--- name: CI on: # yamllint disable-line rule:truthy push: branches: ['**'] paths-ignore: - '**.md' pull_request: branches: [master, simplesamlphp-*] paths-ignore: - '**.md' jobs: phplinter: name: 'PHP-Linter' strategy: fail-fast: false matrix: php-version: ['8.3', '8.4', '8.5'] uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_phplinter.yml@v1.11.5 with: php-version: ${{ matrix.php-version }} linter: name: 'Linter' strategy: fail-fast: false uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_linter.yml@v1.11.5 with: enable_eslinter: true enable_jsonlinter: true enable_stylelinter: true enable_yamllinter: true unit-tests-linux: name: "Syntax and unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}" runs-on: ${{ matrix.operating-system }} needs: [phplinter, linter] strategy: fail-fast: false matrix: operating-system: [ubuntu-latest] php-versions: ['8.3', '8.4', '8.5'] steps: - name: Setup PHP, with composer and extensions # https://github.com/shivammathur/setup-php uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} extensions: intl, mbstring, mysql, pdo, pdo_sqlite, soap, sodium, xml tools: composer:v2 ini-values: error_reporting=E_ALL, pcov.directory=${{ github.workspace }} coverage: pcov - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - name: Setup problem matchers for PHPUnit run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" - name: Set git to use LF run: | git config --global core.autocrlf false git config --global core.eol lf - uses: actions/checkout@v6 - name: Copy config.php.dist to config.php run: cp config/config.php.dist config/config.php - name: Create SimpleSAMLphp cache directory run: sudo mkdir -p /var/cache/simplesamlphp && sudo chmod 777 /var/cache/simplesamlphp - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" - name: Get COMPOSER_ROOT_VERSION from composer.json branch alias run: | ROOT_VERSION=$(composer config extra.branch-alias.dev-master) if [ -z "$ROOT_VERSION" ]; then echo "Could not read extra.branch-alias.dev-master from composer.json" >&2 exit 1 fi echo "COMPOSER_ROOT_VERSION=$ROOT_VERSION" >> "$GITHUB_ENV" - name: Cache composer dependencies uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies run: composer install --no-progress --prefer-dist --optimize-autoloader - name: Run unit tests with coverage if: ${{ matrix.php-versions == '8.5' }} run: vendor/bin/phpunit - name: Run unit tests (no coverage) if: ${{ matrix.php-versions != '8.5' }} run: vendor/bin/phpunit --no-coverage - name: Save coverage data if: ${{ matrix.php-versions == '8.5' }} uses: actions/upload-artifact@v7 with: name: coverage-data path: ${{ github.workspace }}/build unit-tests-windows: name: "Syntax and unit tests, PHP ${{ matrix.php-versions }}, ${{ matrix.operating-system }}" runs-on: ${{ matrix.operating-system }} needs: [phplinter, linter] strategy: fail-fast: true matrix: operating-system: [windows-latest] php-versions: ['8.3', '8.4', '8.5'] steps: - name: Setup PHP, with composer and extensions # https://github.com/shivammathur/setup-php uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php-versions }} extensions: fileinfo, intl, mbstring, mysql, pdo, pdo_sqlite, soap, sodium, xml tools: composer:v2 ini-values: error_reporting=E_ALL coverage: none - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - name: Setup problem matchers for PHPUnit run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" - name: Set git to use LF run: | git config --global core.autocrlf false git config --global core.eol lf - uses: actions/checkout@v6 - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$env:GITHUB_ENV" - name: Get COMPOSER_ROOT_VERSION from composer.json branch alias shell: bash run: | ROOT_VERSION=$(composer config extra.branch-alias.dev-master) if [ -z "$ROOT_VERSION" ]; then echo "Could not read extra.branch-alias.dev-master from composer.json" >&2 exit 1 fi echo "COMPOSER_ROOT_VERSION=$ROOT_VERSION" >> "$env:GITHUB_ENV" - name: Cache composer dependencies uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE }} key: ${{ runner.os }}-composer-${{ hashFiles('**\composer.lock') }} restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies run: composer install --no-progress --prefer-dist --optimize-autoloader --no-scripts - name: Run unit tests run: ./vendor/bin/phpunit --no-coverage quality: name: Quality control needs: [unit-tests-linux] runs-on: [ubuntu-latest] steps: - name: Setup PHP, with composer and extensions id: setup-php # https://github.com/shivammathur/setup-php uses: shivammathur/setup-php@v2 with: php-version: '8.5' tools: composer, composer-require-checker, composer-unused extensions: mbstring, soap, xml coverage: none - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - uses: actions/checkout@v6 - name: Copy config.php.dist to config.php run: cp config/config.php.dist config/config.php - name: Create SimpleSAMLphp cache directory run: sudo mkdir -p /var/cache/simplesamlphp && sudo chmod 777 /var/cache/simplesamlphp - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" - name: Get COMPOSER_ROOT_VERSION from composer.json branch alias run: | ROOT_VERSION=$(composer config extra.branch-alias.dev-master) if [ -z "$ROOT_VERSION" ]; then echo "Could not read extra.branch-alias.dev-master from composer.json" >&2 exit 1 fi echo "COMPOSER_ROOT_VERSION=$ROOT_VERSION" >> "$GITHUB_ENV" - name: Cache composer dependencies uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: ${{ runner.os }}-composer- - name: Validate composer.json and composer.lock run: composer validate - name: Install Composer dependencies run: composer install --no-progress --prefer-dist --optimize-autoloader - name: Check code for hard dependencies missing in composer.json run: composer-require-checker check --config-file=tools/composer-require-checker.json composer.json - name: Check code for unused dependencies in composer.json run: | composer-unused \ --excludePackage=simplesamlphp/composer-module-installer \ --excludePackage=simplesamlphp/simplesamlphp-assets-base \ --excludePackage=symfony/expression-language \ --excludePackage=symfony/polyfill-intl-icu \ --excludePackage=symfony/yaml - name: PHP Code Sniffer run: vendor/bin/phpcs - name: PHPStan run: vendor/bin/phpstan analyze -c phpstan.neon - name: PHPStan (testsuite) run: vendor/bin/phpstan analyze -c phpstan-dev.neon - name: Check for unused translations continue-on-error: true run: composer translations:unused security: name: Security checks needs: [unit-tests-linux] runs-on: [ubuntu-latest] steps: - name: Setup PHP, with composer and extensions # https://github.com/shivammathur/setup-php uses: shivammathur/setup-php@v2 with: php-version: '8.3' extensions: mbstring, soap, xml tools: composer:v2 coverage: none - name: Setup problem matchers for PHP run: echo "::add-matcher::${{ runner.tool_cache }}/php.json" - uses: actions/checkout@v6 - name: Copy config.php.dist to config.php run: cp config/config.php.dist config/config.php - name: Create SimpleSAMLphp cache directory run: sudo mkdir -p /var/cache/simplesamlphp && sudo chmod 777 /var/cache/simplesamlphp - name: Get composer cache directory run: echo COMPOSER_CACHE="$(composer config cache-files-dir)" >> "$GITHUB_ENV" - name: Get COMPOSER_ROOT_VERSION from composer.json branch alias run: | ROOT_VERSION=$(composer config extra.branch-alias.dev-master) if [ -z "$ROOT_VERSION" ]; then echo "Could not read extra.branch-alias.dev-master from composer.json" >&2 exit 1 fi echo "COMPOSER_ROOT_VERSION=$ROOT_VERSION" >> "$GITHUB_ENV" - name: Cache composer dependencies uses: actions/cache@v5 with: path: ${{ env.COMPOSER_CACHE }} key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} restore-keys: ${{ runner.os }}-composer- - name: Install Composer dependencies run: composer install --no-progress --prefer-dist --optimize-autoloader - name: Security check for locked dependencies run: composer audit - name: Update Composer dependencies run: composer update --no-progress --prefer-dist --optimize-autoloader - name: Security check for updated dependencies run: composer audit coverage: name: Code coverage runs-on: [ubuntu-latest] needs: [unit-tests-linux] steps: - uses: actions/checkout@v6 - uses: actions/download-artifact@v8 with: name: coverage-data path: ${{ github.workspace }}/build - name: Codecov uses: codecov/codecov-action@v5 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true verbose: true cleanup: name: Cleanup artifacts needs: [unit-tests-linux, coverage] runs-on: [ubuntu-latest] if: | always() && needs.coverage.result == 'success' || (needs.unit-tests-linux.result == 'success' && needs.coverage.result == 'skipped') steps: - uses: geekyeggo/delete-artifact@v6 with: name: coverage-data