actions/setup-php
1
0
Fork 0
mirror of https://github.com/shivammathur/setup-php.git synced 2026-05-24 13:58:39 +07:00
Code Issues Packages Projects Releases Wiki Activity

Harden GitHub Actions workflows

Browse Source
This commit is contained in:
Shivam Mathur
2026-05-15 23:56:20 +05:30
parent 5825be4b77
commit deb2299a77
6 changed files with 82 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/codeql.yml vendored
View File

@@ -5,9 +5,13 @@ on:
- cron: '0 15 * * 6'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
codeql:
name: CodeQL Analysis
if: github.event.repository.fork == false
permissions:
actions: read # for github/codeql-action/init to get workflow details
@@ -16,18 +20,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 2
persist-credentials: false
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4
with:
config-file: ./.github/codeql/codeql-configuration.yml
languages: javascript
- name: Autobuild
uses: github/codeql-action/autobuild@v4
uses: github/codeql-action/autobuild@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4

30
.github/workflows/docs.yml vendored
View File

@@ -5,12 +5,15 @@ on:
- cron: '0 15 * * 6'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
create:
if: github.event.repository.fork == false
permissions:
contents: none
contents: none # this job only prepares artifacts and uploads them, no repository writes
name: Create
runs-on: ${{ matrix.operating-system }}
strategy:
@@ -20,7 +23,7 @@ jobs:
php-versions: ['5.3', '5.4', '5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5', '8.6']
steps:
- name: Setup PHP
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # v2
with:
php-version: ${{ matrix.php-versions }}
tools: none
@@ -39,7 +42,7 @@ jobs:
run: |
php -m | Out-File -FilePath "$env:file.all" -Append
- name: Setup PHP
uses: shivammathur/setup-php@v2
uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # v2
with:
php-version: ${{ matrix.php-versions }}
extensions: none
@@ -72,7 +75,7 @@ jobs:
version: ${{ matrix.php-versions }}
if: matrix.operating-system == 'windows-2022'
run: |
Write-Output "## PHP ${{ matrix.php-versions }}`n" | Out-File -FilePath "$env:file"
Write-Output "## PHP $env:version`n" | Out-File -FilePath "$env:file"
Write-Output "``````" | Out-File -FilePath "$env:file" -Append
php -m | Out-File -FilePath "$env:file.builtin" -Append
Get-Content "$env:file.all" | ForEach-Object {
@@ -88,7 +91,7 @@ jobs:
Remove-Item "$env:file.all" -Force
Remove-Item "$env:file.builtin" -Force
- name: Upload artifacts
uses: actions/upload-artifact@v7
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
with:
name: lists-php${{ matrix.php-versions }}-${{ matrix.operating-system }}.md
path: php${{ matrix.php-versions }}-${{ matrix.operating-system }}.md
@@ -101,19 +104,23 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
repository: ${{ github.repository }}.wiki
persist-credentials: false
- name: Download artifacts
uses: actions/download-artifact@v8
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
with:
path: ${{ github.workspace }}/lists
pattern: lists-*
merge-multiple: true
- name: Configure Git
env:
GIT_USER_EMAIL: 41898282+github-actions[bot]@users.noreply.github.com
GIT_USER_NAME: github-actions[bot]
run : |
git config --local user.email "${{ secrets.email }}"
git config --local user.name "${{ github.repository_owner }}"
git config --local user.email "$GIT_USER_EMAIL"
git config --local user.name "$GIT_USER_NAME"
- name: Combine
run: |
for os in ubuntu-24.04 ubuntu-22.04 windows-2025 windows-2022 windows-2019 macos-13 macos-14 macos-15 macos-26; do
@@ -130,9 +137,12 @@ jobs:
done
rm -rf ./lists
- name: Update
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WIKI_REPOSITORY: ${{ github.repository }}
run: |
if [ "$(git status --porcelain=v1 2>/dev/null | wc -l)" != "0" ]; then
git add .
git commit -m "Update PHP extensions on wiki - $(date +'%d-%m-%y')"
git push -f https://${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.wiki.git master || true
git push -f https://x-access-token:${GITHUB_TOKEN}@github.com/${WIKI_REPOSITORY}.wiki.git master || true
fi

