GH Actions/verify-release: show output for release attestations #2274
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
on: | |
# Run on pushes to `master` and on all pull requests. | |
# Prevent the build from running when there are only irrelevant changes. | |
push: | |
branches: | |
- master | |
- 4.0 | |
tags: | |
- '**' | |
paths-ignore: | |
- '**.md' | |
pull_request: | |
# Allow manually triggering the workflow. | |
workflow_dispatch: | |
jobs: | |
build: | |
# Cancels all previous runs of this particular job for the same branch that have not yet completed. | |
concurrency: | |
# The concurrency group contains the workflow name, job name and the branch name. | |
group: ${{ github.workflow }}-${{ github.job }}-${{ github.ref }} | |
cancel-in-progress: true | |
name: "Build Phar on PHP: 8.0" | |
permissions: | |
id-token: write | |
contents: read | |
attestations: write | |
uses: ./.github/workflows/reusable-build-phar.yml | |
with: | |
uploadArtifacts: true | |
retentionDays: 28 | |
# Only attests the build artifacts which will be used in the published releases as per the guidelines in "what to attest". | |
# https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds | |
createAttestations: ${{ github.ref_type == 'tag' }} | |
test: | |
# Cancels all previous runs of this particular job for the same branch that have not yet completed. | |
concurrency: | |
# The concurrency group contains the workflow name, job name, job index and the branch name. | |
group: ${{ github.workflow }}-${{ github.job }}-${{ strategy.job-index }}-${{ github.ref }} | |
cancel-in-progress: true | |
runs-on: ubuntu-latest | |
needs: build | |
strategy: | |
# Keys: | |
# - custom_ini: Whether to run with specific custom ini settings to hit very specific | |
# code conditions. | |
matrix: | |
os: ['ubuntu-latest', 'windows-latest'] | |
php: ['7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5'] | |
custom_ini: [false] | |
include: | |
# Skip test runs on builds which are also run in the coverage job. | |
# Note: the tests on PHP 8.1 will still be run as the coverage build uses custom_ini settings for that version. | |
- php: '7.2' | |
skip_tests: true | |
- php: '8.4' | |
skip_tests: true | |
# Extra builds running only the unit tests with different PHP ini settings. | |
- php: '7.4' | |
os: 'ubuntu-latest' | |
custom_ini: true | |
# yamllint disable-line rule:line-length | |
name: "PHP: ${{ matrix.php }} ${{ matrix.custom_ini && ' with custom ini settings' || '' }} (${{ matrix.os == 'ubuntu-latest' && 'Linux' || 'Win' }})" | |
continue-on-error: ${{ matrix.php == '8.5' }} | |
steps: | |
- name: Prepare git to leave line endings alone | |
run: git config --global core.autocrlf input | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup ini config | |
id: set_ini | |
shell: bash | |
run: | | |
# Set the "short_open_tag" ini to make sure specific conditions are tested. | |
# Also turn on error_reporting to ensure all notices are shown. | |
if [[ ${{ matrix.custom_ini }} == true ]]; then | |
echo 'PHP_INI=error_reporting=-1, display_errors=On, date.timezone=Australia/Sydney, short_open_tag=On' >> "$GITHUB_OUTPUT" | |
else | |
echo 'PHP_INI=error_reporting=-1, display_errors=On' >> "$GITHUB_OUTPUT" | |
fi | |
- name: Install PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ matrix.php }} | |
ini-values: ${{ steps.set_ini.outputs.PHP_INI }} | |
coverage: none | |
tools: cs2pr | |
# Install dependencies and handle caching in one go. | |
# @link https://github.com/marketplace/actions/install-php-dependencies-with-composer | |
- name: Install Composer dependencies | |
