diff --git a/.github/workflows/code-style.yml b/.github/workflows/code-style.yml index 99e2fce..67bf8a4 100644 --- a/.github/workflows/code-style.yml +++ b/.github/workflows/code-style.yml @@ -1,12 +1,20 @@ name: Code Style on: [pull_request] + +permissions: {} + jobs: phpcs: name: phpcs runs-on: ubuntu-latest + permissions: + code-quality: write + steps: - name: Check out code into the workspace - uses: actions/checkout@v2 + uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install php uses: shivammathur/setup-php@v2 @@ -16,29 +24,26 @@ jobs: - name: Install dependencies run: composer update --dev --no-interaction --prefer-dist --no-progress --no-suggest --ansi - - name: PHPCS check - uses: chekalsky/phpcs-action@v1 - with: - phpcs_bin_path: './vendor/bin/phpcs' - enable_warnings: true + - name: Run phpcs + run: ./vendor/bin/phpcs -q --report=checkstyle src phpstan: name: phpstan runs-on: ubuntu-latest steps: - name: Check out code into the workspace - uses: actions/checkout@v2 + uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install php uses: shivammathur/setup-php@v2 with: php-version: "7.4" + tools: phpstan - name: Install dependencies run: composer update --dev --no-interaction --prefer-dist --no-progress --no-suggest --ansi - - name: Require phpstan - run: composer require --dev phpstan/phpstan:"~2.1.56" --no-interaction - - name: Run phpstan - run: php ./vendor/phpstan/phpstan/phpstan.phar analyse --no-progress \ No newline at end of file + run: phpstan analyse --no-progress \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e0bbb05..7126882 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,35 +7,39 @@ on: name: Create release +permissions: {} + jobs: build: name: Create release runs-on: ubuntu-latest + + permissions: + packages: write + contents: write + steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v6 with: ref: ${{ github.head_ref }} + - name: Replace version constant run: | - sed -i "s/VERSION\s*=\s*[^;]*/VERSION = '${{ github.event.inputs.version }}'/g" ./src/Fpdi.php ./src/Tcpdf/Fpdi.php ./src/Tfpdf/Fpdi.php + sed -i "s/VERSION\s*=\s*[^;]*/VERSION = '${NEW_VERSION}'/g" ./src/Fpdi.php ./src/Tcpdf/Fpdi.php ./src/Tfpdf/Fpdi.php + env: + NEW_VERSION: ${{ github.event.inputs.version }} + - name: Commit and push version constant update - uses: stefanzweifel/git-auto-commit-action@v4 + uses: stefanzweifel/git-auto-commit-action@v7 with: commit_message: Updated version constant push_options: --force - - name: Declare actual commit sha - id: actual_commit_sha - shell: bash - run: echo "::set-output name=sha::$(git rev-parse HEAD)" - name: Create Release id: create_release - uses: actions/create-release@v1 + run: | + gh release create --draft --title "FPDI ${title}" "v${tag}" env: + NEW_VERSION: ${{ github.event.inputs.version }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - commitish: ${{ steps.actual_commit_sha.outputs.sha }} - tag_name: v${{ github.event.inputs.version }} - release_name: FPDI ${{ github.event.inputs.version }} - draft: true \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 13e76c0..0ba773f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,5 +1,8 @@ name: Tests on: [pull_request] + +permissions: {} + jobs: tests: name: Run PHP Unit tests @@ -9,7 +12,9 @@ jobs: php: ['7.2', '7.3'] steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install mupdf and imagemagick run: sudo apt-get install mupdf-tools imagemagick @@ -18,6 +23,7 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: "${{ matrix.php }}" + coverage: none - name: Install dependencies run: composer update --dev --no-interaction --prefer-dist --no-progress --no-suggest --ansi @@ -34,7 +40,9 @@ jobs: php: ['7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5'] steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install mupdf and imagemagick run: sudo apt-get install mupdf-tools imagemagick @@ -43,6 +51,7 @@ jobs: uses: shivammathur/setup-php@v2 with: php-version: "${{ matrix.php }}" + coverage: none - name: Upgrade phpunit run: composer require --dev --with-all-dependencies "phpunit/phpunit=^9.0" diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index accf070..284c4a9 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -2,7 +2,7 @@ name: GitHub Actions Security Analysis with zizmor 🌈 on: push: - branches: ["main"] + branches: ["master"] pull_request: branches: ["**"] @@ -14,11 +14,9 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files. - contents: read # Only needed for private repos. Needed to clone the repo. - actions: read # Only needed for private repos. Needed for upload-sarif to read workflow run info. steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@v6 with: persist-credentials: false diff --git a/.github/zizmor.yml b/.github/zizmor.yml new file mode 100644 index 0000000..2fe494c --- /dev/null +++ b/.github/zizmor.yml @@ -0,0 +1,3 @@ +rules: + unpinned-uses: + disable: true