Skip to content

build(deps): bump actions/checkout from 6 to 7 #1859

build(deps): bump actions/checkout from 6 to 7

build(deps): bump actions/checkout from 6 to 7 #1859

Workflow file for this run

name: CI
on:
pull_request:
push:
branches:
- master
- release/**
permissions:
contents: read
env:
FRANKENPHP_VERSION: v1.11.2
ROADRUNNER_VERSION: v2025.1.7
COMPOSER_ADVISORY_SYMFONY_COMMON: >-
[
"PKSA-z7t6-zt6p-wtng",
"PKSA-5r1g-c7b7-y1zg",
"PKSA-4k7v-pfvw-nqvp",
"PKSA-365x-2zjk-pt47",
"PKSA-b35n-565h-rs4q",
"PKSA-4wjj-gy1p-ft3r",
"PKSA-wws7-mr54-jsny",
"PKSA-bf7t-jnpz-492k",
"PKSA-yc7t-91v9-99xs",
"PKSA-c28x-6bj5-8spx",
"PKSA-tbsf-h7vc-j7hn",
"PKSA-v5yj-8nmz-sk2q",
"PKSA-ft77-7h5f-p3r6",
"PKSA-b14r-zh1d-vdrc"
]
COMPOSER_ADVISORY_SYMFONY_4_4_AND_5_LOWEST: >-
[
"PKSA-wtxr-p26d-nn42",
"PKSA-2n2k-66v2-bwg3",
"PKSA-rkkf-636k-qjb3"
]
COMPOSER_ADVISORY_SYMFONY_5_LOWEST_AND_6: >-
[
"PKSA-ztgh-x9c8-k66g"
]
COMPOSER_ADVISORY_SYMFONY_5_LOWEST_ONLY: >-
[
"PKSA-hr4y-jwk2-1yb9",
"PKSA-8knv-7jsn-12w8"
]
COMPOSER_ADVISORY_SYMFONY_6_PHP_8_0_ONLY: >-
[
"PKSA-rqvm-b18n-vg69",
"PKSA-5x8m-77gx-t86z"
]
COMPOSER_ADVISORY_TWIG: >-
[
"PKSA-fbvq-z33h-r2np",
"PKSA-g9zw-qxh8-pq8w",
"PKSA-yd6k-t2gh-1m43",
"PKSA-1tmc-rt7x-12w6",
"PKSA-xx6c-6d96-db2w",
"PKSA-sjvz-tbbr-vwth",
"PKSA-h8hf-ytnd-5t9q",
"PKSA-kvv6-36cr-fkzb",
"PKSA-n14z-jjjg-g8vd",
"PKSA-3mcc-k66d-pydb",
"PKSA-dpx1-78wg-1kqs",
"PKSA-yhcn-xrg3-68b1",
"PKSA-2wrf-1xmk-1pky",
"PKSA-6319-ffpf-gx66",
"PKSA-n7sg-8f52-pqtf"
]
jobs:
tests:
name: Tests
runs-on: ubuntu-latest
env:
SYMFONY_REQUIRE: ${{ matrix.symfony-version }}
strategy:
fail-fast: false
matrix:
php:
- '7.2'
- '7.3'
- '7.4'
- '8.0'
- '8.1'
- '8.2'
- '8.3'
- '8.4'
- '8.5'
symfony-version:
- 4.4.*
- 5.*
- 6.*
- 7.*
- 8.*
dependencies:
- highest
exclude:
- php: '7.2'
symfony-version: 6.*
- php: '7.3'
symfony-version: 6.*
- php: '7.4'
symfony-version: 6.*
- php: '7.2'
symfony-version: 7.*
- php: '7.3'
symfony-version: 7.*
- php: '7.4'
symfony-version: 7.*
- php: '8.0'
symfony-version: 7.*
- php: '8.1'
symfony-version: 7.*
- php: '8.4'
symfony-version: 4.4.*
- php: '8.5'
symfony-version: 4.4.*
- php: '7.2'
symfony-version: 8.*
- php: '7.3'
symfony-version: 8.*
- php: '7.4'
symfony-version: 8.*
- php: '8.0'
symfony-version: 8.*
- php: '8.1'
symfony-version: 8.*
- php: '8.2'
symfony-version: 8.*
- php: '8.3'
symfony-version: 8.*
include:
- php: '7.2'
symfony-version: 4.4.*
dependencies: lowest
- php: '7.2'
symfony-version: 5.*
dependencies: lowest
- php: '8.0'
symfony-version: 6.*
dependencies: lowest
- php: '8.2'
symfony-version: 7.*
dependencies: lowest
- php: '8.4'
symfony-version: 8.*
dependencies: lowest
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
with:
fetch-depth: 2
- name: Setup PHP
uses: shivammathur/setup-php@728c6c6b8cf02c2e48117716a91ee48313958a19 # v2
with:
php-version: ${{ matrix.php }}
coverage: pcov
tools: flex
- name: Setup Problem Matchers for PHPUnit
run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
# These dependencies are not used running the tests but can cause deprecation warnings so we remove them before running the tests
- name: Remove unused dependencies
run: composer remove vimeo/psalm phpstan/phpstan friendsofphp/php-cs-fixer --dev --no-interaction --no-update
- name: Remove RoadRunner dependencies on unsupported PHP versions
if: ${{ runner.os == 'Windows' || matrix.php == '7.2' || matrix.php == '7.3' || matrix.php == '7.4' || matrix.php == '8.0' }}
run: composer remove spiral/roadrunner-http spiral/roadrunner-worker --dev --no-interaction --no-update
- name: Use PHPUnit 9 for lowest dependencies on newer PHP versions
if: ${{ matrix.dependencies == 'lowest' && matrix.php != '7.2' }}
run: composer require phpunit/phpunit:^9.6.34 --dev --no-interaction --no-update
# The following tasks add security advisories to the allowlist to allow proper composer resolution
# They are as strict as possible and bound to particular versions so that we only ignore a well known set.
# If new ones appear, they will fail CI and will require investigation
# The rationale behind that is that we don't want to ignore them for all versions and instead only
# ignore them if absolutely necessary for resolution so that composer can select versions without security
# concerns if available
- name: Configure common Symfony advisory allowlist
