Add GitHub workflows

- Composer validation. - Code validation. - Security checks. Signed-off-by: Dillon-Brown <[email protected]>
Dillon-Brown · Jun 14, 2021 · e0bd677 · e0bd677
1 parent b04fbf5
commit e0bd677
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 10 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -186,7 +186,7 @@ Dockerfile text eol=lf
 /php_cs.xml export-ignore
 /codacy.yml export-ignore
 /codeception.dist.yml export-ignore
-/.codecov.yml export-ignore
+/codecov.yml export-ignore
 /.php_cs.dist export-ignore
 /.travis.yml export-ignore
 travis.php.ini export-ignore

diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
@@ -0,0 +1,57 @@
+name: PHP Composer
+
+on:
+ push:
+ branches: [ master ]
+ pull_request:
+ branches: [ master ]
+
+jobs:
+ build:
+ name: Composer
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Validate composer.json and composer.lock
+ run: composer validate
+
+ - name: CodeCov validation check
+ run: curl --data-binary @codecov.yml https://codecov.io/validate
+
+ - name: Cache Composer packages
+ id: composer-cache
+ uses: actions/cache@v2
+ with:
+ path: vendor
+ key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+ restore-keys: |
+ ${{ runner.os }}-php-
+
+ - name: Install dependencies
+ run: composer install --prefer-dist --no-progress
+
+ code:
+ name: Code
+ runs-on: ubuntu-latest
+ steps:
+ - name: Code checkout
+ uses: actions/checkout@v2
+
+ - name: Lint PHP files
+ uses: overtrue/[email protected]
+
+ security:
+ name: Security
+ runs-on: ubuntu-latest
+ steps:
+ - name: Code checkout
+ uses: actions/checkout@v2
+
+ - name: DevSkim security scan
+ uses: microsoft/DevSkim-Action@v1
+
+ - name: Dependency vulnerability check
+ uses: symfonycorp/security-checker-action@v2
+ with:
+ disable-exit-code: 1
diff --git a/.phplint.yml b/.phplint.yml
@@ -0,0 +1,9 @@
+path: .
+jobs: 10
+cache: build/phplint.cache
+extensions:
+ - php
+exclude:
+ - vendor
+ - modules/AOS_PDF_Templates/PDF_Lib
+ - include/SugarObjects
diff --git a/.travis.yml b/.travis.yml
@@ -10,12 +10,6 @@ matrix:
  - name: "PHP 7.4 / MySQL 5.7"
  php: "7.4"
  dist: xenial
- # Run composer validate to make sure the composer.json and composer.lock are in sync.
- - name: "composer validate"
- php: "7.3"
- dist: xenial
- before_script: composer install
- script: composer validate
  - name: "code coverage"
  php: "7.4"
  dist: xenial
@@ -40,12 +34,9 @@ before_install:
  - wget https://chromedriver.storage.googleapis.com/2.36/chromedriver_linux64.zip
  - unzip -o chromedriver_linux64.zip
  - ./chromedriver --url-base=/wd/hub &
- # Lint PHP
- - for file in $(git diff --name-status HEAD~1 HEAD | egrep "^[ACMR].*\.php$" | cut -c 3-); do php -l $file; done
 
 install:
  - phpenv config-add travis.php.ini
- - composer self-update --stable && composer --version
 
 before_script:
  # Set up MySQL

diff --git a/.codecov.yml → codecov.yml b/.codecov.yml → codecov.yml