build(deps): bump actions/checkout from 6 to 7 #1859
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| - release/** | |
| permissions: | |
| contents: read | |
| env: | |
| FRANKENPHP_VERSION: v1.11.2 | |
| ROADRUNNER_VERSION: v2025.1.7 | |
| COMPOSER_ADVISORY_SYMFONY_COMMON: >- | |
| [ | |
| "PKSA-z7t6-zt6p-wtng", | |
| "PKSA-5r1g-c7b7-y1zg", | |
| "PKSA-4k7v-pfvw-nqvp", | |
| "PKSA-365x-2zjk-pt47", | |
| "PKSA-b35n-565h-rs4q", | |
| "PKSA-4wjj-gy1p-ft3r", | |
| "PKSA-wws7-mr54-jsny", | |
| "PKSA-bf7t-jnpz-492k", | |
| "PKSA-yc7t-91v9-99xs", | |
| "PKSA-c28x-6bj5-8spx", | |
| "PKSA-tbsf-h7vc-j7hn", | |
| "PKSA-v5yj-8nmz-sk2q", | |
| "PKSA-ft77-7h5f-p3r6", | |
| "PKSA-b14r-zh1d-vdrc" | |
| ] | |
| COMPOSER_ADVISORY_SYMFONY_4_4_AND_5_LOWEST: >- | |
| [ | |
| "PKSA-wtxr-p26d-nn42", | |
| "PKSA-2n2k-66v2-bwg3", | |
| "PKSA-rkkf-636k-qjb3" | |
| ] | |
| COMPOSER_ADVISORY_SYMFONY_5_LOWEST_AND_6: >- | |
| [ | |
| "PKSA-ztgh-x9c8-k66g" | |
| ] | |
| COMPOSER_ADVISORY_SYMFONY_5_LOWEST_ONLY: >- | |
| [ | |
| "PKSA-hr4y-jwk2-1yb9", | |
| "PKSA-8knv-7jsn-12w8" | |
| ] | |
| COMPOSER_ADVISORY_SYMFONY_6_PHP_8_0_ONLY: >- | |
| [ | |
| "PKSA-rqvm-b18n-vg69", | |
| "PKSA-5x8m-77gx-t86z" | |
| ] | |
| COMPOSER_ADVISORY_TWIG: >- | |
| [ | |
| "PKSA-fbvq-z33h-r2np", | |
| "PKSA-g9zw-qxh8-pq8w", | |
| "PKSA-yd6k-t2gh-1m43", | |
| "PKSA-1tmc-rt7x-12w6", | |
| "PKSA-xx6c-6d96-db2w", | |
| "PKSA-sjvz-tbbr-vwth", | |
| "PKSA-h8hf-ytnd-5t9q", | |
| "PKSA-kvv6-36cr-fkzb", | |
| "PKSA-n14z-jjjg-g8vd", | |
| "PKSA-3mcc-k66d-pydb", | |
| "PKSA-dpx1-78wg-1kqs", | |
| "PKSA-yhcn-xrg3-68b1", | |
| "PKSA-2wrf-1xmk-1pky", | |
| "PKSA-6319-ffpf-gx66", | |
| "PKSA-n7sg-8f52-pqtf" | |
| ] | |
| jobs: | |
| tests: | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| env: | |
| SYMFONY_REQUIRE: ${{ matrix.symfony-version }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php: | |
| - '7.2' | |
| - '7.3' | |
| - '7.4' | |
| - '8.0' | |
| - '8.1' | |
| - '8.2' | |
| - '8.3' | |
| - '8.4' | |
| - '8.5' | |
| symfony-version: | |
| - 4.4.* | |
| - 5.* | |
| - 6.* | |
| - 7.* | |
| - 8.* | |
| dependencies: | |
| - highest | |
| exclude: | |
| - php: '7.2' | |
| symfony-version: 6.* | |
| - php: '7.3' | |
| symfony-version: 6.* | |
| - php: '7.4' | |
| symfony-version: 6.* | |
| - php: '7.2' | |
| symfony-version: 7.* | |
| - php: '7.3' | |
| symfony-version: 7.* | |
| - php: '7.4' | |
| symfony-version: 7.* | |
| - php: '8.0' | |
| symfony-version: 7.* | |
| - php: '8.1' | |
| symfony-version: 7.* | |
| - php: '8.4' | |
| symfony-version: 4.4.* | |
| - php: '8.5' | |
| symfony-version: 4.4.* | |
| - php: '7.2' | |
| symfony-version: 8.* | |
| - php: '7.3' | |
| symfony-version: 8.* | |
| - php: '7.4' | |
| symfony-version: 8.* | |
| - php: '8.0' | |
| symfony-version: 8.* | |
| - php: '8.1' | |
| symfony-version: 8.* | |
| - php: '8.2' | |
| symfony-version: 8.* | |
| - php: '8.3' | |
| symfony-version: 8.* | |
| include: | |
| - php: '7.2' | |
| symfony-version: 4.4.* | |
| dependencies: lowest | |
| - php: '7.2' | |
| symfony-version: 5.* | |
| dependencies: lowest | |
| - php: '8.0' | |
| symfony-version: 6.* | |
| dependencies: lowest | |
| - php: '8.2' | |
| symfony-version: 7.* | |
| dependencies: lowest | |
| - php: '8.4' | |
| symfony-version: 8.* | |
| dependencies: lowest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 | |
| with: | |
| fetch-depth: 2 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@728c6c6b8cf02c2e48117716a91ee48313958a19 # v2 | |
| with: | |
| php-version: ${{ matrix.php }} | |
| coverage: pcov | |
| tools: flex | |
| - name: Setup Problem Matchers for PHPUnit | |
| run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" | |
| # These dependencies are not used running the tests but can cause deprecation warnings so we remove them before running the tests | |
| - name: Remove unused dependencies | |
| run: composer remove vimeo/psalm phpstan/phpstan friendsofphp/php-cs-fixer --dev --no-interaction --no-update | |
| - name: Remove RoadRunner dependencies on unsupported PHP versions | |
| if: ${{ runner.os == 'Windows' || matrix.php == '7.2' || matrix.php == '7.3' || matrix.php == '7.4' || matrix.php == '8.0' }} | |