if: ${{ matrix.symfony-version == '4.4.*' || (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') || (matrix.symfony-version == '6.*' && matrix.php == '8.0') }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_COMMON"
- name: Configure Symfony 4.4/5 lowest advisory allowlist
if: ${{ matrix.symfony-version == '4.4.*' || (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_4_4_AND_5_LOWEST"
- name: Configure Symfony 5 lowest/6 advisory allowlist
if: ${{ (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') || (matrix.symfony-version == '6.*' && matrix.php == '8.0') }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_5_LOWEST_AND_6"
- name: Configure Symfony 5 lowest advisory allowlist
if: ${{ matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest' }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_5_LOWEST_ONLY"
- name: Configure Symfony 6 advisory allowlist
if: ${{ matrix.symfony-version == '6.*' && matrix.php == '8.0' }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_6_PHP_8_0_ONLY"
- name: Configure Twig advisory allowlist
if: ${{ contains(fromJSON('["4.4.*","5.*","6.*"]'), matrix.symfony-version) && contains(fromJSON('["7.2","7.3","7.4","8.0"]'), matrix.php) }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_TWIG"
# End of security advisory tasks
- name: Resolve dependencies
run: composer update --no-progress --no-interaction --prefer-dist --no-install --no-scripts --no-audit
if: ${{ matrix.dependencies == 'highest' }}
- name: Resolve dependencies
run: composer update --no-progress --no-interaction --prefer-dist --prefer-lowest --no-install --no-scripts --no-audit
if: ${{ matrix.dependencies == 'lowest' }}
- name: Audit dependencies
run: composer audit --locked --no-interaction --format=table --abandoned=report
- name: Install dependencies
run: composer install --no-progress --no-interaction --prefer-dist --no-scripts
- name: Run tests
run: vendor/bin/phpunit --coverage-clover=build/coverage-report.xml
- name: Upload code coverage
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v5
with:
file: build/coverage-report.xml
token: ${{ secrets.CODECOV_TOKEN }}
missing-optional-packages-tests:
name: Tests without optional packages
runs-on: ubuntu-latest
env:
SYMFONY_REQUIRE: ${{ matrix.symfony-version }}
strategy:
fail-fast: false
matrix:
include:
- php: '7.2'
dependencies: lowest
symfony-version: 4.4.*
- php: '7.4'
dependencies: highest
- php: '8.0'
dependencies: lowest
symfony-version: 4.4.*
- php: '8.4'
dependencies: highest
symfony-version: 8.*
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6
- name: Setup PHP
uses: shivammathur/setup-php@728c6c6b8cf02c2e48117716a91ee48313958a19 # v2
with:
php-version: ${{ matrix.php }}
coverage: pcov
tools: flex
- name: Setup Problem Matchers for PHPUnit
run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
# These dependencies are not used running the tests but can cause deprecation warnings so we remove them before running the tests
- name: Remove unused dependencies
run: composer remove vimeo/psalm phpstan/phpstan friendsofphp/php-cs-fixer --dev --no-interaction --no-update
- name: Remove RoadRunner dependencies on unsupported PHP versions
if: ${{ runner.os == 'Windows' || matrix.php == '7.2' || matrix.php == '7.3' || matrix.php == '7.4' || matrix.php == '8.0' }}
run: composer remove spiral/roadrunner-http spiral/roadrunner-worker --dev --no-interaction --no-update
- name: Remove optional packages
run: composer remove doctrine/dbal doctrine/doctrine-bundle symfony/messenger symfony/twig-bundle symfony/cache symfony/http-client --dev --no-update
- name: Use PHPUnit 9 for lowest dependencies on newer PHP versions
if: ${{ matrix.dependencies == 'lowest' && matrix.php != '7.2' }}
run: composer require phpunit/phpunit:^9.6.34 --dev --no-interaction --no-update