11
.github/workflows/node.yml vendored
View File

@@ -18,10 +18,14 @@ on:
- 'examples/**'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
run:
name: Run
environment: codecov
runs-on: ${{ matrix.operating-system }}
strategy:
fail-fast: false
@@ -29,12 +33,13 @@ jobs:
operating-system: [ubuntu-latest, windows-latest, macos-latest]
steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
fetch-depth: 2
persist-credentials: false
- name: Setup Node.js 24.x
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: 24.x
@@ -54,7 +59,7 @@ jobs:
run: npm audit
- name: Send Coverage
uses: codecov/codecov-action@v6
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: coverage/lcov.info

21
.github/workflows/php.yml vendored
View File

@@ -19,8 +19,11 @@ on:
- 'examples/**'
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
default-php-version: '8.2'
default-php-version: '8.5'
jobs:
run:
name: Run
@@ -39,18 +42,20 @@ jobs:
key: cache-v5
steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Setup cache environment
id: cache-env
uses: shivammathur/cache-extensions@develop
uses: shivammathur/cache-extensions@256729b5fef535345e27904657f78048c0990f81 # v1
with:
php-version: ${{ matrix.php-versions || env.default-php-version }}
extensions: ${{ env.extensions }}
key: ${{ env.key }}
- name: Cache extensions
uses: actions/cache@v5
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
with:
path: ${{ steps.cache-env.outputs.dir }}
key: ${{ steps.cache-env.outputs.key }}
@@ -58,8 +63,10 @@ jobs:
- name: Stage php-version-file
if: ${{ matrix.php-version-file == 'php-version-file' }}
env:
DEFAULT_PHP_VERSION: ${{ env.default-php-version }}
run: |
echo ${{ env.default-php-version }} > php-version-file
echo "$DEFAULT_PHP_VERSION" > php-version-file
- name: Setup PHP with extensions and custom config
run: node dist/index.js
@@ -70,9 +77,11 @@ jobs:
ini-values: post_max_size=256M, short_open_tag=On, date.timezone=Asia/Kolkata
- name: Testing PHP version
env:
EXPECTED_PHP_VERSION: ${{ matrix.php-versions || env.default-php-version }}
run: |
php -v
php -r "if(strpos(phpversion(), '${{ matrix.php-versions || env.default-php-version }}') === false) {throw new Exception('Wrong PHP version Installed');}"
php -r '$expected = getenv("EXPECTED_PHP_VERSION"); if(strpos(phpversion(), $expected) === false) {throw new Exception("Wrong PHP version Installed");}'
- name: Testing Composer version
run: |

27
.github/workflows/publish.yml vendored
View File

@@ -10,29 +10,39 @@ on:
tag:
description: Tag name
required: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
name: Build and Publish
permissions:
contents: read
packages: write
id-token: write
contents: read # for actions/checkout
packages: write # For publishing to GitHub Packages
id-token: write # For authentication with npm registry
runs-on: ubuntu-latest
steps:
- name: Checkout release
if: github.event_name != 'workflow_dispatch'
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
persist-credentials: false
- name: Checkout tag
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
if: github.event_name == 'workflow_dispatch'
with:
ref: ${{ github.event.inputs.tag }}
persist-credentials: false
- name: Setup Node.js
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: '24.x'
registry-url: https://registry.npmjs.org
package-manager-cache: false
- name: Install dependencies and add lib
run: |
@@ -45,9 +55,10 @@ jobs:
run: npm publish --access public
- name: Change to GitHub Packages registry
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
registry-url: https://npm.pkg.github.com
package-manager-cache: false
scope: '@shivammathur'
- name: Patch package.json