/pre-check-CI-updates.yml index 0c1d18c..35cbda9 100644 --- a/.github/workflows/pre-check-CI-updates.yml +++ b/.github/workflows/pre-check-CI-updates.yml @@ -19,11 +19,6 @@ on: - '.github/workflows/reusable-nightly-tests-workflow.yml' - '.github/workflows/auto-merge-dependabot.yml' - -permissions: - contents: read - checks: write # For the check run creation ! - concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true diff --git a/.github/workflows/reusable-nightly-tests-workflow.yml b/.github/workflows/reusable-nightly-tests-workflow.yml index f7f3984..87dbd86 100644 --- a/.github/workflows/reusable-nightly-tests-workflow.yml +++ b/.github/workflows/reusable-nightly-tests-workflow.yml @@ -36,7 +36,7 @@ jobs: - name: 'Check run ○' uses: yoanm/temp-reports-group-workspace/utils/attach-check-run-to-triggering-workflow@v0 with: - name: 'Nightly / Fetch supported versions' + name: 'Fetch supported versions' fails-on-triggering-workflow-failure: true - name: Fetch PHP supported versions @@ -97,7 +97,7 @@ jobs: - name: 'Check run ○' uses: yoanm/temp-reports-group-workspace/utils/attach-check-run-to-triggering-workflow@v0 with: - name: 'Nightly / ${{ matrix.job-name }}' + name: ${{ matrix.job-name }} fails-on-triggering-workflow-failure: true - name: Check out code From ac36f0291565c2f8ed1ca6d3282351e87191e8bd Mon Sep 17 00:00:00 2001 From: Yoanm <4410697+yoanm@users.noreply.github.com> Date: Sun, 31 Aug 2025 17:45:27 +0200 Subject: [PATCH 2/6] Revert "Split nightly tests (#108)" This reverts commit 62280ec61aa40c8cb6626d50d83aa908efb583b4. --- .github/workflows/CI.yml | 1 - .github/workflows/nightly-tests.yml | 13 -- .github/workflows/pre-check-CI-updates.yml | 9 -- .github/workflows/reusable-CI-workflow.yml | 89 +++++++++-- .../reusable-coverage-upload-workflow.yml | 4 - .../reusable-nightly-tests-workflow.yml | 145 ------------------ 6 files changed, 78 insertions(+), 183 deletions(-) delete mode 100644 .github/workflows/nightly-tests.yml delete mode 100644 .github/workflows/reusable-nightly-tests-workflow.yml diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 945bf25..496d258 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -14,7 +14,6 @@ on: # Build any PRs and main branch changes - '.github/workflows/coverage-upload.yml' - '.github/workflows/reusable-CI-workflow.yml' - '.github/workflows/reusable-coverage-upload-workflow.yml' - - '.github/workflows/reusable-nightly-tests-workflow.yml' - '.github/workflows/auto-merge-dependabot.yml' push: branches: [ master ] diff --git a/.github/workflows/nightly-tests.yml b/.github/workflows/nightly-tests.yml deleted file mode 100644 index fe8e177..0000000 --- a/.github/workflows/nightly-tests.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: 'Nightly' -on: - workflow_run: - workflows: ["CI"] - types: [completed] - -jobs: - nightly: - name: Nightly - permissions: - contents: read - checks: write # For the check run creation ! - uses: ./.github/workflows/reusable-nightly-tests-workflow.yml diff --git a/.github/workflows/pre-check-CI-updates.yml b/.github/workflows/pre-check-CI-updates.yml index 35cbda9..c5f007c 100644 --- a/.github/workflows/pre-check-CI-updates.yml +++ b/.github/workflows/pre-check-CI-updates.yml @@ -16,7 +16,6 @@ on: - '.github/workflows/coverage-upload.yml' - '.github/workflows/reusable-CI-workflow.yml' - '.github/workflows/reusable-coverage-upload-workflow.yml' - - '.github/workflows/reusable-nightly-tests-workflow.yml' - '.github/workflows/auto-merge-dependabot.yml' concurrency: @@ -30,14 +29,6 @@ jobs: contents: read uses: ./.github/workflows/reusable-CI-workflow.yml - nightly: - name: Nightly - needs: [tests] - permissions: - contents: read - checks: write # For the check run creation ! - uses: ./.github/workflows/reusable-nightly-tests-workflow.yml - upload: name: Upload needs: [tests] diff --git a/.github/workflows/reusable-CI-workflow.yml b/.github/workflows/reusable-CI-workflow.yml index 607ca09..8d11e7e 100644 --- a/.github/workflows/reusable-CI-workflow.yml +++ b/.github/workflows/reusable-CI-workflow.yml @@ -7,16 +7,10 @@ env: COMPOSER_PREFER_STABLE: '1' TEST_OUTPUT_STYLE: pretty - -permissions: - contents: read - jobs: fetch-supported-versions: name: Fetch supported versions runs-on: ubuntu-latest - permissions: - contents: read outputs: php-min: ${{ steps.fetch-php-versions.outputs.min }} php-max: ${{ steps.fetch-php-versions.outputs.max }} @@ -31,7 +25,6 @@ jobs: with: dependency: php path: .github/workflows/supported-versions.json - - name: Fetch Symfony supported versions id: fetch-symfony-versions uses: yoanm/gha-supported-versions-parser@feature/init @@ -43,8 +36,6 @@ jobs: name: ${{ matrix.job-name }} needs: [fetch-supported-versions] runs-on: ubuntu-latest - permissions: - contents: read env: COVERAGE_TYPE: none COVERAGE_OUTPUT_STYLE: clover @@ -166,8 +157,6 @@ jobs: name: Static analysis needs: [fetch-supported-versions] runs-on: ubuntu-latest - permissions: - contents: read env: PHP_VERSION: ${{ needs.fetch-supported-versions.outputs.php-max }} SYMFONY_VERSION: ${{ needs.fetch-supported-versions.outputs.symfony-max }} @@ -214,3 +203,81 @@ jobs: - name: Dependencies check if: ${{ github.event_name == 'pull_request' }} uses: actions/dependency-review-action@v4 + + nightly-tests: + name: Nightly - ${{ matrix.job-name }} + needs: [ fetch-supported-versions, tests ] + runs-on: ubuntu-latest + continue-on-error: true + env: + COMPOSER_IGNORE_PLATFORM_REQ: 'php+' + strategy: + fail-fast: false + matrix: + include: + - job-name: PHP - With highest supported Symfony versions + php-version: ${{ needs.fetch-supported-versions.outputs.php-next }} + symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-max }} + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 + - job-name: PHP - With lowest supported Symfony versions + php-version: ${{ needs.fetch-supported-versions.outputs.php-next }} + symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-min }} + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + pkg-extra-constraints: behat/gherkin:~4.12.0 + - job-name: Symfony - With highest supported PHP version + php-version: ${{ needs.fetch-supported-versions.outputs.php-max }} + symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-next }} + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + # Fix - symfony/framework-bundle - Framework bundle <7.0 require php 8.1 minimum ! + pkg-extra-constraints: behat/gherkin:~4.12.0 ${{ ( needs.fetch-supported-versions.outputs.symfony-next == '7.0' && needs.fetch-supported-versions.outputs.php-max == '8.4' ) && 'symfony/framework-bundle:~7.0.0@dev' || '' }} + - job-name: Symfony - With lowest supported PHP version + # Fix - Sf 7.0 require php 8.1 minimum, most of deps require 8.2 ! + php-version: ${{ ( needs.fetch-supported-versions.outputs.symfony-next == '7.0' && needs.fetch-supported-versions.outputs.php-min == '8.0' ) && '8.2' || needs.fetch-supported-versions.outputs.php-min }} + symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-next }} + # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) + # Fix - symfony/framework-bundle - Framework bundle <7.0 require php 8.1 minimum ! + pkg-extra-constraints: behat/gherkin:~4.12.0 ${{ ( needs.fetch-supported-versions.outputs.symfony-next == '7.0' && needs.fetch-supported-versions.outputs.php-min == '8.0' ) && 'symfony/framework-bundle:~7.0.0@dev' || '' }} + + steps: + - name: Check out code + uses: actions/checkout@v5 + + - name: Setup PHP ${{ matrix.php-version }} + id: setup-php + uses: shivammathur/setup-php@v2 + env: + update: true # whether to use latest available patch for the version or not + fail-fast: true # step will fail if an extension or tool fails to set up + with: + php-version: ${{ matrix.php-version }} + tools: composer + coverage: none + + - name: Get composer cache directory + id: composer-cache + run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT + + - name: Setup cache for PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ matrix.symfony-version }} + uses: actions/cache@v4 + with: + path: | + ${{ steps.composer-cache.outputs.dir }} + # Clear the cache if composer.json (as composer.lock is not available) has been updated + key: tests-php${{ steps.setup-php.outputs.php-version }}-sf${{ matrix.symfony-version }}-${{ hashFiles('composer.json') }} + + - name: Build with PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ matrix.symfony-version }} + run: | + SF_CONSTRAINT="~${{ matrix.symfony-version }}.0@dev" + composer config minimum-stability dev \ + && composer require -W \ + symfony/config:${SF_CONSTRAINT} \ + symfony/dependency-injection:${SF_CONSTRAINT} \ + symfony/event-dispatcher:${SF_CONSTRAINT} \ + symfony/http-foundation:${SF_CONSTRAINT} \ + symfony/http-kernel:${SF_CONSTRAINT} \ + ${{ matrix.pkg-extra-constraints }} \ + && make build + + - name: Test + run: make test-unit && make test-functional diff --git a/.github/workflows/reusable-coverage-upload-workflow.yml b/.github/workflows/reusable-coverage-upload-workflow.yml index e581567..d246690 100644 --- a/.github/workflows/reusable-coverage-upload-workflow.yml +++ b/.github/workflows/reusable-coverage-upload-workflow.yml @@ -8,10 +8,6 @@ on: CODECOV_TOKEN: required: true -permissions: - contents: read - checks: write # For the check run creation ! - jobs: fetch-info: name: Fetch triggering workflow metadata diff --git a/.github/workflows/reusable-nightly-tests-workflow.yml b/.github/workflows/reusable-nightly-tests-workflow.yml deleted file mode 100644 index 87dbd86..0000000 --- a/.github/workflows/reusable-nightly-tests-workflow.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: 'Nightly reusable workflow' - -on: - workflow_call: - inputs: - ref: - description: Reference in order to fetch code - type: string - required: false - default: "${{ github.event.workflow_run && github.event.workflow_run.referenced_workflows[0] && github.event.workflow_run.referenced_workflows[0].ref || github.ref }}" - -env: - COMPOSER_PREFER_STABLE: '1' - TEST_OUTPUT_STYLE: pretty - - -permissions: - contents: read - checks: write # For the check run creation ! - -jobs: - fetch-supported-versions: - name: Fetch supported versions - runs-on: ubuntu-latest - permissions: - contents: read - checks: write # For the check run creation ! - outputs: - php-min: ${{ steps.fetch-php-versions.outputs.min }} - php-max: ${{ steps.fetch-php-versions.outputs.max }} - php-next: ${{ steps.fetch-php-versions.outputs.next }} - symfony-min: ${{ steps.fetch-symfony-versions.outputs.min }} - symfony-max: ${{ steps.fetch-symfony-versions.outputs.max }} - symfony-next: ${{ steps.fetch-symfony-versions.outputs.next }} - steps: - - name: 'Check run ○' - uses: yoanm/temp-reports-group-workspace/utils/attach-check-run-to-triggering-workflow@v0 - with: - name: 'Fetch supported versions' - fails-on-triggering-workflow-failure: true - - - name: Fetch PHP supported versions - id: fetch-php-versions - uses: yoanm/gha-supported-versions-parser@feature/init - with: - path: .github/workflows/supported-versions.json - dependency: php - ref: "${{ inputs.ref }}" - - - name: Fetch Symfony supported versions - id: fetch-symfony-versions - uses: yoanm/gha-supported-versions-parser@feature/init - with: - path: .github/workflows/supported-versions.json - dependency: symfony - ref: "${{ inputs.ref }}" - - tests: - name: ${{ matrix.job-name }} - needs: [ fetch-supported-versions ] - runs-on: ubuntu-latest - continue-on-error: true - permissions: - contents: read - checks: write # For the check run creation ! - env: - COMPOSER_IGNORE_PLATFORM_REQ: 'php+' - strategy: - fail-fast: false - matrix: - include: - - job-name: PHP - With highest supported Symfony versions - php-version: ${{ needs.fetch-supported-versions.outputs.php-next }} - symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-max }} - # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) - pkg-extra-constraints: behat/gherkin:~4.12.0 - - job-name: PHP - With lowest supported Symfony versions - php-version: ${{ needs.fetch-supported-versions.outputs.php-next }} - symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-min }} - # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) - pkg-extra-constraints: behat/gherkin:~4.12.0 - - job-name: Symfony - With highest supported PHP version - php-version: ${{ needs.fetch-supported-versions.outputs.php-max }} - symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-next }} - # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) - # Fix - symfony/framework-bundle - Framework bundle <7.0 require php 8.1 minimum ! - pkg-extra-constraints: behat/gherkin:~4.12.0 ${{ ( needs.fetch-supported-versions.outputs.symfony-next == '7.0' && needs.fetch-supported-versions.outputs.php-max == '8.4' ) && 'symfony/framework-bundle:~7.0.0@dev' || '' }} - - job-name: Symfony - With lowest supported PHP version - # Fix - Sf 7.0 require php 8.1 minimum, most of deps require 8.2 ! - php-version: ${{ ( needs.fetch-supported-versions.outputs.symfony-next == '7.0' && needs.fetch-supported-versions.outputs.php-min == '8.0' ) && '8.2' || needs.fetch-supported-versions.outputs.php-min }} - symfony-version: ${{ needs.fetch-supported-versions.outputs.symfony-next }} - # Fix - behat/gherkin => Avoid issue with behat <-> gherkin packages (See https://github.com/Behat/Gherkin/issues/317) - # Fix - symfony/framework-bundle - Framework bundle <7.0 require php 8.1 minimum ! - pkg-extra-constraints: behat/gherkin:~4.12.0 ${{ ( needs.fetch-supported-versions.outputs.symfony-next == '7.0' && needs.fetch-supported-versions.outputs.php-min == '8.0' ) && 'symfony/framework-bundle:~7.0.0@dev' || '' }} - - steps: - - name: 'Check run ○' - uses: yoanm/temp-reports-group-workspace/utils/attach-check-run-to-triggering-workflow@v0 - with: - name: ${{ matrix.job-name }} - fails-on-triggering-workflow-failure: true - - - name: Check out code - uses: actions/checkout@v5 - with: - ref: "${{ inputs.ref }}" - - - name: Setup PHP ${{ matrix.php-version }} - id: setup-php - uses: shivammathur/setup-php@v2 - env: - update: true # whether to use latest available patch for the version or not - fail-fast: true # step will fail if an extension or tool fails to set up - with: - php-version: ${{ matrix.php-version }} - tools: composer - coverage: none - - - name: Get composer cache directory - id: composer-cache - run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - - - name: Setup cache for PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ matrix.symfony-version }} - uses: actions/cache@v4 - with: - path: | - ${{ steps.composer-cache.outputs.dir }} - # Clear the cache if composer.json (as composer.lock is not available) has been updated - key: tests-php${{ steps.setup-php.outputs.php-version }}-sf${{ matrix.symfony-version }}-${{ hashFiles('composer.json') }} - - - name: Build with PHP ${{ steps.setup-php.outputs.php-version }} & Symfony ${{ matrix.symfony-version }} - run: | - SF_CONSTRAINT="~${{ matrix.symfony-version }}.0@dev" - composer config minimum-stability dev \ - && composer require -W \ - symfony/config:${SF_CONSTRAINT} \ - symfony/dependency-injection:${SF_CONSTRAINT} \ - symfony/event-dispatcher:${SF_CONSTRAINT} \ - symfony/http-foundation:${SF_CONSTRAINT} \ - symfony/http-kernel:${SF_CONSTRAINT} \ - ${{ matrix.pkg-extra-constraints }} \ - && make build - - - name: Test - run: make test-unit && make test-functional From 31c54b80b2a5a1e64e84718345f9ec94d8431460 Mon Sep 17 00:00:00 2001 From: Yoanm <4410697+yoanm@users.noreply.github.com> Date: Sun, 31 Aug 2025 17:49:08 +0200 Subject: [PATCH 3/6] Keep the good --- .github/workflows/CI.yml | 3 +++ .github/workflows/auto-merge-dependabot.yml | 3 +++ .github/workflows/coverage-upload.yml | 4 ++++ .github/workflows/pre-check-CI-updates.yml | 4 ++++ .github/workflows/reusable-CI-workflow.yml | 13 +++++++++++++ .../workflows/reusable-coverage-upload-workflow.yml | 4 ++++ 6 files changed, 31 insertions(+) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 496d258..3d4649b 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -20,6 +20,9 @@ on: # Build any PRs and main branch changes schedule: - cron: '0 0 1 * *' # Every month +permissions: + contents: read + concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml index aeb7eb7..72e796a 100644 --- a/.github/workflows/auto-merge-dependabot.yml +++ b/.github/workflows/auto-merge-dependabot.yml @@ -8,6 +8,9 @@ permissions: jobs: dependabot: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'yoanm/symfony-jsonrpc-http-server' steps: - name: Dependabot metadata diff --git a/.github/workflows/coverage-upload.yml b/.github/workflows/coverage-upload.yml index 9428e0d..1aeac5c 100644 --- a/.github/workflows/coverage-upload.yml +++ b/.github/workflows/coverage-upload.yml @@ -4,6 +4,10 @@ on: workflows: ["CI"] types: [completed] +permissions: + contents: read + checks: write # For the check run creation ! + jobs: upload: name: Upload diff --git a/.github/workflows/pre-check-CI-updates.yml b/.github/workflows/pre-check-CI-updates.yml index c5f007c..f67f2e2 100644 --- a/.github/workflows/pre-check-CI-updates.yml +++ b/.github/workflows/pre-check-CI-updates.yml @@ -18,6 +18,10 @@ on: - '.github/workflows/reusable-coverage-upload-workflow.yml' - '.github/workflows/auto-merge-dependabot.yml' +permissions: + contents: read + checks: write # For the check run creation ! + concurrency: group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true diff --git a/.github/workflows/reusable-CI-workflow.yml b/.github/workflows/reusable-CI-workflow.yml index 8d11e7e..1fd00da 100644 --- a/.github/workflows/reusable-CI-workflow.yml +++ b/.github/workflows/reusable-CI-workflow.yml @@ -3,6 +3,9 @@ name: 'CI reusable workflow' on: workflow_call: +permissions: + contents: read + env: COMPOSER_PREFER_STABLE: '1' TEST_OUTPUT_STYLE: pretty @@ -11,6 +14,8 @@ jobs: fetch-supported-versions: name: Fetch supported versions runs-on: ubuntu-latest + permissions: + contents: read outputs: php-min: ${{ steps.fetch-php-versions.outputs.min }} php-max: ${{ steps.fetch-php-versions.outputs.max }} @@ -25,6 +30,7 @@ jobs: with: dependency: php path: .github/workflows/supported-versions.json + - name: Fetch Symfony supported versions id: fetch-symfony-versions uses: yoanm/gha-supported-versions-parser@feature/init @@ -36,6 +42,8 @@ jobs: name: ${{ matrix.job-name }} needs: [fetch-supported-versions] runs-on: ubuntu-latest + permissions: + contents: read env: COVERAGE_TYPE: none COVERAGE_OUTPUT_STYLE: clover @@ -157,6 +165,8 @@ jobs: name: Static analysis needs: [fetch-supported-versions] runs-on: ubuntu-latest + permissions: + contents: read env: PHP_VERSION: ${{ needs.fetch-supported-versions.outputs.php-max }} SYMFONY_VERSION: ${{ needs.fetch-supported-versions.outputs.symfony-max }} @@ -209,6 +219,9 @@ jobs: needs: [ fetch-supported-versions, tests ] runs-on: ubuntu-latest continue-on-error: true + permissions: + contents: read + checks: write # For the check run creation ! env: COMPOSER_IGNORE_PLATFORM_REQ: 'php+' strategy: diff --git a/.github/workflows/reusable-coverage-upload-workflow.yml b/.github/workflows/reusable-coverage-upload-workflow.yml index d246690..e581567 100644 --- a/.github/workflows/reusable-coverage-upload-workflow.yml +++ b/.github/workflows/reusable-coverage-upload-workflow.yml @@ -8,6 +8,10 @@ on: CODECOV_TOKEN: required: true +permissions: + contents: read + checks: write # For the check run creation ! + jobs: fetch-info: name: Fetch triggering workflow metadata From bdb9b07f835d2ff84bfa2f079f094be84a8b1e97 Mon Sep 17 00:00:00 2001 From: Yoanm <4410697+yoanm@users.noreply.github.com> Date: Sun, 31 Aug 2025 17:54:38 +0200 Subject: [PATCH 4/6] Trigger nightly only for push and PR with specific label --- .github/workflows/reusable-CI-workflow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/reusable-CI-workflow.yml b/.github/workflows/reusable-CI-workflow.yml index 1fd00da..45e2ea8 100644 --- a/.github/workflows/reusable-CI-workflow.yml +++ b/.github/workflows/reusable-CI-workflow.yml @@ -217,6 +217,7 @@ jobs: nightly-tests: name: Nightly - ${{ matrix.job-name }} needs: [ fetch-supported-versions, tests ] + if: ${{ github.event_name == 'push' || ( github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'with-nightly-tests') ) }} runs-on: ubuntu-latest continue-on-error: true permissions: From b87641336bfa91866f768afce8528a0ebff732e9 Mon Sep 17 00:00:00 2001 From: Yoanm <4410697+yoanm@users.noreply.github.com> Date: Sun, 31 Aug 2025 17:55:16 +0200 Subject: [PATCH 5/6] Fix --- .github/workflows/reusable-CI-workflow.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/reusable-CI-workflow.yml b/.github/workflows/reusable-CI-workflow.yml index 45e2ea8..38c75c5 100644 --- a/.github/workflows/reusable-CI-workflow.yml +++ b/.github/workflows/reusable-CI-workflow.yml @@ -222,7 +222,6 @@ jobs: continue-on-error: true permissions: contents: read - checks: write # For the check run creation ! env: COMPOSER_IGNORE_PLATFORM_REQ: 'php+' strategy: From bf1389eeb7173324decc01cde1488d0e4ffa7e8f Mon Sep 17 00:00:00 2001 From: Yoanm <4410697+yoanm@users.noreply.github.com> Date: Sun, 31 Aug 2025 18:01:29 +0200 Subject: [PATCH 6/6] Trigger CI