# The following tasks add security advisories to the allowlist to allow proper composer resolution
# They are as strict as possible and bound to particular versions so that we only ignore a well known set.
# If new ones appear, they will fail CI and will require investigation
# The rationale behind that is that we don't want to ignore them for all versions and instead only
# ignore them if absolutely necessary for resolution so that composer can select versions without security
# concerns if available
- name: Configure common Symfony advisory allowlist
if: ${{ matrix.symfony-version == '4.4.*' || (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') || (matrix.symfony-version == '6.*' && matrix.php == '8.0') }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_COMMON"
- name: Configure Symfony 4.4/5 lowest advisory allowlist
if: ${{ matrix.symfony-version == '4.4.*' || (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_4_4_AND_5_LOWEST"
- name: Configure Symfony 5 lowest/6 advisory allowlist
if: ${{ (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') || (matrix.symfony-version == '6.*' && matrix.php == '8.0') }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_5_LOWEST_AND_6"
- name: Configure Symfony 5 lowest advisory allowlist
if: ${{ matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest' }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_5_LOWEST_ONLY"
- name: Configure Symfony 6 advisory allowlist
if: ${{ matrix.symfony-version == '6.*' && matrix.php == '8.0' }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_6_PHP_8_0_ONLY"
- name: Configure Twig advisory allowlist
if: ${{ contains(fromJSON('["4.4.*","5.*","6.*"]'), matrix.symfony-version) && contains(fromJSON('["7.2","7.3","7.4","8.0"]'), matrix.php) }}
run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_TWIG"
# End of security advisory tasks
- name: Resolve dependencies
run: composer update --no-progress --no-interaction --prefer-dist --no-install --no-scripts --no-audit
if: ${{ matrix.dependencies == 'highest' }}
- name: Resolve dependencies
run: composer update --no-progress --no-interaction --prefer-dist --prefer-lowest --no-install --no-scripts --no-audit
if: ${{ matrix.dependencies == 'lowest' }}
- name: Audit dependencies
run: composer audit --locked --no-interaction --format=table --abandoned=report
- name: Install dependencies
run: composer install --no-progress --no-interaction --prefer-dist --no-scripts
- name: Run tests
run: vendor/bin/phpunit --coverage-clover=build/coverage-report.xml
- name: Upload code coverage
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v5
with:
file: build/coverage-report.xml
token: ${{ secrets.CODECOV_TOKEN }}
runtime-tests-frankenphp:
name: Runtime tests (FrankenPHP)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v7
with:
fetch-depth: 2
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.4'
coverage: none
- name: Determine Composer cache directory
id: composer-cache
run: echo "directory=$(composer config cache-dir)" >> "$GITHUB_OUTPUT"
shell: bash
- name: Cache Composer dependencies
uses: actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.directory }}
key: ${{ runner.os }}-runtime-frankenphp-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: ${{ runner.os }}-runtime-frankenphp-composer-
- name: Resolve dependencies
run: composer update --no-progress --no-interaction --prefer-dist --no-install --no-scripts --no-audit
- name: Audit dependencies
run: composer audit --locked --no-interaction --format=table --abandoned=report
- name: Install dependencies
run: composer install --no-progress --no-interaction --prefer-dist --no-scripts
- name: Install FrankenPHP
env:
GH_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
case "$(uname -m)" in
x86_64) asset="frankenphp-linux-x86_64" ;;
aarch64|arm64) asset="frankenphp-linux-aarch64" ;;
*) echo "Unsupported architecture: $(uname -m)"; exit 1 ;;
esac
digest="$(gh api "repos/php/frankenphp/releases/tags/${FRANKENPHP_VERSION}" --jq ".assets[] | select(.name == \"${asset}\") | .digest")"
if [ -z "${digest}" ]; then
echo "Unable to resolve digest for ${asset} (${FRANKENPHP_VERSION})."