| run: composer remove spiral/roadrunner-http spiral/roadrunner-worker --dev --no-interaction --no-update | |
| - name: Use PHPUnit 9 for lowest dependencies on newer PHP versions | |
| if: ${{ matrix.dependencies == 'lowest' && matrix.php != '7.2' }} | |
| run: composer require phpunit/phpunit:^9.6.34 --dev --no-interaction --no-update | |
| # The following tasks add security advisories to the allowlist to allow proper composer resolution | |
| # They are as strict as possible and bound to particular versions so that we only ignore a well known set. | |
| # If new ones appear, they will fail CI and will require investigation | |
| # The rationale behind that is that we don't want to ignore them for all versions and instead only | |
| # ignore them if absolutely necessary for resolution so that composer can select versions without security | |
| # concerns if available | |
| - name: Configure common Symfony advisory allowlist | |
| if: ${{ matrix.symfony-version == '4.4.*' || (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') || (matrix.symfony-version == '6.*' && matrix.php == '8.0') }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_COMMON" | |
| - name: Configure Symfony 4.4/5 lowest advisory allowlist | |
| if: ${{ matrix.symfony-version == '4.4.*' || (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_4_4_AND_5_LOWEST" | |
| - name: Configure Symfony 5 lowest/6 advisory allowlist | |
| if: ${{ (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') || (matrix.symfony-version == '6.*' && matrix.php == '8.0') }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_5_LOWEST_AND_6" | |
| - name: Configure Symfony 5 lowest advisory allowlist | |
| if: ${{ matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest' }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_5_LOWEST_ONLY" | |
| - name: Configure Symfony 6 advisory allowlist | |
| if: ${{ matrix.symfony-version == '6.*' && matrix.php == '8.0' }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_6_PHP_8_0_ONLY" | |
| - name: Configure Twig advisory allowlist | |
| if: ${{ contains(fromJSON('["4.4.*","5.*","6.*"]'), matrix.symfony-version) && contains(fromJSON('["7.2","7.3","7.4","8.0"]'), matrix.php) }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_TWIG" | |
| # End of security advisory tasks | |
| - name: Resolve dependencies | |
| run: composer update --no-progress --no-interaction --prefer-dist --no-install --no-scripts --no-audit | |
| if: ${{ matrix.dependencies == 'highest' }} | |
| - name: Resolve dependencies | |
| run: composer update --no-progress --no-interaction --prefer-dist --prefer-lowest --no-install --no-scripts --no-audit | |
| if: ${{ matrix.dependencies == 'lowest' }} | |
| - name: Audit dependencies | |
| run: composer audit --locked --no-interaction --format=table --abandoned=report | |
| - name: Install dependencies | |
| run: composer install --no-progress --no-interaction --prefer-dist --no-scripts | |
| - name: Run tests | |
| run: vendor/bin/phpunit --coverage-clover=build/coverage-report.xml | |
| - name: Upload code coverage | |
| uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v5 | |
| with: | |
| file: build/coverage-report.xml | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| missing-optional-packages-tests: | |
| name: Tests without optional packages | |
| runs-on: ubuntu-latest | |
| env: | |
| SYMFONY_REQUIRE: ${{ matrix.symfony-version }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - php: '7.2' | |
| dependencies: lowest | |
| symfony-version: 4.4.* | |
| - php: '7.4' | |
| dependencies: highest | |
| - php: '8.0' | |
| dependencies: lowest | |
| symfony-version: 4.4.* | |
| - php: '8.4' | |
| dependencies: highest | |
| symfony-version: 8.* | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@728c6c6b8cf02c2e48117716a91ee48313958a19 # v2 | |
| with: | |
| php-version: ${{ matrix.php }} | |
| coverage: pcov | |
| tools: flex | |
| - name: Setup Problem Matchers for PHPUnit | |
| run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json" | |
| # These dependencies are not used running the tests but can cause deprecation warnings so we remove them before running the tests | |