uses: "ramsey/composer-install@v3" | |
with: | |
composer-options: ${{ matrix.php == '8.5' && '--ignore-platform-req=php' || '' }} | |
custom-cache-suffix: $(date -u "+%Y-%m") | |
# Note: The code style check is run multiple times against every PHP version | |
# as it also acts as an integration test. | |
- name: 'PHPCS: set the path to PHP' | |
run: php "bin/phpcs" --config-set php_path php | |
- name: 'PHPUnit: run the full test suite without code coverage' | |
if: ${{ matrix.skip_tests != true }} | |
run: php "vendor/bin/phpunit" --no-coverage | |
- name: 'PHPUnit: run select tests in CBF mode' | |
run: php "vendor/bin/phpunit" tests/AllTests.php --group CBF --exclude-group nothing --no-coverage | |
env: | |
PHP_CODESNIFFER_CBF: '1' | |
- name: 'PHPCS: check code style without cache, no parallel' | |
if: ${{ matrix.custom_ini == false && matrix.php != '7.4' }} | |
run: php "bin/phpcs" --no-cache --parallel=1 | |
- name: 'PHPCS: check code style to show results in PR' | |
if: ${{ matrix.custom_ini == false && matrix.php == '7.4' }} | |
id: phpcs | |
run: php "bin/phpcs" --no-cache --parallel=1 --report-full --report-checkstyle=./phpcs-report.xml | |
- name: Show PHPCS results in PR | |
if: ${{ always() && steps.phpcs.outcome == 'failure' && matrix.php == '7.4' }} | |
run: cs2pr ./phpcs-report.xml | |
- name: Download the PHPCS phar | |
if: ${{ matrix.custom_ini == false }} | |
uses: actions/download-artifact@v4 | |
with: | |
name: phpcs-phar | |
# This test specifically tests that the Phar which will be released works correctly on all PHP versions. | |
- name: 'PHPCS: check code style using the Phar file' | |
if: ${{ matrix.custom_ini == false }} | |
run: php phpcs.phar | |
coverage: | |
# Explicitly *NOT* setting "concurrency" for this job to allow for monitoring code coverage for all merges. | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: ['ubuntu-latest', 'windows-latest'] | |
php: ['7.2', '8.4'] | |
custom_ini: [false] | |
include: | |
# Also run one coverage build with custom ini settings. | |
- php: '8.1' | |
os: 'ubuntu-latest' | |
custom_ini: true | |
# yamllint disable-line rule:line-length | |
name: "Coverage: ${{ matrix.php }} ${{ matrix.custom_ini && ' with custom ini settings' || '' }} (${{ matrix.os == 'ubuntu-latest' && 'Linux' || 'Win' }})" | |
steps: | |
- name: Prepare git to leave line endings alone | |
run: git config --global core.autocrlf input | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup ini config | |
if: ${{ matrix.os != 'windows-latest' }} | |
id: set_ini | |
shell: bash | |
run: | | |
# Set the "short_open_tag" ini to make sure specific conditions are tested. | |
if [[ ${{ matrix.custom_ini }} == true ]]; then | |
echo 'PHP_INI=, date.timezone=Australia/Sydney, short_open_tag=On' >> "$GITHUB_OUTPUT" | |
fi | |
- name: Install PHP | |
uses: shivammathur/setup-php@v2 | |
with: | |
php-version: ${{ matrix.php }} | |
ini-values: error_reporting=-1, display_errors=On${{ steps.set_ini.outputs.PHP_INI }} | |
coverage: xdebug | |
# Install dependencies and handle caching in one go. | |
# @link https://github.com/marketplace/actions/install-php-dependencies-with-composer | |
- name: Install Composer dependencies | |
uses: "ramsey/composer-install@v3" | |
with: | |
# Bust the cache at least once a month - output format: YYYY-MM. | |
custom-cache-suffix: $(date -u "+%Y-%m") | |
- name: Grab PHPUnit version | |
id: phpunit_version | |
shell: bash | |