exit 1
fi
gh release download "${FRANKENPHP_VERSION}" \
--repo php/frankenphp \
--pattern "${asset}" \
--output "${asset}"
echo "${digest#sha256:} ${asset}" | sha256sum --check --
mkdir -p "${RUNNER_TEMP}/bin"
install -m 0755 "${asset}" "${RUNNER_TEMP}/bin/frankenphp"
echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
"${RUNNER_TEMP}/bin/frankenphp" version
shell: bash
- name: Run full PHPUnit test suite
run: vendor/bin/phpunit --verbose
runtime-tests-roadrunner:
name: Runtime tests (RoadRunner)
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v7
with:
fetch-depth: 2
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.4'
coverage: none
- name: Determine Composer cache directory
id: composer-cache
run: echo "directory=$(composer config cache-dir)" >> "$GITHUB_OUTPUT"
shell: bash
- name: Cache Composer dependencies
uses: actions/cache@v5
with:
path: ${{ steps.composer-cache.outputs.directory }}
key: ${{ runner.os }}-runtime-roadrunner-composer-${{ hashFiles('**/composer.lock') }}
restore-keys: ${{ runner.os }}-runtime-roadrunner-composer-
- name: Resolve dependencies
run: composer update --no-progress --no-interaction --prefer-dist --no-install --no-scripts --no-audit
- name: Audit dependencies
run: composer audit --locked --no-interaction --format=table --abandoned=report
- name: Install dependencies
run: composer install --no-progress --no-interaction --prefer-dist --no-scripts
- name: Install RoadRunner
env:
GH_TOKEN: ${{ github.token }}
run: |
set -euo pipefail
case "$(uname -m)" in
x86_64) arch="amd64" ;;
aarch64|arm64) arch="arm64" ;;
*) echo "Unsupported architecture: $(uname -m)"; exit 1 ;;
esac
version_no_prefix="${ROADRUNNER_VERSION#v}"
asset="roadrunner-${version_no_prefix}-linux-${arch}.tar.gz"
digest="$(gh api "repos/roadrunner-server/roadrunner/releases/tags/${ROADRUNNER_VERSION}" --jq ".assets[] | select(.name == \"${asset}\") | .digest")"
if [ -z "${digest}" ]; then
echo "Unable to resolve digest for ${asset} (${ROADRUNNER_VERSION})."
exit 1
fi
gh release download "${ROADRUNNER_VERSION}" \
--repo roadrunner-server/roadrunner \
--pattern "${asset}" \
--output "${asset}"
echo "${digest#sha256:} ${asset}" | sha256sum --check --
tar -xzf "${asset}" --strip-components=1 "${asset%.tar.gz}/rr"
mkdir -p "${RUNNER_TEMP}/bin"
install -m 0755 rr "${RUNNER_TEMP}/bin/rr"
echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}"
"${RUNNER_TEMP}/bin/rr" --version
shell: bash
- name: Run full PHPUnit test suite
run: vendor/bin/phpunit --verbose