| - name: Remove unused dependencies | |
| run: composer remove vimeo/psalm phpstan/phpstan friendsofphp/php-cs-fixer --dev --no-interaction --no-update | |
| - name: Remove RoadRunner dependencies on unsupported PHP versions | |
| if: ${{ runner.os == 'Windows' || matrix.php == '7.2' || matrix.php == '7.3' || matrix.php == '7.4' || matrix.php == '8.0' }} | |
| run: composer remove spiral/roadrunner-http spiral/roadrunner-worker --dev --no-interaction --no-update | |
| - name: Remove optional packages | |
| run: composer remove doctrine/dbal doctrine/doctrine-bundle symfony/messenger symfony/twig-bundle symfony/cache symfony/http-client --dev --no-update | |
| - name: Use PHPUnit 9 for lowest dependencies on newer PHP versions | |
| if: ${{ matrix.dependencies == 'lowest' && matrix.php != '7.2' }} | |
| run: composer require phpunit/phpunit:^9.6.34 --dev --no-interaction --no-update | |
| # The following tasks add security advisories to the allowlist to allow proper composer resolution | |
| # They are as strict as possible and bound to particular versions so that we only ignore a well known set. | |
| # If new ones appear, they will fail CI and will require investigation | |
| # The rationale behind that is that we don't want to ignore them for all versions and instead only | |
| # ignore them if absolutely necessary for resolution so that composer can select versions without security | |
| # concerns if available | |
| - name: Configure common Symfony advisory allowlist | |
| if: ${{ matrix.symfony-version == '4.4.*' || (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') || (matrix.symfony-version == '6.*' && matrix.php == '8.0') }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_COMMON" | |
| - name: Configure Symfony 4.4/5 lowest advisory allowlist | |
| if: ${{ matrix.symfony-version == '4.4.*' || (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_4_4_AND_5_LOWEST" | |
| - name: Configure Symfony 5 lowest/6 advisory allowlist | |
| if: ${{ (matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest') || (matrix.symfony-version == '6.*' && matrix.php == '8.0') }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_5_LOWEST_AND_6" | |
| - name: Configure Symfony 5 lowest advisory allowlist | |
| if: ${{ matrix.symfony-version == '5.*' && matrix.php == '7.2' && matrix.dependencies == 'lowest' }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_5_LOWEST_ONLY" | |
| - name: Configure Symfony 6 advisory allowlist | |
| if: ${{ matrix.symfony-version == '6.*' && matrix.php == '8.0' }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_SYMFONY_6_PHP_8_0_ONLY" | |
| - name: Configure Twig advisory allowlist | |
| if: ${{ contains(fromJSON('["4.4.*","5.*","6.*"]'), matrix.symfony-version) && contains(fromJSON('["7.2","7.3","7.4","8.0"]'), matrix.php) }} | |
| run: composer config --merge --json policy.advisories.ignore-id "$COMPOSER_ADVISORY_TWIG" | |
| # End of security advisory tasks | |
| - name: Resolve dependencies | |
| run: composer update --no-progress --no-interaction --prefer-dist --no-install --no-scripts --no-audit | |
| if: ${{ matrix.dependencies == 'highest' }} | |
| - name: Resolve dependencies | |
| run: composer update --no-progress --no-interaction --prefer-dist --prefer-lowest --no-install --no-scripts --no-audit | |
| if: ${{ matrix.dependencies == 'lowest' }} | |
| - name: Audit dependencies | |
| run: composer audit --locked --no-interaction --format=table --abandoned=report | |
| - name: Install dependencies | |
| run: composer install --no-progress --no-interaction --prefer-dist --no-scripts | |
| - name: Run tests | |
| run: vendor/bin/phpunit --coverage-clover=build/coverage-report.xml | |
| - name: Upload code coverage | |
| uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v5 | |
| with: | |
| file: build/coverage-report.xml | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| runtime-tests-frankenphp: | |
| name: Runtime tests (FrankenPHP) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| with: | |
| fetch-depth: 2 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.4' | |
| coverage: none | |
| - name: Determine Composer cache directory | |
| id: composer-cache | |