# yamllint disable-line rule:line-length | |
run: echo "VERSION=$(php "vendor/bin/phpunit" --version | grep --only-matching --max-count=1 --extended-regexp '\b[0-9]+\.[0-9]+')" >> "$GITHUB_OUTPUT" | |
- name: "DEBUG: Show grabbed version" | |
run: echo ${{ steps.phpunit_version.outputs.VERSION }} | |
- name: 'PHPCS: set the path to PHP' | |
run: php "bin/phpcs" --config-set php_path php | |
# PHPUnit 9.3 started using PHP-Parser for code coverage, which can cause issues due to Parser | |
# also polyfilling PHP tokens. | |
# As of PHPUnit 9.3.4, a cache warming option is available. | |
# Using that option prevents issues with PHP-Parser backfilling PHP tokens during our test runs. | |
- name: "Warm the PHPUnit cache (PHPUnit 9.3+)" | |
if: ${{ steps.phpunit_version.outputs.VERSION >= '9.3' }} | |
run: php "vendor/bin/phpunit" --coverage-cache ./build/phpunit-cache --warm-coverage-cache | |
- name: "Run the unit tests with code coverage (PHPUnit < 9.3)" | |
if: ${{ matrix.os != 'windows-latest' && steps.phpunit_version.outputs.VERSION < '9.3' }} | |
run: php "vendor/bin/phpunit" | |
- name: "Run the unit tests with code coverage (PHPUnit 9.3+)" | |
if: ${{ matrix.os != 'windows-latest' && steps.phpunit_version.outputs.VERSION >= '9.3' }} | |
run: php "vendor/bin/phpunit" --coverage-cache ./build/phpunit-cache | |
- name: "Run select tests in CBF mode with code coverage (PHPUnit < 9.3)" | |
if: ${{ matrix.os != 'windows-latest' && steps.phpunit_version.outputs.VERSION < '9.3' }} | |
run: > | |
php "vendor/bin/phpunit" tests/AllTests.php | |
--group CBF --exclude-group nothing --coverage-clover build/logs/clover-cbf.xml | |
env: | |
PHP_CODESNIFFER_CBF: '1' | |
- name: "Run select tests in CBF mode with code coverage (PHPUnit 9.3+)" | |
if: ${{ matrix.os != 'windows-latest' && steps.phpunit_version.outputs.VERSION >= '9.3' }} | |
run: > | |
php "vendor/bin/phpunit" tests/AllTests.php --coverage-cache ./build/phpunit-cache | |
--group CBF --exclude-group nothing --coverage-clover build/logs/clover-cbf.xml | |
env: | |
PHP_CODESNIFFER_CBF: '1' | |
- name: "Run the unit tests which may have different outcomes on Windows with code coverage (PHPUnit < 9.3)" | |
if: ${{ matrix.os == 'windows-latest' && steps.phpunit_version.outputs.VERSION < '9.3' }} | |
run: php "vendor/bin/phpunit" --group Windows | |
- name: "Run the unit tests which may have different outcomes on Windows with code coverage (PHPUnit 9.3+)" | |
if: ${{ matrix.os == 'windows-latest' && steps.phpunit_version.outputs.VERSION >= '9.3' }} | |
run: php "vendor/bin/phpunit" --group Windows --coverage-cache ./build/phpunit-cache | |
- name: "Upload coverage results to Coveralls (normal run)" | |
if: ${{ success() }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
format: clover | |
file: build/logs/clover.xml | |
flag-name: os-${{ matrix.os }}-php-${{ matrix.php }}-custom-ini-${{ matrix.custom_ini }} | |
parallel: true | |
- name: "Upload coverage results to Coveralls (CBF run)" | |
if: ${{ matrix.os != 'windows-latest' && success() }} | |
uses: coverallsapp/github-action@v2 | |
with: | |
format: clover | |
file: build/logs/clover-cbf.xml | |
flag-name: cbf-os-${{ matrix.os }}-ubuntu-latest-php-${{ matrix.php }}-custom-ini-${{ matrix.custom_ini }} | |
parallel: true | |
coveralls-finish: | |
needs: coverage | |
if: always() && needs.coverage.result == 'success' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Coveralls Finished | |
uses: coverallsapp/github-action@v2 | |
with: | |
parallel-finished: true |