| run: echo "directory=$(composer config cache-dir)" >> "$GITHUB_OUTPUT" | |
| shell: bash | |
| - name: Cache Composer dependencies | |
| uses: actions/cache@v5 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.directory }} | |
| key: ${{ runner.os }}-runtime-frankenphp-composer-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: ${{ runner.os }}-runtime-frankenphp-composer- | |
| - name: Resolve dependencies | |
| run: composer update --no-progress --no-interaction --prefer-dist --no-install --no-scripts --no-audit | |
| - name: Audit dependencies | |
| run: composer audit --locked --no-interaction --format=table --abandoned=report | |
| - name: Install dependencies | |
| run: composer install --no-progress --no-interaction --prefer-dist --no-scripts | |
| - name: Install FrankenPHP | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| set -euo pipefail | |
| case "$(uname -m)" in | |
| x86_64) asset="frankenphp-linux-x86_64" ;; | |
| aarch64|arm64) asset="frankenphp-linux-aarch64" ;; | |
| *) echo "Unsupported architecture: $(uname -m)"; exit 1 ;; | |
| esac | |
| digest="$(gh api "repos/php/frankenphp/releases/tags/${FRANKENPHP_VERSION}" --jq ".assets[] | select(.name == \"${asset}\") | .digest")" | |
| if [ -z "${digest}" ]; then | |
| echo "Unable to resolve digest for ${asset} (${FRANKENPHP_VERSION})." | |
| exit 1 | |
| fi | |
| gh release download "${FRANKENPHP_VERSION}" \ | |
| --repo php/frankenphp \ | |
| --pattern "${asset}" \ | |
| --output "${asset}" | |
| echo "${digest#sha256:} ${asset}" | sha256sum --check -- | |
| mkdir -p "${RUNNER_TEMP}/bin" | |
| install -m 0755 "${asset}" "${RUNNER_TEMP}/bin/frankenphp" | |
| echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}" | |
| "${RUNNER_TEMP}/bin/frankenphp" version | |
| shell: bash | |
| - name: Run full PHPUnit test suite | |
| run: vendor/bin/phpunit --verbose | |
| runtime-tests-roadrunner: | |
| name: Runtime tests (RoadRunner) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v7 | |
| with: | |
| fetch-depth: 2 | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: '8.4' | |
| coverage: none | |
| - name: Determine Composer cache directory | |
| id: composer-cache | |
| run: echo "directory=$(composer config cache-dir)" >> "$GITHUB_OUTPUT" | |
| shell: bash | |
| - name: Cache Composer dependencies | |
| uses: actions/cache@v5 | |
| with: | |
| path: ${{ steps.composer-cache.outputs.directory }} | |
| key: ${{ runner.os }}-runtime-roadrunner-composer-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: ${{ runner.os }}-runtime-roadrunner-composer- | |
| - name: Resolve dependencies | |
| run: composer update --no-progress --no-interaction --prefer-dist --no-install --no-scripts --no-audit | |
| - name: Audit dependencies | |
| run: composer audit --locked --no-interaction --format=table --abandoned=report | |
| - name: Install dependencies | |
| run: composer install --no-progress --no-interaction --prefer-dist --no-scripts | |
| - name: Install RoadRunner | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| set -euo pipefail | |
| case "$(uname -m)" in | |
| x86_64) arch="amd64" ;; | |
| aarch64|arm64) arch="arm64" ;; | |
| *) echo "Unsupported architecture: $(uname -m)"; exit 1 ;; | |
| esac | |
| version_no_prefix="${ROADRUNNER_VERSION#v}" | |
| asset="roadrunner-${version_no_prefix}-linux-${arch}.tar.gz" | |
| digest="$(gh api "repos/roadrunner-server/roadrunner/releases/tags/${ROADRUNNER_VERSION}" --jq ".assets[] | select(.name == \"${asset}\") | .digest")" | |
| if [ -z "${digest}" ]; then | |
| echo "Unable to resolve digest for ${asset} (${ROADRUNNER_VERSION})." | |
| exit 1 | |
| fi | |
| gh release download "${ROADRUNNER_VERSION}" \ | |
| --repo roadrunner-server/roadrunner \ | |
| --pattern "${asset}" \ | |
| --output "${asset}" | |
| echo "${digest#sha256:} ${asset}" | sha256sum --check -- | |
| tar -xzf "${asset}" --strip-components=1 "${asset%.tar.gz}/rr" | |
| mkdir -p "${RUNNER_TEMP}/bin" | |
| install -m 0755 rr "${RUNNER_TEMP}/bin/rr" | |
| echo "${RUNNER_TEMP}/bin" >> "${GITHUB_PATH}" | |
| "${RUNNER_TEMP}/bin/rr" --version | |
| shell: bash | |
| - name: Run full PHPUnit test suite | |
| run: vendor/bin/phpunit --verbose |